Register!

Speaker Bios

 

BREAKING GROUND


Dan Cornell

Dan Cornell has over twelve years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization's technology team overseeing methodology development and project execution for Denim Group's customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies.


DC949

DC-949 was founded at some point in 2004, and has slowly amassed members of like minded and passionate hackers. Although group attendance rises and falls, some of the core members are Dr. Adam Nichols, Adrian, C-P, Frank^2, Jeffball, Savant, Sintax Error, and Vyrus. In addition to previously running the oCTF contest at DefCon, and the Barcode Shmarcode contest at Shmoocon, DC-949 members have given talks at numerous conferences including LayerOne, Outerz0ne, Thotcon, and DefCon. They have also released several proof of concept applications including Skynet, TwatFS, and Floodgate.


Jack Daniel

Jack Daniel, Technical Product Manager for Tenable Network Security, has over 20 years experience in network and system administration and security, and has held a variety of practitioner and management positions. A technology community activist, he supports several information security and technology organizations and is a co-founder of Security BSides.


Terry Gold

Terry has spent the last 10 years specializing in large scale fortune 1000 implementations of digital identity management, authentication, and access management. He has consulted and strategized on deploying PKI and smart cards for some of the largest companies in the world. Currently, he works independently to help organizations identify their vulnerabilities in these areas, gain operational efficiencies around solutons to address them, and migrate away from insecure building access credentials to high security open standards to become vendor-neutral.


Andrew Hay

CloudPassage Chief Evangelist


Matt Johansen

WhiteHat Security Threat Research Manager


Gillis Jones

The Jolly Green Giant of information security, Gillis hails from southern Alabama and currently makes his home in California. Employed at WhiteHat Security in Santa Clara as an Application Security Engineer, He is way too easily amused by insufficient authentication on admin portals and enjoys trudging his way through the most difficult problems in security.


James Lester

As a Senior Security Consultant at IOActive, James Lester works with platinumlevel clients on network and application penetration tests, PCI compliance, and general consulting engagements. Before joining the IOActive team with the goal of taking his talents to the next level, he was a Senior Security Analyst with the McAfee Corporation. Passionate about Internet security and privacy, James enjoys designing new procedures and methods to Identify, test, secure, and mitigate compromised and high-risk websites. He has previously been a featured speaker at many local security chapter roundups and events.


Christopher Lytle

Chris 't0ph' Lytle is a researcher at Veracode. His likes include robots, firearms, classical cryptography, used books, and cheap sushi. His dislikes include piña coladas, Freescale MCUs, and writing about himself.


Spencer McIntyre

Spencer McIntyre is a security consultant at SecureState where he focuses on penetration testing and tool development. He spends most of his free time focusing on his primary interests of vulnerability research and exploit development.


HD Moore

HD is CSO of Rapid7 and Chief Architect of Metasploit, a popular video game designed to simulate network attacks against a fictitious globally connect network dubbed "the internet".


Raphael Mudge

Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic. His work has appeared in Hakin9, USENIX ;login:, Dr. Dobb's Journal, on the cover of the Linux Journal, and the Fox sitcom Breaking In. Raphael regularly speaks on security topics and provides red team support to many cyber defense competitions.


Brendan O'Connor

Brendan is a geek of many trades: violin, ham radio, civil rights, and privacy. After growing up in Montana and finishing two degrees at Johns Hopkins, he did DARPA research for a time in Arlington, VA, before leaving to found his own consultancy, Malice Afterthought - a security research group which recently completed a DARPA Cyber Fast Track contract. After spending six months teaching information warfare for the DoD in 2011, he decided to attend law school at the University of Wisconsin in Madison; he is between his first and second years. He lives and works in Madison, WI with his two cats, Lysistrata and Deus Ex Machina.


Davi Ottenheimer

Davi Ottenheimer, President of flyingpenguin, has more than seventeen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of the book "Securing the Virtual Environment: How to Defend the Enterprise Against Attack," published in May 2012 by Wiley.


Parth Patel

Parth holds a Masters in Networking & Security from San Jose State University in 2008, and ever since has been working in the field of Security with companies in SF Bay Area. He designed and developed the Secure Tap Transfer Protocol while working with Ricoh Innovation Inc. - California Research Lab, which allows handheld devices to establish a secure communication. Parth also worked with Connexed Inc to harden the security of their Surveillance Camera infrastructure. For the past 3 years working with Qualys Inc., Parth has been in charge of the release cycles, QA process and infrastructure of the Vulnerability Management product. His major focus there has been to build Automation tools to enhance the infrastructure, expand the product and take it to the next level. His most recent interest involves making a contribution in the field of Android Security through Automation. Parth is also very passionate about tennis, cars, movies, food, wine and debates.


Robert Rowley

Robert Rowley is a security architect for a shared and virtual hosting provider for approximately over one million websites and hundreds of thousands of customers. This unique environment requires providing increased security for an extremely broad range of websites and customers, and provides an ample range of attacks which our team addresses every day, and have compiled this information into the working piece being presented at this conference.


Josh Sokol

Josh Sokol, CISSP graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments.In his current role, Josh manages all compliance, security architecture, risk management, and vulnerability management activies for NI. Josh currently serves as the Chair of the OWASP Global Chapters Committee and is very active in the Austin security community. He holds a CISSP certification and has spoken on dozens of security topics including the much hyped "HTTPS Can Byte Me" talk at BlackHat 2010.


Joseph Tartaro

Joseph Tartaro is an experienced Security Consultant at IOActive, where he proves his talents working with platinum-level clients on network and application penetration tests and PCI compliance. Joseph is highly experienced with wireless security practices, passionate about hardware hacking, programming, fuzzing, risk engineering, and all manner of exploitations. As a member of telephreak, he helps manage a VoIP PBX system for free public conferencing and communication. In his off-time, he enjoys working on emulations and ROM hacking of retro-video games.


Matt Weeks

Matt Weeks has performed research in mathematics in chaos and cryptology, and focuses on information security. He enjoys finding ways to break application security, writing shellcode, and creating post-exploitation techniques. Also known as scriptjunkie, he has developed for the Metasploit framework, wrote the sessionthief MITM tool, has spoken at conferences such as DEFCON and Black Hat, and broke a cryptosystem based on chaos theory. He runs the site http://www.scriptjunkie.us/

 

PROVING GROUND


Shawn Asmus

Shawn Asmus has more than 20 years of experience as a software and web application developer and over 12 years of experience in information security. An application security consultant with FishNet Security, he currently performs security assessments of various types, including runtime and source code analysis of websites, web services, and mobile applications. He also assists with the development of security training materials and has been recognized for his poetic contributions to securityhaiku.com.< br /> Professionally, Shawn enjoys working with development teams that understand fundamental and advanced concepts of application security, who consistently produce self-defending software, and who properly implement security controls and principles like defense-in-depth and least privilege. For everyone else, which is pretty much the majority, he also enjoys helping them along the path of enlightenment


Jason Ding

Dr. Zejin Jason Ding is a research scientist at Barracuda Labs since May 2011. He is interested in applying machine learning methods to solve network security problems, including spam detection, automatic URL/domain classification, malware prevention, etc. He is also interested in analyzing data from online social networking area. He recently conducted study on Fake profiles vs. Real users on Facebook in Feb. 2012, drawing huge attentions from dozens of news agencies including Mashable, Information Week, Threatpost, etc. Prior to joining Barracuda, Zejin earned his Ph.D and M.S. in computer science from Georgia State University in May 2011 and May 2009, respectively. His research interests were including machine learning, data mining, computational intelligence, and bioinformatics.


Michael Fornal

Michael Fornal is a Security Analyst for Providence Health and Services in Seattle. Prior to his work in Information security, he worked for six years as a Web Producer at the Mark Travel Corporation in Milwaukee, WI where he provided front and back-end design support for Mark Travel’s various clients. Currently, Michael is working on finishing his bachelor degree in Information Security and Computer Forensics at Kaplan University. His focuses are risk management and web application security. He is the author of the security blog "Fighting In Security" (http://fightinginsecurity.wordpress.com). Michael is a member of the Puget Sound ISSA organization and former president of the Racine, WI AITP chapter. In his off time Michael enjoys spending time with his family and playing golf.
Follow Michael on Twitter: @fornalm
Or check out his security blog Fighting In Security (http://fightinginsecurity.wordpress.com)


David Keene

Dave is the CSO for Texas Association of Counties and is tasked with securing the association as well as assisting in training Texas County elected officials in the art of securing their environments. Dave’s background is heavy in Microsoft and VMware technologies. Dave has been in the security field for over 8 years with particular interests in physical security and social engineering. Dave continues to work on his dream of one day being a full time security researcher. Dave lives in Austin and wishes for cooler weather 8 months of the year.


Kristov Widak

Kristov Widak has been a security consultant and researcher for the last 4 years. During this period, he has performed research and worked in a variety of areas including application security, malware forensics, static and instrumented runtime code scanning technologies, and system security certification.
Currently he works as a full-time consultant for FishNet Security in the Application Security practice, where he performs a variety of assessment services including code reviews, application penetration tests, and mobile application reviews. In addition, he trains other team members in AppSec assessment methodologies.


Walt Williams

Walt has done everything from PKI, meta directory, LDAP, IAM, vulnerability assessment, penetration testing, risk analysis, security architecture and design, business continuity, disaster recovery, and incident response. He currently manages security and compliance for a big data analytics company.


Phil Young

Phil Young has been a security enthusiast for over 15 years. He currently works as an IT security auditor (which he has been doing for 8 years at many fortune 500 companies) and has seen all kinds of mistakes. Ever since the movie TRON he's been fascinated with mainframes but his poor Canadian upbringing meant the closest he could get to one was through Datapac. Through sheer luck and determination he has enjoyed working with financial institutions, government, universities and technology companies in reviewing their mainframes and pointing out security weaknesses. In his spare time he enjoys trying to setup and tearing down lab mainframe instances.


Chris Campbell

Chris (@obscuresec) has worked for Northrop Grumman as a full-scope penetration tester for several years. He holds many industry certifications and a Master of Science in IA from Capitol College. Chris served over ten years in the Army with most of that time as a Signal Officer.


Sean Cordero

Sean Cordero is the founder of Cloud Watchmen Inc., an information security consulting company focused on solving root cause IT security and compliance issues that plague businesses. Sean is the former CSO for EdFund, the nation’s second largest student loan service provider, and has provided his advice and expertise to C-level leaders for billion dollar plus, public and private organizations. Sean is a certified CISSP, RISC, CISM, and CISA. Over the last eleven years Sean has applied his leadership, creativity, and technical skills in roles as a writer, speaker, systems architect, and security consultant for industries including state and federal governments, bio-technology, retail, manufacturing, and financial services.


Alva 'Skip' Duckwall

Skip (@passingthehash) has been using Linux back before there was a 1.0 kernel and has since moved into the information security arena doing anything from computer/network auditing, to vulnerability assessments and penetration testing. Skip currently holds the following certs: GSE, CISSP, CISA, and OSCP, among others. Skip presented at Defcon 19 and will present at the Blackhat Briefings USA 2012 in Las Vegas. Skip currently works for Northrop Grumman as a Sr. Cyber Something or other.


Dave Hull

As a child, Dave Hull was inexplicably drawn to computers. He would often ride his bicycle to the library, checking out books on computer programming, though he didn't have access to one. In high school he learned peeks, pokes, hi-res and Pascal. Since then, he's done dev and dba work, two punishing years of code review and web app pen testing for some of the world's most successful companies. He believes Sam Rayburn had it right, but can't figure out why we continue to celebrate jackasses rather than good carpenters. Maybe there are no good carpenters?


Jimmy Shah

Jimmy Shah is a Mobile Security Researcher specializing in analysis of mobile/embedded threats on existing platforms (J2ME, Symbian, Windows Phone, iOS, Android) and potential mobile malware and spyware. If it's lighter than a car, has a microprocessor, and is likely to be a target it's probably his problem. He has presented on mobile threat research at a number of computer security conferences.


Conrad Constantine

Despite the massive drag factor of his English background, Conrad has managed to overcome his numerous disadvantages to pursue a career in all the distinctly unglamorous aspects of information security. Now obsessed with workflows, user interfaces, and helping the average joe in a managed security center channel their inner powers of Slack into Rockstar-like accolades previously reserved only for pentesters. He now works for Alienvault, on Sexy Defense projects fighting Zombie Workflows..


Georgia Weidman

Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and BSides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security, LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.

 

UNDERGROUND


Ian Amit

Ian Amit is an IOActive Director of Services with over a decade of experience in both hands-on and strategic roles, working fluently in all manner of security-related fields: business, industry, technical, and research. Currently positioned to represent IOActive in the EMEA, Ian brings our customers the benefit of his proven leadership, innovative management style, and established expert media presence while overseeing engagements for technical, financial, and government clients. He speaks publicly on security topics that include the technical and strategic, as well as marketing, strategy, and policies, working at the highest levels of corporate and multi-national engagements.
A skilled researcher, Mr. Amit also has deep technical knowledge around programming, operating systems (particularly Unix and Win32), applications (including most network server applications), databases, and networking/infrastructures. He founded the Tel-Aviv DefCon chapter (DC9723) and also was a founding member of the Penetration Testing Execution Standard (PTES)


Violet Blue

Awarded author, notorious columnist, CNET, ZDNet, Oprah, web celeb, incendiary device, constant controversy. Sic gorgiamus allos subjectatos nunc.


David Bryan

David has over 10 years of computer security experience, including pentesting, consulting, engineering, and administration. He works as a penetration tester and senior security consultant with Trustwave SpiderLabs. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. In his spare time he runs the local DEFCON group, DC612, is the president of the i Hackerspace ”The Hack Factory”, and participates in the Minneapolis OWASP chapter.


Johnny Cocaine

Johnny Cocaine is the Devil's Advocate, the conscience, and sometimes the Fool of the hacker community.



Hanni Fakhoury

Hanni Fakhoury is a Staff Attorney with the Electronic Frontier Foundation focusing on the intersection of technology and criminal law. Prior to joining EFF, he worked as a federal public defender in San Diego, where he tried numerous jury and bench trials, and argued multiple times before the Ninth Circuit Court of Appeals, winning a published reversal in U.S. v. Sandoval-Gonzalez, 642 F.3d 717 (9th Cir. 2011). He also served as a copy editor for the 2010 edition of Defending a Federal Criminal Case. Hanni is a graduate of UC Berkeley, where he received an honors degree in history, and Pacific McGeorge School of Law, where he was elected to the Order of Barristers for his excellence in written and oral advocacy, and worked at the federal public defender's office in Sacramento, obtaining acquittals in all three of his trials. Hanni is a member of the National Association of Criminal Defense Lawyers. You can follow him on Twitter at @hannifakhoury.


Marcia Hofmann

Marcia Hoffman is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, free expression, and copyright. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC). She is a graduate of Mount Holyoke College and the University of Dayton School of Law. She tweets about law and technology issues at @marciahofmann.


int0x80

int0x80 is the rapper in Dual Core.


Jay James

Jay James is a principal partner at Tactical Intelligence Inc, and is a recovering system administrator and an outspoken critic of the IT audit and compliance procedure. His presentations last year at BSidesLV and ToorCon resulted in an unceremonious firing from LPL Financial because of the subversive subject matter (how IT audit sucks).


Dave Kennedy

Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at BSIDES, Blackhat, Defcon, ShmooCon, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.


Matt Krick "DCFluX"

Matt Krick "DCFluX" is Chief Engineer of New West Broadcasting Systems, Inc., Operators of broadcast stations KGMN-FM, KZKE-FM, KYET-AM and KKAX-LP. He has worked in the field of broadcasting since 1998, specializing in all aspects of broadcast engineering, video editing and electronics.


Shane MacDougall

Shane MacDougall is a principal partner at Tactical Intelligence Inc, and has been active in the computer security industry since 1989. He is an associate editor of PenTest Magazine, and has presented at BlackHat EU, BSidesLV, ToorCon, and LASCON. He holds a Defcon Black Badge for winning the Defcon Social Engineering CTF.


Rodrigo Montoro

Rodrigo "Sp0oKeR" Montoro is certified LPI, RHCE, SnortCP with 13 years experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. At Trustwave, Rodrigo works in the SpiderLabs Research division where he focuses on IDS/IPS Signatures, Modsecurity rules, and new detection research (PDFScore and now working on HTTP Header Research). He is currently coordinator and Snort evangelist for the Brazilian Snort Community and OWASP Brazilian chapter member. Rodrigo has spoken at a number of open source and security conferences (OWASP, Toorcon, H2HC, SecTor, CNASI ) and serves as a coordinator for the creation of new Snort rules, specifically for Brazilian malware.


HD Moore

HD is CSO of Rapid7 and Chief Architect of Metasploit, a popular video game designed to simulate network attacks against a fictitious globally connected network dubbed "the internet".


Kurt Opsahl

Kurt Opsahl is a Senior Staff Attorney with the Electronic Frontier Foundation focusing on civil liberties, free speech and privacy law. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal.


Steve Pordon

Steve Pordon is a security enthusiast who has been making lockpicks since 2008, and has given physical security presentations at BSides Denver (2010) and Defcon Skytalks (2011).


Luiz Eduardo Dos Santos

With 20 years of experience, throughout his career he has worked with possibly all types of networking technologies on the enterprise and service provider sectors and the security involved in these technologies, especially 802.11 WiFi. He has also developed the Incident Response practices at two networking hardware vendors. Luiz is the creator and co-founder of the y0u Sh0t the Sheriff and Silver Bullet security conferences held in Brazil and has worked on the wireless infrastructure of Blackhat, DefCon, Computer Chaos Congress and Shmoocon. As a public speaker, he has addressed numerous top-level conferences including DEF CON, FIRST, H2HC, HitB Malaysia, Layerone, ShmooCon, BlueHat, THOTCON, ToorCon, SecTor, BayThreat and others. Luiz currently holds many certifications in the information security field.


Trevor Timm

Trevor Timm is an activist at the Electronic Frontier Foundation. He specializes in free speech issues and government transparency. Before joining the EFF, Trevor helped the longtime General Counsel of The New York Times, James Goodale, write a book on the First Amendment. He has also worked for the former President of the ACLU and at The New Yorker. He graduated from Northeastern University and has a J.D. from New York Law School. Trevor can be found on Twitter @trevortimm, where he reports on legal news surrounding WikiLeaks, the right to publish classified information, and other freedom of the press issues. He also co-operates the Twitter account @drones, which reports on surveillance drones in the US and the secrecy surrounding military drones around the world.


Ian Vitek

Also listens to the name Vj Q.Alba (will DJ at Defcon XX Sunday Pool Party 22:00-23:00).
183 cm.
85 Kg.
Brown eyes.
Brown hair.
Interested in layer 2 network security (writer of macof). Speaker at Defcon 8, Defcon 10 and Defcon 12. If you approach Ian he probably wants to talk about privilege escalation or web application security.


Ken Westin

Ken Westin is a security researcher and the founder of GadgetTrak which provides theft tracking and data protection tools. His interest in security started with USB based malware, in which he built and researched tools to raise awareness of the risks posed by it, much of which has been included in the CEH training materials. Based on his research he developed methods to track lost/stolen portable media devices, which have been bundled with hardware and embedded in FLIR thermal imaging cameras. He then launched the first theft recovery software for laptops that utilized Wi-Fi positioning and integrated web cameras, followed by a cross-platform mobile app that tracks smartphones and secures data on them in cases of theft. This past year he launched CameraTrace, a specialized search engine spider that allows for the search of images captured by a specific camera via the serial number. He has been involved in a number of device recoveries many of which have led law enforcement to solve larger crimes including organized theft rings, violent carjackings, drugs, identify theft and more.

 

TRAINING GROUND


Aaron Crawford

Aaron Crawford is an independent security researcher with Squirrels in a Barrel, specializing in malware research, and social engineering. Aaron eats, sleeps and continually drinks from the proverbial information security fire hose. This passion for IT and information security lead Aaron to form Homegrown IT, which is a free and open source training solution for individuals interested in certification and expanded learning opportunities.


Rick Flores

Rick has a total of 9 years of experience in defensive/offensive security. Rick specializes in penetration testing with a focus on the PTES methodology, exploit development on Windows i386 architecture, and heavy interest in metasploit module development. He is also familiar with malware static/dynamic analysis, Unix/Linux/Windows hardening, IDS/IPS administration/deployment, & has a passion for nanoelectronics, teaching & presenting his research. Before working for Rapid7, Rick held various security & pen testing contract positions for public, private, antivirus, educational, financial, power/utility, and DoD/Gov customers. When Rick is not studying ruby|ASM|C++|Math, exploiting or writing metasploit modules he enjoys hanging out with his Son|Wife|Mom|Family … (The people that keep him going).


Mike Murray

Mike Murray is an innovative thinker within the information security industry, having spent the last 15 years helping large and small enterprises protect their information from hackers and social engineers. As Managing Partner and co-founder of MAD Security and The Hacker Academy, he and his team have focused on solving the human side of information security. While technology can be an effective tool to stop hackers, viruses and malware, the main threat vector to most organizations currently comes through their people. Mike started as a penetration tester and vulnerability researcher in the mid-90s, and spent the majority of his early career in highly technical roles focused on vulnerability assessment, penetration testing and vulnerability research. He moved on to leadership positions at nCircle, Neohapsis, and Liberty Mutual Insurance Group. Years of experience as a vulnerability researcher and leader of research teams have convinced Mike that the most important systems to address in information security are the human and organizational systems, and he has most recently focused on research into exploitation of those systems.


Joseph Sokoly

Joseph Sokoly has been in the Information Security field for the past five years, and worked in Information Technology in years prior. He currently works as a Security Engineer at MAD Security, LLC, writing security awareness classes and performing penetration tests. Joseph is a co-host of the Southern Fried Security Podcast and has also spoken at multiple Security BSides events across the country, including BSides Las Vegas 2010, BSides Boston, and BSides Austin.


Georgia Weidman

Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and BSides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security, LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.