Don A. Bailey is a Security Consultant with iSEC Partners, Inc. With over six years in the field, Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software.
While Don's primary expertise is in developing exploit technology, he is also well versed at reverse engineering, fuzzing, enterprise programming, binary analysis, root-kit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies in recent years and has been invited to speak about risk management from a CISO perspective at government organized conferences.
For the past five years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, and DECT security. Most recently, Don spoke at Blackhat Las Vegas 2010 and SOURCE Boston 2010 regarding vulnerabilities in the global telephone network and the GSM protocol.
Kay Een, Special Agent, Naval Criminal Investigative Service is the Child Exploitation Operations and Investigations desk officer for NCIS Headquarters. She has been a Federal Agent with NCIS for 7 years. SA Een is a member of the Internet Crimes Against Children's Task Force (ICAC) and conducts global undercover operations targeting child exploitation on the internet.
Felix "FX" Lindner runs Recurity Labs, a security consulting and research company in Berlin, Germany. FX has over 11 years experience in the computer industry, nine of them in consulting for large enterprise and telecommunication customers. He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planning, implementation, operation and testing using advanced methods in diverse technical environments. FX is well known in the computer security community and has presented his and Phenoelit's security research on Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.
The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq’s professional career has included Fortune 100 companies, leading information security firms and innovative start-ups. Currently living in Thailand, the Grugq works as a senior security researcher for Coseinc. While not on engagements, the Grugq continues his research on security, forensics and beer.
Claims to fame:
The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.
Lukas Grunwald is the CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany) a globally acting consulting firm working mainly in the field of security solutions for enterprises and federal governments in Europe and Asia. He is also the head of the Hacking Lab where new technology is evaluated.
Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, forensic analysis, audits and active networking. Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively at several conferences all over the world. Mr. Grunwald is co-author of RFDump an RFID attack and audit tool, that is free software and got some attention for the first time clone and attack the ePassport live at Black Hat.
Robert "RSnake" Hansen (CEO, Founder): Mr. Hansen (CISSP) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies.
Mr. Hansen wrote Detecting Malice authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES and OWASP Appsec Asia. Mr. Hansen is a member of Infragard, West Austin Rotary, WASC, IACSP, APWG, contributed to the OWASP 2.0 guide and is on the OWASP Connections Committee.
Christopher Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.
Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco,he was Unisys Corporation’s Systems & Technology Division’s Chief Security Architect. Additionally, he served as Crossbeam Systems'’ Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at www.rationalsurvivability.com/blog
Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005.
Barnaby Jack is the Director of Research at IOActive Labs, where he focuses on exploring new and emerging threats, and recommending areas in which to concentrate IOActive's research efforts.
Jack has over 10 years experience in the security research space and previously held research positions at Juniper Networks, eEye digital Security, and FoundStone. Over the course of his career, Jack has targeted everything from low-level Windows drivers to the exploitation of Automated Teller Machines. He has subsequently been credited with the discovery of numerous vulnerabilities, and has published multiple papers on new exploitation methods and techniques.
Babak Javadi is a noted member of the physical security community, well-recognized among both professional circles (due to the work of his consulting firm, The CORE Group) as well as in the hacker world (where he can often be seen at events hosted by TOOOL, The Open Organisation Of Lockpickers.) His first foray into the world of physical security was in the third grade, where he received was sent to detention for describing to another student how to disassemble the doorknob on the classroom door. Babak is an integral part of the numerous lockpicking workshops, training sessions, and games that are seen at annual events like DEFCON, ShmooCon, DeepSec, NotACon, QuahogCon, HOPE, and Maker Faires across the country. He likes spicy food and lead-free small arms ammunition.
Dan Kaminsky is a well known security researcher. He formerly worked for Cisco , Avaya, and IOActive, where he was the Director of Penetration Testing. He is known among computer security experts for his work on DNS cache poisoning (AKA "The Kaminsky Bug"), and for showing that the Sony Rootkit had infected at least 568,200 computers and for his talks at the Black Hat Briefings. In June 2010, Dan released Interpolique, a beta framework for addressing injection attacks such as SQL Injection and Cross Site Scripting in a manner comfortable to developers. On June 16, 2010, Dan was named by ICANN as one of the Trusted Community Representatives for the DNSSEC root.
Lavakumar Kuppan is a security researcher interested in identifying new types of vulnerabilities and attacks. His works are published on the Attack and Defense Labs website which he runs along with fellow researcher Manish Saindane. His recent works have been browser-related and he is particularly interested in emerging technologies like HTML5. He maintains an online HTML5 Security Guide and has contributed to the HTML5 Security CheatSheet project with articles on COR and Web SQL Database security. Lavakumar has spoken at multiple conferences including OWASP AppSec Asia and is also the author of tools like "Imposter" and "Shell of the Future."
Zane Lackey is a Senior Security Consultant at iSEC Partners, Inc with a focus in the fields of mobile and web application security. His research has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, SC Magazine and numerous others. A frequent speaker at top industry conferences, he has presented at BlackHat, RSA, Microsoft BlueHat, Toorcon, DeepSec, MEITSEC, YSTS, and in 2010 was named as one of 12 prominent security researchers by Network World magazine. He is a contributing author of Mobile Application Security (McGraw-Hill), a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill), and a contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a Bachelor of Arts in Economics with a minor in Computer Science from the University of California, Davis.
Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own—'Apache-SSL'—which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.
David Litchfield: researcher and founder, v3rity
Moxie Marlinspike does research with the Institute For Disruptive Studies. He also holds a 50 Ton Master Mariner's license.
Nils heads the security research team at MWR InfoSecurity in the UK. He likes breaking and exploiting stuff, and has demonstrated this at pwn2own 2009 and 2010. He has spent most of 2010 researching different mobile platforms and how to evade the exploitation mitigations techniques in place on these platforms.
Karsten unifies the worlds of scientific research, hacking laboratories, and corporate risk management in executing high impact security projects. His research focuses mainly on privacy protection in popular technologies such as RFIDs and phones. His hacking projects disclose and usually break proprietary cryptography. Through his consulting projects, Karsten designs 'secure enough' technologies in private and public applications.
Laurent Oudot has been doing research on defensive technologies and underground activities with numerous security projects handled, and he was a member of team RstAck and of the Steering Committee of the Honeynet Research Alliance. Laurent has been a frequent presenter or instructor at computer security and academic conferences like Cansecwest, Pacsec, Black Hat USA-Asia-Europe, Hack In The Box, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.
Tom Parker is the Director of Security Consulting Services at Securicon. Tom is a recognized throughout the security industry for his research in multiple areas including adversary profiling and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization -Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Blackhat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.
Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, has over 10 years of experience researching vulnerabilities and conducting field security assessments of Industrial Process Control Systems, SCADA Systems, Automated Meter Reading systems, and Smart Grid technology. After graduating from the University of New Orleans with honors and receiving a B.S. degree in Electrical Engineering, he was hired by Chevron and worked in the SCADA and Automation Team for the Upstream Exploration & Production division. Pollet designed and implemented PLC and SCADA systems for several offshore and onshore facilities.
Realizing the potential security implications of the industry moving towards TCP/IP communications in the late 1990s, and seeing a trend to connect SCADA systems to Enterprise IT networks, Pollet started investigating SCADA, Process Control Systems, and embedded devices for cyber security vulnerabilities.
Throughout his career, he has been actively involved with the IEEE, ISA, ISSA, UTC, CSIA, and other professional societies. Pollet has been involved in over 110 vulnerability assessments of plant and process control systems. He has also delivered over 75 presentations and training sessions on SCADA Systems, Critical Infrastructure Protection, and SCADA Security to the FBI, Department of Homeland Security, and several private sector security conferences. He has spoken at many conferences and workshops for government and professional organizations around the world. Pollet has also authored over 25 white papers, all specifically on the security of SCADA and embedded control systems.
Tiffany Strauchs Rad, MA, MBA, JD, is the President of ELCnetworks, LLC., a technology, law and business development firm with offices in Portland, Maine and Washington, D.C. Her consulting projects have included business and tech analysis for start-ups and security consulting for U.S. government agencies. She is also a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law and ethics and information security. Her academic background includes study of international law and policy at Carnegie Mellon University, Oxford University, and Tsinghua University (Beijing, China). Tiffany also researches car computers, is President of the reverse engineering and development company, Q Labs, is the Director/Founder of Reverse Space, a hacker space in Northern Virginia, and is pro bono legal counsel for Project DoD, a non-profit hosting company.
Stephen A. Ridley, Senior Researcher, Matasano Security.
Ivan Ristic is a respected security expert and author, known especially for his contribution to the web application firewall field and the development of ModSecurity, the open source web application firewall. He is also the author of Apache Security, a comprehensive security guide for the Apache web server, and ModSecurity Handbook, the definitive guide to the popular open source web application firewall. He founded SSL Labs, a research effort focus on the analysis of the real-life usage of SSL and the related technologies. A frequent speaker at computer security conferences, Ivan is an active participant in the application security community, a member of the Open Web Application Security Project (OWASP), and an officer of the Web Application Security Consortium (WASC). He currently works for Qualys as Director of Engineering, Web Application Firewall and SSL Services.
Dominic White is a senior consultant for SensePost having previously worked for a big4 audit firm. He holds an MSc in InfoSec and has trained at BlackHat USA. He has presented at several conferences and recently started organising a few.
Chris Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).
Peiter "Mudge" Zatko: Prior to coming to DARPA, Mr. Zatko was a Division Scientist and Technical Director for BBN Technology's National Intelligence Research and Applications division. Prior to that, Mr. Zatko served as the CEO and Chief Scientist at LHI Technologies, and was Chief Scientist/Executive Vice President for Research and Development at @Stake Inc. He has served on the advisory boards of several organizations, as an R&D Subcommittee Member to the Partnership for Critical Infrastructure Protection, and as a Research Subcommittee Member to the Office of Science and Technology. Mr. Zatko is the inventor of L0phtCrack, a Microsoft password auditing tool; of AntiSniff, a remote promiscuous system detector; of L0phtWatch/Tempwatch; and of SLINT, a tool in automating source code analysis to discover security coding vulnerabilities.