agenda

HouSecCon 2012 Keynote Speaker

Anne M Rogers, PMP, CISSP, CCE, EnCE

Ms. Rogers currently provides technical and management consulting in information systems and network management and security, solutions and compliance planning and design, performance, capacity management, computer forensics and eDiscovery.

From 2002 through early 2012, she served as Director, Information Safeguards for Waste Management responsible for company wide information security and privacy protection strategy and compliance programs, information protection policies, procedures, and guidelines, and the company’s formal security awareness program. Rogers also established and managed Waste Management’s ASCLD certified Digital Forensics Lab and computer forensics program providing internal investigation and eDiscovery support. At Waste Management, she leveraged a small, highly talented Corporate Security team to build and lead cross-functional projects and deliver successful security and compliance solutions.

Before joining Waste Management, Rogers held positions as Principal Consultant with PMTech-Pro, LLC., Technical Program Manager with IBM, Technical Staff consultant for MITRE Corp, Director of Information Systems for Warren King Companies, and Deputy Director of Data Automation, USAF Alaskan Air Command.

Rogers is a founding member, and is currently on the Board of Directors, of the Corporate eDiscovery Forum. She is also a member of InfraGard, (ISC)2 and ISSA, has served on the International Board of the Information Systems Security Association (ISSA), as president of ISSA South Texas (Houston) Chapter, and as ISSA CISO Forum founding member. Rogers holds a B.S. in Physics from U.T. El Paso and an MBA from the University of Utah, Salt Lake. She also holds the CISSP, IAM and IEM Security certifications, the Project Management Institute’s PMP certification, and the CCE and EnCE forensics certifications.

 

 

HouSecCon 2012 Speakers

Dan Kuykendall

Mr. Kuykendall is Co-CEO & CTO of NT OBJECTives software development and handles NTO’s relationships with several partner companies. He has an extensive background in web application development and security. As part of the Founding Team, Dan has been involved in the methodologies and design of NTO’s flagship product since its inception. Dan joins NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, FoundScan. During this time he was instrumental in building scan management, and remediation capabilities into the product. Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis. Mr. Kuykendall is involved with Web Application Security Consortium, is regular contributor to many open source development projects. He was a founder of the phpGroupWare project and creator of podPress. Dan podcasts to educate the public about web application security issues from his blog at mightyseek.com and as co-host of An Information Security Place Podcast.

 

 

Jayson E. Street

Jayson E. Street author of the book “Dissecting the hack: The F0rb1dd3n Network” plus creator of the site http://dissectingthehack.com. He’s also spoken at DEFCON, BRUCON, UCON & at several other ‘CONs & colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street”. He’s a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.

 

 

Dan Cornell
Principal, Denim Group

Dan Cornell has over fourteen years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies.

In addition, Dan Cornell performed as the CTO of BrandDefense, architecting and developing their cutting-edge intellectual property protection technologies. Over a one year period of development he brought their web-based intellectual property protection technologies through three major versions, surpassing the applications of well funded and entrenched competitors. Previously he was the Vice President, Global Competency Leader for Rare Medium’s Java and Unix competency center, based in San Antonio, Texas with development centers in New York, San Francisco, Atlanta and Sydney, Australia. He directed the development of best practices and policy for the cornerstone of Rare Medium’s technical development arm, specializing in server-side Java application development. Prior to its acquisition by Rare Medium, Cornell was a founder and Vice President of Engineering for Atension, Inc. where he led the technical development team and served as the architect for the company’s internal engineering practices. In March 1999, Texas Monthly magazine named Cornell and his partners, Sheridan Chambers and Tyson Weihs, to its list of 30 “Multimedia Whizzes Under Thirty” doing business in Texas.

 

 

Josh Sokol, CISSP

Josh Sokol graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Josh manages all compliance, security architecture, risk management, and vulnerability management activies for NI. Josh is the President of the Austin OWASP Chapter, the Co-Found of the Lonestar Application Security Conference (LASCON), and is very active in the local security community. He has spoken on dozens of security topics including the much hyped “HTTPS Can Byte Me” talk at BlackHat 2010.

 

 

Rafal Los
Chief Security Evangelist for Hewlett-Packard Software

Rafal brings a pragmatic approach to enterprise security. Combining over a decade of technical and management skills in the Information Security field, he uses his experience to build bridges between technology and people. As a sought-after writer and speaker he currently focuses on the enterprise resilience and the security of emerging technologies to empower business to be more agile, while advocating a focus on the basic building blocks of sound information protection strategy. He is a contributor to open standards and organizations volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit.

Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization’s security and risk-management strategy internally and externally. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security.  Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.

 

 

Michelle Klinger
Sr. Security Consultant for VisibleRisk

Michelle has over 10 years of IT experience, including systems analysis and integration with emphasis in security and WAN technologies.  Security experience includes review and creation of security policies, performing security assessments, penetration testing, and security process improvement. She is also the president of the Dallas NAISG Chapter, co-founder of BSidesTexas, & coordinates the annual DFW SecurityBSides information security conference.

 

 

Martin Fisher
Director of Information Security for Large Atlanta-area Healthcare System

Martin has over 20 years of experience in the information technology space with the last 7 years focused on information security. In a previous life he went through 2 very successful PCI assessments with a Level 1 merchant. He’s active in the Atlanta NAISG chapter, is part of the BSidesATL coordinating committee, and hosts a little podcast that talks about infosec at www.southernfriedsecurity.com.

 

 

Eric Milam

Eric is a senior security assessor on the Accuvant LABS enterprise assessment team with over fourteen (14) years of experience in information technology. Eric has performed innumerable consultative engagements including enterprise security and risk assessments, perimeter penetration testing, vulnerability assessments, social engineering, physical security testing, wireless assessments and extensive experience in PCI compliance controls and assessments. Eric is a project steward for the Ettercap project as well as creator and developer of the easy-creds and smbexec projects.

 

 
Martin Bos
Martin Bos is a senior security assessor with the Accuvant LABS enterprise assessment team and has five (5) years of experience in the information technology industry. Martin specializes in black-box penetration testing, social engineering, physical security testing and enterprise network security assessments. Martin also has extensive knowledge in performing wireless assessments.

Martin Bos is also core developer of the Backtrack-Linux project and one of the founders of Derbycon.

 
 

David Balcar

David is a veteran security professional with over 15 years experience. Proficient in conducting Penetration testing, Computer Forensics of multiple operating systems, Web application security testing and Wireless testing. With extensive experience in SUSE Linux, Novell Access Manager, eDirectory, GroupWise, Microsoft AD, as well as various products from other vendors. His strengths lie in Security testing, Forensics, Policy Review and compliance assessments for HIPAA and PCI DSS. David is also a member of the HTCIA (High Technology Crime Investigation Association) & ISSA (Information Systems Security Association)

 

 

Michael Gough
Michael Gough, CISSP, CISA, CSIH InformationSecurity Researcher and Sr. Security Analyst, Trionworlds – Most recently, Michael discovered a significant vulnerability in a major Card Key access system featured on the Engadget and other tech news websites. Currently, Michael is a Senior Security Analyst for Trionworlds and host of www.HackerHurricane.com (Blog) with 23 years experience in Technology and Information Security Consulting. Michael has authored several articles for information technology periodicals on information security as well as a frequent speaker for Austin InfoSec meetings and presentations at Information Security conferences. Michael is also the author of two books from Syngress Press on Skype and Video Conferencing. Michael is also the Austin lead for the Security B-Sides Information Security conference.

 

 
Alex Kirk
In his 8 years with the VRT, Alex has become one of the world’s leading experts on Snort rules, and has honed skills in reverse engineering, network traffic analysis, and systems security. He contributed a pair of Snort-related chapters to “Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century,” and is a regular contributor to the widely-read VRT blog (http://vrt- blog.snort.org/) and the SANS @RISK newsletter (http://www.sans.org/newsletters/risk/). His current major technical projects at Sourcefire include automated collection of network data generated by malicious binaries, and analysis of that data for detection purposes; as well as coordination of open-source intelligence around 0-day threats and new obfuscation techniques.

 

 
Marcus J. Carey

Marcus J. Carey is a Security Researcher at Rapid7 with the Metasploit Engineering team. Marcus is well known for being a compulsive mentor in the information security community. Marcus has more than 18 years of experience in the information security field, working in the military, federal, and private sectors. Marcus served more than 8 years active duty in the U.S. Navy Cryptologic Security Group. Marcus ended his naval service by being assigned to the National Security Agency (NSA) where he engineered, monitored, and defended the Department of Defense’s secure networks. Marcus earned a Master of Science in Network Security from Capitol College in Laurel, Maryland.

 

 

Matt Johansen
Matt Johansen is the head of the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies’ and their customers’ data. Previously Matt was an Application Security Engineer where he oversaw and assessed more than 10,000 web applications that WhiteHat has under contract for many Fortune 500 companies across a range of technologies.
 
 
 
 
Zac Hinkel and Sudi Turel

Zac Hinkel is an independent network security consultant and a commercial airline pilot living in Houston, Texas. He began his career in Oklahoma where he attended the University of Oklahoma and was a flight instructor. After college, he was hired on as an airline pilot in Houston where he has flown for more than 10 years. Zac is also a principal consultant for Phenotyne, LLC, which specializes in penetration testing, vulnerability assessments, and physical security audits. In addition to consulting, Phenotyne also participates in DARPA competitions for drone development.

Sudi Turel, a student at Texas A&M University at Galveston has been building and flying remote controlled aircraft for 12 years. He is currently working on multicopters and autonomous aerial platforms for mapping and cinematography.

 

 
Beau Shahriary
Beau Shahriary, a security assessor with nearly two decades of experience in the field, is a Founding Partner with DirectDefense.. He has performed security assessments, security remediation and strategic planning for a host of Fortune 500 companies. Beau’s primary experience is in firewalls, secure network design and implementation, Microsoft security, modem security, wireless networking, and strategic security planning. His core competency is in conducting security assessments and creating a strategy to help clients meet today’s secure network requirements based upon the HIPAA and GLBA regulations and IS0-27001 best practices.

Previously, he was a Director with AccuvantLABS where he managed, developed, and performed information security assessments for organizations across multiple industries, while also developing and growing a team of consultants in his charge.

 

 
Eric D. Scales
Eric is a member of Ernst & Young’s Advisory Services Practice, and focuses on Business Continuity Planning, Disaster Recovery, Information Security, IT Risk Management and Compliance. Eric has more than 12 years of experience advising chemical, health care, media entertainment, financial services, higher education and high tech clients.

He has experience managing various information security program activities, including execution of risk assessments, global minimum security baseline standards deployment, vendor risk management program design and execution, global vulnerability program design and deployment, business continuity and disaster recovery design and execution, compliance and regulatory review and remediation, service level management, GRC enablement, and technology operations management.

 

 
Patrick Florer

Patrick Florer has worked in information technology for 33 years. In addition, during 17 of those 33 years, he worked a parallel track in medical outcomes research, analysis, and the creation of evidence-based guidelines for medical treatment. His roles have included IT operations, programming, and systems analysis. From 1986 until now, he has worked as an independent consultant, helping customers with strategic development, analytics, risk analysis, and decision analysis. He is a cofounder of Risk Centric Security and currently serves as Chief Technology Officer. He was recently appointed a Fellow of the Ponemon Institute and serves in a part-time role as Chief Research Analyst at the Ponemon Institute.

 
 

Kyle Maxwell

Kyle Maxwell is a senior network security analyst for Verizon Business on the RISK Intel team, producing unclassified threat intelligence for private and public sector clients as well as supporting field investigators. He is an active member of the CIF community and writes a blog on threat intelligence and network security at threatthoughts.com. Previously,he led the incident response team at Heartland Payment Systems and performed digital forensics for clients across the United States at several private investigation firms. Mr. Maxwell holds a degree in Mathematics from the University of Texas at Dallas and is a lifelong resident of Dallas County.

 
 

John R. Hill, CISSP

John R. Hill is a Principal Security Strategist at Symantec Corporation. His career in information security and network infrastructure spans over 19 years as an industry veteran. Mr. Hill provides strategy, direction and leadership relating to advance security concepts and new technologies for clients and partners on behalf of Symantec Corporation.

Symantec is a global leader in proving security, storage and systems management solutions to help customers secure and manage their information against risks. Symantec’s unique focus is to eliminate risk to information, technology and processes independent of the device, platform, interaction or location.

Prior to Symantec, Mr. Hill was the Director of Product Strategy and Marketing for the encryption startup Mobile Armor, which was acquired by Trend Micro in February of 2010. At Mobile Armor, he provided C-level guidance for product strategy, product development, and along with analysis of critical business and market intelligence. His role also focused on directing national communications and marketing.

Preceding Mobile Armor, Mr. Hill was a Security Evangelist and Product Line Executive for McAfee, Inc., now Intel Corporation. While there he communicated product messaging and strategy for events, CXO level clients, analysts, media and key market influencers. Mr. Hill also advised product management teams on market trends and provided gap analysis within product lines.

Previous to joining McAfee, Mr. Hill worked several years for Internet Security Systems, now IBM, communicating industry best practices and security awareness. His responsibilities included reviewing and consulting on enterprise security related issues and threats. Along with his history in the security industry, Mr. Hill formerly worked for Enterasys Networks and Cabletron Systems. While in the networking industry, Mr. Hill helped Fortune 100 companies to architect and implement globally connected networks.

John is also a professional speaker and has presented at numerous CIO summits, leading industry conferences and events for enterprise organizations and various branches of the US Military and Government.

Mr. Hill also holds a Bachelor of Science Degree from Texas A&M University.

 
 

Paul Scott

PCSJJ is a security researcher working with Alert Logic and has over twelve years of Information Technology experience. PCSJJ specializes in host based intrusion detection, vulnerability assessment, and web application hacking. In his spare time, he enjoys picking locks, reverse engineering random firmware, and supporting Houston Hackerspace, TX/RX labs.

 
 

Chris Gray

Chris is Managing Principal Consultant with Accuvant