Drew Varner

GIAC exploit researcher & advanced penetration tester

An Erlang and Elixir enthusiast trying to bring functional to Federal. Drew is a GIAC Exploit Researcher & Advanced Penetration Tester.

Drew is the founder of NineFX, a software firm focused on the US Federal market. He has worked professionally as an Erlang software engineer for the last five years.


Past Activities

Drew Varner
Code BEAM SF 2019
01 Mar 2019
15.20 - 15.45

FIPS 140-2 in BEAM apps

Erlang's crypto module has supported a "FIPS mode" since release 20.0. Drew will discuss why you may care about FIPS 140-2 encryption, ways to integrate it into your tests suites and gotchas to compliance. He will discuss how simply putting crypto in FIPS mode is not enough.

Learn how dependencies and built-in libraries can sneak non-FIPS crypto into your application. Drew will also cover some general techniques to detect security issues in your code.


  • Familiarize audience with FIPS 140-2 cryptography mode and why they may care about it
  • Provide examples of how to validate a BEAM application's compatibility with FIPS 140-2 mode enabled


  • Software vendors that have the US Federal government as a potential customer
  • Software developers looking to validate that their application runs without dependencies on insecure cryptographic algorithms