Speakers - 2007

SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  The following speakers have been confirmed.

We have been very lucky to have the very best from both Canada and the world coming.

	Kai Axford		Gary S. Miliefsky
	Rohyt Belani		Ryan Poppa
	Nish Bhalla		Richard Reiner
	Carole Bird		Steve Riley
	Kevin G. Coleman		Dror-John Roecher
	Dino Covotsos		Joanna Rutkowska
	Mark Fabro		Ben Sapiro
	Kevvie Fowler		Rohit Sethi
	Jay Graver		Mike Shema
	Brad "RenderMan" Haines		Rares Stefan
	Dan Kaminsky		Michael Thumann
	David Lie		Ira Winkler
	Johnny Long		Paul Wouters
	Kevin Mandia

Kai Axford (CISSP, MCSE-Security) is a Senior Security Strategist in the Trustworthy Computing Group and has been with Microsoft for 8 years. He started as Server Support Engineer and then moved on to become a IT Pro Evangelist, focusing on his peers through the Microsoft TechNet Events program. He has delivered over 200+ security presentations on a variety of topics, including digital forensics, security management, and incident response. He is a frequent speaker at security conferences, executive meetings, and business seminars around the world.

Kai is pursuing an MBA in Information Assurance and is a member of the Information Systems Security Association (ISSA), INFRAGARD, and the North Texas Electronic Crimes Task Force. He was the recipient of the 2006 'Rising Star� award from the Information Security Executive council. Kai is interested in security management and security metrics and hopes to become a Chief Security Officer one day.

Prior to Microsoft, Kai served as a leader in several real-world operations with the U.S. Army's elite 75th Ranger Regiment. Originally from Wisconsin, Kai is a huge NFL Green Bay Packers fan. He is based in Dallas, Texas (where he finds the heat overwhelming) with his lovely wife and a (very wet) yellow Labrador dog.

Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group. Prior to starting Intrepidus, Mr. Belani has held the positions of Managing Director at Mandiant, Principal Consultant at Foundstone and Researcher at the US-CERT. During his tenure in information security consulting, Mr. Belani has provided strategic security consulting to information security executives, and performed numerous technical security reviews of critical financial applications and networks. In addition he has assisted organizations in responding to high exposure security incidents involving securities fraud, credit card theft, and cyber-extortion.

He is a contributing author for Osborne's Hack Notes - Network Security, as well as Addison Wesley's Extrusion Detection: Security Monitoring for Internal Intrusions.

Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, Hack In The Box, Infosec World, DallasCon, CPM and several forums catering to the FBI and US Secret Service agents. He currently holds an Adjunct Faculty position at Carnegie Mellon University and has been invited to guest lecture at the University of Wisconsin, and Illinois Institute of Technology.

He has written technical articles and columns for online publications like Securityfocus and SC magazine, and has been interviewed by BBC Radio, Hacker Japan, InformationWeek, IndustryWeek, and Forbes magazine.

Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He currently leads the OWASP Java Project a world-wide consortium of Java security experts.

Nishchal Bhalla, the Founder of Security Compass, is a specialist in product, code, web application, host and network reviews.  Nish has coauthored "Buffer Overflow Attacks: Detect, Exploit & Prevent" and is a contributing author for "Windows XP Professional Security", "HackNotes: Network Security", "Writing Security Tools and Exploits" and "Hacking Exposed: Web Applications, 2nd Edition". Nish has also been involved in the open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter. He has also written articles for securityfocus and also spoken at web seminars for Global Knowledge and University of Florida.

He is a frequent speaker on emerging security issues. He has spoken at reputed Security Conferences such as at "Reverse Engineering Conference 2005" in Montreal, the "HackInTheBox 2005" in Malaysia and "ISC2's Infosec Conference" in Las Vegas and New York. He also has created and taught the Exploiting & Defending Classes for Security Compass. Some of the upcoming conferences he is going to be speaking at are "ISC2's Infosec Conference" in DC/Toronto, CSI's NetSec conference in Arizona and Dallascon.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews (Web Application / Code ) for major software companies, online banking and trading & e-commerce sites. He also helped develop and teach the "Secure Coding" class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Insp. Carole Bird has been a member of the Royal Canadian Mounted Police (RCMP) since 1989. She began her service in Manitoba where she worked in a number of areas including a number of First Nations Communities, highway patrol and rural policing.

In 1992, she began work in a specialized federal investigative unit where she focused on Copyright, Trademark and Intellectual Property investigations and Customs and Excise investigations as well as Radio Telecommunications Act investigations. She has also worked in the RCMP's Informatics Operational Support and Human Resources areas prior to becoming the Officer in Charge of Business Continuity Planning for the RCMP where she led the development of the RCMP's internal disaster planning process.

She is currently the Officer In Charge of Program Management Support Services for the RCMP's Technological Crime Program responsible for Policy & Research Analysis, Operations Coordination & Liaison and Integrated Cyber Analysis

Kevin G. Coleman is a fifteen year computer industry veteran. A Kellogg School of Management Executive Scholar, he was the former Chief strategist of Netscape. Now he is a Senior Fellow and Strategic Management Consultant with the Technolytics Institute - an executive think-tank. He sat on the Science and Technology advisory board for the Johns Hopkins University- Applied Physics Lab, one of the leading research organizations in the United States. He has published over sixty articles covering security and defense related matters including UnRestricted Warfare and Cyber Warfare. In addition he has testified before the U.S. Congress on Cyber Security and is a regular speaker at security industry events and the Global Intelligence Summit.

Dino Covotsos is the Founder and Managing Director of Telspace Systems, a South African IT security firm which started business in 2002. Mr. Covotsos has many years of experience in the IT security industry and has been involved in many different large scale projects worldwide, ranging from vulnerability assessment to attack and penetration testing for corporate clients. Mr.Covotsos uses his hands on knowledge to help secure corporate networks in new and unique ways and has also written articles for various magazines in the IT and Government sector specifically on information security issues. Dino is a regular presenter at high level information security conferences. 

Mark Fabro is the President and Chief Executive Officer of Lofty Perch, Inc. a market leading security technology company focused on SCADA and process control system cyber security. As well as being the Chairman of the Canadian Industrial Cyber Security Council, Mr. Fabro's projects have include working with both the U.S. and Canadian national security community, and he was a contributing specialist to the U.S National Strategy to Secure Cyberspace, the cyber annex to the National Response Plan, and most recently the post-Katrina control system recovery plan for the Oil and Gas sector.

He has a degree in applied physics and mathematics, and is currently working on his Master's in National Security Studies at American Military University where he co-authored a prominent Forecasting Model for Cyber-based Terrorism under the direction of Dr. Joshua Sinai. He is a visiting lecturer at the George Mason University School of Management, and has completed training in terrorism studies through the United Nations Institute for Training and Research.

Prior to Lofty Perch, Mr. Fabro has held several senior-level consulting positions, including Senior Manager at BearingPoint's Security Practice, Chief Security Scientist in the Enterprise Security Group at American Management Systems, as well as the Worldwide Director of Assessment Services for Secure Computing Corporation.

In 2004, for his work in cyber security and education, he was recognized as one of the '25 Most Influential Consultants' in the world by the market leading Consulting Magazine.

Kevvie Fowler is the Manager of Managed Security Services for Emergis Inc. where he is responsible for the delivery of specialized security and incident response services. Kevvie has over 11 years of professional Information Security and IT experience on development, database and host/network platforms. Kevvie is author of the forthcoming book titled 'SQL Server Forensic Analysis' and is contributing author of 'How to Cheat at Securing SQL Server 2005'. He was a featured speaker at the Black Hat USA security conference and is a member of the HTCIA. Kevvie is a GIAC Gold Certified Forensic Analyst and holds several additional certifications including, CISSP, MCTS, MCSD, MCDBA and MCSE.

Jay Graver and Ryan Poppa are Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities.

Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques.

Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com

Brad "RenderMan" Haines has been a fixture in the wardriving community for many years. He never seems very far from wardriving news, often causing it himself. A co-author of RFID Security by Syngress publishing, he spends his time working on many weird and wonderful wireless and security projects with the Church of Wifi, a security collaboration group he helped found.
'RenderMan' is a well known speaker at hacker conferences like Defcon, HOPE and Shmoocon, partially for his unique content and for his fondness for showmanship, and for stuffing electronics into fluffy teddy bears.

Based out of Edmonton, Alberta, Brad/RenderMan spends his days doing cruel things to electronics and wireless packets as well as trying to bridge the gap between academia and the hacker world.

Dan Kaminsky is the Director of Penetration Testing at IOActive, a Seattle-based security consultancy. Dan has been speaking at conferences for over six years, and has a reputation for doing bad things to packets. He spent two years at Cisco, and another two at Avaya, before spending 2006 consulting at Microsoft analyzing Vista.

Dr. David Lie received his B.S. from the University of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001 and 2004 respectively. Since then, he has been an Assistant Professor in the Department of Electrical and Computer Engineering at the University of Toronto. While at Stanford, David founded and led the XOM (eXecute Only Memory) Processor Project, which supports the execution of tamper and copy-resistant software. He was the recipient of a best paper award at SOSP for this work. Currently, his interests focus on securing commodity systems through low-level software such as virtual machine monitors and operating system kernels; architectural and hardware support to increase security; and software model-checking and formal methods. 

Johnny Long is a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at http://johnny.ihackstuff.com.

Mr. Mandia is an internationally recognized expert in the field of information security. He has over fifteen years experience, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing.

He is co-author of Incident Response: Performing Computer Forensics (McGraw-Hill, 2003) and Incident Response: Investigating Computer Crime (McGraw-Hill, 2001). A noted expert and author, he frequently presents at security industry conferences including Black Hat, Interop and TechnoSecurity. Mr. Mandia holds a Master of Science in Forensic Science from The George Washington University. He is a Certified Information Systems Security Professional, and has held government security clearances at the Top Secret and higher levels.  

Gary S. Miliefsky is an American entrepreneur, founding member of the U.S. Department of Homeland Security, philanthropist (a founding member of the Walden Woods Project, started by musician Don Henley), and the Founder and Chief Technology Officer of NetClarity, Inc., the network security software and appliance company that he founded with current Chairman and CEO, Gil Roeder.

Miliefsky is one of the best-known entrepreneurs of the network security revolution. He is widely admired as the inventor of clientless network admission control or clientless NAC and has over a dozen patents published and pending.  He frequently writes articles for SearchCIO and NetworkWorld.

He served as an informal advisor to President Clinton and helped the President's Critical Infrastructure Protection Board, under the Bush Administration, which is now known as the National Infrastructure Advisory Council (NIAC) and operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace.

He currently serves on the National Information Security Group (www.naisg.org) Board of Directors and is a member of an Advisory Board to MITRE. (oval.mitre.org).

Dr. Richard Reiner, Chief Security and Technology Officer, TELUS Security Solutions Dr. Richard Reiner is an internationally recognized authority on information and software security. He has been the principal strategist for over 100 major information security and application security initiatives in Fortune 500, TSE 100, and major public-sector corporations. Dr. Reiner holds a Ph.D. in logic and computability, and is a leading innovator in the area of software security with several patents pending in the field. He is often quoted by the press and has been featured on the cover of CIO Magazine, in the New York Times, USA Today, and CBS News.

Steve Riley is a senior program manager in Microsoft's Security Business Unit in Redmond, Washington, USA. Steve specializes in network and host security, communication protocols, network design, and information security policies and process. His customers include various ISPs and ASPs around the United States, as well as traditional enterprise IT customers, for whom he has conducted security assessments and risk analyses, deployed technologies for prevention and detection, and designed highly-available network architectures. Steve is a frequent and popular speaker at conferences worldwide, often appearing in Asia one week and Europe the next. When not evangelizing the benefits of Microsoft security technology, he spends time with customers to better understand the security pain they face and show how some of that pain can be eliminated. Having been born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications; the simple telephone still provides endless hours of exploratory joy. Besides lurking in the Internet's dark alleys and secret passages, he enjoys mountain biking, clubbing and the occasional rave, freely sharing his opinions about the intersection of technology and culture, and hanging with his family and friends in the center of the universe otherwise known as Seattle, Washington.

Dror has enjoyed working with Cisco stuff for more than eight years and is usually busy assessing the security of enterprise networks and data-centers. He works as a senior security consultant for germany-based ERNW GmbH all over Europe and has published multiple whitepapers on security-related topics.
He is a seasoned speaker and enjoys sharing his experience with his audience.

The last two years have seen him develop additional points of interests, as e.g. "Mobile Security" [he simply loves to play around with all the newest funky gadgets] and "Endpoint Security"-but at the heart he still is a networker.

Joanna Rutkowska is a recognized researcher in the field of stealth malware and system compromises. Over the past several years she has introduced several breakthrough concepts and techniques on both the offensive and defensive side in this field. Her work has been quoted multiple times by international press and she is also a frequent speaker at security conferences around the world. In April 2007 she founded Invisible Things Lab, a consulting company dedicated for cutting edge research into operating systems security.

Ben Sapiro is the principal of TELUS's Secure Software team. Ben leads the Secure Software team across multiple projects including product and application testing, secure development training and specialised development efforts.
Ben brings over eights years of security consulting experience to the Assurent team having worked with global clients in North America, Europe, the Middle East and Asia. Ben's security experience includes security audits, ethical hacking, infrastructure work, threat modelling and application testing.
Ben joined the Assurent security practice to launch the Secure Software team which now includes specialist capabilities such as secure development process enhancement and Cryptanalysis.

Rohit Sethi

Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat analysis, application security reviews, and building security controls into the software development lifecycle. Rohit has spoken and taught at Infosec New York and Toronto, the ISC2�s Secure Toronto conference and at OWASP chapter meetings. At Security Compass, Rohit has taught courses on web applications security in cities across North America. He has also performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted as an expert for his dual expertise in information security and software engineering and is currently in the process of contributing to a book on J2EE security and writing a series of articles on application security for a major online security portal.

Prior to joining Security Compass, Rohit was a consultant at a Big Four consulting firm�s risk practice. There he led engagements in Canada, the United States, France and India for a variety of Fortune 500 companies. He performed application security reviews; security governance strategy; threat risk assessments; Sarbanes-Oxley general computer controls and Payment Card Industry audits and remediation; identity management strategy; customer data privacy assessments; and segregation of duties analysis and remediation. Previous to his security career, Rohit was a business analyst and application developer at a multinational payroll solutions firm. There he was involved with engineering applications in a variety of platforms and complex environments.

Rohit holds an Honors Bachelor of Science degree in Computer Science with Software Engineering Specialization from the University of Western Ontario. Rohit is also a Certified Information Systems Security Professional (CISSP), and a Sun certified Java programmer.

Mike Shema

Mike Shema, security research engineer at Qualys, is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. He has extensive experience with information security, especially in the realm web application security. He is currently developing tools that automate the web application audit process. His prior experience includes research and development at NT Objectives, Inc. and information security consulting at Foundstone and Booz Allen Hamilton.

Rares Stefan
Stefan is Chief Security Architect of Third Brigade and is an expert within the Internet security field. Stefan co-founded IDRCI (Internet Development Research Centre Inc.) in 2000 and as Vice-President, Research & Development he was a co-architect of the CHX technology, which is the foundation of the Third Brigade product family.

Prior to founding IDRCI, he was Head Technologist for the Managed Service Provider Microsource from 1997 to 2000, where he successfully developed centralized security systems allowing for managed security services to be deployed to Microsource customers. Stefan attended Concordia University in the B.Sc. Honours, Theoretical Physics/Minor in Computer Science program.

Michael Thumann

Michael Thumann is Chief Security Officer and head of the ERNW "Research" and "Pen-Test" teams. He has published security advisories regarding topics like 'Cracking IKE Prshared Keys' and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. 'tomas�a Cisco Password Cracker', 'ikeprobe�IKE PSK Vulnerability Scanner' or 'dnsdigger'a dns information gathering tool') and his experience with the community.
Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at German universities.

In addition to his daily pentesting tasks he is a regular conference-speaker and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels' main interest is to uncover vulnerabilities and security design flaws from the network to the application level.

Ira Winkler, CISSP is President of the Internet Security Advisors Group.  He is considered one of the world's most influential security professionals, and has been named a "Modern Day James Bond" by the media.  He did this by performing espionage simulations, where he physically and technically "broke into" some of the largest companies in the World investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure.  He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs.  Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards.

Ira is also author of the riveting, entertaining, and educational book, Spies Among Us.  He is also a columnist for ComputerWorld.com.  Ira's forthcoming book is titled, Zen and the Art of Information Security.  Ira has recently been elected Vice President of the Information Systems Security Association.

Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst.  He moved on to support other US and overseas government military and intelligence agencies.  After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association.  He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland. 

Mr. Winkler has also written the book Corporate Espionagee, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy.  Both books address the threats that companies face protecting their information.  He has also written over 100 professional and trade articles.  He has been featured and frequently appears on TV on every continent.  He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.

Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP 'Xtended Internet' back in 1996, where he started working with FreeS/WAN IPsec in 1999 and with DNSSEC for the .nl domain in 2001.

He has been writing since 1997, when his first article about network security was published in Linux Journal in 1997. He still writes on occastion for the Dutch "c't Magazine", focussing on Linux, networking and the impact of the digital world on society. He has presented papers at Sans, BlackHat, DefCon, CCC and several other conferences.

He co-founded Xelerance in 2003, focusing on IPsec, DNSSEC, and virtualization, where he is responible for the development of enterprise appliances simplifying the management of these complex security technologies. He is also the release manager for the Linux Openswan IPsec suite,