Speakers – IT-DEFENSE 2014

Nobody talks about the ugly sides of death like him:  Dr. Mark Benecke, Germany’s best known forensic biologist, can explain the significance of blood splashes on ceilings and walls or the life-cycles of maggots on a body without making the audience shudder with disgust.

Benecke spent his childhood in a then futuristic precast concrete building in Köln-Zollstock, "which had a gigantic park with hundreds of nice rabbits, cool trees and seemingly millions of birds on its doorstep.” The little Benecke had been given a physics and chemistry kit by his father (job: engineer), he liked those especially. He enjoyed playing and doing handicrafts with his brother. Later on, as teenagers, both had free use of one of the first PCs, "thanks to our cool parents". “Living in Zollstock and then for ten years in the at that time turkish-arabic Nippes has grounded me forever: Normal people with normal questions and normal lives. Very comforting regarding all the insanity that I experienced later.”

Today, Mark Benecke is called to difficult cases as an internationally renowned expert on forensic science and forensic entomology. He teaches, gives lectures at universities and was even able to help the FBI with a hint once. But not only professionals want to hear what the sworn freelance expert has to tell. Benecke also finds his audience at talkshows, via books, radio shows and tv series that deal with the investigation of real criminal cases.

Regarding his course of education, you wouldn't bet on how entertaining his presentations are: He studied biology, zoology and psychology at the university of Köln, wrote his thesis on genetic fingerprints and did several forensic science trainings in the field of forensic medicine in the US. But this professional just is an entertainer – and at the same time a missionary for education. “People think they are being well entertained, but in reality I rub their noses in lots of criminological principles that show how you examine things”, he recently said in an interview. Chemistry, biology, physics might not be popular with the Germans. But this doesn't apply to his field of expertise: “This Sherlock-Holmes-like use of natural science is just sexy.”

Considering how often the 42-year-old is present in the media, this must be true. However, it might add to the excitement of the journalists that the “Maggot-Doc” has more to offer than the currently extremely popular forensic science. The entire person Mark Benecke presents itself as a bunch of unusual preferences, boundless energy and wit. Even his looks arouse interest, as he himself admits. This includes his clearly visible preference for tattoos and gothic clothing. He shares his liking for the dark music style Gothic with his wife Lydia.

As a confirmed vegetarian he puts his foot down against factory farming and says frankly that he hates violence and “dickheads that mentally destroy other people”. He talks about his efforts to get votes for the party “Die Partei” around top candidate Martin Sonneborn with as much tongue-in-cheek enthusiasm as he stands up for the case of the Donaldists. They want to proof with scientific meticulousness that real life happens in Duckburg. It is easy to identify with his favorite character Donald Duck and the other inhabitants of Duckburg, the forensic biologist thinks, whose job is quite far away from the colorful, entertaining comic world.

But unlike many other people in “normal” jobs he doesn’t run up against his everyday life: “I’m leading exactly the life that I want to lead. Fortunately, so far I’ve never done anything I didn’t feel like doing.”

Thus, the workoholic doesn’t need holidays for balance nor seeks to escape reality by watching TV in the evening. He claims to never have possessed a TV anyway. At least, he has watched two episodes of CSI once and has shaken his head about the crime scene investigators on TV who happily investigate – unlike their real life counterparts. Not least their fancy appearance in sewing cotton and leather is way beyond reality: People who really work at a crime scene, prefer polyester or other easily washable materials because of the smell, explains Benecke.

For a public person with so many rough edges Cologne is a great place to live, thinks Benecke – the city with its “fatalistic tolerance”, the “crazy Colognians” and “ the most beautiful building on earth: the “gothic” Cologne Cathedral. He doesn’t mean it as criticism when he calls the city “dirty, corrupt, shy of authority, gossipy, boozy, opportunistic and completely crazy”. His conclusion on Cologne: “Even if I work in Medellin, Manhattan or Mannheim, too, I only feel real and human in Cologne. I am a Colognian from the bottom of my heart.“

Ben Williams is a Senior Security Consultant for NCC Group in the UK – where his time is split between Penetration Testing and Research. He has escalated vulnerabilities in software products and appliances to a wide range of vendors, including exploitable flaws in security products from various well-known companies including: Citrix, Cisco, McAfee, Symantec, Sophos, Trend Micro, and Barracuda Networks. Ben has presented his research previously at several conferences (especially on the subject of “Hacking Security Appliances”).

Chris John Riley is a senior penetration tester and part-time security researcher working for Raiffeisen Informatik Security Competence Center. With over 15 years experience in various aspects of Information Technology, Chris now focuses full time on Information Security.
Chris is one of the founders of the PTES (Penetration Testing Execution Standard), regular conference attendee and avid blogger (blog.c22.cc), as well as being a regular contributor to the open-source Metasploit project and generally getting in trouble in some way or another. When not working to break one technology or another, Chris enjoys long walks in the woods, candle light dinners and talking far too much on the Eurotrash Security podcast.

After his training as an industrial electronics technician he acquired the title "state certified engineer" in the field of electrical engineering with a focus on information technology.

From 2005 till 2012 he worked as a software development engineer for database driven web applications and other web technologies. Even then, security aspects played a vital role in his work. He acquired profound knowledge in various programming languages (PHP, ASP.NET, C#). Moreover, a large part of his job consisted of the source code analysis of web applications.

He has been a consultant at cirosec since 2011. Here, he has further improved his skills in the fields of security assessments and penetration tests of web applications during numerous projects and has conducted source code analyses.

Moreover, he develops secure coding guidelines for web applications.

Juan is the CTO of Onapsis, leading the Research & Development teams that keep the Company in the cutting-edge of the ERP security industry. Juan is responsible for the design, research and development of the innovative Onapsis' software solutions Onapsis X1 and Onapsis IPS, as well as the future Company's products.

Being the founder of the Onapsis Research Labs, Juan is actively involved in the coordination and research of critical security vulnerabilities in ERP systems and business-critical applications, such as SAP, Oracle and JD Edwards. He is also credited for being the first to present on advanced threats to Oracle JD Edwards applications, having discovered numerous critical vulnerabilities in this platform.

As a result of his innovative research work, Juan has been invited to lecture trainings and presentations in some of the most renowned security conferences of the world, such as BlackHat, OWASP, DespSec and HackInTheBox, as well as to host private trainings for Global Fortune-100 organizations.

Tim Pierson is one of the World’s leading trainers in technology, networks, virtualization and, applications and application security with credentials including ongoing selection to author training courses and manuals for global corporations. Tim Pierson is known for his comedic style when he speaks and always leaves the crowd entertained.  In addition to teaching, which he will admit is his first love; he conducts high-level security evaluations and delivers seminars and keynotes before professional conventions.  He is endowed with exceptional skills in communicating highly technical information to sophisticated and non-sophisticated clientele.

Tim has been a technical trainer and pen tester for the past 27 years and is an industry leader in both Security and Virtualization.

In addition he has been the noted speaker at many industry events and has given keynotes at Hungarian Hacking Conference which can be found on InfoWorld TV, at Westcon’s Knowledge Event (One of Europe’s largest Security Providers) and at the Nigerian Digital Agenda Breakfast. Tim was recently asked to keynote the commencement of the Nigerian graduates held in a football stadium with over 10,000 eager young minds looking for guidance and was the moderator for the Cloud Security Panel at Hacker Halted 2012 which included 20 of the very top cloud industry leaders and personnel.

He is Ec-Council Instructor of the Year 2009, was in the Circle of Excellence 2010 and is Ec-Council Master Trainer (1 of 10 in the world).

Lieutenant-Colonel Volker Kozok works in the German Federal Ministry of Defence as an official for the Commissioner for Data Protection in the German Armed Forces. For many years he held various positions as an IT Security Officer and oversaw the 11-month training of the Computer Emergency Response Team of the German Armed Forces as a training manager in 2001.

As an IT Forensic Investigator and Security Analyst he focuses on reviewing and evaluating complex IT systems, on network analysis and on auditing.

Based on his work for national and international teams on cyber security and his close ties to U.S. authorities, he dealt extensively with the issues of cyber security and cyber crime, focusing on risk management and analysis of network-based attacks.

In addition to his work, he is a frequent speaker at specialist conferences and conducts awareness training courses in the German Armed Forces and external organizations.

Arron "finux" Finnon has been involved in security research for a over 7 years. Arron has discussed a wide range of security related topics at a number of Security/Hacking conferences in both the UK and internationally, as well as producing over 100 security related podcasts. Interviewing countless security professionals as part of the Finux Tech Weekly podcast show.

During Arron’s time at The University of Abertay Dundee he was also awarded the SICSA Student Open Source Award for his Advocacy of Free and Open Source software for his work whilst president of The UAD Linux Society.

Arron now spends his time between consulting as well as research for Alba13 Research Labs, a company which he founded.

Marcus J. Ranum, CSO of Tenable Network Security, Inc., is a world-renowned expert on security system design and implementation. He has been involved in every level of operations of a security product business, from developer, to founder and CEO. In SC Magazine's 20th Anniversary Edition, Mr. Ranum was named as one of the top industry pioneers over the last 20 years. He is an ISSA Fellow and holds an ISSA Lifetime Achievement Award.

Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analysing large volumes of data. Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid and cloud computing systems. Artem holds a PhD from State Engineering University of Armenia. Artem presented at Hack In the Box, EDSC, and SecTor security conferences, as well as at numerous other international scientific conferences and workshops.

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service. Sergey presented research at security conferences around the world, covering various information security topics.  Sergey holds both Masters and BS Degrees in Computer Engineering from the State Engineering University of Armenia.

Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed countless SAP security audits and received credit for more than 50 0-days reported to SAP.

As CTO, he leads the CodeProfiler Research Labs at Virtual Forge, a team focusing on SAP/ABAP specific vulnerabilities and security solutions.

Andreas has trained large companies and defense organizations on ABAP security and has spoken at multiple SAP-specific conferences (like SAP TechEd) as well as at security conferences such as Troopers, BlackHat, HITB, IT Defense and RSA.  He is co-author of the first book on ABAP security (SAP Press 2009) and wrote the security chapter of the ABAP Best Practices Guideline for the DSAG, the German SAP User Group (2013). He is also member of BIZEC.org, the Business Security Community.

In 2006 Michael took his 10 years of private sector experience in network security to the Federal Bureau of Investigation (FBI) as a Special Agent. During his time with the FBI, Michael has investigated numerous violations with a focus on cyber intrusions. He is a veteran member of the FBI’s cyber fly team for high profile cyber investigations and works regularly with state and local agencies supporting their cases. Since 2011, Mr. McAndrews has focused on crimes involving cyber hacktivists, including those affiliated with Anonymous and Lulzsec. Mr. McAndrews often speaks to large groups about the threats most often encountered in FBI cyber investigations.

Stefan Krebs has been central division manager for information security and risk management at Finanz Informatik since 2008. Before that he focussed on similar tasks at the predecessor companies Finanz IT and the LBBW. The experienced security expert has extensive management knowledge in the IT and financial sector. In addition to his role in security and risk management he was responsible in „dual role“ for the „internal IT“ and the organisation of the financial IT for several years.

His trademark is the chameleon. And there's a reason for this: Dr. jur. Wolfgang Hackenberg has his own law firm and is a member of the board of the Steinbeis Transfer Center Project Planning and Contract Management. His many years of experience as CIO, managing director, member of the supervisory board and counsellor for numerous companies makes him a nationwide sought-for legal and management consultant with a panoramic vision of the business world. Entertaining and with professional expertise he talks about dry legal topics with eloquent rhetoric in a comprehensible, easy and amusing way.

For more than 10 years, Starbug has devoted his time on the security of biometric systems, recently on the fingerprint recognition feature on the new iPhone. He is currently working in the Security in Telecommunications workgroup of T-Labs where he is doing research on new attack methods used against security ICs.

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.

Will Vandevanter is a Senior Security Researcher at Onapsis where he focuses on SAP and ERP security. He has discovered and helped SAP AG patch numerous critical vulnerabilities in SAP software and is a regular contributor to the Onapsis SAP Security In-Depth publication. Prior to Onapsis, Will was the Lead Penetration Tester at Rapid7. He has previously spoken at Defcon, BSides LV, SOURCE Barcelona, and a number of other conferences. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science with a focus in Secure Software Engineering from James Madison University.