Main Menu

Resources

Be Notified!

For Email Newsletters you can trust

2009 Conference Info

2010 Speakers

Keynote Speakers

Ira Winkler

"Spies Among Us"

Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world's most influential security professionals, and has been named a "Modern Day James Bond" by the media. Ira Winkler did this by performing espionage simulations, where he physically and technically "broke into" some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protects their information and computer infrastructure. Ira Winkler continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira Winkler also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards.

Ira Winkler is also author of the riveting, entertaining, and educational books, Spies Among Us and Zen and the Art of Information Security. He was also a columnist for ComputerWorld.com. Ira Winkler has recently been elected Vice President of the Information Systems Security Association.

Ira Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service, Ira Winkler went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland.

Ira's new book is entitled "Spies Among Us" - American corporations now lose as much as $300 billion a year to hacking, cracking, physical security breaches, and other criminal activity. Millions of people a year have their identities stolen or fall victim to other scams. In Spies Among Us, Ira Winkler reveals his security secrets, disclosing how companies and individuals can protect themselves from even the most diabolical criminals. He goes into the mindset of everyone from small-time hackers to foreign intelligence agencies to disclose cost-effective countermeasures for all types of attacks.

This unique book is packed with the riveting, true stories and case studies of how he did it-and how people and companies can avoid falling victim to the spies among us.

Ira Winkler has also written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the best-selling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. Ira Winkler has also written hundreds of professional and trade articles. He has been featured and frequently appears on TV on every continent. Ira Winkler has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.

Borders Books will be having a book signing for Ira Winkler's new book "Spies Among Us" after Ira's lunch Keynote Presentation. The book will be available for sale during the book signing. To open a Corporate Account with Borders and be eligible for excellent customer service and available discounting for all your business purchases, please contact Valerie Kokai at Borders Fourth Street - 502.562.2100.

Marcus J. Ranum

Chief Security Officer, Tenable Network Security

Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is recognized as the inventor of the proxy firewall, and the implementer of the first commercial firewall product. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. In SC Magazine's 20th Anniversary Edition, Ranum was named as one of the top industry pioneers over the last 20 years.

Ranum has been Chief Security Officer at Tenable Network Security since joining Tenable in 2004. Prior to Tenable, Ranum had served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and the ISSA Lifetime Achievement Award. Ranum was most recently senior scientist at Trusecure Corp., an international risk management firm. In addition to his CSO duties at Tenable, he currently serves as a technology advisor to a number of start-ups, established concerns and venture capital groups.

Tenable Network Security is a privately held company founded in 2002 by security product innovators Ron Gula, Renaud Deraison and Jack Huffard.

Together with Tenable CSO Marcus Ranum, they have developed a Unified Security Monitoring™ approach based on the award-winning Nessus® scanner engine for securing enterprise networks world-wide.

Breakout Speakers

Jeremiah Grossman

"2010: A Web Hacking Odyssey - The Top Hacks of the Year"

Jeremiah Grossman, founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named one of InfoWorld’s Top 25 CTOs in 2007 and is often quoted in major publications such as SC Magazine, Forbes and USA Today.

He has authored dozens of articles and whitepapers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of “XSS Attacks: Cross Site Scripting Exploits and Defense.” Grossman is also an influential blogger who offers insight and encourages open dialogue regarding research and vulnerability trends.

Prior to WhiteHat, Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the Company's hundreds of websites.

Rafal Los

"Web 2.0 - Love It or Hate It"

Rafal Los, Web Application Security SME with Hewlett-Packard's Application Security Center (ASC), is a 10+ industry veteran who has worked in a variety of security positions— from consultant to Information Security Officer in the Fortune 100— within some of the most demanding business environments. Rafal’s unique blend of technical expertise and business knowledge enable him to teach audiences about security techniques, programs and processes that they can both understand strategically, and realistically apply. He has extensive experience in security testing, risk analysis and management, penetration testing and architecture and policy. Rafal is an accomplished writer maintaining 2 popular blogs with numerous appearances in the mainstream media and niche sites such as Slashdot. Previous successes include building and implementing a successful web application security program for one of the largest and most diverse companies in the world.

Rafal is the author of the blog Following the White Rabbit and a frequent speaker at the largest security conferences.

Michael A. Davis

"Align your defenses with data types and implement a data-centric security program"

Michael A. Davis is the CEO of Savid Technologies, Inc., a technology and security consulting firm in Chicago. Savid specializes in risk assessment (policy development, security life cycle, managed services), compliance, enterprise networks (virtualization, Active Directory and Network Design) and application development.

He is also a contributing author to Hacking Exposed, the number one book on hacker methodology. He is also author of a new book, Hacking Exposed: Malware and Rootkits which was released in October 2009. He is a senior member of the HoneyNet project where he is working to develop data and network control mechanisms for Windows-based honeynets. Michael is an active developer in the Open Source community and has ported many popular network security applications to the Windows platform including the Snort Intrusion Detection System, honeyd, dsniff, and ngrep.

Michael has worked with McAfee, Inc., a leader in anti-virus protection and vulnerability management, as Senior Manager of Global Threats where he led a team of researchers investigating confidential and cutting edge security research. Michael has also worked for companies such as 3com and managed two Internet service providers.

Accomplishments:

Author of “Hacking Exposed”, the definitive Computer Security book
Speaker and trainer at many security conferences including: Blackhat, Defcon, NSA/NIC Honeynet Security Conference, and FINSEC
Taught a Secure Programming course at Moraine Valley Community College
Porting Sebek, the HoneyNet kernel monitoring tool, to Windows NT/2000/XP
Ported the Snort Intrusion Detection System to Windows NT/2000/XP
Architected, Developed and deployed a secure 802.11 Wireless network covering Northern Illinois and parts of southern Texas
Ported dsniff, and ngrep to Windows NT/2000/XP
Developed kernel level network device drivers for Windows

Nathan Hamiel

"Your Tools are Killing You"

Nathan Hamiel is an Information Security professional, artist, and a thinker. His day job consists of being a Principal Consultant focusing on application security at FishNet Security. He is also an Associate Professor at UAT. He founded an independent security think-tank called the Hexagon Security Group. He has also been known to write some lines of Python He was one of the original developers of the FairuzaWRT project, the first hacking oriented firmware built for the Linksys WRT54G/S wireless routers. Lately he has been focusing on tools for testing web applications and recently wrote a tool called MonkeyFist that implements Dynamic CSRF attacks.

Nathan has a blog at Neohaxor.org, with writings on App Security, Python, Social Networking, Vulnerabilities and much more. Nathan is a frequent and popular speaker at most of the huge InfoSec Conferences, such as Defcon, Black Hat, SchmooCon, SECtor, PhreakNIC, ToorCon, and many others.

Marco Morana

"Threat analysis and risk mitigation of business logic attacks"

Marco Morana serves the OWASP (Open Web Application Security Project) as president of the USA Cincinnati chapter. As chapter leader, his main responsibility is to evangelize and schedule presentations with invited speakers on the topic of application and software security. On behalf of OWASP organization, Marco has also authored and reviewed several OWASP sponsored projects such as the secure coding guide and the testing guide. Marco has presented on the topic of software security at major security conferences such as CSI BlackHat and OWASP and his work on application and software security has been widely published in Secure Magazine, Secure Enterprise, Network Computing, ISSA Journal, and C/C++ User Journal.

In his day job, Marco works as Sr. Technology Information Security Officer and Security Architect for Citigroup Global Consumer North America Group where his primary responsibility is managing application security risks for Citibank business critical on-line web applications. Prior to Citigroup, Marco’s career included roles of application architect, consultant, software engineer, project manager and instructor. Marco holds a Masters Degree in Computer Systems Engineering from Northwestern Polytechnic University and an Engineering Doctorate Degree (Dr. Ing.) in Mechanical Engineering from University of Padova.

Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com. He also has several presentations posted on SlideShare.

Dave Kennedy

"Social Engineering - Putting the Cool Back in SE"

David Kennedy (ReL1K) is the author of Fast-Track (Automated Penetration Testing Suite) and the Social-Engineering Toolkit, contributes to the widely popular Back|Track security distribution, assists with the exploit database (exploit-db.com), and is one of the main contributors to the social-engineer.org framework. Dave is also a frequent guest on the Security Justice and PaulDotCom podcasts. David has worked for the US Marine Corps in Intelligence and has presented at a number of large conferences "Defcon", "Shmoocon", and "Notacon".

David has a heavy background in information security and penetration testing for a number of large multi-billion dollar organizations and was a Partner and Vice President of Consulting for a highly successful Information Security Consulting company. Prior to consulting, David worked for the United States Marine Corps in Intelligence stationed in Hawaii. Lastly, David has presented at a number of large conferences "Defcon", "Shmoocon", and "Notacon".

Adrian Crenshaw

"Maltronics: Malicious Hardware"

Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. This will be a survey of malicious hardware seen in the wild: Keyloggers, PHUKD devices, trojaned hardware, U3 switchblades...

Adrian is a past speaker at the Louisville Metro InfoSec Conference and is currently Director of Education for the ISSA Kentuckiana Chapter.

Tom Cross

“Emerging Threats on the Internet”

Tom Cross is the manager of IBM Internet Security System's X-Force Advanced Research team. Tom's team is engaged in a daily effort to identify, analyze, and mitigate computer security vulnerabilities. Tom has a seven year history with ISS, during which he has served as a vulnerability researcher and software developer. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and he also wrote one of the first academic papers suggesting the use of trust metrics in Wikipedia. Tom frequently speaks on computer security issues at conferences around the world. He holds a Bachelor's degree in Computer Engineering from Georgia Tech.

Tom co-founded the EFGA (Electronic Frontiers Georgia) in 1995. In 1996, he co-founded Computer Sentry Software, known for their award-winning "CyberAngel" software, a laptop anti-theft program. From 1999-2000, he was Chief Engineer at Dataway, a computer security firm in San Francisco. From 2000-2001 he worked at iAsiaWorks, as the Director of Global Security Engineering. In 2001, he founded Industrial Memetics, which developed the popular collaborative blogging community MemeStreams.

Tom has been a speaker at several technology conferences, including PhreakNIC; Summercon; "The First International Hackers' Conference in Seoul Korea" (IS2K); "InternetWorld" in Singapore; and APRICOT, the Asia-Pacific Regional Internet Conference on Operational Technologies. He was also among the attendees at the first ever DefCon. He has also been a co-host on episodes of "Binary Revolution", as a cryptography expert.

Tom also has an interesting personal blog.

(Some of the above content was taken from Tom's Wikipedia entry)

Robert A. Andrews II, CISSP, CCE

“Ethical Hacking in Forensic Investigations”

Robert Andrews was co-founder of P3 Strategic, a forensics investigation, assessment and training firm. P3 Strategic was acquired by CBTS in January 2010 as part of a significant investment in their IT security business unit. Rob has been retained by CBTS and will act as Chief Strategist and Director of the CBTS infosec unit. He will provide strategic vision and manage high profile investigations and assessments. Rob’s experience includes managing complex multinational investigations requiring expertise is technology, law, and forensic procedure. He has managed investigations in over 20 countries around the world, and has also managed multi-national vulnerability assessments and remediation efforts.

Currently, Rob is the lead network forensic instructor at the United States Secret Service National Computer Forensic Institute in Hoover Alabama. He was previously the lead instructor and program coordinator of the IT Security and Forensics Associate Degree program at Pittsburgh Technical Institute. His service experience includes working with several Fortune 500 companies and governmental agencies at the local, state and federal levels. His experience also includes teaching high level security certification programs, CISSP and Cisco boot camp classes around the nation.

Rob has been a technical editor for and has collaborated on several IT certification manuals for Course Technology and McGraw-Hill. He has also been the Key Note Speaker at many National Information Technology Conferences.

CERTIFICATIONS

CCE – Certified Computer Examiner
CISSP – Certified Information Systems Security Professional
GSEC – GIAC Security Essentials Certification
CCSE+ – Check Point Certified Security Expert
CHCP – Certified Hacking and Countermeasures Professional
MCSE – Microsoft Certified Systems Engineer
CCNA – Cisco Certified Network Associate

Professional Organizations
HTCIA - High Technology Crime Investigation Association
Infraguard (partnership between FBI and private sector) – Cleveland Chapter
International Society of Forensic Computer Examiners
ISACA
ISSA

Timothy Stoner and David Sims

"Security Management via OWASP Cloud 10"

Timothy Stoner is the Director of Advisory Services for PricewaterhouseCoopers. Mr. Stoner has over 21 years of professional consulting, commercial, and military experience. He has founded, directed, and lead consulting practices, as well as managed and delivered with consulting staff across all industry verticals, in the U.S. and Canada. His primary areas of expertise include: information systems strategy; organizational security; information and communication security; business continuity and disaster recovery planning; network security analysis/design and implementation; as well as vulnerability assessments, network and application security penetration testing and delivering risk-mitigation strategies across multiple industries.

David Sims is a Senior Associate in Advisory Services for PricewaterhouseCoopers. Mr. Sims has established and led operations teams across industry verticals. He offers a broad base of practical experience with emphasis on identity management, work force mobility, virtualization, business continuity, penetration and vulnerability mitigation programs using OWASP, PCI-DSS, FISMA, and NIST frameworks, strategic design and risk mitigation. Mr. Sims has over 18 years of experience in Information Security and Technology. He has consulted at a variety of Fortune 500 companies and in state government. His client list includes state and private healthcare organizations, financial institutions, international manufacturing operations, international logistics and transportation firms, pharmaceutical companies and retail chains.

Jim Czerwonka

"Security and Compliance: Our Cup Runneth Over"

Mr. Czerwonka, CISA, CISM, CGEIT is a Compliance Specialist with Systems Design Group. He has significant tactical and management experience as a risk, compliance and audit, information technology and business process professional. His industry experience includes healthcare, manufacturing, “Big 4” IT audit and management consulting and financial services.

Richard L. Taylor, CISA

"The Prevalence of Fraud in E-Commerce"

Rick Taylor a Principal of the Mountjoy Chilton Medley, Financial Institutions Service group and oversees all related internal audit and information systems client services. He has been with the company since 2002. He has more than 25 years experience with professional service firms, public companies (including Aegon USA and Yum! Brands, Inc.), and financial institutions (including PNC Bank, Great Financial Bank, and STAR Bank).

Rick has performed system security reviews and compliance audits based on federal regulatory standards. His vast knowledge and experience with systems architecture, disaster recovery, product development, electronic funds transfer systems, and situational analysis have led to innovative and cost-saving solutions for many clients.

Rick has a degree in Computer Science, is a Certified Information Systems Auditor (CISA), a certified Gartner Total Cost of Ownership Specialist, a certified IBM LAN support specialist, and has been trained in Cisco Systems router configuration and implementation. Organizations including the Kentucky Bankers Association, the Kentucky Society of CPAs, and the Kentuckiana Chapter of ISSA select him to present educational seminars on an annual basis. He has also contributed articles to the Hawk's Eye View monthly electronic newsletter. Rick's active involvement in the Information Systems Audit and Control Association's (ISACA) continuing education programs supplements his extensive experience to provide clients with the highest level of service.

Deral Heiland

“Observations of a Security Assessment Engineer”

Deral Heiland CISSP, serves as a Senior Security Engineer for CDW, where he is responsible for security assessment and consulting for corporations and government agencies. In addition, Deral is the founder of Layered Defense Research and co-founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral has also presented at numerous conferences including ShmooCon, Defcon, CarolinaCon, Ohio Digital Government Summit and University of Wisconsin lockdown conference. Deral has over 18 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst for a global Fortune 500 manufacturer where he was responsible for delivering security guidance and leadership in the area of threat and vulnerability management.

Matt Neely

"Radio Reconnaissance in Penetration Testing"

Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland, Ohio based security consulting company. At SecureState Matt leads a team of consultants who perform traditional penetration tests, physical penetration tests, web application security reviews and wireless security assessments. His research interests include the convergence of physical and logical security, lock and lock picking, cryptography and all things wireless. Matt is also a host on the Security Justice podcast.

Ameer Bauer

"Castles in the Sky: Armoring Clouds"

Ameer is a security engineer for Nexum Inc. He has 7 years experience in Information and Cyber Security. Ameer has worked on projects for various government and private agencies.