About Karen

Karen Scarfone has worked in IT for over 25 years, with 20 years of that dedicated to information security and security publication development. Before forming Scarfone Cybersecurity, Karen was a Senior Computer Scientist at the National Institute of Standards and Technology (NIST), where she oversaw the development of dozens of system and network security publications for federal civilian agencies and the public. For her body of work of cybersecurity publications, Karen was named a Fed 100 winner, and the US Department of Commerce awarded her a Bronze Medal and a Gold Medal. In addition to her federal publications, she has also co-authored two books and contributed to several others.

Karen has a unique combination of skills: technical, writing, and consulting. She has several years' experience in federal and commercial consulting for firms such as Booz Allen Hamilton and EDS. She holds bachelor's and master's degrees in computer science, and a master's degree in technical writing. Karen also has several years of operational experience, which gives her a well-grounded understanding of how the pieces of security truly work in enterprise environments.

Scarfone Head Shot 20181016 orig.jpeg
Specialty Topic Areas


Karen is a recognized expert in many areas of security. Topics that she frequently writes on include the following:

+ Access Control

+ Cloud Security

+ Endpoint Security (including mobile device security)

+ Incident Response

+ Internet of Things

+ Intrusion Prevention Systems

+ Log Management and SIEM Technologies

+ Network Security

+ Storage Encryption

+ Telework Security (including VPNs)

+ Threat Intelligence

+ Vulnerability Analysis and Metrics

+ Wireless Network Security

More Information


For more information on Karen's experience and accomplishments, including links to all her online publications, see the following:

+ Resume

+ LinkedIn Profile

+ ResearchGate Profile

+ Google Scholar

+ TechTarget Author Page

+ Contently Portfolio