Past Events



Sesssions


- Expo Theatre (Hall G) '

Realize More Value From Your Existing security Tools

Dave Millier will talk about leveraging information gathered from various sources (security and system logs, reports, processes, and directly from people), and turning them into meaningful reports and dashboards that can be used to track compliance around various standards and regulations, including PCI, CobiT, SOX, NERC CIP, and others. Rather than focusing on any particular […]

Sponsor Track
Dave Millier
- Expo Theatre (Hall G) '

BLINDELEPHANT: Web Application Fingerprinting with Static Files

Well-known web applications are used for many purposes such as blogging, forums, e-commerce, database management, email and myriad others. Vulnerabilities in these applications (and their plugins) are discovered at an accelerated rate and are abused for site defacement and increasingly to serve malware. Website administrators need to keep track of the versions of these web […]

Turbo
Patrick Thomas
- Expo Theatre (Hall G) '

Inside the Malware Industry

Not much is known about the malware industry and how it makes money. This talk will break the silence and expose the shady techniques used to create and spread this software, all from the perspective of someone who worked there.

Tech
Garry Pejski
- Expo Theatre (Hall G) '

A Day in the life of APT

The term ‘Advanced Persistent Threat” has dominated the cyber security world for the last several years. This marketing construct is designed to describe a real and widespread threat, but seems to cause confusion and mockery. This presentation will cut through marketing hyperbole to walk through an attack by a sophisticated actor demonstrating the tools and […]

Sponsor Track
Adam Meyers
- Expo Theatre (Hall G) '

Smashing the stats for fun and profit v.2010

“Smashing the stats for fun and profit v.2010” (or how to convince your boss to spend properly on security) We all know that security vulnerabilities need to be fixed but it can be hard to convince your employer that you deserve a budget so you can do your job properly. Using research from the 2010 […]

Management
Ben Sapiro
- Expo Theatre (Hall G) '

Malware Freakshow 2010

We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year’s DEFCON talk, we want to dive deeper and bring you the most interesting samples from around the world – including one […]

Tech
Nicholas J. Percoco
Jibran Ilyas
- Expo Theatre (Hall G) '

Beyond Aurora’s Veil: A Vulnerable Tale

In 2009, the Conficker worm was dissected by researchers, and then fried by the spotlight on a worldwide stage. One year later, we saw the Aurora assaults similarly glow in the headlines. Defense was tense against these two nasties – yet, in each case, easily circumvented by two potent zero-day exploits that crept in from […]

Sponsor Track
Derek Manky
- Expo Theatre (Hall G) '

Mastering Trust: Hacking People, Networks, Software, and Ideas.

Why can’t we make the right decision all the time? Our sense of trust is broken. Lies, deceit, fraud, and insinuations make up a large part of crime for a reason. We are bad at trust. It’s in our biology. It’s why we sometimes make the wrong friends, date the wrong people, buy the wrong […]

Management
Pete Herzog
- Expo Theatre (Hall G) '

Metasploit Tips and Tricks

There are tons of tutorials to get started with Metasploit but have you ever wanted some tips to help use the framework more efficiently? This presentation will cover some tricks to help get the most out of Metasploit. You will see demonstrations and learn how to build payloads within Metasploit, use the database effectively, pivot […]

Tech
Ryan Linn
- Expo Theatre (Hall G) '

Unidirectional Connectivity as a Security Enabler for SCADA and Remote Monitoring Applications

Network segregation (also called “air-gapping”) is considered a foolproof method for protecting networks from external attacks or from data theft/leakage. Unfortunately, employing this method mandates users to forego all benefits of connectivity; hence this method is not acceptable today as a viable security means. Unidirectional connectivity, hardware enforced over all layers of communications, is an […]

Sponsor Track
Lior Frenkel
- Expo Theatre (Hall G) '

How Many Vulnerabilities? And Other Wrong Questions

At every security conference there’s always a group of people asking which is more secure, Windows or Mac, Apache or IIS, IE, Chrome or Firefox. Viewing security solely as a question of vulnerabilities is liking judging a bread solely on how many slashes the baker put on top of it. It just doesn’t matter. It’s […]

Management
David Mortman
Dave Lewis
Zach Lanier
- Expo Theatre (Hall G) '

Google’s approach to malware on the web

This talk looks at how Google searches for malware on the web, and how those findings are made available through the public SafeBrowsing API. We will describe the mechanisms by which malware is generally distributed, and how Google detects infected and malicious websites. Finally, we will discuss some of the newer trends we have seen […]

Tech
Fabrice Jaubert
- Expo Theatre (Hall G) '

Do it yourself – Security Assessments made easy and FREE

With the continuing changing threat landscape and continuous demands on compliance to regulatory standards, InfoSec Administrators are continuously playing catch-up to keep their systems safe – John will show you 5 easy ways to assess your systems while staying within your zero budget.

Sponsor Track
John Andreadis
- Expo Theatre (Hall G) '

SDL Light: A practical Secure Development Lifecycle for the rest of us

Security companies are beginning to attack the problem of software vulnerabilities at the source, the development process. Secure coding programs like Microsoft SDL, OWASP SAMM, and BSIMM save the organization money and time by taking the bugs out at the beginning, and avoid costly incident response nightmares. Chris Wysopal, CTO at Veracode, says “Many of […]

Management
Marisa Fagan
- Expo Theatre (Hall G) '

IPv6, for worse or better

It is about to happen: the long promised upgrade from IPv4 to IPv6 is on our doorstep. The initial reason for this change of the Internet’s layer 3 protocols was to head off the projected 2010-2012 depletion of IPv4 reported back in 1994. As a stop-gap method until IPv6 was fully deployed, the Internet Engineering […]

Tech
Joe Klein
- Expo Theatre (Hall G) '

Crime & Carelessness: Gaps that Enable the Theft of Your Most Sensitive Information

“Information is power and money. Our professional lives revolve around building, inventing and working with more valuable information. How we protect and manage this information is core to the success of our economy, organizations, corporations and our personal lives. In this presentation we will explore how a criminal industry now larger than the international drug […]

Sponsor Track
Ryan Boudreau
- Expo Theatre (Hall G) '

Gates, Guards, and Gadgets: An Introduction to the Physical Security of IT

We’re all familiar with using a defense-in-depth strategy when planning information security, but none of that matters if I can take your datacenter and load it into my truck! Join Kai Axford, a Certified Protection Professional (CPP), as he looks at the various aspects of physical security, such as barrier planning, IP surveillance, lock selection […]

Management
Kai Axford
- Expo Theatre (Hall G) '

CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity

Mass-market, low-cost, commodity infrastructure-as-a-Service Cloud Computing providers abstract away compute, network and storage and deliver hyper-scaleable capabilities. This “abstraction distraction” has brought us to the point where the sanctity and security of the applications and information transiting them are dependent upon security models and expertise rooted in survivable distributed systems, at layers where many security […]

Tech
Christofer Hoff
- Expo Theatre (Hall G) '

Distributed Denial of Service: War Stories from the Cloud Front

Due to the rise of large-scale botnets, Distributed Denial of Service (DDoS) is making a resurgence, both in attacker capabilities and the impact on target organizations. This presentation is an overview of DDoS attacker capabilities and techniques, defenses against attacks, and lessons learned from responding to numerous DDoS attacks. The session will cover a very […]

Tech
Michael Smith
- Expo Theatre (Hall G) '

Web Application Payloads

This talk will introduce attendees to the subject and show a working implementation of Web Application Payloads that uses the “system calls” exposed by vulnerable Web Applications to collect information from, and gain access to the remote Web server. The Web application payloads implementation was developed as a part of the w3af framework, an open […]

Tech
Andrés Riancho
- Expo Theatre (Hall G) '

Sharingan – A Ninja art to Copy, Analyze and Counter Attack

Many products in the industry have or use some kind of a proprietary network protocol. Most of these protocols do not have packet level documentation in place; neither with the development team, nor with the architect. In some instances, security assessment team/auditor might be dealing with a network protocol which a third party wrote and […]

Tech
Mrityunjay Gautam
- Expo Theatre (Hall G) '

Fuzzing Proprietary Protocols – A Practical Approach

Proprietary protocols are commonly used in industrial environments and are hard to fuzz. Often, one product like a railway control centre communicates over more than 10 proprietary protocols. Usually, external attackers do not have the specifications of the protocols to write suitable fuzzers. The same applies to internal penetration testers. Even with the specifications, time […]

Turbo
Thomas Pröll
- Expo Theatre (Hall G) '

Distributed Denial of Service: War Stories from the Cloud Front

Due to the rise of large-scale botnets, Distributed Denial of Service (DDoS) is making a resurgence, both in attacker capabilities and the impact on target organizations. This presentation is an overview of DDoS attacker capabilities and techniques, defenses against attacks, and lessons learned from responding to numerous DDoS attacks. The session will cover a very […]

Tech
Michael Smith
- Expo Theatre (Hall G) '

Dissecting the Modern Threatscape: Malicious Insiders, Industrialized Hacking, and Advanced Persistent Threats

This is an intermediate to advanced level presentation that pulls from McAfee Labs research as well as real-life customers. This is original content designed to paint a clear picture of today’s threat landscape and through doing so illustrate the differences between insider threats, industrialized hackers, and APTs. Attacks are coming from all angles. In some […]

Tech
Brian Contos
- Expo Theatre (Hall G) '

Securing your network with open-source technologies and standard protocols: Tips & Tricks

We continually are asked “Does your product work with VPN X?”. This is the wrong question. The right question is whether any product on your network supports the authentication protocol you have chosen as a standard. Once you decide on a standard, the world opens up to you. Specifically, the world of open source software. […]

Turbo
Nick Owen
- Expo Theatre (Hall G) '

Sniper Forensics v2.0 – Target Acquisition

Last year at SecTor, Christopher debuted “Sniper Forensics”, which illustrates how to use live analysis techniques to improve the efficiency and accuracy of forensic investigations. Since then Sniper Forensics has been given at two other computer security conferences! Now, Sniper Forensics v2.0 Target Acquisition will cover the most asked questions asked by the audience members […]

Tech
Chris Pogue
- Expo Theatre (Hall G) '

Building the DEFCON network, making a sandbox for 10,000 hackers

David covers how the DEFCON network team builds a network from scratch, in three days with very little budget. How this network evolved, what worked for him, and what didn’t work over the last ten years. This network started as an idea, and after acquiring some kick butt hardware, has allowed them to support several […]

Tech
David Bryan
Luiz Eduardo
- Expo Theatre (Hall G) '

Building your own secure U3 launchable Windows forensic toolkit

This toolset attempts to provide a easy to use U3 drive to gather forensic data from a windows computer. The entire toolset is located on the read-only portion of the U3 drive, and reports are writen to the writeable portion.

Turbo
Jason Kendall
- Expo Theatre (Hall G) '

The Four Types of Lock

Physical security is an oft-overlooked component of data and system security in the technology world. While numerous ratings and standards exist in order classify specific security hardware, many of these standards are ill-defined and poorly-understood. Do you know what makes a “hardened” or “contractor grade” lock special? What does the phrase “high security” signify on […]

Tech
Deviant Ollam
- Expo Theatre (Hall G) '

Starting an InfoSec Company: Three Founder’s Stories

Ever wonder what it’s like to start your own InfoSec company? Join our “InfoSec Corporate Founders’ Panel” as they trade war stories, describe strategies and mishaps, and offer advice.

Tech
Robert Beggs
Dave Millier
Brian O’Higgins
Eldon Sprickerhoff
- Expo Theatre (Hall G) '

By The Time You’ve Finished Reading This Sentence, “You’re Infected”

This talk is intended to be a rapid-fire description of 25 tactics currently used by “the bad guys” so that malware STILL evades AV, web reputation filters and IDP systems and practically any defense thrown at it. Malicious content continues to be a thorn in the side of practically all Internet users. This talk will […]

Sponsor Track
Eldon Sprickerhoff
- Expo Theatre (Hall G) '

64-bit Imports Rebuilding and Unpacking

64-bit malware are coming! 64-bit malware are coming! I’ve been repeating this for the last 2 years; it’s not tinfoil hat talk anymore. With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process for malware analysis and to make it as trivial […]

Turbo
Sébastien Doucet
- Expo Theatre (Hall G) '

Beyond Exploits: Real World Penetration Testing

This presentation focused on abusing design flaws, configuration errors, and information leaks to gain access to typical environments. The open source Metasploit Framework will be used as a demonstration platform to illustrate how low-risk information leaks can be combined to gain administrative access to a target network.

Tech
HD Moore
- Keynote Hall '

Involuntary Case Studies in Data Security

It is absolutely backwards, but while the bad guys constantly share details of their exploits, including techniques, when it comes to real incidents, actual defenders rarely talk about what worked, and what didn’t. In this session, Mike Rothman will name names as he builds in-depth case studies based on publicly available information, some of which […]

Keynote
Mike Rothman
- Expo Theatre (Hall G) '

Emerging Threats, The Battle for the Access edge

Your network is under attack. Malware, Trojans, Botnets and host of other threats are alive and well in the Internet. The people who produce these threats have a new target — the wired and wireless edges of your network. To effectively detect and manage these threats you need a management platform that provides a single […]

Sponsor Track
Mark Townsend
- Expo Theatre (Hall G) '

Cloud definitions you’ve been pretending to understand

We’ve all heard talks where we nodded in agreement with the speaker when he or she launched into jargon we didn’t comprehend. In this talk Jack, assisted by sock puppets, will explain common cloud computing terminology and discuss some common misconceptions about cloud computing.

Turbo
Jack Daniel
- Expo Theatre (Hall G) '

Into the Rabbit-Hole

Since the caveman first fashioned a spear humans have been using tools to make them more efficient and effective. Unfortunately, today’s analysts often misunderstand the role tools play testing web applications. While tools can be quite good at mapping a web application’s attack surface there is still much human analysis that must be done to […]

Tech
Rafal Los
- Expo Theatre (Hall G) '

SCADA and ICS for Security Experts: How to avoid cyberdouchery

The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don’t know what the hell they’re talking about — ‘fake […]

Tech
James Arlen
- Expo Theatre (Hall G) '

Today’s Reality: Living in Compromise to Advanced Persistent Threats

Today’s network advanced persistent threats by definition evade detection by perimeter defenses and current concepts for defense in depth – whether you know it or not. Most organizations have developed an over-reliance upon network-layer, perimeter focused solutions that require signatures or profile-based foreknowledge of a given technical threat. As proven through numerous security breaches over […]

Sponsor Track
Charlie Shields
- Expo Theatre (Hall G) '

How do we prevent, detect, respond and recover from CRM failures?

In this session Kelly compares customer relations breaches with security breaches, specifically their impacts on organizations. Kelly will then compare Security incident response/handling phases to Customer Relations Breaches (detection, response and recovery), and using examples from personal experience discuss how each of these phases plays a role in effective and successful CRM. He concludes the […]

Management
Kelly Walsh
- Expo Theatre (Hall G) '

Black Berry Security FUD Free

As mobile computing devices proliferate the enterprise more ‘security’ conscious people are raising flags about mobile device security. One device which is dominant in the enterprise mobile computing world is the ubiquitous Blackberry(TM), which has quite a bit of Fear Uncertainty and Doubt surrounding it and its security controls. Rumors about blackberry compromises and confusion […]

Tech
Adam Meyers
- Keynote Hall '

The Problem with Privacy is Security

Privacy advocates tend to spend a lot of time refuting the high profile discussions about the pending death of privacy, particularly online. This focus would be better spent addressing the cause: security. Identifiable information about us pops up in places you wouldn’t expect, leaving a detailed virtual trail. Security mechanisms force the recording, monitoring and […]

Keynote
Tracy Ann Kosa
- Expo Theatre (Hall G) '

Culture Shift: Social Networking and Enterprise Environments (Security Risk vs Reward)

Social networking for most of us is becoming wrapped into our DNA. This is especially important for the next generation workforce. Additionally, the employees today and those of tomorrow will expect the capability to blog and social network with corporate assets and corporate bandwidth. Additionally, these technologies are being widely used for corporate marketing and […]

John W. Pirc
- Expo Theatre (Hall G) '

Microsoft’s cloud security strategy

As the adoption and interest in cloud computing grows, technical and business decision-makers are trying to assess the risk associated with using the cloud infrastructure. Join Mohammad Akif, the National Security and Privacy Lead for Microsoft Canada to learn about the threat landscape for cloud computing and how the industry in general and Microsoft in […]

Sponsor Track
Mohammad Akif
- Expo Theatre (Hall G) '

What’s Old Is New Again: An Overview of Mobile Application Security

The ever-increasing prevalence of mobile devices brings with it a slew of security problems. Applications running directly on mobile devices (and web apps optimized for mobile clients) are ripe for the picking even by unsophisticated attackers. The attack classes that once applied to traditional network-facing, fat client, and web applications are now valid for mobile […]

Tech
Zach Lanier
Mike Zusman
- Keynote Hall '

Today’s Face of Organized Cyber Crime: A Paradigm for Evaluating Threat

Traditional organized crime syndicates and urban street gangs are well understood by law enforcement officials. They have a hierarchy, defined geographic area of influence, and established business model. Cyber criminals, however, are more difficult to categorize. Mr. Kelly will deconstruct “organized” cyber crime and explore a new paradigm for evaluating the threat it poses to […]

Keynote
Steve Kelly
- Expo Theatre (Hall G) '

A Day in the life of APT

The term ‘Advanced Persistent Threat” has dominated the cyber security world for the last several years. This marketing construct is designed to describe a real and widespread threat, but seems to cause confusion and mockery. This presentation will cut through marketing hyperbole to walk through an attack by a sophisticated actor demonstrating the tools and […]

Sponsor Track
Adam Meyers
- Expo Theatre (Hall G) '

OMG-WTF-PDF

Ambiguities in the PDF specification means that no two PDF parsers will see a file in the same way. This leads to many opportunities for exploit obfuscation.  PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. [Well except […]

Turbo
Julia Wolf
- Expo Theatre (Hall G) '

Into the Black: Explorations in DPRK

North Korea scares people. Allegedly DPRK has a super l33t squad of killer haxor ninjas that regularly engage in hit an run hacks against the Defense department, South Korea, or anyone else who pisses of the Glorious Leader. DPRK also has no real Internet infrastructure to speak of (as dictators don’t like unrestricted information), although […]

Tech
Mike Kemp
- Keynote Hall '

Attribution for Intrusion Detection

With today’s evolving threat landscape, and the general failure of AV to keep bad guys out of the network, effective intrusion detection is becoming extremely pertinent. Greg will talk about using attribution data to increase the effectiveness and lifetime of intrusion detection signatures, both host and network. Within host physical memory, software in execution will […]

Keynote
Greg Hoglund

Sponsors


No Sponsor found.

Speakers


Dave Millier

Dave Millier

CEO - UZADO


Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]

Patrick Thomas

Patrick Thomas


Patrick Thomas is an information security researcher with Qualys and has spoken at Black Hat USA and DEFCON. He works on automated vulnerability detection tools, malware analysis, pragmatic security, and dabbles in the security implications of public policy and vice versa. He percolates and occasionally dispenses ideas on the above at CoffeeToCode.net.

Garry Pejski

Garry Pejski


Garry Pejski has worked professionally as a developer for 13 years. During this time he has created online casinos, dating websites, pharmacy software and custom applications for the power industry. During a brief period, he also wrote malware for the bad guys. Currently he works is a Technical Manager at Matrikon (now part of Honeywell), where he has been a part of numerous NERC CIP security projects.

Adam Meyers

Adam Meyers


Adam Meyers is a Senior Principal with the National Products and Offerings Division of SRA International. Mr. Meyers serves as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provides both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers has extensive experience in Penetration Testing, Security Engineering and Architecture, Wireless Communication, and Reverse Code Engineering. Mr. Meyers is a recognized speaker who has presented on topics ranging from high level business [...]

Ben Sapiro

Ben Sapiro


Ben Sapiro is the Senior Director of Security, Privacy and Compliance at Vision Critical (a SaaS company) and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school. Other than that, he’s a typical middle-aged Canadian who has worked at $companies doing $work to earn Canadian pesos. Ben is a regular contributor on LiquidMatrix Podcast (whenever we get around to recording it) and helps run BSidesTO.  

Nicholas J. Percoco

Nicholas J. Percoco


Nicholas Percoco, Senior Vice President and Head of SpiderLabs at Trustwave With more than 14 years of information security experience, Percoco is the lead security advisor to many of Trustwave¹s premier clients and assists them in making strategic decisions around security compliance regimes. He leads the SpiderLabs team that has performed more than 1000 computer incident response and forensic investigations globally, run thousands of penetration and application security tests for clients, and conducted security research to improve Trustwave's products. Percoco and his research has been featured by many news organizations [...]

Jibran Ilyas

Jibran Ilyas


Jibran Ilyas is a Senior Forensic Investigator at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, application security and security research. He has investigated some of the nation's largest data breaches and is a co-author of Trustwave's annual Global Security Reports, which provide data breach statistics and highlight latest hacker techniques. Jibran has presented talks at several global security conferences such as DEFCON, Black Hat, SecTor and SOURCE Barcelona, in the area of Computer Forensics and Cyber Crime. Jibran [...]

Derek Manky

Derek Manky


Derek Manky formulates security strategy based on years of threat and industry knowledge, with a goal to make a positive impact towards the global war on cybercrime. Manky has presented research and strategy world-wide at many security conferences, including meetings with leading political figures who help define the future of cyber security. He works globally within the security industry and Computer Emergency Response (CERT) to connect the dots, providing mitigation advice and threat forecasts based on correlated data and personal knowledge. This strategy can be integrated into new, advanced technology [...]

Pete Herzog

Pete Herzog


Peter co-Founded ISECOM, an open, non-profit, research organization with over 7000 members, www.isecom.org, created OSSTMM (version 3 to be released early June),  created Hacker Highschool, www.hackerhighschool.org and has created the Bad People Project, www.badpeopleproject.org .

Ryan Linn

Ryan Linn


Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]

Lior Frenkel

Lior Frenkel


Lior brings to Waterfall Security Solutions over 15 years of large scale software and hardware research and development expertise, combined with vast business capabilities and experience. In 2001 Lior Co-Founded Gita Technologies Ltd, a high-end security research and development company, which provides unique solutions for the defense and military markets. In 2005 Lior led the development and business activities of the Waterfall product line, which evolved and was eventually spanned off to become a stand-alone company, leading the market of unidirectional security gateways. Lior holds a B.Sc. in Computer Science [...]

David Mortman

David Mortman


David Mortman runs Security for enStratus and is a Contributing Analyst at Securosis. Previously he was responsible for operations and security for C3, LLC Formerly the Chief Information Security Officer for Siebel Systems, Inc., Before that, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, Defcon and SourceBoston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, [...]

Dave Lewis

Dave Lewis

Global Security Advocate


Dave has over two decades of industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and Huffington Post.

Zach Lanier

Zach Lanier


Zach Lanier is a Senior Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hacker's Handbook".

Fabrice Jaubert

Fabrice Jaubert


Fabrice has been a software developer in Google's Montreal office for 4 years. For the past 2 years, he has worked with his security team colleagues on Google's Anti-Malware efforts, to find and flag sites on the web that may be distributing malware.

John Andreadis

John Andreadis


John Andreadis has spent the last 10 years in Information Security, 6 of those were for the Canadian Financial institutions running InfoSec programs and projects. While at the banks John was also responsible for Vulnerability Management as well as working with IT teams on Patch management, Audit issues and Risk mitigation. John was also responsible for Security Operations and continually understanding and demonstrating the security posture of the banks. John has spent the last 3 years with Qualys as the Technical Account Manager for Canada.

Marisa Fagan

Marisa Fagan


Marisa Fagan is a Security Project Manager, responsible for managing security research and consulting engagements. She specializes in rapid development of network security tools and is recognized for her research in threat modeling and identity theft. Ms. Fagan has presented her work at SummerCon 2009 in Atlanta, Georgia and at SecurityBSides 2009 in Las Vegas, Nevada. Additionally, Ms. Fagan is active in the information security community through the Atlanta Chapter of NAISG.

Joe Klein

Joe Klein


Joe Klein is a 30-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, network security and IPv6. Mr. Klein is often requested to speak at professional security venues and routinely participates in high-level government working groups as an expert on secure implementation of IPv6. As Cyber Security Principal Architect at QinetiQ North America, Joe spends his days developing cyber security 'leap-ahead' technologies. Joe is also an active member of the IPv6 Forum and the North American [...]

Ryan Boudreau

Ryan Boudreau


Canadian Information Risk and Compliance Specialist. Ryan Boudreau is responsible for helping public and private sector organizations address the ever-evolving security and compliance landscape. He works with organizations to meet business and governance objectives while adapting to address the new compliance and data loss realities in Canada. Ryan comes from a diverse background in risk management technologies initially focusing on Business Continuity and E-discovery, and moving to more security, data loss, audit, and governance pursuits in recent years.

Kai Axford

Kai Axford


Kai Axford (MBA, CPP, CISM, CISSP, ACE, CHFI), is the National Manager for the Information Risk Management & Security practice at Accretive Solutions and he is board certified in security management. In his current role he leads a team of penetration testers that conduct exploitation testing, facility breach exercises, vulnerability assessments, and other security exercises. Kai has delivered over 300 security presentations on a variety of topics, including computer espionage, digital forensics, security management, and incident response around the world. Kai holds an MBA in Information Assurance, is a Certified [...]

Christofer Hoff

Christofer Hoff


Christofer Hoff is VP of Strategy & Planning at Juniper Networks' Security Business Unit, previously serving as chief security architect, responsible for worldwide security solutions architecture, customer advocacy, and field enablement. He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Prior to Cisco, he was Unisys Corporation's chief security architect, served as Crossbeam Systems' chief security strategist, was the [...]

Michael Smith

Michael Smith


Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfils a cross-functional role as a liaison between security, sales, product management, compliance, engineering, professional services, and marketing. Prior to joining Akamai, Mr Smith served as an embedded security engineer, security officer for a managed service provider, and security assessment team lead. He is an adjunct professor [...]

Andrés Riancho

Andrés Riancho


Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by [...]

Mrityunjay Gautam

Mrityunjay Gautam


Mrityunjay is a pass-out from the Indian Institute of Technology, Kanpur with a Bachelors and Masters degree in Computer Science and Engineering. He specializes in Machine Learning and Computer Security. He has been working with Symantec since the last four years (2006-10) where he has done kernel development for the first year and then moved-on in the Product Security Group for Symantec. His current designation is Senior Software Engineer.

Thomas Pröll

Thomas Pröll


After finishing the studies of computer science in 2001 with a diploma (master) degree, Thomas worked at the university as a systems administrator for five years. In this time, he was able to work on his doctorate (Ph.D.), which he finished in 2006. Thomas was employed at Siemens CERT for penetration tests, which he improved over the years. The main targets of his tests are all Siemens products, from Industry, Energy, Healthcare and Communications.

Brian Contos

Brian Contos


Mr. Contos has over 15 years of security engineering and management expertise. He has worked throughout North and South America, Europe, the Middle East, and Asia. At McAfee he advises government organizations and G2000s on security strategy. He has written two books including Enemy at the Water Cooler – Real Life Stories of Insider Threats, and Physical and Logical Security Convergence which he co-authored with former NSA Deputy Director William Crowell. He has delivered speeches at industry events like RSA, Interop, OWASP, CSI, ISACA, ISSA, InfraGard and eCrime. He is [...]

Nick Owen

Nick Owen


Nick Owen is a co-founder and CEO of WiKID Systems, Inc. WiKID has created a unique dual-source two-factor authentication system that uses public-key cryptography instead of the typical shared-secrets found in most systems. WiKID Nick's fourth startup. Nick was also an Entrepreneur-in-residence at the Advanced Technology Development Center in Atlanta. He is a graduate of the University of Virginia with an MBA from the University of Georgia. Nick helped design and architect WiKID's two factor authentication system and mutual https authentication system. Nick is the author of most of WiKID's [...]

David Bryan

David Bryan


David M. N. Bryan of Trustwave’s SpiderLabs David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being [...]

Luiz Eduardo

Luiz Eduardo


Luiz Eduardo is a Senior Security Engineer at NitroSecurity. With almost 20 years of experience, throughout his career he has worked with possibly all types of networking technologies on the enterprise and service provider sectors, as well as the security involved in these technologies. Luiz is the founder of the y0u Sh0t the Sheriff security conference held in Brazil and has worked on the wireless infrastructure of Blackhat, DefCon, Computer Chaos Congress and Shmoocon. As a public speaker, he has given presentations on diverse infosec topics at worldwide on conferences [...]

Jason Kendall

Jason Kendall


A Generalist SME in the Information Security field and an Open Source evangelist, Jason has been working in IS industry for over 15 years, holding certification for CE|H, GIAC GCFA, GREM, GWEB and LPIC-1. Formally, a lead developer for Joomla!, and still an active member with the Joomla! Security Strike team. In his current tenure(role) with one of the top 5 Canadian financial institution, Jason has been instrumental in the setup and configuration of various IS systems including the IDS/IPS and various security event reporting systems along with leading the [...]

Deviant Ollam

Deviant Ollam


While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Deviant runs the Lockpicking Village with TOOOL at HOPE, DEFCON, ShmooCon, etc, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the United States Military Academy at West Point, and the United States Naval Academy at Annapolis. His favorite Amendments [...]

Robert Beggs

Robert Beggs

Ethical Hacker


Robert Beggs breaks into computers and data networks. As an ethical hacker and incident responder, he identifies and closes the vulnerabilities that could be exploited to create a security breach. He has been responsible for the technical leadership and project management of multiple successful responses to data loss. His experience has driven the development of the AIM methodology, used to effectively respond to a breach. His clients range from banks and insurance companies to small and medium enterprises. Robert holds an MBA in Science and Technology from Queen's University and [...]

Brian O’Higgins

Brian O’Higgins


Brian O’Higgins is an Angel Investor and Board Member. Brian O’Higgins has over 30 years experience as a leader in security technology development for enterprise and government customers—possibly known best for his role pioneering PKI (public key infrastructure)— and as the co-founder and Chief Technology Officer of Entrust, a leading Internet Security Company.     He was also a co-founder and Chief Technology Officer of Third Brigade, a provider of security products for physical and virtualized servers that was acquired by Trend Micro in 2009.   Brian's approach to security is both [...]

Eldon Sprickerhoff

Eldon Sprickerhoff

Founder and Chief Security Strategist, eSentire


In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now, with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.

Sébastien Doucet

Sébastien Doucet


Sébastien Doucet, a.k.a. TiGa, is an expert in Metropolitan-Area Fiber-Optics Network Engineering (fancy cable guy) and Actuarial Sciences. He presently is a Security Research Engineer for nCircle in Toronto. He previously did malware analysis for ESET and was IT Security Trainer for IITAC - International Institute (www.iitac.org) where he used to give trainings on Binary Auditing and IDA Pro. His video tutorial series on IDA Pro is well-known throughout the world. He is moderator for crackmes.de and reverse-engineering.net, he also is a member of ARTeam (arteam.accessroot.com) and CostCo (www.costco.com). He [...]

HD Moore

HD Moore


HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading [...]

Mike Rothman

Mike Rothman


Mike Rothman is President of Securosis and the author of “The Pragmatic CSO.” He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. After 20 years in security, he's one of the guys who "knows where the bodies are buried.” Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike held senior positions at SHYM Technology, CipherTrust, TruSecure and eIQnetworks. After getting fed up with vendor life, [...]

Mark Townsend

Mark Townsend


Mark Townsend's career has spanned two decades in computer networking, during which he has contributed to several patents and standards in information security. He has established himself as an expert related to enterprise networking and security, with a focus on educational environments. He is a contributing member to several information security industry standards associations, most notably the Trusted Computing Group (TCG). Mr. Townsend's work in the TCG Trusted Network Connect (TNC) working group includes co-authoring the Clientless Endpoint Support Profile. He is currently developing virtualization solutions and driving interoperability testing [...]

Jack Daniel

Jack Daniel


Jack Daniel recently joined the product management team at Tenable Network Security, bringing more than 20 years of IT security expertise bear. In addition to his position at Tenable, Daniel is co-Founder of Security Bsides and Director of the National Information Security Group (NAISG), a non-profit organization focused on promoting IT security awareness. Before joining the company , he served as Community Development Manager at Astaro AG, a Sophos company, where he grew Astaro's partner and customer, and IT and security communities.

Rafal Los

Rafal Los


Senior Security Specialist and Web Application Security evangelist with Hewlett-Packard�s Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application [...]

James Arlen

James Arlen


James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]

Charlie Shields

Charlie Shields


Mr. Shields has over 10 years experience in the Security field working with various security technologies. He is currently employed by NetWitness Corporation, working as a Systems Engineer. While with NetWitness, Mr. Shields has worked on large scale security monitoring initiatives for fortune 1000 companies in the financial, retail, and technology Industries. Mr. Shields also has extensive experience working with VARs, working with fortune 1000 companies to identify and implement security solutions.

Kelly Walsh

Kelly Walsh


Kelly has spent the last 12 years dedicated to security and privacy risk management, engaged by clients to identify security or privacy risks to organizations, and recommend practical, cost-effective, and implementable solutions to mitigate those risks. He has worked as a consultant for both Federal and Provincial Governments, various financial, telco and utilities providers, and served as a Signals Officer with the Canadian Forces. Kelly holds CISSP, CISM, & CPP certifications and has received advanced training taken with the RCMP and CSEC. Kelly is the founder and CEO of WNCS [...]

Tracy Ann Kosa

Tracy Ann Kosa


Tracy Ann Kosa is currently a Privacy Impact Assessment Specialist with Government of Ontario PIA Centre of Excellence. She has 10 years of privacy experience across Canada working with federal and provincial legislation in the public and private sectors. A regular participant at international programs on privacy, her current research areas include the privacy implications of IDS, geo-locational privacy standards, and creating privacy design requirements. Ms. Kosa has recently decided to undertake a mission others have labeled 'crazy'. Her Mom says she's really proud of her (although she'd be mortified [...]

John W. Pirc

John W. Pirc


John has 15 years of security experience in security research, worldwide product management, development, marketing, security product testing, forensics, advance persistent threat’s, critical infrastructure architecting and deploying enterprise-wide security solutions for both public and private organizations worldwide. John has worked for the Central Intelligence Agency in Cyber Security, CTO at Computer Systems Group LTD, product manager for Cisco's IPS product line, product line executive for all security products at IBM Internet Security Systems and most recently for McAfee’s Network Defense Business Unit with McAfee’s Firewall Enterprise solution and currently working [...]

Mohammad Akif

Mohammad Akif


Mohammad Akif is the National Security and Privacy Lead for Microsoft. He has worked in the industry for over 15 years and has published a number of books and articles. Mohammad spends a significant amount of time working with Microsoft’s major customers in the financial, energy, healthcare and public sectors to help improve their security postures and refocus their IT security departments away from yesterday’s threats and onto the modern threat landscape. He is a frequent speaker at security conferences in Canada and worldwide.

Mike Zusman

Mike Zusman


Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. [...]

Steve Kelly

Steve Kelly


Mr. Kelly is a Supervisory Special Agent and Unit Chief in the Federal Bureau of Investigation’s Cyber Division in Washington, DC. Mr. Kelly provides national program management for investigations addressing criminal cyber threats, including intrusion, dissemination of malicious code, Internet fraud schemes, and identity theft. He also oversees FBI’s Cyber Crime Task Force program, which partners local field offices with other federal, state, and local agencies to address the cyber threat. Prior to arriving at FBI Headquarters, Mr. Kelly was the supervisor of the Cyber Squad in the FBI’s Indianapolis [...]

Julia Wolf

Julia Wolf


Julia Wolf is the senior security researcher at FireEye's Malware Intelligence Labs where she works on reverse-engineering the latest malware threats and building advanced detection mechanisms. She also does exploit R&D, cryptanalysis, and other low-level bit-twiddling stuff.

Mike Kemp

Mike Kemp


Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research [...]

Greg Hoglund

Greg Hoglund


Greg Hoglund is the CEO and Founder of HBGary, Inc. He has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), Greg created and documented the first Windows NT-based rootkit, founding www.rootkit.com (rootkit.com) in the process. Greg went on to co-found Cenzic, Inc. (cenzic.com) through which he orchestrated numerous innovations in the area of software fault injection. He holds two patents. Greg is a frequent speaker at Black Hat, RSA and other [...]