This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2014 BASC Speakers

Jump to: navigation, search

Boston-Banner-468x60.gif 2014 BASC: Home Agenda Presentations Speakers

Platinum Sponsors

Akamai Cigital EMC Rapid7 Sonatype

Gold Sponsors

Accuvant bugcrowdContrast Security   NetSPI nVisium Veracode

Silver Sponsor

SWAMP - Software Assurance Marketplace

We kindly thank our sponsors for their support. All slots are full.
Please help us keep BASC free by viewing and visiting all of our sponsors.

Collin Mulliner

Northeastern University
Collin Mulliner is a postdoctoral researcher in the Systems Security Lab at Northeastern University. Collin's main interest is the security and privacy of mobile and embedded systems with an emphasis on mobile and smart phones. Since 1997 Collin worked on all kinds of mobile devices and touched most of the mobile platforms for either software development or security work. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt, respectively. Collin has a broad interest in systems security that is somehow connected to mobile devices and cellular infrastructure. He has a specific interest in vulnerability analysis and offensive security but recently switched his focus to the defensive side to work on mitigations and countermeasures.

Dinesh Shetty

Security Innovation
Dinesh is a Security Engineer and Trainer for Security Innovation. He is an accomplished author and speaker, and his research has been published in numerous international security magazines and websites. Dinesh is a Hall of Fame member of Apple, Adobe, and Barracuda Networks for his identification and responsible disclosure of critical security vulnerabilities in their products, web sites, and web services. He has spoken and taken trainings at leading National and International conferences like Boston Security Meetup Conference, ClubHack, OWASP AsiaPac - Sydney, National Institute of Bank Management – India, Quest Knowledge center and multiple organizations among others. Dinesh also holds a number of professional IT and security certifications.

EMC Product Security Response Center

EMC PSRC is responsible for responding and managing security vulnerabilities reported in EMC/RSA products.

George Ehrhorn

George Ehrhorn is the IT Security Manager for MathWorks, a leading developer of mathematical computing software for engineers and scientists. George is responsible for the IT Security program at MathWorks including infrastructure security, risk assessment, and web application security. Prior to MathWorks George worked in IT Audit and Security functions at SunGard Data Systems, Ellucian, and Some of the nerdiest things about George are that he plays competitive bridge and that he was president of the math club in college. Twice.

Jack Mannino and Geller Bedoya

Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android and code written in Scala. He’s also an optimistic New York Mets fan, although that optimism slowly fades away every summer.

Geller Bedoya is a senior application security at nVisium. Geller graduated from Georgia Tech with a degree in Electrical Engineering. As a undergraduate student Geller tackled a range of security challenges from memory forensics to botnet research. After graduation, he promptly put his security knowledge to work at a financial brokerage where he aided in design and implementation of security throughout the SDLC. He performs security code reviews and application security testing of products. Outside the office, he finds peace of mind by cycling and running.

Jared DeMott

Dr. Jared DeMott is a seasoned security researcher, and has spoken at conferences such as DerbyCon, BlackHat, Defcon, ToorCon, Shakacon, DakotaCon, CarolinaCon, ThotCon, GRRCon, and Bsides*. Past notable research relates to stopping a trendy hacker exploit technique (known as ROP), by placing as a finalist in Microsoft’s BlueHat prize contest, and by more recently showing how to bypass Microsoft’s EMET protection tool.

Jared is active in the security community by teaching his Application Security course, and has co-authored the book – Fuzzing for Software Security Testing and Quality Assurance. DeMott has been on three winning Defcon CTF teams, and has the black badges to prove it. He has been an invited lecturer at prestigious institutions such as the United States Military Academy, and previously worked for the National Security Agency. DeMott holds a PhD from Michigan State University.

Jeff Williams

Contrast Security
Jeff Williams is the founder and CTO of Contrast Security, bringing the power of instrumentation and real time analytics to secure your application portfolio. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and may be reached directly at [email protected].

Josh Corman

Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute.

Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Anson Gomes and Jeremy Spencer

iSEC Partners

Anson Gomes is a security researcher and consultant at iSEC Partners. He specializes in web applications and web services security, network security, mobile application security, and architecture reviews. He has led numerous assessments for applications written in languages such as Java, .NET, PHP, and Objective C. In his spare time, Anson spends his time researching cloud systems, custom protocols, and embedded devices. He is passionate about red teaming and social engineering. Anson has also given multiple presentations both locally at NYC and at major conferences such as Black Hat and OWASP AppSec USA. He lives in New York City.

Jeremy Spencer is a Security Consultant at iSEC Partners, an information security consulting firm that specializes in application, network, and mobile security. He has conducted multiple web, mobile, and network penetration tests and has successfully reported vulnerabilities in applications written in languages such as Java, PHP, Python, and Ruby.

Jeremy graduated from Columbia University's School of Engineering and Applied Science in 2013 with a B.S. in Computer Science. At Columbia, Jeremy engaged in computer system software development within operating systems, compilers, and networking stack. Prior to iSEC, Jeremy held an internship at Goldman Sachs where he did security related software development.

Michael Weissbacher

Northeastern University
Michael Weissbacher is a PhD student and Research Assistant at the SecLab of Northeastern University. His research interests are focused on the security of web applications on both client and server side. Michael plays CTFs with Shellphish.

Patrick Laverty

Patrick is a member of the Akamai Technologies Customer Security Incident Response Team (CSIRT) in Cambridge where he helps detect and thwart hackers from some of the biggest and most well-known web sites in the world. He organizes the monthly meetings for the OWASP Rhode Island chapter. In his spare time, he's working on a wicked hahd slap shot for his hockey team.

Sagar Dongre

Sagar Dongre is Senior Consultant with Cigital. At Cigital, he is one of the leaders in the static analysis practice within the company. He consults for many of Cigital’s clients on static analysis topics such as enterprise-wide code review processes and secure software development lifecycle (SSDLC).

Steve Markey

Steve Markey is the principal of nControl, a consulting firm based in Philadelphia, Pennsylvania, USA. He is also an adjunct professor, a published author, and a principal speaker at a number of global conferences. Markey holds multiple certifications and degrees, and has more than 14 years of experience in the technology sector. He frequently presents on information security, information privacy, cloud computing, project management, e-discovery, and information governance.

Walt Williams

Lattice Engines
Walt Williams, CISSP®, SSCP®, CEH, CPT has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group, and EMC. He has since moved to security management, where he now manages security at Lattice Engines. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides on risk management as the cornerstone of a security architecture.

Mr. Williams' articles on security and service oriented architecture have appeared in the Information Security Management Handbook, and is the author of Security for Service Oriented Architecture by CRC press, 2014. He sits on the board of directors for the New England ISSA chapter and is a member of the program committee for Metricon. He has a master’s degree in Anthropology from Hunter College.

You can find out more about this conference at
Conference Organizer: Jim Weiler