2010 BASC Speakers

We would like to thank our speakers for donating their time and effort to help make this conference successful and free.

Josh Corman
The 451 Group Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top innovators of IT for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded RuggedSoftware.org – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.

Ming Chow
Tufts University, CS Department Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).

Andrew Gronosky
Raytheon/BBN Technologies Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM.

Joshua "Jabra" Abraham, Will Vandevanter
Rapid7 Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine. Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.

Christien Rioux
SOURCE Conference/Veracode Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology. Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.

Paul Schofield
Imperva With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker. With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions. Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.

Rob Cheyne
Safelight Security Advisors Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems.

John Carmichael
Safelight Security Advisors

Dan Crowley
Core Security Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.

Kenneth Smith
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design.

Zach Lanier
Intrepidus Group Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.

Shakeel Tufail
Fortify Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services. Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security. Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile. Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group. An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.


 * Conference Organizer
 * [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson
 * Program Committee:
 * [mailto:mark.arnold@something.somewhere.com Mark Arnold]
 * [mailto:zach.lanier@something.somewhere.com Zach Lanier]
 * [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson
 * Sponsorship Committee:
 * [mailto:mark.arnold@something.somewhere.com Mark Arnold]
 * Website Editor
 * [mailto:neil.smithline@owasp.org Neil Smithline]