- Aaron Hackworth
- Anton Chuvakin
- Arjen de Landgraaf
- Audrey Dorofee
- Barry Mullins
- Brian Nagel
- Bruce Schneier
- Calvin Miller
- Charles Iheagwara
- Chris van Breda
- Chris Alberts
- Chris Painter
- Cui Xiang
- Damir Rajnovic
- David Chaboya
- Diego Zamboni
- Etsuo Doi
- Fabien Pouget
- Farrukh Awan
- Franck Veysset
- Gary McGraw
- Guillaume Urvoy-Keller
- Jacomo Piccolini
- James Wrubel
- James Riordan
- Jan Kohlrausch
- Jochen Schönfelder
- Johannes Wiik
- Jon Ramsey
- Jose Gonzalez
- Joseph Schwendt
- Jun Heo
- Jürgen Sander
- Kees Leune
- Keisuke Kamata
- Kenneth van Wyk
- Klaus-Peter Kossakowski
- Lari Huttunem
- Laurent Butti
- Lawrence Rogers
- Marc Dacier
- Masato Terada
- Matt Fisher
- Matthew Pemble
- Matthew Geiger
- Nicholas Ianelli
- Nicholas Fischbach
- Pekka Pietikäinen
- Peter Haag
- Peter Allor
- Piotr Kijewski
- Richard Pethia
- Richard Raines
- Richard Bejtlich
- Rob Thomas
- Robert Sisk
- Robert Seacord
- Robin Ruefle
- Rogier Spoor
- Rusty Baldwin
- Sebastiaan Tesink
- Steven Mancini
- Steven Sim Kok Leong
- Tara Flanagan
- Terence Palfrey
- Till Dörges
- Uday Banerjee
- William Yurcik
- Wu Bing
- Yann Duponchel
- Yonglin Zhou
- Yoojae Won
- Yuichi Miyagawa
- Yusuf Acar
- Zou Xin
Aaron Hackworth (CERT/CC Carnegie Mellon University, US) Aaron Hackworth is a member of the technical staff at the Software Engineering Institute's CERT® Coordination (CERT/CC). Aaron is an analyst on the CERT/CC's Artifact Analysis team researching malicious code. Prior to joining the CERT/CC, Aaron worked as a network engineer and security specialist for some of the world's largest companies. The Software Engineering Institute is a Federally Funded Research and Development Center (FFRDC) sponsored by the US Department of Defense (Under Secretary of Defense for Acquisition, Technology and Logistics) and managed by Carnegie Mellon University.
Presentation
- Botnets as Vehicle for Online Crime
18th Annual FIRST Conference
Thursday June 29th, 11:45
- Botnets as Vehicle for Online Crime
Anton Chuvakin (LogLogic, Inc., US) Dr Anton Chuvakin, GCIA, GCIH, GCFA (http://www.chuvakin.org) is a recognized security expert and book author. In his current role as a Director of Product Management with LogLogic, a log management and intelligence company, he is involved with defining and executing on a product vision and strategy, driving the product roadmap, conducting research as well as assisting key customers with their LogLogic implementations. He was previously a Chief Security Strategist with netForensics, a security information management company. A frequent conference speaker, he also represents the company at various security meetings and standards organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal http://www.info-secure.org and several blogs.
Presentation
- Log Data Analysis for Incident Response
Business/Management Track
Tuesday June 27th, 09:10
- Log Data Analysis for Incident Response
Arjen de Landgraaf (Co-Logic Security, Ltd, NZ) Born in the Netherlands in 1952, Arjen has been working in IT since 1972. Starting off as programmer in Assembler and RPG (not RPG II yet in those days J) on IBM 360-20, he was hired by NCR in 1974 and became educator in 1978 for the NCR mainframe operating systems, programming languages such as Cobol, etc. Moved to Sperry Univac in 1980, he continued to work with Sperry as consultant after migrating to New Zealand in 1984. Since then Arjen was employed as Sr IT Consultant with KPMG NZ for 3 years and worked as independent IT consultant with the major NZ accountant and management firms. He started his own IT Services Company, Co-Logic Ltd in 1995.
Originally focusing on general IT project management and services, Co-Logic became increasingly specialized in managing IT Security from 1996 onwards. A couple of large projects, involving the response to and resolution of IT security breaches in some NZ and Australian Banks, Corporates and Telecommunication Companies, Arjen set to design an in-house tool for the keeping track of Security Issues and Vulnerabilities in 1998. Customers invited Co-Logic in 1999 to expand this tool and make it available as a Service for their own use: E-Secure-IT was born.
In 2001 Arjen decided to fully focus on further developing E-Secure-IT and established Co-Logic Security Ltd. With Head offices in New Zealand, E-Secure-IT IT Security Action Response Centers are now established in New Zealand (Auckland), India (Calcutta), Europe (Netherlands), with a fourth Centre to be established in the US this year.
A European Investment Firm took an interest in the company in 2005, and with their financial backing, 10 years of dedicated IT Security Experience, 6 years of experience in running the Alert Service and feedback from the many customers in the Asia Pacific Region, E-Secure-IT was completely re-designed and re-written, and launched in Europe and the US in 2006.
Through his interest in Unix (starting in 1979) and IT Security over the years Arjen has been a board member at the NZ UNIFORUM (1985-86), involved in the NZCS (New Zealand Computer Society), the NZISF, the NZ Information Security Forum, and been the New Zealand representative IT and Telecommunication for the PECC (Pacific Economic Co-operation Council), the founding body of the APEC (Asia Pacific Economic Council) until he moved back to Europe in mid 2003, to spearhead the European and US expansion of Co-Logic Security.
Over the years Arjen has been a higly regarded keynote speaker on IT and Security at many international conferences in the Asia Pacific Region, and part-time lecturer on IT Security and TQM for Asia Pacific Universities, including Massey University in Auckland, and Monash in Melbourne.Presentation
- If You Don't Know What You Don't Know
18th Annual FIRST Conference
Wednesday June 28th, 12:00
- If You Don't Know What You Don't Know
Audrey Dorofee (CERT/CC Carnegie Mellon University, US) Audrey Dorofee is a senior technical staff member at the Software Engineering Institute, CERT program. She is currently working on a new area of risk management research, Mission Assurance Analysis Protocol (MAAP), which looks at complex mission risks across multiple organizations. Initial pilot efforts with MAAP have been to apply MAAP to the evaluation of computer security incident response teams.
She is co-author of Managing Information Security Risks, Defining Incident Management Processes for CSIRTs: A Work in Progress, the OCTAVE Method Implementation Guide, OCTAVES Method Implementation Guide, and the Continuous Risk Management Guidebook.Presentation
- Evaluating CSIRT Operations
Business/Management Track
Monday June 26th, 14:00
- Evaluating CSIRT Operations
Barry Mullins (AFCERT Air Force Institute of Technology, US) Presentation
- Reliably Determining the Outcome of Computer Network Attacks
Technical Track
Wednesday June 28th, 14:00
- Reliably Determining the Outcome of Computer Network Attacks
Brian Nagel (Assistant Director, Office of Investigations, U.S. Secret Service, US) Brian Nagel entered on duty with the United States Secret Service on July 10, 1983 and was selected by Director Ralph Basham for the position of Assistant Director, Office of Investigations, in June 2003. In this capacity, Mr. Nagel is responsible for field operations in 135 offices throughout the world.
The investigative mission of the agency is focused on enforcement of federal law involving identity theft, computer fraud, credit card fraud, bank fraud and counterfeiting of U.S. currency. As the senior official over investigations, Mr. Nagel develops and implements policy as it relates to the cyber and fraud related crimes the agency investigates. He also exercises oversight of the headquarters based Criminal Investigative Division, Forensic Services Division and the Investigative Support Division.
Since its creation in 1865 to combat counterfeit currency, the Secret Service continues to protect the financial infrastructure of the country. Recent initiatives of the Office of Investigations include the expansion of the Secret Services Electronic Crimes Task Forces and the establishment of Electronic Crimes Working Groups. These groups focus on cyber and financial crimes in specific communities by creating partnerships with the private sector, academia and with other law enforcement agencies.
Prior to his current assignment, Mr. Nagel served as Assistant Director for the Office of Inspection a position in which he managed the internal affairs responsibilities for the agency since January 2003.
Beginning in June 2000, Mr. Nagel was previously assigned to the Los Angeles Field Office, where he served first as the Assistant Special Agent in Charge and was later appointed to the position of Special Agent in Charge. The Los Angeles Field Office is one of the largest field offices within the agency and very active in both criminal investigations and physical protection activities.
Before being transferred to Los Angeles, Mr. Nagel was in Washington, DC, serving as the Executive Assistant to Director Brian Stafford, the Assistant Special Agent in Charge of the Office of Protective Operations and the Assistant to the Special Agent in Charge of the Counterfeit Division.
Beginning in September 1992, Mr. Nagel served on the Presidential Protective Division, where he was promoted to a supervisory position in September 1996.
Mr. Nagel first served tours of duty as a criminal investigator in the Washington, D.C. and Miami Field Offices.Presentation
- Keynote: Building Effective Relationships between CSIRTs and Law Enforcement
18th Annual FIRST Conference
Thursday June 29th, 09:10
- Keynote: Building Effective Relationships between CSIRTs and Law Enforcement
Bruce Schneier (Counterpane Internet Security, Inc., US) Bruce Schneier is an internationally renowned security expert, referred to by The Econmist as a "security guru." He is the author of eight books -- including the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography" and hundreds of academic articles and papers. His influential newsletter, Crypto-Gram, is read by over 120,000 people.
Schneier is regularly quoted in the press, and his essays have appeared in national and international publications. He is a frequent guest on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy.Presentation
- Keynote: Fixing Internet Security by Hacking the Business Climate
18th Annual FIRST Conference
Friday June 30th, 09:10
- Keynote: Fixing Internet Security by Hacking the Business Climate
Calvin Miller (District of Columbia Government, US) Calvin Miller is the Chief Information Security Officer for the District of Columbia Government. Mr. Miller has over 28 years of experience within the information technology field, including the most recent 15 years as an IT Security Executive, Manager, Consultant, and Computer Security Engineer. He specializes in assessing, analyzing, and implementing successful IT security programs in both the government and commercial sectors. Mr. Miller is a Certified Information Systems Security Professional (CISSP), a Project Management Professional (PMP), and is also a certified Contracting Officers Technical Representative (COTR).
Presentation
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Business/Management Track
Wednesday June 28th, 16:00
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Charles Iheagwara (District of Columbia Government, US) Dr. Charles Iheagwara, a District of Columbia Government computer emergency response team (DCERT) contractor- coordinator is an information technology security consultant with experiences that covers a broad spectrum of Enterprise Information Assurance practice at business consulting and corporate implementation levels. Dr. Iheagwara is also the CTO of Unatek, Inc. Prior to assuming the current position, Dr. Iheagwara worked in the business consulting unit, where he led multiple engagements including subcontracting with KPMG on risk management and eCommerce software security projects for the Washington Metropolitan Airports Authority; and consulting with Thompson, Cobbs, Bazilio and Associates (TCBA) on different projects for numerous clients. Previous employments include stints at Lockheed Martin, Aligned Development Strategies, Inc (ADSI), Edgar online, Inc. and UTV environmental. At Lockheed Martin, he was the lead consultant for the Enterprise Information Systems next generation intrusion detection systems re-engineering project, as director of IT security services at ADSI, he managed the INFOSEC program of the ten million dollars ($10,000,000.00) District of Columbia government HIPAA privacy project for the TCBA -ADSI - Bearing Point contractor group, and as a systems security administrator at Edgar online worked on corporate and NASDAQ Online Web services /Internet portal IT security programs.
Dr. Iheagwara has served as an adjunct professor at several universities, including Bowie State University and has published more than thirty-seven (37) papers in referred international technical and scientific journals and conference proceedings.
Dr. Iheagwara received a Ph.D. degree in computer science from the University of Glamorgan, Wales, UK, a Master of Science degree in Metallurgical Engineering from the University of Minnesota, Minneapolis, Minnesota, USA, and a Bachelor/Master of Science degree in Metallurgical Engineering from the Moscow University of Steel and Alloys Technology, Moscow, Russia. Dr. Iheagwara is a licensed professional engineer.Presentation
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Business/Management Track
Wednesday June 28th, 16:00
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Chris van Breda (Cyberklix, CA) Mr. Chris van Breda has over 30 years experience in the fields of communications, information management and IT security, with emphasis on forensics, computer incident response team set-up, development and management Mr. van Breda has detailed experience in conducting Threat Risk Assessments, IT security incident response, computer forensics, HR, leadership, training development and production management. Mr. van Breda spent over 28 years in the Canadian Armed Forces working in signals intelligence, electronic warfare, IT security and finished his military career as the DND CIRT Team Manager. Since 2000 Mr. van Breda has been employed as an IT security consultant, SOC Manager and forensic investigator. Mr. van Breda is presently employed by Cyberklix and is working as a consultant to a major government department as the senior incident response architect in the design and implementation of an Information Protection Center. Mr. van Breda has been an active member of the Program Committee for the Forum of Incident Response and Security Teams (FIRST) for the past four years and a founding board member of the Ottawa Chapter of the High Technology Crime Investigation Association (HTCIA) in 2001.
Presentation
- IT Security Teams and Outsourced Managed Security Services - working together
Business/Management Track
Tuesday June 27th, 14:00
- IT Security Teams and Outsourced Managed Security Services - working together
Chris Alberts (CERT/CC Carnegie Mellon University, US) Christopher Alberts is a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute. His research focuses on developing advanced risk management methods, tools, and techniques. He co-developed the OCTAVE® approach for managing information security risks and the Continuous Risk Management methodology for managing software development project risks. He has co-authored two books, Managing Information Security Risks: The OCTAVE (SM) Approach (Addison-Wesley 2002) and the Continuous Risk Management Guidebook (Software Engineering Institute 1996).
Presentation
- Evaluating CSIRT Operations
Business/Management Track
Monday June 26th, 14:00
- Evaluating CSIRT Operations
Chris Painter (Department of Justice, US) Christopher M.E. Painter is a Deputy Chief of the Computer Crime and Intellectual Property Section at the Department of Justice. In that position he supervises the Section's case and policy efforts concerning computer network intrusions, cyberterrorism, procedural law, legislative and other issues. He also serves as the co-chair of the National Cyber response Coordination Group, an interagency body created to coordinate the U.S. government's response to major cyber incidents and chairs the G8 High Tech Crime Subgroup, a cutting edge international body that deals with enhancing international cooperation in combating high tech crime. Mr. Painter also worked on the cyber provisions of various U.S. laws including the USA Patriot Act, receiving the Attorney General's Award for Exceptional Service for those efforts. From 1991 to March 2000, Mr. Painter was a criminal prosecutor in the U.S. Attorney's Office for the Central District of California (Los Angeles). During his tenure in Los Angeles, Mr. Painter specialized in the investigation and prosecution of high-tech, intellectual property and computer crimes and served as a Computer Crime and Internet Fraud Coordinator for his office. He has lectured concerning computer crime issues extensively and appeared and been quoted in both broadcast and print media on cybercrime issues. Mr. Painter has investigated and prosecuted some of the most significant and high profile high-tech cases in the country, including the prosecution of notorious computer hacker Kevin Mitnick, the investigation of the February 2000 distributed denial of service attacks, the prosecution of the first two Internet stock manipulation cases in the country, the prosecution of significant software piracy cases and the prosecution of one of the first Internet auction fraud cases.. He is also co-chair of an ABA White Collar Crime Subcommittee on Computer Crime. Mr. Painter attended Cornell University, graduating with a B.A. in 1980, and Stanford Law School, receiving a J.D. in 1984. Mr. Painter was a Senior Editor of the Stanford Law Review and graduated Order of the Coif. He subsequently clerked for the Honorable Betty Fletcher of the U.S. Court of Appeals for the Ninth Circuit before practicing law at the Washington, D.C., law firm of Arnold and Porter.
Presentation
- Legal Representatives - CERT Panel Discussion
18th Annual FIRST Conference
Friday June 30th, 11:00
- Legal Representatives - CERT Panel Discussion
Cui Xiang (CNCERT/CC National Computer Network Emergency Response Technical Team / Coordination Center of China, CN) Cui Xiang has worked for CNCERT/CC for 3 years as a technical engineer focusing on malware prevention and data analysis. He graduated from HIT and got master degree there.
Presentation
Damir Rajnovic (Cisco PSIRT Cisco Systems Co., UK) Damir is part of Cisco PSIRT (Product Security Incident Response Team). The only group in Cisco that publishes Cisco Security Advisories and we are the focal point for product security within Cisco. In the current role Damirs responsibilities are to do whatever it takes to remove security vulnerabilities from all Cisco's products. Apart from the reactive work (responding to customer's incidents and managing vulnerabilities) Damir works on several proactive efforts to help building more secure products. These efforts are concentrated on educating developers to write more secure code and working with product designers during the design stage.
Part of the daily job is to liaise and maintain relationship with relevant external organization. Some of the entities Damir is connect to are: law enforcement (National Hi-Tech Crime Unit, now Serious Organized Crime Agency), coordinating centres (CERT/CC, JPCERT, NISCC) and other appropriate entities (Internet Crime Forum, GCHQ).
.Damir is actively involved in computer security arena since 1993. It started with Ministry of Foreign Affairs of Republic of Croatia, continued in Ministry of Science and Technology of Republic of Croatia, moved to EuroCERT to end in Cisco Systems PSIRT where he still is. EuroCERT was project with the aim to coordinate CERTs within European region. The project is no longer active. During that period he established CarnetCERT, was instrumental in creation of EuroCERT and constantly involved in CERT forums - both FIRST (internationally) and TF-CSIRT (European region). Non-security related work includes working on a Radio 101 as a sound engineer and a theatrical group.
Among other FIRST-related activities, Damir is the main driver behind Vendor SIG special interest groups under FIRST umbrella. The purpose of that forum is to facilitate dialog among product security groups from different vendors. Although the idea behind Vendor SIG existed for some time the forum started its life at the beginning of 2005 and already 23 vendors participate in it. More details at http://www.first.org/vendor-sig/Presentation
- Legal Representatives - CERT Panel Discussion
18th Annual FIRST Conference
Friday June 30th, 11:00
- Legal Representatives - CERT Panel Discussion
David Chaboya (AFCERT Air Force Institute of Technology, US) Capt David Chaboya is currently assigned as the team lead for Analysis and Evaluations at the Air Force Research Lab's Anti-Tamper and Software Protection Initiative Office. He leads reverse engineering efforts and determines feasibility of hardware and software protection solutions. Chaboya formerly worked as the Officer in Charge of Incident Response at the Air Force Computer Emergency Response Team (now AFNOSC NSD). His research interests include: intrusion detection, network traffic analysis, exploit development, and reverse engineering. Chaboya has a BS in electrical engineering from Oklahoma State University and a MS in computer engineering from the Air Force Institute of Technology.
Presentation
- Reliably Determining the Outcome of Computer Network Attacks
Technical Track
Wednesday June 28th, 14:00
- Reliably Determining the Outcome of Computer Network Attacks
Diego Zamboni (IBM MSS IBM Zurich Reserch Laboratory, CH) Presentation
- Building and Deploying Billy Goat: a Worm-Detection System
Technical Track
Thursday June 29th, 14:00
- Building and Deploying Billy Goat: a Worm-Detection System
Etsuo Doi (Attorney-at-law, JP) Etsuo Doi is a partner in Orrick Tokyo Law Offices, the gaikokuho joint enterprise of Orrick, Herrington & Sutcliffe LLP. He is a member of the firm's Corporate Department. He represents both Japanese-based, and international companies in matters relating to cross-border transactions, intellectual property, e-commerce, joint ventures, licensing, and general corporate work. He also has extensive experience in foreign inbound and outbound investments.
Before joining Orrick, Mr. Doi was corporate counsel at eBay Inc. and Chief Legal Counsel at eBay Japan KK. Previously, he was associated with Matsuo & Kosugi and Morrison & Foerster LLP.
While at e-Bay, Mr. Doi tackled a broad range of new legal issues arising from innovative Internet business models. He is well versed in Japanese technology law and he has been a panel speaker at numerous technology conferences. He is one of a select few Japanese private practice lawyers who has both in-house counsel and Internet venture start-up experience.
Mr. Doi has also served foreign clients in global intellectual property disputes and transactions.
Mr. Doi is an adjunct professor of law at Temple University Law School (Japan campus) and has taught courses on the Comparative Enforcement of Intellectual Property Rights, Comparative Intellectual Property, and East-West Negotiation.
He is admitted to practice in Japan and New York.Presentation
- Legal Representatives - CERT Panel Discussion
18th Annual FIRST Conference
Friday June 30th, 11:00
- Legal Representatives - CERT Panel Discussion
Fabien Pouget (CERTA French Government, FR) Fabien Pouget has a PhD degree from the Institut Eurecom (ENST Paris), France.
He received his master of Science from the Ecole Nationale Superieure des Telecommunications in 2002 after having worked as internship student in the IBM Research laboratory in Zurich, Switzerland. He joined the Network Security Team (nsteam) at Eurecom the same year. His research and teaching interests include computer and network security. He is involved in many projects on intrusion detection systems and honeypots and his PhD subject dealt with alert correlation.
He co-founded with Pr. Marc Dacier the Leurré.com project (www.leurrecom.org).
He is currently working for the French administrative CSIRT, CERTA.Presentation
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Technical Track
Friday June 30th, 15:00
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Farrukh Awan (District of Columbia Government, US) Farrukh Awan is a Security Systems Architecture and Engineering Manager with the Office of The Chief Technology Officer for the District of Columbia Government and is responsible for leading a team whose mission is to design and build secure network solutions. He has expert level working knowledge and experience in technologies such as Wireless, IDS, IPS, VoIP, Firewalls, VPNs, Penetration testing, vulnerability and risk assessments and conducting Forensics Investigations.
Mr. Awan has over 12 years of experience in IT security that covers a broad spectrum providing consulting and implementation services. He is also Districts Certified Architecture and sits on ARB review board. Prior to DC Government Mr. Awan worked at NASDAQ, NASD, EDS, Freddie Mac and provided consulting services to numerous other clients.
Farrukh Awan received Master of Science degree in Network Security and Bachelor of Science degree from State University of New York at Binghamton. Mr. Awan holds numerous other certifications including Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE), and multiple Cisco Certifications.Presentation
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Business/Management Track
Wednesday June 28th, 16:00
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Franck Veysset (France Télécom R&D, FR) Franck Veysset is a network security expert working for France Telecom R&D security labs. His activities are focused on Wi-Fi security, honeypot, and more generally IP security.
He has presented at numerous technical and security conferences (ToorCon, Eurosec, First...). He is also a program chair member of different conferences (SSTIC,JSSI...). Aside from these activities,he is member on the board of the French Information Systems and Network Security Observatory,and a member of the French chapter of the Honeynet project.Presentation
Gary McGraw (Cigital, Inc., US) Presentation
- Next Steps in Bridging the Gap
Technical Track
Tuesday June 27th, 09:10
- Next Steps in Bridging the Gap
Guillaume Urvoy-Keller (Institut EURECOM, FR) Presentation
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Technical Track
Friday June 30th, 15:00
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Jacomo Piccolini (CAIS/RNP Brazilian Research Network, BR) Jacomo Dimmit Boca Piccolini has an Engineer degree in Industrial Engineering at Universidade Federal de Săo Carlos - UFSCar, with two post-graduation, one obtained on the Computer Science Institute and other on the Economics Institute of Universidade de Campinas - Unicamp. He is GCIA, GIAC Certified Intrusion Analyst and GCFA, GIAC Certified Forensics Analyst, working as a senior security analyst at the Brazilian Research and Academic Network CSIRT (CAIS). With 9 years of experience in the security field his is the lead instructor of CAIS/RNP and hands-on coordinator for FIRST Technical Colloquiums. He is currently fighting the misuse of RNP backbone infrastructure by hackers.
Presentation
- Time signatures to Detect Multiheaded Stealthy Attack Tools
Technical Track
Friday June 30th, 15:00
- Time signatures to Detect Multiheaded Stealthy Attack Tools
James Wrubel (CERT/CC Carnegie Mellon University, US) James Wrubel is a Member of the Technical Staff at CERT. CERT is part of Carnegie Mellon University's Software Engineering Institute and is a federally funded center of excellence in computer security. Mr. Wrubel is the principal architect for CERTs Virtual Training Environment (https://www.vte.cert.org), an online library of information assurance and forensics training material and best practices. He also collaborates on information assurance coursework for CERT.
Prior to joining CERT, Mr. Wrubel was a Web applications architect and project manager focused on developing Internet-based solutions for Fortune 500 organizations. Mr. Wrubel holds a BA in Organizational Psychology from the University of Michigan and is pursuing an MS in IT Management from Carnegie Mellon University.Presentation
- CERT's Virtual Training Environment: A New Model for Security and Compliance Training
18th Annual FIRST Conference
Wednesday June 28th, 11:00
- CERT's Virtual Training Environment: A New Model for Security and Compliance Training
James Riordan (IBM MSS IBM Zurich Reserch Laboratory, CH) James Riordan is a Research Staff Member at the IBM Zurich Research Laboratory. His interests focus on operational computer security and cryptography. He holds a Ph.D. in Mathematics from the University of Minnesota.
Presentation
- Building and Deploying Billy Goat: a Worm-Detection System
Technical Track
Thursday June 29th, 14:00
- Building and Deploying Billy Goat: a Worm-Detection System
Jan Kohlrausch (DFN-CERT DFN-CERT Services GmbH, DE) Jan Kohlrausch received his Diploma in Computer Science from the University of Hamburg in June 2000. In July 2000 he joined the DFN-CERT Services GmbH and is currently working as a Senior Member of the Computer Security Incident Response Team (CSIRT) and Researcher. His main research interest include capturing of rapid spreading worms and zero-day exploits.
Presentation
- The Impact of Honeynets for CSIRTs
Business/Management Track
Wednesday June 28th, 14:30
- The Impact of Honeynets for CSIRTs
Jochen Schönfelder (DFN-CERT DFN-CERT Services GmbH, DE) Presentation
- The Impact of Honeynets for CSIRTs
Business/Management Track
Wednesday June 28th, 14:30
- The Impact of Honeynets for CSIRTs
Johannes Wiik (Agder University, NO) Johannes Wiik is a PhD fellow at Agder University College and the University of Bergen. He is currently studying the main factors influencing the effectiveness of a CSIRT over time from a management perspective. The method chosen for this study is system dynamics modelling and simulation. He holds a master in System Dynamics from the University of Bergen. After his Master studies he spent several years working as an international consultant applying system dynamics modelling to strategic problems in a wide range of industries. In 2001, he became the head of the consulting department of Powersim AS. In 2003 he started working as an advisor for organisations in the area of crisis management and contingency planning before he started on his PhD research.
- Johannes Wiik ; José J. Gonzalez ; Klaus-Peter Kossakowski (2005) Limits to effectiveness in Computer Security Incident Response Teams, 23rd International System Dynanics Conference, Boston, Mass., USA
- Johannes Wiik ; José J. Gonzalez ; Klaus-Peter Kossakowski (2005) Dynamics of Incident Response, 17th Annual FIRST Conference, Singapore
Presentation
- Effectiveness of Proactive CSIRT Services
Business/Management Track
Friday June 30th, 14:00
Jon Ramsey (SWRX CERT SecureWorks, US) Jon Ramsey is an information security expert with policy-making responsibility at SecureWorks in Atlanta, GA. Ramsey has 10 years of hands-on experience at every level: system administrator, software engineer, analyst, security penetration specialist and senior engineer. Prior to joining SecureWorks, Ramsey worked for the Computer Emergency Response Team (CERT), Siemens, and the University of Pittsburgh. Ramsey earned a Master's degree in software engineering from Carnegie Mellon University and a BS in computer science from the University of Pittsburgh. He is a member of IEEE and the Association for Computing Machinery (ACM).
Presentation
Jose Gonzalez (Agder University, NO) Jose J. Gonzalez is Professor of system dynamics and information security at the Faculty of engineering and science, Agder University College, Norway. He leads the Security and Quality in Organizations group at Agder University College with two postdoctoral fellows and four PhD fellows. In addition, Dr. Gonzalez is adjunct professor at the Dept. of Informatics and Media Science, Gjřvik University College, Norway. At Gjřvik he is responsible for the Security Management course for the M.Sc. study in Information Security. In addition to numerous publications in the fields of system dynamics and information security, Dr. Gonzalez was co-founder of Powersim, developer of one of the leading system dynamics tools.
- Johannes Wiik ; José J. Gonzalez ; Klaus-Peter Kossakowski (2005) Limits to effectiveness in Computer Security Incident Response Teams, 23rd International System Dynanics Conference, Boston, Mass., USA
- Johannes Wiik ; José J. Gonzalez ; Howard Lipson ; Tim Shimeall (2004) Dynamics of Vulnerability - Modeling the Life Cycle of Software Vulnerabilities, 22nd International System Dynanics Conference, Oxford, UK.
Presentation
- Effectiveness of Proactive CSIRT Services
Business/Management Track
Friday June 30th, 14:00
Joseph Schwendt (IFT Intel Corporation, US) Joe Schwendt joined Intel in January of 2000 with IOS (Intel Online Service). As a Senior Platform Engineer, he helped to advance the design of the Windows build and various other support infrastructures. He also pioneeredthe fist cross platform security monitoring tool in use at Intel. Joe joined ITlate in 2001in Hudson with Engineering Computing. Joe co-develope IPACE (Intel Patch Assistant and Compliance Enabler) and led the Ec Windows STET (Security Tehnologies Engineering Team) for nearly two years. Joe then joined the RRM (Response and Recovery Management) Team in early 2005 as an ITERP (Information Technology Emergency Response Process) Incident Commander and security tools developer. He is the co-developer of RAPIER as well as the Malware Collection Tools Product Manager. Prior to joining Intel, Joe worked for Booz-Allen & Hamilton as a Senior Network Engineering, designing and deploying a border control system for the US Government.
Presentation
Jun Heo (KrCERT/CC Korea Information Security Agency, KR) Jun Heo received the B.S. degrees in Information and Computer Science from Ajou University in 2002, and M.S. degree in Management Information System from Hanyang University in 2004, respectively. He has worked as a junior researcher in Korea Information Security Agency since 2005.
Presentation
- Risk Analysis Methodology for New IT Service
Business/Management Track
Wednesday June 28th, 14:00
- Risk Analysis Methodology for New IT Service
Jürgen Sander (PRE-CERT PRESECURE Consulting, GmbH, DE) Jürgen Sander is senior consultant at PRESECURE Consulting GmbH, an independent German company providing consultancy on Information Security Management and Incident Response.
He has worked in the security field more than 10 years. Areas of specialisation are design and set-up of public-key-infrastructures, Risk-Analysis and Security-Management. In the last years the emphasis of his activities are in the areas of incident response and cyber crime. The main activities are incident response consulting, CERT development and the promotion of a better collaboration and co-operation of CERTs. He has participated in different national and European projects (e.g. eCSIRT.net). Substantial tasks are the definition of information sharing policies, the establishment of standardized exchange of incident and statistical data between CERTs as well as in the implementation of warning and alert services for teams involved. Furthermore he is an active member of the national and international CERT community (FIRST, TF-CSIRT and German CERT-Verbund).
From 1998 to 2002 he was an executive employee of subsidiaries of BASF Group and responsible for the development of the communication infrastructure as well as for enterprise-wide security reviews in the position of a CISO. From 1997 to 1998 he was a consultant at secunet Security Networks AG, an German IT security provider. From 1995 to 1997 he was a scientific assistant at the Institute for Open Communication Systems, an institute of the GMD National Research Center for Information Technology - now Fraunhofer-Gesellschaft.Presentation
- CarmentiS - a German Early Warning Information System - Challenges and Approaches
Business/Management Track
Thursday June 29th, 14:00
- CarmentiS - a German Early Warning Information System - Challenges and Approaches
Kees Leune (Tilburg University, NL) Kees works as a researcher at Tilburg University's Infolab. His interests span a wide range of topics related to Information Security, such as computer security incident response, intrusion detection, secure IS architectures and access control mechanisms. At the moment, Kees is in the final phase of writing his dissertation titled "Access Control in Service-Oriented Computing". He hopes to successfully defend his thesis at the end of the year in order to receive his doctorate in Information Systems, after which he will be on the job market searching for new challenges.
In addition to his research work, Kees is a member of Tilburg University's Computer Emergency Response Team (UvT-CERT), and lead architect and principal developer of the Application for Incident Response Teams.Presentation
- Designing and Developing an Application for Incident Response Teams
Business/Management Track
Wednesday June 28th, 16:30
- Designing and Developing an Application for Incident Response Teams
Keisuke Kamata (JPCERT/CC JPCERT Coordination Center, JP) Keisuke KAMATA is a member of Watch and Warning Group in JPCERT/CC and Information Security Analyst. He was an Incident Handler, and designed incident handling system which uses in JPCERT/CC. He was also a member of Traffic Monitoring project ISDAS. Japanese official vulnerability handling framework was started and he led the Vulnerability Handling team in JPCERT/CC.
Presentation
- Threats of P2P File Sharing Software - a Japanese Situation About "Winny"
Business/Management Track
Wednesday June 28th, 17:00
- Threats of P2P File Sharing Software - a Japanese Situation About "Winny"
Kenneth van Wyk (KRvW Associates, LLC, US) * Kenneth R. van Wyk is an internationally recognized information security expert and author of the OReilly and Associates books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, (http://www.KRvW.com), he currently holds numerous positions: as a monthly columnist for on-line security portal, eSecurityPlanet (http://www.eSecurityPlanet.com), and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute (http://www.sei.cmu.edu).
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.
Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, and others. Ken is also a CERT® Certified Computer Security Incident Handler.Presentation
- Next Steps in Bridging the Gap
Technical Track
Tuesday June 27th, 09:10
- Next Steps in Bridging the Gap
Klaus-Peter Kossakowski (Software Engineering Institute, DE) Klaus-Peter Kossakowski is a Visiting Scientist at the SEI in Europe. He is currently researching the business processes related to incident response as integral part of - not only IT specific - risk management. He has defended his Doctorate Thesis in "Information Technology Incident Response Capabilities" at the University of Hamburg. He also holds a first-class degree in Information Science from the University of Hamburg. After his studies he worked as a senior consulting and managing director for German based security providers and consulting companies. He has served for many years in various roles within the international CERT communities.
- Moira J. West-Brown ; Don Stikvoort ; Klaus-Peter Kossakowski (1998) Handbook for Computer Security Incident Response Teams (CSIRTs), CMU/SEI-98-HB-001, Carnegie Mellon University, Pittsburgh, PA, USA
- Georgia Killcrece ; Klaus-Peter Kossakowski ; Robin Ruefle ; Mark Zajicek (2003) Organizational Models for Computer Security Incident Response Teams (CSIRTs), CMU/SEI-2003-HB-001, Carnegie Mellon University, Pittsburgh, PA, USA
Presentation
- Effectiveness of Proactive CSIRT Services
Business/Management Track
Friday June 30th, 14:00
Lari Huttunem (University of Oulu, FI) Presentation
- Behavioral Study of Bot Obedience using Causal Relationship Analysis
Technical Track
Wednesday June 28th, 15:00
- Behavioral Study of Bot Obedience using Causal Relationship Analysis
Laurent Butti (France Télécom R&D, FR) Laurent is a network security expert at France Télécom R&D labs. His research interests include wireless security (802.11, 802.16...), honeypots and worms. He has presented at numerous security-focused conferences (ToorCon, ShmooCon, Eurosec, FIRST...).
Presentation
Lawrence Rogers (CERT/CC Carnegie Mellon University, US) Lawrence R. Rogers is a senior member of the technical staff in the CERT Training and Education team which is part of the CERT Program at the Software Engineering Institute (SEI) at Carnegie Mellon University.
Rogers's primary focus is analyzing system and network vulnerabilities and helping to transition security technology into production use. His professional interests are in the areas of the administering systems in a secure fashion and software tools and techniques for creating new systems being deployed on the Internet. Rogers also works as a trainer of system administrators, authoring and delivering courseware. His latest set of courseware is the Survivability and Information Assurance (SIA) Curriculum which is freely available at http://www.cert.org/sia/.
Rogers has written many articles intended for the less technically inclined reader. Among his articles are: Email - A Postcard Written in Pencil, Yesterday I Couldn't Spell Systems Administrator; Now I Am One, and Internet - Friend or Foe? He has also written a security guide targeted for the home computer user entitled Home Computer Security. All of his articles are available at: http://www.cert.org/homeusers/.
Before joining the SEI, Rogers worked for ten years at Princeton University, first in the Department of Computer Science on the Massive Memory Machine project, and later at the Department of Computing and Information Technology (CIT). While at CIT, he directed and managed the UNIX Systems Group, which was charged with administering the UNIX computing facilities used for undergraduate education and campus-wide services.
Rogers co-authored the Advanced Programmer's Guide to UNIX Systems V with Rebecca Thomas and Jean Yates. He received a BS in systems analysis from Miami University in 1976 and an MA in computer engineering in 1978 from Case Western Reserve University.Presentation
- The Survivability and Information Assurance (SIA) Curriculum
18th Annual FIRST Conference
Friday June 30th, 09:50
- The Survivability and Information Assurance (SIA) Curriculum
Marc Dacier (Institut EURECOM, FR) Presentation
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Technical Track
Friday June 30th, 15:00
- Time Signatures to Detect Multi-headed Stealthy Attack Tools
Masato Terada (HIRT Hitachi, JP) Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.
Presentation
- Proposal of RSS Extension for Security Information Exchange
Business/Management Track
Friday June 30th, 14:30
- Proposal of RSS Extension for Security Information Exchange
Matt Fisher (SPI Dynamics, US) Matt Fisher is a Senior Security Engineer for SPI Dynamics and has over 12 years experience in the information technology industry. He has multiple certifications and has spoken on the topic of Web application security at numerous conferences. Matt was a contributing author for the book titled, Google Hacking for Penetration Testers and is registered with the Defense Information Services Agency as a subject matter expert in Web application security.
Presentation
- Exploring the Next Level of Cyber Attacks: Methodologies and Demonstration of Web Application Hacks
Business/Management Track
Monday June 26th, 09:10
- Exploring the Next Level of Cyber Attacks: Methodologies and Demonstration of Web Application Hacks
Matthew Pemble (RBSG Royal Bank of Scotland, UK) Matthew Pemble is currently the ISIRT Manager for a major international bank. An experienced Security Architect and Consultant, as well as an Incident and Investigations Manager and Computer Forensics Practitioner, he is a Fellow of the British Computer Society and the Institute for Communications Arbitration & Forensics.
Presentation
- A Year's Evolution on Attacks Against Online Banking Customers
18th Annual FIRST Conference
Thursday June 29th, 11:00
- A Year's Evolution on Attacks Against Online Banking Customers
Matthew Geiger (CERT/CC Carnegie Mellon University, US) Matthew Geiger is a forensic specialist and researcher at CERT. His recent work has focused on counter-forensic tool performance and on new utilities for live-system forensics. Prior to joining CERT, Matthew resided for about 14 years in Asia. As a forensic analyst in the private sector, Matthew conducted investigations involving corporate fraud, network intrusion, proprietary data theft, corruption and official misconduct for clients that included Fortune 500 companies. His professional background also includes network security design and implementation, incident response and security assessment for international media and financial services groups.
Matthew holds an MS degree in information security from Carnegie Mellon University. His professional accreditations include the SANS Institute's GCFA forensic certification.Presentation
- Counter-Forensic Tools: Analysis and Data Recovery
Business/Management Track
Thursday June 29th, 14:30
- Counter-Forensic Tools: Analysis and Data Recovery
Nicholas Ianelli (CERT/CC Carnegie Mellon University, US) Nicholas (Nick) Ianelli is a member of the technical staff at the Software Engineering Institute's CERT® Coordination (CERT/CC). Nick is an analyst on the CERT/CC's Artifact Analysis team researching malicious code. Prior to joining the CERT/CC, Nick worked as a network engineer at a national (US) Internet service provider. The Software Engineering Institute is a Federally Funded Research and Development Center (FFRDC) sponsored by the US Department of Defense (Under Secretary of Defense for Acquisition, Technology and Logistics) and managed by Carnegie Mellon University.
Presentation
- Botnets as Vehicle for Online Crime
18th Annual FIRST Conference
Thursday June 29th, 11:45
- Botnets as Vehicle for Online Crime
Nicholas Fischbach (COLT Telecom)
Presentation
- IT Security Teams and Outsourced Managed Security Services - working together
Business/Management Track
Tuesday June 27th, 14:00
- IT Security Teams and Outsourced Managed Security Services - working together
Pekka Pietikäinen (University of Oulu, FI) M. Sc. (Eng.) Pekka Pietikäinen joined the Oulu University Secure Programming Group (OUSPG) in April 2003. He is currently working on a PhD in information security. His thesis concentrates on modeling the behaviour of complex systems using causal relationships. Pekka did his M.Sc. thesis at CERN with the title "Hardwareassisted Networking Using Scheduled Transfer Protocol on Linux". He has over 10 years of work experience in the field, in both research and private industry.
Presentation
- Behavioral Study of Bot Obedience using Causal Relationship Analysis
Technical Track
Wednesday June 28th, 15:00
- Behavioral Study of Bot Obedience using Causal Relationship Analysis
Peter Haag (SWITCH-CERT The Swiss Education and Research Network, CH) Peter Haag is a member of SWITCH-CERT, the Swiss Education & Research Network CERT. He received a master's degree (1991) in electrical engineering from the Swiss Federal Institute of Technology in Zurich and worked as a digital hardware design engineer for four years. In 1995 he changed into the design, development and operation of Internet Server Systems. In 2002 Peter Haag joined SWITCH as an network security engineer. Within SWITCH-CERT he is in charge of incident handling, Computer Forensics, Malware Analysis and security tool design. He is the author of the open source netflow tools nfdump and NfSen. At the moment he is actively involved in several projects doing netflow analysis.
Presentation
- Netflow Tools NfSen and NFDUMP
Technical Track
Wednesday June 28th, 16:30
- Netflow Tools NfSen and NFDUMP
Peter Allor (ISS Internet Security Systems, US) Peter Allor is the director of intelligence and special assistant to the CEO for Internet Security Systems, Inc. (ISS) where he is responsible for guiding the companys overall security intelligence initiatives and participation in enterprise and government implementation strategies. He assists ISS X-Force Research and Development Team with the collection, analysis and dissemination of information regarding cyber vulnerabilities, exploits, incidents, threats and early warning. This information is used to provide customers with information and resources to employ best practices to defend their networks from potential attacks.
Allor is also the director of operations for the Information Technology - Information Sharing and Analysis Center (IT-ISAC) as part of the X-Force Internet threat intelligence services-- a task force that provides global information protection solutions analysis for securing IT infrastructure and defending key online assets and critical infrastructures from attack and misuse. He is responsible for managing ISAC operations where members report vulnerabilities, solutions, best security practices and track hackers globally. The ISAC operations center provides threat analysis and anonymous reporting of security vulnerabilities and shares solutions with all of its members.
Allor participates on the ISAC Council, a private industry forum for sharing information, and is a member of the Georgia Business Force. He also participated in the formation of the Information Technology Sector Coordination Council (IT SCC). As a member of the ISS FIRST team, Allor has spoken at numerous events on security, information sharing and cyber intelligence. In 2005, Allor was presented with IT* Security Magazines Individual Innovation Award.
Prior to joining ISS, Allor served in the United States Army where he worked in a variety of security related positions reporting from Panama to Korea, as well as the Middle East.
Allor holds a bachelors degree in business administration degree from Rollins College and a masters degree in organizational management from the University of Phoenix. He is a graduate of the U.S. Army Command and General Staff College. In addition, he is a member of the Information Systems Security Association (ISSA) and the Atlanta InfraGard Chapter.Presentation
- Sharing Sensitive Information without Compromising Data
18th Annual FIRST Conference
Wednesday June 28th, 09:50
- Sharing Sensitive Information without Compromising Data
Piotr Kijewski (CERT POLSKA Research and Academic Computer Network in Poland, PL) Piotr Kijewski works for NASK since 2002, as an IT Security Specialist in the CERT Polska team. His main interests in the computer and network security field include intrusion detection, honeynets and network forensics. He has also worked for nearly 10 years as a network administrator at the Warsaw University of Technology and as a network security consultant for many companies in Poland. He holds an MSc degree in Telecommunications from the Warsaw University of Technology.
Presentation
- Automated Extraction of Threat Signatures from Network Flows
Technical Track
Wednesday June 28th, 14:30
- Automated Extraction of Threat Signatures from Network Flows
Richard Pethia (CERT/CC Carnegie Mellon University, US) Richard Pethia manages the Networked Systems Survivability (NSS) Program at the Software Engineering Institute (SEI) at Carnegie Mellon University. The program ensures appropriate technology and systems management practices are available to recognize, resist, and recover from attacks on networked systems. The programs CERT Coordination Center (CERT/CC) has formed a partnership with the Department of Homeland Security to provide a national cyber security system, US-CERT. In 2003, Pethia was awarded the position of SEI Fellow for his vision and leadership in establishing the CERT/CC, for creating and establishing the worldwide network of over 200 CSIRTs and FIRST, for his leadership in creating the NSS Program, and for his partnership with the Department of Homeland Security in the formation of US-CERT. Pethia is also a co-director of Carnegie Mellon Universitys CyLab, bringing together the varied cyber security activities at the university.
Presentation
- Keynote: Computer Security Incident Response - Past, Present, Future
18th Annual FIRST Conference
Wednesday June 28th, 09:10
- Keynote: Computer Security Incident Response - Past, Present, Future
Richard Raines (AFCERT Air Force Institute of Technology, US) Presentation
- Reliably Determining the Outcome of Computer Network Attacks
Technical Track
Wednesday June 28th, 14:00
- Reliably Determining the Outcome of Computer Network Attacks
Richard Bejtlich (TaoSecurity, US) Richard Bejtlich is founder of TaoSecurity (www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001 then-Captain Bejtlich defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, Richard is a graduate of Harvard University and the United States Air Force Academy. He authored the critically acclaimed Tao of Network Security Monitoring: Beyond Intrusion Detection in 2004 and Extrusion Detection: Security Monitoring for Internal Intrusions in 2005. Richard co-authored Real Digital Forensics, and contributed to Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and several Sys Admin magazine articles. He Richard writes for his Web log (taosecurity.blogspot.com) and teaches at USENIX.
Presentation
- The Network-Centric Incident Response and Forensics Imperative
Business/Management Track
Friday June 30th, 15:00
- The Network-Centric Incident Response and Forensics Imperative
Rob Thomas (Team Cymru Team Cymru, US) Rob Thomas is the CEO and a Research Fellow with Team Cymru. Rob has worked as a network engineer, kernel developer, and information security professional for numerous clients. He is an ISC Fellow, a former vice-chair of FIRST, has served as a NANOG Program Committee member, has lectured at universities such as Notre Dame and Northwestern, and is on the technical advisory boards of corporations such as UltraDNS.
Presentation
- The Underground Economy
18th Annual FIRST Conference
Thursday June 29th, 09:50
- The Underground Economy
Robert Sisk (IBM MSS IBM Corporation, US) Robert Sisk has been a senior security architect with IBM for 7 years and holds the CISSP certification. Bob is recognized as a technical leader in the field of security within IBM and has demonstrated an understanding of the many technologies involved in IT systems security as well as the capability to creatively use these skills in solving a wide variety of problems for both internal and external customers. Since joining IBM, Bob has worked for IBM Global Services (specifically, IBM Shared Network Infrastructure), IBM Global Security Delivery (Managed Security Services Delivery), and IBM High Performance on Demand Systems (Events Infrastructure), and used his numerous skills to support IBM and its customers globally. He began his career in the IT field in the 1980s working with the PDP-11 and has done a tour of duty on almost every UNIX or UNIXlike operating system available. His background includes programming, and being a web master, network administrator, system administrator, forensics investigator, and security instructor. Bob has worked for academia, government, and business. He has an MS from Virginia Tech and a PhD from the University of Virginia.
Presentation
Robert Seacord (CERT/CC Carnegie Mellon University, US) Robert C. Seacord is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, PA. The CERT/CC, among other security related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure.
An eclectic technologist, Robert is coauthor of two previous books, Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003) as well as more than 40 papers on software security, component-based software engineering, Web based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He also is actively involved in the JTC1/SC22/WG14 international standardization working group for the C programming language.Presentation
- Secure Coding in C and C++
Technical Track
Monday June 26th, 09:10
- Secure Coding in C and C++
Robin Ruefle (CERT/CC Carnegie Mellon University, US) Robin Ruefle is a member of the technical staff in the CERT CSIRT Development Team at the Software Engineering Institute at Carnegie Mellon University. Her work focuses on the development of best practice standards and guidelines for helping new and existing CSIRTs improve and expand their services. She also develops and delivers training courses for CSIRT managers and staff. She is currently working with the rest of the CSIRT Development Team on developing an incident management framework and a methodology for assessing CSIRT operations.
She is co-author of the Handbook for CSIRTs (2nd Edition), Defining Incident Management Processes for CSIRTs: A Work in Progress, The State of the Practice of CSIRTs, Organizational Models for CSIRTs, and the CSIRT Services List.
Presentation
- Evaluating CSIRT Operations
Business/Management Track
Monday June 26th, 14:00
- Evaluating CSIRT Operations
Rogier Spoor (SURFnet-CERT SURFnet, NL) Rogier Spoor graduated in Bioprocess Engineering at the Wageningen University and Research Centre. His first job was working as a Technical Linux and Network Engineer. Currently, Rogier works as an Account Advisor at SURFnet and is in charge of the D-IDS project.
Presentation
- A Distributed Intrusion Detection System Based on Passive Sensors
Technical Track
Wednesday June 28th, 16:00
- A Distributed Intrusion Detection System Based on Passive Sensors
Rusty Baldwin (AFCERT Air Force Institute of Technology, US) Presentation
- Reliably Determining the Outcome of Computer Network Attacks
Technical Track
Wednesday June 28th, 14:00
- Reliably Determining the Outcome of Computer Network Attacks
Sebastiaan Tesink (Tilburg University, NL) Presentation
- Designing and Developing an Application for Incident Response Teams
Business/Management Track
Wednesday June 28th, 16:30
- Designing and Developing an Application for Incident Response Teams
Steven Mancini (IFT Intel Corporation, US) Steve Mancini has been with Intel since May 1997 when he graduated from the Purdue University where he first became interested in computer security after studying under Gene Spafford. After surviving a year in a technical support role he moved on to UNIX applications where he was a member of the team responsible for building an extensive UNIX application tool suite critical to chip design. In early 2000 he seized the opportunity to pursue his college interest as a security program manager and has since worked as a senior information security specialist and now security strategist. During his time he has been involved with several Intel security initiatives including the formation of the Security Operations Center, co-authored of Intel's risk assessment process, and his interest in incident handling resulted in his creation of the first generations of RAPIER. In his spare time Steve volunteers as a digital forensics examiner for the city and county police department. For fun he participates in the Defcon Capture the Flag competition.
Presentation
Steven Sim Kok Leong (NUSCERT National University of Singapore, SG) Steven Sim Kok Leong has 9 years of IT security experience. He works for the National University of Singapore in the Computer Centre's InfoComm Security Group as its Assistant Manager. The InfoComm Security Group operates a CERT better known as NUSCERT. As part of his portfolio, Steven is involved with designing and managing his University's early warning cum remediation system for network security threats including underlying campus Honeynets. Beyond his work, Steven is also Director of SIG^2 G-TEC Labs, V.P. Membership for ISSA Singapore Chapter and a member of Singapore IT Standards Committee (ITSC) Information Security Management Working Group (ISMWG). He holds a Master of Computing (MComp) degree from the National University of Singapore and infocomm security qualifications including CISSP, CISA, GCIH, GCFW.
Presentation
- A Strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems
Business/Management Track
Wednesday June 28th, 15:00
- A Strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems
Tara Flanagan (Cisco Systems Cisco Systems Ltd., US) Tara Flanagan is the Director of Legal Services for Cisco System's world wide services organization, and has supported Cisco's security reporting team (PSIRT) for seven years. Prior to joining Cisco in 1997, she worked as a government contracts attorney and commercial litigator with the Los Angeles law firm of McKenna, Conner and Cuneo. During her tenure as outside counsel, she represented large and small companies engaged in business with the U.S. government (i.e. represented FMC Corporation in lawsuit against the Goodyear Tire and Rubber Company resulting in $32M judgement for FMC), as well as pro bono cases in which she represented children and for which she received several pro bono awards. She holds a B.A. cum laude from Tulane University (New Orleans, LA) and a J.D. cum laude Pepperdine University (Malibu, CA). She is licensed to practice law in California and is registered inhouse counsel in Virginia.
Presentation
- Legal Representatives - CERT Panel Discussion
18th Annual FIRST Conference
Friday June 30th, 11:00
- Legal Representatives - CERT Panel Discussion
Terence Palfrey (Crown Prosecution Services, UK) Terence Palfrey is a senior specialist prosecutor working with the Organised Crime Division of the Crown Prosecution Service in England and Wales. He is a solicitor and member of the Law Society who works mainly in the area of computer related crime and money laundering; advising on and prosecuting cases from the Serious and Organised Crime Agency. He holds a PhD from the University of Leeds and is a visiting lecturer at the European Institute of Public Administration in Luxembourg where he teaches a course on EU rules in the area of e-commerce, data protection and security as part of a masters programme in European Legal Studies. He has also prepared and presented short courses on cyber crime and money laundering as part of EU outreach programmes in Romania and Bulgaria and spoken at seminars in Luxembourg on these subjects. He is an elected fellow of the Society for Advanced Legal Studies and has published several articles and, spoken at conferences in a number of countries.
Presentation
- Legal Representatives - CERT Panel Discussion
18th Annual FIRST Conference
Friday June 30th, 11:00
- Legal Representatives - CERT Panel Discussion
Till Dörges (PRE-CERT PRESECURE Consulting GmbH, DE) Till Dörges joined PRESECURE Consulting GmbH as a researcher in 2002. The two major projects he's currently working on are a network of distributed IDS-sensors (evolved from the EC-funded project "eCSIRT.net") and the also EC-funded research project about proactive security monitoring in a policy-based framework ("POSITIF"). Both projects strongly relate to Intrusion Detection, Honeynets and (Security-) Policies.
He also is the team representative of PRESECURE within the European community of accredited CSIRTs ("Trusted Introducer") as well as for FIRST.
Till Dörges studied Computer Sciences in Hamburg, Toulouse and Leipzig. He holds a French "Maîtrise d'Informatique" and a German "Informatik-Diplom".Presentation
- Proactive Security Monitoring in a Policy Managed Network
Technical Track
Wednesday June 28th, 17:00
- Proactive Security Monitoring in a Policy Managed Network
Uday Banerjee (SWRX CERT SecureWorks, US) Uday Banerjee is a security analyst at SecureWorks. Uday is in charge of the alert visualization effort at SecureWorks, and has several years of experience working with various security related technologies and products. Uday received a Master's degree in Electrical and Computer Engineering from Oregon State University.
Presentation
William Yurcik (NCSA-IRST National Center for Supercomputing Applications, US) Bill Yurcik is Manager of Security R&D and Senior Systems Security Engineer at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. Bill has 20+ years experience managing network security on global IP networks including lead engineer positions at NASA, the Naval Research Laboratory, and Verizon. This experience provides a backdrop for his current research in which he leverages theory in the development of practical and intuitive tools for security system administrators. He is an international research leader in Internet security visualization (VizSEC) which he has applied to enterprise networks, the HPC cluster environment, and storage systems. For more details about his VizSEC work see the SIFT Project homepage:
Presentation
- VisFlowConnect-IP : A Link-Based Visualization of NetFlows for Security Monitoring
18th Annual FIRST Conference
Friday June 30th, 11:45
- VisFlowConnect-IP : A Link-Based Visualization of NetFlows for Security Monitoring
Wu Bing (CNCERT/CC National Computer Network Emergency Response Technical Team / Coordination Center of China, CN) Wu Bing has worked for CNCERT/CC for 1 year. He s a PhD focusing on incident response.
Presentation
Yann Duponchel (IBM MSS IBM Zurich Reserch Laboratory, CH) Presentation
- Building and Deploying Billy Goat: a Worm-Detection System
Technical Track
Thursday June 29th, 14:00
- Building and Deploying Billy Goat: a Worm-Detection System
Yonglin Zhou (CNCERT/CC National Computer Network Emergency Response Technical Team / Coordination Center of China, CN) Zhou Yonglin has worked for CNCERT/CC for more than 5 years. He is a technical manager of Department of Administration & Operation of CNCERT/CC. He graduated from HIT and got master degree there.
Presentation
Yoojae Won (KrCERT/CC Korea Information Security Agency, KR) Yoojae Won recedived the B.S., M.S. and Ph.D. degrees in Computer Engineering from Choongnam University in 1985, 1987 and 1988, respectively. He worked in ETRI as a team leader and principal member of technical staff, and the CTO of Ahnlab Co. He has worked in Korea Information Security Agency as a Director since 2004. His interest areas are Wireless Internet Security and PKI.
Presentation
- Risk Analysis Methodology for New IT Service
Business/Management Track
Wednesday June 28th, 14:00
- Risk Analysis Methodology for New IT Service
Yuichi Miyagawa (JPCERT/CC JPCERT Coordination Center, JP) Yuichi MIYAGAWA conducts research in the areas of contents security such as P2P and DRM technologies. He leads traffic monitoring project ISDAS in JPCERT/CC for three years. He has a P2P network research system and the system "P2P finder" is keep watching contents flows of Japanese major P2P networks such as Winny.
Presentation
- Threats of P2P File Sharing Software - a Japanese Situation About "Winny"
Business/Management Track
Wednesday June 28th, 17:00
- Threats of P2P File Sharing Software - a Japanese Situation About "Winny"
Yusuf Acar (District of Columbia Government, US) Yusuf Acar is currently employed as the Information Systems Security Officer (ISSO) at Government of the District of Columbia. He is licensed as a Professional Engineer (PE) and many of industrys top certifications including Ciscos CCNA, CCIE (350-020 writing), Cisco DWDM, Cisco ONS15454 and MCSE. Yusuf Acar previously worked as Sr.Optical (SONET) Engineer at Lightwave Communications, GTSI, and NewCall and is currently enrolled in the Master of Information Systems program at Bowie State University.
Presentation
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Business/Management Track
Wednesday June 28th, 16:00
- Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
Zou Xin (CNCERT/CC National Computer Network Emergency Response Technical Team / Coordination Center of China, CN) Zou Xin is a currently studing PhD in HIT. He is extremely experienced in network management. Now he works for CNCERT/CC. Wu Bing has worked for CNCERT/CC for 1 year. He s a PhD focusing on incident response.
Presentation