Faculty
Industry Experience: Aaron Turner is currently the President of IntegriCell, a mobile risk management consultancy. IntegriCell was founded with the goal of helping companies understand the risks associated with mobile technologies and helping them manage those risks appropriately. Whether it be understanding how the digital underground harvests mobile devices for the information contained on them, or how employees are at risk of real-time wiretaps while they are traveling internationally, IntegriCell’s advisory services and technology integration expertise enables better risk management for organizations of all sizes. Prior to IntegriCell, Aaron was the Co-Founder and CEO of RFinity, a mobile security technology startup formed as the result of research conducted at the US Department of Energy’s Idaho National Laboratory (INL). While at INL, he collaborated with a team of information security experts to design the world’s first large-scale testing effort to evaluate how critical infrastructure has become dependent on computing systems and the resulting vulnerabilities that those dependencies cause.
Aaron’s focus on critical infrastructure and technology began while working for over 7 years at Microsoft in many of the company’s security divisions. Significant projects that Aaron worked on while at Microsoft included creating and deploying the company’s first global information security readiness curriculum, facilitating interactions between Microsoft technologists and US Law Enforcement, participating in the resolution of global-scale security incidents such as Code Red, Slammer and Blaster and working with security experts in more than 25 countries around the world to develop information security programs.
Industry Experience: Adrian Lane is a CTO and Analyst at Securosis, bringing over 22 years of industry experience to the research team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on "the other side" as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, and regularly contributes to Dark Reading, Information Security Magazine and other security publications. Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University.
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups.
Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security
Forum. Alex is a founding member of the Society of Information Risk
Analysts, and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog. Some of his earlier thoughts on risk can be found at the Riskanalys.is blog.
Industry Experience: Angela Orebaugh is a cyber security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on cyber security strategy, management, and technologies.
Ms. Orebaugh is involved in several security initiatives with the National Institute of Standards and Technology (NIST), including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP) project, and secure eVoting. She is also the Director of Research and Academic Integration for the Information Assurance Technical Analysis Center (IATAC), where she bridges academia, government, and industry by performing outreach and collecting, analyzing, and disseminating IA research from academia, IA labs, and industry research centers.
Ms. Orebaugh is an Adjunct Professor for George Mason University where she performs research and teaching in intrusion detection, cyber forensics, and cybercrime. She developed and teaches the Intrusion Detection curriculum, a core requirement for the Masters in Computer Forensics program in the Department of Electrical and Computer Engineering. Her current research interests include peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profiling, network forensics, behavioral biometrics, and cyber psychology.
Ms. Orebaugh is the author of the Syngress best seller's Nmap in the Enterprise, Wireshark and Ethereal Network Protocol Analyzer Toolkit, and Ethereal Packet Sniffing. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. Angela is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and The Institute for Applied Network Security.
Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security.
Caleb Sima was most recently CEO of Armorize Technologies, an internationally acclaimed, SaaS-based Web Malware monitoring and code security analysis firm headquartered in San Francisco. Before his tenure at Armorize, Caleb served as Chief Technology Officer for HP’s Application Security Center and was responsible for directing the lifecycle of the company’s web application security solutions. He joined HP following the acquisition in 2007 of SPI Dynamics, the company he co-founded and led as CTO, where he oversaw the development of WebInspect - a solution that set the bar in Web application security testing tools. Prior to co-founding SPI Dynamics in early 2000, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a Security Engineer for S1 Corporation. Caleb has been engaged in the Internet security arena since 1996 and has become widely recognized as a leading expert in web security, penetration testing and the identification of emerging security threats. His pioneering efforts and expertise in web security have helped define the direction of the web application security industry. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC). He is also a Microsoft Most Valuable Professional (MVP) in Visual Developer Security, a frequent speaker, press resource, and is featured regularly in the Associated Press and global security media.
Industry Experience: Mr. Hoff is Director of Cloud & Virtualization Solutions at Cisco Systems where he focuses on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Previously, he was Unisys Corporation’s Chief Security Architect, served as Crossbeam Systems' chief security strategist, was the CISO and director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.
Hoff is interviewed regularly by the media and press, is a featured guest on numerous podcasts and has keynoted and presented at numerous high-profile security conferences including Black Hat, DefCon, Microsoft's Bluehat, Source, SecTor, FIRST, SANS and Troopers.
Hoff is a founding member and technical advisor to the Cloud Security Alliance, founder of the CloudAudit project and the HacKid conference and blogs at www.rationalsurvivability.com/blog
Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005. Hoff is a 2010 Microsoft MVP (Security) and a 2010 VMware vExpert.
Industry Experience: Dave Shackleford is the Senior Vice President of Research and the Chief Technology Officer at IANS. Dave is a SANS analyst, instructor and course author, as well as a GIAC technical director. Dave previously was the founder and principal consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance and network architecture and engineering. Dave is a former QSA with several years' experience performing PCI assessments. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.
David Etue brings experience including security program leadership, management consulting, product management, and technical implementation. David is the vice president of corporate development strategy at SafeNet, where he is responsible for SafeNet's strategic decisions regarding product and solution partnerships, as well as mergers and acquisitions. He was previously the cyber security practice lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a graduate of GE’s Information Management Leadership Program, and a certified Six Sigma Green Belt.
Industry Experience: Mr. Mortman has over 15 years experience in information security, privacy, and compliance. He also has extensive experience in IT operations and management. Currently, David is the Director of Operations and Security at C3, LLC and Contributing Analyst at Securosis. Additionally, he is an author for emergentchaos.com and newschoolsecurity.com, and a past contributor to Information Security magazine. Prior to C3,David was the CISO for Siebel Systems where he ran information security and privacy and was heavily involved in compliance as well. David often speaks at conferences including reglar appearances at RSA, Blackhat, Defcon and Source Boston amongst others.
When he's not working, David plays with his kids and putters in the kitchen.
Industry Experience: David Rice is a globally recognized cybersecurity leader, Executive Director of The Monterey Group, a strategic consulting firm, and Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit. Called upon by high-performance organizations for his ability to achieve, integrate, and drive deep corporate objectives in the face of globalized competition, rapid technological advances, and increased sophistication of cyber adversaries, David is a key figure shaping the discussion and practice of cybersecurity.
Prior to his current roles, David served as an Global Network Vulnerability Analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded David for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks. The Department of Defense, praises "(his) expertise in vulnerability discovery and countermeasure design,” designating it “exceptional and world class." The DoD commended David for “providing critical configuration and policy guidance on current and emerging technologies, aiding decision makers and protecting sensitive information systems worldwide”.
David holds a Masters of Science in Information Warfare and Systems Engineering from the Naval Postgraduate School and is the author of the critically acclaimed book, Geekonomics: The Real Cost of Insecure Software.
Mr. Devlin has nearly four decades of IT and security leadership experience in both Fortune 500 companies and major universities. He has initiated and led enterprise-class programs in security, privacy, identity management, electronic messaging and emergency notification. Dennis is also a frequent lecturer, speaker and panelist on information security management topics at institutes and conferences.
Industry Experience: Diana Kelley is an internationally recognized security expert with 20 years of IT security experience. She founded SecurityCurve in April of 2003 to provide risk-focused advisory services to enterprises and deliver strategic, competitive knowledge to security software vendors.
Prior to returning to SecurityCurve in January 2008, she was Vice President and Service Director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Diana was the Executive Security Advisor for CA’s eTrust Business Unit where she was responsible for advising customers on strategic security solutions and helped guide CA’s security business. Prior to that, she served as the Vice President of Security Technology for Safe3W, Inc (acquired by iPass) and was the General Manager of a development group at Symantec Corp and the media spokesperson for the company on the 2000 “Proactive Security Tour”. She was the Vice President of Corporate Development for LockStar and helped the company succeed in being named to the Red Herring “Top 50 Companies in the Digital Universe”.
At The Hurwitz Group, Diana was the Senior Security Analyst and served as a Manager in KPMG’s Financial Services Consulting practice, where her clients included Bank of America, GE, and Merrill Lynch. At Dataware Technologies she was the Manager Corporate Systems.
Diana speaks frequently at major conferences: RSA, BlackHat, InfoSec World,NetWorld/InterOp, The Internet Security Conference, and ComDex.
She has authored numerous articles, columns, white papers and research documents and co-authored Cryptographic Libraries for Developers.
Industry Experience: Ed is a 15+ year veteran of information security as well as an industry-recognized thought leader, advisor, writer, and manager. Ed is currently Senior Security Strategist with Savvis, providing strategy, consulting, and solutions to clients worldwide and a founding partner of SecurityCurve.
Prior to this, Ed was a Senior Manager within CTG’s global information security solutions practice, where he provided C-level guidance across a wide segment of industry, including healthcare, telecommunications, energy, and financial services.
Ed was Vice President and Information Security Officer for Merrill Lynch Investment Managers(MLIM,) where he was responsible for coordinating all aspects of information security within the business unit. MLIM (now BlackRock Asset Management) consisted of approximately 2500 employees with over US $500 billion in assets under management. During his tenure at Merrill, Ed also developed firm-wide cryptographic solutions for secure data transfer, secure key management, authentication, and data integrity.
Before joining Merrill, Ed worked within the federal sector for Computer Science Corporation (CSC,) where he consulted to the Department of Defense JCALS (Joint Service Computer Aided Acquisition and Logistics System) program. Ed was responsible for security engineering activities, including platform security, security evaluation activities, and vendor evaluation/deployment activities (e.g. Symantec ESM, vFind, SSH, etc.)
Ed was lead developer and manager of R&D at ICT (International Creative Technologies,) where he oversaw all development activities of CyberSignOn™, a biometric single-signon and secure data storage platform. Ed was responsible for all aspects of product design, product development, organization/staffing of all technical teams, and development of product technical strategy. At Trintech Systems, Ed managed all security activities involving the PayWare™ mAccess product. Ed was responsible for analysis of industry security trends, planning/strategy for application security initiatives, information security governance activities (specifically, refinement of the application security review process,) and gathering of critical marketing/business intelligence. Ed is co-author of "Cryptographic Libraries for Developers," and a frequent contributor to the Information Security industry as author, public speaker, and analyst.
Industry Experience: Dr. Nichols (aka Betsy) specializes in quantitative analysis of security related data. She has served on program committees for several Metricon and MetriSec workshops and contributed chapters on metrics and security analytics to three books published by Addison-Wesley, O'Reilly, and McGraw-Hill. A co-founder of PlexLogic LLC, the Cloud Security Alliance Metrics Working Group and the MetricsCenter Project, she performs research and development in both new analytics as well as technologies to automate them.
Industry Experience: Dr. Cole has over a decade of experience in information technology and is the author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the holder of over 20 patents and is a researcher, writer, and speaker for SANS Institute. He is an advisor to Cyberwatch and Purdue University CERIAS, and is a Lockheed Martin Fellow.
As Director of VMware’s Center for Policy & Compliance, George Gerchow brings 17 years of Information Technology and Systems Management expertise to the application of IT processes and disciplines that impact the security, compliance and operational status of complex, heterogeneous, virtual & cloud computing environments. Mr. Gerchow's practical experience and insight from managing the infrastructures of some of the worlds largest corporate and government institutions makes him a highly regarded speaker and invited panelist on topics including Virtualization, ITSM\ITIL, Configuration Management, Operational and Security & compliance. Mr. Gerchow holds CISSP, ITIL, Cisco and Microsoft Certifications.
Industry Experience: Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, and an in-demand speaker at security conferences. He maintains a popular informationsecurity blog at 1raindrop.typepad.com.
Industry Experience: Hart Rossman is the Vice President & Chief Technology Officer for Cyber Security Services & Solutions at Science Applications International Corporation (SAIC). Mr. Rossman has over a decade of specialized technical professional experience in the field of information assurance and cyber security. He provides customer support in solving all phases of complex information assurance-related technical problems. Areas of expertise include security in the cyber supply chain, injecting security into the system/software/product development lifecycles, computer and network security for emerging technologies, Web 2.0 and social/collaborative computing, cloud computing, software and system integration, and national security policy and strategy as it relates to cyber operations. Mr. Rossman has oversight & responsibility for technology strategy, R&D, managed security services, and practice leadership for cyber security solutions.
In addition to his primary role as CTO for Cyber Security Services & Solutions, he also enjoys an appointment as a Senior Research Fellow with the Supply Chain Management Center at the University of Maryland, where he studies cyber supply chain security. Additionally, he has recently been named to the state of Maryland Governor’s Workforce Investment Board’s Cyber Security Workforce Steering Committee as well as ISC2’s Application Security Advisory Board and is a named contributor to the CWE/SANS Top 25 Most Dangerous Software Errors . He is a longstanding advisor in the National Security Telecommunications Advisory Council to the U.S President in areas such as countering the EMP threat, Web 2.0/Gov 2.0 privacy and security, enterprise content management, and the state of the art for research and development of converged systems.
Concurrently, Mr. Rossman is a faculty member with IANS, he presents SAIC-IRT in FIRST, and is a founding member and advisor of the Corporate Executive Programme.
Mr. Rossman has completed an MBA from the Robert H. Smith School of Business at the University of Maryland, College Park.
HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.
Industry Experience: Jeffrey Ritter may be found at www.jeffreyritter.com. He advises companies on navigating all of the rules that govern digital information.
Jeffrey is internationally recognized as a pioneer in developing the global legal framework for electronic commerce, with a special focus on the role of information security in creating trusted information. As a lawyer and trusted advisor on technology implementation, Jeffrey has worked with some of the most recognized corporations and institutions in the world.
He has also been a strong advocate for the importance of information security to a global, digital marketplace, serving in various roles including as outside counsel to the ISSA, contributor to the Internet Security Alliance, and founding co-chair of the Legal and E-discovery domain for the Cloud Security Alliance.
For six years, he served as legal advisor to I-4, a private membership research organization serving the top chief information security officers in Europe and North America; Jeffrey continues in a high-profile role as the live moderator for ISSA, ISACA and ISC(2) online e-Symposiums.
As a public speaker and lecturer, Jeffrey is recognized for his effectiveness at translating complex legal and technology concepts into functional knowledge useful to legal and non-legal audiences. His dynamic, engaging presentations are often featured as keynote speeches at national and international conferences. Jeffrey Ritter is the author or co-author of several books and over 20 published articles, including the authoritative publications on Contracting for Information Security distributed by the Internet Security Alliance and ANSI. He is trained as an ISO 27001 Lead Auditor.
He graduated from Duke University Law School and received his B.A. and M.A. degrees from The Ohio State University (summa cum laude with distinction and with honors).
Industry Experience: Jennifer (Jabbusch) Minella is a network security engineer and consultant with Carolina Advanced Digital, Inc. Jennifer has more than 15 years experience working in various areas of the technology industry. Most recently, Ms. Minella has focused in specialized areas of infrastructure security, including Network Access Control, 802.1X and Wireless Security technologies.
In addition to being a CISSP, Ms. Jabbusch holds several vendor-specific certifications such as HP Master ASE in Networking, Security & Mobility and Juniper JNCIA for Access Control. Her technical expertise with multiple vendor technologies gives her unique insight into the industry.
Ms. Jabbusch has consulted for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In addition to her regular duties, she participates in a variety of courseware and exam writings and reviews, including acting as subject matter expert on Access Control, Business Continuity and Telecommunications, and lead subject matter expert in the Cryptography domains of the official (ISC)2 CISSP courseware (v9).
You can find more security topics and musings on her security blog at www.SecurityUncorked.com.
Industry Experience: Joel Scambray is co-founder and CEO of Consciere, provider of strategic security consulting services. He has assisted companies ranging from newly minted startups to members of the Fortune 50 address information security challenges and opportunities for over a dozen years.
Joel’s background includes roles as an executive, technical consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he provided security leadership in Microsoft's online services and Windows divisions. Joel also co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. He previously held positions as a Manager for Ernst & Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm.
Joel is widely recognized as co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed Windows and Web Applications series. Overall, he’s co-authored and contributed to over a dozen books on IT and software security.
He has spoken widely on information security at forums including Black Hat, I-4, INTERFACE, and The Asia Europe Meeting (ASEM), as well as for organizations including IANS, CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP.
Joel holds a BS from the University of California at Davis, a MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).
John has over 25 years of experience in information technology at Fortune 500 companies such as GE, Liberty Mutual, United Technologies and Textron. Over the past 10 years he has specialized in IT security, risk management and IT governance in the financial services industry. He has previously presented to the IANS community on security topics such as Identity and Access Management, Data Loss Prevention, Application Scanning and Vulnerability remediation and Vendor data security in the cloud.
John is a Certified Information Systems Security Professional (CISSP) from ISC2, is certified in Project Management from George Washington University, has a Bachelor’s of Science in IT, done Graduate work at Harvard, and has two Master degrees, the most recent an MBA from Boston University.
Industry Experience: Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top Influencer of IT for 2009. In 2010, Corman also co-founded Rugged www.ruggedsoftware.org – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.
Corman received a bachelor’s degree in philosophy, Phi Beta Kappa, summa cum laude, from the University of New Hampshire. He lives with his wife and two daughters in New Hampshire.
Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.
Kevin Nassery has more than fifteen years of experience building and breaking information systems. He currently leads the penetration testing team for a major bank, and independently researches network, systems, and enterprise security matters. Prior to joining the bank he was a principal consultant leading the infrastructure and penetration testing practice for Consciere, LLC, and an the chief infrastructure architect for a major online advertising presence. He holds a masters degree from Depaul University in Computer, Information, and Network Security and obtained his CISSP in 2002.
Industry Experience: Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is recognized as an early innovator in firewall technology, and the implementor of the first commercial firewall product. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and the ISSA Lifetime Achievement Award. Marcus is Chief Of Security for Tenable Security, Inc., where he is responsible for research in open source logging tools, and product training. He serves as a technology advisor to a number of start-ups, established concerns, and venture capital groups.
Michael’s diverse 10-year background in software development, network administration, and technical support enables him to quickly understand interrelations between complex enterprise systems, identify root causes, and formulate crisp recommendations. He also has a balanced perspective on both technical and business prerogatives from maintaining an independent consulting business for over 5 years. Mike’s deep software development experience encompasses diverse types of applications, including Windows services, web applications, n-tiered applications, and desktop applications. His highly evolved understanding of application development enables Mike to efficiently scope, assess, and remediate security issues in software, as he has proven on dozens of consulting assignments and through his work at the Open Web Application Security Project (OWASP).
Industry experience: Mike Saurbaugh is an Information Security Manager at Corning Federal Credit Union, a financial institution with assets under management of $1.5 billion. Mike has over 15 years of experience in information technology and in a variety of disciplines and leadership roles. Mike has held leadership positions in information security, eCommerce, technical operations and technology services. To name a few, Mike has lead and implemented online banking multifactor authentication, data loss prevention, web security gateway, intrusion prevention, change management, security awareness and social engineering programs. Additionally, Mike has conducted many security awareness speaking engagements to diverse companies ranging from Fortune 500, aerospace, hospital executive leadership, higher education and current employer board of directors.
Mike is CISSP, CISM, CRISC certified and holds a BSE from Cortland College as well as certificates from Rochester Institute of Technology and additional training from Carnegie Mellon University’s CERT/CC, SANS Institute and Websense’s Threat Workshop. Mike is currently enrolled at Walsh College in the MSIA program. Mike has contributed content to SANS - Securing The Human, as well as Syngress Publishing’s CISSP Study Guide. In addition, Mike is also a member of the Websense TRITON Advisory Board, SANS OUCH! community review board and Alfred State College’s information technology curriculum advisory committee.
Mike Dahn has over 11 years of experience in providing enterprise security services, risk management and regulatory compliance strategies to companies in the payments, financial services, retail, transportation, oil and gas, higher education, and hospitality sectors. Mr. Dahn is a recognized thought leader within the information security industry and a globally recognized subject matter expert within the payment card industry (PCI).
Mr. Dahn has performed hundreds of PCI projects for merchants, service providers, acquirers, and payment application vendors. He worked with major payment brands on the continued development of the PCI DSS and PA-DSS/PABP standards. For three years he trained all PCI qualified security assessors (QSA) globally on behalf of the PCI Security Standards Council (SSC) in the US, UK/Europe, Asia-Pacific, and Latin America. In addition, he was the PCI standards trainer for Visa, educating thousands of global merchants, acquirers, and payment application vendors. Prior to this work he led the internal rollout of the Discover Information Security Compliance (DISC) program for Discover Network.
Mr. Dahn has given numerous speaking engagements for a variety of security and commercial associations such as the FDIC and NCUA, and information security groups on topics including compliance, auditing and network security, and hackers and forensic investigation.
Mr. Dahn holds the CISSP certification, membership in the High Technology Crime Investigation Association (HTCIA), and has a Masters in Information Assurance and a BS in Computer Science.
Industry Experience: Mike Murray has spent more than a decade helping companies and individuals understand how they can be exploited by those with nefarious influence skills. From his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization from threats to their humans and their systems. He is also in charge of the advanced curriculum of The Hacker Academy, an advanced online training environment focused on the newest methods of computer penetration testing and social engineering. Mike has a variety of other diverse interests, from his work on social engineering, human systems and influence to his work work with many people on their careers. Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at InfoSecLeaders.com.
Industry Experience: Mike Rothman is President and an Analyst of Information Security & Research Analysis firm Securosis. He started his career as a programmer and a networking consultant, joining META Group in 1993 and spearheading their initial foray into information security research. He left in 1998 to found SHYM Technology, focusing on the PKI software market, and then held senior roles at CipherTrust and TruSecure. He started Security Incite in 2006 to provide the "voice of reason" in what he considered an "over-hyped yet underwhelming" security industry. He took a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks in 1998 joining Securosis at the beginning of 2010 year with a "rejuvenated cynicism" about the state of security and what it takes to survive as a security professional.
In 2007, Rothman published "The Pragmatic CSO" to introduce technically-oriented security professionals to the nuances of what is required to be a senior security professional. He also has a "very expensive" degree "that he uses literally zero percent" (much to his parents joy) in Operations Research and Industrial Engineering from Cornell University.
Industry Experience: Peter Kuper is a Partner with In-Q-Tel, the strategic investing firm that identifies, adapts, and delivers innovative technologies to support the missions of the Intelligence Community. Peter actively seeks and works with private companies with a particular focus on security and enterprise software. Previously, Peter was the lead software analyst for Morgan Stanley where he published industry leading investment reports and led over 18 public transactions. Overall, Peter was a Wall Street analyst for 15 years offering him the opportunity to work with some of the most dynamic and talented public and private companies and the world's leading investment professionals. As a visible voice for the software industry Kuper has given numerous presentations to professional and government groups and has been interviewed on CNBC, Bloomberg Television, and quoted in most leading publications including The Wall Street Journal and The Financial Times. He has also published articles in IEEE Magazine. Peter currently serves as an adviser to the Pacific Northwest National Lab and is a Faculty member for IANS.
Industry Experience: Mr. Marty is an expert and author in the area of data visualization. His interests span anything related to information visualization and computer security, which is his traditional background. Previously, he has held various positions in the log management space at companies such as Splunk, ArcSight, and IBM research, where he also earned his masters in computer science. Raffy has been instrumental in building and defining the security visualization space.
Mr. Marty is an expert and author in the areas of data analysis and visualization. His interests span anything related to information security, big data analysis, and especially information visualization. Previously, he has held various positions in the SIEM and log management space at companies such as Splunk, ArcSight, IBM research, and PriceWaterhouse Coopers. Nowadays, he is frequently consulted as an industry expert in all aspects of log analysis and data visualization. As the founder of Loggly, a logging as a service company, Raffy spends a lot of time re-inventing the logging space and - when not surfing the California waves - he can be found teaching classes and giving lectures at security conferences around the world.
Industry Experience: Randy V. Sabett, J.D., CISSP, is Counsel at ZwillGen. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include federated identity, digital and electronic signatures, state and federal information security and privacy laws, venture capital, legislative matters, government contracting, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements. Randy served as a commissioner for the Commission on Cyber Security for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007 – 2011 editions of Chambers USA: America's Leading Lawyers for Business. He has been recognized as one of the Top 50 Under 45 by the American Lawyer’s “IP Law and Business” and is listed in the International Who’s Who of Business Lawyers. He also maintains an active security clearance. Randy teaches Information Policy as an adjunct professor at George Washington University and is on the faculty of IANS. Randy also participates on the advisory boards of various information security start-up companies. He holds two U.S. patents, one in the area of information security (U.S. Patent No. 6,981,149) and the other in the area of active noise cancellation (U.S. Patent No. 5,440,642). He is also a frequent lecturer and author on issues involving information security, and has appeared on or been quoted in a variety of national media sources. He can be reached at randy@zwillgen.com.
Industry Experience: Ms. Bace led the Computer Misuse and Anomaly Detection research program at the National Security Agency, where she instigated early research in intrusion detection and related technology. She is a noted author on topics in intrusion detection and network security, and recently co-authored A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness.
Industry Experience: Mr. Mogull has twenty years experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Mr. Mogull was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Mr. Mogull worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).
Industry Experience: Dr. Ritchey has over 20 years experience working within the IT industry. He is an active researcher in the IA field and is widely published on network security topics including co-authoring the well-regarded book Inside Network Perimeter Security. He has authored courses on computer security that have been taught across the country and is a faculty member of the SANS Institute, the Institute for Applied Network Security, and George Mason University (GMU).
Industry Experience: Mr Krapes is the Director of Security Technology at AT&T, where he is responsible for the engineering, design, development, and production support of AT&T’s suite of Identity Management software services. He has over 30 years working within the IT industry, 10 years of which have been in Identity Management. Steve brings a practical, hands-on view of how a company can achieve dramatic enterprise benefits by leveraging single sign-on, web access management, role based access controls, centralized user provisioning, and automated user access compliance.
Author and information security researcher, Will Gragido has over 18 years experience in surveillance, intelligence, analysis for the benefit of securing vulnerable institutions and individuals. Beginning his career in the USMC holding tactical and garrison intelligence roles. A graduate of DePaul University, Mr. Gragido is working on his Masters in Psychology. Mr. Gragido has been member of some of the world’s most prestigious information security consultancies and product research organizations including INS (now BT INS), and Internet Security Systems (IBM ISS), in field sales evangelism, product management and the world renowned X-Force PSS and Research teams in addition to working with several security startups Damballa, and Cassandra Security Systems. In the spring of 2011, Mr. Gragido became an author, co-writing his first book is titled “Cybercrime and Espionage: An Analysis of the Subversive Multivector Threat”.
Zach is a Principal Consultant with the Intrepidus Group, specializing in network, mobile, and application security. He has served as a security advisor for numerous clients, including Fortune 500 companies, utilities, mobile carriers and development shops, and higher education institutions. He has been engaged in highly technical projects, including network penetration testing, thick and mobile application penetration testing and reverse engineering, and code review; as well as strategic projects, including security program development, security architecture design & review, and gap analyses of overall security programs
Zach has presented at conferences and events such as ShmooCon, INFILTRATE, and OWASP AppSec USA, as well as local security professionals' groups, on topics such as mobile application and network security, security in virtualized environments, and vulnerability disclosure. Additionally, he has developed and conducted training on network and mobile application penetration testing, and secure mobile application development. He is also a co-leader of the OWASP Mobile Security Project, and frequently conducts security research both within Intrepidus Group and independently.
Prior to joining Intrepidus Group's professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7.
IANS QuickPoll
Next Event
Space is limited, reserve your spot today
