>
Countermeasure|2012 General Info Registration Program Call for Papers Presentations Speakers Training Location Sponsors News
Dave Aitel

Dave Aitel

Founder and CEO
Immunity Inc.

The Founder and CEO of Immunity, Dave Aitel, was a consultant with @stake and a research scientist with the National Security Agency. Dave's background lies in Linux and Unix systems. His focus changed to Windows exploitation after founding Immunity, and in more recent years has expanded to include web applications and engine development for CANVAS such as MOSDEF, the engine's C compiler. Dave continues to write CANVAS exploits and conduct security research while leading the technical team and product and service direction at Immunity. He oversees all technical projects at Immunity.

Dan Guido

Dan Guido

Co-Founder and CEO
Trail of Bits

Dan Guido leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in such massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries. Previously, Dan has worked for the Federal Reserve System where he proposed and developed a centralized function for threat intelligence; a team that used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. In addition to his professional work, Dan is a Hacker in Residence at NYU:Poly where he oversees student research and teaches classes in Application Security and Vulnerability Analysis, the two capstone courses in the NYU-Poly security program.

Dave Aitel

James Arlen

Principal, Push the Stack Consulting &
Co-Founder, OpenCERT Canada

James Arlen, CISA, is Principal at Push The Stack Consulting providing security consulting services to the utility and financial verticals. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than 18 years. James is also a co-founder of OpenCERT Canada, Canada's first community-based CERT, a contributing analyst with Securosis and contributor to the Liquidmatrix Security Digest. Best described as: "Infosec geek, hacker, social activist, author, speaker, and parent." His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Dave Aitel

David Mirza Ahmad

President
Subgraph

David has over 10 years experience in the information security business. He started his professional life as a founding member of Security Focus, which was acquired by Symantec in 2002. David also moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as editor for the Attack Trends section of IEEE Security & Privacy for over three years. His current passion is building Subgraph, a Montreal-based open source security start-up.

Luc Beaudoin

Luc Beaudoin

Chief of Cyber Operations
Canadian Cyber Incident Response Centre (CCIRC) - Public Safety Canada

Luc Beaudoin is the Chief of Cyber Operations at the Canadian Cyber Incident Response Centre (CCIRC), part of Public Safety Canada. Prior to joining CCIRC, Luc served ten years in the Canadian Forces as a telecommunication officer, during which he namely held the position of Watch Officer at the Canadian Forces Network Operations Centre. He also worked six years wi Defence Research and Development Canada - Network Information Operations section, where he led a number of cyber security research projects on situational awareness, dynamic risk response, decision making and automated network defense. Luc holds a degree in electrical engineering from the Royal Military College of Canada, a Masters in Business Administration from the University of Québec in Montréal, and a Master of Science from University of Ottawa. He is author of a number of Computer Network Defence research articles published with organizations such as IEEE and NATO.

Robert Beggs

Luc Beaudoin

President
Digital Defence

Robert Beggs is the President of DigitalDefence, a Canadian firm specializing in preventing and responding to data security and privacy breaches. He has been responsible for the technical leadership and project management of more than 300 consulting engagements, including policy development and review, standards compliance assessments, attack and penetration testing of wired and wireless networks, third party security assessments, incident response and forensics, and other projects. He is also the lead trainer and program developer for practical training in ethical hacking, incident response and data forensics.

 

Nishchal Bhalla

Luc Beaudoin

Founder
Security Compass

Nish is a frequent speaker on emerging security issues. He has spoken at reputed Security Conferences such as "RSA", "Black Hat", "Reverse Engineering Conference", "HackInTheBox", "Shmoocon", "CSI" and "ISC2's Infosec Conference". Mr Bhalla, the founder of Security Compass, SD Elements and SecurityByte, has been interviewed by and quoted in many publications. Nish has published multiple articles, and also co-authored and contributed to many books including Hacking Exposed Web Applications (2nd Edition), Buffer Overflow Attacks: Detect, Exploit & Prevent, Windows XP Professional Security, HackNotes: Network Security and Writing Security Tools and Exploits. Nish has also been involved in many open source projects.

Guy Bruneau

Guy Bruneau

Senior Security Consultant
ipss inc.

Guy is a senior security consultant with ipss inc. in Ottawa, Ontario. He works within ipss inc. security practice assisting clients with their security needs, implementation and engineering of intrusion detection/prevention systems (IDS/IPS) on large networks, integration of enterprise security management (ESM) solutions, network forensic analysis, network security auditing, and incident response and reporting. Guy holds the prestigious GIAC Security Expert (GSE) certification and successfully completed the SANS Cyber Guardian (Blue Team) program. He is a SANS certified instructor and a SANS Incident Storm Center handler. He authored the OS hardened Snort with Sguil IDS platform and DNS Sinkhole platform. Both ISO are freely available at http://handlers.sans.edu/gbruneau

Andrew Hay

Hugh Ellis

Director of Professional Services
VoIPshield Systems

Hugh Ellis started his career as a Communications and Electronics Engineer in the military, then moved to the Communications Security Establishment as a network and security engineer. He consulted in Ottawa as an IT security and risk management expert, and co-founded Cinnabar Networks in 1996. In 2006 Hugh continued with Bell Canada for two years after Bell acquired Cinnabar, and he is now Director of Professional Services at VoIPshield.

Andrew Hay

Andrew Hay

Chief Evangelist
CloudPassage, Inc.

Andrew Hay is the Chief Evangelist at CloudPassage, Inc. where he serves as the public face of the company and its IaaS cloud security product portfolio. Andrew Hay is a veteran information security professional with more than 12 years of experience related to endpoint, network and security management across various product sectors including security information and event management (SIEM), log management, deep packet inspection (DPI), vulnerability management, intrusion detection and prevention (IDS/IPS), firewall, threat intelligence, application whitelisting, network and host forensics, incident response and governance, risk and compliance (GRC). Andrew is an author of multiple books on security topics and has written articles for top trade publications like Information Week, DarkReading and Network Computing. He has received multiple industry honors and awards and frequently provides expert security commentary for journalists and industry events.

Ryan Kazanciyan

Kris Harms

Principal Consultant
Mandiant

Ryan Kazanciyan is a Principal Consultant with Mandiant specializing in incident response, forensic analysis, and penetration testing. He leads incident response and remediation efforts for Fortune 500 organizations with a focus on targeted attacks, industrial espionage, and financial crime. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He has taught courses on incident response, forensic analysis, and penetration testing at venues including Black Hat USA and Black Hat Abu Dhab and presented research at industry events, including Black Hat Federal, DoD CyberCrime, ShmooCon, Infragard, ISACA, SwA Forum, and AppSec DC.

Sherif Koussa

Mischel Kwon

Founder and Principal Consultant
Software Secured

Sherif Koussa is OWASP Ottawa Chapter President, SANS Steering Committee Member for GSSP-Java and GSSP-NET. He is also the founder and principal consultant at, Software Secured (www.softwaresecured.com). Sherif helps private and public organizations prevent data breaches and reduce/eliminate the risk of web attacks by using vigorous testing techniques to uncover vulnerabilities and help software organizations remediate them. Before starting Software Secured, Sherif designed and implemented software for 9 years, and created software for Fortune 500 companies.

Mischel Kwon

Mischel Kwon

President & CEO
Mischel Kwon and Associates, LLC

Mischel Kwon has more than 29 years of experience ranging from application design and development, network architecture and deployment, Information Assurance policy, audit and management, technical defensive security, large wireless system security, to building organizational and national level Computer Emergency/Incident Response/Readiness Teams. Since 2010, Mischel has been building MKA, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance. Her previous roles have included both US government and private sector cyber security positions - Director for the United States Computer Emergency Readiness Team (US-CERT), Deputy Director for IT Security Staff at the Department of Justice, and, before forming MKA, Vice President of Public Sector Security for RSA, The Security Division of EMC. Ms. Kwon holds an M.S. in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she has served as an adjunct professor at George Washington University in Washington, DC, where Ms. Kwon also runs the GW Cyber Defense Lab.

Zach Lanier

Zach Lanier

Security Researcher
Veracode

Zach Lanier is a Security Researcher with Veracode, specializing in network, mobile, and web application security. Prior to joining Veracode, Zach served as Principal Consultant with Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. He has spoken at a variety of security conferences, including INFILTRATE, ShmooCon, and SecTor, and is a co-leader of the OWASP Mobile Security Project. Zach likes Android, vegan food, and cats (but not as food).

Zach Lanier

Andrey Markov

Director of Security Research
VoIPshield Systems

As Director of Security Research at VoIPshield, Andrey Markov is heading a team of security researchers working on specific security vulnerabilities and threats related to IP Telephony applications, protocols and infrastructure. Andrey received his doctorate in Physics and Mathematics at the National University of Chernivtsy, Ukraine. He has held a number of research and development positions in Europe and North America, focusing on network protocols and security systems.

Zach Lanier

Barton McKinley

Enterprise Security Architect
Consultant

Mr. McKinley is an experienced Security and Enterprise Technology Architect and Auditor with 3 decades of experience working with clients like Apple, Cisco, IBM, Bell, Nortel and numerous departments in the Government of Canada. Over the years, Mr. McKinley has been responsible for the planning and deployment of many mid-size to large national and international security projects. Project durations have ranged from months to years with budgets ranging as high as 200 million dollars. In Canada, this has included work on projects and programs critical to the national interest (such as the Bank of Canada and the Canadian Payments Association), in order to assess their overall security posture and to recommend ways and means to close gaps and address identified threats. Recently he developed the security architecture for the Government of Canada (GC) PayMod project which will be deployed as a service in 2015, to provide secure pay services to 330,000 employees. Mr. McKinley is also an experienced post-secondary professor and a popular speaker, as well as a published author on information security, IT strategy and the human implications of technology adoption.

Andrew Reiter

Subu Ramanathan

Security Consultant
Security Compass

Subu Ramanathan is a security consultant with Security Compass. With his wide array of experience in the application security space, Subu plays a valuable part in Security Compass's Software and Enterprise Assessment Service practice. He is a senior application security professional with extensive experience in secure SDLC, application security assessments, framework level threat models and security source code reviews. Subu is also a secure software application development SME with experience in developing content for multiple ASP.NET secure development courses including SANS DEV544. Subu also spearheads Security Compass's mobile application security service offering. Subu brings to the table relevant experience in rendering exceptional quality application security services to the financial, energy, consumer business and telecommunication sectors. In addition to developing and teaching Security Compass's Building Secure Web Applications in ASP.NET, Subu regularly teaches courses in Exploiting and Defending Web Applications, Advanced Application Attacks and Mobile Hacking to Security Compass's client across the globe.

Andrew Reiter

Andrew Reiter

Security Researcher
Veracode

Andrew Reiter has been professionally involved with the security industry since the late 1990s. He has worked as a security researcher for Foundstone, BindView, and WebSense; currently, his research is being conducted at Veracode. Andrew is a former FreeBSD developer where he worked on the SMPng and TrustedBSD projects and holds a BS and MS in Mathematics from UMASS-Amherst.
 
 

Shyama Rose

Shyama Rose

Director of Software Security Engineering
CBS

Shyama Rose is the Director of Software Security Engineering at CBS. She uses her penetration testing and management roots to employ holistic, threat-focused approaches to the design and application of security programs in complex Fortune 100 enterprises. She authored the Center for Internet Security's Microsoft IIS 5.0/6.0 and Microsoft Office 2007 Security Guidance Benchmarks as well as contributed to the Microsoft SharePoint Server Guidance Benchmark. She is an adjunct lecturer on Security Program Management in NYU Poly's "Application Security" course and regularly speaks at security conferences.

Paul Royal

Paul Royal

Research Scientist
Georgia Tech Information Security Center

Paul Royal is a Research Scientist at the Georgia Institute of Technology, where he engages in collaborative research on various facets of the online criminal ecosystem. Prior to Georgia Tech, Royal served as Principal Researcher at Purewire, Inc, where he identified emergent threats and designed methods that enhanced the company's web security service. Royal often focuses on research topics interesting to both academics and industry practitioners, with previous work presented at Black Hat USA that subsequently appeared in ACM CCS. As a press resource on security issues, Royal has been repeatedly quoted in outlets such as USA Today, The Washington Post, and Forbes.

Peleus Uhley

Peleus Uhley

Platform Security Strategist
Adobe Systems, Inc.

Peleus Uhley is the Platform Security Strategist within Adobe's Secure Software Engineering Team (ASSET). His primary focus is advancing Adobe's Secure Product Lifecycle (SPLC) within Adobe platform technologies, including Flash Player and AIR. Peleus contributes to the web community by maintaining the OWASP Flash Security Project, being a participant in the W3C Web Application Security Working Group, and authoring the open-source Adobe SWF Investigator tool. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for @stake and Symantec.

Nart Villeneuve

Senior Threat Researcher
Trend Micro Canada

Nart Villeneuve is a Senior Threat Researcher at Trend Micro Inc. where he focuses on targeted malware attacks, botnets and the criminal underground. Prior to joining Trend Micro, Nart's technical research at the University of Toronto led to the discovery of two cyber-espionage networks, GhostNet -- which compromised diplomatic missions around the world -- and ShadowNet -- which extracted secret information from the Indian government.

Scott Wright

Scott Wright

Scott Wright, President
Security Perspectives Inc.

As creator of the Honey Stick Project, and co-host of the Social Media Security Podcast, Scott uses his 20 plus years of IT and security experience to teach teams about the user side of Internet security risks – in layman's terms and with recent case studies. He also teaches IT security courses in areas such as Threat and Risk Assessments and Building IT Security Programs for the CSEC IT Security Learning Centre. In his 2012 Honey Stick Project, performed for Symantec, Scott researched the "Opportunistic Human Threats" to lost smartphones by abandoning 50 phones around North America. That study revealed that only half of lost devices are likely to be returned, and over 80% are likely to be snooped for sensitive business and personal data. Across all of his projects, Scott's primary focus is on balancing technology and human factors in the management of information security for businesses.