Speakers - 2008

SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  The following speakers have been confirmed.

We have been very lucky to have the very best from both Canada and the world coming.  Check back frequently as we continue to add speakers.

	Raven Alder		Jennifer Jabbusch
	Tom Aratyn		3ric Johanson
	James Arlen		Tracy Ann Kosa
	Jay Beale		Johnny Long
	Dino Covotsos		H D Moore
	Mark Fabro		Deviant Ollam
	Kevvie Fowler		David Black
	Jamie Gamble		Joshua Perrymon
	Brad Haines (Renderman)		Bruce Potter
	Christian Heinrich		Matt Sergeant
	Pete Herzog		Stephen Toulouse
	Christofer Hoff		Jason Wright
	Cameron Hotchkies (nummish)		William Young

Half ISP engineer, half security geek, Raven likes to think that she handles her schizoid career a little better than Harvey Dent. She's a contributing author to several technical books ("Nessus Network Auditing", "Snort 2.1"), magazines ("A Summary of Savvy Backbone Defense", login;, Dec. 2005), and a frequent speaker at conferences (Black Hat, Linux World Expo, 23CCC, ShmooCon, ToorCon, DefCon, Ottawa Linux Symposium).

Tom Aratyn is the Security Compass tools developer and the developer behind Security Compass's Exploit Me series of penetration testing tools (including XSS Me and SQL Inject Me). Tom brings his passion for software development and experience in Open Source to Security Compass developing tools for both public consumption and internal use. Tom has a range of software development experience due to his involvement with many Open Source projects. Tom continues to be a member of Mozilla, Joomla!, and TikiWiki communities. His work has lead him to work with a variety of software development technologies including C/C++, Python, PHP, JavaScript (XPCOM and web-based) and XML as well as the flexibility to develop applications on both Linux and Windows.

James Arlen is a senior consultant currently engaged as the CISO of a mid-market publicly traded financial institution after working as an Accounting and Audit Technician, General Manager of an ISP, Information Security Consultant, and Information Security Co-ordinator at a Power Utility. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. Through the innovative application of lessons learned in a diverse working background, James has successfully made information security an intrinsic part of the operations of many organizations. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things. He is wondering if his employer is watching.

Jay Beale is an information security specialist, well known for his work on threat avoidance and mitigation technology. He's written two of the most popular security hardening tools: Bastille UNIX, a system lockdown and audit tool that introduced a vital security-training component, and the Center for Internet Security's Unix Scoring Tool. Both are used worldwide throughout private industry and government. Through Bastille and his work with the Center, Jay has provided leadership in the Linux system hardening space,participating in efforts to set, audit, and implement standards for Linux/Unix security within industry and government. Jay also contributed to the OVAL project and the Honeynet Project.

Dino Covotsos is the Founder and Managing Director of Telspace Systems, a South African IT security firm which started business in 2002. Mr. Covotsos has many years of experience in the IT security industry and has been involved in many different large scale projects worldwide, ranging from vulnerability assessment to attack and penetration testing for corporate clients. Mr.Covotsos uses his hands on knowledge to help secure corporate networks in new and unique ways and has also written articles for various magazines in the IT and Government sector specifically on information security issues. Dino is a regular presenter at high level information security conferences.

Mark Fabro is the President and Senior Scientist of Lofty Perch, Inc. a market leading security consulting firm focused on SCADA and process control system cyber security. As well as being the Chairman of the Canadian Industrial Cyber Security Council, Mr. Fabro's projects have include working with both the U.S. and Canadian national security community, and he was a contributing specialist to the U.S National Strategy to Secure Cyberspace, the cyber annex to the National Response Plan, and most recently the post-Katrina control system recovery plan for the Oil and Gas sector. Mr. Fabro is well known for his work with key organizations such as the Idaho National Laboratory (INL) and the DHS Control Systems Security Program, doing cyber security assessments, training, and developing recommended practices to industry.

He has a degree in applied physics and mathematics, and is currently working on his PhD in Electrical Engineering and Cyber Systems Security. Prior to Lofty Perch, Mr. Fabro has held several senior-level consulting positions, including Senior Manager at BearingPoint�s Security Practice, Chief Security Scientist in the Enterprise Security Group at American Management Systems, as well as the Worldwide Director of Assessment Services for Secure Computing Corporation.

For his work in cyber security and education, he was recognized as one of the '25 Most Influential Consultants' in the world by the market leading Consulting Magazine.

Kevvie Fowler is the Director of Managed Security Services at TELUS Security Solutions, where he is responsible for the delivery of specialized security, incident response and forensic services.

He is also a researcher by night who focuses on the security and forensic analysis of Microsoft technologies. Kevvie is author of 'SQL Server Forensic Analysis' and a contributing author of 'How to Cheat at Securing SQL Server 2005' and 'The Best Damn Exchange, SQL and IIS Book Period'.

He is a frequent presenter at major information security conferences such as Black Hat and SecTor and is a member of the HTCIA.

Jamie Gamble is a security consultant at Security Compass. This position allows Jamie to two of the things he really enjoys, finding vulnerabilities and fixing them. Prior to this position he was a member of the VERT team at nCircle. His interests include risk modeling, covert channels, trust relationships, and breaking software. His passion for security dates back over a decade, during this time he also studied Computer Science and Economics.

Born and raised in Edmonton, Alberta, Brad is a fixture in the hacker community for the last 10 years. He has spoken frequently at Defcon, Shmoocon, SecTor, Hackcon, and HOPE on a variety of topics. He spends his time advancing the causes of wireless security, including generating the first pre-computed hash tables for faster cracking of WPA/WPA2-PSK networks. Self-Employed, he is always looking for a new oppourtunity to speak and educate the public about the dangers of wireless networks and finding new ways to shove electronics into teddy bears.

Christian Heinrich aka "cmlh" is the Project Leader of the OWASP "Google Hacking" Project and the Thought Leader on Security within the Australian Media and Entertainment Industry with over twelve years of "end user" experience.

cmlh has presented at the recent OWASP Australian and USA Conferences, ToorCon X (USA), RUXCON 2K5 (AU) and RUXCON 2K6 (AU) and is scheduled to present at the upcoming RUXCON 2K8 on 29 - 30 November in Sydney, Australia.

cmlh has a Public Profile on LinkedIn at http://www.linkedin.com/in/ChristianHeinrich

Pete Herzog is the Managing Director and Board Member of the non-profit ISECOM, the Institute for Security and Open Methodologies. He is the winner of a 2007 BOSSIE (Best in Open Source) for the Open Source Security Testing Methodology Manual (OSSTMM), a research member of the OpenTC Project, a 25-member, EU-Sponsored Trusted Computing project (opentc.net), and an ISECOM Certified trainer and I hold 2 Trainer Trainings a year as well as teach in the Masters in Security at La Salle University. He is an accomplished speaker and trainer and provides Trainer Trainings for the ISECOM certification: OPST, OPSA, OWSE, and OPSE. His other projects include Hacker Highschool, The Child Safety and Security Methodology, the Home Security Methodology, and Trust Metrics in the Applied Verification of Integrity and Trust project (AVIT). Recently, he led a 25-person team of Linux experts to provide the 3rd edition of Hacking Exposed Linux now in publication.

Chris Hoff is currently Unisys' Chief Security Architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy. Hoff obviously also enjoys referencing himself in the third person.

Cameron has been a vulnerability researcher for TippingPoint's DVLabs since 2005. His day to day tasks include verification and analysis of Zero Day Initiative submissions, internal product security audits and a whole lot of reverse engineering. Prior to this he created the Absinthe/SQueaL automated SQL injection engine. He doesn't do web stuff anymore. Just reverse engineering. He has spoken at Black Hat, Defcon, Shmoocon and REcon and holds a Bachelor's Degree in Software Engineering from McMaster University.

Jennifer Jabbusch is a network security engineer and consultant with Carolina Advanced Digital, Inc. Jennifer has over 15 years experience working in various areas of the technology industry. Most recently, Ms. Jabbusch has focused in specialized areas of infrastructure security, including Network Access Control, 802.1X and Wireless Security technologies.

In addition to being a CISSP, Jennifer holds several vendor-specific certifications such as HP Master ASE in Networking, Security & Mobility and Juniper JNCIA for Access Control. Her technical expertise with multiple vendor technologies gives her unique insight into the industry and frequently leads to speaking engagements on network security topics throughout the US.

Jennifer has consulted for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In addition to her regular duties, Jennifer participates in a variety of courseware and exam writings and reviews, including the official (ISC)2 CISSP courseware (v9), for which she was a Subject Matter Expert on Telecommunications and Business Continuity and a Lead Subject Matter Export on Cryptography.

3ric Johanson has been breaking things for many years. A Shmoo Group member, he's been involved with several successful projects, including Shmoocon, Hackerbot Labs (A Seattle-based hacker space), vend-o-rand and rainbowtables. By day, he is a security consultant specializing in penetration testing and application assessments; By night, he has been spotted wearing his "so sue me already" t-shirt while drinking over-caffeinated coffees. Some of his recent public work has included "International Domain Name" vulnerabilities. His hobbies include building and breaking things in a secret underground lair in Seattle.

Currently a Specialist with Government of Ontario Privacy Impact Assessment Centre of Excellence, Ms. Kosa has 10 years of privacy experience across Canada working with federal and provincial legislation in the public and private sectors. Faculty at international programs on privacy, her latest research project is an industry based analysis of Canadian privacy breaches.

Johnny Long is a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at http://johnny.ihackstuff.com.

HD Moore is the director of security research at BreakingPoint Systems, where he focuses on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code. HD is the founder of the Metasploit Project and one of the core developers of the Metasploit Framework, the leading open-source exploit development platform. In his spare time, HD searches for new vulnerabilities, develops security tools, and contributes to open-source security projects.

While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's "Science, Technology, & Society" program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at DefCon, Black Hat, ShmooCon, ToorCon, HOPE, HackInTheBox, HackCon, SecVest, and the United States Military Academy at West Point.

David Black, CISM, has been a civilian member of the world's finest police force for over 25 years. He joined the RCMP in 1983 (pre-internet / pre-cybercrime) and has evolved into the RCMP's Manager, Cyber Infrastructure Protection Section, Technical Security Branch. David is a member of the RCMP Cybercrime Council and a steering committee member of the Conference Board of Canada's Council on Security and Technology. His duties include advice and guidance to Canadian federal departments on government security standards, criminal threats, incident response, Industrial Control System security, and input to corporate threat-risk assessments. These roles are based on the RCMP's support for both law enforcement investigators and computer security administrators; leading to safe homes and safe communities.

12 yrs experience as an ethical hacker. Worked all around the US, Australia, and Indonesia for the largest financial, .gov, and commercial organizations. Specialize in Full Scope assessment, RFID Hacking, and Social Engineering. Published articles in Dark Reading, Forbes, Network World, etc.

Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is the co-founder of Ponte Technologies, a company focused on advanced defensive technologies.

Matt Sergeant is the Senior Anti-Spam Technologist at MessageLabs and is widely recognized as a leading authority on all spam-related topics and issues. Since joining the team in 2001, Matt has played an instrumental role in building, developing and increasing the agility and speed of MessageLabs heuristic anti-spam service, which actively monitors, watches and waits for new attacks from known and unknown sources. Matt's exceptional knowledge on the spammer's community and characteristics of the core offenders is fundamental in keeping MessageLabs customers protected from attacks, aided also by Matt's constant research into new techniques for targeting and technologies to protect spam attacks.

Having been with Microsoft since 1994 (before there was an iMac, Windows 95, Smartphones, 64bit processors, hard drives over 500 meg, and a widespread commercially available Internet) Stephen Toulouse has spent the past six years involved in some of the most important privacy and computer security developments within the company. In his current role of Lead Program Manager for Policy and Enforcement with Xbox LIVE, Stephen and his team work to help ensure the LIVE services experience is safe and enjoyable for its members.

Stephen was a key member of the Microsoft Security Response Center with Microsoft's Trustworthy Computing division, running public communication for security events such as Slammer, Blaster, and Zotob. In addition, he assisted in the development of Microsoft's Privacy Principles for Live Search and Online Ad targeting. Today Stephen serves as one of the Privacy gateways to the use of Xbox customer data and how it is protected, in addition to enforcing the Terms of Use and Code of Conduct on the service. That's right; He swings the ban-hammer on Xbox LIVE.

Known to many within Microsoft simply by his email name, "Stepto", Stephen lives in the small farming town of Duvall just outside Seattle with his wife and two Golden Retrievers. And he will absolutely beat you down and make you cry at Expert guitar on Baba O'Riley in Rock Band.

Jason Wright is a cyber security researcher at the Idaho National Laboratory working with SCADA and Process Control system vendors to secure critical infrastructure assets. He is also a semi-retired OpenBSD developer (also known as a "slacker") responsible for many device drivers and layer 2 pieces of kernel code.

William Young joined Sourcefire in February of 2003 as a Senior Security Architect. William is responsible for driving comprehensive, real-time network security solutions for Sourcefire's clients. A 15 year veteran in the information security industry, William brings a broad perspective to developing unique defense in depth solutions, and is the first industry Sourcefire Certified Expert.
Prior to joining Sourcefire, William was a Senior Architect for Exodus Communications, where he built, managed, and oversaw security operations for clients in financial, health-care, and development companies, as well as consulting on a number of security product designs. As a researcher, William has specialized in network monitoring, IDS, and policy enforcement technologies. William has operated his own consultancy, providing guidance and training on secure network architecture, vulnerability awareness, and policy compliance. As a Security Consultant for Arca Systems, William developed secure business practices in 'white-hat' hacking, secure product development, and worked with multiple government agencies including the US Air Force, Rome Laboratory, the US Navy, IRS, NSA, and the White House.