Richard P. Salgado is a Senior Legal Director with Yahoo! Inc., where he focuses on international privacy, security and law enforcement compliance matters. Prior to joining Yahoo!, Mr. Salgado served as Senior Counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code and other technology-driven privacy crimes. Mr. Salgado also regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence and related criminal conduct. Mr. Salgado is a lecturer in law at Stanford Law School, where he teaches a Computer Crime seminar; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School, and as a faculty member of the National Judicial College. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his J.D. from Yale Law School.
Robert Seacord
Robert C. Seacord leads the Secure Coding Initiative at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. The CERT/CC, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and the Information Networking Institute and is a part-time faculty member at the University of Pittsburgh. An eclectic technologist, Robert is author of four books, The CERT C Secure Coding Standard (Addison-Wesley, 2008), Secure Coding in C and C++ (Addison-Wesley, 2005), Building Systems from Commercial Components (Addison-Wesley, 2002), and Modernizing Legacy Systems (Addison-Wesley, 2003), as well as more than 40 papers on software security, component-based software engineering, Web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He represents Carnegie Mellon at PL22.11 (ANSI “C”) and is a technical expert for the JTC1/SC22/WG14 international standardization working group for the C programming language.
Dave Shackleford
Dave Shackleford, Director of Configuresoft's Center for Policy & Compliance, is a course and exam author for the SANS Institute, where he also serves as a GIAC Technical Director. He is the co-author of Hands-On Information Security from Course Technology, as well as the “Managing Incident Response” chapter in the Course Technology book, Readings and Cases in the Management of Information Security.
Previously, he worked as CTO for the Center for Internet Security, as well as for a security consulting firm in Atlanta. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies. He has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture and engineering. His specialties include incident handling and response, intrusion detection and traffic analysis, and vulnerability assessment and penetration testing.
Glen Sharlun
Glen started his career in the literal trenches as a leader of Marines and has since transitioned that ethos to the 'trenches' of enterprise network and security operations. Having experience building a policy, consulting and audit practice, leading the global monitoring, response and forensic team, establishing an active audit (Red Team) capability, Glen finished this career as Commanding Officer (CISO), Network Defense, U.S. Marine Corps. Glen is currently the Vice President of Customer Success at ArcSight, focused on delivering the best-practices in people, process and technologies of ArcSight's network management and security operations solutions, to its customers. Glen is a graduate of the U.S. Naval Academy and the Naval Postgraduate School (MS, Information Systems Management) and has attained & instructed numerous certifications from ISC2, SANS and the National Security Agency.
Ed Skoudis
Ed Skoudis is a co-founder and Senior Security Analyst with InGuardians, a Washington DC based information security consulting firm. Ed teaches SANS Security 504, "Hacker Techniques, Exploits and Incident Handling," and 517, "Cutting Edge Hacking Techniques," on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, provided detailed expert witness services in cases involving major credit card theft, and responded to computer attacks for clients in the financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the books Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004, 2005, and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).
Rick Smith
Rick Smith is a Senior System Security Engineer working in SAIC's Common Criteria and Cryptographic Module Testing Laboratories. He also provides information security consulting services to Department of Defense and civilian government agencies. Rick holds the GIAC Security Expert certification and several other GIAC certifications including GSNA and GCFA. His other IT certifications include CISSP, ISSEP, CISA and, MCSE+I. Rick has been active within the SANS community, he serves as: a member of the GIAC Advisory Board and as an instructor in the Community SANS and SANS Stay Sharp Programs. Rick is currently pursuing a Masters of Information Security Engineering degree from The SANS Technology Institute (STI).
James Tarala
James Tarala is a principal consultant with Enclave Hosting, LLC and is based out of Venice, FL. He is a regular speaker and senior instructor with the SANS Institute, as well as a courseware author and editor for many of their auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.
Dr. Johannes Ullrich, Ph.D.
As Chief Research Officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville FL.
Dave Wichers
David Wichers is the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. Mr. Wichers has over seventeen years of experience in the information security field, in areas such as application security, security architectures, secure designs, security policies, database security, multilevel security, system and software development, and security testing.
He has supported the design and development of enterprise web applications, trusted operating systems, trusted databases, multilevel secure guards, and large integrated systems for a wide variety of Commercial and Government customers. He previously ran the Application Security Services Group at Exodus Communications. Mr. Wichers has a BSE in Computer Systems Engineering from Arizona State University and a Masters degree in Computer Science from the University of California at Davis. Mr. Wichers is a CISSP and a CISM, is currently the OWASP Conferences Chair (www.owasp.org), and is a coauthor of the OWASP Top Ten.
Jeff Williams
Mr. Williams is a founder and the CEO of Aspect Security, a services company that specializes in application security for both commercial and government clients. Mr. Williams has over fifteen years of experience in the information security field in areas such as application security, network security, assurance, multilevel security, secure engineering process, trusted product evaluations, cyberlaw, policy, risk management, and compliance. He has been focusing exclusively on application security for the past seven years. Mr. Williams is also the chair of the OWASP Foundation, which is an international open source organization focused on providing professional quality documentation, tools, and guidance to the web application development and security community. As a member of OWASP , Mr. Williams conceived of and was the coauthor of the OWASP Top Ten, which documents the ten most common vulnerabilities in web applications today. The OWASP Top Ten is now the defacto industry standard for security in web applications. Mr. Williams also leads the OWASP legal project. Prior to founding Aspect, Mr. Williams was responsible for creating security services and supporting a worldwide staff of security engineers at Exodus Communications. At Exodus, he worked closely with the healthcare, financial, and insurance industries to create HIPAA , GLBA , and cyber insurance security products and services. Mr. Williams is an expert in Java security and has led several advanced research and development projects in that area. Mr. Williams also chaired the group responsible for creating ISO 21827, the Systems Security Engineering Capability.
Joshua Wright
Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government
organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior
to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to significantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics.
Benjamin Wright
Ben, recognized the world over as one of the leading lawyers in e-commerce, is the founding author of
The Law of Electronic Commerce, a comprehensive book on the legality of electronic transactions and computerized business records. Since 1988, Wright has delivered over 500 speeches on e-commerce, privacy, records management, and computer security and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005.
Lenny Zeltser
Lenny Zeltser leads the New York security consulting team at SAVVIS, a premier provider of IT infrastructure and hosting services. He is also a member of the Board of Directors at SANS Technology Institute, a senior faculty member at SANS, and an incident handler at the Internet Storm Center. Lenny co-authored a number of books, including
Inside Network Perimeter Security and
Malware: Fighting Malicious Code. He also contributed articles to publications such as the
Information Security magazine, and presented to IT executives at conferences and private summits. In addition to holding the CISSP certification, Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. More information about Lenny's projects and interests is available at
http://www.zeltser.com.