Dave Shackleford

Dave is Lead Faculty at IANS. He is the Founder and Principal Consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book "Virtualization Security: Protecting Virtualized Environments", leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Expertise:

Privacy
Information Security and Privacy Program Creation
Training and Awareness • Data protection Compliance
Privacy
Vendor/BA management

Rebecca Herold

Rebecca has 25+ years of information privacy, security and compliance experience. She's received many awards including Computerworld's "Best Privacy Advisers In The World." Rebecca is currently writing her 17th published book. She founded The Privacy Professor® in 2004, and co-founded SIMBUS Information Security and Privacy Services which launched in 2015. Rebecca has led the NIST SGIP Smart Grid Privacy Subgroup since mid-2009, and is in the NIST Privacy Engineering group. Rebecca is Secretary for the IEEE P1912 Standard for Privacy and Security Architecture for Consumer Wireless Devices group. Rebecca has been Adjunct Professor for the Norwich University Master of Science in Information Security & Assurance (MSISA) program since 2005. Rebecca has a B.S. in Math and Computer Science from the University of Central Missouri and an M.A. in Computer Science and Education from the University of Northern Iowa. In her free time, Rebecca enjoys renovating old houses, farming, gardening and traveling.

Expertise:

Penetration Testing
Understanding People and Business
Defensive Capabilities
Programming

Dave Kennedy

Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCE, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

Expertise:

Security Operations
Information Protection
Infrastructure Security

Paul Asadoorian

Paul Asadoorian is the Founder and CEO of Security Weekly (Formerly "PaulDotCom"), where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over eight years. By day, he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul has extensive experience in penetration testing, vulnerability analysis, embedded device security and SCADA/ICS.

Expertise:

Cloud Security
Big Data/IoT (massively distributed systems) Security
PenTests
Product Security
Machine Learning Ethics

Davi Ottenheimer

Davi is President of "Flyingpenguin" and has more than 20 years of experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of the book "Securing the Virtual Environment: How to Defend the Enterprise Against Attack," and author of "The Realities of Securing Big Data". An expert in compliance, he was a Board Member for the Payment Card Industry (PCI) Security Alliance and the Silicon Valley chapters of ISACA and OWASP. He served six years as a PCI DSS and PA-DSS assessor for K3DES. He is a frequent top-rated public speaker and has been quoted or written articles on security, risk management and compliance for publications including Compliance Week, NPR, Search Security, Bank Info Security, Network World, Red Herring, Chain Store Age, Inc, Reuters and SC Magazine. He formerly was responsible for security at the world's largest investment fund manager, Barclays Global Investors (BGI). Prior to BGI he was a "dedicated paranoid" at Yahoo, responsible for managing security for hundreds of millions of mobile, broadband and digital home products. Davi is a certified CISSP, CISM, QSA, and PA-QSA. He received his postgraduate academic Master of Science degree in International History from the London School of Economics where he studied the ethics of humanitarian intervention. His interests include humanitarian tech and futurism, ethics of intervention/defense, international history, international poetry, transportation/infrastructure policy, tinkering with electronics/radio and teaching infosec to kids at school.

Expertise:

Malware/ Advanced Threat Detection
Command and Control (C2) Testing
Incident Response
Pen Testing
Application Security

John Strand

John is the Owner of Black Hills Information Security (BHIS), and has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. John is also an instructor and course author of BlackHat's "Active Defense, Offensive Countermeasures, and Hacking Back" and the SANS Institute's "Hacker Tools, Techniques, Exploits and Incident Handling" classes. John is co-author of the" Offensive Countermeasures: The Art of Active Defense" book and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development at BHIS. He is a dynamic speaker at conferences worldwide. In his spare time, he co-hosts the Hack Naked TV and Security Weekly podcasts.

Expertise:

Security strategy (meta-level design and planning)
Metrics
Vulnerability management
Detection (firewalls, IPS, malware, DLP)
Low-rent security (do it yourself)

Marcus Ranum

Marcus Ranum Marcus has more than 20 years of experience within Information Security and is a world-renowned expert on security system design and implementation. Currently, Marcus is Chief of Security for Tenable Security, Inc., where he is responsible for research in open source logging tools and product training. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus has designed a number of security products including DEC SEAL, TIS firewall toolkit, Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. Marcus was awarded the TISC "Clue" award for service to the security community in 2001 and in 2005 was awarded Security Professional of the Year by Techno Security Conference. In his spare time Marcus likes to be "gaming", taking photos, making soap or other cosmetics and also woodworking.

Expertise:

Intrusion Analysis
Security Tool Development
Vulnerability Assessment
Pen Testing

Kevin Johnson

Kevin has over 15 years of experience within security working with and performing services for Fortune 100 companies and draws upon his development and system administration background. Currently, Kevin is also a Security Consultant with Secure Ideas. He is a Senior Instructor at SANS and the author of "Security 542: Web Application Penetration Testing and ethical Hacking." Some other current speaking engagements include DEFCON, ShmooCon as well as Infragard, ISSA and the University of Florida. He founded BASE (web front-end for snort analysis) as well as Samurai WTF live DVD (live environment focused on web pen testing). Two additional projects Kevin founded are Yokoso and Laudanum, which are focused on exploit delivery. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

Decision Support

IANS Faculty Members Include…

Dave Shackleford

Rebecca Herold

Dave Kennedy

Paul Asadoorian

Davi Ottenheimer

John Strand

Marcus Ranum

Kevin Johnson

Expertise:

Dave Shackleford

Expertise:

Rebecca Herold

Expertise:

Dave Kennedy

Expertise:

Paul Asadoorian

Expertise:

Davi Ottenheimer

Expertise:

John Strand

Expertise:

Marcus Ranum

Expertise:

Kevin Johnson

Learn More