Brian Krebs is a Journalist and Investigative Reporter. Krebs is the author of KrebsOnSecurity.com, a daily blog on computer security and cybercrime. From 1995 to 2009, he was a reporter for the Washington Post, where he covered tech policy, privacy and computer security, and authored the Security Fix blog. He is also known for interviewing hacker 0x80. On March 14, 2013, he became one of the first journalists to become a victim of swatting.
Mikko Hypponen is the Chief Research Officer at F-Secure in Finland. He has fought the biggest virus outbreaks in the net over the last 20 years. His TED Talk is the most viewed computer security talk in the world. Tagged as a “Code Warrior” by Vanity Fair, Hypponen is a go-to expert on cybercrime for international news media.
Eugene Kaspersky is an IT Security expert, CEO and co-founder of Kaspersky Lab—an international company with regional offices in 30 countries and employing over 2,500 specialists. Kaspersky graduated from Moscow’s Institute of Cryptography, Telecommunications and Computer Science in 1987. He is known not only as a businessman, but also a thought leader in the security industry—for over 15 years since Kaspersky Lab was founded. From Flame to Gauss and Madi, he has been at the forefront of all the company’s groundbreaking malware discoveries, all the while sharing his expert insight with businesses and consumers alike. Just recently he was included on Foreign Policy’s list of Top Global Thinkers of 2012 for his contribution to IT security awareness on a global scale.
Troy Hunt is a Pluralsight Author, Microsoft Regional Director and world-renowned Internet Security Specialist who travels the world speaking at events and training technology professionals. He’s also the creator of “Have I been pwned?” – (is a website that allows internet users to check if their personal data has been compromised by data breaches), the free online service for breach monitoring and notifications.
Graham Cluley is one of the world’s leading experts in viruses and spam, and works as Senior Technology Consultant at Sophos. He has given talks around the world at events such as EICAR, ICSA, Virus Bulletin and the European Internet Security Forum on the virus threat, and is a respected industry expert. Graham has made many media appearances commenting on the threats posed by spam and viruses, including BBC TV News, Good Morning America, CNN, BBC Panorama, BBC Newsnight, ITN, Channel 4 News, 5 News, Sky News, GMTV, BBC Breakfast, IRN, CNet Radio, BBC Radio 1, Radio 2, Radio 4, Radio 5 Live, and BBC World Service. Graham has also written regular columns on computer security for publications such as IT Week, Computer Weekly and VNUNet.
Prior to starting TrustedSec, David was the Chief Security Officer (CSO) for Diebold Incorporated. He developed a global security program that tackled all aspects of information security and risk management. He started TrustedSec and Binary Defense Systems (BDS) with the vision in working with companies for information security. He is the founder of DerbyCon, a large-scale information security conference. He was also one of the founding members of the “Penetration Testing Execution Standard (PTES)“. PTES is the industry leading standard and guidelines around how penetration tests should be performed and methodologies which is also now adopted by the Payment Card Industry (PCI) Data Security Standard (DSS) Guidelines for Penetration Testing. He is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), PenTesters Framework (PTF), Artillery, and Fast-Track. He is also a board of director for the ISC2 organization which is one of the largest security collectives which offers certifications such as the CISSP.
Jeremiah Grossman’s career spans nearly 20 years. He founded WhiteHat Security and is currently the Chief of Security Strategy at SentinelOne. Grossman possesses a unique combination of technology savvy, customer advocacy and personal passion for application security. A world-renowned web security expert, speaker and influential blogger, he brings a lifetime of information security experience, both homegrown and from his days as Yahoo!’s Information Security Engineer. The ultimate “WhiteHat,” he is also Founder of the Web Application Security Consortium and serves on the advisory board of Risk I/O and SD Elements. In his spare time, he practices Brazilian jiu-jitsu and has earned a black belt.
Katie Moussouris is a noted authority on vulnerability disclosure and bug bounties, and Founder and CEO of Luta Security, a company that specializes in process improvement for handling vulnerabilities. She created Microsoft’s bug bounty programs and started Microsoft Vulnerability Research. She is also a Subject Matter Expert for ISO standards in vuln disclosure (29147), vuln handling processes (30111) and secure development (27034). She is a Visiting Scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market. She is a New America Foundation Fellow and Harvard Belfer Affiliate. She is also part of the official US Wassenaar delegation. She is on various CFP review boards and is an adviser to the Center for Democracy and Technology.
Richard Bejtlich is an advisor to the security ecosystem. He was previously Chief Security Strategist at FireEye, and Mandiant’s Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. His fourth book is “The Practice of Network Security Monitoring”
Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
Runa A. Sandvik is a Privacy and Security Researcher, working at the intersection of technology, law and policy. She teaches digital security to journalists and helps media organizations improve their security posture. She is a Technical Advisor to Freedom of the Press Foundation and the TrueCrypt Audit project, and a member of the review board for Black Hat Europe.
Joshua Corman is the CSO and SVP at PTC. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to increasing dependence on technology. Corman’s unique approach to security in the context of human factors, adversary motivations and social impact has positioned him as one of the most trusted names in security.
Alex Stamos is a computer security expert and former chief information security officer at Facebook. He previously served as chief information security officer at Yahoo! beginning in 2014. Before working in the technology industry, Stamos attended the University of California, Berkeley, where he graduated in 2001 with a degree in EECS. He went on to co-found iSEC Partners, a security consulting firm, which was purchased in 2010 by the British NCC Group.
Parisa Tabriz is a computer security expert who works for Google as a Senior Engineering Director. She has been called Google’s “Security Princess” due to her experience in hacking and internet security. She heads a team of 30 experts responsible for the security of Google Chrome.She is also responsible for training Google staff interested in moving into the internet security field. Tabriz co-founded the Our Security Advocates conference.
Phil is a highly technical, business-focussed CISO/Information Security Specialist with notable success in directing and implementing a broad range of corporate security initiatives. In 2006 Phil became the UK President of the ISSA (Information Systems Security Association) and sits on a number of committees and steering groups for ISO27001 user group, IISP, Eurim and IRM. He was CTO of uk-based security product company NetSurity Ltd.
Phil Agcaoili is a Senior Vice President at U.S. Bancorp and the Chief Information Security Officer at Elavon. He has been an influential leader in the information security industry for 25 years and has established industry-leading security organizations from startups to the Fortune 25. He was previously the CISO at Cox Communications, VeriSign and SecureIT, and led successful global security teams at Dell, Scientific-Atlanta and General Electric.
Dan Goodin is Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. A journalist with more than 15 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelor’s Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley.
She is the founder and CEO of Grokability Inc., SaaS solutions for small business IT, including the open source project Snipe-IT. She was the Co-founder and CTO of Mass Mosaic. She was CTO of Noise. As a CTO of Noise, she had played a key role in technical and social strategy for clients such as Sunkist, GE, Intel, Chase, JP Morgan, Panasonic, CBS, University of California, Unilever, Coca-Cola, Amazon and vitaminwater — in addition to leading the noise social media strategy, managing our social networking accounts and spearheading a company blog.
Brian Honan is recognized as an industry expert on information security, providing consulting services to clients in various industry segments. Honan’s work also includes advising various Government security agencies and the European Commission on matters relating to information security. In 2008, he founded the Irish Reporting and Information Security Service (IRISS www.iriss.ie) which is Ireland’s first CERT (Computer Emergency Response Team). He has addressed a number of major conferences on information security. He is author of the book “ISO 27001 in a Windows Environment,” he has published a number of technical papers and he has been technical editor and reviewer of a number of industry recognized publications. He is also the European editor for the SANS Institute’s weekly SANS NewsBites.
Cyber Security Analyst, Trainer, Infosec Journalist, Tech Blogger, Speaker, Traveller and Part-time Hacker. Founder and CEO of The Hacker News — attracting over 10 million monthly readers, THN has internationally been recognized as the leading, most trusted news source of hacking and cyber security for the technologists. THN as a dedicated cybersecurity and hacking news platform, which has turned into one of the biggest Information Security channels, working as a bridge between a large number of communities, leading security researchers, Geeks, Techies, Business grads, CISOs, along with thousands of other Security Professionals.
Dr. Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books “Security Warrior”, “PCI Compliance”, “Logging and Log Management” and a contributor to “Know Your Enemy II”, “Information Security Management Handbook” and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.
An expert in application security, specializing primarily in host and server based Operating Systems. He is currently the director of Azimuth Security, a botique security company he founded that specializes in code review and cutting edge security research. Prior to starting Azimuth, his professional experience includes several years as a senior researcher at a fortune 500 company, where he uncovered a variety of major vulnerabilities in ubiquitous Internet software. He also worked as a Principal Security Architect for McAfee, where he was responsible for internal code audits, secure programming classes, and undertaking new security initiatives. Mark has also co-authored a book on the subject of application security named “The Art of Software Security Assessment,” and has spoken at several industry-recognized conferences.
Pierluigi Paganini is CTO at Cybaze Enterprise SpA Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Martin McKeay is a Senior Security Advocate at Akamai, joining the company in 2011. As a member of Akamai’s Security Intelligence Team, he is responsible for researching security threats, customer education and industry intelligence. With over fifteen years of experience in the security space and five years of direct Payment Card Industry work, McKeay has provided expertise to hundreds of companies. He is also the author of the Network Security Blog and host of the Network Security Podcast. He writes for the Security Intelligence Blog and InfoSecurity Magazine.
Michał Zalewski, also known by the user name ‘lcamtuf’ is a “white hat” hacker, computer security expert and a former Google Inc. employee.He has been a prolific vulnerability researcher and a frequent Bugtraq poster since the mid-1990s, and has authored a number of programs for Unix-like operating systems. In 2005, Zalewski authored Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, a computer security book published by No Starch Press and subsequently translated into a number of languages. In 2011, Zalewski authored The Tangled Web: A Guide to Securing Modern Web Applications, also published by No Starch Press.For his continued research on browser security, he was named one of the 15 most influential people in security and among the 100 most influential people in IT. Zalewski was one of the original creators of Argante, a virtual open source operating system. Among other projects, he also created p0f and American fuzzy lop.
Christofer Hoff has more than 20 years experience in high-profile global roles in network and information security architecture, engineering, operations and management. In previous roles, Hoff has served as VP of Strategic Planning and the Technical Marketing Engineering team and as Global Chief Security Architect of the Advanced Technology Team at Juniper Networks. As Director of Cloud & Virtualization Solutions at Cisco Systems, he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Hoff is a founding member of and technical advisor to the Cloud Security Alliance, as well as founder of the CloudAudit project and the HacKid conference.
Kelly Lumhas “officially” worked in Information Security since 2003, and is currently a Senior Security Engineer at Tumblr where she brings her decades worth of application security experience in the financial and government sectors to the microblogging world. She regularly speaks about reverse engineering at various conferences, including Black Hat, SummerCon, and COUNTERMEASURE. Additionally, she teaches as an adjunct professor of Application Security at NYU.
Jennifer Leggio, SVP of Marketing for Digital Shadows, is a specialized marketer and strategist who has spent more than 15 years defining the messaging, positioning, and go-to-market strategies of security companies. Before Digital Shadows, Jennifer was Senior Director of Security Market Strategy at Cisco, a role she assumed after the $2.7 billion acquisition of Sourcefire. At Sourcefire, Jennifer was Vice President of Corporate Marketing and Communications, and was previously the Director of Corporate Communications for Fortinet, where she spent more than five years, and managed communications through the company’s successful IPO. She has been a contributing writer on marketing trends for both Forbes.com and ZDNet, and is a mentor or advisor for several small cybersecurity organizations.
Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. She has presented or conducted training around the world including venues such as NSA, West Point, and Black Hat. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance and is a member of the CyberWatch Center’s National Visiting Committee.
Robin is a freelance security consultant specialised in web app testing. Performed tests for a range of companies from small local start-ups through to international banks and multi-national corporations and also ran custom training classes for various clients who need specific in-house training, author of a large number of open source tools and a regular contributor to various mailing lists and forums. Presented at conferences across the world including DEFCON, ShmooCon and Wild West Hackin’ Fest, Co-founder of SteelCon – one of the UKs most popular security conferences.
Mike Dahn has lead industry relations and payment policy at large fintech and financial institutions. He focuses on enabling innovative product pathways in highly regulated environments. His background in cybersecurity helped develop new PCI security specifications that enable mobile card acceptance. He works with EMVco as well as global payment associations (AusPayNet, UK Finance) to bridge interoperability with emerging payment methods. Previously, Mike lead industry relations at Square bringing innovative products to a global market, and has trained over 10,000 professionals around the world. Mike’s volunteer efforts include creating and globalizing a network of locally organized security conferences in 100+ cities across 30+ countries; former Board of Directors at Infragard, an FBI public-private partnership; and Board of Directors at several San Francisco foundations.
Andy Ellis is Akamai’s Chief Security Officer, governing the safety, resilience and compliance of its planetary-scale network. He is the designer of several critical Akamai technologies, including its secure TLS acceleration network and many of the core components of the company’s web security solutions. Ellis is a frequent speaker on issues of Internet security, safety and risk management, has participated in the FCC-CSRIC and NIAC, and is an affiliate of Harvard’s Berkman-Klein Center on Internet & Society. He is a graduate of MIT and a former US Air Force officer, the recipient of the CSO Compass Award, the Air Force Commendation Medal, the Wine Spectator Award of Excellence, and the Spirit of Disneyland Award.
Avram Marius Gabriel has been publicly thanked by a number of prominent organisations for his responsible disclosure of new web security issues. Evernote is the seventeenth company to name the RandomStorm security engineer in its Security Hall of Fame. His voluntary research, discovery and reporting of security bugs has also been acknowledged by Google, Microsoft, Adobe, Facebook, eBay, Twitter, Dropbox, Etsy, iFixit, Yandex, Mozilla, Baracuda, Keneva, AT &T, Nokia Siemens and Paypal.
Wendy Nather is Director of Advisory CISOs at Duo Security. She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Nather led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Nather is Co-Author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014.
In the past 8 years, Nicolas worked at Kaspersky Lab as a Principal Malware Researcher. His responsibilities included analyzing targeted attacks , APT and complex malwares as well as managing Kaspersky Technical Trainings. Prior to joining Kaspersky Lab, Nicolas worked as a senior virus researcher for Websense Security Labs, and as the head of software security at Digital River/Silicon Realms when he was in charge of the anti-reverse engineering techniques used in the Armadillo protection system. Nicolas started reverse engineering 20 years ago, when he was 15. Over the last 17 years, Nicolas has authored numerous articles and papers on reverse engineering and presented at various security conferences such as RECON, ToorCon, SSTIC, Virus Bulletin, Hacker Halted, RuxCon, TakeDownCon, Pacsec etc.
Andrew Hay is an information security industry veteran with close to 20 years of experience as a Security Practitioner, Industry Analyst and Executive. As the Co-Founder and CTO for LEO Cyber Security, he is responsible for the creation and driving of the strategic vision for the company. Andrew has served in various roles and responsibilities at a number of companies including DataGravity, OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).
Alex Hutton is currently Director of Operational Risk at Zions Bancorporation. Prior to this, Hutton has been an entrepreneur involved with several successful startups. He served as CEO for Risk Management Insight. He served as a principal in the Risk Intelligence group for Verizon, involved in the development of the VDBIR. He is an avid security blogger, speaker and conference organizer. He brings a wealth of knowledge and experience on risk management and metrics to any discussion. He is a passionate and experienced public speaker.
Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. Prior to founding DisruptOPS and Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator
Eleanor Dallaway is Editor of Infosecurity Magazine, she spends her working days interviewing industry professionals, keeping the website updated with news on an hourly basis, editing the magazine, and attending industry events.
David Ulevitch is former Vice President for Cisco’s Security Business Group. Ulevitch was responsible for the company’s cloud security strategy and product development. He joined Cisco through the acquisition of OpenDNS, a cloud security company he founded in 2005 with the goal of delivering a safer and faster Internet experience. Under his leadership, the cloud-delivered service today protects a global audience of more than 65 million people across more than 10,000 enterprise customers, including many of the largest companies in the world. A noted Internet and security expert, Ulevitch has a bachelor of science degree in anthropology from Washington University.
Reverse engineer and vulnerability researcher with over 12 years of experience in the field. He was also the co-founder and CTO of Exodus Intelligence. Directed all research and development efforts for the company as well as served as primary contact for all press inquiries. Collaborated with other co-founders with regard to company strategy, customer relations, marketing, business development, sales, and finances. Personally maintained the largest contribution of zero-day vulnerability discoveries for the company. Grew the company from four to over twenty employees in three years.
Jennifer Minella is currently VP of Engineering and Consulting CISO with Carolina Advanced Digital, Inc. In her engineering role, Minella leads strategic research and consulting for government agencies, educational institutions and Fortune 100 and 500 corporations. In addition to her normal business roles, Minella is a published Author, Editorial Contributor and trusted Adviser for information security topics to media. No stranger to public speaking, she’s presented at RSA Conference, NSA Trusted Computing Conference, Interop, Infosec World, Deep Sec, SecTor, CSI and many others.
Nick Sullivan is a leading cryptography and security expert. He founded and built the security team at CloudFlare, one of the world’s leading web security companies. He is a digital rights management pioneer in his work building Apple’s multi-billion dollar iTunes store. He is the author of over a dozen computer security patents and holds an MSc in Cryptography and a BMath in Pure Mathematics.
Currently he was previously working as CISO, head of cyber security in icare NSW. His job was to assure delivery of cyber risk and resilience services to the icare business and its customers, Australia’s largest general insurance provider. His specialties are Multi-vendor governance for outsourcing, cloud and managed services, Deploying standards; GDPR, NIST, ISF SOGP, ISO27002, ITIL etc. He worked as Chief Information Security Officer at Qantas.
Gal Shpantzer has 16 years of experience as an Independent Security Professional and is a Trusted Advisor to CISOs of large corporations, technology and pharma startups, universities and nonprofits/NGOs. He now focuses on emerging threats to availability as well as confidentiality, specifically preparing for ransomware and nukeware. He has been involved in multiple SANS Institute projects since 2002. He founded the privacy subgroup of the NIST Smart Grid cybersecurity task group. With Dr. Christophe Veltsos he presented the ongoing Security Outliers project, focusing on the role of culture in risk management, at RSA, CSI, BSides and Baythreat conferences. He was a Subject Matter Expert for the US Department of Energy’s Electric Sector Cybersecurity Capability Maturity Model, and is launching the Incident Response Execution Standard project in 2017.
With more than 20 years in financial services, Neira has played a leading role in revolutionising payment security. Currently Partner at Accourt Ltd, she is responsible for the Risk & Digital practice providing strategic advice to organisations wishing to deploy a business-led approach to risk and security. Formerly Director of Payment Security and Fraud at Barclaycard, she was responsible for the security compliance and risk management of some 100,000 merchants and 3rd parties, as well as developing innovative fraud offerings. She received the Acquiring Personality of the Year 2013 Award (Merchant Payments Ecosystem) and the SC Magazine Information Security Person of the Year Award 2012. She has also worked for Oracle and Unisys.
Security industry veteran and Chief Digital Security Officer at Telefonica. He previously spent five years at ING working on security strategy for Spain and Portugal. Earlier roles include security-manager-whatever, at SIA, a security services and product company based in Madrid.
Ashar Javed is a research assistant in Ruhr University Bochum, Germany and working towards his PhD. He has been listed ten (`X`) times in #Google Security Hall of Fame, Twitter/Microsoft/Ebay/Adobe/Etsy/AT&T Security Pages & #Facebook White Hat, #1 in Microsoft’s Top 100 Security Researcher List – 2018 He spoke in the main security venues like Hack in the Box, DeepSec, #OWASP Spain and #OWASP Seminar@RSA Europe.
Michael Coates is the former Chief Information Security Officer at Twitter. He headed Twitter’s security program across all elements of information security. Coates was Chairman and is a current member of the global board of directors for OWASP, the largest open source application security community. Prior to 2015, he was Director of Product Security at Shape and worked with an amazing team to drastically change the way organizations defend against modern application attacks. From 2010 through 2013 Coates was at Mozilla where he built and lead the security assurance program to protect nearly half a billion Firefox users, and Mozilla web applications and infrastructure. Prior to 2010 he maintained a diverse set of technical security roles assessing the security posture of banks, governments and enterprises.
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is a Chief Security Data Scientist at Rapid7. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), author (Data-Driven Security), speaker and regular contributor to the open source community (github.com/hrbrmstr). He currently serves on the Board of Directors for the Society of Information Risk Analysts, is on the editorial board of SANS Securing the Human program and was Co-chair of the 2014 Metricon security metrics/analytics conference. He holds a bachelor’s degree in computer science from the University of Scranton.
Martin Fisher has been in IT for more than 25 years and in information security for the last 14 years. He currently serves as the information security leader for a multi-hospital, 13,000-employee healthcare provider in Atlanta, Georgia. In the past he has worked in the commercial aviation and finance sectors for organizations large and small. Fisher has been heavily involved in the information security community as a member of the organizational staff of BSides Las Vegas and BSides Atlanta. Fisher is passionate about “doing security right” and has spoken internationally on a variety of information security topics in venues such as SOURCEBoston, ShmooCon, SecurityZone, and SUMIT_2013. He is also the host of The Southern Fried Security podcast, which has reached thousands of information security practitioners for the last six years.
Michael Murray is the former Director of Product Security at GE Healthcare, responsible for providing architecture and security assessment services to support GE Healthcare’s engineering teams in building secure products. A career information security professional, Murray has taken leadership roles in organizations ranging from small consulting firms to Fortune 100 companies. Before joining GE, Michael was Co-founder and Managing Partner of MAD Security / The Hacker Academy.
Theresa Payton is an authority on Internet security and intelligence, cybercrime and fraud. As the first female White House CIO, she managed the IT enterprise for the president and staff of 3,000 persons. Prior to her time at the White House, Payton was a senior executive in banking, spending 16 years providing solutions. Payton founded Fortalice in 2008 and lends her expertise to government and private sector organizations to help them improve their security posture. Payton was also featured as the Deputy Commander of Intelligence Operations in the hit show CBS’ Hunted. Security Magazine named her one of the top 25 “Most Influential People in Security,” and she was recently named as the fourth most influential global security expert by IFSEC Global.
Adam Ely lives at the intersection of technology innovation and operations, having founded a successful Andreessen Horowitz backed security software company.He founded Bluebox Security which was acquired by lookout, drove security innovation at Walmart, Salesforce, TiVo and Walt Disney. He invests and advises startups focusing on security, go to market strategy and growth.
Ms. Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI, serves as a Member of Board of Advisors at 8thBridge, Inc. Ms. Herold is an information privacy, security and compliance consultant, author and instructor. She has over 16 years of compliance, privacy and information security experience, and assists organizations of all sizes with their information privacy, security and regulatory compliance programs. She specializes in risk assessment, gap analysis, policy content development, awareness and training, strategy development and implementation. She was named as a top influencer by IT Security magazine and has been listed in multiple years by Computerworld as a top privacy adviser. A frequent speaker at IT symposiums, professional organization meetings and conferences, she also provides all the content and consulting for Compliance Helper. She has worked in the healthcare industry for over two decades, has published 14 books, over 200 technical articles, and is a member of numerous advisory boards. She has been Member of Technical Advisory Board at eGestalt Technologies Inc. since April 2013. Ms. Herold is also an adjunct professor for the Norwich University Master of Science in Information Assurance (MSIA) program. She holds CISSP, CIPP, CISM, CISA, and FLMI certifications.
Aleks has headed the Global Research and Analysis Team at Kaspersky Lab since 2008 till 2018, and specializes in all aspects of information security, including mobile malware. His responsibilities include detecting and analyzing new malware. His research and analytical articles are published both on dedicated IT sites and in the mass media. He has been with the company since 2002, and is based in Moscow. Prior to joining Kaspersky Lab, Aleks worked as CTO at KomiSat, as Manager of the ISP department at Komite, and as System Administrator at SMZ. In 1996, he founded the Republic of Komi Antivirus Center, and in 1998, he acted as project coordinator of the Wildlist Russia Project, an initiative which was launched with the aim of collecting and analyzing information about malware outbreaks in the Russian Federation.
E.J.Hilbert was previously working as Director of Risk and Compliance at Path Network. He was a managing Director with Kroll Advisory Solutions’s Cyber practice. Before joining Kroll he was the President of Online Intelligence. OI is dedicated to cleaning up the online advertising world by protecting advertisers brands, identifying spammers, scammers and virus writers while also shedding light on the illegal activities condoned by some affiliate networks. Prior to leading OI, Hilbert was MySpace’s Director of Security Enforcement. During that time MySpace noted a 98% decrease in spam and phishing attacks aginst its users.Hilbert is also a former Cyber and Counterterrorism Special Agent for the FBI. During his time in the FBI, he was the case agent for the numerous investigations to include the identity theives who utilized the website Carderplanet.com, the computer intrusion of the FBI.gov email servers and he brought treason charges against American Al Qeada spokesman Adam Gadahn.
Andrew Jaquith brings 20 years of IT and information security experience to Perimeter, most recently as a senior analyst with Forrester Research. At Forrester, Jaquith led team coverage for data, endpoint and mobile security topics and wrote 20 popular reports. Prior to Forrester, he was program manager in Yankee Group’s enabling technologies enterprise group, covering client security, digital identity and web application security. Before Yankee Group, he co-founded @stake, a security consulting pioneer, which Symantec acquired in 2004. He also held project manager and business analyst positions at Cambridge Technology Partners and FedEx. He holds a B.A. in Economics and Political Science from Yale University.
David Mortman has been doing Information Security for 20 years. He is currently Chief Security Architect and Distinguished Engineer at Dell Software, as well as a Contributing Analyst at Securosis. Most recently, he was the Director of Security and Operations at C3. Previously, Mortman was the CISO at Siebel Systems and the Manager of Global Security at Network Associates. He speaks regularly at Black Hat, Defcon, RSA and other conferences. Additionally, he blogs at emergentchaos.com, newschoolsecurity.com and securosis.com. He sits on a variety of advisory boards, including Qualys, Lookout and Virtuosi. He holds a B.S. in Chemistry from the University of Chicago.
Ben Tomhave, Manager of Security Engineering for a multinational education company and Principal at Falcon’s View Consulting, is a security industry veteran, progressive thinker and culture warrior. He holds an MS in engineering management from the George Washington University and is a CISSP. He’s previously held positions with Gartner, AOL, Wells Fargo, ICSA Labs, LockPath and E&Y. He is former Co-Chair of the American Bar Association Information Security Committee, a Senior Member of ISSA, former Board Member for the Society of Information Risk Analysts, and former Board Member for OWASP NoVA. He is a published Author and experienced public Speaker, including engagements with the RSA Conference, MISTI, ISSA, Secure360, RVAsec, RMISC, DevOps Connect, as well as Gartner events.
Shawn Henry is the President of CrowdStrike Services and CSO and a retired Executive Assistant Director of the FBI. Henry, who served in three FBI field offices and at the bureau’s headquarters, is credited with boosting the FBI’s computer crime and cybersecurity investigative capabilities. He oversaw computer crime investigations spanning the globe, including denial-of-service attacks, bank and corporate breaches, and state-sponsored intrusions. He posted FBI cyber experts in police agencies around the world, including the Netherlands, Romania, Ukraine and Estonia. He has appeared on 60 Minutes, CBS Evening News, Good Morning America, The Today Show, Dateline, and C-SPAN. He has been interviewed by Forbes, BusinessWeek, The Wall Street Journal, the Associated Press and USA Today.
Troels Oerting was the Group Chief Information and Security Officer at Barclays. He has more than 35 years’ experience in law enforcement—the last 15 in senior management positions in Danish and international police organizations with a focus on ICT security. He is the former Director of Danish NCIS, National Crime Squad, SOCA and Director of operations in Danish Security Intelligence Service. Assistant Director in Europol’s IMT Department, Assistant Director in Europol’s Operational Department and Head of European Cybercrime Centre (EC3) and acting Head of Europol’s Counter Terrorism and Financial Intelligence Centre.
Zane Lackey is the Co-Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Lackey was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, Network World, and SC Magazine. A frequent speaker at top industry conferences, he has presented at Black Hat, RSAC, USENIX, Velocity, Microsoft BlueHat, SANS, OWASP, QCon, and has given invited lectures at Facebook, Goldman Sachs, IBM and the Federal Trade Commission.
Richard Rushing is the Chief Information Security Officer for Motorola Mobility LLC. Richard participates in corporate, community, private, and government security councils and working groups, setting standards, policiesM, and solutions for current and emerging security issues. As Chief Information Security Officer for Motorola Mobility, he has led the organization’s security effort by developing an international team to tackle targeted attacks, cyber-crime, and emerging threats to mobile devices. He has organized, developed, and deployed practices, tools, and techniques to protect the enterprise’s intellectual property worldwide. A much-in-demand international speaker on information security, Richard has spoken at many of the leading security conferences and seminars around the world.
He is chief information security officer for Bank of America. He leads the Global Information Security team responsible for the bank’s information security strategy, policy and programs. He serves as a member of the Global Technology & Operations senior leadership team. Froelich has held leadership positions overseeing key components of the bank’s information security capabilities. He most recently led the Cybersecurity Technology team, responsible for innovation and architecture, engineering, development, deployment, maintenance and support of technology security controls. In addition, Froelich has held roles responsible for managing the company’s security operations, insider threat and information protection programs. Prior to Countrywide Financial’s acquisition by Bank of America, he was responsible for Countrywide’s cybersecurity technology, data and voice networks, crisis management and security operations. Froelich currently serves on the board of directors as chairman of the Financial Services-Information Sharing and Analysis Center (FS-ISAC) and the executive committee of BITS, the technology policy division of the Financial Services Roundtable. Previously, he held positions on the executive committee for the Financial Services Sector Coordinating Council, the board of directors of Mobile Anti-Abuse Working Group and GuardSight, and was the financial services sector representative for the U.S. Department of Homeland Security Cross Sector Cyber Security Working Group. Since 2010, he has filed for eleven information security patents.
Jared Carstensen is an internationally recognized information and cyber security professional with broad experience in the design, implementation and governance of security controls, business strategies and frameworks across global organizations, spanning multiple sectors. For the past 13 years, he has been advising Fortune 500, law enforcement and intelligence agencies, government and state departments, manufacturing, pharmaceutical, telecommunications, utilities and financial services entities on all areas of information and cybersecurity. He is the CISO for a FTSE 100 company located in Dublin, Ireland. He is a member of the IT Governance Institute Expert Panel, and is an author of the book “Cloud Computing: Assessing the Risks.” He has spoken at over 100 events globally.
Malik Mesellem is an IT security professional with over 15 years of experience. Malik has always had a passion for Ethical Hacking and Penetration Testing… obsessed with Windows and Web Application (in)Security. In 2010, he started his own company, MME BVBA. MME is specialized in IT Security Audits, User Awareness Campaigns, Vulnerability Assessments, Penetration Testing and Security Training. Malik gives master classes, lectures and workshops on conferences and for several institutions. Malik is an OWASP ZAP evangelist and used to be a mentor for the SANS Institute, mentoring the SANS ‘SEC560 – Network Penetration Testing and Ethical Hacking’ course. Malik is also the founder and developer of bWAPP. bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. It has 100.000+ downloads worldwide.
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. Cornell is an active member of the development community and a sought-after Speaker on topics of web application security, speaking at international conferences including TEDx, RSA Security Conference, OWASP AppSec USA and EU and Black Hat Arsenal.
Josh is currently Co-Founder and Chief Product Officer at IDRRA. Prior to joining IDRRA, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Josh is an experienced cyber security analyst who applies his analytical methodology to help organizations build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security posture. Josh has worked with numerous clients in both the public and private sectors at both the strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT), where he built from the ground up and subsequently ran the network, media, and malware analysis/forensics capabilities for US-CERT.
Jake Kouns is the CISO for Risk Based Security and oversees the operations of the Open Sourced Vulnerability Database (OSVDB.org). Kouns has presented at many well-known security conferences, including RSA, Black Hat, DEF CON, CISO Executive Summit, CanSecWest, SOURCE, FIRST and SyScan. He is the Co-Author of the books Information Technology Risk Management in Enterprise Environments (Wiley, 2010) and The Chief Information Security Officer (IT Governance, 2011). He holds both a bachelor of business administration and a master of business administration, with a concentration in information security from James Madison University. In addition, he holds a number of certifications including ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT.
Thom Langford is the Director of Sapient’s Global Security Office, responsible for all aspects of delivery and internal security, risk and compliance, and business continuity across Sapient’s global operations. Having successfully built security and IT programmes from the ground up, Langford brings an often opinionated view of risk, both in assessments and management, but manages to do so with humour and pragmatism (mostly). An international public speaker and award winning security blogger, he contributes to a number of industry blogs and publications. He is also the sole founder of Host Unknown, a loose collective of three Infosec luminaries, combined to make security education and infotainment films.
As head of IT Security for the Republic and Canton of Jura in Switzerland, Bruno is faced with the challenges of securing the city’s infrastructure and applications. Bruno is also part of the Swiss National Security Network, has twice been rewarded the French CSO of the year award, in 2005 and 2010, and has been a teacher at prestigious French Engineering university Mines Nancy. On top of that, Bruno has spoken at various InfoSec conferences and served as a supervisor for ISC2’s CISSP exam. For a taste of Bruno’s approach to being a CISO, his presentation on the CISO’s evolution for a recent ISC2 event offers fantastic insights.
Jaya Baloo the CISO of KPN Telecom in the Netherlands. She won the Cyber Security Executive of the Year Award in 2015. Baloo works with an amazing information security team of highly driven specialists. Working in the information security arena for the past 18 years, she has worked mostly for global telecommunications companies such as Verizon and France Telecom. Baloo is also a frequent speaker at security conferences on subjects around lawful interception, mass surveillance and cryptography.
Eddie Schwartz is VP of global cybersecurity and consulting solutions for Verizon Enterprise Solutions, with 25 years of IT and security technology management experience. Previously he worked as CISO for RSA, was Co-Founder/ CSO of NetWitness, CTO of ManTech, EVP of Global Integrity, CISO of Nationwide Insurance, and spent many years with the USG. Eddie recently chaired ISACA’s Global Cyber Security Taskforce and was a Computerworld 2013 Premier 100 IT Leader.
With over 10 years of experience in the information security field, She is focused on strong strategic planning, risk management and compliance, driving process adoption company-wide, and prioritizing information security resources and strengthening internal controls to minimize risk and improve business performance. Information Security Program Management, Risk Analysis, Governance, Policy Development and Implementation, Regulatory Compliance, Assessment and Evaluation of Information Security Controls, Driving Process Improvement, Implementing Governance Frameworks to Industry Standards (ISO, HITRUST, etc.).
Michael has been an independent information security consultant, executive, researcher, author, and catalyst with many years of information technology and business leadership experience. Michael’s current and previous executive positions include CSO, CISO and advising CIO. Michael D. Peters is a current member of the Metro Atlanta and Kentuckiana ISSA chapters, a founding member and past president of the Kentuckiana and Montgomery ISSA chapters. From a credential perspective, Michael holds an Executive Juris Doctor in Cyberspace Law; a certified MBA, undergraduate in IT Security, CISSP, CRISC, CISM, CCE, CMBA, SCSA, and is an ISSA Fellow. In the realm of thought leadership, he is the author of “Securing the C Level”, “Governance Documentation and Information Technology Security Policies Demystified”, “The Security Trifecta”, and thousands of blogging, tweeting, social media networking and professional network syndication and industry feature publications.
Myrna Soto is SVP and CIISO at Comcast. In her role, Myrna is responsible for Enterprise Information and Infrastructure Security for Comcast. She is also responsible for Synergy and Integration efforts with NBCUniversal. She is the Executive Champion for the Hispanic Affinity group at Comcast “Unidos.” She is also an Executive Committee Board Member of HITEC (Hispanic IT Executive Council) and is a Member of the Board of Directors for CMS Energy and Consumers Energy. Prior to Comcast, she served as CISO and VP of Information Technology Governance for MGM Resorts International. She also held senior leadership positions with American Express, Royal Caribbean Cruise Line, Norwegian Cruise Lines, Kemper and Broadspire.
Dan Lohrmann is an internationally recognized security leader, technologist and author. Lohrmann currently serves as Michigan’s Chief Security Officer (CSO). During his 26-year career which began at the National Security Agency, he has served both public and private organizations which span the globe as a network engineer, IT Director, CTO, CISO and CIO. He is the author of the book Virtual Integrity: Faithfully Navigating the Brave New Web. He is also a globally recognized speaker on many IT topics, including best-practice government technology plans. He has received numerous professional awards including CSO of the Year, Public Official of the Year and Computerworld Top 100. He serves as an adviser for Information Assurance (IA) programs at four universities.
Marc Goodman is a New York Times best-selling author, global strategist and consultant focused on the profound change technology is having on security, business and international affairs. He is the Founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. He has built his expertise in international cybercrime and terrorism, working with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO and the U.S. Government. His professional experiences include working as a police officer, undercover investigator and counterterrorism strategist. Goodman’s best-selling book, Future Crimes, was selected as Amazon’s Best Business Book of 2015 and has been named one of the Washington Post’s Top Ten Best Books of 2015.
Tom Stamulis is a Regional Director with Verizon’s Security Services. Stamulis has worked in information security for more than 20 years specializing in the financial, insurance and medical industries. He manages the delivery of a Security Management Program providing a programmatic approach to security management reducing security risks, improving overall security posture and enabling customers to meet Governance, Risk and Compliance issues. He spent 20 years in the U.S. Army serving in communications and as a Counterintelligence Agent. He holds a CISSP certification from (ISC)2, the CISM and CRISC from ISACA and the HISP certification focusing on international standards, best practices and comprehensive frameworks for developing robust and effective information security programs.
Dale is currently the Chief Security Strategist at Centurylink, a global telecommunications service provider specializing in Optical, Internet, VoIP and CDN services. Prior to CenturyLink, Dale worked for Level 3 Communications as their Global CSO. Dale has also worked for Qwest Communications and MCI, where he was responsible for Internet Security Operations and Engineering. Dale Drew is an accomplished and experienced corporate security executive with 31 years of experience in developing critical global security programs, working in Federal/State Law Enforcement and with Internet Service Providers (ISP). Dale brings a practical capability to integrating security into the culture of the business, enabling the company to be more flexible, with demonstrable results.