Preparation, Identification, Containment, Eradication, Recovery and Follow-up are nice to say and do – but how does one actually investigate an incident. Jason has been working on a methodology for the past 4 years while being exposed to incidents in a high value institution. In an effort to continue fine tune, Jason wants to present […]
Well, there’s malware on the interwebs. They’re pwning all your systems, snatching your data up. So hide your cards, hide your docs, and hide your phone, ’cause they’re pwning er’body out there! This may be the 3rd and final installment of the Malware Freak Show series, so we’re pulling out all the stops. This year […]
Hackers think differently. They create new, innovative, and novel solutions to technical problems that are often deemed too difficult to solve. From Thomas Edison to Steve Wozniak to Richard Stallman, hackers have helped shape the world we live in. Corporations, on the other hand, are generally more rigid in their approaches to problem solving and […]
Security risk analysis techniques are either too complex to be understood by the business or too simple to provide repeatable and meaningful results. Without a proper understanding of the risk associated with security events, businesses are likely to misunderstand the risk that security professionals are working to control. This talk will announce a new, peer […]
This presentation will be about the comparison of Flash USB Drives & Solid State Drives VS. Conventional Hard Drive for Data Recovery and Forensics. This presentation is also done with 3D ANIMATIONS that rival the History Channel! As we are all aware, solid state hard drives are going to overtake the hard drives soon rather […]
Ever woken up to a news story about a major Cloud issue and realized it didn’t just happen to the other guy? Along with Cloud adoption, there is often a feeling of loss of control, especially when we see or experience issues such as outages, security breaches and information leakage. Ever more frequently service providers […]
The last decade has seen network security products become as standard as routing and switching. In an effort to differentiate themselves, vendors have pushed the “simplicity of deployment” marketing message, to sell more devices. In concert, the threat landscape has become more organized, more directed, and more sophisticated. So in this age of “do less […]
This presentation will discuss the options available to automate the conduct of vulnerability assessment and penetration testing engagements, and the reporting processes. The most important parts of running a security test are following a consistent methodology, utilizing the appropriate tools and their configuration, data management, getting accurate results, manual validation, and standardized reporting. The goal […]
Most of the material out there today on cloud security is all about how it is more/less secure then managing things internally and very little of the material focuses on the fundamental differences between internal vs external hosting. And while there has been some discussion of the actual issues (with a few notable exceptions) they […]
The mobile worker population grew to 1 billion in 2010 and over 250 million smart phones and other innovative devices were shipped and connected to the internet. This phenomenon is forecasted to grow by 25% annually through to 2013. 44% of users (Forester) have bought their own devices and want to connect them to their […]
Everyone is fired up about the cloud. Per usual, that means most businesses are rushing headlong into the abyss with nary a concern of security or risk management. Yeah, we all know how this ends. And most practitioners don’t even know what they don’t know at this point. Mike will provide the unvarnished truth about […]
At no other point in the evolution of computing has user experience (as well as attack surface) been so defined by a single piece of software as it is today. Still, no authoritative picture of the true defensive capabilities of the three major web browsers has existed. A team of Accuvant Labs researchers have been […]
This talk will cover how new US legislation and regulations are going to affect cyber security in the coming months. It will discuss, among other things, the new cresit card security specification, PCI DSS 2.0, the US Governments “Cyber 3” initiative, and cybersecurity legislation in front of the US Congress. It will also cover new […]
For well over a decade cyber-crime has steadily risen at incredible rates across the world. How is this possible with so many law enforcement and security vendors out there trying to solve the problem? Over the past eleven years viruses and trojans have evolved into a never ending deluge of crimeware campaigns. How is this […]
Most malware uses HTTP/HTTPS to call home or install other parts of a malicious action. Since thousands and thousands of samples appear daily, it is almost impossible to create signatures to dectect all malicious activities. Based on this problem, we started to analyze common headers and behaviors for malicious connections based on Spiderlabs research analysis […]
Dave Millier will talk about gathering information from various sources (security and system logs, reports, processes, people, etc), and turning it into meaningful reports and dashboards that can be used to track compliance of various standards and regulations, including PCI, CobiT, SOX, NERC CIP, and others. Rather than focusing on any particular technology, Dave will […]
The Chief Information Security Officer role is transitioning through unprecedented change in information technology, in both scope and pace. CISOs must learn to adapt in kind and support the four ‘personas’ of the CIO, where the I stands for Infrastructure, Integration, Intelligence and Innovation. This panel will address the trends and adaptation strategies necessary to […]
So you have a firewall, AV, IDS, patch management and more. Nobody is getting in. Somehow Fake-AV and malware still rear their ugly heads from time to time, but things feel pretty safe. Others in this same situation are still making the news. This talk will look at how a single foothold can lead to […]
IT Security Professionals have more threats to deal with today than at any previous point in history; and it is only going to get worse. There is more malware, more threats (spam, botnets, etc.) and more potential areas of risk as we expand our need to collaborate either socially or for business efficiency to achieve […]
For years businesses have been mining and culling data warehouses to measure every layer of their business right down to the clickstream information of their web sites. These business intelligence tools have helped organizations identify points of poor product performance, highlighting areas of current and potential future demand, key performance indicators, etc. In the information […]
The field of Computer Forensics moves more and more in the direction of rapid response and live system analysis every day. As breaches and attacks become more and more sophisticated the responders need to continually re-examine their arsenal for new tactics and faster ways to process large amounts of data. Timelines and super-timelines have been […]
2011 is the year that IPv6 really matters! Even if you do not need to deploy it immediately, you should begin planning for IPv6, including making sure your infrastructure and your ISP can support it. Join us as world IPv6 expert Cricket Liu, author of several books on DNS and IPv6 presents on a variety […]
It’s time for your annual, mandated penetration test. It may not be accurate, but who cares? You passed! Your boss has a “warm fuzzy”! But where is the business value in testing the perimeter if the perimeter is not the target? It’s time we stopped kidding ourselves and started looking at testing that actually does […]
The BlackBerry PlayBook is Research In Motion’s foray into a new mobile operating environment. Featuring TabletOS, built on the QNX RTOS and a user experience built predominately on the Adobe AIR platform, the PlayBook quickly stirred up critical reactions — but also praise, having been certified for use by the U.S., Australian, and Russian governments. […]
No matter what anyone tells you, no investigation is complete or comprehensive if it only includes host-based forensic analysis. The fact is the host never has all of the relevant information, and there are way too many techniques for ensuring that no incriminating evidence is ever left on the disk. Because of this reality, it […]
There’s a brave new frontier for IT Security – a place where “best practices” does not even contemplate the inclusion of a firewall in the network. This frontier is found in the most unlikely of places, where it is presumed that IT Security is a mature practice. Banks, Financial Institutions and Insurance Companies. High Speed […]
For the last few years computer forensic investigators have been singing the praises of Kristinn Gudjonsson’s Log2timeline, a tool that has revived time based artifact analysis despite the use of tools like Vinnie Liu’s Timestomp. This talk will take another look at time lines, but not for their temporal data. We’ll see how even without […]
Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests brings the SecTor audience the most massive collection of weird, downright bizarre, freaky, and altogether unlikely hacks ever seen in the wild. This talk will focus on those complex hacks found in real environments – some in very high end and important systems, […]
It is a common practice for Social Media sites such as Facebook, MySpace and LinkedIn to be used as components in background and security checks, both in law enforcement and as part of modern hiring practices. In most cases, our social media “shadow” is either a neutral or a positive influence in these processes. However, […]
Live memory forensics is a fun (and effective) way to find an attacker’s footprints on a machine. Michael will provide a brief introduction to the basics of memory forensics on Windows systems, then show how to use several free tools to investigate a running system (or a memory image) for indications that an attacker has […]
“Mapping The Penetration Tester’s Mind” will present tools, methodologies, standards, and frameworks that are used during an active security engagement. This will give the attendees a broad understanding of how a penetration tester locates and determines what is a target, how vulnerabilities are located, what a penetration tester does to actively gain access, and how […]
Wireless technology is exploding in popularity. Businesses are not only migrating to wireless networking, they are steadily integrating wireless technology and associated components into their wired infrastructure. The demand for wireless access to LANs is fueled by the growth of mobile computing devices and a desire by users for continual connections to the network without […]
Targeted malware attacks are particularly dangerous to NGOs and other organizations that take real-world risks while often having little if any IT security budget. In this talk, Seth will describe a variety of targeted malware attacks observed in the wild against human rights organizations, and the techniques (both social and technical) that they use to […]
A recent IDC survey found that 52% of insider threats were perceived as accidental and 19% thought to be deliberate. Although 82% of CxOs said they did not know if incidents were deliberate or not, 62% were unclear of the source of their company’s insider risk and could not accurately pinpoint or quantify the nature […]
This talk will introduce the audience to the nuts and bolts of Android hacking. Patrick and Veytsman will demonstrate how to take apart an Android application and hunt for vulnerabilities. Topics covered include hunting for goodies in files stored on the device, reverse engineering applications, identifying broken crypto implementations and using remote debugging to execute […]
Thousands of legitimate web sites serve malicious content to millions of visitors each and every day. Trying to piece all the data together to confirm any similarities between possible common patterns within these websites, such as re-directors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be […]
Mr. Barlow will discuss the current state of the nation in regards to security, and what happens when all of the shiny security tools, appliances, models and measures put in place fail in a bad way. Mr. Barlow will voice his personal and possibly controversial feelings on why today’s security measures fail and what he […]
Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfills a cross-functional role as a liaison between security, sales, product management, […]
The acceptance and integration of mobile phones, specifically smartphones, into our everyday life has allowed for these devices to penetrate deep into secure areas. The ability to have your phone along with you at any moment of the day feeds our needs for social media, email, business, and pleasure. This ability and access has allowed […]
The volume, variants and sophistication of security attacks is increasing exponentially. As Internet traffic volume increases, high-powered security devices such as unified threat management (UTM) platforms are needed to protect the data center from malware, denial of service attacks and loss of confidential data. This presentation will discuss security threats, countermeasures and security testing that […]
We in information security don’t often call the fuzz when we get hacked. We fear that the cops would a) rush in, shut us down and mill about in the lobby for 15 days in blue windbreakers, drinking coffee and being suspicious, or b) not understand the nature or the specifics of the problem and […]
As Near Field Communications (NFC) is integrated into our daily lives more and more (credit/debit cards and mobile payments, transit systems, ticketing systems), application developers should understand the risks of implementing NFC in mobile applications. This talk covers several current and proposed NFC implementations with case studies including attacks and mitigations, as well as the […]
This talk will explain disc detainer locks from their basic function to the highest security models. We will examine their emergence in various world markets, particularly their recent emergence in the North America. Schuyler will demonstrate known vulnerabilities from picking, to impressioning to low-cost key duplication. The goal of this talk is to introduce audience […]
I am a sniper. I hunt malware. Specifically, I hunt malware that is committing a crime. Memory Dumpers, Key Loggers, and Network Sniffers are the enemy. The enemy can take on any form, he deploys stealth to hide from me. To know the enemy, I have to know HOW he works, not just what his […]
Krebs’s talk will focus on the bizarre business of rogue Internet pharmacies. Krebs has logged hundreds of hours of interviews with the proprietors of the two largest online pharmacies, and has access to more than four years’ worth of data on who bought and sold drugs for these programs. Told through the eyes of the […]
Cubical warfare is currently in an up raise. One Nerf gun can cause an arms race escalating beyond current weaponry either from common concept of High Performance Culture, to downright nastiness of co-workers. My goal is to educate attendees to take normal run-of-the-mill soft dart weapons, and make them into weapons of mass pain. Topics […]
There’s a general myth that botnet operators are opportunistic in their building strategy. In some older and sloppier cases they are but things have moved on. The ecosystem that supports botnet building is increasingly indistinguishable from legitimate Internet businesses – countless shades of gray – and most aspects of that business are well planned and […]
Espionage is all about collecting information. Today, information is stored on computers and networks, making them potentially accesible from anywhere in the world. As a result, state-sponsored espionage is happening increasingly with computer attacks such as backdoors and remote trojans. Why was RSA Security hacked in spring 2011? How did they do it? Come and […]
A Generalist SME in the Information Security field and an Open Source evangelist, Jason has been working in IS industry for over 15 years, holding certification for CE|H, GIAC GCFA, GREM, GWEB and LPIC-1. Formally, a lead developer for Joomla!, and still an active member with the Joomla! Security Strike team. In his current tenure(role) with one of the top 5 Canadian financial institution, Jason has been instrumental in the setup and configuration of various IS systems including the IDS/IPS and various security event reporting systems along with leading the [...]
Nicholas Percoco, Senior Vice President and Head of SpiderLabs at Trustwave With more than 14 years of information security experience, Percoco is the lead security advisor to many of Trustwave¹s premier clients and assists them in making strategic decisions around security compliance regimes. He leads the SpiderLabs team that has performed more than 1000 computer incident response and forensic investigations globally, run thousands of penetration and application security tests for clients, and conducted security research to improve Trustwave's products. Percoco and his research has been featured by many news organizations [...]
Jibran Ilyas is a Senior Forensic Investigator at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, application security and security research. He has investigated some of the nation's largest data breaches and is a co-author of Trustwave's annual Global Security Reports, which provide data breach statistics and highlight latest hacker techniques. Jibran has presented talks at several global security conferences such as DEFCON, Black Hat, SecTor and SOURCE Barcelona, in the area of Computer Forensics and Cyber Crime. Jibran [...]
Joe Grand is the President of Grand Idea Studio, where he specializes in the invention, design, and licensing of consumer product. Joe was a co-host of Prototype This! on Discovery Channel, an engineering entertainment show that has aired around the world and followed the process of four people building crazy, one-of-a-kind prototypes. Joe is a former member of the legendary hacker collective L0pht Heavy Industries and has testified before the United States Senate regarding homeland computer security. He has spent almost two decades finding security flaws in hardware devices and [...]
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Currently Scott Moulton runs a data recovery company called MyHardDriveDied.com as well as classes teaching his techniques to both the public and private sectors. Scott focuses his efforts on dispelling the myths of data recovery by showing how you can rebuild your own hard drives, perform data recovery for investigations or as business venture. Scott Moulton began his forensic computer career with a specialty in rebuilding hard drives for investigation purposes and has rebuilt hard drives for many many investigations. Many times working on a case, Mr. Moulton will be [...]
Co-Founder, SecTor
A self-proclaimed IT security and privacy geek, Bruce is the co-founder of SecTor. He is also a founding member of the Toronto Area Security Klatch (TASK), and an active member of numerous other security and privacy related organizations across North America. Bruce co-founded SecTor because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters where today he manages Microsoft’s security policies and standards program. Aside from his [...]
John Trollinger is a passionate network security professional with over a decade of experience building and marketing security products and solutions, with companies such as HP and Cisco. John is currently an HP Network Security Solutions Marketing Manager, helping customers meet the business and security challenges that their organizations face. John believes a singular philosophy is the basis of success; Listen to the customer and the market – and solve real-world problems. John has been quoted in several magazines and papers, as well as appeared on industry television shows. John [...]
SANS Instructor
Adrien de Beaupré is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response, and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). Adrien is actively involved with the information security community, and organizes the BSidesOttawa conference. When not geeking out and breaking stuff he can be found with his family, or at the dojo.
David Mortman runs Security for enStratus and is a Contributing Analyst at Securosis. Previously he was responsible for operations and security for C3, LLC Formerly the Chief Information Security Officer for Siebel Systems, Inc., Before that, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, Defcon and SourceBoston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, [...]
Nicholas (Nic) Wetton who graduated from the University of London, London and the Ross School of Business, Michigan, has worked in Information Technology for over 20 years and for the past 10 years in the area of Information Security and Risk. Nic has primarily focussed in the area of Financial Services and helping organizations address the ever changing regulatory, risk and security landscapes facing them.
President, Securosis
Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.
Shawn Moyer is a Managing Principal Research Consultant with Accuvant Labs. Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times. Shawn is an eight-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.
Bill Roth joined LogLogic in 2009 from BEA, where he served as Vice President of the BEA Workshop Business Unit. Prior to BEA, Roth was Chief Technical Evangelist at Epiphany. With over 20 years in this industry, Roth has played numerous product marketing, product management and engineering roles at companies like Sun Microsystems, Morgan Stanley, and GSI Commerce. Roth is also Editor-At-Large for Sys-Con Publications, and was recently named to the "Top 30 Cloud Computing Bloggers" list world-wide. Roth has an M.S. in Computer Science from the University of Wisconsin.
Sean is an active senior threat research analyst at Damballa. He specializes in the analysis of signatures and behaviors used by the botnets and the cyber-criminal community. Sean focuses his time learning tools, techniques, and procedures behind attacks and intrusions related to various persistent threats. Sean has worked in several Information Systems Security roles for various firms and customers over the past decade across United States. Most notably he has spent several years performing black box penetration testing, incident response, and intrusion and intruder analysis for Fortune 100 companies, the [...]
Security Researcher
Rodrigo “Sp0oKeR’’ Montoro has more than 20 years of experience in Information Technology and Computer Security. Most of his career worked with open source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently, he is Head of Threat & Detection Research at Clavis Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Tempest Security, Senior Security Administrator at Sucuri, Researcher at Spiderlabs. Author of 2 patented technologies involving [...]
CSO of Quick Intelligence
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave [...]
Jack Daniel recently joined the product management team at Tenable Network Security, bringing more than 20 years of IT security expertise bear. In addition to his position at Tenable, Daniel is co-Founder of Security Bsides and Director of the National Information Security Group (NAISG), a non-profit organization focused on promoting IT security awareness. Before joining the company , he served as Community Development Manager at Astaro AG, a Sophos company, where he grew Astaro's partner and customer, and IT and security communities.
Gal Shpantzer is a trusted advisor to CSOs of large corporations, tech startups, universities and non-profits. Gal has been involved in multiple SANS Institute projects, including co-editing the SANS Newsbites from 2002-2008, revising the E-Warfare course and presenting SANS@Night talks on cyberstalking, CAPTCHAs and endpoint security. In 2009, Gal founded the privacy subgroup of the NIST Smart Grid cybersecurity task group, resulting in the privacy chapter of NIST IR7628. He is a co-author of the Managing Mobile Device Security chapter in the 6th ed. Vol 4 of the Information Security [...]
Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfils a cross-functional role as a liaison between security, sales, product management, compliance, engineering, professional services, and marketing. Prior to joining Akamai, Mr Smith served as an embedded security engineer, security officer for a managed service provider, and security assessment team lead. He is an adjunct professor [...]
Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]
Paul is the Director for Solutions Strategy for Symantec (Canada) Corporation and has the primary responsibility of engaging with Director to C-level executives in discussions focused on Symantec's strategy and vision as a global leader in infrastructure and security software. With 20+ years of experience in the areas of finance, management, education and information technology, Paul has had the opportunity to travel throughout North America educating some of the world's largest organizations on how to solve a variety of IT challenges. He has presented and keynoted at numerous conferences and [...]
Ed is the CEO of Risk I/O a vulnerability management Software as a Service that centralizes, correlates and automates the entire stack of security vulnerabilities and remediation workflow. Prior to Risk I/O, Ed served as the Chief Information Security Officer for Orbitz, the well-known online travel agency where he built and led the information security program and personnel for over 6 years. Ed has 20 years of experience in information security and technology. He is a frequent speaker at information security events across North America and Europe. Past talks have [...]
Grayson Lenik is Director of Digital Forensics and Incident Response, part of Nuix’s Cyber Threat Analysis Team. He has worked in information security and digital technology for more than 20 years. Grayson has researched and presented on anti-forensics, cybercrime operations, and incident response methodology at conferences including DEFCON, SecTor, NetDiligence Cyber Risk Forum, International Association of Financial Crimes Investigators, and Electronic Crimes Special Agent Program. Grayson regularly instructs law enforcement and private organizations in incident response and digital forensics. He was the primary instructor for the United States Secret Service [...]
Cricket Liu is the co-author of all of O'Reilly's Nutshell Handbooks on the Domain Name System, DNS and BIND, "DNS on Windows NT," DNS on Windows 2000, DNS on Windows Server 2003, DNS & BIND Cookbook, and DNS & Bind on IPv6 and was the principal author of "Managing Internet Information Services." Cricket is Infoblox's Vice President of Architecture and Technology and General Manager, IPv6 Center of Excellence and serves as a liaison between Infoblox and the DNS community. He worked for HP for nearly 10 years, where he ran [...]
Kai Axford (MBA, CPP, CISM, CISSP, ACE, CHFI), is the National Manager for the Information Risk Management & Security practice at Accretive Solutions and he is board certified in security management. In his current role he leads a team of penetration testers that conduct exploitation testing, facility breach exercises, vulnerability assessments, and other security exercises. Kai has delivered over 300 security presentations on a variety of topics, including computer espionage, digital forensics, security management, and incident response around the world. Kai holds an MBA in Information Assurance, is a Certified [...]
Zach Lanier is a Senior Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hacker's Handbook".
Ben is a consultant with the Intrepidus Group, specializing in network and application penetration testing. Ben has performed security assessments for a diverse client base, including S&P 500 corporations, US government entities, and public utilities. Prior to joining Intrepidus Group's professional services team, Ben performed consulting services for both corporate and government organizations, providing security engineering, incident response, and security assessment services. In his spare time, Ben is active in the application security community, volunteering with OWASP and speaking regularly at local application security events in the Washington D.C. Metro [...]
Jason Mical is a network forensic specialist for AccessData. In this role Jason is responsible for the global management of AccessData's Network Forensic solutions and assists AD's customers with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incidence response, privacy, asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to customers and other audiences on issues of electronic, computer, and physical security investigations. Jason has over 19 years experience in telecommunications fraud prevention, physical security management and [...]
CISO
James Arlen is Aiven.io’s CISO bringing a mix of security and engineering background to DBaaS (database as a service). Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Aiven.io, James is a Contributing Analyst at the research firm Securosis, blogger/podcaster with Liquidmatrix Security [...]
At age 13 Dave Hull was inspired by David Lightman to pursue a career in information security. Puberty had other plans. Years later after giving up his dream of being a foreign correspondent in Soviet Russia and having just failed a course in Pascal, Hull took a job as a Delphi developer for a wholesale liquor distributor, the company parties were apparently amazing, no one can remember. After a year of coding and boozing, Hull went to work at a research university where he spent the next 12 years. During [...]
Consultant
Rob VandenBrink is a consultant with Coherent Security in Ontario, Canada. He is also a volunteer with the Internet Storm Center (https://isc.sans.edu), a site that posts daily blogs on information security and related stories. His areas of specialization include all facets of Information Security, Network Infrastructure, Network and Datacentre Design, Automation, Orchestration and Virtualization. Rob has developed tools for ensuring policy compliance for VPN Access users, a variety of networking tools native to Cisco IOS, as well as security audit/assessment tools for both Palo Alto Networks Firewalls and VMware vSphere. [...]
Michael J. Graven is a director at Mandiant, a leading incident response firm for Fortune 500 companies, governments and financial institutions. Michael has worked on internetwork and system security since 1989, in environments as large as AT&T and Netscape and as small as twenty-person start-ups. He earned degrees at Northwestern University and Stanford University. He likes Belgian waffles and Minnesota beer, is a native Californian and a snowboarder, but he does not surf.
Nicholas (Kizz MyAnthia) Donarski is an Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Nicholas has seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.
Kent Woodruff, CISSP, GAWN is currently Chief Security Analyst with Motorola AirDefense. He is responsible for wireless security research and technical support and guidance for the Motorola AirDefense sales team. Mr. Woodruff applies a keen understanding of industry trends and technology, leveraging his experience in demonstrating the vulnerabilities of wireless networks, as well as how such vulnerabilities can be mitigated. Mr. Woodruff has over 24 years experience in the IT field, with a wide variety of technologies including software development for embedded systems; wireless security assessments and mobile device management; [...]
Mr. Garcia provides Audit, Security, Logging and SIEM solutions to fortune 500 companies around the globe. Mr. Garcia possess over 10 years of IT Security Infrastructure design and development experience. He has also developed deep risk and threat analysis expertise while building and managing an Enterprise Wide SOC. Mr. Garcia has deep insights into detecting threats using real-time monitoring solutions while working with a number global customers to develop and create compliance reports, security incident reports and real time assessment of critical threats.
Maxim Veytsman is a Security Consultant with Security Compass. Maxim has performed security assessments for clients in the financial, resource management, and public sectors. He specializes in web penetration testing and mobile security reviews. Maxim leads development of mobile training at Security Compass. Prior to joining Security Compass, Maxim worked in web development and in the gaming industry. Maxim studied Computer Science and Mathematics at the University of Toronto.
Patrick Szeto is a Security Consultant with a strong background in information security spanning over a decade. He is a specialist in application security reviews, penetration tests, source code analysis and secure coding methodologies. Prior to the information security field, Patrick's experience included software development in the telecommunications and energy markets. Patrick has performed extensive application security assessments for various Fortune 500 clients in the information technology, financial services, data management, telecommunications, national retail and health care sectors. Patrick has also developed vulnerability signature detection tools and application security testing [...]
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques. Stephan has released public analyses on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer working in research and product development at eEye Digital Security.
Mr. Barlow has over 15 years of experience in the IT field, the majorly of it in the IT Security realm. He is the founder of the Atlantic Security Conference and the Halifax Area Security Klatch and is has been recognized by Digital Nova Scotia as an Industry Leader. When he is not performing penetration testing or other security related work Travis is an avid sportsman and angler and also enjoys whitewater kayaking, and extreme winter survival camping.
Areg brings over 13 years of business skills and technical acumen to product development, product management, business development, and entrepreneurial problem-solving challenges. Throughout his career, he has developed and delivered innovative telecommunications and information security products and solutions enabling converged network infrastructures for enterprises and service providers around the world. Areg has held progressively influential technology and management roles at industry leaders such as 3Com, Symmetricom, Radialpoint and Azimuth Systems – a leading provider of wireless and broadband test equipment which Areg co-founded in 2002, raising $5.8M in VC funding. [...]
Nick Selby was sworn as a police officer in 2010. He has been an information security analyst and consultant for nine years, and has worked in physical security and intelligence consulting in various roles since 1993. In 2005 he established the information security practice at industry analyst firm The 451 Group, and from 2006-2011 served on the faculty of IANS Research. Since 2008 he has focused on law enforcement intelligence. He is the technology columnist for Law Officer Magazine, and co-founder of Police Led Intelligence and CSG Analysis.
Corey is a Principal Consultant with the Intrepidus Group, specializing in mobile application security. He has performed code reviews and conducted mobile application penetration tests for numerous Fortune 500 clients on a multitude of platforms, such as Android, BREW, RIM, and iOS. He has worked with nationwide telecommunication companies to help ensure the security of wireless architectures, systems, and applications. Prior to joining Intrepidus Group's professional services team, Corey served as a Senior Consultant at Foundstone. During his tenure at Foundstone, he was an integral part of their assessments practice, [...]
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Brian Krebs is editor of krebsonsecurity.com, a daily blog dedicated to in-depth cyber security news and investigation. Most recently, Krebs was a reporter for The Washington Post, where he covered Internet security, cyber crime and privacy issues for the newspaper and the Web site. Krebs got his start in journalism at The Post in 1995, and has been writing about computer security, privacy and cyber crime for more than a decade. Earlier this year at the RSA Security Conference, KrebsOnSecurity.com was named the blog that best represents the security industry. [...]
Gunter Ollmann has a long-held passion for threat research and currently serves as Vice President of Research at Damballa, where he is focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Prior to joining Damballa, he held the role of Chief Security Strategist at IBM, was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, and was the key IBM spokesperson on evolving threats and mitigation techniques. Ollmann also served [...]
Chief Research Officer, F-Secure
Mikko Hypponen is a cyber war veteran and the Chief Research Officer of F-Secure. He has been reverse engineering malware since 1991. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and lectured at the universities of Stanford and Cambridge. He's also the Curator for the Malware Museum at the Internet Archive.