Matthew Luallen
Matthew E. Luallen is a well-respected information professional, researcher, instructor and author. Mr. Luallen serves as the President and Principal Consultant of Sph3r3, LLC., a strategic and practical educational and consulting company. With Sph3r3 Mr. Luallen consults with both governmental and commercial sectors including a multi-client base of corporations, public utilities, financial institutions, law enforcement and healthcare organizations. He has provided assistance and architectural support for many information security projects including integrating
compliance requirements associated with SOX, HIPAA and the NERC CIP standard. Recent endeavors include architecting and integrating protective controls for financial market transactions, virtualized environments and SCADA systems. Prior to incorporating Sph3r3, Mr. Luallen provided strategic guidance for Argonne National Laboratory, U.S. Department of Energy, within the Information Architecture and Cyber Security Program Office. In an effort to promote education and collaboration in information security Mr. Luallen is an instructor and faculty at several institutions. Mr. Luallen is adjunct faculty for DePaul University instructing the Computer Information and
Network Security Masters degree capstone course. He is also a certified instructor and CCIE for Cisco Systems instructing security technologies such as firewalls, intrusion prevention, virtual private networks and general
secure information architecture. As a certified instructor for the SANS Institute Mr. Luallen teaches infrastructure architecture, wireless security, web application security, regulatory and standards compliance, and security essentials. Mr. Luallen is a graduate of National Technological University with a Master's Degree in Computer Science, Mr. Luallen also holds a Bachelor of Science degree in Industrial Engineering from the University of Illinois, Urbana.
James Manico
Jim is the VP of Software Engineering for CodeMagi Inc., a service firm specializing in cutting edge web application development. Jim brings ten years of web-based database-driven software development and analysis experience to client engagements. CodeMagi Inc. has recently provided service for SUN Microsystems, Fox Media, the Golden State Warriors and Architecture for Humanity. In addition, Jim has expertise working with a wide variety of technologies including web-based development with J2EE, thick-client and applet-based Java applications, hybrid applications using Java, C++ and Flash, web-based PHP applications using Drupal 4.7, rich-media web applications using advanced Ajax techniques, and Database technology using Oracle, MySQL and Postgres. Jim's office is located on the beautiful island of Kauai, HI and hosts a bi-weekly call-in computer talk radio show for KKCR, Kauai's community radio station. Jim previously served as the Director of Vendor Relations with the SANS Institute. Jim often volunteers his time fixing and tuning his neighbors computers, the only cost to them is being lectured at regarding the importance of backup and security.
Michael Murr
Michael has been a forensic analyst with Code-X Technologies for over five years, has conducted numerous investigations and computer forensic examinations, and has performed specialized research and development. Michael has taught SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling), SANS Security 508 (Computer Forensics, Investigation, and Response), and SANS Security 601 (Reverse-Engineering Malware); has led SANS@Home courses; and is a member of the GIAC Advisory Board. Currently, Michael is working on an open-source framework for developing digital forensics applications. Michael holds the GCIH, GCFA, and GREM certifications and has a degree in computer science from California State University at Channel Islands. Michael also blogs about Digital forensics on his Forensic Computing blog.
Stephen Northcutt
Stephen Northcutt founded the GIAC certification and currently serves as president of the SANS Technology Institute, a postgraduate level IT security college (www.sans.edu). Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.
Since 2007 Stephen has conducted over 34 in-depth interviews with leaders in the security industry, from CEOs of security product companies to the most well-known practitioners in order to research the competencies required to be a successful leader in the security field. He maintains the SANS Leadership Laboratory, where research on these competencies is posted as well as SANS Security Musings. He is the lead author for Execubytes, a monthly newsletter that covers both technical and pragmatic information for security managers. He leads the Management 512 Alumni forum, where hundreds of security managers post questions. He is the lead author/instructor for Management 512: SANS Security Leadership Essentials for Managers, a prep course for the GSLC certification that meets all levels of requirements for DoD Security Managers per DoD 8570, and he also is the lead author/instructor for Management 421: SANS Leadership and Management Competencies. Stephen also blogs at the SANS Security Leadership blog.
Hal Pomeranz
Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than fifteen years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. He is the Technical Editor for SysAdmin Magazine and was the recipient of the 2001 SAGE Outstanding Achievement award for his teaching and leadership in the field of System Administration. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming. Hal also blogs about command line tips on a regular basis.
Mike Poor
Mike is a founder and senior security analyst for the DC firm InGuardians LLC. In his recent past life he has worked for Sourcefire as a research engineer and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and Web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress and is a handler for the Internet Storm Center.
David Rice
David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.
Marcus Sachs
Marcus Sachs serves as Executive Director of Government Affairs for National Security Policy at Verizon in Washington, D.C. Prior to joining Verizon in August 2007, he was the deputy director of SRI International's Computer Science Laboratory. Marcus has served as the director of the SANS Internet Storm Center since 2003, and is an internationally recognized computer security expert. He brings over 26 years of professional experience to SANS including 20 years of active military service as an officer in the United States Army and two years of national cyberspace security policy development as a Presidential appointee to the National Security Council staff in the George W. Bush administration. Marcus was the first cyber security official assigned to the Department of Homeland Security in 2003 where he developed the initial concept and strategy for the creation of the United States Computer Emergency Response Team. He was also a founding member of the Defense Department's Joint Task Force for Computer Network Defense, created in 1998 as the first US military organization designed to fight foreign threats in cyberspace. A graduate of the US Army Command and General Staff College, Marcus also holds a Masters degree in Computer Science with a concentration in Information Security, a Masters degree in Science and Technology Commercialization, and a Bachelor of Civil Engineering degree. He is currently pursuing a Ph.D. in Public Policy with a concentration in Science and Technology. Marcus is a licensed Professional Engineer in the Commonwealth of Virginia.
Richard Salgado
Richard P. Salgado serves as Google's senior counsel for worldwide law enforcement and information security matters. Previously Mr. Salgado was with Yahoo! Inc., where he focused on international privacy, security, and law enforcement compliance issues as a senior legal director. Mr. Salgado also served as senior counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code, and other technology-driven privacy crimes. Mr. Salgado regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence, and related criminal conduct. Mr. Salgado is a lecturer in law at Stanford Law School, where he teaches a computer crime seminar and an Internet business law and policy class; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School and as a faculty member of the National Judicial College. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his JD from Yale Law School.
Glen Sharlun
Glen started his career in the literal trenches as a leader of Marines and has since transitioned that ethos to the 'trenches' of enterprise network and security operations. Having experience building a policy, consulting and audit practice, leading the global monitoring, response and forensic team, establishing an active audit (Red Team) capability, Glen finished this career as Commanding Officer (CISO), Network Defense, U.S. Marine Corps. Glen is currently the Vice President of Customer Success at ArcSight, focused on delivering the best-practices in people, process and technologies of ArcSight's network management and security operations solutions, to its customers. Glen is a graduate of the U.S. Naval Academy and the Naval Postgraduate School (MS, Information Systems Management) and has attained & instructed numerous certifications from ISC2, SANS and the National Security Agency.
James Shewmaker
James has over 15 years' experience in IT. He is a SANS certified instructor and is one of the first certified GSE-Malware experts. He graduated with a BS in computer science from the University of Idaho. James is a founder and active consultant for Bluenotch Corporation, which focuses on investigations, penetration testing, and analysis. He develops applications and appliances for broadcast radio, Internet, and satellite devices. James also contributes to the FreeBSD project and is a port maintainer. He presents at various security and IT conferences, is a courseware contributor, and is actively involved in the COINS program.
Ed Skoudis
Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries.
Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips.
James Tarala
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.
Dave Wichers
David Wichers is the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. Mr. Wichers has over seventeen years of experience in the information security field, in areas such as application security, security architectures, secure designs, security policies, database security, multilevel security, system and software development, and security testing.
He has supported the design and development of enterprise web applications, trusted operating systems, trusted databases, multilevel secure guards, and large integrated systems for a wide variety of Commercial and Government customers. He previously ran the Application Security Services Group at Exodus Communications. Mr. Wichers has a BSE in Computer Systems Engineering from Arizona State University and a Masters degree in Computer Science from the University of California at Davis. Mr. Wichers is a CISSP and a CISM, is currently the OWASP Conferences Chair (www.owasp.org), and is a coauthor of the OWASP Top Ten.
Adam Winnington
Adam is a Security Consultant for Toronto based network security firm Access 2 Networks. He helps his clients implement secure solutions that the solve problems they have in their environments. He has worked with computer networking and security for the last 15 years in large and small environments helping clients manage their infrastructure and their problems.
Adam received his Masters of Science in Information Technology from the University of Liverpool; he is an instructor for Check Point, Iron Port, and Nokia. Adam has trained hundreds of individuals in the last 7 years and has developed courseware to replace or augment the documentation provided by vendors.
Joshua Wright
Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to significantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics. He also blogs about ethical hacking tips.
Benjamin Wright
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 24 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular blog at http://legal-beagle.typepad.com.
Lenny Zeltser
Lenny Zeltser leads the security consulting practice at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.
Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.