The Team House NSA "Red Team" Hacker | Jeff Man (throwback episode)
Apr 23, 2026
Jeff Man, a former NSA cryptanalyst and member of the agency’s first penetration testing red team, shares stories from building crypto gear for Special Forces to automating one-time pads. He recounts creating NSA’s pen-testing practice, early attack and recon techniques, legal and cultural hurdles inside the agency, and practical defense tips like multi-factor and strong passphrases.
AI Snips
Chapters
Books
Transcript
Episode notes
Fix Key Management And Processes Before Chasing Crypto Math
- When defending systems, prioritize people/process changes and secure key management over chasing perfect algorithms.
- Jeff recounts NSA attacking implementations and stealing keys rather than breaking crypto itself, stressing operational weaknesses.
NSA's Response To PGP Was Key-Theft, Not Crypto Break
- In the early 90s NSA ran an all-hands push to attack PGP after customers asked to use it, producing an implementation/key-theft style attack.
- The team showcased stealing keys via crafted documents rather than breaking the crypto algorithm itself.
Founding The PIT Red Team At NSA
- Jeff co-founded NSA's first formal penetration testing/red team (the PIT) in the early 90s inside the Systems and Network Attack Center.
- The PIT evolved from fielded systems testing into a center of excellence for vulnerability and threat assessment.
