Training December 12 - 13 // Briefings December 14 - 15
General (Retired) Michael Hayden served as director of the CIA and deputy director of National Intelligence at a time when the course of world events was changing at a rapidly accelerating rate. As the director of the country's keystone intelligence-gathering agency, he was on the frontline of geopolitical strife and the war on terrorism at a time when communication was being revolutionized. He understands the dangers, risks, and potential rewards in the political, economic, and security situations facing the planet. Exclusively represented by Leading Authorities, General Hayden dissects the political situations in the hot spots in every corner of the world, analyzing the tumultuous global environment and what it all means for the American people and America's interests. At the Center of Central Intelligence. After nearly forty years in the U.S. Air Force, General Hayden became director of the CIA in May of 2006, capping a career in service to the United States. Originally appointed by President Bill Clinton to the post of director of the National Security Agency (NSA), General Hayden became the longest-tenured NSA director, serving from 1999-2005.
Jean-Philippe Aumasson is a cryptographer at NAGRA, the world leader in end-to-end digital media security, near Lausanne, Switzerland He received a PhD from EPFL in 2009 and authored more than 30 research papers in the field of cryptography. He was co-awarded prizes for his cryptanalysis results, and is the co-inventor of new attacks such as cube testers, zero-sum attacks, tuple attacks, and banana attacks. He is the principal designer of the hash function BLAKE, which is one of the 5 finalists in NIST's SHA-3 competition.
Jamal Bandukwala is a security professional at a major financial institution. He is also a blogger and researcher with a variety of infosec interests including Google hacking, Open Source Intelligence & pen testing among others. His personal research and musings can be found at http://infosecmindstorm.blogspot.com/.
Brad Barker is the President and founder of the HALO Corporation, a California based Corporation founded by former Special Operations, National Security, and Intelligence personnel. HALO exists to provide safety and security for those in need and to improve force protection, as well as all aspects of security, humanitarian aid and disaster response.
Mr. Barker leads a team of global experts in the fields of Crisis management, Humanitarian Aid, National Security, Executive Protection, technology and curriculum development for Homeland Security and other agencies. Mr. Barker began his service to the United States Government after his former US Special Operations team deployed to Hurricane Katrina. Now the HALO Corporation has three divisions – Operations division, Science and Technology and Training and Education. Through these divisions we support the US Department of Homeland Security, the Department of Justice, and the Department of Defense, as well as several corporate and private sector clients. The HALO Corporation has an emphasis on counter terrorism, risk management and threat mitigation. We are headquartered in San Diego and operate globally. www.thehalocorp.com
Dr. Ken Baylor heads up Emerging Threats at a major financial institution. Previously he served as Symantec's Vice President of IT and Chief Information Security Officer (CISO). Prior to Symantec, Ken worked at McAfee where he wrote the seminal 2006 paper "Killing Botnets:A view from the trenches". Dr. Baylor is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM).
Christiaan Beek has been working in the security field for several years. Working for national and international companies, he gained knowledge of hacking techniques, forensic analysis and incident response. Currently he is working as a Principal Consultant -IR & Forensics at McAfee Foundstone Services EMEA. Christiaan has developed several classes and is the lead instructor for the Malware Forensics and IR class.
He regularly speaks at security conferences and shares knowledge in media and several magazines. Reverse engineering malware, synthesizers, family and theology are his ways to spent his free time. He keeps his own blog at:http://securitybananas.com
Andrey is the Chief Security Researcher and Software Developer at Elcomsoft. Co-invented ThunderTables (which are improved RainbowTables) and was first to bring GPU acceleration to password recovery. M. Sc. IT and CISSP.
LinkedIn: http://ru.linkedin.com/in/belenko
Ms. Francesca Bosco, Project Officer Ms. Francesca Bosco earned a law degree in International Law and was a practicing attorney for two years before joining UNICRI in 2006 as a member of the Emerging Crimes Unit.
In her role in this organization she is responsible for cybercrime prevention projects and in conjunction with key strategic partners, has developed new methodologies and strategies for researching and countering computer related crimes.
She began collaborating on different cybercrime-related projects such as the Hackers Profiling Project (HPP), SCADA (Supervisory Control and Data Acquisition) Security and a multi-level training program for ICT and security professionals, lawyers, and law enforcement agencies. Ms. Bosco also participated as speaker in various conferences and training seminars on the topic of child online pornography and contributed to the development ITU Child Online Protection (COP) guidelines.
More recently Ms. Bosco is researching and developing technical assistance and capacity building programs to counter the involvement of organized crime in cybercrime and a methodology with which to ascertain the social and financial ramifications of cybercrime and online abuse.
She also needs to put a few words about UNICRI: UNICRI has a long tradition on crime research in general, with its' first publications being issued in the beginning of the 1970s. During the recent years, the Institute has focused particularly on organized crime and terrorism. The most recent projects are related to counterfeiting, corruption, cyber crime, trafficking in persons and security threats where UNICRI applies its aptitude in research in order to augment the analytical process.
Alison is a UK Civil Servant and statistician with a keen interest in privacy issues. Having spent time working for the Defence and the Health sectors, she is fully aware of the power of information and the steps that should be taken to care for individual level data.
With a degree in Experimental Psychology, she also has a keen interest in human behaviour and is fascinated by the effects of culture, religion, emotion, authority, genetics and social norms on people and their actions, thoughts and beliefs.
SangMyung Choi is a senior security researcher of the global anti-virus company, Hauri, Inc. His main concerns are reverse engineering and vulnerability analysis. Now, he is doing research in the field of security threat analysis and proactive response.
Robert Clark is currently the operational attorney for the U.S. Army Cyber Command. He is the former Cybersecurity Information Oversight & Compliance Officer with the Office of Cybersecurity and Communications, Department of Homeland Security and former legal advisor to the Navy CIO; United States Computer Emergency Readiness Team; and, the Army's Computer Emergency Response Team. In these positions he has provided advice on all aspect of computer network operations. He interacts regularly with many government agencies and is a past lecture at Black Hat; DEFCON; Stanford Center for Internet and Society and the Berkman Center for Internet & Society at Harvard University -Four TED-TECH Talks 2011; SOURCE Boston 2010; the iapp; and, the DoD's Cybercrimes Conference.
Anthony Desnos is currently a computer security researcher at ESIEA (Operational Cryptology and Virology Laboratory) in Laval, France.
He is involved in a number of open source security projects like Androguard (reverse engineering tools for android applications, open source database of android malware ...), DroidBox.
He had been speaker in various computer security conferences on different topics, including hack.lu, eicar, eciw, iawacs, and he is a member of Honeynet.
Joshua J. Drake is a Senior Research Consultant with Accuvant LABS. Joshua focuses on original research in areas such as vulnerability discovery and analysis, exploitation technologies and reverse engineering. He has over 10 years of experience in the information security field. Prior to joining Accuvant, he served as the lead exploit developer for the Metasploit team at Rapid7, where he analyzed and successfully exploited numerous publicly disclosed vulnerabilities in widely deployed software such as Exim, Samba, Microsoft Windows, Office, and Internet Explorer. Prior to that, he spent four years at VeriSign's iDefense Labs conducting research, analysis and coordinated disclosure of hundreds of unpublished vulnerabilities.
Nelson Elhage is a kernel hacker for Oracle, follwing their acquisition of Ksplice. He works on providing rebootless security updates for the Linux kernel. In his spare time, he mines for and occasionally exploits bugs in the Linux kernel and other pieces of open-source systems software.
Geoffroy Gueguen is a PhD Student at ESIEA (Operational Cryptology and Virology Laboratory) in Laval (France).
He is interested in formal grammars, metamorphism and program analysis.
DongJoo Ha (ChakYi) is a CSO and security researcher working at HNS. His main job is analyzing vulnerabilities and he is interested in security threat research and any fun stuff even if that is not related with hacking, security or IT. He has worked as a security researcher for malware and network security analysis at AhnLab, Inc.
He has presented at various hacking and security conferences such as DEF CON, CanSecWest & PacSec, AVTOKYO, PADOCON and POC with his lovely firends. He also enjoys playing Capture The Flag with his awesome firends.
Seungyoun Han is a security researcher of the global anti-virus company, Hauri, Inc. His main job is penetration testing and vulnerability analysis. Now, he is doing research in the field of recent security threat analysis and proactive response
Barnaby Jack has over 10 years experience in the security research space and previously held research positions at Juniper Networks, eEye digital Security, and FoundStone. Over the course of his career, Jack has targeted everything from low-level Windows drivers to the exploitation of Automated Teller Machines. He has subsequently been credited with the discovery of numerous vulnerabilities, and has published multiple papers on new exploitation methods and techniques.
Ryan Jones currently leads the SpiderLabs Incident Response Team in EMEA. The team commonly manages data compromises related to cardholder data but are also regularly involved in other projects such as ATM compromises and data breaches caused by internal staff. The Incident Response team also carry out proactive engagements to ensure that customers have an effective incident response plan; drawing upon extensive knowledge of how it goes wrong in real data security breaches to improve companies' approach to Incident Response.
During Ryan's incident response career Ryan has worked for both UK National Law enforcement and private companies. He has been involved with both criminal and corporate investigations with scope ranging from a single mobile telephone to multinational networks. For the past 4 years, Ryan has been a corporate first responder involved with a wide variety of businesses from small companies to multinationals during times when they have been struggling to react to a rapidly changing data compromise situation. Ryan firmly believes that a consultative approach coupled with the appropriate technical knowledge is key to successful incident response engagements. Ryan graduated from the University of Kent with a First Class BSc in Computer Science. He is also a PCI QSA.
Taehyung Kim is a Security Researcher working in company. His main job is to analyze malware and vulnerabilities, and is interested in vulnerability research and analysis, penetration testing, and reverse engineering.
Rich Lundeen is a Security Engineer with the BOS Engineer Security Team (BEST) in Microsoft Online Services where he is involved with security research, penetration testing, code review, and tool development. Prior to joining Microsoft, he worked as a security consultant for IOActive. Rich holds has a Masters degree in Computer Science from University of Idaho.
Adrian is a DEF CON Goon and the co-organiser of 44Con & DEF CON London (DC4420). He holds 2 degrees, a Bachelors with Honours in Computer Science, and an Information Security Masters degree from Royal Holloway, University of London from rather too many years ago for comfort.
Adrian has been an Information Security Consultant/Security Architect across a large number of industries for over 10 years (including working for two security vendors) and is currently doing "stuff & things" for a FTSE10
Tom Mackenzie is a Security Consultant at Trustwave. He is the youngest member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. Tom has spoken at a number of events including local OWASP chapter meetings, BSidesChicago, a lightning talk at BruCON 2010 and guest lectured at Abertay Dundee University and Northumbria University.
Tom is the founder of upSploit Advisory Management -an automated system that aims to help security researchers alert vendors to vulnerabilities in their products and services in the most responsible way possible. He probably is known mostly for podcasting. He has co-hosted TracSec, DisasterProtocol, Student Hacker Information Technology Podcast, a vulnerability segment on the Finux Tech Weekly show and now co-hosts the SpiderLabs Radio Podcast. Tom recently came third in Application Security Europe capture the flag competition.
Federico Maggi is a Research Assistant at Dipartimento di Elettronica e Informazione, Politecnico di Milano in Italy, working at the VPLAB under the supervision of Prof. Stefano Zanero.
My main research interest is computer security. In particular, during my Ph.D., in the same University, I studied and made contributions in the field of intrusion detection. More precisely, I developed and tested anomaly-based tools to mitigate Internet threats by (1) avoiding their spread via vulnerable web applications, (2) detecting unexpected activities in the operating system's kernel (sing of malware infections or compromised processes), and (3) dealing with high number of alerts using alert correlation.
Currently, I am studying the phone phishing phenomenon in a systematic, large-scale way. At Politecnico di Milano I have been involved in teaching before being awarded a Master of Science. During my master studies, I was TA for undergraduate-level computer programming courses, I thought classes in computer and network security, graduate-level courses and also for non-security courses on topics such as computer system performance evaluation and information systems.
Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has over 3 years experience in Penetration Testing of many Government Organizations of India and other global corporate giants at his current job position.
He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He is a contributor to CIS benchmarks for AIX. In his free time, Nikhil likes to scan full IP ranges of countries for specific vulnerabilities, writes some silly Metasploit scripts and does some vulnerability research. He has spoken at Clubhack'10, Hackfest'11, Malcon'11 and Clubhack'11.
Katie Moussouris leads the Security Community Outreach and Strategy team at Microsoft. Her team's work encompasses Security Ecosystem Strategy programs such as Microsoft's BlueHat conference and worldwide hacker conference engagement, security researcher outreach, and Microsoft's Vulnerability Disclosure Policies. Katie also founded and runs Microsoft Vulnerability Research, which is responsible for Microsoft's research and reporting of vulnerabilities in 3rd party software. Katie recently was voted the editor of a new draft ISO standard on Vulnerability Handling Processes, following her work over the past 4 years as the lead expert in the US National Body on an ISO draft standard on Vulnerability Disclosure.
Prior to working for Microsoft, Katie was a penetration tester for several Fortune 500 companies, as a senior security architect for @stake when it was acquired by Symantec. At Symantec, Katie founded and ran Symantec Vulnerability Research.
Katie has spoken at several security conferences including BlackHat USA 2008, Hack In The Box Amsterdam 2011, GOVCERT.NL 2010, RSA2010, SOURCEBoston, Shmoocon, Toorcon Seattle, and she was a keynote speaker at Shakacon in June 2008.
Tsukasa Oi is a research engineer at Fourteenforty Research Institute, Inc. He is interested in general low-level technologies such as virtualization and rootkits. He spoke at PacSec about anti-forensic rootkit and virtualization-based tracer. Currently, he focuses on Android platform security and reverse engineering.
Jesse is a Security Engineer at Microsoft. He has done pen testing, code review, and threat modeling on the Office 365 commerce platform. Jesse has found several high impact security bugs in a variety of Microsoft products and services, as well as Facebook and Wordpress. Prior to Microsoft, Jesse did software security consulting for several Fortune 500 companies.
Mr. Ortiz is currently a senior computer engineer for Crucial Security Inc. and in this position researches and develops advanced cyber security tools and techniques. These include high bandwidth network data extraction and statistical analysis software for malicious file detection. Prior to Crucial, he worked for SRA International and researched data hiding, covert botnets, and malware analysis techniques. Prior to SRA, he spent 5 years at General Dynamics developing source code analyzers, reverse engineering tools, and network security software.
In a second role, Mr. Ortiz developed and teaches a Steganography course for the University of Texas at San Antonio (UTSA). It covers a broad spectrum of data hiding techniques in both the spatial and transform domains as well as watermarking, covert channels and steganalysis. For the course, Mr. Ortiz developed several steganographic programs for testing and analysis.
He holds two master's degrees from the Air Force Institute of Technology, one in Electrical Engineering and one in Computer Engineering and a BSEE from Rose-Hulman Institute of Technology.
Vivek Ramachandran has been working on Wi-Fi security since 2003. He has spoken at conferences such as Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte Client attack. He also broke WEP Cloaking, a WEP protection schema in 2007 publically at Defcon. Vivek is the author of the book "Wireless Penetration Testing using Backtrack" due for release later this year.
He was one of the implementers of 802.1x protocol in Cisco's 6500 Catalyst series of switches. Vivek is also one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net where he posts videos on Wi-Fi Security, Exploitation Techniques etc. and which gets over 100,000 unique visitors a month.
Travis Rhodes has been at Microsoft for 7 years. After spending 5 years in QA, he transferred into a pure Security Engineering Role, and is currently on the Office 365 pen test team.
Amol heads Qualys' team of security engineers who manage vulnerability research. His team tracks emerging threats and develop new vulnerability signatures for Qualys' vulnerability management service. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. At Network Associates, he contributed in the development of security products like CyberCop Scanner and Gauntlet Firewall. At Hitachi Semiconductor, Amol managed a team that developed device drivers for RISC processor based boards.
Amol has presented his research at numerous security conferences, including Hacker Halted 2011, RSA 2007, InfoSec Europe 2007 Press Conference, Homeland security Network HSNI 2006 and FS/ISAC 2006. He regularly contributes to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. He writes the "HOT or NOT" column for SC Magazine.
Dmitry is the IT Security analyst at ElcomSoft Co. Ltd. Lecturer at Information Security department of Moscow Sate Technical University n.a. Bauman. Working in Information Security area for more than 10 years. Have experience in making presentations on security and computer forensics subjects.
Russell Spitler started his career in software security at Colby College. For his honors thesis he developed a static analysis engine embedded in the eclipse IDE. Shortly after his graduation he started at Fortify Software.
While at Fortify, Russell continued his work with Integrated Development Environments, developing security specific plug-ins for Eclipse and Visual Studio. In addition, he developed an IDE specifically crafted for the security professional:Fortify's Audit Workbench. Russell then acted as lead designer and architect of Fortify's central software security management platform:360 Server.
His experience developing security solutions for all aspects of security programs uniquely positioned him to design and implement the SSA Governance module, an element critical to the successful large scale management of Secure Development programs. While at Fortify, Russell acted as advisor to more than 500 successful deployments of the software and is often a key reference in the design of software security initiatives.
Chris has been directly involved in Corporate Information Security at Hewlett-Packard since 1999 and is currently focused on Security in the Development Lifecycle. Previously Chris held the position of worldwide Security Manager for HP's Imaging and Printing division.
Outside the corporate world Chris' interests include Cyberpsychology, Social Networks (a keen tweeter and facebooker), Data Mining and Visual Analytics.
Together with a small group of likeminded individuals, he co-founded the not-for-profit Online Privacy Foundation to raise security awareness at a community level.
Michael Sutton has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers, and educating others on a variety of security topics. As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Zscaler Labs is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.
Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing, and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles, and is the co-author of Fuzzing:Brute Force Vulnerability Discovery, an Addison-Wesley publication. Michael holds a Master's degree in Information Systems Technology from George Washington University and a Bachelor of Commerce from the University of Alberta.
Peleus Uhley is the Platform Security Strategist within Adobe's Secure Software Engineering Team (ASSET). His primary focus is advancing Adobe's Secure Product Lifecycle (SPLC) within Adobe platform technologies, including Flash Player and AIR. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for @stake and Symantec.
Alberto is a Temporary Research Assistant at Dipartimento di Elettronica e Informazione, Politecnico di Milano in Italy, under the supervision of Prof. Stefano Zanero. My research interest is computer security. In 2010 I obtained a Master degree in Computer Engineering at the same university. My thesis focused on web application security:in particular, I worked on anomaly-based IDS/IPS to mitigate Internet threats against web applications.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an assistant professor with the Dipartimento di Elettronica e Informazione. His research focuses on intrusion detection, malware analysis, and systems security. Besides teaching "Computer Security" at Politecnico, he has an extensive speaking and training experience in Italy and abroad, at both scientific and technical forums. He co-authored over 30 scientific papers and books. He is an associate editor for the "Journal in computer virology". He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), and of the IEEE Computer Society (for which he is the current chair of the Italy chapter). He's also a member of the ACM. Stefano co-founded the italian chapter of ISSA (Information System Security Association), and sits in the International Board of Directors of the same association.
Stefano in 2004 founded Secure Network, a boutique security consultancy based in Milano, Italy. Secure Network's consultants and alumni are regular speakers at security conferences worldwide.
In a past life, Stefano was a regular columnist for "Computer World Italy", and received a national press award for his "Security Manager's Journal".