Mid-Atlantic Information Security Forum 2012

Mr. Ranum has been consistently recognized as one of computer security’s innovators and creative thinkers. Since 1989 he has held every position that is possible within a high-tech business – from junior system administrator and software engineer to CEO, CTO, and marketing director. He is the principal author of several major Internet security products, including firewalls, VPNs, and intrusion detection systems.

Mr. Ranum is presently serving as the CSO of Tenable Network Security, Inc.

Expertise: Intrusion detection • Virtual private networks • Firewalls • Data leakage • Host IDS • Network architecture • Network IDS • Application security • Log management • Vulnerability management

Randy V. Sabett, J.D., CISSP, is Counsel at ZwillGen. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. He also drafts and negotiates a variety of technology transaction agreements. Randy served as a commissioner for the Commission on Cyber Security for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007 – 2011 editions of Chambers USA: America's Leading Lawyers for Business. He has been recognized as one of the Top 50 Under 45 by the American Lawyer’s “IP Law and Business” and is listed in the International Who’s Who of Business Lawyers.

Expertise: Compliance and regulations • Data classification • eDiscovery • PCI compliance • Risk management • IT licensing

Aaron Turner is currently the President of CEI, an information security consultancy focused on helping Fortune 100 companies manage the risks associated with technology dependencies in critical infrastructure systems. Prior to CEI, Aaron was the Co-Founder and CEO of RFinity, a mobile security technology startup formed as the result of research conducted at the US Department of Energy's Idaho National Laboratory (INL). While at INL, he collaborated with a team of information security experts to design the world's first large-scale testing effort to evaluate how critical infrastructure has become dependent on computing systems and the resulting vulnerabilities that those dependencies cause.

Dave Shackleford is the Senior Vice President of Research and the Chief Technology Officer at IANS. Dave is a SANS analyst, instructor and course author, as well as a GIAC technical director. Dave previously was the founder and principal consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance and network architecture and engineering. Dave is a former QSA with several years' experience performing PCI assessments. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Expertise: Network Intrusion Detection and Prevention • Network Firewalls and Access Controls • Security Architecture • Penetration Testing • Regulatory Compliance • Patch and Configuration Management • Virtualization Security • Incident Response

David Etue brings experience including security program leadership, management consulting, product management, and technical implementation. David is the vice president of corporate development strategy at SafeNet, where he is responsible for SafeNet's strategic decisions regarding product and solution partnerships, as well as mergers and acquisitions. He was previously the cyber security practice lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a graduate of GE’s Information Management Leadership Program, and a certified Six Sigma Green Belt.

Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups.

Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts, and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog. Some of his earlier thoughts on risk can be found at the Riskanalys.is blog.

Diana Kelley is an internationally recognized security expert with 20 years of IT security experience. She founded SecurityCurve in April of 2003 to provide risk-focused advisory services to enterprises and deliver strategic, competitive knowledge to security software vendors.

Prior to returning to SecurityCurve in January 2008, she was Vice President and Service Director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Diana was the Executive Security Advisor for CA’s eTrust Business Unit where she was responsible for advising customers on strategic security solutions and helped guide CA’s security business. Prior to that, she served as the Vice President of Security Technology for Safe3W, Inc (acquired by iPass) and was the General Manager of a development group at Symantec Corp and the media spokesperson for the company on the 2000 “Proactive Security Tour”. She was the Vice President of Corporate Development for LockStar and helped the company succeed in being named to the Red Herring “Top 50 Companies in the Digital Universe”.

Ed is a 15+ year veteran of information security as well as an industry-recognized thought leader, advisor, writer, and manager. Ed is currently Senior Security Strategist with Savvis, providing strategy, consulting, and solutions to clients worldwide and a founding partner of SecurityCurve.

Prior to this, Ed was a Senior Manager within CTG’s global information security solutions practice, where he provided C-level guidance across a wide segment of industry, including healthcare, telecommunications, energy, and financial services.

Ed was Vice President and Information Security Officer for Merrill Lynch Investment Managers(MLIM,) where he was responsible for coordinating all aspects of information security within the business unit. MLIM (now BlackRock Asset Management) consisted of approximately 2500 employees with over US $500 billion in assets under management. During his tenure at Merrill, Ed also developed firm-wide cryptographic solutions for secure data transfer, secure key management, authentication, and data integrity.