This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
2014 BASC Speakers
2014 BASC: Home Agenda Presentations Speakers
We kindly thank our sponsors for their support. All slots are full.
Please help us keep BASC free by viewing and visiting all of our sponsors.
Collin Mulliner
Northeastern University
Collin Mulliner is a postdoctoral researcher in the Systems Security Lab
at Northeastern University. Collin's main interest is the
security and privacy of mobile and embedded systems with
an emphasis on mobile and smart phones. Since 1997 Collin
worked on all kinds of mobile devices and touched most of the
mobile platforms for either software development or security work.
Collin received a Ph.D. from the Technische Universitaet Berlin in 2011,
and a M.S. and B.S. in computer science from UC Santa Barbara and
FH-Darmstadt, respectively. Collin has a broad interest in systems
security that is somehow connected to mobile devices and cellular
infrastructure. He has a specific interest in vulnerability analysis and
offensive security but recently switched his focus to the defensive side
to work on mitigations and countermeasures.
Dinesh Shetty
Security Innovation
Dinesh is a Security Engineer and Trainer for Security Innovation. He is an accomplished author and
speaker, and his research has been published in numerous international security magazines and
websites. Dinesh is a Hall of Fame member of Apple, Adobe, and Barracuda Networks for his
identification and responsible disclosure of critical security vulnerabilities in their products, web sites,
and web services. He has spoken and taken trainings at leading National and International conferences
like Boston Security Meetup Conference, ClubHack, OWASP AsiaPac - Sydney, National Institute of Bank
Management – India, Quest Knowledge center and multiple organizations among others. Dinesh also
holds a number of professional IT and security certifications.
EMC Product Security Response Center
EMC
EMC PSRC is responsible for responding and managing security vulnerabilities reported in EMC/RSA products.
George Ehrhorn
MathWorks
George Ehrhorn is the IT Security Manager for MathWorks, a leading developer of mathematical computing software for engineers and scientists. George is responsible for the IT Security program at MathWorks including infrastructure security, risk assessment, and web application security. Prior to MathWorks George worked in IT Audit and Security functions at SunGard Data Systems, Ellucian, and Wayfair.com. Some of the nerdiest things about George are that he plays competitive bridge and that he was president of the math club in college. Twice.
Jack Mannino and Geller Bedoya
nVisium
Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android and code written in Scala. He’s also an optimistic New York Mets fan, although that optimism slowly fades away every summer.
Geller Bedoya is a senior application security at nVisium. Geller graduated from Georgia Tech with a degree in Electrical Engineering. As a undergraduate student Geller tackled a range of security challenges from memory forensics to botnet research. After graduation, he promptly put his security knowledge to work at a financial brokerage where he aided in design and implementation of security throughout the SDLC. He performs security code reviews and application security testing of products. Outside the office, he finds peace of mind by cycling and running.
Jared DeMott
Dr. Jared DeMott is a seasoned security researcher, and has spoken at conferences such as DerbyCon, BlackHat, Defcon, ToorCon, Shakacon, DakotaCon, CarolinaCon, ThotCon, GRRCon, and Bsides*. Past notable research relates to stopping a trendy hacker exploit technique (known as ROP), by placing as a finalist in Microsoft’s BlueHat prize contest, and by more recently showing how to bypass Microsoft’s EMET protection tool.Jared is active in the security community by teaching his
Application Security course, and has co-authored the book –
Fuzzing for Software Security Testing and Quality Assurance.
DeMott has been on three winning Defcon CTF teams, and has the
black badges to prove it. He has been an invited lecturer at
prestigious institutions such as the United States Military
Academy, and previously worked for the National Security Agency.
DeMott holds a PhD from Michigan State University.
Jeff Williams
Contrast Security
Jeff Williams is the founder and CTO of Contrast Security, bringing the power of instrumentation and real time analytics to secure your application portfolio. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and may be reached directly at [email protected].
Josh Corman
Sonatype
Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute.
Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.
Anson Gomes and Jeremy Spencer
iSEC Partners
Anson Gomes is a security researcher and consultant at iSEC Partners. He specializes in web applications and web services security, network security, mobile application security, and architecture reviews. He has led numerous assessments for applications written in languages such as Java, .NET, PHP, and Objective C. In his spare time, Anson spends his time researching cloud systems, custom protocols, and embedded devices. He is passionate about red teaming and social engineering. Anson has also given multiple presentations both locally at NYC and at major conferences such as Black Hat and OWASP AppSec USA. He lives in New York City.
Jeremy Spencer is a Security Consultant at iSEC Partners, an information security consulting firm that specializes in application, network, and mobile security. He has conducted multiple web, mobile, and network penetration tests and has successfully reported vulnerabilities in applications written in languages such as Java, PHP, Python, and Ruby.
Jeremy graduated from Columbia University's School of Engineering and Applied Science in 2013 with a B.S. in Computer Science. At Columbia, Jeremy engaged in computer system software development within operating systems, compilers, and networking stack. Prior to iSEC, Jeremy held an internship at Goldman Sachs where he did security related software development.
Michael Weissbacher
Northeastern University
Michael Weissbacher is a PhD student and Research Assistant at the SecLab of
Northeastern University. His research interests are focused on the security
of web applications on both client and server side. Michael plays CTFs with
Shellphish.
Patrick Laverty
Akamai
Patrick is a member of the Akamai Technologies Customer Security Incident Response Team (CSIRT) in
Cambridge where he helps detect and thwart hackers from some of the biggest and most well-known web
sites in the world. He organizes the monthly meetings for the OWASP Rhode Island chapter. In his spare
time, he's working on a wicked hahd slap shot for his hockey team.
Sagar Dongre
Cigital
Sagar Dongre is Senior Consultant with Cigital. At Cigital, he is one of the leaders in the static analysis
practice within the company. He consults for many of Cigital’s clients on static analysis topics such as
enterprise-wide code review processes and secure software development lifecycle (SSDLC).
Steve Markey
nControl
Steve Markey is the principal of nControl, a consulting firm based in Philadelphia, Pennsylvania,
USA. He is also an adjunct professor, a published author, and a principal speaker at a number
of global conferences. Markey holds multiple certifications and degrees, and has more than 14
years of experience in the technology sector. He frequently presents on information security,
information privacy, cloud computing, project management, e-discovery, and information
governance.
Walt Williams
Lattice Engines
Walt Williams, CISSP®, SSCP®, CEH, CPT has served as an infrastructure and security
architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The
Commerce Group, and EMC. He has since moved to security management, where he now
manages security at Lattice Engines. He is an outspoken proponent of design before build, an
advocate of frameworks and standards, and has spoken at Security B-Sides on risk management
as the cornerstone of a security architecture.
Mr. Williams' articles on security and service oriented architecture have appeared in the Information Security Management Handbook, and is the author of Security for Service Oriented Architecture by CRC press, 2014. He sits on the board of directors for the New England ISSA chapter and is a member of the program committee for Metricon. He has a master’s degree in Anthropology from Hunter College.