Speakers - 2010

SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  The final round of Speakers have been announced.  SecTor 2010 is pleased to present sessions from: 

	Mohammad Akif		Ryan Linn
	John Andreadis		Rafal Los
	James Arlen		Derek Manky
	Kai Axford		Adam Meyers
	Robert Beggs		Dave Millier
	Nish Bhalla		HD Moore
	Ryan Boudreau		David Mortman
	David Bryan		Brian O'Higgins
	Brian Contos		Deviant Ollam
	Sébastien Doucet		Nick Owen
	Luiz Eduardo		John W. Pirc
	Marisa Fagan		Garry Pejski
	Lior Frenkel		Nicholas Percoco
	Mrityunjay Gautam		Christopher Pogue
	Pete Herzog		Thomas Pröll
	Chris Hoff		Andrés Pablo Riancho
	Greg Hoglund		Mike Rothman
	Jibran Ilyas		Ben Sapiro
	Fabrice Jaubert		Charlie Shields
	Samy Kamkar		Michael Smith
	Sahba Kazerooni		Eldon Sprickerhoff
	Steve Kelly		Patrick Thomas
	Jason Kendall		Mark Townsend
	Mike Kemp		Kelly Walsh
	Joe Klein		Julia Wolf
	Tracy Ann Kosa		Mike Zusman
	Zach Lanier

Mohammad Akif is the National Security and Privacy Lead for Microsoft. He has worked in the industry for over 15 years and has published a number of books and articles. Mohammad spends a significant amount of time working with Microsoft’s major customers in the financial, energy, healthcare and public sectors to help improve their security postures and refocus their IT security departments away from yesterday’s threats and onto the modern threat landscape. He is a frequent speaker at security conferences in Canada and worldwide.

John Andreadis has spent the last 10 years in Information Security, 6 of those were for the Canadian Financial institutions running InfoSec programs and projects. While at the banks John was also responsible for Vulnerability Management as well as working with IT teams on Patch management, Audit issues and Risk mitigation. John was also responsible for Security Operations and continually understanding and demonstrating the security posture of the banks. John has spent the last 3 years with Qualys as the Technical Account Manager for Canada.

James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Kai Axford is a 20-year security veteran and board certified in security management. In his current role, he leads a team of security engineers that conduct penetration tests, vulnerability assessments, and “red team” exercises. Kai has delivered over 300 security presentations on a variety of topics, including computer espionage, digital forensics, security management, and incident response around the world. He was most recently a Global Security Evangelist and Strategist for the Microsoft Corporation responsible for discussing and recommending security solutions to both private and public sector organizations. During his ten years at Microsoft, he conducted Chief Security Officer Councils worldwide, taking this feedback to affect change within Microsoft’s security products and processes. Kai holds an MBA in Information Assurance, is a Certified Protection Professional (CPP), an AccessData Certified (Forensics) Examiner and a graduate of the FBI Citizen Academy. He is a member of ISSA, ISACA, Infragard, and the North Texas Electronic Crimes Task Force. He currently serves on the academic advisory board for the University of Dallas’ graduate program in cybersecurity. Prior to joining the world of information security, he served as a leader with the U.S. Army's elite 75th Ranger Regiment and participated in several real-world security operations. Kai is based in Dallas, Texas.

Robert Beggs is the founder CEO of DigitalDefence. As leader of Canada's leading incident response and forensics consultancy, he has served clients in the banking, insurance, brokerage, and mortgage industries, as well as several small and medium enterprises from a variety of market verticals. He has been responsible for the technical leadership and project management of more than 200 consulting engagements, including policy development and review, standards compliance attack and penetration testing of wired and wireless networks, third party security assessments, incident response, and other consulting projects. His experience with military, financial, and other systems related to critical infrastructure have prepared him to provide a high degree of practical security.

Before working as a Senior Consultant to one of Canada's largest financial institutions, Robert was employed by Netigy, a global network and security infrastructure firm based in San Jose. He has also worked for Nortel Networks in the Systems Engineering group as a specialist responsible for developing new IP-based services for global telecommunications clients. Robert teaches Information Security at Ryerson University and is also the lead instructor for DigitalDefence, providing instruction in ethical hacking, incident response, and data forensics. Robert is a founder and proud sponsor of the Toronto Area Security Klatch, TASK, North America's largest user group focused solely on security issues. He holds the MBA in Science and Technology from Queen's University, and is a Certified Information Systems Security Professional and a Certified Information Systems Auditor.

Nish Bhalla the Founder of Security Compass has coauthored and contributed to multiple books including "Buffer Overflow Attacks: Detect, Exploit & Prevent", "Windows XP Professional Security", "HackNotes: Network Security", "Writing Security Tools and Exploits" and "Hacking Exposed: Web Applications, 2nd Edition". He has also been involved in the open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter. He has also written many articles including ones for securityfocus and others. He is a frequent speaker on emerging security issues. He has spoken at reputed Security Conferences such as at “RSA”, "RECon", “BlackHat Europe”, “SecTor”, "HackInTheBox" and multiple "ISC2's Infosec Conference".

Canadian Information Risk and Compliance Specialist. Ryan Boudreau is responsible for helping public and private sector organizations address the ever-evolving security and compliance landscape. He works with organizations to meet business and governance objectives while adapting to address the new compliance and data loss realities in Canada. Ryan comes from a diverse background in risk management technologies initially focusing on Business Continuity and E-discovery, and moving to more security, data loss, audit, and governance pursuits in recent years.

David M. N. Bryan of Trustwave’s SpiderLabs
David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of Twincities Makers group, and participates in the Minneapolis OWASP chapter.

Mr. Contos has over 15 years of security engineering and management expertise. He has worked throughout North and South America, Europe, the Middle East, and Asia. At McAfee he advises government organizations and G2000s on security strategy. He has written two books including Enemy at the Water Cooler – Real Life Stories of Insider Threats, and Physical and Logical Security Convergence which he co-authored with former NSA Deputy Director William Crowell. He has delivered speeches at industry events like RSA, Interop, OWASP, CSI, ISACA, ISSA, InfraGard and eCrime. He is often quoted by business and industry press, and has written articles for Forbes, NY Times, London Times, Computerworld, and many others. He was formerly the Chief Security Strategist for Imperva, the Chief Security Officer for ArcSight, and has held management and engineering positions at Riptech, Bell Labs, Tandem Computers, and DISA.

Sébastien Doucet, a.k.a. TiGa, is an expert in Metropolitan-Area Fiber-Optics Network Engineering (fancy cable guy) and Actuarial Sciences. He presently is a Security Research Engineer for nCircle in Toronto. He previously did malware analysis for ESET and was IT Security Trainer for IITAC - International Institute (www.iitac.org) where he used to give trainings on Binary Auditing and IDA Pro. His video tutorial series on IDA Pro is well-known throughout the world. He is moderator for crackmes.de and reverse-engineering.net, he also is a member of ARTeam (arteam.accessroot.com) and CostCo (www.costco.com). He previously presented at ReCon 2008 and IT Underground IX in Warsaw, Poland. He still often gives training courses in various minor conferences and events.

Luiz Eduardo is a Senior Security Engineer at NitroSecurity. With almost 20 years of experience, throughout his career he has worked with possibly all types of networking technologies on the enterprise and service provider sectors, as well as the security involved in these technologies.

Luiz is the founder of the y0u Sh0t the Sheriff security conference held in Brazil and has worked on the wireless infrastructure of Blackhat, DefCon, Computer Chaos Congress and Shmoocon. As a public speaker, he has given presentations on diverse infosec topics at worldwide on conferences such as DefCon, FIRST, H2HC, HitB Malaysia, Layerone, ShmooCon, BlueHat, ThotCon, Toorcon and others. Luiz holds the following certifications: CWNE, CISSP, GISP, GCIH and CEH.

Marisa Fagan is a Security Project Manager, responsible for managing security research and consulting engagements. She specializes in rapid development of network security tools and is recognized for her research in threat modeling and identity theft. Ms. Fagan has presented her work at SummerCon 2009 in Atlanta, Georgia and at SecurityBSides 2009 in Las Vegas, Nevada. Additionally, Ms. Fagan is active in the information security community through the Atlanta Chapter of NAISG.

Lior brings to Waterfall Security Solutions over 15 years of large scale software and hardware research and development expertise, combined with vast business capabilities and experience. In 2001 Lior Co-Founded Gita Technologies Ltd, a high-end security research and development company, which provides unique solutions for the defense and military markets. In 2005 Lior led the development and business activities of the Waterfall product line, which evolved and was eventually spanned off to become a stand-alone company, leading the market of unidirectional security gateways. Lior holds a B.Sc. in Computer Science and Statistics from Bar-Ilan University.

Mrityunjay is a pass-out from the Indian Institute of Technology, Kanpur with a Bachelors and Masters degree in Computer Science and Engineering. He specializes in Machine Learning and Computer Security. He has been working with Symantec since the last four years (2006-10) where he has done kernel development for the first year and then moved-on in the Product Security Group for Symantec. His current designation is Senior Software Engineer.

Peter co-Founded ISECOM, an open, non-profit, research organization with over 7000 members, www.isecom.org, created OSSTMM (version 3 to be released early June),  created Hacker Highschool, www.hackerhighschool.org and has created the Bad People Project, www.badpeopleproject.org .

Chris Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.

Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco,he was Unisys Corporation’s Systems & Technology Division’s Chief Security Architect. Additionally, he served as Crossbeam Systems'’ Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at http://www.rationalsurvivability.com/blog. Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005.

Greg Hoglund is the CEO and Founder of HBGary, Inc. He has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), Greg created and documented the first Windows NT-based rootkit, founding www.rootkit.com (rootkit.com) in the process. Greg went on to co-found Cenzic, Inc. (cenzic.com) through which he orchestrated numerous innovations in the area of software fault injection. He holds two patents. Greg is a frequent speaker at Black Hat, RSA and other security conferences. He is co-author of Exploiting Online Games (Addison Wesley 2007) and Rootkits: Subverting the Windows Kernel (Addison Wesley 2005) and Exploiting Software: How to Break Code (Addison Wesley 2004.

Jibran Ilyas, is a Senior Forensic Investigator at Trustwave's SpiderLabs. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. He has investigated some of nations largest data breaches and is a regular contributor for published security alerts through his research. He has 7 years experience and has done security research in the area of computer memory artifacts. Jibran has presented talks at security conferences (DEFCON, SecTor) in the area of Computer Forensics and Cyber Crime. Jibran is also a regular guest lecturer at DePaul and Northwestern University. Prior to joining SpiderLabs, Jibran was part of Trustwave's SOC where he helped Fortune 500 clients with their Security Architectures and deployments. Jibran holds a Bachelors of Science degree from Depaul University and Masters degree in Information Technology Management from Northwestern University.

Fabrice has been a software developer in Google's Montreal office for 4 years. For the past 2 years, he has worked with his security team colleagues on Google's Anti-Malware efforts, to find and flag sites on the web that may be distributing malware.

Samy Kamkar is best known for the Samy worm, the first XSS worm, infecting over one million users on MySpace in less than 24 hours. A co-founder of Fonality, Inc., an IP PBX company, Samy previously led the development of all top-level domain name server software and systems for Global Domains International (.ws).

In the past 10 years, Samy has focused on evolutionary and genetic algorithmic software development, Voice over IP software development, automated security and vulnerability research in network security, reverse engineering, and network gaming. When not strapped behind the Matrix, Samy can be found stunt driving and getting involved in local community service projects.

Sahba Kazerooni is a Principal Consultant at Security Compass, a consulting and training firm specializing in application security. At Security Compass he harvests his blend of development and security knowledge in threat modeling, runtime security assessment, and source code review of client applications while at the same time leveraging his field experience to deliver Security Compass' one-of-a-kind training curriculum. Sahba is also an internationally-renowned speaker on security topics. He has presented at conferences around the world; he delivers Java secure coding training at the SANS Institute; and he has also provided numerous presentations through ISC2 to their elite network of certified information security professionals.

Mr. Kelly is a Supervisory Special Agent and Unit Chief in the Federal Bureau of Investigation’s Cyber Division in Washington, DC. Mr. Kelly provides national program management for investigations addressing criminal cyber threats, including intrusion, dissemination of malicious code, Internet fraud schemes, and identity theft. He also oversees FBI’s Cyber Crime Task Force program, which partners local field offices with other federal, state, and local agencies to address the cyber threat. Prior to arriving at FBI Headquarters, Mr. Kelly was the supervisor of the Cyber Squad in the FBI’s Indianapolis Field Office, where he also oversaw the office’s digital forensics laboratory.

Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Hawaii, New York, Los Angeles, Warsaw, Prague, Holland, Zagreb and London (on subjects as diverse as virtualisation, malware, and why the government suck), and is always keen to embarass himself in new and exotic locales.

A Generalist SME in the Information Security field and an Open Source evangelist, Jason has been working in IS industry for over 15 years, holding certification for CE|H, GIAC GCFA and LPIC-1. Formally, a lead developer for Joomla!, and still an active member with the Joomla! Security Strike team. In his current tenure (role) with one of the top 5 Canadian financial institution, Jason has been instrumental in the setup and configuration of various IS systems including the IDS/IPS and various security event reporting systems along with leading the investigations into said security events, and preparing for the next wave of possible cyber attacks.

Joe Klein is a 30-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, network security and IPv6. Mr. Klein is often requested to speak at professional security venues and routinely participates in high-level government working groups as an expert on secure implementation of IPv6.

As Cyber Security Principal Architect at QinetiQ North America, Joe spends his days developing cyber security 'leap-ahead' technologies. Joe is also an active member of the IPv6 Forum and the North American IPv6 Task Force, serving as a CyberSecurity SME.

Midway through a doctorate in Computer Science, developing a model to predict privacy risk on emergent technologies, Tracy Ann Kosa is a Privacy Impact Assessment Specialist with the Government of Ontario. In that capacity, Ms. Kosa works with Ministries and organizations across the broader public sector to assess and implement privacy requirements. Prior to working in government, she held various positions in ehealth privacy, largely focused on training and education initiatives. Ms. Kosa is a regular contributor to Security Matters magazine, and invited speaker at conferences and universities.

Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. He has performed security assessments for numerous clients, including Fortune 500 companies and higher education institutions. Prior to joining Intrepidus Group’s professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach has also presented at the MIS Training Institute's InfoSec World, IT Security World, and FinSec conferences, as well as Boston-area security professionals' groups, on topics such as open source security tools, security in virtualized environments, and vulnerability disclosure.

Ryan Linn is an Information Security Engineer who has a passion for making security knowledge accessible. In addition to being a columnist with the Ethical Hacker Network, Ryan has contributed to open source tools including Metasploit and the Browser Exploitation Framework (BeEF). Ryan has spoken at a number of regional and national security events including SecTor, B-Sides Las Vegas, ChicagoCon, CarolinaCon and ISSA events.

Rafal "Raf" Los, is a web application security evangelist for the HP Software & Solutions business at HP. Los is responsible for bridging the gaps between security technologies and business needs to reduce enterprise risks and create embedded, lasting solutions on behalf of the HP Application Security Center group. He has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. Additionally, Los helped to write the first release of the Open Web Application Security Project (OWASP) testing guide.

Prior to joining HP, Los led the web application security program and served as a security lead at General Electric (GE) Consumer Finance. Los also worked with GE Power systems, leading security engineering, architecture and building the web application security program. Before GE, Los helped build a service-oriented security consulting company and was among the first 25 employees in a successful financial-based startup, leading internet-facing systems and security management and architecture.

Raf received his B.S. in Computer Information Systems from Concordia University, River Forest, Ill.

Derek Manky has dedicated his career to security, research and education. He is an advocate of working from the ground up; understanding the drivers and methodologies of cyber crime and threats, then deriving defense strategies. Manky has presented his research world-wide at many security conferences, while educating and promoting cyber-security awareness. He has been recognized as a thought leader in the industry and featured numerous times in top tier publications, such as The Wall Street Journal.

As lead author of Fortinet's Threatscape Report, Manky blogs and regularly writes on breaking security developments. He designed the company’s responsible disclosure policies, which have been reliably used for years to report and disclose critical, zero-day vulnerabilities. To assist with his research, Manky has implemented automated systems and tools which provide information on threats and trends.

Adam Meyers is a Senior Principal with the National Products and Offerings Division of SRA International. Mr. Meyers serves as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provides both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers has extensive experience in Penetration Testing, Security Engineering and Architecture, Wireless Communication, and Reverse Code Engineering. Mr. Meyers is a recognized speaker who has presented on topics ranging from high level business solutions to deep technical training including industry conferences such as RSA, Source, and CSI. He currently supports the Department of State Bureau of Diplomatic Security leading a reverse engineering and cyber threat analysis team charged with investigation and mitigation.

Dave Millier is well-known in the Canadian High-Tech marketplace, where he's been helping customers with their security and networking needs for over 15 years. His career has taken many interesting turns; he has operated numerous businesses including a successful consumer ISP, a retail computer operation, a data hosting facility and business ISP, a boutique consulting firm, and most recently his organization Sentry Metrics, where as the co-founder he created and brought to market industry-leading Security and Risk Compliance Dashboard theSentry.

Over the years Dave has presented at many network and security conferences including Network World and Comdex, among others. He has been involved in the design, engineering, and implementation of many enterprise corporate networks and security solutions, and has driven the deployment of numerous 300+ node VPN networks for both educational and government clients. His areas of expertise include in-depth knowledge of firewalls, IDS/IPS, and logfile analysis, and he has extensive exposure to most commercial security products in use today.

Dave acted as the Director of Security for a start-up online Investment firm, and supported them through a successful purchase by a much larger online trading company. Dave assists as a security advisor to the senior management of a number of organizations, acting as a translator of sorts between the various technologies available today and the diverse needs of every business, allowing his clients to continue to build their businesses with confidence.

Dave is an avid (amateur!) dual sport motorcycle rider, and loves to spend his spare time off-roading.

HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

David Mortman runs Operations and Security for C3, LLC. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007-2009, InfoSecurity 2003, Blackhat 2004-2009, Defcon 2005-2009 and Information Security Decisions 2007 and 2008 as well. Mr. Mortman sits on a variety of advisory boards including Qualys, Applied Identity and Reflective amongst others. He holds a BS in Chemistry from the University of Chicago.

President, Brian O’Higgins and Associates

Brian O’Higgins is an executive with over 20 years as a leader in security technology development for enterprise and government customers—possibly known best for his role pioneering PKI (public key infrastructure) — and as the co-founder and Chief Technology Officer of Entrust, a leading Internet Security Company. He was also a co-founder and Chief Technology Officer of Third Brigade, a provider of security products for physical and virtualized servers that was acquired by Trend Micro in 2009. Brian's approach to security is both visionary and pragmatic. He is a frequent presenter at security and industry events around the globe. In 2008, he was appointed as a delegate to contribute to the Global Cybersecurity Agenda of the International Telecommunications Union. He is also a founding author and contributor to the Cloud Security Alliance.

Brian’s current list of affiliations includes advisory board positions with Defence R&D Canada, Information Technology Association of Canada, and the Ontario Centers of Excellence. In addition, he serves on the boards of Recognia, Fischer International, and Mobio Identity Systems, and is an advisor to several other companies.

Brian is an avid skier on both snow and water, and a competitive marathon runner.

While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant is also member of the Board of Directors of the US division of TOOOL, The Open Organization of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point.

As a former consultant with TELUS Security Services, Tatiana Outkina has delivered information security development methodology and processes, technical leadership, business fundamentals expertise and training to members of TELUS and to their clientele. Tatiana brings her significant experience in system development to the task in creating and implementing the process which results in security as a built-in property of the software.

Tatiana has long term experience in computer system development with a strong focus on information security. In her 10+ years of IT security work she has worked for financial institutions and numerous private corporations. To date Tatiana has performed vulnerability and risk assessments, developed secure system development life cycle model, worked on security governance and threat modeling, followed by the secure system architecture and software security solutions.

Tatiana also teaches on software security and teaches part time base at Seneca College and Ryerson University.

Nick Owen is a co-founder and CEO of WiKID Systems, Inc. WiKID has created a unique dual-source two-factor authentication system that uses public-key cryptography instead of the typical shared-secrets found in most systems. WiKID Nick's fourth startup. Nick was also an Entrepreneur-in-residence at the Advanced Technology Development Center in Atlanta. He is a graduate of the University of Virginia with an MBA from the University of Georgia. Nick helped design and architect WiKID's two factor authentication system and mutual https authentication system. Nick is the author of most of WiKID's technical white papers, tutorials and has integrated two-factor authentication systems with solutions such as Apache, OpenVPN, Astaro, Cisco, F5, Netgear and others. Many of his tutorials can be found on http://www.howtoforge.net.

Garry Pejski has worked professionally as a developer for 13 years. During this time he has created online casinos, dating websites, pharmacy software and custom applications for the power industry. During a brief period, he also wrote malware for the bad guys. Currently he works is a Technical Manager at Matrikon (now part of Honeywell), where he has been a part of numerous NERC CIP security projects.

Nicholas J. Percoco is the head of SpiderLabs at Trustwave -the advanced security team that has performed more than 750 cyber forensic investigations globally, thousands of penetration and application security tests for Trustwave clients. In addition, his team is responsible for the security research that feeds directly into Trustwave's products and services through real-time intelligence gathering. He has more than 15 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia including security conferences such as Black Hat, DEFCON, SecTor and You Sh0t the Sheriff. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems. Nicholas holds a Bachelor of Science in Computer Science from Illinois State University.

John has 15 years of security experience in security research, worldwide product management, development, marketing, security product testing, forensics, advance persistent threat’s, critical infrastructure architecting and deploying enterprise-wide security solutions for both public and private organizations worldwide.

John has worked for the Central Intelligence Agency in Cyber Security, CTO at Computer Systems Group LTD, product manager for Cisco's IPS product line, product line executive for all security products at IBM Internet Security Systems and most recently for McAfee’s Network Defense Business Unit with McAfee’s Firewall Enterprise solution and currently working for TippingPoint leading the strategy for their next generation security platform on their product management team. In addition to a BBA in Information Systems from the University of Texas, John also holds the NSA Information Assurance Methodology and Certified Ethical Hacker certifications. John was recently named security thought leader from SANS Institute and writes on a regular basis for Cassandra Security and has a book coming out in January 2011 on Cyber Crime and Espionage. You can follow John on Twitter: http://twitter.com/jopirc

Chris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He as over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Services Team, five years with IBM’s Ethical Hacking Team, and 13 years of Active Military service in the US Army Signal Corps. During his professional career, Chris worked with some of the largest organizations in the world. Chris is also a former US Army Warrant Officer and has worked with the Army Reserve Information Operations Command on Joint Task Force missions with the National Security Agency, Department of Homeland Security, Regional Computer Emergency Response Team- Continental United States, and the Joint Intelligence Center-Pacific. Chris attended Forensics training at Carnegie Mellon University in Pittsburgh, Pennsylvania, and was the ARIOC primary instructor for UNIX, Networking, and Incident Response for all CMU sponsored courses. Chris also has worked with local, state, and federal law enforcement agencies such as the Broken Arrow Police Department, The Coral Springs Police Department, The Sandy Springs Police Department, The New York Police Department, The Federal Bureau of Investigation, the Royal Canadian Mounted Police, and The United States Secret Service to help pursue the digital evidence left behind by criminals of all types. His efforts have lead to arrests and convictions in Oklahoma, New York, Florida, and Munich, Germany. Chris has given presentations on Cyber-Crime and digital forensics at SANS, The Computer Forensics Show, SecTor, The Direct Response Forum, and The USSS Electronic Crimes Task Force Conference. Chris holds a Bachelor's Degree in Business Management, a Master’s degree in Information Security, is a Certified Information Systems Security Professional, (CISSP), a Certified Ethical Hacker (CEH), a Certified Reverse Engineering Analyst (CREA), a GIAC Certified Forensics Analyst (GCFA), and a VISA PCI DSS Qualified Security Assessor (QSA). Chris is also the primary author of the book, “Unix and Linux Forensic Analysis”, from Syngress/Elsevier. Chris’s book is currently being used as a textbook at Saginaw Valley State University and Illinois State University for their computer forensics courses.

After finishing the studies of computer science in 2001 with a diploma (master) degree, Thomas worked at the university as a systems administrator for five years. In this time, he was able to work on his doctorate (Ph.D.), which he finished in 2006. Thomas was employed at Siemens CERT for penetration tests, which he improved over the years. The main targets of his tests are all Siemens products, from Industry, Energy, Healthcare and Communications.

Andrés Riancho is Director of Web Security at Rapid7, where he leads the efforts of automating the detection of Web application vulnerabilities. Currently based in Buenos Aires, he manages Rapid7's Web Application Security Center of Excelence. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like SecTor (Canada), FRHACK (France), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and Ekoparty (Buenos Aires).

Andrés' entrepreneurship lead him to establish his own company, Bonsai Information Security, with the objective of providing it's customers with high quality services in the Penetration Testing arena.

Mike Rothman, Analyst & President, Securosis Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he's one of the guys who "knows where the bodies are buried" in the space.

Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike left META in 1998 to found SHYM Technology, a pioneer in the PKI software market, and then held senior roles at CipherTrust and TruSecure -- providing experience in marketing, business development, and channel operations for both product and services companies. After getting fed up with vendor life, he started Security Incite in 2006 to provide the voice of reason in an over-hyped yet underwhelming security industry.

After taking a short detour as Senior VP, Strategy and CMO at eIQnetworks to chase shiny objects in security and compliance management, Mike joins Securosis with a rejuvenated cynicism about the state of security and what it takes to survive as a security professional.

Mike published "The Pragmatic CSO" in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional. He also possesses a very expensive engineering degree in Operations Research and Industrial Engineering from Cornell University. His folks are overjoyed that he uses literally zero percent of his very expensive education on a daily basis. He can be reached at mrothman (at) securosis (dot) com.

Ben Sapiro - Research Director, Security Practices at TELUS Security Labs - is a reformed security consultant with a background in secure software with a passing interest in federation and identity management.

Before focusing on security research, Ben worked for over ten years as a security consultant with global clients in North America, Europe, the Middle East and Asia. Ben's security experience includes security audits, ethical hacking, infrastructure work, threat modeling, secure development, secure architecture, social engineering and application testing.

In his spare time, Ben participates in Cloud Audit Working Group, an emerging cloud security standard.

Mr. Shields has over 10 years experience in the Security field working with various security technologies. He is currently employed by NetWitness Corporation, working as a Systems Engineer. While with NetWitness, Mr. Shields has worked on large scale security monitoring initiatives for fortune 1000 companies in the financial, retail, and technology Industries. Mr. Shields also has extensive experience working with VARs, working with fortune 1000 companies to identify and implement security solutions.

Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfils a cross-functional role as a liaison between security, sales, product management, compliance, engineering, professional services, and marketing.

Prior to joining Akamai, Mr Smith served as an embedded security engineer, security officer for a managed service provider, and security assessment team lead. He is an adjunct professor for Carnegie Mellon University and teaches through the non-profit Potomac Forum.

Eldon Sprickerhoff has over 15 years of experience in the GTA and NYC IT communities working on security vulnerability analysis, architecture, and countermeasures. In 2001 he co-founded eSentire, Inc., which has grown to be the leading Managed Security Services Provider for alternative investment firms (including hedge funds) with sensors deployed across North America, the UK, and Asia. He holds a B.Math. in Computer Science from the University of Waterloo and is both CISSP and CISA certified. Currently, his free-time activities revolve around family, epicurean adventures, and aikido.

Patrick Thomas is an information security researcher with Qualys and has spoken at Black Hat USA and DEFCON. He works on automated vulnerability detection tools, malware analysis, pragmatic security, and dabbles in the security implications of public policy and vice versa. He percolates and occasionally dispenses ideas on the above at CoffeeToCode.net.

Mark Townsend's career has spanned two decades in computer networking, during which he has contributed to several patents and standards in information security. He has established himself as an expert related to enterprise networking and security, with a focus on educational environments. He is a contributing member to several information security industry standards associations, most notably the Trusted Computing Group (TCG).

Mr. Townsend's work in the TCG Trusted Network Connect (TNC) working group includes co-authoring the Clientless Endpoint Support Profile. He is currently developing virtualization solutions and driving interoperability testing within the industry around NAC solutions. Prior to his current position, he served in a variety of roles including service and support, marketing, sales management and business development. He is considered an industry expert and is sought after for speaking engagements at universities and industry events, including RSA and Interop.

Mr. Townsend also leverages his background by donating time and resources to educational efforts. Most recently he served his community as a past-chairman of the local school board - a progressive school district consistently ranked in the top school districts of New Hampshire, with the district high school ranked as a "Best High School" by US News & World Report.

Kelly has spent the last 12 years dedicated to security and privacy risk management, engaged by clients to identify security or privacy risks to organizations, and recommend practical, cost-effective, and implementable solutions to mitigate those risks. He has worked as a consultant for both Federal and Provincial Governments, various financial, telco and utilities providers, and served as a Signals Officer with the Canadian Forces. Kelly holds CISSP, CISM, & CPP certifications and has received advanced training taken with the RCMP and CSEC. Kelly is the founder and CEO of WNCS Inc, an independent security & privacy risk management firm. www.wncs.ca

Julia Wolf is the senior security researcher at FireEye's Malware Intelligence Labs where she works on reverse-engineering the latest malware threats and building advanced detection mechanisms. She also does exploit R&D, cryptanalysis, and other low-level bit-twiddling stuff.

Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike also speaks and teaches about information security at NYU/Polytechnic University. Mike brings 11 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.