SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  The first round of Speaker Selections have been announced!  Second Round selections are currently underway. 

	Mohammad Akif		HD Moore
	Reza Alirezaei		Deviant Ollam
	James Arlen		Tatiana Outkina
	David Bryan		Nick Owen
	Brian Contos		Meredith L. Patterson
	Marisa Fagan		John W. Pirc
	Lior Frenkel		Garry Pejski
	Pete Herzog		Nicholas Percoco
	Chris Hoff		Christopher Pogue
	Jibran Ilyas		Subu Ramanathan
	Samy Kamkar		Andrés Pablo Riancho
	Sahba Kazerooni		Mike Rothman
	Mike Kemp		Ben Sapiro
	Jason Lam		Len Sassaman
	Zach Lanier		Charlie Shields
	Rafal Los		Michael Smith
	Derek Manky		Eldon Sprickerhoff
	Adam Meyers		Mike Zusman

Mohammad Akif is the National Security and Privacy Lead for Microsoft. He has worked in the industry for over 15 years and has published a number of books and articles. Mohammad spends a significant amount of time working with Microsoft’s major customers in the financial, energy, healthcare and public sectors to help improve their security postures and refocus their IT security departments away from yesterday’s threats and onto the modern threat landscape. He is a frequent speaker at security conferences in Canada and worldwide.

top

Reza Alirezaei is an author and SharePoint MVP, focused on building custom solutions on the top of SharePoint, Office, and Microsoft Business Intelligence platforms. As a technical leader with over 10 years of experience in software, he has helped many development teams architect and build large-scale, mission-critical applications. In addition to consulting, Reza is an instructor and speaker. He speaks in many local and international conferences. Reza frequently blogs at http://blogs.devhorizon.com/reza

top

James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

top

David M. N. Bryan of Trustwave’s SpiderLabs
David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of Twincities Makers group, and participates in the Minneapolis OWASP chapter.

top

Mr. Contos has over 15 years of security engineering and management expertise. He has worked throughout North and South America, Europe, the Middle East, and Asia. At McAfee he advises government organizations and G2000s on security strategy. He has written two books including Enemy at the Water Cooler – Real Life Stories of Insider Threats, and Physical and Logical Security Convergence which he co-authored with former NSA Deputy Director William Crowell. He has delivered speeches at industry events like RSA, Interop, OWASP, CSI, ISACA, ISSA, InfraGard and eCrime. He is often quoted by business and industry press, and has written articles for Forbes, NY Times, London Times, Computerworld, and many others. He was formerly the Chief Security Strategist for Imperva, the Chief Security Officer for ArcSight, and has held management and engineering positions at Riptech, Bell Labs, Tandem Computers, and DISA.

top

Marisa Fagan is a Security Project Manager, responsible for managing security research and consulting engagements. She specializes in rapid development of network security tools and is recognized for her research in threat modeling and identity theft. Ms. Fagan has presented her work at SummerCon 2009 in Atlanta, Georgia and at SecurityBSides 2009 in Las Vegas, Nevada. Additionally, Ms. Fagan is active in the information security community through the Atlanta Chapter of NAISG.

top

Lior brings to Waterfall Security Solutions over 15 years of large scale software and hardware research and development expertise, combined with vast business capabilities and experience. In 2001 Lior Co-Founded Gita Technologies Ltd, a high-end security research and development company, which provides unique solutions for the defense and military markets. In 2005 Lior led the development and business activities of the Waterfall product line, which evolved and was eventually spanned off to become a stand-alone company, leading the market of unidirectional security gateways. Lior holds a B.Sc. in Computer Science and Statistics from Bar-Ilan University.

top

Peter co-Founded ISECOM, an open, non-profit, research organization with over 7000 members, www.isecom.org, created OSSTMM (version 3 to be released early June),  created Hacker Highschool, www.hackerhighschool.org and has created the Bad People Project, www.badpeopleproject.org .

top

Chris Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.

Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco,he was Unisys Corporation’s Systems & Technology Division’s Chief Security Architect. Additionally, he served as Crossbeam Systems'’ Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at http://www.rationalsurvivability.com/blog. Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005.

top

Jibran Ilyas, is a Senior Forensic Investigator at Trustwave's SpiderLabs. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. He has investigated some of nations largest data breaches and is a regular contributor for published security alerts through his research. He has 7 years experience and has done security research in the area of computer memory artifacts. Jibran has presented talks at security conferences (DEFCON, SecTor) in the area of Computer Forensics and Cyber Crime. Jibran is also a regular guest lecturer at DePaul and Northwestern University. Prior to joining SpiderLabs, Jibran was part of Trustwave's SOC where he helped Fortune 500 clients with their Security Architectures and deployments. Jibran holds a Bachelors of Science degree from Depaul University and Masters degree in Information Technology Management from Northwestern University.

top

Samy Kamkar is best known for the Samy worm, the first XSS worm, infecting over one million users on MySpace in less than 24 hours. A co-founder of Fonality, Inc., an IP PBX company, Samy previously led the development of all top-level domain name server software and systems for Global Domains International (.ws).

In the past 10 years, Samy has focused on evolutionary and genetic algorithmic software development, Voice over IP software development, automated security and vulnerability research in network security, reverse engineering, and network gaming. When not strapped behind the Matrix, Samy can be found stunt driving and getting involved in local community service projects.

top

Sahba Kazerooni is a Principal Consultant at Security Compass, a consulting and training firm specializing in application security. At Security Compass he harvests his blend of development and security knowledge in threat modeling, runtime security assessment, and source code review of client applications while at the same time leveraging his field experience to deliver Security Compass' one-of-a-kind training curriculum. Sahba is also an internationally-renowned speaker on security topics. He has presented at conferences around the world; he delivers Java secure coding training at the SANS Institute; and he has also provided numerous presentations through ISC2 to their elite network of certified information security professionals.

top

Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Hawaii, New York, Los Angeles, Warsaw, Prague, Holland, Zagreb and London (on subjects as diverse as virtualisation, malware, and why the government suck), and is always keen to embarass himself in new and exotic locales.

top

Jason Lam is an experienced information security professional who is actively involved in the global security community. He frequently speaks at various security events preaching information security to IT professionals with the hopes of improving the current state of the information security field. Jason also has heavy involvement in the SANS Institute, the most trusted organization in information security. He has written multiple courseware for SANS and is also involved in the GIAC certification process which certify information security professionals.

top

Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. He has performed security assessments for numerous clients, including Fortune 500 companies and higher education institutions. Prior to joining Intrepidus Group’s professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach has also presented at the MIS Training Institute's InfoSec World, IT Security World, and FinSec conferences, as well as Boston-area security professionals' groups, on topics such as open source security tools, security in virtualized environments, and vulnerability disclosure.

top

Rafal "Raf" Los, is a web application security evangelist for the HP Software & Solutions business at HP. Los is responsible for bridging the gaps between security technologies and business needs to reduce enterprise risks and create embedded, lasting solutions on behalf of the HP Application Security Center group. He has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. Additionally, Los helped to write the first release of the Open Web Application Security Project (OWASP) testing guide.

Prior to joining HP, Los led the web application security program and served as a security lead at General Electric (GE) Consumer Finance. Los also worked with GE Power systems, leading security engineering, architecture and building the web application security program. Before GE, Los helped build a service-oriented security consulting company and was among the first 25 employees in a successful financial-based startup, leading internet-facing systems and security management and architecture.

Raf received his B.S. in Computer Information Systems from Concordia University, River Forest, Ill.

top

Derek Manky has dedicated his career to security, research and education. He is an advocate of working from the ground up; understanding the drivers and methodologies of cyber crime and threats, then deriving defense strategies. Manky has presented his research world-wide at many security conferences, while educating and promoting cyber-security awareness. He has been recognized as a thought leader in the industry and featured numerous times in top tier publications, such as The Wall Street Journal.

As lead author of Fortinet's Threatscape Report, Manky blogs and regularly writes on breaking security developments. He designed the company’s responsible disclosure policies, which have been reliably used for years to report and disclose critical, zero-day vulnerabilities. To assist with his research, Manky has implemented automated systems and tools which provide information on threats and trends.

top

Adam Meyers is a Senior Principal with the National Products and Offerings Division of SRA International. Mr. Meyers serves as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provides both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers has extensive experience in Penetration Testing, Security Engineering and Architecture, Wireless Communication, and Reverse Code Engineering. Mr. Meyers is a recognized speaker who has presented on topics ranging from high level business solutions to deep technical training including industry conferences such as RSA, Source, and CSI. He currently supports the Department of State Bureau of Diplomatic Security leading a reverse engineering and cyber threat analysis team charged with investigation and mitigation.

top

HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

top

While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant is also member of the Board of Directors of the US division of TOOOL, The Open Organization of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point.

top

As a former consultant with TELUS Security Services, Tatiana Outkina has delivered information security development methodology and processes, technical leadership, business fundamentals expertise and training to members of TELUS and to their clientele. Tatiana brings her significant experience in system development to the task in creating and implementing the process which results in security as a built-in property of the software.

Tatiana has long term experience in computer system development with a strong focus on information security. In her 10+ years of IT security work she has worked for financial institutions and numerous private corporations. To date Tatiana has performed vulnerability and risk assessments, developed secure system development life cycle model, worked on security governance and threat modeling, followed by the secure system architecture and software security solutions.

Tatiana also teaches on software security and teaches part time base at Seneca College and Ryerson University.

top

Nick Owen is a co-founder and CEO of WiKID Systems, Inc. WiKID has created a unique dual-source two-factor authentication system that uses public-key cryptography instead of the typical shared-secrets found in most systems. WiKID Nick's fourth startup. Nick was also an Entrepreneur-in-residence at the Advanced Technology Development Center in Atlanta. He is a graduate of the University of Virginia with an MBA from the University of Georgia. Nick helped design and architect WiKID's two factor authentication system and mutual https authentication system. Nick is the author of most of WiKID's technical white papers, tutorials and has integrated two-factor authentication systems with solutions such as Apache, OpenVPN, Astaro, Cisco, F5, Netgear and others. Many of his tutorials can be found on http://www.howtoforge.net.

top

Meredith L. Patterson is an independent researcher whose areas of expertise range from CS-related topics such as database design, datamining algorithms, complexity theory, computational linguistics, information security, and privacy enhancing technology systems; to synthetic biology, design of transgenic organisms using low-cost, build-it-yourself lab equipment, human metabolic system studies; and speculative fiction as a published author of multiple short stories, mostly science fiction.

Meredith has a BA in Linguistics from the University of Houston, and a MA in Linguistics as well as an MS in Computer Science from the University of Iowa. She is a co-founder of the DIYBIO movement, and has done work on transgenic lactic acid bacteria. She co-invented the field of language theoretic security research, which she used to successfully defeat such troublesome attacks as SQL injection with her "Dejector" library. Most recently, she presented the Biopunk Manifesto at a UCLA synthetic biology conference, and presented her work with Dan Kaminsky and Len Sassaman on breaking the Internet's certificate authority system (by creating usable, bogus certificates crafted to exploit ambiguity in X.509 parsing implementations using language theoretic security analysis principles) at the Financial Cryptography 2010 conference.

Meredith lives in Leuven, Belgium. In her spare time, she knits, repairs cars, and hacks on open source software.

top

Garry Pejski has worked professionally as a developer for 13 years. During this time he has created online casinos, dating websites, pharmacy software and custom applications for the power industry. During a brief period, he also wrote malware for the bad guys. Currently he works is a Technical Manager at Matrikon (now part of Honeywell), where he has been a part of numerous NERC CIP security projects.

top

Nicholas J. Percoco is the head of SpiderLabs at Trustwave -the advanced security team that has performed more than 750 cyber forensic investigations globally, thousands of penetration and application security tests for Trustwave clients. In addition, his team is responsible for the security research that feeds directly into Trustwave's products and services through real-time intelligence gathering. He has more than 15 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia including security conferences such as Black Hat, DEFCON, SecTor and You Sh0t the Sheriff. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems. Nicholas holds a Bachelor of Science in Computer Science from Illinois State University.

top

TBD

top

Chris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He as over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Services Team, five years with IBM’s Ethical Hacking Team, and 13 years of Active Military service in the US Army Signal Corps. During his professional career, Chris worked with some of the largest organizations in the world. Chris is also a former US Army Warrant Officer and has worked with the Army Reserve Information Operations Command on Joint Task Force missions with the National Security Agency, Department of Homeland Security, Regional Computer Emergency Response Team- Continental United States, and the Joint Intelligence Center-Pacific. Chris attended Forensics training at Carnegie Mellon University in Pittsburgh, Pennsylvania, and was the ARIOC primary instructor for UNIX, Networking, and Incident Response for all CMU sponsored courses. Chris also has worked with local, state, and federal law enforcement agencies such as the Broken Arrow Police Department, The Coral Springs Police Department, The Sandy Springs Police Department, The New York Police Department, The Federal Bureau of Investigation, the Royal Canadian Mounted Police, and The United States Secret Service to help pursue the digital evidence left behind by criminals of all types. His efforts have lead to arrests and convictions in Oklahoma, New York, Florida, and Munich, Germany. Chris has given presentations on Cyber-Crime and digital forensics at SANS, The Computer Forensics Show, SecTor, The Direct Response Forum, and The USSS Electronic Crimes Task Force Conference. Chris holds a Bachelor's Degree in Business Management, a Master’s degree in Information Security, is a Certified Information Systems Security Professional, (CISSP), a Certified Ethical Hacker (CEH), a Certified Reverse Engineering Analyst (CREA), a GIAC Certified Forensics Analyst (GCFA), and a VISA PCI DSS Qualified Security Assessor (QSA). Chris is also the primary author of the book, “Unix and Linux Forensic Analysis”, from Syngress/Elsevier. Chris’s book is currently being used as a textbook at Saginaw Valley State University and Illinois State University for their computer forensics courses.

top

Subu Ramanathan is a security consultant with Security Compass. With his wide array of experience in application vulnerability assessments, penetration testing and source code review, Subu plays a valuable part in Security Compass’s Software Assessment Service practice. With reinforced fundamentals in software development, Subu brings to the table sound understanding of the Software Development Life Cycles (SDLC). Subu is also involved in developing content for various JAVA based, developer focused security training courses including one offered by SANS institute.

Prior to Security Compass his professional experiences included working on Windows Vista graphic driver quality assurance team at Advanced Micro Devices. During this period he played an integral part in devising and developing a whole range of testing suites to widen the scope of driver quality.

Subu joined Security Compass after finishing his Computer Engineering degree at University of Toronto (UofT). During his years at UofT, his primary areas of specialization included advanced SDLC research, software and network security.

top

Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like SecTor (Canada), FRHACK (France), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

top

Mike Rothman, Analyst & President, Securosis Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he's one of the guys who "knows where the bodies are buried" in the space.

Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike left META in 1998 to found SHYM Technology, a pioneer in the PKI software market, and then held senior roles at CipherTrust and TruSecure -- providing experience in marketing, business development, and channel operations for both product and services companies. After getting fed up with vendor life, he started Security Incite in 2006 to provide the voice of reason in an over-hyped yet underwhelming security industry.

After taking a short detour as Senior VP, Strategy and CMO at eIQnetworks to chase shiny objects in security and compliance management, Mike joins Securosis with a rejuvenated cynicism about the state of security and what it takes to survive as a security professional.

Mike published "The Pragmatic CSO" in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional. He also possesses a very expensive engineering degree in Operations Research and Industrial Engineering from Cornell University. His folks are overjoyed that he uses literally zero percent of his very expensive education on a daily basis. He can be reached at mrothman (at) securosis (dot) com.

top

Ben Sapiro - Research Director, Security Practices at TELUS Security Labs - is a reformed security consultant with a background in secure software with a passing interest in federation and identity management.

Before focusing on security research, Ben worked for over ten years as a security consultant with global clients in North America, Europe, the Middle East and Asia. Ben's security experience includes security audits, ethical hacking, infrastructure work, threat modeling, secure development, secure architecture, social engineering and application testing.

In his spare time, Ben participates in Cloud Audit Working Group, an emerging cloud security standard.

top

Len is a doctoral student in Electrical Engineering. His research is centered around the topic of privacy enhancing technologies. In particular, He is focused on both attacking and defending anonymous communication systems, exploring the applicability of information-theoretic secure systems for privacy solutions, and designing protocols which satisfy the specific needs of the use case for which they are applied. He has a very strong interest in the real-world applicability of his work; while some of what Len does is pure theory, he has always held the belief that if a system cannot be implemented easily or be easily understood by the implementers, its utility is limited. Similarly, he believes that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. Thus, Len follows closely the fields of HCI and Applied Programming as well as Information Theory, Cryptography, and Anonymity.

top

TBD

top

Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfils a cross-functional role as a liaison between security, sales, product management, compliance, engineering, professional services, and marketing.

Prior to joining Akamai, Mr Smith served as an embedded security engineer, security officer for a managed service provider, and security assessment team lead. He is an adjunct professor for Carnegie Mellon University and teaches through the non-profit Potomac Forum.

top

TBD

top

Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike also speaks and teaches about information security at NYU/Polytechnic University. Mike brings 11 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.

top