|
|
|
|
|
|
|
Jeff Moss, Conference Chair
Jeff Moss aka The Dark Tangent - Founder of Black Hat and DEFCON, Homeland Security Advisory Council Member.
Jeff Moss has been a hacker for over twenty years. In 1992, Jeff founded DEFCON, the largest hacker community and gathering in the world. Five years later, he started Black Hat, a series of technical conferences featuring the latest security research. In 2009, Jeff was appointed to the Homeland Security Advisory Council, a group of subject matter experts providing advice to the Secretary. Jeff is also a contributing author to "Stealing the Network," a series of books combining stories that are fictional with technology that is real, and executive producer of a documentary film about the history of hacking to be released in late 2010.
Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and responsible application. As such, he is a popular keynote speaker at events for the Air Force and DoD and regularly referenced in the Associated Press, CNN, New York Times, Reuters, and the Wall Street Journal.
Prior to Black Hat, Jeff was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia. He has also worked for Ernst & Young, LLP in their Information System Security division. Jeff graduated with a BA in Criminal Justice from Gonzaga University.
James Butler is a highly respected member of the information security
community with fourteen years of experience in operating system security. He is a recognized leader in attack and detection techniques and has focused in recent years on memory analysis research.
Jamie is the Director of Research and Development at MANDIANT and formerly led its Endpoint Security Team on its enterprise product MANDIANT Intelligent Response®. Prior to joining MANDIANT, Jamie was the Chief Technology Officer of Komoku, Inc. and Director of Engineering at HBGary. His experience also includes Host Intrusion Detection Systems (HIDS) development at Enterasys Networks and over five years of experience at the National Security Agency.
Jamie is the co-author of the bestseller, Rootkits: Subverting the Windows Kernel. (Addison-Wesley, 2005). In addition, he has authored numerous articles for publication and is a frequent speaker at the foremost computer security conferences. He is the co-author and instructor of the popular security courses Advanced Memory Forensics in Incident Response, Advanced 2nd Generation Digital Weaponry, and Offensive Aspects of Rootkit Technology. Jamie's unique knowledge of Windows' internal structures resulted in the free, cutting edge memory analysis tool Memoryze, which he co-authored with Peter Silberman. Jamie holds a Master of Computer Science degree from the University of Maryland, Baltimore County. He also holds a Bachelor of Science degree in Computer Science and a Bachelor of Business Administration degree in Computer Information Systems from James Madison University.
Twitter: http://twitter.com/jamierbutler
Company Blog: http://blog.mandiant.com
Matt Devost is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cybersecurity issues.
Currently, Mr. Devost is President & CEO of FusionX, LLC, a cybersecurity consultancy that helps international corporations identify and manage dynamic threats in complex operational environments. Additionally, Mr. Devost has been an Adjunct Professor at Georgetown University since 2002 where he teaches a graduate course on Information Warfare and security, and is a Founding Director of the Cyberconflict Studies Association. Mr. Devost founded the Terrorism Research Center, Inc. (TRC) in 1996, where he served as President and CEO until November 2008. As founder and President, Mr. Devost oversaw all research, analysis, intelligence, assessment, and training programs. Previously, Mr. Devost held leadership positions at iSIGHT Partners, Technical Defense, Security Design International, iDEFENSE and SAIC. Mr. Devost has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.
Company site: http://www.fusionx.com
Personal site: http://www.devost.net
Mark Dowd is an expert in application security, specializing primarily in host and server based Operating Systems. His professional experience includes several years as a senior researcher at a fortune 500 company, where he uncovered a variety of major vulnerabilities in ubiquitous Internet software. He also worked as a Principal Security Architect for McAfee, where he was responsible for internal code audits, secure programming classes, and undertaking new security initiatives. Mark has also co-authored a book on the subject of application security named "The Art of Software Security Assessment," and has spoken at several industry-recognized conferences.
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 25+ years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He has been a speaker at conferences such as Black Hat, Defcon, CodeCon, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. In his spare time he is the Dean of Hacking for the Sk3wl of r00t, past champions of the Defcon Capture the Flag Competition.
Jeremiah Grossman is the Founder and Chief Technology Officer of WhiteHat Security, where he is responsible for Web security R&D and industry evangelism. Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, NY Times and many other mainstream media outlets. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on five continents at hundreds of events including BlackHat Briefings, RSA, SANS, and others. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!
Nathan Hamiel is a Principal Consultant for FishNet Security's Application Security Practice. He is also an Associate Professor of Software Engineering at the University of Advancing Technology. He spends most of his time focusing in the areas of application, Web 2.0, and enterprise security. Nathan has been a speaker at security events around the world including: Black Hat, DefCon, ShmooCon, ToorCon, SecTor, OWASP and many others. He is also a developer of several open source security projects including the pywebfuzz and RAFT.
Twitter: @nathanhamiel
Robert Hansen CISSP (CEO and Founder of SecTheory) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies.
Mr. Hansen wrote Detecting Malice authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES and OWASP Appsec Asia. Mr. Hansen is a member of Infragard, West Austin Rotary, WASC, IACSP, APWG, and contributed to the OWASP 2.0 guide.
Christofer Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.
Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco,he was Unisys Corporation's Systems & Technology Division's Chief Security Architect. Additionally, he served as Crossbeam Systems'' Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at www.rationalsurvivability.com/blog
Vincenzo Iozzo is a student at the Politecnico di Milano and an independent security researcher. In the past he has worked as a penetration tester and reverse engineer focusing on a variety of topics including vulnerability research, Mac OS X security and smartphones exploitation. He is a regular speaker at various information security conferences including Black Hat, CanSecWest and DeepSec. He is perhaps best known in the information security industry for co-writing the exploits for BlackBerryOS and iPhoneOS to win Pwn2own 2010 and Pwn2own 2011.
Twitter: @_snagg
Felix 'FX' Lindner runs Recurity Labs. FX has over 10 years experience in the computer industry, eight of them in consulting for large enterprise and telecommunication customers. He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planning, implementation, operation and testing using advanced methods in diverse technical environments. FX is well known in the computer security community and has presented his and Phenoelit's security research on Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.
Shawn Moyer manages the Research Consulting Practice for Accuvant Labs, working with some of the most-renowned security researchers in the world to perform private on-spec vulnerability research, software
audits, and reverse engineering for a global customer base ranging from utilities and financials to telecommunications and software firms. Shawn has been involved professionally in information security for over 15 years, and unprofessionally for longer than he'd care to admit. After spending a number of years splitting most of his time between web-centric research and red-team penetration testing, Shawn's most recent work has been focused on Smart Grid and related technologies.
Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times. Shawn has been an eight-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.
Adam Shostack is a principal program manager on the Usable Security team in Trustworthy Computing. As part of ongoing research into classifying and quantifying how Windows machines get compromised, he recently led the drive to change Autorun functionality on pre-Win7 machines; the update has so far improved the protection of nearly 400 million machines from attack via USB. Prior to Usable Security, he drove the SDL Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL core team. Before joining Microsoft, Adam was a leader of successful information security and privacy startups, and helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He is co-author of the widely acclaimed book, The New School of Information Security.
Alex Sotirov is an independent security researcher with more than ten
years of experience with vulnerability research, reverse engineering and
advanced exploitation techniques. He is well-known for his work on exploiting
MD5 collisions to create a rogue Certificate Authority, bypassing the browser
exploitation mitigations of Windows Vista and developing the Heap Feng Shui
exploitation technique. His professional experience includes positions as a
security researcher at Determina and VMware. Currently he is working as an
independent security consultant in New York. Alexander served as a program
chair of the USENIX Workshop on Offensive Technologies and is one of the
founders of the Pwnie Awards.
Alex Stamos is a co-founder and CTO of iSEC Partners. While helping to build iSEC into an industry leader, Alex has been focused on helping his clients address their most difficult security challenges. He has worked to secure mobile platforms, cloud computing infrastructures and other emerging technologies while pushing forward the industry's understanding of how to build trustworthy systems in these new computing paradigms. He is a frequent speaker at conferences such as BlackHat, FS-ISAC, the Critical Infrastructure Protection Congress, Infragard, CanSecWest and Interop. Before forming iSEC, Alex was a Managing Security Consultant at @stake and had operational security responsibility at Loudcloud. He received a BSEE from the University of California, Berkeley.
Robert J. Stratton III is an independent consultant specializing in multinational network security, commercial development of early-stage security technologies, technology policy, and innovation management. Previously, he was Director of Government Research at Symantec Research Labs where he focused on security research, technology transfer and cybersecurity policy. Before joining Symantec, he was co-founder and Chief Technology Officer at StackSafe, a startup focused on self-healing software and automated software assurance. Mr. Stratton was the first Director of Technology Assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community. Mr. Stratton also co-founded and served as Chief Technologist at Security Design International, a services firm specializing in multinational and critical infrastructure network security. Before founding SDI, Mr. Stratton established the Security Posture Assessment™
practice at WheelGroup Corporation and the security organization at UUNET, one of the first tier 1 Internet service providers.
Yuji Ukai is the chief executive officer of Fourteenforty Research Institute, Inc, known as a technical opinion leader in Japanese security industry.
After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.
In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.
Alex Wheeler is a distinguished security researcher. Wheeler is an expert in software reverse engineering & code auditing. His skill is
evidenced by world-wide industry recognition. Wheeler's public
research received consecutive Pwnies awards for both "Best Server Side
Bug" and "Best Client Side Bug". His work is often referenced by top
tier media outlets. Alex's most notable public discoveries include
default remote flaws in Microsoft's IP stack and systemic default
remote flaws in every top tier security vendor's server and client
security products (e.g., Symantec, McAfee, TrendMicro, Computer
Associates, Microsoft, Cisco, F-Secure, Kaspersky, ClamAV, Novell,
etc.).
Stefano Zanero received a PhD in Computer Engineering from Politecnico
di Milano, where he is currently an assistant professor with the
Dipartimento di Elettronica e Informazione. His research focuses on
intrusion detection, malware analysis, and systems security. Besides
teaching "Computer Security" at Politecnico, he has an extensive
speaking and training experience in Italy and abroad, at both scientific
and technical forums. He co-authored over 30 scientific papers and
books. He is an associate editor for the "Journal in computer virology".
He's a Senior Member of the IEEE (covering volunteer positions at
national and regional level), and of the IEEE Computer Society (for
which he is the current chair of the Italy chapter). He's also a member
of the ACM. Stefano co-founded the italian chapter of ISSA (Information
System Security Association), and sits in the International Board of
Directors of the same association.
Stefano in 2004 founded Secure Network, a boutique security consultancy based in Milano, Italy. Secure Network's consultants and alumni are regular speakers at security conferences worldwide.
In a past life, Stefano was a regular columnist for "Computer World Italy", and received a national press award for his "Security Manager's Journal".