Speakers « Security BSides Rochester – April 6th 2013

Speakers

James Arlen

James Arlen, sometimes known as Myrcurial, is a security consultant usually found in tall buildings wearing a suit, founder of the Think|Haus hackerspace, contributing analyst for Securosis, columnist at Liquidmatrix Security Digest,  Infosec geek, hacker, social activist, author, speaker, and parent. He’s been at this security game for more than 19 years and loves blinky lights and shiny things.

 


 

Corey Benninger

Corey Benninger is a really old dude. He was upset about not getting senior citizen discounts to ride the subway, so he hacked that shit up. When he’s not busy talking about how awesome Perl still is, he has been known to perform mobile application pentests for money. Last year he was tricked into coming to Rochester for the amazing poutine truck, but now returns to pet the flying sharks and stock up on hand-cuffs.

 


 

James Edge

James Edge is an information security professional with ten years of information technology and security experience. James became an independent contractor in 2010 to bring his six years of State government experience as a security auditor and penetration tester to the private sector. James played a primary role in the successful information security assessments and penetration tests of the agencies and universities that manage the education, finances, human resources, transportation, and information technology for the states of Georgia and New York.
Outside of work, James is actively involved in the Atlanta chapter of the Information Systems Audit and Control Association (ISACA). James has been a guest speaker for the ISACA Atlanta and Hudson Valley chapters, the National Association of State Auditors, Comptrollers, and Treasurers (NASACT), and the State University of New York (SUNY). The range of presented topics include: password security, account management, and wireless security. He also has been a guest lecturer for the Kennesaw State University Computer Science and Information Systems (CSIS) department and assisted in the Southeast Collegiate Cyber Defense Competition on behalf of the University.

 


 

Sherif Koussa

Sherif comes from a software development background where he designed, implemented and led software teams for 9 years. His journey with application security started back in 2006 where he kicked off the OWASP Chapter in Ottawa, followed by leading a major release for WebGoat v5.0 by adding over 12 new lessons. In addition, Sherif helped SANS\GIAC kick off the GSSP-NET and GSSP-JAVA exams. He is also leading the Static Code Analysis Evaluation Criteria (SATEC) project by WASC.

Sherif works now as Principal Application Security at Software Secured where he performs source code driven security assessments for major financial institutions, healthcare organizations and startups.

 


 

Max Sobell

Max is a senior consultant at Intrepidus Group. Along with traditional security assessments, Max frequently reviews pre-release embedded devices to ensure both hardware and software meet industry best practices. He has done extensive hardware security research, notably in the fields of RFID, NFC, and Bluetooth. He has spoken at security events including local conferences, CanSecWest, ShmooCon, SecTor, and OWASP. Max is a licensed HAM operator and contributes chapters to several best-selling Linux reference books.

 


 

Kirk Swidowski

Kirk Swidowski is a Security Researcher, with a Master’s degree in Computer Science. His expertise includes: Virtualization (x86 [Intel-VT/AMD- V] and ARM), Trusted Computing Technologies (Intel TXT, ARM TrustZone and TPM), Boot Technologies and Computer Architecture.

Prior work involves the design and construction of multiple custom thin-hyper- / thin-micro- visors for ARM and x86 which provide the foundation for advanced dynamic analysis of hardware peripherals, user/kernel software and the creation of new security capabilities. Hardware experience includes: FPGA development, hot-air reflow and soldering of surface mount ICs and the construction of custom tools, such as SPI/I2C flash chip programmers. He led research which resulted in the discovery of a new AES flow interception attack that undermines the Intel AES-NI instruction set extension. He has also designed and developed multiple commercialized mobile applications, one of which was published in “A Windows Mobile Wish List”, Smartphone & Pocket PC Magazine.

 


 

Tyler Wrightson

Tyler, CISSP, CCSP, MCSE, Alphabet Soup, is the Principal Security Strategist for GreyCastle Security where he runs the service deliver team. Tyler has over 12 years experience in the information security field, and has been passionate about information security even longer. He is the co-winner of the first Derbycon Capture The Flag challenge. He has been a speaker at many events including Derbycon, ISSA, ISACA, ASIS, among others.