Pacific Information Security Forum 2012

Mr. Ranum has been consistently recognized as one of computer security’s innovators and creative thinkers. Since 1989 he has held every position that is possible within a high-tech business – from junior system administrator and software engineer to CEO, CTO, and marketing director. He is the principal author of several major Internet security products, including firewalls, VPNs, and intrusion detection systems.

Mr. Ranum is presently serving as the CSO of Tenable Network Security, Inc.

Expertise: Intrusion detection • Virtual private networks • Firewalls • Data leakage • Host IDS • Network architecture • Network IDS • Application security • Log management • Vulnerability management

Randy V. Sabett, J.D., CISSP, is Counsel at ZwillGen. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. He also drafts and negotiates a variety of technology transaction agreements. Randy served as a commissioner for the Commission on Cyber Security for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007 – 2011 editions of Chambers USA: America's Leading Lawyers for Business. He has been recognized as one of the Top 50 Under 45 by the American Lawyer’s “IP Law and Business” and is listed in the International Who’s Who of Business Lawyers.

Expertise: Compliance and regulations • Data classification • eDiscovery • PCI compliance • Risk management • IT licensing

Aaron Turner is currently the President of CEI, an information security consultancy focused on helping Fortune 100 companies manage the risks associated with technology dependencies in critical infrastructure systems. Prior to CEI, Aaron was the Co-Founder and CEO of RFinity, a mobile security technology startup formed as the result of research conducted at the US Department of Energy's Idaho National Laboratory (INL). While at INL, he collaborated with a team of information security experts to design the world's first large-scale testing effort to evaluate how critical infrastructure has become dependent on computing systems and the resulting vulnerabilities that those dependencies cause.

Dave Shackleford is the Senior Vice President of Research and the Chief Technology Officer at IANS. Dave is a SANS analyst, instructor and course author, as well as a GIAC technical director. Dave previously was the founder and principal consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance and network architecture and engineering. Dave is a former QSA with several years' experience performing PCI assessments. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Expertise: Network Intrusion Detection and Prevention • Network Firewalls and Access Controls • Security Architecture • Penetration Testing • Regulatory Compliance • Patch and Configuration Management • Virtualization Security • Incident Response

Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups.

Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum.

Alex is a founding member of the Society of Information Risk Analysts, and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog. Some of his earlier thoughts on risk can be found at the Riskanalys.is blog.

Expertise: Governance, Risk, and Compliance • Security Management • Enterprise Risk Management • Security Data Warehousing

Diana Kelley is an internationally recognized security expert with 20 years of IT security experience. She founded SecurityCurve in April of 2003 to provide risk-focused advisory services to enterprises and deliver strategic, competitive knowledge to security software vendors.

Diana speaks frequently at major conferences: RSA, BlackHat, InfoSec World,NetWorld/InterOp, The Internet Security Conference, and ComDex.

She has authored numerous articles, columns, white papers and research documents and co-authored Cryptographic Libraries for Developers.

Expertise: Risk Management • Penetration Testing • Security Audit • Compliance • Systems and Network Architecture

Ed Moyle is a 15+ year veteran of information security as well as an industry-recognized thought leader, advisor, writer, and manager. Ed is currently Senior Security Strategist with Savvis, providing strategy, consulting, and solutions to clients worldwide and a founding partner of SecurityCurve.

Ed is co-author of "Cryptographic Libraries for Developers," and a frequent contributor to the Information Security industry as author, public speaker, and analyst.

Expertise: Cryptography • Secure Data Transfer • Secure Key Management • Authentication • Data Integrity

Mike Rothman is President and an Analyst of Information Security & Research Analysis firm Securosis. He started his career as a programmer and a networking consultant, joining META Group in 1993 and spearheading their initial foray into information security research. He left in 1998 to found SHYM Technology, focusing on the PKI software market, and then held senior roles at CipherTrust and TruSecure. He started Security Incite in 2006 to provide the "voice of reason" in what he considered an "over-hyped yet underwhelming" security industry. He took a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks in 1998 joining Securosis at the beginning of 2010 year with a "rejuvenated cynicism" about the state of security and what it takes to survive as a security professional.

In 2007, Rothman published "The Pragmatic CSO" to introduce technically-oriented security professionals to the nuances of what is required to be a senior security professional. He also has a "very expensive" degree "that he uses literally zero percent" (much to his parents joy) in Operations Research and Industrial Engineering from Cornell University.

Expertise: Network Security • SIEM • Log Management • Management of Security and Security Services