2012 BASC Speakers

Michael Anderson
NetSPI Michael Anderson is a security consultant at NetSPI with experience in penetration testing, application security, computer forensics, network architecture, and code reviews. He has presented at DEF CON 18 on cloud-based threats, and is currently engaged in research on threats to mobile infrastructure.

Ray Cote
Appropriate Solutions, Inc.

Josh Corman
Akamai Technologies Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman's research cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting economics. His research and education efforts won him the title of Top Influencer of IT by NetworkWold magazine in 2009. Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded Rugged Software - a value-based initiative to raise awareness and usher in an era of secure digital infrastructure.

John Dickson
Denim Group John Dickson, CISSP, has over 15 years in the information security field including hands-on experience with intrusion detection systems, network security, and software security in the commercial and government sectors. In his current position as a Principal at Denim Group, he helps chief security officers of Fortune 500 clients and federal organizations launch and expand successful software security initiatives. John regularly speaks on the topic of application security at industry venues such as the RSA Security Conference and the Computer Security Institute’s (CSI) conferences.

Ehsan Foroughi
SD Elements Ehsan Foroughi is an application security expert with 8+ years of management and technical experience in security research. He has an extensive development and reverse engineering background. He led the Vulnerability Research Subscription Service for TELUS Security Labs (called Assurent before being acquired by TELUS). Under his management, the Vulnerability Research Service went through being a startup product to a service used by over 80% of the major security vendors. As an entrepreneur, he has also served as the founder and CTO of TELTUB, a successful telecommunication startup. Ehsan holds a M.Sc. from the University of Toronto in Computer Science, a B.Eng. from Sharify University of Technology, as well CISM and CISSP designations. SD Elements is a spin-off of Security Compass.

Rohit Sethi
SD Elements Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security sensitive organizations in financial services, software, ecommerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Secure Development Conference, Shmoocon, CSI National, Sec Tor, Infosecurity, CFI-CIRT, and many others. Mr. Sethi has written articles for InfoQ, Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), has appeared on Fox News Live, and has been quoted as an expert in application security for ITWorldCanada and Computer World. He also created the OWASP Design Patterns Security Analysis project. SD Elements is a spin-off of Security Compass.

Scott Matsumoto
Cigital Scott Matsumoto is a Principal Consultant at Cigital bringing over 20 years of commercial software product development experience to the company. At Cigital, Scott is responsible for the security architecture practice within the company. He consults for many of Cigital’s clients on security architecture topics such as Mobile Application Security, Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. His prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels. Scott is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.

Joey Peloquin
F5

Roy Wattanasin
Roy Wattanasin is a information security professional working in the healthcare industry. He spends most of his time on leading and developing an organization's information security program and working on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also teaches information security at Brandeis University.

Greg Wolford
Fortify Greg Wolford is a Software Security Consultant and Manager for HP Fortify. Prior to working at Fortify, Greg was a Sr. VP and Sr. Director of development for organizations in the Dallas/Fort Worth area and worked as a developer prior to that. Greg uses his knowledge of development and development processes to help organizations bake security into the SDLC.

Matt Wood
Sunera Matt has been active within the security community for the past 10 years as a developer, researcher, and consultant. As a penetration tester with Sunera, Matt has lead social engineering, mobile application, internal/external network and web application penetration assessments with the specific goal of vulnerability identification and active exploitation of identified vulnerabilities. Prior to Sunera, Matt was a senior researcher within HP's Web Security Research Group focusing on the automated detection of vulnerabilities within web technologies. During his tenure with HP, he also led the development of several free tools such as HP's Scrawlr (SQLI) and SWFScan (Flash Static-Analysis). Prior to HP/SPI Dynamics, Inc., Matt performed research on SQL injection and automated debugging within the Information Security program at the Georgia Tech. He has spoken at a variety of security conferences and events such as Black Hat, RSA, Source and OWASP.