CONFERENCE FACULTY

Quick links
Monday technical classes
Tuesday full-day tutorials
Conference program home page

Danny Allan

Danny Allan is director of security research with Watchfire. He joined the company in 2000, bringing with him several years of business and technology-related experience, including penetration testing and internal system remediation for one of Canada’s biggest universities. In his role as security analyst, he is closely involved with enterprise global customer deployments, researching and evaluating technologies and helping define and recommend strategic directions for Watchfire’s security solutions.

In his five years with Watchfire, Mr. Allan has held several critical customer facing positions, including team lead, consulting services and sales engineer. He has published several white papers and articles and participates in security industry working groups. Mr. Allen holds a bachelor of commerce with a major in information systems from Carleton University.

Joe Basirico

Joe Basirico works at Security Innovation, delivering the company’s security training curriculum to developers and testers from numerous world-class organizations, such as Microsoft, HP, ING and EMC. Mr. Basirico has spent the majority of his educational and professional career studying security and developing tools that assist in the discovery of security vulnerabilities and general application problems.

Mr. Basirico has written numerous security white papers that focus on vulnerabilities at the source code level, including a comprehensive “Static Analysis Tools” research report; he is a seasoned practitioner and researcher in the field of incorporating security into the software development life cycle and a highly demanded presenter on the topic of software development best practices. He holds a B.S in computer science from Montana State University.

Ryan Berg

Ryan Berg is a co-founder and chief scientist of Ounce Labs, an innovator of software vulnerability risk management solutions, based in Waltham, Mass. Prior to Ounce Labs, Mr. Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which was sold to WatchGuard Technologies in 2000. He also served as a senior software engineer at GTE Internetworking, leading the architecture and implementation of new managed firewall services. He holds patents, and has patents pending, in multilanguage security assessment, intermediary security assessment language, communication protocols and security management systems.

Chris Bush

Chris Bush, CISSP, is an information security analyst with KeyBank. He has more than 16 years of experience in architecting and engineering information technology solutions. His broad technology-based background ranges from systems and network engineering to software development. Mr. Bush’s experience spans a diverse set of industry sectors—from defense and aerospace to global manufacturing and financial services. For the past six years, he has been deeply involved in delivering information security solutions, focusing on application security and secure code development issues. He has also been involved with ISSA for several years, and currently serves as the vice president of operations for the NE Ohio Chapter. Mr. Bush holds an M.S. in computer science from Binghamton University, where his research focused on computational intelligence and genetic algorithms.

Djenana Campara

Djenana Campara is CEO of KDM Analytics, and has more than 20 years of experience and leadership in the software engineering field. She chairs the Object Management Group Architecture-Driven Modernization Task Force and Software Assurance Special Interest Group, and serves as a board member on the Canadian Consortium of Software Engineering Research (CSER).

Previously, Ms. Campara was chairwoman and CTO of Klocwork, the company that she founded in 2001 after successfully spinning it out of Nortel Networks and establishing it as an independent company. She has been awarded four U.S. patents for her groundbreaking static analysis techniques implemented in Klocwork’s products.

Brian Chess

Brian Chess is the chief scientist at Fortify Software. Dr. Chess’ work focuses on practical methods for creating secure systems. He draws on his previous research in integrated circuit test and verification to find new ways to uncover security issues before they become security disasters. Dr. Chess has his Ph.D. in computer engineering from UC Santa Cruz.

Himanshu Dwivedi

Himanshu Dwivedi is a founding partner of iSEC Partners LLC—an information security organization. Mr. Dwivedi has more than 12 years’ experience in security and information technology. Before forming iSEC, he was the technical director for @stake’s Bay Area practice. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on secure network architecture and server risk assessment. Additionally, Mr. Dwivedi has focused on Voice-Over-IP Security, concentrating on H.323 and SIP authentication/authorization attacks.

Mr. Dwivedi currently has a patent pending on a storage design architecture that he co-developed while at @stake. He also has published two books: “Securing Storage” (Addison-Wesley Publishing) and “Implementing SSH” (Wiley Publishing).

Mark Hearn

Mark Hearn, product manager at Cloakware, is responsible for the Cloakware Security Suite and Cloakware Robustness Solutions product lines, which provide software protection against reverse-engineering, tampering and automated hacks. He has been instrumental in guiding Cloakware’s core security offering from a single security technique into a multilayered suite of security products for enterprise, federal, mobile and device markets.

Mr. Hearn has more than 12 years of technical and business experience, including four years as a software developer. He is proficient in all aspects of software delivery to market, particularly within the realms of software security products and network management applications. In his career, he has successfully delivered a variety of multimillion-dollar products to market.

Greg Hoglund

Greg Hoglund, CEO of security firm HBGary, has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners, installed in more than half of all Fortune 500 companies, he created and documented the first Windows NT-based rootkit, founding www.rootkit.com in the process. Mr. Hoglund went on to co-found Cenzic (formerly known as ClickToSecure), through which he orchestrated numerous innovations in the area of software fault injection. He is a frequent speaker at Black Hat, RSA and other security conferences and the co-author of “Exploiting Software: How to Break Code” and “Rootkits: Subverting the Windows Kernel.”

Paco Hope

Paco Hope, CISSP, is a senior security consultant with Cigital. His areas of expertise include application security, LAN and host security, smart cards and PKI. Mr. Hope has published articles on abuse cases in software design, PKI and Unix host security features. He is also co-author of “Mastering FreeBSD and OpenBSD Security.”

Prior to joining Cigital, Mr. Hope served as director of product development for Tovaris and head systems administrator in the department of computer science at the University of Virginia.

Dennis Hurst

Dennis Hurst is a developer security evangelist for SPI Dynamics and head of SPI Dynamics’ Sales Engineers, where he leads a team of Web application security experts that assist in the sales process. With more than 15 years of industry experience, he is an expert in system design, implementation and maintenance of complex multivendor, multiplatform computer applications and networks. He currently works with development organizations evangelizing the need to integrate security into the software development life cycle. Mr. Hurst was recently named a Microsoft Developer Security MVP. He is also a Microsoft Certified Solution Developer (MCSD) and a Certified Novell Engineer (CNE). He has published articles and developed classes on the secure application development process, and has spoken on the topic of Web application security and secure coding best practices at notable IT security and developer-focused industry events.

David C. LeBlanc

David C. LeBlanc is a senior developer in Microsoft’s Office division, where his job is to improve application security across all Office applications. He is the co-author of “Writing Secure Code,” “Assessing Network Security,” “19 Deadly Sins of Software Security” and the upcoming “Writing Secure Code for Windows Vista” and has written numerous articles on operational and application security.

Mr. LeBlanc also has worked in Microsoft's operational network security group and is the author of numerous security assessment tools. Before joining Microsoft in 1999, he worked for Internet Security Systems and was the lead developer on its Internet Scanner product.

Jeff Luszcz

Jeff Luszcz is a co-founder and vice president, services and support, for Palamida. He leads the professional services team responsible for large-scale enterprise audits. Previous to Palamida, Mr. Luszcz was senior software engineer at Cacheon, responsible for research and development. He also served as a senior engineer on the development team and technical lead for Fortune 500 customer engagements.

He spent six years as a software engineer at NASA Ames Research Center where he implemented software for simulation and visualization of innovative flat panel display technology and their related human factors. Mr. Luszcz has served as a technical editor for Wrox Press. He received his B.S. from Cornell University.

Gary McGraw

Gary McGraw is CTO of security firm Cigital. He provides strategic advice to major software producers and consumers, and has written more than 90 peer-reviewed technical publications. He also functions as principal investigator on grants from DARPA, National Science Foundation and NIST’s Advanced Technology Program. Dr. McGraw serves on advisory boards of Authentica, Counterpane and Fortify Software, as well as advising the CS department at UC Davis, the CS department at UVa, and the School of Informatics at Indiana University. Dr. McGraw holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from UVa.

Dr. McGraw is the author of six best-selling books: “Software Security: Building Security In” (Addison-Wesley, 2006), “Exploiting Software” (Addison-Wesley, 2004), “Building Secure Software” (Addison-Wesley, 2001), “Software Fault Injection” (Wiley, 1998), “Securing Java (Wiley, 1999) and “Java Security” (Wiley, 1996).

Caleb Sima

Caleb Sima is the co-founder and chief technology officer of SPI Dynamics. He is responsible for directing the life cycle of the company’s Web application security solutions and is the director of SPI Labs R&D team within SPI Dynamics. Mr. Sima has been engaged in the Internet security arena since 1996, and has become widely recognized as an expert in penetration testing and for identifying emerging security threats.

He is a frequent speaker and expert resource for the press on Internet attacks. He is also a contributing author to various magazines and online columns, and is a co-author of the book “Hacking Exposed Web Applications: Web Security Secrets & Solutions,” Second Edition. Mr. Sima is a member of ISSA and one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).

Joe Stagner

Joe Stagner works at Microsoft as a developer community champion with the Microsoft Developer Network Team. His development experiences have allowed him to create commercial software applications across a wide diversity of technical platforms from mainframes through Unix and Linux, to Microsoft technologies on the Intel and mobile computing platforms.

Mr. Stagner presents regularly with Microsoft MSDN Events and recently presented “How Hackers Hack, Hacking BACK,” one of the highest-attended sessions at Microsoft Tech-Ed, and “Developing Secure Code in the Microsoft Platform,” at the International Semiconductor Software Symposium. He is currently developing a Secure Development Web Cast Series for Microsoft at www.DigitalBlackBelt.com.

John Steven

John Steven is a technical director with Cigital and a founding member of the company’s Office of the CTO. He has more than eight years of experience consulting on distributed systems architecture, operating systems and software quality and security research. Mr. Steven designed and developed jRapture, a capture/replay tool with profiling support for the Java 2 platform. His work was presented at the 2000 International Symposium on Software Testing and Analysis (ISSTA).

Mr. Steven has served on conference panels covering software security, wireless security and Java EE system development. He is currently under contract with Addison-Wesley to publish a book on developing large-scale Java EE software securely. In addition to his extensive Java software development and testing experience, Mr. Steven has served as a technical adviser on large financial securities trading systems, including a Java EE-based municipal bond trading system.

Herbert H. Thompson

Herbert H. Thompson is the chief security strategist at Security Innovation. He has co-written or edited 12 books, including “How to Break Software Security: Effective Techniques for Security Testing” (with Dr. James Whittaker), and most recently, “The Software Vulnerability Guide.” As the chair of the Application Security Industry Consortium (AppSIC), he leads an association of industry technologists and leaders to help establish and define cross-industry application security guidance and metrics.

Dr. Thompson has authored more than 60 academic and industrial publications on software security. He earned his Ph.D. in applied mathematics from Florida Institute of Technology, where he remains an adjunct professor.

Roger Thornton

Roger Thornton is a founder and the CTO of Fortify Software. Over the past 16 years in the Silicon Valley, he has provided technical leadership in the architecture, development and launch of numerous commercial products and online services (ranging from development tools and operating systems to large-scale e-commerce systems) at some of the world’s premier technology firms (including Apple/Taligent, Sun/JavaSoft, E*TRADE and eBay). Most recently, leading to the founding of Fortify, Mr. Thornton’s focus has been on the security and reliability of mission-critical enterprise systems. An expert and pioneer in the field, he regularly presents at industry conferences and consults with Fortune 500 customers on addressing information security through improved software development processes.

Kenneth R. van Wyk

Kenneth R. van Wyk is the principal consultant of KRvW Associates, and is author of “Incident Response” and “Secure Coding: Principles and Practices,” as well as a monthly columnist for eSecurityPlanet. Mr. van Wyk is also a visiting scientist at the Software Engineering Institute of Carnegie Mellon University, where he is a course instructor and consultant to the CERT Coordination Center.

Mr. van Wyk previously held senior information security technologist roles at Tekmark’s Technology Risk Management practice, Para-Protect Services, and Science Applications International. He was also the operations chief for the U.S. Defense Information Systems Agency’s DoD-CERT incident response team, as well as a founding employee of the CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute.

Mr. van Wyk has served as the chairman and as a member of the steering committee for the Forum of Incident Response and Security Teams organization, and is a CERT Certified Computer Security Incident Handler.

Jacob West

Jacob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. He brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail.

Before joining Fortify, Mr. West worked with David Wagner at the University of California at Berkeley to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Mr. West spends time speaking at conferences and working with customers to advance their understanding of software security.

Jeff Williams

Jeff Williams is CEO of Aspect Security. His extensive security experience includes application security, network security, assurance, cyberlaw, policy, risk management and compliance. He covers these topics in security bootcamps that focus on practical application of security fundamentals to real-world business operations. Prior to founding Aspect, Mr. Williams was responsible for creating security services and supporting a worldwide staff of security engineers at Exodus. He worked closely with the health-care, financial and insurance industries to create HIPAA, GLBA and cyberinsurance security products and services. He is an expert in Java security and has led several advanced research and development projects. He also chaired the group responsible for creating ISO 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM). Mr. Williams has a B.A. in psychology and computer science from the University of Virginia, an M.A. in human factors engineering from George Mason University, and a J.D. cum laude from the Georgetown University Law Center.

Alan Zeichick

Alan Zeichick is conference chairman for the Software Security Summit, and is co-founder and editorial director of BZ Media’s SD Times, Software Test & Performance and Eclipse Review publications. A mainframe programmer systems analyst and DoD IT contractor in the early 1980s, Mr. Zeichick later served as the editorial director of the Computer Security Institute, as well as editor-in-chief of Network Magazine. Mr. Zeichick is a popular speaker and writer, and is an often-quoted technology analyst. He has a B.A. in mathematics and computer science from the University of Maine.