This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Attendee Bios"
(→Watson, Colin) |
m (Reverted edits by Briechenstein Software Studio (talk) to last revision by David Montero Abujas) |
||
(37 intermediate revisions by 3 users not shown) | |||
Line 31: | Line 31: | ||
== Agustini, Alexandre == | == Agustini, Alexandre == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Agustini,_Alexandre.png|150px]]</div><div style=“text-align:justify”>I am senior lecturer and currently academic coordinator |
of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language. | of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language. | ||
Line 38: | Line 38: | ||
== Akhmad, Zaki == | == Akhmad, Zaki == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Akhmad,_Zaki.png|150px]]</div><div style=“text-align:justify”>Born in Jakarta, Indonesia, 1982, Zaki holds a master degree from |
Bandung Institute of Technology, Indonesia, with major Electrical | Bandung Institute of Technology, Indonesia, with major Electrical | ||
Engineering. Currently he works at indocisc, a small consultant | Engineering. Currently he works at indocisc, a small consultant | ||
Line 48: | Line 48: | ||
== Alamri, Lorna == | == Alamri, Lorna == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Alamri,_Lorna.png|150px]]</div><div style=“text-align:justify”>Lorna is a consultant at a large financial institution and resides in Minneapolis, Minnesota, USA. She is Vice President of the Minneapolis OWASP Chapter, a member of the Global Industry Committee, Editor of the OWASP Newsletter, and a member of the Summit Planning Committee. |
</div><br clear="all"> | </div><br clear="all"> | ||
== AlBasha, Talal == | == AlBasha, Talal == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:AlBasha,_Talal.png|150px]]</div><div style=“text-align:justify”>Application Development Management, Application Security Consultation (GWAPT Certified) |
Alremh company at ICT Incubator | Alremh company at ICT Incubator | ||
Product Manager at Innovaive Solutions | Product Manager at Innovaive Solutions | ||
Line 84: | Line 84: | ||
== Angal, Rajeev == | == Angal, Rajeev == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Angal,_Rajeev.png|150px]]</div><div style=“text-align:justify”>Rajeev currently works as an Architect at Oracle (Sun Microsystems) and lives in the San Francisco Bay Area, California, USA. |
Past | Past | ||
• Founder & VP Engineering at Intellifabric Inc | • Founder & VP Engineering at Intellifabric Inc | ||
Line 98: | Line 98: | ||
== Aniceto, Alexandre == | == Aniceto, Alexandre == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Aniceto,_Alexandre.png|150px]]</div><div style=“text-align:justify”>Information Security Consultant, CISSP, CISM, CISA, ISO27001/LA |
Partner at Willway, S.A.; Lisbon Area, Portugal | Partner at Willway, S.A.; Lisbon Area, Portugal | ||
Past | Past | ||
Line 116: | Line 116: | ||
== Aryavalli, Gandhi == | == Aryavalli, Gandhi == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Aryavalli,_Gandhi.png|150px]]</div><div style=“text-align:justify”>Having Honors in Engineering (CS & Mech. Engg.) enriched by MBA (finance), have been working in Information Security space for the last 10+ years in the fields of Application Security, State Assessment, Data cum Network Security, Security Governance and Compliance areas. Currently part of McAfee family for the last 5+ years, providing technical expertise and support in the performance of architecture and application risk assessments for IT developed applications and third party solutions, review of applications for security vulnerabilities, perform penetration tests and enforcing Secure QA cum Coding practices. Key achievements include providing technical support to Department of Defence to install a Common Criteria lab in India for the first time, and established Vulnerability Accessment Center as per SSE-CMM Guidelines. Providing organisation wide trainings and conducting secure code reviews, as a Secure Core Team member of McAfee. Has played a key role in Application security in various CMM companies like Microsoft (v-id), Mahindra BT..etc. |
</div><br clear="all"> | </div><br clear="all"> | ||
== Barbato, L. Gustavo C. == | == Barbato, L. Gustavo C. == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Barbato,_L._Gustavo_C..png|150px]]</div><div style=“text-align:justify”>Gustavo is Ph.D. (application security) and M.Sc. (intrusion detection) in Information System Security as well as Bachelor in Computer Science. He has worked in security projects for the Brazilian Government for many years involving software programming, network and systems administration, computer and network security, application and network penetration testing, software security assessments, code review, malware analysis, intrusion detection, forensics analysis and others activities. During that time, he has also worked as security professor at college and postgraduate by teaching subjects about network and information security. In the beginning, he used to work as software developer and system administrator. However, the last years were dedicated to security consulting on areas aforesaid. Nowadays, he is the Technical Application Security Lead at Dell and Secure Programming Professor at UNISINOS University. As voluntary work, he is the Porto Alegre (Brazil) OWASP Chapter Founder/Leader and member of OWASP Global Chapter Committee. |
</div><br clear="all"> | </div><br clear="all"> | ||
== Barnett, Ryan == | == Barnett, Ryan == | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Barnett,_Ryan.png|150px]]</div><div style=“text-align:justify”>Ryan Barnett is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where he focuses on web application defensive research and serves as the ModSecurity web application firewall project lead. In addition to his work at Trustwave, Ryan is also a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. He is also a Web Application Security Consortium (WASC) Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects, as well as, the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache and is a frequent speaker at industry conferences such as Blackhat and OWASP. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Baso, Sarah== | ==Baso, Sarah== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Baso,_Sarah.png|150px]]</div><div style=“text-align:justify”>Sarah is a licensed attorney living in Minneapolis, Minnesota, USA. She currently works as a teacher for at risk youth (grades 5-8) at an after school and summer kids program, in addition to volunteering at an ESL school that provides English, computer, math, and citizenship classes to immigrants and refugees. Most recently, Sarah has been involved with OWASP, providing logistical support, travel planning and wiki foo for the Global Summit and serving as the secretary for the Global Industry Committee. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Batista, Marco== | ==Batista, Marco== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Batista,_Marco.png|150px]]</div><div style=“text-align:justify”>Marco is a 26 year old from Portugal with a Network and Communications Engineer degree. He has worked for 2 years in Carrier Sales Support / Customer Premises Equipment (CPE) Broadband Access (xDSL, FTTH), and is currently taking a MSc in Information Security. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Bergling, Mattias== | ==Bergling, Mattias== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Bergling,_Mattias.png|150px]]</div><div style=“text-align:justify”>Mattias Bergling works as a Senior Security Consultant at 2Secure in Stockholm, Sweden. Mattias has been working with IT security for 12 years and has been focusing on security testing for the last 8 years. Mattias is the co-leader for the Swedish OWASP chapter and was on the Organizing Committee for AppSec EU 2010. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Bernik, Joe== | ==Bernik, Joe== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Bernik,_Joe.png|150px]]</div><div style=“text-align:justify”>Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank. |
Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. | Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. | ||
Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank. | Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank. | ||
Line 156: | Line 156: | ||
==Biagiotti, Massimo== | ==Biagiotti, Massimo== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Biagiotti,_Massimo.png|150px]]</div><div style=“text-align:justify”>Project Manager and Business Developer of consulting activities for network and application security analyses concerning Ethical Hacking, Secure Software Development Lyfecycle, Security Processes, Risk Analyses and Business Impact Analyses. Since 2009 is also responsible of the Internship Program of Business-e. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Bonver, Edward== | ==Bonver, Edward== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Bonver,_Edward.png|150px]]</div><div style=“text-align:justify”>Edward Bonver is a principal software engineer on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, Nbase and Zuma Networks. Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Booth, Rex== | ==Booth, Rex== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Booth,_Rex.png|150px]]</div><div style=“text-align:justify”>Rex is a Senior Manager in Grant Thornton’s Public Sector practice and leads their Cybersecurity Solution group. He has over ten years of experience providing application development, risk management and information security services to government agencies, private industry, and financial institutions. |
Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP). | Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP). | ||
Line 174: | Line 174: | ||
==Brennan, Tom== | ==Brennan, Tom== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Brennan,_Tom.png|150px]]</div><div style=“text-align:justify”>Brennan started with technology in 1986 when 8-bit and CP/M was cool <grin>. After a career ending injury with United States Marines Corps., during Gulf War I Era he has dedicated his life to information security. Was elected and served with the FBI Infragard program 2002-2004 and then founded the OWASP New Jersey Chapter that today includes NYC Metro. In 2007 Brennan was appointed by his application security peers to the OWASP Global Board of Directors. Tom was the managing partner of Proactive Risk that routinely assessed technology, people and process used in finance, e-commerce, oil/gas, power generation/transmission, water, and global enterprise networks before joining Trustwave Spiderlabs in 2011. A father of 4 great kids and is a frequent and entertaining speaker at information security conferences and bars around the world ;) |
</div><br clear="all"> | </div><br clear="all"> | ||
==Brewer, Deb== | ==Brewer, Deb== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Brewer,_Deb.png|150px]]</div><div style=“text-align:justify”>LXstudios Inc., Owner/Director |
Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients. | Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients. | ||
Line 186: | Line 186: | ||
==Bristow, Mark== | ==Bristow, Mark== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Bristow,_Mark.png|150px]]</div><div style=“text-align:justify”>Mark Bristow works as an Industrial Control Systems (ICS/SCADA) Security consultant with Securicon LLC for a US Government client. Before getting involved with ICS, Mark was heavily involved in web application vulnerability research, penetration testing and building application security programs as a consultant with SRA International. Mark is an active member of the Open Web Application Security Project (OWASP) as Global Conferences Committee Chair, AppSec DC Organizer, and Co-Chair of the OWASP DC chapter. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Brzozowski, Daniel== | ==Brzozowski, Daniel== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Brzozowski,_Daniel.png|150px]]</div><div style=“text-align:justify”>Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Buetler, Ivan== | ==Buetler, Ivan== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Buetler,_Ivan.png|150px]]</div><div style=“text-align:justify”>Founder and CEO, Compass Security AG (since 1999) |
Founder of Swiss Cyber Storm Security Conference (since 2007) | Founder of Swiss Cyber Storm Security Conference (since 2007) | ||
Founder of Hacking-Lab community site / Alias E1 (since 2006) | Founder of Hacking-Lab community site / Alias E1 (since 2006) | ||
Line 207: | Line 207: | ||
==Calderon, Juan Carlos== | ==Calderon, Juan Carlos== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Calderon,_Juan_Carlos.png|150px]]</div><div style=“text-align:justify”>Juan currently works as Application Security Research Leader/Sr Auditor at Softtek and lives in the Aguascalientes Area, Mexico. Prior to this he was a Project Leader at Softtek, as well as a Sr Application Security Auditor and Sr Web Developer at Soft tek. Juan also worked as a Web Application Security Specialist and Web Developmer at GE DDEMESIS and as the IT Manager at Gabatti. Juan received his education from the Instituto Tecnológico y de Estudios Superiores de Monterrey and the Instituto Tecnológico de Zacatecas. Juan Specializes in: Application Security, Security Source Code Review, Vulnerability assessments, security trends analysis, Penetration Testing, Secure SDLC, App |
Sec consultancy. | Sec consultancy. | ||
Line 214: | Line 214: | ||
==Campbell, David== | ==Campbell, David== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Campbell,_David.png|150px]]</div><div style=“text-align:justify”>Founder and Principal Consultant, Electric Alchemy |
DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot. | DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot. | ||
DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world. | DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world. | ||
Line 228: | Line 228: | ||
==Causey, Brad== | ==Causey, Brad== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Causey,_Brad.png|150px]]</div><div style=“text-align:justify”>Brad Causey is an active member of the security and forensics community |
worldwide. Brad tends to focus his time on Web Application security as | worldwide. Brad tends to focus his time on Web Application security as | ||
it applies to global and enterprise arenas. He is currently employed at | it applies to global and enterprise arenas. He is currently employed at | ||
Line 240: | Line 240: | ||
==Chalmers, Matthew== | ==Chalmers, Matthew== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File: | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Chalmers,_Matthew.jpg|150px]]</div><div style=“text-align:justify”>Matthew Chalmers has been doing information security and related work his entire professional career, since earning his bachelor's degree from the Missouri University of Science & Technology. Matt has worked for large organizations in the defense, financial and manufacturing industries including the US Navy, the National Security Agency, JPMorgan Chase and, presently, Rockwell Automation. Matt currently performs risk, threat, control and vulnerability assessments; regulatory & policy/standard compliance audits; process improvement audits; and general & application control audits. Matt holds the CISA, GSNA, GCFA, CEH and CHS certifications and is ITIL v3 Foundation certified. Matt has been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org. |
</div><br clear="all"> | </div><br clear="all"> | ||
Line 832: | Line 832: | ||
<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna (Italy). | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna (Italy). | ||
He is the OWASP-Italy Founder and Chair from January 2005 (http://www.owasp.org/index.php/Italy), leads the new OWASP Testing Guide from 2006 (http://www.owasp.org/index.php/OWASP_Testing_Project), and he is starting the OWASP Common Vulnerability list with Anurag Agarwal and Eoin Keary (http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List). He is one of contributor of OWASP SAMM (http://www.opensamm.org). He holds CISSP, CISA certification, Matteo is the CEO and a cofounder of Minded Security, an Application Security Consulting Company, with more than 10 years of specializing in information security and collaborates from several years at the OWASP project. Matteo is invited as speaker at many events all around the world talking about Web Application Security. | He is the OWASP-Italy Founder and Chair from January 2005 (http://www.owasp.org/index.php/Italy), leads the new OWASP Testing Guide from 2006 (http://www.owasp.org/index.php/OWASP_Testing_Project), and he is starting the OWASP Common Vulnerability list with Anurag Agarwal and Eoin Keary (http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List). He is one of contributor of OWASP SAMM (http://www.opensamm.org). He holds CISSP, CISA certification, Matteo is the CEO and a cofounder of Minded Security, an Application Security Consulting Company, with more than 10 years of specializing in information security and collaborates from several years at the OWASP project. Matteo is invited as speaker at many events all around the world talking about Web Application Security. | ||
+ | |||
+ | </div><br clear="all"> | ||
+ | |||
+ | ==Montero, David== | ||
+ | |||
+ | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>David is CISA, CISM and CRISC by ISACA, as well as the only one degree ISMS Lead Auditor issued by IRCA in Spain. He is the founder of OWASP-Andalucia chapter in Spain (http://www.owasp.org/index.php/Andalucia), and founder of Grupo iSoluciones, group of companies specialized in information security with presence in Spain and Uruguay. His interest areas are pentesting and cyberwar, where write articles and essays with the alias "Raistlin". | ||
</div><br clear="all"> | </div><br clear="all"> | ||
Line 1,152: | Line 1,158: | ||
==Weston, David== | ==Weston, David== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>David Weston is a Security Engineer at Microsoft where he works on the team responsible for the security testing of Windows. David previously worked as a security consultant at a major defense contractor where worked on projects for Department of Defense, Federal, and Enterprise customers. He is an experienced security researcher and has presented at numerous security conferences such as Blackhat and Defcon in addition to discovering vulnerabilities in several major software packages. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Wichers, Dave== | ==Wichers, Dave== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Information Security consultant continuously since 1989. Current focus area is in Application Security Consulting, including Developer Training, Security Code Reviews, Application Penetration Testing, Technology Selection, Security Policy Development, Infusing Security into the Software Development Lifecycle, and the development of Standard Security Controls. Particular expertise in Security of Web Applications. |
+ | Currently member of the OWASP Board, the OWASP Conferences Chair, and coauthor and project lead of the OWASP Top Ten Most Critical Web Application Security Vulnerabilities (http://www.owasp.org/index.php?Top10). | ||
+ | Early career focused on InfoSec for DoD, including C&A, Trusted Product Evaluations, Multilevel Security, and Cross Domain Solutions (e.g., Guards) for product vendors, large DoD integrators, and the NSA. | ||
+ | Specialties - Application Security Consulting (specialty focus on Web Application Security), Information Security, Certification & Accreditation, Multilevel Security, Cross Domain Solutions (Guards), Secure Software Development in Java | ||
+ | |||
</div><br clear="all"> | </div><br clear="all"> | ||
==Wilander, John== | ==Wilander, John== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>John Wilander is an application security researcher and consultant. He is a partner and evangelist at Omegapoint, a consultancy firm based in Sweden. John typically works as a security focused software developer. Java and JavaScript are his languages of choice. After his Master's degree in Computer Science and Engineering from Linköping University (Sweden) and Nanyang Technological University (Singapore) he pursued a PhD in application security. Last paper still pending but John's research publications can be found at: http://www.ida.liu.se/~johwi/research_publications/ John started the Swedish OWASP Chapter in 2007 and has since been leader and co-leader. In 2010 he chaired the most successful OWASP AppSec EU conference so far – OWASP AppSec Research 2010. John along with the Swedish chapter are listed as contributors to OWASP Top 10 2010. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Williams, Jeff== | ==Williams, Jeff== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Jeff Williams is the founder and CEO of Aspect Security, specializing in application security services including code review, penetration testing, training, and eLearning. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP) where he has made extensive contributions, including the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, Application Security Verification Standard, OWASP Risk Rating Methodology, starting the worldwide local chapters program, and starting the Rugged Software movement. Jeff holds advanced degrees in psychology, computer science, and human factors, and graduated cum laude from Georgetown Law. You can contact Jeff at [email protected]. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Wilson, Doug== | ==Wilson, Doug== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Doug Wilson is one of the co-chairs of the Washington DC OWASP chapter, and one of the organizers of the OWASP AppSec DC conference in Washington DC. He is a Principal Consultant for MANDIANT, a full service security company based out of the Washington DC area. |
+ | Doug has been involved in information security for over a decade. He got his start in the Web 1.0 dot-com years working for web hosting companies, and ended up doing government contracting, with expertise in incident response and multi-tiered application architecture. He currently supports government contracts exploring ways of improving software assurance and confidence in COTS software. He has spoken at a wide variety of professional events in Washington DC, including Shmoocon, and the High Confidence Software and Systems (HCSS) conference. | ||
+ | |||
+ | </div><br clear="all"> | ||
+ | |||
+ | == Wuensch, Stefan == | ||
+ | |||
+ | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Starting as soon as he could grip a screwdriver, Stefan spent his formative years hacking and tinkering with anything run by electricity. Later Stefan joined the Boston-area hacker group L0pht, and was a member for five years. In 1998 Stefan and the other L0pht members testified before the United States Senate as part of a series of hearings on "Weak Computer Security in Government: Is the Public at Risk?" For the past 13 years Stefan has been working at Harvard University where he has been involved with security, high-performance research computing, networking, and systems infrastructure. His current role is Senior UNIX Engineer. | ||
</div><br clear="all"> | </div><br clear="all"> | ||
==Wysopal, Chris== | ==Wysopal, Chris== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Yeo, John== | ==Yeo, John== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>John Yeo is Director of Trustwave’s SpiderLabs for the EMEA region. SpiderLabs, one of the world’s largest global security practices, is the advanced security division within Trustwave. SpiderLabs is focused on application security, incident response, penetration testing, physical security and security research. At Trustwave John is responsible for managing the various SpiderLabs teams and all aspects of service delivery within the EMEA region. |
</div><br clear="all"> | </div><br clear="all"> | ||
==Zusman, Mike== | ==Zusman, Mike== | ||
− | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> | + | <div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Michael Zusman is a Managing Principal Consultant with the Intrepidus Group. At Intrepidus, his focus is on assisting clients in architecting secure mobile solutions and applications for various platforms including iOS, Android, and RIM. Prior to joining Intrepidus Group, Mike has held the positions of Escalation Engineer at Microsoft, Security Program Manager at Automatic Data Processing, and lead architect & developer at a number of smaller firms. |
+ | In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors and other clients. He has spoken about mobile application security at a number of top industry events including Black Hat, CanSecWest, OWASP meetings and at local colleges including Polytechnic University. | ||
+ | Mike brings 12 years of security, technology, and business experience to Intrepidus Group. He has attained the CISSP certification, and is a co-leader of the OWASP Mobile Security Project. | ||
+ | |||
</div><br clear="all"> | </div><br clear="all"> |
Latest revision as of 20:13, 10 February 2017
: Top - 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Back to Attendee List | Back to main Summit 2011 page
Add a bio using the page edit link; change a bio using the section edit link.
Adamski, Lucas
Agarwal, Anurag
Aguilera, Vicente
Agustini, Alexandre
of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language.
Akhmad, Zaki
Bandung Institute of Technology, Indonesia, with major Electrical Engineering. Currently he works at indocisc, a small consultant company focus on information security, as a Junior Security Analyst. On professional certification, he had passed the CISA exam which he took on June 2010. He has lead the OWASP Indonesia Chapter since December 2008. The first translation project completed by OWASP Indonesia Chapter team is the Top 10 OWASP 2010. He enjoys very much working on information security industry. On the leisure time, Zaki loves reading, writing, listening to music and for some time taking photos. He also enjoy sports, especially running and swimming. He can be contact at za at owasp dot org.
Alamri, Lorna
AlBasha, Talal
Alremh company at ICT Incubator Product Manager at Innovaive Solutions
Riyadh,Saudi Arabia OWASP Involvement: Syria Chapter Leader Past • Presenter for Internet Security at ITDigest • Senior Developer at King Faisal Specialist Hospital • Senior Developer at KFSHRC Education • Damascus University • SANS Summary Portal Development with J2EE technology IBM Websphere portal server, application server (with clustering) Bea Weblogic SMS, MMS and Mobile Banking projects Application Security (SANS GIAC standards, OWASP standards, (ISC)2 CSSLP standards) GWAPT Certified
Specialties: J2EE, Websphere clustering, Weblogic, JBoss, Struts, JSF SMS, MMS, Mobile Banking SMS Gateway Application Security
Angal, Rajeev
Past • Founder & VP Engineering at Intellifabric Inc • Director of Technology at Infospace Inc • Architect, Portal Server at SUN Microsystems Education • University of California, Santa Cruz • IIT Delhi • Delhi Public School - R. K. Puram
Aniceto, Alexandre
Partner at Willway, S.A.; Lisbon Area, Portugal Past Senior Security Consultant at Glintt Security Advisor at Archeocelis, Lda Security & Systems Engineer at Nokia Siemens Networks Education Royal Holloway, U. of London , (ISC)² , ISACA - Information Systems Audit and Control Association Specialties: Information Security Management Security Architecture Design & Implementation Auditing and Regulatory Compliance
Aryavalli, Gandhi
Barbato, L. Gustavo C.
Barnett, Ryan
Baso, Sarah
Batista, Marco
Bergling, Mattias
Bernik, Joe
Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank. Mr. Bernik received his bachelor’s degree from the University of Mary Washington in Fredericksburg, Virginia, and completed graduate work in business administration at the City University of New York. Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC).
Biagiotti, Massimo
Bonver, Edward
Booth, Rex
Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP).
Brennan, Tom
Brewer, Deb
Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients.
Bristow, Mark
Brzozowski, Daniel
Buetler, Ivan
Founder of Swiss Cyber Storm Security Conference (since 2007) Founder of Hacking-Lab community site / Alias E1 (since 2006) Founder and board member of Cyber Tycoons foundation (since 2010) Board member Information Security Society Swizerland ISSS (since 2010) Member /ch/open foundation. After completing his degree in Electrical Engineering at the Technical College of Rapperswil focusing on computer science, control technology, electronics, energy engineering, and motion technology, Ivan Buetler worked for 2 years in St.Gallen at AGI Service, a company which provides services for banks. He provided plans for high-availability Unix and NT server systems including, among other things, a platform for the stock market and foreign exchange dealers based on Reuters, Bloomberg and FIMS (Telekurs). Afterwards, while working for 3r security engineering ag/Entrust Technologies, Ivan supported security consultants in technical matters, analysed clients' technical problems, local network and computer systems throughout Europe. This security work included penetration tests, security reviews, the development of secure architectures, Internet and Intranet security, as well as security solutions for e-Commerce. In particular, he was involved in the cross-certification of the Canadian Entrust PKI with Europe. During these activities he completed post-graduate studies at the Management School of St.Gallen/Zurich in Business Management.
Calderon, Juan Carlos
Sec consultancy.
Campbell, David
DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot. DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world. Since founding EA Campbell has embraced application security and mobile security and continues to be involved in the community. DC leads the Denver chapter of the Open Web Application Security Project and organizes the successful annual FROC application security conferences.
Casey, Larry
Causey, Brad
worldwide. Brad tends to focus his time on Web Application security as it applies to global and enterprise arenas. He is currently employed at a major international financial institution as a security analyst. Brad is the President of the OWASP Alabama chapter, a member of the OWASP Global Projects Committee and a contributor to the OWASP Live CD. He is also the President of the International Information Systems Forensics Association chapter in Alabama. Brad is an avid author and writer with hundreds of publications and several books. Brad currently holds certifications in the following arenas: MCSA, MCDBA, MCSE, MCT, MCP, GBLC, GGSC100, C|EH, CIFI, CCNA,IT Project Management+, Security+, A+, Network+, CISSP, CGSP.
Chalmers, Matthew
Chandra, Pravir
Cheng, Steven
In the past year Steven had led the CodeSecure team to undergo a major product transformation in terms of distribution method from appliance to pure software based, and complete UI redesign. The beta version is now available for download and final release date is scheduled on 4th March.
Clarke, Justin
Coates, Michael
Michael is the creator and leader of the AppSensor project and a contributor to the 2010 OWASP Top 10. He is a frequent speaker at OWASP security conferences in the US and Europe and has also spoken at the Chicago Thotcon conference and provided security training at BlackHat. As the web security lead at Mozilla, Michael protects web applications used by millions of users each day.
Coimbra, Paulo
A few of his OWASP’s heterogeneous contributions are as follows: • OWASP Spring of Code 2007, • OWASP Summer of Code 2008, • OWASP EU Summit 2008, • OWASP Assessment Criteria 1.0 & 2.0, • OWASP 'Project About' Templates, • OWASP Projects Dashboard, • OWASP Project Reviewers Database, • OWASP Training. Paulo Coimbra has a M.S. in Management (Technical University of Lisbon), a Post-Graduation in Political Science (University of Lisbon), and a B.S. in Management and Social Development (Portuguese Catholic University). He has worked in management since 1992. He has performed different roles, from Economist (IAPMEI/Portuguese Ministry of Economy) to Teacher of Finances, Accountancy and M&A (Polytechnic Institutes of Setúbal and Santarém), to Marketing Director and Teacher of Project Finance, Corporate Communication and Political Science (Piaget Institute).
Cornell, Dan
Corry, Bil
I have extensive experience in information security, information technology and web application development. I bring integrity and accountability to all of my projects. Beyond my technical skills, I also have experience managing people and resources, budgeting, metrics, legal issues, strategic planning, and public speaking.
Information Security: access controls, disaster recovery, network security, web application security, HIPAA, PCI, application lifecycle, penetration testing, auditing, security research and more. Information Technology: server administration, hardware/software installation/configuration, help desk/technical support, product evaluation, and more. Web Application Development: entire development cycle, from design to implementation to quality assurance to deployment. Specialties: Contributor to HTML5 (http://www.whatwg.org/specs/web-apps/current-work/multipage/acknowledgements.html#acknowledgements) Contributor to WASC Threat Classification v2 (http://projects.webappsec.org/Threat-Classification-Authors)
Cruz, Dinis
For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers). Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM) performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.
Cruz, Sarah
Dawson, Isaac
enjoy trying to think of unique ways of breaking applications from a business logic stand point. I have published the following papers: • Blind Buffer Overflows in ISAPI extensions: http://www.securityfocus.com/infocus/1819 - This article was released on the main page of the leading security news and information site, Security Focus in January 2005. • The Benefits of Combining Automated and Manual Penetration Testing (Japanese Only): https://www4.symantec.com/Vrt/offer?_requestid=22090&a_id=42747 – This white paper was written to aid our sales team in educating our customers as to the benefits of combining manual testing with automated tools. I felt that the Japanese market relied too heavily on tool based analysis so the paper was written to show what automated tools cannot find. Specialties: application assessments, network assessments, some reverse engineering
De Win, Bart
Deleersnyder, Seba
DiPaola, Stefano
Donovan, Fred
Durkee, Ralph
Dworakowski, Wojciech
I am especially interested in: • Security testing management. • ASVS. • OWASP Testing Guide, etc. • Risk assessment vs. (web) applications. • Security development lifecycle (OpenSAMM). • Penetration testing & code review. • Frameworks security. OWASP Poland board member. ISMS Lead Auditor / BS7799 certified.
Elias, Wagner
Certifications: CBCP - Certified Business Continuity Professional SANS GIAC GHTQ CobiT Foundation ITIL Foundation Specialties • Application Security • Penetration Test • BCMS (Business Continuity Management System) • DRP (Disaster Recovery Plan) • ISMS (Information Security Management System) • DMS (Data Management System) • Risk Analysis & Mitigation • Pre-Sales & Customer Interface • Risk-Critical Solution Design & Deployment • Public Speaking & Writing Talents
Eng,Chris
Chris speaks regularly at top information security conferences including BlackHat, OWASP, and RSA, discussing topics such as cryptographic attacks, application security metrics, secure coding, and the SDLC. He also serves on the advisory board for the SOURCE Boston and SOURCE Barcelona security conferences. Along with experts from more than 30 US and international cyber security organizations, he helped develop the CWE/SANS Top 25 Most Dangerous Programming Errors.
Evans, Arian
Arian has worked at the forefront of Web application security for more than 10 years. His global projects include work with the Center for InternetSecurity, NIST, the FBI, the Secret Service, and many large commercial organizations in analyzing Web application security and providing hacking incident-response. Arian also researches and discloses new attack techniques and vulnerabilities in Web application software including commercial platforms like Cisco and Nokia. Previously, Arian led the Application Security Practice at FishNet Security, working with Fortune 500 clients and delivering software security services globally. Arian is a frequent speaker at industry conferences including Black Hat, Hacker Halted, OWASP, RSA, and WASC events, and was also a contributing author for "Hacking Exposed: Web Applications."
Falkenberg, Andreas
Research interests include: - Web Service Security - Web Service Attacks - XSS
Fazli Azran, Mohd
Fedon, Giorgio
Ferraz, Felipe
Ferreira, Lucas C.
Fette, Ian
the APIs we add to Google Chrome and to web standards provide a coherent development platform that meets the needs of Google's application developers and web developers at large. Experience managing large globally distributed products, currently managing a group split between N. America, Europe, and Asia. Engineer with the U.S. Government, working on large highly available database applications, with security clearance. Specialties: Product management, web standards, contract negotiations, security, phishing, malware
Fitzgerald, Alexis
My first contact with OWASP was the AppSec Europe conference at Royal Holloway outside of London in 2005. Since then I have mainly been a consumer of OWASP resources, apart from giving a few talks at various chapter meetings. My goal with OWASP is to help development teams build "enough" security into their projects and to raise general awareness about OWASP and application security. That is why I believe that outreach and education type initiatives must be key aspects in the future direction of OWASP."
Fitzhugh, Justin
Corporation. He's responsible for all Mozilla’s production and corporate infrastructure, including serving the Firefox product to more than 150 million users. In addition to Firefox distribution, his team designs, implements and supports the infrastructure for one of the largest open source organizations in the world. Prior to Mozilla, Justin managed Macromedia’s global datacenter environment. He spends his spare time as an avid pilot, snowboarder and father in the Bay Area.
Flores, Mauro
and helping to develop AV technologies. After that I work as a developer for companies related to the financial industry where I help to develop credit card related applications, home bankings and stuff like that. Then I move to the administration phase of my life where I work as a security network administrator for the main TMT company of my country. At the same time I did security research and develop for companies on the United Kingdom and Brasil. Now I work as a security consultant in Deloitte Uruguay.
Fontes, Antonio
and risk management with private organizations. Member of the OWASP Switzerland board, he leads the Geneva chapter and contributes in several reference software security projects such as the "CWE Top 25 most dangerous programing errors." Antonio currently works at L7 Sécurité, a swiss security & risk consultancy company he founded in 2010. His work strongly emphasizes on helping organizations better understand Internet threats and manage their risks
Fort, Julio Cesar
Fortuna, Pedro
Holds a degree in Computing Engineering and a MSc in Computer Networks. Extensive knowledge and professional experience in R&D projects and software development, both at academic and industrial levels. Teached at the Faculty of Engineering of the University of Porto, and also gave training in computer security. Currently, teaches Networks and Computer Security at the Engineering School of the Polytechnic Institute of Porto. He is also a member of INESC Porto L.A., a National R&D Laboratory, where he is working towards his PhD.
Frosch,Tilman
Galvao, Pedro
Gao, Helen
Garrancho, Bruno
Garg, Vishal
Gomes, Leandro Resende
The last events Leandro participated was BlackHat 2009 conference in Las Vegas, OWASP AppSec 2009 and ICCyber 2010, Brazil. He wrote an article about "Securing web applications with fuzzing tests" for a SERPRO internal conference.
Gondrom,Tobias
Since 2003 he is the chair of the IETF working group „LTANS“ in the security area, member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF, and a former chapter lead of the German OWASP chapter from 2007 to 2008. Tobias is the author of the international standard RFC 4998 (Evidence Record Syntax) and co-author and contributor to a number of internet standards and papers on security and electronic signatures, as well as the co-author of the book „Secure Electronic Archiving“ (ISBN 3-87081-427-6), and frequent presenter at conferences and publication of articles (e.g. ISSE, Moderner Staat, IETF, VOI-booklet “Electronic Signature“, iX).
Greene,Collin
Recently focusing on building static and dynamic analysis tools and getting them used within an organization.
Hansen, Robert
Mr. Hansen wrote Detecting Malice authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES, OWASP Appsec Asia and OWASP Appsec Brazil. Mr. Hansen is a member of Infragard, West Austin Rotary, WASC, IACSP, APWG, contributed to the OWASP 2.0 guide and is on the OWASP Connections Committee.
Hartmann, Kate
Heiderich, Mario
Heyes, Gareth
Hinojosa, Kuai
Hodges, Jeff
He participates in various IETF working groups including those whose topics involve HTTP, TLS/SSL, and those that touch upon security/identity. He also participates in various other Internet-based fora, e.g. Internet Identity Workshop (IIW), OASIS (SSTC/SAML committee), Kantara, Identity Commons, etc. In the recent past, he contributed to the Liberty Alliance effort as an editor and co-author of several of the Liberty ID-WSF and ID-FF protocol specifications. Earlier, he served as co-chair of the OASIS Security Services Technical Committee (SSTC/SAML), shepherding and contributing to the development of SAMLv1.0, as well as subsequently contributing to v1.1 and v2.0. His prior work has included contributions to the design of the LDAPv3 directory access protocol (in the areas of authentication and security), as well as contributing to the design and deployment of Stanford University's SUNet ID and Registry/Directory infrastructure. He's held architecture, engineering, and management positions at NeuStar, Sun Microsystems, Oblix, Stanford University, and Xerox.
Hoff, Jerry
has led and performed numerous application security code reviews for clients across multiple industries. Jerry also provides training services for clients, and has over 10 years teaching and development experience. Jerry is also involved in the Open Web Application Security Project (OWASP) and was the lead developer of AntiSamy.net project. He has a master's degree in Computer Science from Washington University in St. Louis.
Hoffman, Achim
It's difficult to describe my knowledge in the security world without being subjective, hence replace some by whatever your feel happy with. The official title on the v-card will be senior security and network consultant, which means something too. (Short) CV I'm doing software development since early '80s, used to networking all the time, and focused on web application security starting this millenium. Meanwhile I've seen coming, have evaluated, have configured and used, and have seen disappearing a lot of WAFs and web application security scanners. Founded sic[!]sec GmbH in 2010. OWASP Activities • Participating in the German Chapter, German Chapter Board Member • Project leader, maintainer, developer of OWASP EnDe Project • Reviewer on some other OWASP projects (SoC 2008) • CAL9000 (added some en-/decoding and request/response functionality; 2006) • OWASP papers: o Best Practices: WAF o Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen Public Papers / Work • HTTP State Management Mechanism (Cookie) current httpstate working group (contributor 2009/2010) • Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen (author 2009) • Web Application Security Threat Classification v2 (contributor 2008/2009/2010) • Best Practices: Einsatz von Web Application Firewalls (co-author, 2008) • Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices (author, 2005/2006) • Web Application Firewall Evaluation Criteria (contributor, 2005) • Web Application Security Threat Classification v1 (contributor and German translation, 2004/2005)
Hofmann, Chris
As the first employee at the Mozilla Foundation in August 2003, Chris led a small but devoted team of the original ten engineers that established the Mozilla Foundation as an independent and self-sustaining organization. In 2004, Chris managed and executed the first worldwide release of Mozilla Firefox 1.0. Firefox 1.0 helped to fulfill the Mozilla Foundation’s goal of supporting open Web standards and provide innovation and choice for Internet client software and set Firefox on a path to remarkable market share growth over the last several years. Chris now helps to build and strengthen Mozilla communities around the world. These contributors and communities are involved with localization of Firefox in to over 70 languages, extend Firefox with Addons, and provide support to Firefox users. He engages with security researchers to help improve browser security and manages Mozilla's Security Bug Bounty Program. He is also interested in engaging, helping, and promoting the work done in companies and large institutions to deploy Firefox use and Mozilla technology.
Hogben, Giles
Ichnowski, Jeff
Jimenez, Juan Jose Rider
• Finantial industry: designer of computer solutions(ecommerce, PCI-DSS, etc) • Healthcare system architect: ChipCard (https://www.chipcard-salud.es/) • SOA-related technologies expert • Web Services expert • High-performance required application architect • J2EE related-technologies expert • IBM Websphere expert • Payment methods and protocols, ecommerce, Internet, 3D-Secure, 3DSET, SPA/UCAF, etc • JSF, RichFaces, Ajax • Team Leadership. • Business Development. Specialties: E-Invoice expert(facturae, etc), PCI-DSS, Security for Web Applications, Web Services, e-commerce, SOA, J2EE,...
Jorge, Eduardo
Kang, Abraham
Have been working on application security issues for over 8 years (focused on security code review for last 3+ years). Published articles related to enterprise application integration, scalability, and security. Been recently focused on XSS remediation and DOM based XSS. Also interested in Unicode exploits and filter bypassing using character set mismatches. Recently contributed the candidate chapter for Output Encoding for the Web App Security Guide 3.0. Looking to contribute more to XSS, AJAX security, Unicode content on the OWASP site.
Keary, Eoin
Knobloch, Martin
Kosturjak, Vlatko
He likes to contribute to open source (security) software and you can find his code in snort, OpenVAS, Nmap, Metasploit and w3af. He is OWASP Croatia chapter leader and OWASP favicon project leader.
Koussa, Sherif
Kuivenhoven, Marinus
He is one of the founders and an active member of the Sogeti taskforce PaSS (Proactive Security Strategy), which focuses on implementations of the secure development lifecycle. Marinus developed and teaches several courses in application security for colleagues, educational institutes and customers. He is actively involved in OWASP. In the past years he has written articles for magazines like Computable and We Love IT. And he spoken on several international events including OWASP, ROOTs, Open Source Developer Conference and Engineering World.
Kumar, Nishi
Li, Jason
• Proficient software developer including time spent as technical lead for Java and Java EE applications. • Broad training background including development of courses about software development and application as well as delivery in live, virtual and eLearning formats. • Heavy involvement in the Open Web Application Security Project (OWASP) Foundation including: - Co-Chair of the OWASP Global Projects and Tools Committee - Frequent speaker at OWASP Conferences - Project Lead for the OWASP JSP Testing Tool - Core Contributor to the OWASP AntiSamy Project
Lindsay, David
primary areas of interest include web application vulnerabilities, cryptography and web standards. His primary area of disinterest is writing bios.
Long, Jeremy
Loureiro, Nuno
Luptak, Pavol
Pavol uses to have regular presentations at various worldwide security conferences (in Netherlands, Luxembourg, Berlin, Warsaw, Krakow, Prague). In the past, he demonstrated vulnerabilities in the public transport SMS tickets in all major cities in Europe, together with his colleague Norbert Szetei he practically demonstrated vulnerabilities in Mifare Classic RFID cards. He has 14 years experience in IT security, penetration testing and comprehensive OWASP security audits including social engineering and digital forensic analysis. He is one of the co-author of the OWASP Testing Guide v3, has a deep knowledge of the OSSTMM, ISO17799/27001 and many years experience in seeking vulnerabilities. At this time he is focused on web application obfuscation and GSM security.
Lyon, Chris
Manico, Jim
Jim is currently an independent Application Security Architect and Educator. He has 15 years of experience developing Java‐based data‐driven web applications for organization such as FoxMedia (MySpace), GE, CitiBank, Sun Microsystems and Aspect Security. For more information, please see http://www.manico.net. Jim has also provided Application Security Developer Education services for Fortune 10, Government, and NGO Institutions.
Maor, Ofer
Ofer Maor has over fifteen years of experience in the Information Technology and Security. Mr. Maor is a pioneer in the Application Security field: he has been involved in leading research initiatives, has published numerous papers, appears regularly at leading conferences and is considered a leading authority by his peers. He also currently serves as the Chairman of OWASP Israel. Before founding Hacktics, Mr. Maor led Imperva's Application Defense Center, a research group focused on application security services and education. In this capacity, he advanced research activities and was responsible for all the application security services conducted by the company. He was previously a Senior Security Consultant at eDvice, an application security consulting firm, and served for three years as an Information Security Officer in the Israeli Defense Forces.
Mancini, Lucilla
Later I joined this experience with ICT matters; and now after having worked for some years for Getronics both in Italy and in worldwide groups, now I lead in Business-e e the consulting team of about 25 persons. Main activities are in Governance, Audit and Ethical hacking with a group of 10 testers. My main certificates are Cisa, Lead auditor ISO27001, Itil v3, CRISC , Cobit
Martinez, Mateo
Martorella, Christian
Matatall, Neil
McGeehan, Ryan
Specialties - Phishing, Botnets, Spam, Social Networks, Social Media, Security Team Building, Security Community Engagement, Security Strategy, Security Investigations, Security Management, Web pplication Security, Startup Security
Melo, Ricardo
Mendo, Tiago
Meucci, Matteo
He is the OWASP-Italy Founder and Chair from January 2005 (http://www.owasp.org/index.php/Italy), leads the new OWASP Testing Guide from 2006 (http://www.owasp.org/index.php/OWASP_Testing_Project), and he is starting the OWASP Common Vulnerability list with Anurag Agarwal and Eoin Keary (http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List). He is one of contributor of OWASP SAMM (http://www.opensamm.org). He holds CISSP, CISA certification, Matteo is the CEO and a cofounder of Minded Security, an Application Security Consulting Company, with more than 10 years of specializing in information security and collaborates from several years at the OWASP project. Matteo is invited as speaker at many events all around the world talking about Web Application Security.
Montero, David
Nagra, Jasvir
Neaves, Tom
Paiva, Sandra
Prior to moving to London in 2004, I have worked in several universities in Portugal where I firstly, for roundly half a dozen of years, taught Maths and Statistics and thereafter, throughout an academic year, worked in the conceptualization, development and production of materials to support academic and scientific events and in the creation of methodologies to repackage contents and support academic and scientific activity.
Pegorelli, Marta
the field of Information Security both as a corporate consultant and as a researcher. Currently, he is Information Security Risk Management Services Manager of Syntax IT Inc and leader of the OWASP Greek Chapter. He holds a BSc from the Department of Informatics and Telecommunications, University of Athens, an MSc with distinction in Information Security from Royal Holloway, University of London and a PhD in Information and Network Security from the Department of Informatics and Telecommunications, University of Athens. He is the author of more than 10 scientific publications. He is a member of the ACM, IEEE and also a founding member of the Institute of Information Security Professionals (IISP). His current research interests are in the areas of application security, trust and security in pervasive and ubiquitous computing and steganography.
Perego, Paolo
the pieces back in their place. So his infancy was full of broken toys... but at least he discovered what's inside a little car moving by itself. Let's call this Paolo's life phase: 'Breaking the law' When he discovered computers, Paolo learnt also to repair software he broke. He started patching buffer overflows, format bugs and other crappy C programs. It was 1996, he discovered Linux, the networking and the kernel land. It was the time Pink Floyd were in loop in Paolo's walkman. Let's call this Paolo's life phase: 'So your instruction pointer is full of 0x41?'Nowadays Paolo's interest in reviewing and fixing broken code turn him in an application security specialist. He wrote software for an Italian web agency, and he has a side project as Independent Software Vendor as armoredcode.com. He is involved in Owasp as Project Leader of Owasp Orizon (a code review engine) and Owasp ESAPI for Ruby porting. He is also in the Owasp Italian chapter board. It's the time that Pearl Jam and old school metal music fill Paolo's mp3 player, he is a husband, a proud father, a guitarist and he is close from being black belt Taekwon-do ITF martial artists. Let's call this Paolo's life phase: 'Stay hungry, stay foolish'
Potjes, Linda
Living with an active OWASP member, she's been visiting a lot of conferences , slowly getting more and more interested in security.This week, she's on the support team for the OWASP summit, helping out with whatever needs to be done.
Reinhart, Ralf
I'm organizing once a month the "OWASP regular's table" in Munich, Germany. You might want to have a look at the Stammtisch-Initiative if you are visiting Germany, being fed up with Neuschwanstein and alike and seeking for some nerdy tech talk in combination with Bavarian beer consumption tradition ;-)
Founder of Sic!Sec
Richler, Heiko
Rohr, Mathias
Ross, David
Roth-Mandutz, Elke
I am working as research assistant at the Georg-Simon-Ohm University of Applied Sciences in Nuremberg, Germany. The research project started in September 2010 with the objection to detect and evaluate the privacy impact of web-sites based on client-side analysis. The privacy impact should be made user visible.
Prior to the research project, I worked for many years in the mobile communication sector, mostly as system engineer for GSM and UMTS infrastructure.
Saario, Mikko
- Member of the board (in 2007) in the Finnish Information Security Association i.e. Tietoturva ry (www.tietoturva.org).
- Founded and chaired the OWASP Helsinki Chapter (www.owasp.org).
Samuel, Michael
Schmidt, Chris
I am a professional web application developer, and have spent the past several years developing server and client side tools for the creation of web applications, especially applications which relate to mapping. Some of my most visible work over the past year is in the OpenLayers/TileCache/FeatureServer stack, a collection of open source tools designed to help users build mapping applications.
Schuh, Justin
Specialties: Software reverse engineering, security assessment, exploit development. Software development on a wide range of languages, platforms and technologies. Management of software development and security consulting teams.
Schwartz, Stephen
Searle, Justin
specializing in the penetration testing of web applications, networks, and embedded devices, especially those pertaining to the Smart Grid. Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628. Previously, Justin served as JetBlue Airway’s IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudnum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).
Secker, Tanya
Serrao, Carlos
ADETTI-IUL Researcher and Project Manager where I'm working mostly on the following research topics: - Distributed Systems, Applications and Information Security - Management and Protection of e-Intellectual Property and e-Contents - Web-based and Mobile-based Information Systems Projects. Experience in participation in multiple national and international co-operation IT/IS projects and provision of consulting services to different companies. OWASP.PT leader. Currently working to evangelize OWASP good practices and OWASP mission in improving the web applications security. Author. I'm the author and co-author of several articles published on scientific conferences, proceedings, journals and project deliverables. Also the co-author of one of the best selling portuguese books about PHP programming. Geek. Love technology. Huge fan of gadgets. OS agnostic. Linux, Mac OS X, Windows. Bring them all!!!
Stasinopoulos, Anastasios
Sterne, Brandon
Steven, John
Su, Cecil
Aside from being a committee member of the OWASP GEC, he has also contributed to the OWASP Testing Guide, and coordinated efforts for the internationalisation of Asian languages of OWASP materials. Cecil is also the current Chapter Lead for the Singapore Honeynet Project, ExCo member for the Association of Information Security Professionals (AISP), and a member of the security Controls and Security Services Working Group (Singapore representative body for ISO/IEC JTC 1/SC 27/WG 4).
Tasar, Vehbi
Taylor, Jason
Mr. Taylor leads the strategic direction for all technology initiatives and manages world-class development teams for the company's product lines. He has spent his career focused on application development and testing with a primary focus on application security. His unrivaled understanding of application behavior provided the impetus for Security Innovation’s industry pioneering fault injection tool, Holodeck Enterprise Edition, and critical enhancements to the company’s internal testing and development tools. Mr. Taylor was the visionary and designer of the Company’s “Creating Secure Code” methodology and course which has been taught to several of the world's largest technology organizations. Prior to joining Security Innovation, Mr. Taylor served as test architect, security lead and development manager at Microsoft for various releases of Internet Explorer and Windows. He was the first member of the Internet Explorer security test team, and as the security team lead, he grew it from a solitary operation to the leading application security test team at Microsoft. Later, he built the Test Model Toolkit which became the standard model-based testing tool at Microsoft, winning a Best Practice Award along the way. Mr. Taylor is an external reviewer, contributor and primary author for Microsoft patterns & practices security guidance. He has published several whitepapers including “Web Services Risk Assessment and Recommendations” and “Security Threats: Risks, Protection & Limitations" for CIO Update. He is co-author of "Team Development with Visual Studio Team Foundation Server" and “Improving Web Services Security” with J.D. Meier of Microsoft. Mr. Taylor received his C.S. degree from Montana State University.
Tesauro, Matt
than 10 years. Prior to joining Praetorian, Matt was a Security Consultant at Trustwave's Spider Labs. Matt's focus has been in application security including testing, code reviews, design reviews and training. His background in web application development and system administration helped bring a holistic focus to Secure SDLC efforts he's driven. He has taught both graduate level university courses and for large financial institutions. Matt has presented and provided training a various industry events including DHS Software Assurance Workshop, AppSec EU, AppSec US, AppSec Academia, and AppSec Brazil. Matt is currently on the board of the OWASP Foundation and highly involved in many OWASP projects and committees. Matt is the project leader of the OWASP WTE (Web Testing Environment) which is the source of the OWASP Live CD Project and Virtual Machines pre-configured with tools and documentation for testing web applications. Industry designations include the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University.
Thomas, Mark
Mark has been using and developing Apache Tomcat for more than seven years. He became involved in the development of Tomcat when he needed better control over the SSL configuration than was available at the time. After fixing that first Bugzilla issue, he started working his way through the remaining Tomcat issues and is still going. Along the way, Mark became a Tomcat committer and PMC member, undertook the majority of the Servlet 3.0, JSP 2.2 and EL 2.2 development for Tomcat 7, created the Tomcat security pages, became a member of the ASF, joined the Apache Security Committee and is an Apache Commons PMC member where he contributes to Commons Pool, DBCP and Daemon. He is currently the Tomcat 7 release manager and also helps maintain the ASF's Bugzilla and Jira instances. Mark has a MEng in Electronic and Electrical Engineering from the University of Birmingham, United Kingdom.
Tomhave, Benjamin
Ben holds a Master of Science in Information Security Management from The George Washington University. He is a Certified Information Systems Security Professional (CISSP), co-vice chair of the American Bar Association Information Security Committee, member of ISSA, member of OWASP, and member of the IEEE Computer Society. He is a published author and an experienced public speaker. Prior to his current endeavor, Ben has worked in a variety of security roles for companies including BT Professional Services, AOL, Wells Fargo, ICSA Labs, and Ernst & Young.
Turpin, Keith
• I represent Boeing at the International Committee for Information Technology Standard's cyber security technical committee. • I represent the United States as a delegate to the International Standards Organization's (ISO) sub committee on cyber security. • I recently joined the national Software Assurance (SwA) Working Group • I am the Director of the HPPV Northwest regional engineering competition. • My work with college engineering education led to a 2005 national award from the American Society of Engineering Education. • You can see my OWASP project on secure coding practices here: http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide • The presentation on my OWASP project at AppSec USA 2010 can be found here: http://vimeo.com/17018329 • You can see the video of my AppSec USA 2009 presentation on Building Security Assessment Teams here: http://vimeo.com/8989378
2010 Accomplishments:
- Selected as Eastern Washington University's 2010 Distinguished Alumni of the Year for service to the community - Launched new OWASP project: Secure Coding Practices - Quick Reference Guide - Speaker at AppSec USA - Speaker at OWASP DC - Speaker at the Department of Homeland Security's Software Assurance Forum - Contributor to The Open Group white paper "Trusted Technology Provider Framework"
Tusha, Ervis
UcedaVelez, Tony
Specialties - Security Risk Management, Risk Assessment Methodologies, Business Impact Analysis, Business Process Engineering, Maturity Modeling, Security Training, Vulnerability Assessment, Policy Management, Compliance Audits, Business Continuity Planning, Remediation Management
Uhley, Peleus
van der Baan, Steven
I started with OWASP through Martin Knobloch, then a colleague of mine. He washosting the CTF at Appsec DC 2009. He called me up due to some minor problems and (ofcourse) I helped. This became somewhat regular that I took over the project leadership form him of the CTF project.
Vasilopoulos, Kyprianos
Vela, Eduardo
Experienced web application security researcher, has assisted several companies in the resolution of security issues like Adobe, Apple, Google, Microsoft, Mozilla, Oracle, Symantec, between others.
Imparted courses and security conferences on DNS International, Microsoft Bluehat V8 (October 2008), BlackHat USA (2009), XCon (2009), BlackHat Europe (2010), OWASP day Mexico (2010), OWASP AppSec Sweeden (2010) between others.
Knowledgeable on SQL, PHP, Python and Ruby for web development, and C/C++ for application development with extreme caution on making fast and efficient code, but must of all, secure.
He's also an enthusiast on Internet Culture and Social Networking research, music, literature, as well as a fan on solving algorithmic problems.
Specialties Web Application Security, Programming (C/C++, PHP, Java, JavaScript, Python, Ruby, Batch/Bash, Perl)
Vilares Da Silva, Luis
Vlachos, Vasileios
Science and Telecommunications of the Technological Educational Institutions (TEI) of Larissa. He was a senior R & D engineer at the Research Academic Computer Technology Institute (R.A.C.T.I.) of Patras, Greece. He was a member of the Digital Awareness and Response to Threats (DART) team of the Special Secretariat for Digital Planning of the Hellenic Ministry of Economy and Finance. Dr. Vlachos holds a Diploma of Engineering in Electronic & Computer Engineering from Technical University of Crete, a MSc in Integrated Hardware and Software Systems from the Department of Computer Engineering and Informatics of the University of Patras and a PhD in Information Systems Security from the Department of Management Science and Technology of Athens University of Economics and Business. Dr. Vlachos has taught at the University of Thessalia the University of Central Greece and the University of Piraeus.
Vroom, Ferdinand
Watson, Colin
Weston, David
Wichers, Dave
Currently member of the OWASP Board, the OWASP Conferences Chair, and coauthor and project lead of the OWASP Top Ten Most Critical Web Application Security Vulnerabilities (http://www.owasp.org/index.php?Top10). Early career focused on InfoSec for DoD, including C&A, Trusted Product Evaluations, Multilevel Security, and Cross Domain Solutions (e.g., Guards) for product vendors, large DoD integrators, and the NSA. Specialties - Application Security Consulting (specialty focus on Web Application Security), Information Security, Certification & Accreditation, Multilevel Security, Cross Domain Solutions (Guards), Secure Software Development in Java
Wilander, John
Williams, Jeff
Wilson, Doug
Doug has been involved in information security for over a decade. He got his start in the Web 1.0 dot-com years working for web hosting companies, and ended up doing government contracting, with expertise in incident response and multi-tiered application architecture. He currently supports government contracts exploring ways of improving software assurance and confidence in COTS software. He has spoken at a wide variety of professional events in Washington DC, including Shmoocon, and the High Confidence Software and Systems (HCSS) conference.
Wuensch, Stefan
Wysopal, Chris
Yeo, John
Zusman, Mike
In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors and other clients. He has spoken about mobile application security at a number of top industry events including Black Hat, CanSecWest, OWASP meetings and at local colleges including Polytechnic University. Mike brings 12 years of security, technology, and business experience to Intrepidus Group. He has attained the CISSP certification, and is a co-leader of the OWASP Mobile Security Project.