Front Range OWASP Conference 2013/Speakers
| Joe Brady is a Senior Solutions Architect at Veracode with over 25 years of experience in software application development, IT risk management, and security. He works consultatively with customers and prospects to help them evaluate a Veracode solution for managing their application security risk.
His professional experience includes advising customers on end point data encryption solutions at Credant Technology (now Dell); IT risk and portfolio management at Prosight (now Oracle); and, UNIX symmetric multiprocessor computing for high performance databases and parallel programming research at Sequent Computers (now IBM). In addition, he has experience architecting and developing software applications, as a developer and manager. Joe began programming as a physics undergrad and developed early microprocessor based instrumentation at Cornell, where he received a M.S. degree in Applied and Engineering Physics.
| Helen Bravo is the Product Manager at Checkmarx. Helen has more than fifteen years of experience in software development, IT security and source-code analysis.
Prior to working at Checkmarx, Helen has worked in Comverse one of the biggest Israeli Hi-tech firms as a software engineer and product manager for security matters. Helen holds a B.A. in Economics and Business Administration from the Israeli University of Haifa and started her development career at the age of 11.
|Jason Chan is an Engineering Director at Netflix, currently working on the security of Netflix's cloud deployment. His areas of responsibility include application, infrastructure, and operational security for the Netflix streaming video service. Prior to joining Netflix, he led the information security team at VMware and spent most of his earlier career in security consulting for firms such as @stake and iSEC Partners.|
|Danny Chrastil is a security consultant with BT Assure who has specialized in information security for over 3 years. Danny has a strong background in application development and server administration which led him into the security field after being asked to remediate a compromised server for a large eCommerce application. Using his experience as both a security consultant and programmer, Danny works with developers on the awareness of security principles and their importance within the development lifecycle.|
|Please visit Larry's OWASP profile page.|
|Gregory Disney-Leugers is a systems engineer from Athens, OH with his wife Kait, He attended United Stares Air Force Institute of Technology and Defense Acquisition University. He is the developer of OWASPMantra OS and The Onion Server.|
Maureen Donohue Feinroth
| Maureen D. Feinroth, Esq, CIPP/IT, CIPP/E is the Founder and CEO of Capital Privacy Solutions, a consulting firm dedicated to providing clients with privacy consulting, training & education and data management services.
Maureen is a recognized subject matter expert in international compliance, particularly the EU Directive, the Hong Kong Data Protection Ordinance and transborder data flow issues in the international marketplace. She is experienced with the provisions of DNC, FOIA, ECPA, FISMA, the Federal Privacy Act, Paperwork Reduction Act, Computer Security Act, OMB Circular A-130, FISCAM, HIPAA/HITECH, GLBA, FCRA, EFTA, COPPA, ECPA, PATRIOT Act and Sarbanes-Oxley. She assisted in development of NIST standards across information security including implementation measures for HSPD 12 compliance. Her consulting responsibilities and career information security privacy experience include the identification, research and analysis of all legislation at the state, federal and international levels, as well as the self-regulatory programs.
|Andrew Earle is a Security Solutions Architect for HP Enterprise Security Products (ESP). Andy has spent 3+ years designing and delivering application security programs, technology, and services for US Federal and commercial customers, specifically around HP's Fortify appsec products. Andy was previously the product manager for a high assurance multi-level secure operating system at BAE Systems, and Presales Engineer for various web development and mobile security firms. Early experience includes software engineering, mobile application development, and lifeguarding at his neighborhood pool. Andy has a B.S. in Systems Engineering from the University of Virginia.|
| Tom is the founder and CEO at Identity Theft Loss Prevention, LLC. Tom served in the United States Air Force as an Avionics Flight Control System Specialist during Desert Storm. He received a metal for his heroic efforts for saving lives and aircraft. Following his military service, he worked as a government contractor on highly sophisticated security systems for Classified and Top Secret information.
Due to Tom falling victim to ID Theft and Fraud 4 times between 1996 and 1998. At that time identity theft was relatively new with very few resources for victims. Learning from his personal experience, combined with his military training, Tom founded Identity Theft Loss Prevention to educate individuals, families, and businesses. The company has become nationally recognized for practice assessment, management, and training to identify and limit information exposure.
Recently, Tom was invited to participate in an elite group that advises the Federal Bureau of Investigation Cyber Crimes Division and the Dept of Homeland Security on matters of national security.
|Alan is a Chief Security Architect at HP and is a CISSP. He is responsible for performing penetration tests and implementing security best practices for the PPS organization on web connected printers. Alan worked at Symantec as a Principle Software Engineer on enterprise security products. He worked at Novell as a Senior Software Engineer on desktop and server management. Alan graduated from BYU with a B.S. in Computer Science. He participates in the local Salt Lake OWASP chapter.|
| Robert Lelewski is an Engagement Lead for IBM's Emergency Response Service and is the lead of IBM's Computer Security and Incident Response Plan (CSIRP) offering. He has worked on numerous cases involving the topics of intellectual property theft, malware analysis, embezzlement, child pornography, and other issues. He has testified before state and federal courts and has been endorsed as an expert on computer forensics.
Robert holds a Bachelor degree in Economic Crime Investigation from Syracuse University, a Masters degree in Technology Management and a certificate in Research and Development Management from the University of Denver, and is currently pursuing a Masters of Business Administration from the University of Northern Iowa. Additionally, Robert holds several computer forensic and security related certifications including the EnCE, ACE, CCE, CISSP, CISA, CISM, Security+, and CASP.
|Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.|
|Jon McCoy is focused on .NET Framework Application Security, releasing a number of tool and whitepapers in the area of .NET Framework Security. He runs www.DigitalBodyGuard.com a ThinkTank Firm that engages in development, protecting & penetration-testing digital assets from desktop applications to enterprise infrastructure. DigitalBodyGuard has a focus on .NET Application Security well beyond Reverse Engineering and Anti-Reverse Engineering.|
| Dan is a Vice President at IntraNext Systems. As Vice President and Chief Product Evangelist Mr. Rojas’ responsibilities include strategic planning, business development and execution to enable rapid growth of the IntraNext SafeData offering.
Before joining IntraNext, Mr. Rojas was a Director and Managing Director at Coalfire, a leading IT systems security and compliance company. Mr. Rojas’ was responsible for national PCI, HIPAA and Federal practices.
Mr. Rojas has over 20 years of communications and information technology industry experience in the areas of Corporate Strategy, IT Operations, Business Development and Executive Management.
Previously, he was Vice President of Technology at Alpine Access, a virtual BPO service provider from 2007 to 2011. At Inflow, a complex web hosting company, (1998-2005) Mr. Rojas led many major worldwide client programs delivering systems and information technology architecture, design, security and implementation for its global clients. Management of secure and highly reliable infrastructure and data network services including firewall management, operating systems management, data storage and backup, monitoring, BC/DR and consulting services around e-business and web architecture. Mr. Rojas also held executive management positions in start-up enterprises as well as product development and management positions within the U.S. Air Force.
|Hacker, developer, product manager, and trainer, Jon Rose has been working in the security industry for his entire career. His current mission is to make security accessible to developers, startups, and service providers through a variety of ventures. Outside technology, his other interests include running, camping, coffee, robots, and beer.|
| Russ is the Computer Forensics Lead Aerstone. Russ has over 18 years of experience as an Information Security Consultant, providing technical incident response, computer security, forensics, and electronic discovery advice to both public and private sector organizations. Previous clients include large financial institutions in the U.S. and Europe, including 7 of the 10 largest banks in the U.S. and 13 of the top 50 in the world, as well as health care, insurance and high tech manufacturing organizations.
Prior to joining Aerstone, he spent 5 years as the Technical Director for Electronic Discovery and Forensics for SNR Denton, one of the top 25 law firms in the world, where he assisted clients and attorneys in technical investigations, discovery collection and processing, and the development of discovery protocols. His experience also includes consulting with Guardent and Global Integrity Corporations. As the Technical Director for Response Services for Global Integrity he managed the company's Open Source Monitoring Program and assisted in the development and implementation of the Information Sharing and Analysis Center (ISAC) for the financial services sector. He has provided incident response consulting on major security breaches where potential losses exceeded $50 million dollars.
As a U.S. Army Reserve Officer, he performed vulnerability assessments and audits of classified and unclassified military computer networks for the Army Computer Emergency Response Team. He was the first person (military or civilian) to be certified to execute penetration tests on Army systems.
Mr. Shumway is a Certified Information Systems Security Professional (CISSP). He graduated from the University of Pennsylvania in 1983 and received a M.S. in the Management of Information Systems and an M.B.A. from the Katz Graduate School of Business in 1995.
Mr. Shumway has developed and taught graduate level courses at the University of Virginia and at the University of Fairfax.
|Casey is an Information Security Analyst at FirstBank.|
| Aaron Weaver is Principal Security Analyst at Pearson Education, the leading learning and publishing company. He has played various roles including software developer, system engineer, embedded developer to IT security. He also leads OWASP Philadelphia. Experience includes mobile security, web application security, penetration testing and embedded development. Aaron has also worked on developer and QA awareness to increase security in the software development lifecycle and has held numerous training sessions.
Aaron has spoken at regional chapter events including OWASP, Infragard, ISSA, Cloud Security Alliance, Philadelphia Secure World and ISACA.
When he has time Aaron likes to make sawdust in his workshop.
| David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, and owner of Titan Info Security Group, a Risk Management and Cyber Security law firm, focused on technology and the law, and helping companies lower the risk of a cyber-incident and reducing or eliminating the liability associated with loss or theft of information. He also assists companies with difficult legal/cyber-security issues.
David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM. He has published many articles, such as, "Hacking Back In Self-Defense: Is It Legal; Should It Be?", and recently, "Cyber War or Cyber Cold War?".
His speaking engagements include: the FBI ICCS conf., RSA, CSI, HTCIA, ISSA, FBCINC, the 4th Int'l Cyber Crime Conf., Australia, Cornerstones of Trust, FISSEA, ASIS, and others. He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard. He was recently quoted in a Fox News Exclusive, and his recent article was published on Fox News: Is the US Already Engaged in a Cyber War?
| Dan is a managing consultant at IBM Security Services and directs Penetration Testing and Emergency Response Services for IBM in the North Amercian region. Dan's team assists clients in proactively identifying existing security threats to company assets and assists them in developing plans to reduce the risk of and prepare for the handling of cyber-incidents. When incidents do occur, his team will respond 24x7 to assist the client in quickly eliminating the threat.
Dan has been with IBM for 18 years, with 12 years in Information Security. He graduated with a Bachelors degree in Computer Science from Brigham Young University, and has completed an MBA with Regis University. Dan has worked in numerous areas of security at IBM including: Infrastructure security policy and best practices, malware threat prevention, vulnerability management, penetration testing and application security, and incident and forensic response.
|Zak is an Advanced R&D Engineer at LogRhythm Labs.|
| Mr. Neal Ziring is the Technical Director for the National Security Agency's Information Assurance Directorate (IAD), serving as a technical advisor to the IAD Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across the Information Assurance mission space. Mr. Ziring tracks technical activities, promotes technical health of the staff, and acts as liaison to various industry, intelligence, academic, and government partners. As part of his role, he guides IAD’s academic outreach program, acting as a technical liaison to several universities that are participants in the National Centers for Academic Excellence - Research (CAD-R) program. His personal expertise areas include router security, IPv6, VM-based secure systems, cloud computing, cross-domain information exchange, and mobile code security.
Mr. Ziring received B.S. degrees in computer science and electrical engineering (1985), and an M.S. in computer science (1986), all from Washington University in St. Louis. Since then, he has also taken courses from Columbia University and University of Maryland Baltimore County.
Virtually Mr. Ziring’s entire government career has been based in the NSA Information Assurance Directorate. He joined NSA in late 1988, working on software tools and cryptosystem simulation. In the 1990s he began working in IA Evaluations and, except for brief tours, has been there ever since. From 2003 to 2005 he held the position of technical director for the IA Evaluations System and Network Attack Center (SNAC). Between 2006 and 2010 he was detailed to the NSA Mission Systems Development group as the security architect.
Mr. Ziring is maintains his Cisco Certified Security Professional (CCSP) certificates. Prior to joining NSA, Mr. Ziring was a member of technical staff at AT&T Bell Laboratories. In addition to work, Neal enjoys martial arts, running, and playing classical guitar. He holds a 3rd degree black belt in Shorinji Kempo.