web analytics



Jeffrey Carr – Principal Consultant

The 20K League was founded in 2016 by international cybersecurity consultant, author, and researcher Jeffrey Carr. Jeff was the founder and principal investigator of Project Grey Goose (an investigation into the Russian government’s role in cyber attacks against the Georgian government during the 2008 war), the author of Inside Cyber Warfare (2009 and 2011 editions), and the founder of the Suits and Spooks security collision (a two day event held in Washington D.C., London, New York, and other cities since 2011). During his career as a cybersecurity consultant, Jeff has acted as a trusted third-party advisor for the in-house security teams at multinational corporations in the defense, telecommunications, and media sectors and has provided post-breach remediation advice and vulnerability assessments for many Fortune 1000 companies. He has worked as a contract subject matter expert for the Central Intelligence Agency’s Open Source Center; provided day-long workshops at the U.S. Army War College, Chief of Naval Operations Strategic Study Group, Defense Intelligence Agency; and participated as one of the experts interviewed by Dr. David Bray and his team for the National Commission for the Review of the Research and Development Programs of the U.S. Intelligence Community.



The 20K League is a geographically distributed team of veteran cybersecurity professionals with diverse backgrounds who come together as needed to support 20K league clients’ security needs. The name 20K League is inspired by the famous Jules Verne novel Twenty Thousand Leagues Under The Sea. In many ways, our digitally connected world is an unknown, mysterious and sometimes dangerous environment for the companies and individuals who live and work in it. The 20K League’s mission is to help elite medical and legal practices and other targeted sectors with high value sensitive data avoid the maelstrom.
The first step in hardening your network against attack is to determine how much of a target your practice is to bad actors. One of our consultants will come to your office, evaluate your current network against your value to an adversary, and provide a written cyber risk assessment with recommendations.
Employee security awareness training is a critical part of our offering. The easiest way in to any network is by tricking a company employee to click on a link or open an attachment.
Does your practice include patients in foreign countries? Do you maintain offices internationally? Do you travel frequently? If your answer to any of those questions is yes, then your risk factors for a breach have just gone up. We can provide you with due diligence on your relationships overseas, add that to the risk calculus for your practice, and provide a custom mitigation strategy going forward.
As trusted, independent advisors, we can help you save money when purchasing cybersecurity products and services.