2017 BASC Speakers

Stephen Allor
Secure Code Warrior Steve is the US Director for Secure Code Warrior and heads up Global Sales and Business Development.

Phil Barrows
MEI Security

Pete Chestna
Veracode Pete Chestna is Director of Developer Engagement at Veracode/CA, and he provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec practitioner experience as both a developer and development leader, Pete provides information on best practices amassed from personal experience in addition to working with Veracode’s 1,000+ global customers. He led Veracode’s transformation from Waterfall to Agile to DevOps and from monolith to microservice architecture. He is certified as both a scrum master and product owner. From his experience as both a practitioner and consultant, Pete has spoken internationally at both security and developer conferences on the topics of Application Security (AppSec), Agile and DevOps.

Anirudh Duggal
Northeastern University Anirudh Duggal is a graduate candidate at Northeastern University who works with Philips Healthcare. He works on securing medical devices and consumer products. He has around 5 years of experience in the Information Security domain. He has a keen interest in securing and breaking medical devices and infrastructure and has presented his research around the topic at conferences like Blackhat 2016 (Las Vegas), Hack In The Box (Amsterdam), Positive Hack Days (Moscow), Nullcon (Goa), Hacks in Taiwan (Taipei), CoCon (Kochi), Ground Zero (Delhi). Anirudh also leads the ISSA, Northeastern University chapter as the chapter President and conducts dialogues and training on Cyber security in general. Besides working on healthcare security, he has a keen interest in Sustainability and Music. He is often found biking around Boston looking for inspiration to his new music.

Abhishek Singh
Northeastern University Abhishek Singh is a Master's student for Information Assurance and Cyber Security at the Northeastern University. He has over 3 years of experience in Information Security industry. He is proficient with python, perl, bash programming languages. He has working experience in designing penetration testing and end point security testing labs.

Devin Dwyer
Salesforce Devin Dwyer is a recent graduate of the Computing Security program at Rochester Institute of Technology, and he is currently employed by Salesforce as a Product Security Engineer. Devin is a strong proponent for manual static code analysis and finds joy in performing deep dive code reviews to find issues with authentication logic, data sanitization, and access control. When in need of a confidence boost and a way to kill boredom, he searches for low hanging fruit in Wordpress plugins.

Dave Ferguson
Qualys Dave Ferguson is a Solution Architect and SME with Qualys and has been immersed in all things application security since 2006. After writing code as a developer for over a decade, Dave worked as a consultant pen-testing applications and training other developers on how to build secure apps. Prior to Qualys, he led the global application security program at Sabre Corporation and worked at Veracode. Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Venkatesh Ganapathy
Black Duck Software Venkatesh Ganapathy has around 14 years of software development experience in Java and web technologies. He holds a Bachelor’s Degree in Computer Science and Master’s Degree in Computer Applications from Madurai Kamaraj University, India. Venkatesh is also a Sun Certified Java developer and a proud OWASP member who has attended two OWASP-sponsored developer training sessions in the past. His job title is senior software engineer, and it’s been more than 10 years since he joined Black Duck Software located in Burlington, MA. The primary goal of Black Duck Software is to help organizations establish better security practices and policies to protect against vulnerabilities. Venkatesh was involved in designing many features in Black Duck’s flagship product. About 4 years back he started to look deeply into learning and remediating various security vulnerabilities. Venkatesh’s main responsibility in Black Duck is to certify that all security products are released without any vulnerabilities. He is part of the incident response team, performing security reviews, mitigating operational risks and remediating issues. Venkatesh pro-actively uses different tools and techniques to analyze the applications. This includes performing penetration testing in different layers and remediating any issues that are identified.

Robert Hurlbut
Robert Hurlbut Consulting Services Robert Hurlbut, based in Enfield, CT, is a software security consultant and trainer. Robert is a Microsoft MVP for Developer Technologies and Security and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in software security, software architecture, and software development. He speaks at user groups, national and international conferences, and provides training for many clients. You can follow Robert on his blog at https://roberthurlbut.com/blog and on Twitter at https://twitter.com/roberthurlbut and co-hosting on the Application Security Podcast at https://www.appsecpodcast.org.

Patrick Laverty
Rapid7 Patrick Laverty has been leading the Rhode Island chapter of OWASP since April 2013, and he recently restarted the DefCon401 group in Providence. He works for Rapid7 as a penetration tester with a preference for web applications and teaches Rapid7's Application Assault web pentesting course. He worked at a university building web applications for 12 years, helped out with Rhode Island and Boston Security BSides conferences. Loves cookies. Twitter: @plaverty9

Chris Poulin
 Booz Allen Hamilton Chris Poulin, is Principal/Director in Booz Allen Hamilton’s Strategic Innovations Group, where he leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he led their X-Force research teams and built the first prototype Watson for cybersecurity. Despite his recent roles in large enterprises, he has an entrepreneurial background, having founded, built, and sold a boutique information security consulting firm, FireTower, Inc., and served as the Chief Security Officer for Q1 Labs, a startup in the Security Intelligence space. Chris started his security career in the U.S. Air Force over 30 years ago, where he managed global networks and developed software for the intelligence community.

Joe Rozner
Prevoty Joe Rozner (@jrozner) is a software engineer at Prevoty where he has built semantic analysis tools, language runtimes, generalized solutions to common vulnerability classes, and designed novel integration technology leveraging runtime memory patching. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others.

Chris Smith
Salesforce Chris Smith is a Senior Product Security Engineer at Salesforce where he helps design and build new AppSec tools and processes, ensuring that customers, partners, and internal engineering can meet and exceed best security practices. His goal is to make security accessible and understandable by both the security-minded and the security-unaware.

Vik Solem
MEI Security Vik Solem takes physical and information security seriously, bringing lessons learned from over 30 years experience in IT at such firms as BBN, AtStake, Symantec, and Tufts University. Throughout his career, Vik, a CISSP, has worked passionately on cryptanalysis, forensics, comprehensive risk assessments, vulnerability identification & mitigation, “white hat” penetration testing, security policies, and other aspects of information security in our constantly evolving threatscape. He has presented numerous times on cost-effective security best practices for small and medium sized businesses at client locations and regional conferences. Vik is a contributor to the security related organizations ASIS and Infragard, and organizes the New England Small Business Security Meetup, which meets monthly.

Robert Thau
Smartleaf Robert Thau is currently Chief Architect at Smartleaf, which runs a financial portfolio management system which is used by several major financial institutions to manage portfolios worth over $50 billion. He was also a major contributor to the original Apache Web Server effort (developing the API, among other things), for which he is co-recipient of the ACM System Software Award. He holds a Ph.D. in Computational Neuroscience from MIT.

Roshan Thomas
Northeastern University Roshan Thomas is a student of Northeastern University currently pursuing his Masters in Information Assurance. He is a SANS GIAC Certified Incident Handler with around 5 years of experience in the Information Security industry. He occassionally doubles as a bug bounty hunter and have been acknowledged by IBM, HP and HDFC Bank. He has presented in OWASP BASC 2016 on Android Penetration Testing.

Michael Weissbacher
Northeastern University Michael Weissbacher is a PhD student and Research Assistant at the SecLab of Northeastern University. His research interests are focused on the security of web applications on both client and server side.

April Wright
Verizon Wireline April C. Wright is a Senior Security and Compliance Manager for Verizon Wireline, building SDLC program maturity, implementing eGRC, spearheading threat intelligence, and performing risk reduction with a vengeance via leadership of comprehensive security programs for massive global infrastructures. She is a hacker who has spent the last 25 years as a generalist, breaking, making, fixing, and defending all the things, while playing roles on offensive, defensive, operational, and development teams throughout her career. Specializing in seemingly nothing (except maybe learning about everything in the hope of sharing and employing knowledge), April has collected dozens of certifications to add letters at the end of her name, from Social Engineering to Cloud Security to First Aid to Photography. She once read on the interwebs that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.