Advisory Board
Dr. Adam O’Donnell , Director, Emerging Technologies at Cloudmark, Inc
Adam J. O'Donnell is the Director
of Emerging Technologies at Cloudmark, a leading
anti-messaging abuse company located in
San
Francisco. He completed his PhD as a NSF Graduate
Research Fellow in
Drexel
University's department
of Electrical and Computer Engineering in 2005. In a former life, Adam designed
RF amplifiers at Lucent Technologies, while more recent times have found him
holding a research positions at Guardent, Inc, and various other members of the
computer security industry. Adam has worked on several books, serving as the
technical editor and contributor to "Building Open Source Network Security
Tools", a contributing author on "Hacker's Challenge", and
co-author of "Hacker's Challenge 2". His current interests are
distributed system security and security economics.
Recent Articles and Talks:
A. J. O’Donnell, “Real-World Testing of Email Anti-Virus Solutions”, Virus Bulletin, March 2007, pp. 10—12 A. J. O’Donnell, “The Evolutionary Microcosm of Stock Spam”, IEEE Security & Privacy, vol. 5, no. 1, January/February 2007, pp. 70—72
A. J. O’Donnell and V. V. Prakash. Applying Collaborative Anti-Spam to the Anti-Virus Problem. In Virus Bulletin, Montreal, Quebec, Canada , October 2006.
A. J. O’Donnell,
W. C. Mankowski, and J Abrahamson. Using E-Mail Social Network Analysis for
Detecting Unauthorized Accounts. In Conference on Email and Anti-Spam
(CEAS),
Mountain View,
CA, July 2006.
Chris Eng, Director of Security Research at Veracode
Chris Eng leads Veracode's
application security research lab and is primarily responsible for driving
innovation and thought leadership. Drawing on nearly a decade of professional experience in information
security, he works closely with the CTO to ensure Veracode's technology and
strategy are industry relevant and aligned. He monitors attack trends, analysis techniques,
and other advances in application security to keep Veracode's efforts focused
on timely and emerging threats. Additionally, he provides guidance to engineering and service delivery
to maximize the accuracy and consistency of Veracode's security analysis
service.
Prior to joining Veracode, Mr. Eng was a Technical Manager for Symantec
Professional Services, the division of Symantec responsible for security
consulting. As a senior technical lead,
he delivered high-profile security assessments for numerous Fortune 500
companies, focusing primarily on penetration testing of critical web
applications, commercial software, and networks.
Before joining Symantec
through acquisition in 2004, Mr. Eng was a Principal Consultant and then
Technical Director of @stake, Inc., where he led the delivery of security
assessments and developed WebProxy, an @stake product
used for penetration testing web applications. He also authored internal whitepapers and developed many of @stake’s
delivery methodologies.
Prior to @stake, Mr. Eng was an
Electrical Engineer for the US Department of Defense. As a member of the
National Security Agency’s “Red Team,” he conducted vulnerability research and
performed penetration tests to strengthen the security of
US
government
and military networks. His prior work at
the NSA consisted mostly of hardware-related pursuits, with an emphasis on
analyzing/testing embedded systems and ASICs.
Mr. Eng has presented on application security
topics at the Black Hat Briefings and has been quoted in industry publications
including CIO Magazine, eWeek, and Dark Reading. He earned his Bachelor of Science degree in
Electrical Engineering and Computer Science from the
University
of
California in
Berkeley,
CA.
Christien Rioux, Chief
Scientist at Veracode
Christien Rioux, co-founder and
chief scientist of Veracode, is responsible for the
technical vision and design of Veracode’s advanced security technology. Working
with the engineering team, his primary role is the design of new algorithms and
security analysis techniques.
Before founding Veracode, Christien was one of founding
employees of @stake, a security consultancy firm, as well as L0pht Heavy
Industries, a renowned security think tank. Christien was a research scientist
at @stake, where he was responsible for developing new software analysis
techniques and for applying cutting edge research to solve difficult security
problems. He also led and managed the development for a new enterprise security
product in 2000 known as the SmartRisk Analyzer
(SRA), a binary analysis tool and its patented algorithms, and has been
responsible for its growth and development for the past five years.
At L0pht, Christien was a senior developer. He co-authored the best-selling
Windows password auditing tool @stake LC (L0phtCrack) and the AntiSniff network intrusion detection system. His other
activities with L0pht included significant security research, publication work
and public speaking engagements.
Christien earned his Bachelor of
Science Degree from Massachusetts Institute of Technology.
Christopher Wysopal, Chief Technology Officer at Veracode
Chris Wysopal is recognized as an
expert and a well known speaker in the information security field. He has
given keynotes at computer security events and has testified on Capitol Hill on
the subjects of government computer security and how vulnerabilities are
discovered in software. He also has spoken as the keynote at West Point, to the
Defense Information Systems Agency (DISA) and before the International Financial
Futures and Options Exchange in
London.
His opinions on Internet security are highly sought after and most major print
and media outlets have featured stories on Wysopal and his work.
Wysopal’s groundbreaking work in 2002 while at the company @stake
was instrumental in developing industry guidelines for responsibly disclosing
software security vulnerabilities.
Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Wysopal is a also founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities and a co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack). Wysopal was an original member of first security research think tank known as L0pht Heavy Industries and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security.
Wysopal wrote The Art of Software
Security Testing: Identifying Security Flaws, published by Addison Wesley and
Symantec Press in December 2006 and earned his
Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer
Polytechnic Institute in
Troy,
New York.
Michael Murray, Director of Neohapsis Lab
Mike has spent his entire career
in information security, starting in the late 90's as a penetration tester and
vulnerability researcher up to his current position as the Director of Neohapsis Labs, where he heads up research, testing and
analysis of security products. His years of experience as a vulnerability
researcher and leader of research teams have convinced him that the most
important system to focus on in information security is the human system.
His past few years, while continuing his work on the information security side
with nCircle, LURHQ and Liberty Mutual, have been
spent focusing extensively on the human side of security. His work
helping other security professionals realize how to build a great career in
security has been widely recognized and his talks at major conferences about
advanced social engineering techniques have been extremely well-reviewed.
Mike's thoughts can be found on his blog at Episteme.ca, as well as his career site at
ForgetTheParachute.com.
Oliver Day, Security Researcher at Stopbadware
Oliver Day is currently a
researcher for the Stopbadware project at the
Berkman
Center for Internet and
Society. His research efforts are
helping discover patterns in online crime against consumers in an effort to
develop new policies. He is also a
degree candidate at
Harvard
University's
Extension
School
concentrating on East Asian culture and history.
Mr. Day joined Rapid7 in 2007 as a
Senior Security Consultant and PCI portal developer. Oliver has over 10 years of security related
experience including 2 years as a Principal Security Architect with @stake and
3 years as an engineer with eEye Digital
Security. He has performed engagements
for numerous Fortune 500 firms specializing in web application penetration.
Raffael Marty, Chief Security Strategist and Senior Product
Manager at Splunk
As chief security strategist and
senior product manager, Raffy is customer advocate
and guardian - expert on all thingssecurity and log analysis at Splunk. With customers, he uses his skills in data
visualization, log management, intrusion detection, and compliance to solve
problems and create solutions. Inside Splunk, he is
the conduit for customer issues, new ideas and market requirements to the
development team. Fully immersed in industry initiatives, standards
efforts and activities, Raffy lives and breathes
security and visualization. His passion for visualization is evident in the
many presentations he gives at conferences around the world.
Active in standard committees like CEE (common event expression) and OVAL (open
vulnerability and assessment language), he is also creator of automation tools
Thor and AfterGlow, founder of the security
visualization portal http://secviz.org, and contributing author to a
number of books on security and visualization. Before coming to Splunk he managed the solutions team at ArcSight,
was an IT security consultant for PriceWaterhouse Coopers, and was a member of the Global Security Analysis Lab at IBM Research,
where he participated in various intrusion detection related research projects.
Rob Cheyne, CEO of
Safelight Security Advisors
Rob Cheyne is founder and chief
executive officer of Safelight Security Advisors, a leading security education
and consulting company in the Boston Area. He is a strong advocate for proactively addressing security issues and
he has taught information security training classes to thousands of developers,
architects and managers over the past four years.
Rob has 17 years of experience in
the information technology field and has been working in the information
security field since 1998. He has played the role of software developer,
systems integrator, security expert, consultant, trainer and entrepreneur,
which gives him a unique and balanced blend of business and technical
expertise.
Rob was one of the founding
employees of @stake, a highly regarded pioneer in information security
consulting. He helped develop application security assessment methodologies
that are still in use today and led @stake's Application Security Center of
Excellence for two years. He has led and conducted secure architecture and
design reviews, secure code reviews, application penetration tests, and various
types of specialized security audits for Fortune 500 companies.
Rob was also a co-author of the
award-winning L0phtCrack password auditing software and he worked on @stake's SmartRisk Analyzer team, which was eventually spun-off as Veracode.
Steve Kirk, Sr. Manager
of Studio Applications & Storage at Sony and Chief Network Architect at DefCon
As the Senior Management for
Product Development and IT for Sony Playstation in
San Diego, Steve runs the
Studio Applications & Storage (SAS) Group which supports all studio
development software systems, including studios' on-site helpdesk groups
(approx 1/3 of the entire PD-IT Division).
While pursuing his BS in Business
Admin (MIS) at UNLV, Steve worked in Computer Operations for Bank of America in
Nevada where
he was responsible for interfacing with every department and branch to ensure
proper systems reporting. He later moved into the main computer room
where he was a mainframe systems operator--literally running the bank! After
graduation Steve went to work for Dell in
Austin,
TX; initially as a systems
engineer, later moving into Product Marketing for optical storage (developing
Dell's first DVD product, first CD-RW product, and helping to design the
industry's first 40x CD-ROM drive).
In 2000 he moved into the Software Group where he became a Development Manager for Windows Client OS development, successfully launched WindowsME and later WindowsXP. While Windows Vista (then "Longhorn") was in early development, he left Dell and moved west to Los Angeles where he began work at Insomniac Games in Burbank, an exclusive Playstation games developer, as their Director of IT. He spent 3 1/2 years stripping the studio down and rebuilding the entire infrastructure and security, enhancing systems and networking to help support the studio as it moved into Playstation3 and HighDef games development. He has also been a key figure at Defcon, since first attending in 1995. It was here that he met Jeff Moss, owner of DefCon and BlackHat, and Steve was invited to run the network for DC4.
Since then Steve has stayed on as Chief Network Architect Goon,
building up a staff of diverse backgrounds and skills from the
US
& the
UK
.
Steve was also a founding member
of the Hacker Foundation, a 501(c)3 non-profit
organization supporting humanitarian & community efforts through the
advanced skill-sets of the hacker/security community. He was on the Board of
Directors from 2004-2007, and President for a period in 2007.
Stacy Thayer, Founder of Bitmark Concepts and SOURCE Conferences
Prior to founding Bitmark Concepts, Stacy was employed as a Research Analyst for
Linkage, Inc, a Fortune 500 company, where she worked with other Fortune 500
organizations to examine best practices in leadership development, training,
and business practices.
Stacy first entered the
computer fray in 1994, when she began calling local BBSes and attending
Boston
2600 meetings. After several years of software consulting during college, she
went on to graduate school where she examined online communication behaviors
and internet psychology. During this time she also had an award winning
interactive website, and was one of the first web developers to utilize
chat-rooms, web cams, message boards, blogs, and other interactive media. Her
site was used as example of online interpersonal interactions in several university
classrooms, including Massachusetts Institute of Technology. She is currently
completing her PhD in Business Psychology with the goal of graduating in March
2008.
Recent Publications and Presentations:
Thayer, S. E. & Ray, S. (2006). Online Communication Preferences across Age, Gender, & Durations of Internet Use. Journal of CyberPsychology & Behavior, 9, 432-440.
Thayer, S. E. The Culture of Internet Communication: Bridging Cultural Gaps Online. Presented at the International Learning Symposium. Boston, MA, May 15, 2004.
Thayer, S.E. Online Communication Styles. Presented at the International Conference of Social Sciences, Hawaii, June 2003.