Those who fill the silence...
We would like to humbly thank all of our speakers, who are listed below. Without their time and effort this conference would not have been possible.
If you are interested in speaking at InfoSec Southwest, please see our Call for Papers.
Hacker in Residence, NYU-Poly
In the Spring 2012 semester, the NYU-Poly Computer Science and Engineering department established a program for Hackers in Residence. In this program, recognized industry experts are invited to the university to enhance student academics, oversee and direct research initiatives, and expand collaboration with outside industry groups. As a charter member they invited long-time collaborator Dan Guido of Trail of Bits, a local information security startup, to coordinate these initiatives for the university.
Since 2009, Dan Guido has taught a class in Penetration Testing and Vulnerability Analysis, which teaches students the fundamental technical skills required to identify, analyze, and exploit software vulnerabilities. Since that time, this course has become internationally recognized as one of the most rigorous and up-to-date university courses covering this topic and parts of the material has been incorporated into courses at other universities and into onboarding programs at security firms around the US. Alumni from the course have discovered and fixed vulnerabilities in major commercial software, released open-source security tools, and have spoken at major security conferences like Black Hat USA. After years of running this course, it has established NYU-Poly as a center of gravity among security professionals in NYC.
In order to achieve these results, this course departs from standard academic practice and is designed to be taught by a consortium of local security professionals, each of whom specialize in a fundamental area of knowledge covered by the class. Students receive a wide range of viewpoints and experience from practicing experts, each of whom works in the local area at a company looking for additional talent. As proof of the effectiveness of this method, every boutique security firm in NYC counts at least one graduate from NYU-Poly among their ranks.
Aditya K. Sood
Aditya K Sood is a senior security consultant at IOActive and PhD candidate at Michigan State University. He has already worked in the security domain for Armorize, COSEINC and KPMG. His interest includes penetration testing, web app security and malware analysis. He has been an active speaker at industry conferences like DEFCON, HackInTheBox, LayerOne, Source, RSA , BruCon, ToorCon, HackerHalted, TRISC , EuSecwest, XCON, Troopers, OWASP AppSec, US-CERT GFIRST and many others. He has authored several papers for various magazines including IEEE, Elsevier, Crosstalk, Virus Bulletin, Usenix, ISACA, ISSA and HITB.
Peck is a Research Scientist at Barracuda Labs at Barracuda Networks. He's interested in studying the security implications of and malicious messaging on social networks, and industrial control systems, and reverse engineering. He has a Bachelors of Science in Computer Science from the Georgia Institute of Technology.
Dennis Schwarz is a security research analyst with Arbor Networks' ASERT. He spends most of his time in IDA Pro looking at malware. He was previously with SecureWorks where he was an intrusion analyst in their Security Operations Center.
Dr. William J. (Joe) Adams
Dr. Adams recently joined Merit Network, Inc. after a 26-year career in the US Army. During his time in as a Signal Corps officer, he served as an Associate Professor and Senior Research Scientist at the US Military Academy and, most recently, as the Chief Information Officer of the National Defense University. He retired as a Colonel and came to work for Merit as the Executive Director of Research and Cyber Security, developing the Michigan Cyber Range and expanding Merit.s network research program. He has a Ph.D. in computer engineering from Virginia Polytechnic Institute and State University (Virginia Tech), MSc degrees from the Army War College and University of Arkansas as well as a BSc in computer engineering from Syracuse University.
HD is the founder of the Metasploit project and currently serves as chief research officer for Rapid7.
Jason Jones is a security research analyst with Arbor Networks' ASERT. He spends most of his time reverse engineering malware and data-mining malware reports from the ASERT malware corral. He was previously with TippingPoint DVLabs where he dealt with IP reputation and analysis of network traffic generated by malware.
Jay McAllister is a senior cyber intelligence analyst at the SEI Innovation Center at Carnegie Mellon University. He researches and prototypes efforts aimed at developing and refining cyber intelligence methodologies, technologies, and processes to benefit the private and public sectors. Prior to joining the SEI Innovation Center, Jay spent six years in strategic, investigative, and operational counterintelligence and counterterrorism analysis for the Naval Criminal Investigative Service (NCIS)
Joshua "Kernelsmith" Smith
Joshua Smith is a Senior Security Researcher at NSS Labs, responsible for developing content for various tests and specializes in exploit and evasion development and test automation. Previously, Smith worked at the Johns Hopkins University Applied Physics Laboratory where he managed test labs and performed penetration testing, vulnerability discovery, and intrusion analysis. He was also a guest lecturer for the JHU graduate ethical hacking course. During his 10 years in the military, Smith had varying experiences including pentesting for 3 years, operational command and control of nuclear ICBMs, and briefing 3-star generals. He is currently a Ruby junkie and active contributor and Open Source Issue Manager for the Metasploit Framework. Smith has a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute, an M.A. in Management of Information Systems from the University of Great Falls and some infosec certs. He has also written magazine articles and spoken at conferences such as Source Barcelona.
Marc Eisenbarth is the Manager of Research for Arbor Security Engineering and Response Team (ASERT) where he leads the premiere distributed denial-of-service (DDoS) research team in the world. Much of Marc's current research centers around mining patterns and relationships among internal hosts and external threats, analyzing and leveraging domain name system (DNS) data, and applying "big data" principles to the computer security domain. Prior to joining Arbor Networks, he was a researcher at the HP Labs Cloud and Security Lab, Architect of Hewlett-Packard TippingPoint Intrusion Prevention System product and before that worked at a United States defense contractor. He holds an advanced degree from Columbia University in Computer Science.
Marcus J. Carey
Marcus J. Carey is an information security veteran who has worked at the National Security Agency (NSA), Defense Intelligence Agency (DIA), and Defense Advanced Research Projects Agency (DARPA). Marcus has been a speaker at DEF CON, Blackhat, DoD Cyber Crime Conference, GFIRST, and several other security industry events. Marcus has a M.S. in Network Security and several security industry certifications.
Mirek is currently the Director of Attack Research at a small startup. Mirek has a Bachelor's of Science in Computer Engineering from Rochester Institute of Technology. After college Mirek received a commission to the US Air Force where he served on the AFCERT.s Incident Response Team. At the AFCERT Mirek was responsible for handling countless intrusions and managing Intrusion Detection systems. Upon leaving the Air Force, Mirek has had a storied career conducting offensive and defensive research.
Neil "nemo" Archibald
nemo is a security researcher from Austin, TX. He has a strong interest in vulnerability research and software security. Over the years he has worked on a variety of projects, mostly focused around Mac OS X exploitation and system internals. He has published a collection of papers relating to offensive security and worked on several books.
Richard Johnson is a computer security specialist who spends his time playing in the realm of software vulnerability analysis. Richard currently fills the role of Principal Research Engineer on Sourcefire's Vulnerability Research Team, offering over 10 years of expertise in the software security industry. Current responsibilities include research on exploitation technologies and automation of the vulnerability triage and discovery process. Past areas of research include memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering and has presented at dozens of conferences worldwide since 2004. Richard is also a co- founder of the Uninformed Journal and a long time resident of the Hick.org ranch.
Rick Redman has been testing web application security and a penetration tester since 1999. He founded and runs the DEFCON password cracking contest "Crack Me If You Can." He started out by running a BBS in the early 1993 and selling UUCP based Internet from a 486dx33. After graduating from Purdue's COAST/CERIAS program in the 90s under 'spaf' he hit the ground running being a penetration tester by working on projects such as Sandia National Lab's "Tiger Team." Rick made the rounds in 2010-2012 giving talks about advanced password cracking, including being on the closing panel at ShmooCON.
Rick works for KoreLogic as a Senior Security Consultant doing "by hand" penetration tests for large corporate environments.
Troy Townsend is a senior cyber intelligence analyst at the SEI Innovation Center at Carnegie Mellon University. He researches and prototypes efforts aimed at developing and refining cyber intelligence methodologies, technologies, and processes to benefit the private and public sectors. Troy spent three years doing strategic, all-source cyber threat analysis for the Defense Intelligence Agency, including a year with U.S. Cyber Command's J2 intelligence branch, and eight years as a cyber operations officer in the Air Force.
UT Austin Information Security Office
Charlie Scott, Cam Beasley, John Gordon, Alek Amrani, Josh Harper
The mission of the UT Austin Information Security Office (ISO) is to assure the security of the university's Information Technology (IT) resources and the existence of a safe computing environment in which the university community can teach, learn, and conduct research. To that end, it watches UT.s network for attacks and compromised systems and attacks UT.s own systems to find vulnerabilities. The ISO has decades of combined information security experience and is comprised of team members with expertise in vulnerability testing, physical security, incident response, reverse engineering, forensics, software development, and enterprise networks and systems. Several ISO staff members are also active in the Austin information security community. More than anything, they try to live up to their motto: Securus // Vigilare // Insanus