Speaker Bios
Daniel Cid: Daniel B. Cid is the lead developer and founder of the OSSEC project. He has worked in the security area for many years, with a special interest in intrusion detection, log analysis and secure development. Daniel is currently working at Third Brigade as a principal researcher. Previously, he worked at Q1 Labs, Sourcefire and the National Institutes of Health. Daniel can be contacted at dcid@ossec.net.
Session: Host-based Intrusion Detection with OSSEC
Joel Esler: Joel Esler is a Senior Security Consultant at Sourcefire where he travels the world installing and configuring customer Sourcefire and Snort deployments. Joel teaches classes concerning Sourcefire and Snort, and participates in other public speaking engagements throughout the year. He also serves as an Incident Handler for SANS at the Internet Storm Center, the largest free threat analysis cell in the world. In addition, Joel is a GIAC Gold Advisor responsible for the technical grading of the SANS Gold certification process. He holds GCIA, SnortCP, SFCP and SFCE technical certifications.
Sessions:
Avoiding Pitfalls and Sandtraps: Lessons Learned from the Field
Common Mistakes Using Snort and How to Fix Them
Brandon Greenwood: Brandon Greenwood, GSE, GCFA, CISSP, SnortCP is the Manager of Network Operations and Security at XanGo, LLC. He holds a Bachelor of Science in Computer Science, Weber State University, 2004. His background includes working in the public and private sectors filling various network and security related roles and responsibilities. In his spare time, Brandon formed and operates the Utah Snort Users Group and works with SANS as an OnDemand question writer and Technical Director.
Session: Neutralizing the Insider Threat Through Flow Analysis
Lurene Grenier: Lurene Grenier is the analyst team lead for Sourcefire’s VRT and is currently working on the Metasploit 3 framework, primarily in the areas of shellcode encoding and exploit development. She has published papers on a variety of topics including C code auditing, frustrating disassemblers, and an early analysis of the unpatched Microsoft RPC memory exhaustion flaw. Day-to-day she works heavily with Microsoft products, reverse engineering userland and kernel space binaries for the purpose of vulnerability research and development. Her current research revolves around uniting fuzzers and debuggers to automate the process of exploit development. The analyst team at Sourcefire is responsible for all VRT rules development, so feel free to ask them your rules development questions!
Sessions:
Rapid Threat Response: A Day in the Life of the VRT
Understanding Exploitation Techniques in Defending the Network
Mike Guiterman: Mike Guiterman joined Sourcefire in June of 2006 as Director of Open Source and Compliance Marketing. In his role, Mike is responsible for defining product features and outreach programs that assist customers in addressing compliance with regulatory and industry standards. Mike is responsible for compliance issues for both Sourcefire’s 3D system as well as Snort. Prior to Sourcefire, Mike held senior product management and marketing positions with Intellitactics and CyberTrust where he was responsible for the strategic direction and product lifecycle of various security and compliance products. Mike holds a B.A from the University of New Hampshire and an MBA from the University of Maryland.
Session: Case Study in Leveraging 3D to Achieve PCI Compliance
Douglas Hurd: Doug Hurd joined Sourcefire in May 2004 as Director of Product Management and is responsible for Sourcefire’s global product and market strategies. Doug has 20 years experience in information technology, the last 11 in the security space. From 1989 until 2001 he lived in the United Kingdom and worked for McAfee Security in Product Management, Business Development and Channel Management, beginning at Trusted Information Systems which McAfee subsequently acquired in 1997. Before moving into the security industry, Doug worked in enterprise sales and European channel roles at Emulex, Thomas-Conrad and American Power Conversion Corporation.
Session: Need for Speed: Defending 10G Networks
Kevin Johnson: Kevin Johnson is a Senior Security Analyst with InGuardians. Kevin came to security from a development and system administration background. Hehas many years of experience performing security services for fortune 100 companies, and contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E., Samurai, SecTools and Yokoso! projects. Kevin is an instructor for SANS, authoring and teaching Security 542, Web Application Pen-Testing In-Depth and teaching other SANS classes such as the Incident Handling and Hacker Techniques class. He has presented to many organizations, including InfraGard, ISACA, ISSA and the University of Florida.
Sessions:
Samurai-WTF: The New Old Thing for Web Penetration Testing
Second BASE: The Next Five Years
Steve Kane: Steve Kane has over 10 years experience in technology management and marketing, primarily in the network security industry. Steve joined Sourcefire in 2005 as Sr. Product Manager for Sourcefire IPS and Snort. He is responsible for setting the strategic and tactical directions for these products. Prior to Sourcefire, Steve spent four years at McAfee as software engineering manager responsible for firewall and antivirus products. He holds a Bachelor’s Degree in Computer Science from Penn State University and an MBA from INSEAD.
Session: Implementing Data Leakage Prevention Within a Sourcefire Framework
Tomasz Kojm: Tomasz Kojm is the Clam Anti-Virus project founder and an Open Source enthusiast from Poland. He has been involved with ClamAV since 2002 and together with other developers joined Sourcefire in August 2007 after the company acquired the project. In his free time, Tomasz enjoys reading, traveling, turtles and spending time with his wife and dog.
Session: How to Block Out the Bad Stuff with ClamAV
Bryan Liles: Bryan Liles is the Principal Web Developer for Sourcefire. He is also a staunch Rubyist and security geek. Many years ago, Bryan started out as a Unix administrator and has dabbled in network architecture, network security and finally ended up writing code full time. When not working, Bryan is working on that next great “Technical Book,” and spending time with his kids and his wife.
Session: Lessons Learned While Creating a Unified v2 Parser in Ruby
Barry Lyons, IV: Barry Lyons, CISSP, Six Sigma Green Belt, is a Senior IA Systems Engineer for Northrop Grumman IT. He has architected many Defense-in-Depth solutions for Department of Defense and Civilian agencies. Along with security architecture and Cryptographic Key Management proficiency, Barry is a recognized Disaster Recovery and COOP expert. Prior to joining Northrop Grumman, Barry architected security solutions for the healthcare industry and was a frequent speaker at regional HIPAA summits.
Session: Strategies for Defending Web-Enabled Applications
Joseph McCray: Joseph McCray is the founder of LearnSecurityOnline and the Security Practice Lead at Extreme Networks. Joseph also teaches network security courses at Johns Hopkins University, The University of Maryland Baltimore County, CEDSolutions.com and TrainAce.com. He has also held multiple information assurance positions in the U.S. Army including Intrusion Analyst with a regional CERT Team.
Session: Open Source Penetration Testing Frameworks & Tool Kits
Dirk Morris: Dirk Morris is the co-founder and Chief Technology Officer of Untangle and visionary behind the Untangle Gateway Platform. Prior to Untangle, Dirk was Chief Architect at Akheron Technologies, where he invented the patent-pending High Bandwidth Transparent Vectoring used in the company's proxy firewall engine. He has also held positions as lead engineer at VerticalNet and H.L.L.C. Consulting, developing Java-based distributed monitor and intrusion detection systems. Earlier in his career, Dirk worked on survivability simulations at CERT/CC (Computer Emergency Response Team), the renowned, federally-funded Center for Internet security operated by Carnegie Mellon University. Dirk earned a Bachelor's degree in Computer Science with a minor in Mathematics from Carnegie Mellon University.
Session: Trade-Offs in Building Entire Networks in Software
Matthew Olney: Matthew Olney is a Research Analyst on the Vulnerability Research Team at Sourcefire. In addition to his day-to-day duties, which include vulnerability research and development, Snort rule writing and the QA of outgoing Snort rule sets, Matt assists the Sourcefire training group in course development and gives talks to Snort user groups and Sourcefire customers on Snort internals, rule development and other broad security issues. Matt brings to the VRT a strong operations background, having worked in network and security engineering roles with such organizations as Verisign, Network Solutions, Nortel and the Department of Defense.
Sessions:
Writing Effective Snort Rules: Part I, Snort Engine and Preprocessor Architecture
Writing Effective Snort Rules: Part II, Optimizing for Performance and Accuracy
Steve Piper: Steve Piper is a seasoned Marketing veteran with over 16 years of high-tech experience. Steve joined Sourcefire in 2006 as Director of Product Marketing and is responsible for product messaging, sales tool creation, field readiness and competitive analysis. Prior to Sourcefire, Steve spent six years at Citrix helping to grow the business from $15 million to $600 million in annual revenue, penetrating 100% of the Fortune 500. Steve has also held senior-level Marketing positions with NetIQ and Oblicore. He holds a Bachelor’s Degree in Business Management and an MBA from George Mason University, as well as CISSP and SFCP technical certifications.
Session: Leveraging User Identity in the Sourcefire 3D System
Ivan Ristić: Ivan Ristić is a web security specialist and the principal author of ModSecurity, the open source intrusion detection and prevention engine for web applications. Ivan also wrote Apache Security, a concise yet comprehensive web security guide for administrators, system architects and programmers. Ivan is an active participant in the web application security community, an officer the Web Application Security Consortium and leader of the OWASP London Chapter.
Session: Web Intrusion Detection With ModSecurity
Martin Roesch: Martin Roesch founded Sourcefire in 2001 and serves as its Chief Technology Officer. A respected authority on intrusion prevention and detection technology and forensics, he is responsible for the technical direction and product development efforts. Martin, who has 17 years industry experience in network security and embedded systems engineering, is also the author and lead developer of the SNORT® Intrusion Prevention and Detection System (www.snort.org) that forms the foundation for the Sourcefire 3D System. He has developed various network security tools and technologies for organizations such as GTE Internetworking, Stanford Telecommunications, Inc., and the Department of Defense. In 2006 Martin was named as one of InformationWeek's 18 "Innovators and Influencers" and was a recipient of 2004 InfoWorld IT Heroes Innovator Award. Martin holds a B.S. in Electrical and Computer Engineering from Clarkson University.
Session: Welcome, Opening Remarks and Keynote Address
Justin Searle: Justin Searle is a Senior Security Analyst with InGuardians. He specializes in network security architecture, penetration testing, and PCI compliance. Prior to InGuardians, Justin served as the IT Security Architect for JetBlue Airways, where he re-designed the infrastructure for PCI compliance. He has also provided top-tier support for some of the largest supercomputers in the world. Justin has taught courses in hacking techniques, intrusion detection, forensics and Cisco networking. He has presented at a number of security conferences including DEFCON, ToorCon, and SANS. Justin has an MBA in International Technology, as well as the CISSP, SANS GCIH, and SANS GCIA certifications.
Sessions:
Samurai-WTF: The New Old Thing for Web Penetration Testing
Second BASE: The Next Five Years
Russell Sutherland: Russell Sutherland is the supervisor of network development and implementation at the University of Toronto. He also directs the middleware and identity management systems. A long time Unix user and developer, he has been active in the implementation of Open Source projects for the past 15 years. In his spare time, he enjoys cycling, travel and theology (not necessarily in that order).
Session: Open VPN: Secure Remote Access for the Masses
Charlie Vedaa: Charlie Vedaa is a Network Architect at the FBI's CJIS Division. He's spent the last 10 years designing, deploying, and maintaining secure network infrastructures. He founded PacketProtector.org in 2006, with the goal of bringing the power of open source security software to wireless routers everywhere.
Session: Running Snort and ClamAV on your Wireless Router
Leon Ward: Leon Ward joined Sourcefire in 2005 as a Senior Security Engineer focusingon the EMEA region. Prior to joining Sourcefire, Leon was involved inthe design and development of SNORT-based Intrusion PreventionSystems. He applies his strong background in UNIX security andprotocol analysis to overcome the challenges of network security monitoring in the enterprise, specifically in the areas of networkintrusion prevention, threat mitigation, event analysis andvulnerability assessment. Leon is a SFCE and a CISSP.
Session: Using White Lists for Continuous Monitoring of IT Policy Compliance
Reed Warner: Reed Warner currently serves as the Director of Information Security Systems at Protective Life Corporation. In 2004 he became the second employee of the company’s Information Security Department, which started in 2002. His primary responsibilities include management of the Intrusion Detection System, Security Event Information Management tools, incident response, forensic investigations, and vulnerability assessments. Reed is also an Adjunct Instructor in the Information Systems Security Program for ITT Technical Institute. Reed holds a BS in Computer Science from the University of Alabama and three GIAC certifications, including GIAC Security Essential Certification (Gold), GIAC Certified Intrusion Analyst (Silver), and GIAC Certified Incident Handler (Silver).
Session: Using White Lists for Continuous Monitoring of IT Policy Compliance
Michael Wilcox: Michael Wilcox is the Corporate IT Security Manager at Newell-Rubbermaid. With over 12 years of IT experience, Michael has worked in many areas of IT Security including incident response, vulnerability assessment, encryption, forensics, identity management, and policy development. Prior to Newell-Rubbermaid, he worked as Technical Instructor/Network Manager for a computer training company and Manager of Interactive Services for an advertising agency. Michael holds various IT certifications including CISSP, CISM, MCSE, and ITIL Foundations.
Session: Leveraging User Identity in the Sourcefire 3D System