2012 BASC Speakers

2012 BASC: Home Agenda Presentations Speakers

Speakers/Panelists

Michael Anderson

NetSPI
Michael Anderson is a security consultant at NetSPI with experience in penetration testing, application security, computer forensics, network architecture, and code reviews. He has presented at DEF CON 18 on cloud-based threats, and is currently engaged in research on threats to mobile infrastructure.

Rob Cheyne

Safelight Security Advisors
Rob Cheyne is the founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of students, including developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998.

Rob was also an early employee @stake, a highly regarded pioneer in information security consulting. In addition to security consulting for Fortune 500 customers, he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he worked on the code scanning technology that was eventually spun off as Veracode.

Rob is on the advisory board for the Source security conference and regularly speaks at security conferences on a variety of security topics.

Ming Chow

Tufts University
Ming Chow is a Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering, web security, and game development. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), the Massachusetts Office of the Attorney General (AGO), John Hancock, OWASP, InfoSec World (2011 and 2012), DEF CON 19 (2011), the Design Automation Conference (2011), and Intel.

Josh Corman

Akamai Technologies
Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman's research cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting economics. His research and education efforts won him the title of Top Influencer of IT by NetworkWold magazine in 2009. Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded Rugged Software - a value-based initiative to raise awareness and usher in an era of secure digital infrastructure.

Ehsan Foroughi

SD Elements
Ehsan Foroughi is an application security expert with 8+ years of management and technical experience in security research. He has an extensive development and reverse engineering background. He led the Vulnerability Research Subscription Service for TELUS Security Labs (called Assurent before being acquired by TELUS). Under his management, the Vulnerability Research Service went through being a startup product to a service used by over 80% of the major security vendors. As an entrepreneur, he has also served as the founder and CTO of TELTUB, a successful telecommunication startup. Ehsan holds a M.Sc. from the University of Toronto in Computer Science, a B.Eng. from Sharify University of Technology, as well CISM and CISSP designations. SD Elements is a spin-off of Security Compass.

Jim Manico

White Hat Security
Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is part of the WhiteHat Static Analysis Software Testing (SAST) team, leading the data-driven, Web service portion of the SAST service. He also provides secure coding and developer awareness training for WhiteHat using his 7+ years of experience delivering developer-training courses for SANS, Aspect Security and others.

Brian Mather

Denim Group
Brian Mather has worked in the information services industry for over 13 years. At Denim Group, he has managed numerous enterprise application security and secure software development projects, and is currently managing Denim Group’s open-source application vulnerability management system, ThreadFix. Brian has served as the managing partner and owner of an information technology services firm for 10 years, and is uniquely skilled at helping businesses meet their technology needs.

Scott Matsumoto

Cigital
Scott Matsumoto is a Principal Consultant at Cigital bringing over 20 years of commercial software product development experience to the company. At Cigital, Scott is responsible for the security architecture practice within the company. He consults for many of Cigital’s clients on security architecture topics such as Mobile Application Security, Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. His prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels.

Scott is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.

Joey Peloquin

F5

Rohit Sethi

SD Elements
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security sensitive organizations in financial services, software, ecommerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Secure Development Conference, Shmoocon, CSI National, Sec Tor, Infosecurity, CFI-CIRT, and many others. Mr. Sethi has written articles for InfoQ, Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), has appeared on Fox News Live, and has been quoted as an expert in application security for ITWorldCanada and Computer World. He also created the OWASP Design Patterns Security Analysis project. SD Elements is a spin-off of Security Compass.

Roy Wattanasin

Roy Wattanasin is a information security professional working in the healthcare industry. He spends most of his time on leading and developing an organization's information security program and working on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also teaches information security at Brandeis University.

Greg Wolford

Fortify
Greg Wolford is a Software Security Consultant and Manager for HP Fortify. Prior to working at Fortify, Greg was a Sr. VP and Sr. Director of development for organizations in the Dallas/Fort Worth area and worked as a developer prior to that. Greg uses his knowledge of development and development processes to help organizations bake security into the SDLC.

Matt Wood

Sunera
Matt has been active within the security community for the past 10 years as a developer, researcher, and consultant. As a penetration tester with Sunera, Matt has lead social engineering, mobile application, internal/external network and web application penetration assessments with the specific goal of vulnerability identification and active exploitation of identified vulnerabilities. Prior to Sunera, Matt was a senior researcher within HP's Web Security Research Group focusing on the automated detection of vulnerabilities within web technologies. During his tenure with HP, he also led the development of several free tools such as HP's Scrawlr (SQLI) and SWFScan (Flash Static-Analysis). Prior to HP/SPI Dynamics, Inc., Matt performed research on SQL injection and automated debugging within the Information Security program at the Georgia Tech. He has spoken at a variety of security conferences and events such as Black Hat, RSA, Source and OWASP.