Erik Pace Birkholz
Founder and President, Special Ops Security, Inc.
Erik Pace Birkholz (CISSP, ISSAP, MCSE) is the Founder and President of Special Ops Security, Inc. Since 1995, Birkholz has performed hundreds of vulnerability assessments, penetration tests, host security reviews, web application assessments and security infrastructure reviews for many of the largest corporations in the world. He is the author of the best-selling book "Special Ops: Host and Network Security for Microsoft, UNIX and Oracle" (Syngress, ISBN 1931836698). He is also a contributing author of five international best-selling books for Osborne/McGraw-Hill including "SQL Server Security, Hacking Windows 2000 Exposed" and three editions of the international best-selling series, "Hacking Exposed: Network Security Secrets and Solutions". Most recently, as Series Editor, he authored the Foreword for "Security Sage’s Guide to Hardening the Network Infrastructure".
Before founding Special Ops Security, Erik was a charter member (Principal Consultant and Lead Instructor) of Foundstone from inception to its acquisition by McAfee in October 2004. Prior to accepting the role of Principal Consultant at Foundstone in 2000, he served as the West Coast Assessment Lead for Internet Security Systems (ISS), a Senior Consultant for Ernst & Young’s National Attack and Penetration team and a Consultant for KPMG’s Information Risk Management group. Erik holds a Bachelor’s of Science degree in Computer Science from Dickinson College in Carlisle, Pennsylvania. In 1999, he was named a Metzger Conway Fellow, an annual award presented to a distinguished Dickinson alumnus who has achieved excellence in his or her field of study. Additionally, Mr. Birkholz is a Subject Matter Expert for the Information Assurance Technology Analysis Center (IATAC); a Department of Defense entity that belongs to the Defense Technical Information Center.
Founder and Director of Research and Development, Special Ops Security, Inc.
Chip Andrews (CISSP, MCDBA) is the Director of Research and Development for Special Ops Security, Inc. Chip is the founder of the SQLSecurity.com website which focuses on Microsoft SQL Server security topics and issues. He has over 14 years of secure software development experience helping customers design, develop, deploy and maintain reliable and secure software. He regularly performs security assessments and penetration tests in a myriad of environments including Microsoft, UNIX, client/server applications, web-based applications, and multiple database platforms. Chip specializes in application- layer vulnerabilities and is adept at finding unintended access vectors into back-end systems using flaws in custom-developed application software; this usually allows unauthorized access even in well maintained systems.
Chip has been a primary and contributing author to several books including "Special Ops: Network and Host Security for Microsoft, Oracle and UNIX" (Syngress, ISBN 1931836698), "SQL Server Security" (Osborne, ISBN 0072225157), and "Hacking Exposed: Windows 2000" (McGraw-Hill, ISBN 0072192623). He also served as a technical reviewer for the book "SQL Server Security Distilled" (Curlingstone, ISBN 1590591925). Chip has also authored articles for magazines such as Microsoft Certified Professional Magazine, SQL Server Magazine, and Dr. Dobb's Journal focusing on SQL Server security and software development issues. He is a prominent speaker at security conferences such as the Black Hat Briefings, where he provides expertise on Microsoft SQL Server security issues and secure application design.
Before founding Special Ops Security, Chip was a Software Security Architect for several software development companies and specialized in application penetration testing and security training for everyone involved in the development process from design to deployment. In addition, he incorporated secure development practices into the software development life cycle including threat modeling, security unit testing, checklists, code review and code generation. Prior to that, Chip was a Senior Consultant for Computer Associates in the eTrust security consulting division specializing in intrusion detection, access control, and security assessments. Chip holds a Bachelors degree in Applied Computer Science from Southern Polytechnic State University in Marietta, Georgia.
Founder and Chief Technology Officer, Special Ops Security, Inc.
Steven Andrés (CISSP, ISSAP, ISSMP, CCNP, CCSE, MCSE) is the Chief Technology Officer for Special Ops Security, Inc., an information security consulting, training and deployment services organization headquartered in Orange County, California. He is the author of the leading secure infrastructure guide, "Security Sage’s Guide to Hardening the Network Infrastructure" (Syngress, ISBN 1931836019), published in April 2004. His other works include the internationally best-selling "Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition" (McGraw-Hill, ISBN 0072227427) as well as the definitive publication on internal network security, "Special Ops: Network and Host Security for Microsoft, Oracle and UNIX" (Syngress, ISBN 1931836698), for which the company is named.
Prior to Special Ops Security, Steven was the Director of Technical Operations for Foundstone, a vulnerability management and strategic security professional services company, acquired by McAfee in late 2004. Steven managed the infrastructure and ensured the confidentiality of sensitive client data within the Foundstone On-Demand Service. Steven is the co-inventor of the award-winning Foundstone FS1000 Appliance, a widely-recognized security platform for rapid deployment of security management solutions at dozens of Fortune 100 clients, and helped create a patent-pending methodology for digital threat intelligence correlation. More recently, Steven has been involved in product integration services, customizing vulnerability assessment products to interface with back-end enterprise systems at the largest ISP in the world. Steven has nine years of experience managing high-availability networks in the Entertainment, Health Care, Financial, and Higher Education industries, and is frequently invited to speak on secure architecture best practices.
Steven has earned the Certified Information Systems Security Professional (CISSP) designation, as well as the Information System Security Architecture Professional (ISSAP) and Management Professional (ISSMP) accreditations. Vendor-specific certifications include the Cisco Certified Network Professional (CCNP), Microsoft Certified Systems Engineer (MCSE), Cisco Certified Security Professional (CCSP), and Checkpoint Certified Security Engineer (CCSE). Steven was awarded the INFOSEC Professional designation, jointly-issued by the U.S. National Security Agency (NSA) and the Committee on National Security Systems (CNSS). Additionally, the Information Assurance Technology Analysis Center (IATAC), chartered by the U.S. Department of Defense Technical Information Center (DTIC) in Directive 3200.12, lists Steven as one of their subject-matter experts in the field of Information Security, and has called upon him to assist in classified STI projects for various agencies. Steven earned a Bachelor’s degree from the University of California, Los Angeles (UCLA) and enjoys living in the comfort of a climate-controlled, biometrically-secured data center, with clean DC power and limitless bandwidth.
Full bios for Chip, Erik and Steve can be found here: http://www.sopssec.com/company/founders.php
Professional Services Director, NGS Software Ltd.
Gunter Ollmann has over 10 years hands-on experience developing and managing secure systems, and over 5 years experience in providing cutting-edge security consultancy advice from an 'attack' perspective. At NGS he is responsible for the design and delivery of world-leading professional security services, ensuing his clients receive the best security advice backed by NGS's "best in the world" research team, bug hunters, and penetration testers. Formerly the manager of ISS' X-Force Security Assessment Services throughout Europe, the Middle East and Africa, he was responsible for the delivery of all 'attack' based service offerings to many of the worlds top organisations.
With a long history in software development and networking dating to pre-Internet and BBS days, he has learnt the hard way just what it takes to design and build secure systems, and how to apply security to real business environments. His specialities include secure web application & architecture design, penetration testing and operational security management. This experience combined with his security research has led Gunter to develop numerous authoritative security whitepapers. As a regular contributor to various security magazines, including SC Magazine, he is a frequent presenter at well known security conferences.
Security Consultant and Researcher, NGS Software Ltd.
Chris Paget is a security consultant and researcher for NGS Software, based in London. Chris has almost 20 years of experience in programming and security auditing, specializing in Win32 and Internet systems. He has performed audits for many of the largest banks and high-tech companies in the world, and has several years of experience teaching system administrators how to break into their own networks.