2010 BASC Speakers - Revision history

Mark A. Arnold at 21:24, 19 November 2010

2010-11-19T21:24:22Z

Mark A. Arnold at 22:08, 18 November 2010

2010-11-18T22:08:35Z

Mark A. Arnold at 22:07, 18 November 2010

2010-11-18T22:07:21Z

Mark A. Arnold at 21:57, 18 November 2010

2010-11-18T21:57:42Z

Mark A. Arnold at 21:57, 18 November 2010

2010-11-18T21:57:04Z

Show changes

Mark A. Arnold at 20:16, 18 November 2010

2010-11-18T20:16:28Z

Jweiler: /* Shakeel Tufail (Fortify) */

2010-11-17T04:44:53Z

‎Shakeel Tufail (Fortify)

Jweiler: /* Kenneth Smith */

2010-11-17T04:44:16Z

‎Kenneth Smith

Jweiler: /* Rob Cheyne (CEO, Safelight Security Advisors) */

2010-11-17T04:43:32Z

‎Rob Cheyne (CEO, Safelight Security Advisors)

Jweiler: /* Paul Schofield (Imperva) */

2010-11-17T04:42:29Z

‎Paul Schofield (Imperva)

@@ Line 1: / Line 1: @@
-{{2010_BASC:Header_Template | Speakers}}
+{{2010_BASC:Header_Template | Speakers/Panelists}}
 __FORCETOC__
 We would like to thank our speakers for donating their time and effort to help make this conference successful.
@@ Line 5: / Line 5: @@
 === Josh Corman ===
 '''The 451 Group'''<br/>
 Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.
@@ Line 33: / Line 34: @@
 === Rob Cheyne  ===
 '''Safelight Security Advisors'''<br/>
-Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies.  Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br>
+''Expert Panel Moderator''<br/>
 === John Carmichael  ===
@@ Line 43: / Line 46: @@
 Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.
 === Kenneth Smith ===
-Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space.  He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization.  As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/>
+Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space.  He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization.  As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design.
 === Zach Lanier ===
@@ Line 52: / Line 55: @@
 === Shakeel Tufail  ===
 '''Fortify'''<br/>
 Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.
 Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.
 Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.
 Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.
-An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/>
+An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest BaseCamp.
 {{2010 BASC:Section Template | Conference Organizers}}

@@ Line 14: / Line 14: @@
 '''Raytheon/BBN Technologies'''<br/>
 Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/>
 === Joshua "Jabra" Abraham, Will Vandevanter  ===
@@ Line 39: / Line 38: @@
 '''Safelight Security Advisors'''<br/>
 John Carmichael applies his software security expertise to the creation and delivery of world class security training for some of the world’s largest organizations.  At Safelight Security Advisors, he is an integral part of the product team creating best of breed computer-based training courses. Prior to joining Safelight Security Advisors, John was a security trainer and consultant at both Security Innovation and Cigital.  His software security experience is rooted in a background of software development with deep expertise in a myriad of languages and environments.  He has developed enterprise class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned his B.S. degree in Computer Science and Business Administration from the University of Vermont and an M.S. degree in Computer Information System Security from Boston University.
 === Dan Crowley ===

@@ Line 38: / Line 38: @@
 === John Carmichael  ===
 '''Safelight Security Advisors'''<br/>
 === Dan Crowley ===

@@ Line 1: / Line 1: @@
 {{2010_BASC:Header_Template | Speakers}}
 __FORCETOC__
-We would like to thank our speakers for donating their time and effort to help make this conference successful and free.
+We would like to thank our speakers for donating their time and effort to help make this conference successful.
 === Josh Corman ===

@@ Line 58: / Line 58: @@
 '''Web Applications and Data Tokenization'''<br/>
 Tokenization has become increasingly popular as a method to protect sensitive data and reduce the scope of security requirements such as PCI DSS.  Many solutions now integrate directly with web applications, tokenizing data before it ever reaches internal corporate systems.  As developers, you may be tasked with integrating tokenization into your applications.  If done correctly, this can be a big win for your organization.  This talk will cover the types of tokenization solutions, seeing through the marketing hype and vendor claims, and how to avoid some common mistakes that could greatly reduce tokenizations effectiveness.
 === Shakeel Tufail (Fortify) ===

@@ Line 65: / Line 65: @@
 Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.
 An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE.
-In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br/>
+In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/>
 '''Open SAMM (Security Assurance Maturity Model)'''<br/>
 SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.

@@ Line 42: / Line 42: @@
 === Rob Cheyne (CEO, Safelight Security Advisors) ===
-Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies.  Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br/><br/>
+Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies.  Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br>
-'''OWASP Basics 1 and 2'''<br/><br/>
+'''OWASP Basics 1 and 2'''<br>
 Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve.  Participants will come away with a foundation for further security learning.  Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.

@@ Line 36: / Line 36: @@
 === Paul Schofield (Imperva) ===
 With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.
-With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br>
+With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.
 Paul is currently a Senior Security Engineer with Imperva,  an award winning application Security company.<br/>
-'''Business Logic Attacks – BATs and BLBs'''
+'''Business Logic Attacks – BATs and BLBs'''<br>
 Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code.