Platinum Sponsors (Listed Alphabetically)
Gold Sponsors (Listed Alphabetically)
Silver Sponsors (Listed Alphabetically)
We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting all of our sponsors.
Sponsorships are still available.
We would like to thank our speakers for donating their time and effort to help make this conference successful.
Michael Anderson is a security consultant at NetSPI with experience in penetration testing, application security,
computer forensics, network architecture, and code reviews. He has presented at DefCON 18 on cloud-based
threats, and is currently engaged in research on threats to mobile infrastructure.
Stach & Liu
Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.
Francis has presented his research at leading conferences such as Black Hat USA, DEFCON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.
Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.
John Carmichael is the Director of Product Management at Safelight Security. John is responsible for the product strategy for all training products at Safelight. John has applied his software security expertise to the creation and delivery of security training for some of the world’s largest organizations. His experience is rooted in a background of software development with deep expertise in a myriad of languages and environments. John has developed enterprise-class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned a B.S. degree in Computer Science and Business Administration from the University of Vermont and a M.S. degree in Computer Information System Security from Boston University.
Robert Cohn was the initial developer and project leader for the Pin dynamic instrumentation system. He has 20 years experience in advanced and product development for compilers, post-link optimization, binary translation, instrumentation, and CPU simulation.
Joshua Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top innovators of IT for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded RuggedSoftware.org – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.
Safelight Security Advisors
Rob is the CEO of Safelight Security, a leading provider of both instructor-led and computer-based security training. He is a Boston-based information security expert who has taught information security training classes to over ten thousand students, including developers, architects, and managers for industry-leading organizations. He has 20 years of experience in the information technology field and has been working in information security since 1998. Over the years, he has played the role of software developer, systems integrator, security consultant and trainer. Rob was a co-founder of @stake, a highly regarded pioneer in information security consulting. In this role, he led and conducted secure architecture and design reviews, secure code reviews, application penetration tests, security assessments, and training for numerous Fortune 500 companies. Rob worked on @stake's SmartRisk Analyzer team, building software that automatically scans applications for vulnerabilities, and he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool. @stake was acquired by Symantec Corporation in October 2004.
Rob regularly speaks at security conferences, and frequently presents to the Boston OWASP chapter on a variety of security topics. His specialties are application security architecture and information security training.
Lecturer at Tufts University Department of Computer Science
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).
Jack Daniel is old, and has a Unix Beard, so people mistakenly assume he knows stuff. He still makes no attempt to correct this gross misunderstanding. Jack has proven himself to be an inciteful moderator on compliance topics. He has many years of network and systems administration experience, and a bunch of letters after his name. Jack lives and breathes network security as Product Manager for Tenable.
The Intrepidus Group
Zach Lanier is a Principal Consultant with the Intrepidus Group, specializing in network, mobile, and web application penetration testing. Prior to joining Intrepidus, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach likes Android, vegan food, and cats (but not as food).
HaoQi Li is a CS student at MIT. She interned on the Infrastructure Security Team at Mozilla this summer
and created MozSecWorld under the mentorship of Michael Coates, an OWASP member.
Anirudh Ramachandran serves as Chief Technology Officer of Nouvou.
Christien Rioux, co-founder and chief scientist of Veracode, is
responsible for the technical vision and design of Veracode’s advanced
security technology. Working with the engineering team, his primary
role is the design of new algorithms and security analysis techniques.
Before founding Veracode, Mr. Rioux founded @stake, a security
consultancy, as well as L0pht Heavy Industries, a renowned security
think tank. Mr. Rioux was a research scientist at @stake, where he was
responsible for developing new software analysis techniques and for
applying cutting edge research to solve difficult security problems.
He also led and managed the development for a new enterprise security
product in 2000 known as the SmartRisk Analyzer (SRA), a binary
analysis tool and its patented algorithms, and has been responsible
for its growth and development for the past five years
Roy Wattanasin is a information security professional working in the healthcare industry. He spends
most of his time on leading and developing an organization's information security program and working
on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also
teaches information security at Brandeis University.
Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the
advanced security team focused on penetration testing, incident response, and application security. He has
over 9 years experience building, testing, and securing software in a variety of industries. Andrew specializes
in application security assessment, penetration testing, and secure development life cycle. Andrew is an
active speaker in the developer and security communities. Andrew is recognized as a Microsoft MVP in
You can find out more about this conference at the BASC homepage: http://www.owasp.org/index.php/2011_BASC_Homepage.
Conference Organizer: Jim Weiler