Speakers - 2009

SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  There are still a couple of speaking spots we' can't announce yet, but believe us, its going to be really really awesome.  If you don't immediately know these folks by name, take some time to read their bio's. 

	James Arlen		Joe McCray
	Chris Boyd		Shawn Moyer
	Roy Firestein		Andrew Nash
	Kevvie Fowler		Nick Owen
	Jay Graver		Nicholas Percoco
	Nathan Hamiel		Christopher E. Pogue
	Robert "RSnake" Hansen		Tyler Reguly
	Seth Hardy		Andrés Riancho
	Christofer Hoff		Norm Ritchie
	Jibran Ilyas		Jon Rose
	Jennifer Jabbusch		Michael Smith (rybolov)
	Tracy Ann Kosa		Ben Sapiro
	Adam Laurie(Major Malfunction)		Tiffany Strauchs Rad
	Ryan Linn		Nart Villeneuve
	Rafal Los		Paul Wouters
	Jerry Mangiarelli		Mike Zusman

James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Chris is a 5-time Microsoft MVP, CNET Top 100 Blogger and Director of Malware Research for FaceTime Security Labs. He has made numerous discoveries in security including a Myspace exploit that allowed users to track profile visitors, an imageshack flaw that let you view the IP address of uploaders, the first worm on the Orkut network and the first web browser installed without permission via an Instant Messaging hijack. Chris has talked about security issues at numerous conferences including InfoSec Europe 07 / 09, RSA 07 / 08, the Antispyware Coalition in Washington and New York, as well as presenting informally in Singapore and India. His research has generated a constant stream of mainstream press coverage, including a filmed feature on the BBC website, interviews on Radio and a BBC TV interview on Newsround - plus printed press in UK national newspapers such as The Guardian, Telegraph and The Metro.

Roy is a security consultant with DigitalDefence, engaged primarily with web application pentests and forensics. He is also an Hacktivist, and has recently started a PC donation program for shelters. He is a founder of a hackerspace called SEC-C in his university, where he continues to study for his degree.

Kevvie Fowler (GCFA Gold, CISSP, MCTS, MCSD, MCSE) is the Director of Managed Security Services at TELUS backed by Emergis, a leading healthcare and financial application service provider. He is also the founder and CEO of Ringzero, a consulting and research company focusing on the security and forensic analysis of Microsoft products.

Kevvie�s recent research has focused on Microsoft SQL Server forensics, rootkits and native encryption flaws which he has presented at leading security conferences and by invitation to Microsoft.

Kevvie is the author of 'SQL Server Forensic Analysis' and a contributing author to several security books including 'How to Cheat at Securing SQL Server 2005' and 'The Best Damn Exchange, SQL, and IIS Book Period'.

Jay Graver is a Lead Engineer at nCircle Network Security. For the past 5 years he has worked with the Vulnerability and Exposure Research Team specializing in interrogating Applications and Services over the network. He has years of experience creating non invasive detection of vulnerabilities. Jay is a member of the OVAL Board and works with industry initiatives such as CIS and CPE. Current Areas of research include; Regulatory Compliance, SSL library fingerprinting, Virtualization and unobfuscation techniques. Based in Toronto Ontario, he holds a BSc(Eng) Computer Engineering degree from the University of Guelph and has 5 years of security research experience. He has given security talks at SecTor, ChicagoCon, OWASP Toronto and TASK.

Nathan Hamiel is a Senior Consultant at Idea Information Security and the leader of the practice's technical security team. He is also an Associate Professor of Software Engineering at the University of Advancing Technology. Nathan founded the Hexagon Security Group and is the sole contributor to the Neohaxor blog. Nathan spends most of his time in the areas of application, Web 2.0, and enterprise security.

Nathan was one of the original developers of the FairuzaWRT hacking firmware for the Linksys WRT wireless routers and is currently writing tools focused around web application security. His latest tool, called MonkeyFist, performs Dynamic Cross-Site Request Forgery attacks. He has spoken previously at many different events which have included Black Hat, DefCon, ShmooCon, ToorCon, HOPE, and many others.

Robert Hansen CISSP (CEO, Founder of SecTheory) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He also has briefed the DoD at the Pentagon and has spoken dozens of times at industry conferences, and has keynoted many times as well. Mr. Hansen is a member of Infragard, Austin Chamber of Commerce, West Austin Rotary, WASC, IACSP, APWG, he is the Industry Liaison for the Austin ISSA and contributed to the OWASP 2.0 guide.

Seth is a senior malware analyst with MessageLabs (now part of Symantec), where he works as part of the Threat Research and Response team. Some of his previous areas of interest and research include provably secure cryptography, random number generators, and network vulnerability research; now he's working on new techniques for identifying malware, particularly of the non-executable type. Seth spends a good amount of his spare time soldering and helping run hacklab.to

Christofer Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management with a focus on virtualization and Cloud Computing security. Hoff is currently doing nothing until he finds something more fun to do or his wife goes mad and sends him to Starbucks to pretend to work. Prior to his role as unofficial beach bum of the blogosphere, he was Unisys Corporation's Chief Security Architect, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy. Hoff obviously also enjoys referencing himself in the third person.

Jibran Ilyas is a Senior Forensic Investigator at Trustwave's SpiderLabs. He has investigated some of nations largest data breaches and is a regular contributor for credit card association published security alerts through his white papers. In his past roles, he has been involved in Intrusion Detection Systems and Firewall deployments and setting up Security Operations Centers for Fortune 500 companies. His research interests include reverse engineering and anti-forensics. Jibran recently earned his degree from the Graduate MIS program at Northwestern University.

Ryan Linn is an Information Security Engineer for SAS Institute, a columnist for EthicalHacker.net and has spoken at a number of security conferences.

Senior Security Specialist and Web Application Security evangelist with Hewlett-Packard�s Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.

Jennifer Jabbusch is a network security engineer and consultant with Carolina Advanced Digital, Inc. Jennifer has over 15 years experience working in various areas of the technology industry. Most recently, Ms. Jabbusch has focused in specialized areas of infrastructure security, including Network Access Control, 802.1X and Wireless Security technologies. In addition to being a CISSP, Jennifer holds several vendor-specific certifications such as HP Master ASE in Networking, Security & Mobility and Juniper JNCIA for Access Control. Her technical expertise with multiple vendor technologies gives her unique insight into the industry. Jennifer has consulted for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In addition to her regular duties, she participates in a variety of courseware and exam writings and reviews, including acting as subject matter expert on Access Control, Business Continuity and Telecommunications, and lead subject matter expert in the Cryptography domains of the official (ISC)2 CISSP courseware (v9). You can find more security topics and musings on her security blog at http://SecurityUncorked.com.

Tracy Ann Kosa is currently a Privacy Impact Assessment Specialist with Government of Ontario PIA Centre of Excellence. She has 10 years of privacy experience across Canada working with federal and provincial legislation in the public and private sectors. A regular participant at international programs on privacy, her current research areas include the privacy implications of IDS, geo-locational privacy standards, and creating privacy design requirements. Ms. Kosa has recently decided to undertake a mission others have labeled 'crazy'. Her Mom says she's really proud of her (although she'd be mortified that she put that here), she doesn't like to speak about herself in the third person, and, frankly wonders if anybody actually reads these bios.

Adam Laurie, aka Major Malfunction, is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own�'Apache-SSL'�which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.

Jerry Mangiarelli is a IT Security Specialist with TD Bank Financial Group. Jerry Mangiarelli has spent that last 9 years assessing and researching web applications, he continues to share with the security community by presenting his research at many seminars and conferences, such as EC-Council and Federation of Security Professionals.

Prior to joining TD, Jerry worked for a trading partner to the military where he performed risk assessments and static code analysis.

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

Dr. Shawn Moyer's best work remains, by definition, undocumented. Some claim he is one of the unseen architects of both Iraq Wars, while others pay no credence to this rumor, based on reports that he has been heading a covert Psychological Warfare operation in Cyprus at the behest of the Greek government for much of the past 15 years.

His involvement in the poisoning of Victor Yushenko is largely conjecture, but records do show that he was at the same restaurant on the night in question and sent his Borscht back, untouched. He unquestionably is the owner of a Spetznaz-issue Vostok watch, and a handlebar mustache that fits several witness descriptions.

Still, the larger questions remain... Why did Dr. Moyer abruptly change his travel plans for Flight 93? Why was he spotted near the Book Depository, carrying what appeared to be a box of 6.5mm shells? Why is his testimony conspicuously absent from all records of the Warren Commission? And most of all, why is he currently listed as a Principal Security Consultant with FishNet Security's Assessment Practice?

Andrew Nash is Senior Director of Identity Services at PayPal. He is a board member of the OpenID, Information Card and Kantara Foundations. Formerly he was CTO at Sonoa Systems and Reactivity working on XML and Web Services appliances. As Director of Technologies at RSA Security, Andrew worked on a wide range of identity systems. He is a known leader in PKI and Web-Services markets, has co-authored numerous Web Services security specifications and is author of a book on Public Key Infrastructure.

Nick Owen is a co-founder and CEO of WiKID Systems, Inc. WiKID has created a unique dual-source two-factor authentication system that uses public-key cryptography instead of the typical shared-secrets found in most systems. WiKID Nick's fourth startup. Nick was also an Entrepreneur-in-residence at the Advanced Technology Development Center in Atlanta. He is a graduate of the University of Virginia with an MBA from the University of Georgia.

Nick helped design and architect WiKID's two factor authentication system and mutual https authentication system. Nick is the author of most of WiKID's technical white papers, tutorials and has integrated two-factor authentication systems with solutions such as Apache, OpenVPN, Astaro, Cisco, F5, Netgear and others. He consulted with Online Banking Solutions, Inc on integrating WiKID's solution into their software.

Nicholas J. Percoco is the head of SpiderLabs -- the advanced security team at Trustwave that has performed more than 500 cyber forensic investigations globally, thousands of penetration and application security tests. He has more than 14 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems.

Chris Pogue is a Senior Security Analyst for the Trustwave SpiderLabs Incident Response and Digital Forensics team. He as over ten years of administrative and security experience including three years as an Incident Response/Forensic Analyst for the IBM ISS X-Force Emergency Response Services Team, and five years with IBM's Ethical Hacking Team. During his tenure with the X-force and the SpiderLabs, Chris worked with some of the largest organizations in the world.

Chris holds a Bachelor's Degree in Business Management, a Master's degree in Information Security, is a Certified Information Systems Security Professional, (CISSP), a Certified Ethical Hacker (CEH), a Certified Reverse Engineering Analyst (CREA), a GIAC Certified Forensic Analyst (GFCA), and a VISA PCI DSS Qualified Security Assessor (QSA). Chris is also the primary author of the book, "Unix and Linux Forensic Analysis", from Syngress.

Tyler Reguly is a Sr. Security Research Engineer with nCircle, the leading provider of automated security and compliance auditing solutions. At nCircle, Tyler is a key member of nCircle VERT (Vulnerability and Exposure Research Team) where he focuses on web application security and vulnerability detection and has lent his expertise on various projects that include reverse engineering and OS X vulnerability detection. Tyler is involved in industry initiatives such as CVSS-SIG and WASSEC and has spoken at security events including Toronto Area Security Klatch (TASK) and OWASP Toronto. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario by developing a security course entitled 'Hacker Techniques & Exploits - Advanced'. Tyler is frequently quoted in industry trade press and is a prolific blogger.

Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andr�s founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

Norm Ritchie is currently the Chief Information Officer of CIRA. He joined CIRA in April 2005. He is an industry veteran with over 25 years of product development and management experience in telecommunications and Internet applications. Norm is responsible for planning, developing and maintaining all of the technology, networking and computer operations in support of CIRA.

Before joining CIRA, Norm was Vice President of Development at Momentous Corporation for three years. Momentous Corporation one of Canada�s largest domain name and hosting companies and home to a number of Internet businesses including Zip.ca and Pool.com.

Prior to his years at Momentous.ca, Norm was Vice President of Technology and Business Development at NetActive, a spin-off of Nortel Networks that focused on digital rights management for the music, video and PC-game industries. He had previously held a number of positions at Nortel Networks during his 16 year tenure including Product Management and Product Development in the areas of broadband networks, digital switching and data networks.

Jon Rose is a researcher and pentester within Trustwave's SpiderLabs group. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes creating enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle.

Michael Smith is a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies. Currently he's engaged as an Information Systems Security Officer working with embedded devices and associated command systems.

Prior to Joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility included both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team.

Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security.

You can find more of Michael's random rantings on his blog at http://www.guerilla-ciso.com/

Ben Sapiro - Research Director, Security Practices at TELUS Security Labs - is a reformed security consultant with a background in secure software with a passing interest in federation and identity management.

Before focusing on security research, Ben worked for over ten years as a security consultant with global clients in North America, Europe, the Middle East and Asia. Ben's security experience includes security audits, ethical hacking, infrastructure work, threat modelling, secure development, secure architecture, social engineering and application testing.

In his spare time, Ben works on the emerging cloud security standard known as A6 and XML schema's for reporting languages via his IronFog blog

Tiffany Strauchs Rad, MA, MBA, JD, is the president of ELCnetworks, LLC., a technology and business development consulting firm with offices in Portland, Maine and Cambridge, Massachusetts. Her consulting projects have included business and tech analysis for startups and security consulting for U.S. government agencies. She is also a part-time adjunct professor in the computer science department at the University of Southern Maine teaching computer law and ethics, information security, and is working to establish a computer crimes clinic at Maine School of Law. Her academic background includes study of international law and policy at Carnegie Mellon University, Oxford University, and Tsinghua University (Beijing, China). Tiffany is also the organizer of HackME, a hacker space in Portland, Maine.

Nicholas J. Percoco is the head of SpiderLabs -- the advanced security team at Trustwave that has performed more than 500 cyber forensic investigations globally, thousands of penetration and application security tests. He has more than 14 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems.

Nart Villeneuve is a research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. His research focuses on Internet censorship as well as the evasion tactics used to bypass Internet filtering systems. Nart is also a senior research associate at the Information Warfare Monitor where he studies electronic surveillance and digital attacks.

Paul Wouters is often involved with cryptography, digital rights and cypherpunk projects. He co-founded "Xtended Internet", one of the first the Dutch ISP's back in 1996. In 2003 he co-founded Xelerance, a company specialised in VPN technology that develops and maintains "Openswan", the Linux IPsec software. He has been involved with the deployment of DNSSEC worldwide, and is an active IETF and RIPE contributor. In 2006 he published "Building and integrating Virtual Private Networks with Openswan". He currently maintains various cryptographic software and DNS related packages for Red Hat's Fedora and RHEL Linux, including the popular Instant Messenger encryption software "Off the Record". He is a regular speaker at Black Hat. If not travelling, he can regularly be found at Toronto's HackLab collective.

Michael Zusman is a Senior Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mr. Zusman held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mr. Zusman is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors including Apple and SonicWall. He has spoken at a number of top industry events including CanSecWest, Black Hat and regional OWASP events. Mr. Zusman also speaks and teaches about information security at NYU/Polytechnic University. Mr. Zusman brings 10 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.