Difference between revisions of "2012 BASC Speakers"

From OWASP
Jump to: navigation, search
 
(19 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
threats, and is currently engaged in research on threats to mobile infrastructure.
 
threats, and is currently engaged in research on threats to mobile infrastructure.
  
=== Ray Cote ===
+
=== Rob Cheyne ===
 +
'''Safelight Security Advisors'''<br/>
 +
Rob Cheyne is the founder and CEO of Safelight Security, a leading provider of information security education programs.  He has taught information security training classes to tens of thousands of students, including developers, architects, and managers for industry-leading organizations.  He has over 20 years of experience in the information technology field and has been working in information security since 1998.
  
 +
Rob was also an early employee @stake, a highly regarded pioneer in information security consulting.  In addition to security consulting for Fortune 500 customers, he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he worked on the code scanning technology that was eventually spun off as Veracode.
  
=== John Dickson ===
+
Rob is on the advisory board for the Source security conference and regularly speaks at security conferences on a variety of security topics.
'''Denim Group'''<br/>
+
John Dickson, CISSP, has over 15 years in the information security field including hands-on experience with intrusion detection systems, network security, and software security in the commercial and government sectors. In his current position as a Principal at Denim Group, he helps chief security officers of Fortune 500 clients and federal organizations launch and expand successful software security initiatives. John regularly speaks on the topic of application security at industry venues such as the RSA Security Conference and the Computer Security Institute’s (CSI) conferences.
+
  
=== Rohit Sethi and Ehsan Foroughi ===
+
=== Ming Chow ===
 +
'''Tufts University'''<br/>
 +
Ming Chow is a Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering, web security, and game development. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), the Massachusetts Office of the Attorney General (AGO), John Hancock, OWASP, InfoSec World (2011 and 2012), DEF CON 19 (2011), the Design Automation Conference (2011), and Intel.
 +
 
 +
=== Josh Corman ===
 +
'''Akamai Technologies'''<br/>
 +
Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman's research cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting economics. His research and education efforts won him the title of [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html Top Influencer of IT] by NetworkWold magazine in 2009.  Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded [http://www.ruggedsoftware.org/ Rugged Software] - a value-based initiative to raise awareness and usher in an era of secure digital infrastructure.
 +
 
 +
=== Ehsan Foroughi ===
 
'''SD Elements'''<br/>
 
'''SD Elements'''<br/>
 +
Ehsan Foroughi is an application security expert with 8+ years of management and technical experience in security research. He has an extensive development and reverse engineering background. He led the Vulnerability Research Subscription Service for TELUS Security Labs (called Assurent before being acquired by TELUS). Under his management, the Vulnerability Research Service went through being a startup product to a service used by over 80% of the major security vendors. As an entrepreneur, he has also served as the founder and CTO of TELTUB, a successful telecommunication startup. Ehsan holds a M.Sc. from the University of Toronto in Computer Science, a B.Eng. from Sharify University of Technology, as well CISM and CISSP designations. SD Elements is a spin-off of Security Compass.
  
=== John Steven, Chandu Ketkar, and Scott Matsumoto ===
+
=== Jim Manico ===
 +
'''White Hat Security'''<br/>
 +
Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is part of the WhiteHat Static Analysis Software Testing (SAST) team, leading the data-driven, Web service portion of the SAST service. He also provides secure coding and developer awareness training for WhiteHat using his 7+ years of experience delivering developer-training courses for SANS, Aspect Security and others.
 +
 
 +
=== Brian Mather ===
 +
'''Denim Group'''<br/>
 +
Brian Mather has worked in the information services industry for over 13 years. At Denim Group, he has managed numerous enterprise application security and secure software development projects, and is currently managing Denim Group’s open-source application vulnerability management system, ThreadFix.  Brian has served as the managing partner and owner of an information technology services firm for 10 years, and is uniquely skilled at helping businesses meet their technology needs.
 +
 
 +
=== Scott Matsumoto ===
 
'''Cigital'''<br/>
 
'''Cigital'''<br/>
 +
Scott Matsumoto is a Principal Consultant at Cigital bringing over 20 years of commercial software product development experience to the company. At Cigital, Scott is responsible for the security architecture practice within the company. He consults for many of Cigital’s clients on security architecture topics such as Mobile Application Security, Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. His prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels.
 +
 +
Scott is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.
 +
 +
=== Joey Peloquin ===
 +
'''F5'''<br/>
 +
 +
=== Rohit Sethi ===
 +
'''SD Elements'''<br/>
 +
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security sensitive organizations in financial services, software, ecommerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Secure Development Conference, Shmoocon, CSI National, Sec Tor, Infosecurity, CFI-CIRT, and many others. Mr. Sethi has written articles for InfoQ, Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), has appeared on Fox News Live, and has been quoted as an expert in application security for ITWorldCanada and Computer World. He also created the OWASP Design Patterns Security Analysis project. SD Elements is a spin-off of Security Compass.
 +
 +
=== Roy Wattanasin ===
 +
Roy Wattanasin is a information security professional working in the healthcare industry. He spends
 +
most of his time on leading and developing an organization's information security program and working
 +
on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also
 +
teaches information security at Brandeis University.
 +
 +
=== Greg Wolford ===
 +
'''Fortify'''<br/>
 +
Greg Wolford is a Software Security Consultant and Manager for HP Fortify. Prior to working at Fortify, Greg was a Sr. VP and Sr. Director of development for organizations in the Dallas/Fort Worth area and worked as a developer prior to that. Greg uses his knowledge of development and development processes to help organizations bake security into the SDLC.
 +
 +
=== Matt Wood ===
 +
'''Sunera'''<br/>
 +
Matt has been active within the security community for the past 10
 +
years as a developer, researcher, and consultant. As a penetration
 +
tester with Sunera, Matt has lead social engineering, mobile
 +
application, internal/external network and web application penetration
 +
assessments with the specific goal of vulnerability identification and
 +
active exploitation of identified vulnerabilities. Prior to Sunera,
 +
Matt was a senior researcher within HP's Web Security Research Group
 +
focusing on the automated detection of vulnerabilities within web
 +
technologies. During his tenure with HP, he also led the development
 +
of several free tools such as HP's Scrawlr (SQLI) and SWFScan (Flash
 +
Static-Analysis). Prior to HP/SPI Dynamics, Inc., Matt performed
 +
research on SQL injection and automated debugging within the
 +
Information Security program at the Georgia Tech. He has spoken at a
 +
variety of security conferences and events such as Black Hat, RSA,
 +
Source and OWASP.
  
=== Jim Weiler ===
 
  
 
{{2012_BASC:Footer_Template | Speakers}}
 
{{2012_BASC:Footer_Template | Speakers}}

Latest revision as of 15:19, 10 October 2012

2012 BASC: Home Agenda Presentations Speakers

Contents

Sponsorships Available

Platinum Sponsors (Listed Alphabetically)
Silver Sponsors (Listed Alphabetically)

Akamai




Imperva




Rapid7

Cigital

Denim Group

GlobalSign

NetSPI

Praetorian

Security Management Partners

We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting all of our sponsors.
Sponsorships are still available.

Speakers/Panelists

Michael Anderson

NetSPI
Michael Anderson is a security consultant at NetSPI with experience in penetration testing, application security, computer forensics, network architecture, and code reviews. He has presented at DEF CON 18 on cloud-based threats, and is currently engaged in research on threats to mobile infrastructure.

Rob Cheyne

Safelight Security Advisors
Rob Cheyne is the founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of students, including developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998.

Rob was also an early employee @stake, a highly regarded pioneer in information security consulting. In addition to security consulting for Fortune 500 customers, he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he worked on the code scanning technology that was eventually spun off as Veracode.

Rob is on the advisory board for the Source security conference and regularly speaks at security conferences on a variety of security topics.

Ming Chow

Tufts University
Ming Chow is a Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering, web security, and game development. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), the Massachusetts Office of the Attorney General (AGO), John Hancock, OWASP, InfoSec World (2011 and 2012), DEF CON 19 (2011), the Design Automation Conference (2011), and Intel.

Josh Corman

Akamai Technologies
Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman's research cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting economics. His research and education efforts won him the title of Top Influencer of IT by NetworkWold magazine in 2009. Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded Rugged Software - a value-based initiative to raise awareness and usher in an era of secure digital infrastructure.

Ehsan Foroughi

SD Elements
Ehsan Foroughi is an application security expert with 8+ years of management and technical experience in security research. He has an extensive development and reverse engineering background. He led the Vulnerability Research Subscription Service for TELUS Security Labs (called Assurent before being acquired by TELUS). Under his management, the Vulnerability Research Service went through being a startup product to a service used by over 80% of the major security vendors. As an entrepreneur, he has also served as the founder and CTO of TELTUB, a successful telecommunication startup. Ehsan holds a M.Sc. from the University of Toronto in Computer Science, a B.Eng. from Sharify University of Technology, as well CISM and CISSP designations. SD Elements is a spin-off of Security Compass.

Jim Manico

White Hat Security
Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is part of the WhiteHat Static Analysis Software Testing (SAST) team, leading the data-driven, Web service portion of the SAST service. He also provides secure coding and developer awareness training for WhiteHat using his 7+ years of experience delivering developer-training courses for SANS, Aspect Security and others.

Brian Mather

Denim Group
Brian Mather has worked in the information services industry for over 13 years. At Denim Group, he has managed numerous enterprise application security and secure software development projects, and is currently managing Denim Group’s open-source application vulnerability management system, ThreadFix. Brian has served as the managing partner and owner of an information technology services firm for 10 years, and is uniquely skilled at helping businesses meet their technology needs.

Scott Matsumoto

Cigital
Scott Matsumoto is a Principal Consultant at Cigital bringing over 20 years of commercial software product development experience to the company. At Cigital, Scott is responsible for the security architecture practice within the company. He consults for many of Cigital’s clients on security architecture topics such as Mobile Application Security, Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. His prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels.

Scott is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.

Joey Peloquin

F5

Rohit Sethi

SD Elements
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security sensitive organizations in financial services, software, ecommerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Secure Development Conference, Shmoocon, CSI National, Sec Tor, Infosecurity, CFI-CIRT, and many others. Mr. Sethi has written articles for InfoQ, Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), has appeared on Fox News Live, and has been quoted as an expert in application security for ITWorldCanada and Computer World. He also created the OWASP Design Patterns Security Analysis project. SD Elements is a spin-off of Security Compass.

Roy Wattanasin

Roy Wattanasin is a information security professional working in the healthcare industry. He spends most of his time on leading and developing an organization's information security program and working on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also teaches information security at Brandeis University.

Greg Wolford

Fortify
Greg Wolford is a Software Security Consultant and Manager for HP Fortify. Prior to working at Fortify, Greg was a Sr. VP and Sr. Director of development for organizations in the Dallas/Fort Worth area and worked as a developer prior to that. Greg uses his knowledge of development and development processes to help organizations bake security into the SDLC.

Matt Wood

Sunera
Matt has been active within the security community for the past 10 years as a developer, researcher, and consultant. As a penetration tester with Sunera, Matt has lead social engineering, mobile application, internal/external network and web application penetration assessments with the specific goal of vulnerability identification and active exploitation of identified vulnerabilities. Prior to Sunera, Matt was a senior researcher within HP's Web Security Research Group focusing on the automated detection of vulnerabilities within web technologies. During his tenure with HP, he also led the development of several free tools such as HP's Scrawlr (SQLI) and SWFScan (Flash Static-Analysis). Prior to HP/SPI Dynamics, Inc., Matt performed research on SQL injection and automated debugging within the Information Security program at the Georgia Tech. He has spoken at a variety of security conferences and events such as Black Hat, RSA, Source and OWASP.


You can find out more about this conference at basc2012.org
Conference Organizer: Jim Weiler