 |
 |
 |
 |
John Abella (CISSP, GCIH) is the Head of Global Security and Infrastructure for Retail Decisions. His work encompasses all aspects of network and information security, specifically focusing on real-time, high availability systems and services. He has over 10 years of experience in IT with a recent focus on security auditing, policy development, and incident handling. John was interviewed as part of the SANS "What Works" series of webcasts, and has participated as a SANS Mentor at Rutgers University. John has given a number of talks on Regulatory Compliance, Enterprise Defense, PCI Auditing and Compliance, and is also a member of the New Jersey Infragard.
|
|
 |
Rick Aldrich is the Senior Computer Network Operations Policy Analyst for the Information Assurance Technology Analysis Center and an Associate for Booz Allen Hamilton. Prior to these positions he served as the Deputy Staff Judge Advocate for the Air Force Office of Special Investigations, specializing in the cybercrime and information operations portfolios. He has been awarded several grants by the Institute for National Security Studies to study the legal and policy implications of cybercrime and information warfare. He has multiple publications in this field, including most recently, a chapter on information warfare in a national textbook on National Security Law. He was a co-author of DoD’s award-winning CyberLaw 1 computer-based training product and the recently released CyberLaw 2 product. He has presented at several national and international conferences including the High Technology Crime Investigation Association’s International Conference and Expo, IANetSec, Infowarcon, SANSFIRE Boston, FiestaCrow, and a conference on Arms Control in Cyberspace held in Berlin. He has also been an invited speaker at each of the service's Judge Advocate General's Schools, the National Defense University, and the DoD Cyber Crime Conference and was a participant in both the U.S. Attorney General’s Cybercrime Summit and the Hoover Institution's National Security Forum on International Cooperation to Combat Cyber Crime and Terrorism. He participated in an international forum on computer network defense in Canberra, Australia and one on law and computer forensics in Koblenz, Germany. He has a Bachelor of Science degree in Computer Science from the US Air Force Academy, a Juris Doctor from UCLA, and a Masters of Law in Intellectual Property Law from the University of Houston. He is also a CISSP.
|
|
 |
Rebecca Bace is a true intrusion detection expert. She spent 12 years at the National Security Agency, where she led the Computer Misuse and Anomaly Detection (CMAD) Research program from 1989 through 1995. In this role, she instigated and championed funding for much of the early research in intrusion detection and related technology, helping build the academic research programs in intrusion detection at the University of California, Davis and Purdue University.
Rebecca is also a noted author on topics in intrusion detection and network security, with credits including the book Intrusion Detection (Macmillan Technical Publishing, 1999), the Special Publication on intrusion detection (SP 800-31) for NIST, and the chapter on intrusion detection and vulnerability assessment for the fourth edition of the Computer Security Handbook (Wiley, 2001.) To critical acclaim, she recently co-authored: A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness (Addison Wesley Professional, 2003)
|
|
 |
Erik Pace Birkholz (CISSP, ISSAP, MCSE) is a Senior Product Security Advisor for Dell Inc. Before his role at Dell, he founded Special Ops Security and was a charter member of Foundstone, the pre-eminent leader in security consulting and training, until its acquisition by McAfee, Inc. in October 2004. Prior to Foundstone, he worked for ISS, Ernst & Young, KPMG and NCSA. He is the author of the best-selling book, SPECIAL OPS: Host and Network Security for Microsoft, UNIX and Oracle, and a contributing author of five international best-selling books for Osborne/McGraw-Hill including SQL Server Security, Hacking Windows 2000 Exposed and Hacking Exposed: Network Security Secrets and Solutions.
|
|
 |
Chris Blask has more than 15 years of experience in engineering and marketing information technologies. Chris has been involved in almost every aspect of the infosec business at several successful startups and Cisco Systems. A member of the four-person Founding Team behind Protego Networks, Chris filled VP Marketing, Sales and Business Development roles. While at BorderWare as VP Marketing and BD, he successfully realigned the existing mail security software as the MXtreme Mail Firewall appliance and established partnerships with Cisco and Sun as well as arranging OEMs with anti-virus and anti-spam vendors. While at Cisco Systems as Firewall Product Line Manager, Chris led the PIX Firewall team from a planned end-of-life to a muti-billion dollar position of global leadership . Chris conceived the BorderWare Firewall Server - one of the first commercial firewall products - and provided product management, channel development and marketing to the effort.
|
|
 |
In the world of High-Tech, High-Value information, Tom Bowers, CISSP, PMP takes the old proverb, “Keep Your Friends Close, Your Enemies Closer” to heart. As a Certified Ethical Hacker, Tom is a well known expert in the area of data leakage prevention, global enterprise information, security architecture and ethical hacking.
With over 20 years of experience in the field of computer technology and information systems Bowers has served as the chief architect for information security structures and protections in numerous industries. He brings a real world, pragmatic approach to the business of security based upon his Fortune 100 enterprise experience in both the IT and Global Security functions. Bowers leads the independent think tank and industry analyst group Security Constructs, LLC. His areas of expertise include aligning business needs with security architecture, risk assessment and project management on a global scale.
As president of the Philadelphia chapter of Infragard, a non-profit organization consisting of members of the FBI and physical/cyber security professionals from private industry, Bowers leads the second largest chapter in the county of over 600 members. Bowers works closely with law enforcement agencies including the FBI on issues of computer forensics and investigations of security breaches, theft and fraud. Bowers shares his depth of knowledge with the computer and information technology and security field as the technical Editor of Information Security Magazine and SearchSecurity.com.. His most recent contributions to Information Security magazine include a cost-benefit analysis of various strong authentication mechanisms and numerous product reviews. He is the author of several white papers, articles and is a highly respected speaker at conferences and webinars and he has recently been featured in ComputerWorld, NetworkWorld, SearchSecurity.com, Information Security Magazine and The Wall Street Journal.
|
|
 |
Agnes Bundy Scanlan, a counsel in Goodwin Procter's Business Law Department and a member of its Financial Services Practice, focuses her practice on advising clients on a broad range of compliance management, privacy and Community Reinvestment Act (CRA) issues. Agnes has extensive experience with various regulatory compliance issues, as well as privacy compliance issues. She has been responsible for the creation, development and execution of numerous compliance programs for some of the country's largest financial institutions. In April 2004, she was profiled by CBS Boston affiliate WBZ as one of “Boston's Power Women.”
|
|
 |
Erin Buxton is the data and information management Architect and Strategist for Halliburton IT. In 2004, she was responsible for Sarbanes-Oxley compliance strategies, leadership, coordination, and sign-off. Prior to joining Halliburton, Erin was a Solutions Manager, developing the strategy for a managed security services portfolio for Schlumberger. She also served as a security consultant responsible for risk assessments, intrusion detection systems, public key infrastructures, and compliance. Erin has over 9 years experience in IT and several professional certifications. In addition, she serves as the publicity chair for the Grace Hopper Celebration Conference.
|
|
 |
Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The Institute for Applied Network Security. Dr. Cole has a wealth of knowledge from industry, academia, and government and has assisted with many key projects. He is an advisor to Cyberwatch and Purdue University CERIAS. Dr. Cole is a Lockheed Martin Fellow and a frequently invited speaker at a variety of conferences and security events.
|
|
 |
Joshua Corman serves as the host protection architect for IBM Internet Security Systems. With more than ten years of experience in security and networking software development, Corman is responsible for the technical vision and direction of host protection solutions and is regarded as the expert on technical subject matter for the host protection problem domain. He is currently leading an industry charge to evolve defenses against the latest generations and innovations of malicious code. Corman is also charged with strategy for Data Security and End-Point Admission Control solutions. Corman was product manager at vCIS Technology, Inc. when IBM Internet Security Systems acquired the company in 2002 for its preemptive behavioral inspection technology. Before joining vCIS, Corman worked with the SPECTRUM network management platform for Cabletron Systems. He served as software quality assurance (QA) manager and as a design specialist for Computer-Human Interactions. Corman has spoken and at leading industry events, including Interop New York. Corman received a bachelor's degree in philosophy, Phi Beta Kappa, Summa Cum Laude, from the University of New Hampshire.
|
|
 |
Brandon Dunlap has over 13 years of experience managing business technology risk for both large and small organizations. Most recently, Brandon was a Senior Project Manager at a large security products company. Formerly he led the Information Protection Unit of a Fortune 200 energy company. He currently serves as Managing Director of Research and President of a technology risk management consulting firm. In the variety of roles he has served in across heavily regulated industries, Brandon has successfully led all aspects of IT Security Programs: policies and procedures, oversight and controls, strategy, architecture development, and training.
|
|
 |
G. Mark Hardy has been providing information security expertise to government, military, and commercial clients for over 25 years. A long-standing industry veteran, he is a perennial speaker at major industry trade shows. As president of National Security Corporation, he directs the efforts of the information security consulting firm he founded in 1988.
Mr. Hardy's professional background includes information security planning and policy development, managing security assessment and penetration teams, data encryption and authentication (including “breaking” commercial cryptographic algorithms), software development and strategic planning for e-commerce, and writing commercial risk assessment software. He has developed information security plans for four U.S. Military commands, and wrote the communications security encryption requirements for an experimental military satellite program.
Mr. Hardy is the author of over 100 presentations and articles on information security. He serves on the Advisory Board of CyberWATCH, a National Science Foundation funded consortium of universities, government agencies, and businesses. Over the last ten years, Mr. Hardy has served as a principal spokesman for four information security companies: National Security Corporation, Symantec (AXENT Technologies), Secure Computing Corporation, and Verisign (Guardent). He is a Captain in the United States Navy Reserve, and is the Commanding Officer of United States Pacific Command det 216, his eighth command tour.
|
|
 |
Allen Harper is an active duty officer in the US Marine Corps on Temporary Assigned Duty (TAD) as a Security Engineer for the Defense Information Systems Agency (DISA). He has 17 years of IT experience and 10 years of information security experience with the Marine Corps. Allen has also taught penetration testing for the Navy and has worked in his spare time as a Security Analyst for the IRS. He has a BS in Computer Engineering from North Carolina State and an MS in Computer Science from the Naval Post Graduate School. He is a co-author of Gray Hat: the Ethical Hackers Handbook (McGraw-Hill Osborne Media, November 2004).
|
|
 |
Matthew Keogler serves as Senior Security and Network Engineer for AutoTrader.com. His primary responsibility is to manage security however, Matt has also led the team that built the company's network and continues to provide help with the system architecture for AutoTrader.com. He has over 10 years experience in information technology, with a focus on perimeter defense, wireless defense, intrusion detection, application assessments, database assessments and proactive security practices. He’s been nominated for several Information Security awards, has conducted a SANS What Works webinar, and has been a SANS mentor since 2001.
|
|
 |
Peter Kuper is the Vice President, Senior Research Analyst at Morgan Stanley where he established their platform in the security and content management technologies. In his role as a leading analyst, Peter maintains relationships with significant research labs which include the US Government’s PNNL, software entrepreneurs and management teams to provide them with unparalleled access to his research and findings. Most recently he was a director and equity analyst at SG Cowen & Company, where he covered the software sector with a particular focus on security. He has also been an equity analyst and vice president at FAC/Equities and a research analyst at Keefe, Bruyette & Woods. His background includes experience in mergers and acquisitions, asset management and venture capital. Peter is also a faculty member of the Institute for Applied Network Security. In addition, Peter has been Keynote speaker at numerous events like the Micromuse European Users Conference and regularly gives presentations to numerous venture capital firms and government agencies including the Pentagon. Peter has frequently appeared on business television programs including CNBC and has been quoted in numerous publications most notably The Wall Street Journal, Financial Times, Reuters and Bloomberg News.
|
|
 |
Tony McBride manages perimeter and infrastructure security operations at The Principal Financial Group. He has developed and implemented the event driven risk management program, intrusion detection program, security information management system and a network vulnerability assessment suite. Tony is also involved with security architecture and strategy, incident response, policy and standards development, compliance testing, and risk assessments. Previous experience includes 15+ years of application and systems engineering, and security services for image exploitation and mission planning systems with the Joint Forces Intelligence Command, National Geospatial-Intelligence Agency, and the Office of Naval Intelligence. He has a BS in Computer Information Systems, is a CISSP and CCNA and a member of the IEEE.
|
|
 |
Betsy is a serial entrepreneur who has applied mathematics to develop solutions in satellite mission optimization, industrial process control, war gaming, economic modeling, enterprise systems and network management, and most recently security metrics. Prior to starting PlexLogic, Betsy founded two other software companies in the role of CTO and VP Engineering. The first company, Digital Analysis Corporation (DAC) implemented network and systems management software. DAC was acquired by Legent Corporation. When Computer Associates acquired Legent, Betsy became one of two principal architects for Unicenter TNG. The DAC technology became the real-time agent infrastructure for Unicenter. In the time Betsy was at CA, Unicenter revenues grew from $50M to over $3B. The second company, ClearPoint Metrics, was the first company dedicated to implementing software products for security metrics. Betsy is an author of five textbooks on Microprocessor Programming and Interfacing as well as numerous articles in both the trade press and academic journals. Most recently she was co-chair of the Metricon 2.0 Workshop and contributed to Andrew Jaquith's book "Security Metrics -- Replacing Fear, Uncertainty, and Doubt".
|
|
 |
Steven Noel serves as the Security Compliance Manager for Constellation Energy Group; a Fortune 200 energy company headquartered in Baltimore, Maryland. His primary responsibility is to manage Constellation’s compliance efforts in a heavily regulated industry. He has over 8 years experience in Information Security. His background includes security consulting, SCADA system security, and PKI. Steve and his team manage all aspects of Constellation’s Information Security Compliance program including policy, audit coordination, oversight of controls, and compliance strategy.
|
|
 |
Angela Orebaugh is an information security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on information assurance strategy, management, and technologies. As a Senior Associate at Booz Allen Hamilton, Ms. Orebaugh leads several security initiatives with the National Institute of Standards and Technology (NIST) including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP), and secure eVoting.
Ms. Orebaugh is an adjunct professor at George Mason University where she performs research and teaching in intrusion detection and forensics. Her research includes peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profiling, user behavior analysis, and network forensics.
Ms. Orebaugh is the author of the Syngress best seller's Nmap in the Enterprise, Wireshark and Ethereal Network Protocol Analyzer Toolkit, and Ethereal Packet Sniffing. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. She is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and the Institute for Applied Network Security.
Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security.
|
|
 |
Ray Potter is the Managing Director of Apex Assurance Group and is responsible for the operations and delivery of the firm’s information security/assurance consulting and program management services. He is the former Manager of the Security Assurance Program at Cisco Systems, where he was responsible for the direction and strategy of Cisco's global security certification and assurance initiatives. Prior to working at Cisco Systems, Ray was consultant with a global management consulting firm, assisting Fortune 500 companies and government agencies implement IT solutions and process improvement initiatives. His current areas of focus include software development assurance, security operations management, and facilitation of public policy and end-user education.
|
|
 |
Marcus J. Ranum is the principal author of several major Internet security products, including firewalls, VPNs, and intrusion detection systems. As a consultant to FORTUNE 500 firms, national governments, and start-ups, Marcus has been consistently recognized as one of computer security's innovators and creative thinkers. Between 1989 and today, he has held every position that is possible within a high-tech business - from junior system administrator and software engineer to CEO, CTO, and marketing director. Marcus currently acts as CSO of Tenable Network Security, Inc.
|
|
 |
Dr. Ron Ritchey is a leading technologist specializing in information assurance (IA) with over 20 years experience working within the IT industry. He is an active researcher in the IA field and is widely published on network security topics including co-authoring the well regarded Inside Network Perimeter Security book. He has authored courses on computer security that have been taught across the country and is a faculty member of the SANS Institute, the Institute for Applied Network Security, and George Mason University (GMU). Ron holds masters and bachelors degrees in computer science from GMU and recently finished his Ph.D. in Information Technology at their School of Information Technology and Engineering. Ron is a Principal at Booz Allen Hamilton where he leads a team dedicated to the development and maintenance of state-of-the-art information assurance capabilities. His focus is on the identification and elimination of the root causes of information assurance weaknesses.
|
|
 |
Randy V. Sabett, J.D., CISSP, is a partner at Sonnenschein Nath & Rosenthal LLP. Randy is part of the Information Security
& Internet Enforcement and the Intellectual Property & Technology groups at the firm. His practice focuses on information security, privacy, IT licensing, and patent prosecution with emphasis on such issues as information security law, privacy, Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, state and federal information security laws, operating policies, identity theft, and security breaches. As co-chair of the Information Security Committee of the Section of Science and Technology of the American Bar Association, he served as editor for the book “Information Security: A Legal, Business, and Technical Handbook” (2004) and the Digital Signature Guidelines (1996), and was a Co-Rapporteur for the PKI Assessment Guidelines (PAG) (2003). Randy also a co-author of RFC 3647 (Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework) (2003) and has authored several other articles and publications. Admitted to practice before the USPTO, he is a member
of the Maryland, Virginia, and D.C. bars, holds a B.S. in Computer Engineering from Syracuse University and a J.D. from the University of Baltimore.
|
|
 |
Holly Lynne M. Schmidt is a Systems Security Certified Practitioner (SSCP) and has earned the Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC). Concentrating on software and system assurance, her client projects have ranged from technical research and guidance development to Web and database programming. Ms. Schmidt is a member of the Computer Security Institute, and has attended conferences and presented seminars on software security, including the Institute for Applied Network Security Mid-Atlantic Forum and the Annual Computer Security Applications Conference. She holds a MS degree in Information Technology Systems with an Information Security concentration from The Johns Hopkins University and a BS degree in Business Information Technology with an E-Business concentration from Virginia Tech.
|
|
 |
Nick Selby leads The 451 Group's Enterprise Security Practice (ESP), which provides objective analysis of enterprise security businesses and trends. Nick also serves as the 451's Director of Research Operations, leading the coordination of 451 analysts' research methodologies and processes.
In addition to his work on IANS faculty, and he speaks regularly at industry events, such as the RSA Conference, Security Standard, CSO Interchange, SANS WhatWorks and other conferences. Prior to joining The 451 Group in October, 2005, Nick worked as an IT security consultant to small and midsized firms subject to regulatory compliance and strict confidentiality.
Based in Eastern Europe and Europe from 1990 to 2004, Nick spent a decade covering various emerging technologies, including open source and wireless technologies, and software piracy. He was Editor at Large for Amsterdam-based Tornado Insider/Tornado Investor, and has reported on technology and tech-based financial news for the International Herald Tribune.
An instrument-rated pilot, Nick published an online pilot resource, Flyguides, from 2001-2005. Nick is also an avid Linux hacker and member of the Capital District Linux Users Group, and a PHP/MySQL enthusiast.
|
|
 |
Glen started his career of security operations in the literal trenches, as a Marine infantry officer and then transitioned this mind-set to information systems operations. His career since has spanned the founding of an advanced intrusion and deception lab at a DoD Research Center and leading the Marine Corps global monitoring and emergency response team, to being a lead investigator of a 9 billion dollar (+) DoD IT out-sourcing program and having over-arching responsibilities for all defensive network operations, budgeting and acquisition (~$10M), for a global and mobile DoD enterprise. Most recently, Glen is the VP of Field Operations/co-founder of Secure Cognition, Inc., delivering an NSA patented, 3D graphical representation of network transactions that has proven to patternlessly identify and make actionable, both network insecurities and inefficiencies. Glen is a graduate of the U.S. Naval Academy and the Naval Postgraduate School (MS ITM), an invited speaker at the Pentagon Security Forum and been on the faculty of SANS and IANS, for years.
|
|
 |
Aaron Turner is the Relationship Manager for the Idaho National Laboratory (INL) Technology Transfer and Commercialization Division. In his role, Aaron works with laboratory researchers, government program leaders and technology companies to identify cutting-edge lab research that can be integrated into commercially-viable products and services. Aaron also manages an intellectual property portfolio that focuses on information security technologies for the critical infrastructure, mobile computing and wireless communications markets. Aaron joined INL in 2006 as the Cybersecurity Strategist for the National & Homeland Security division and applied his experience in information security to collaborate with control systems experts, energy management engineers and homeland security/law enforcement officials to develop solutions to the cyber threats that our critical infrastructure is currently facing. Before joining INL, Aaron worked in several of Microsoft's security divisions for seven years - including as a Senior Security STrategist within the Security Technology Unit as well as the Security Readiness Manager for Microsoft's Sales, Marketing and Services Group where he led the development of Microsoft's information security curriculum for over 22,000 of Microsoft's field staff. Aaron has been an information security practitioner since 1994, designing security solutions and responding to incidents in more than 25 countries around the world.
|
|
 |
Jeff Waldron, CISSP, ISSAP, SCSA is the Chief Security Engineer for the Information Assurance (IA) division at ARTEL Inc. He has over 14 years of IT experience - with over 10 of those years IT Security specific. Jeff has supported Commercial, State, Federal and DoD IT security environments. Jeff also has extensive experience with requirements gathering, evaluation test planning, evaluation execution, deployment and life cycle management for various IA technologies. Jeff has presented at BlackHat 04 and for the Institute on the DITSCAP process (C&A within the Federal Government).
|
|
 |
Vern Williams is an Enterprise Consultant with SAIC and a Ph.D. candidate in Information Assurance at the University of Fairfax. He brings a varied background to the security practice. After 20 years as an officer with the US Nuclear Submarine Force, during which time he obtained a Masters in Information Systems, Vern moved to Austin and worked in the commercial IT services arena. 8 years ago, he became involved in computer security while on contract to the Texas Department of Public Safety and since then has been focused on securing information in increasingly complex environments. He has significant experience applying security to the wireless arena including researching, installing and auditing wireless solutions.
|
|
 |
Mr. Windsor leads Booz Allen Hamilton’s incident response and digital forensics team, which supports the Department of Defense, federal government, intelligence community, and major defense industry and financial organizations. Windsor’s primary focus is managing foreign and large-scale intrusion investigations, developing forensic analysis software that addresses our adversary's extensive use of anti-forensics techniques, providing threat analysis for a variety of defense and intelligence organizations, and conducting forensic analysis in support of counterintelligence and counterterrorism missions. Mr. Windsor previously managed the forensics training at the Department of Defense Cyber Investigations Training Academy, where he led a team of instructors that developed and delivered incident response and digital forensics training to members of the federal law enforcement and intelligence communities. Mr. Windsor is currently is an adjunct professor at a university in Baltimore, MD, where he develops and teaches incident response and digital forensics courses at the graduate level.
|
| |
|
|
|
|