PROGRAM
 | Speakers – IT-DEFENSE 2015 |
Further information to the speakers will follow after release.
| Bill Cheswick | |
 | Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Cheswick has worked on (and against) operating system security for over 35 years. He has worked at Lehigh University and the Naval Air Development Center in system software and communications. At the American Newspaper Publishers Association/Research Institute he shared his first patent for a hardware-based spelling checker, a device clearly after its time. For several years he consulted at a variety of universities doing system management, software development, communications design and installation, PC evaluations, etc. Ches joined Bell Labs in December 1987, where he became postmaster and firewall administrator and designer. He did early work on packet backscatter, firewall and honeypot design. Early papers gave new meanings the words "proxy" and "jail". He is probably best known for "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored with Steve Bellovin, which help train the first generation of Internet security experts. In 1998, Ches started the Internet Mapping Project with Hal Burch. This work became to core technology of a Bell Labs spin-off, Lumeta Corporation. Ches has pinged a US nuclear attack submarine (distance, 66ms). He joined AT&T Shannon Lab in April 2007 and worked on security, visualization, and user interfaces. He was particularly innovative at Shannon, producing a number of product and patent ideas, including "slow movies", a new way to see movies, and some new authentication ideas. Ches is popular public speaker and has given keynote presentations in a couple dozen countries. Ches has a wide interest in science and medicine. In his spare time he reads technical journals, hacks his home, and develops exhibit software for science museums. He eats very plain food---boring by even American standards. |
| Fernando Gont | |
 | Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations. Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite. Gont is currently working as a security consultant and researcher for SI6 Networks (http://www.si6networks.com). Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work, Gont is active in several working groups of the Internet Engineering Task Force (IETF), and has published more than a dozen IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts. Besides developing new IPv6 attack and defense techniques, Gont has produced the SI6 Network's IPv6 Toolkit (<http://www.si6networks.com/tools/ipv6toolkit>) -- a portable and comprehensive security toolkit for the IPv6 protocol suite. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, HACK.LU 2011, DEEPSEC 2011, LACSEC 2012, Hackito Ergo Sum 2012, and Hack In Paris 2013. |
| Jeremiah Grossman | |
 | Jeremiah Grossman is the Founder and Interim Chief Executive Officer of WhiteHat Security, where he is responsible for Web security R&D and industry outreach. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements, and is a Brazilian Jiu-Jitsu Black Belt. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo! |
| Leo Martin | |
 | Leo Martin, born in 1976, studied criminology and worked for ten years for a major German intelligence agency. During this time he detected prominent criminal activities of organized crime. His special assignment was to recruit and manage informants. As an expert for subconscious patterns of thought and action he got strangers to trust him, to disclose confidential insider information and to collaborate on a long-term basis with the agency. With his TV series "Prosecuted! Tracking Down Perpetrators" he can be seen regularly in prime time at RTL. His two books "I Get You! Win Over People - A Former Agent Reveals the Best Strategies" and "I Can Read Your Mind! The Best Tricks of the Former Agent” quickly became SPIEGEL best sellers. |
| Rahul Kashyap | |
 | Rahul Kashyap is Chief Security Architect & Head of Bromium Labs, where he is responsible for product security, Research & Development and industry outreach. He has written several security research papers, blogs and articles that are widely quoted and referenced by media around the world. Rahul has been instrumental in building several security technologies such as Network IPS, Host IPS, Web Application Firewalls, Email Filtering Proxies, Whitelisting and Micro-virtualization. He is regarded to be a prolific inventor and has been awarded several patents for his innovations. He is an accomplished pen-tester and well versed with the evolving threat landscape. Rahul is a regular speaker at several top security conferences all over the globe. He was named 'Silicon Valley's 40 under 40' by Silicon Valley Business Journal. He holds a Masters in Software Systems. |
| Ross Anderson | |
 | I am Professor of Security Engineering at the Computer Laboratory at Cambridge University. Security Engineering is about building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves. The focus of my work in academia has been building security engineering into a discipline. Fifteen years ago, some tractable parts of it – cryptography, protocols and operating system security – had well-developed theory, but the experts mostly didn’t talk to each other. Other aspects, such as software security, were a practitioners’ art, while yet other aspects (such as hardware security) were a combination of snake-oil and black magic. Over the last fifteen years I’ve started strong research threads in neglected areas, ranging from hardware security to the uses of signal processing. I’ve also documented the evolution of a number of interesting new applications from ATMs to medical records, which have failure modes from which engineers can learn. In the past ten years I’ve developed security economics as an alternative framework for understanding the subject: very often systems fail not because of some technical mistake but because of misaligned incentives. For example, the people guarding a system are often not the people who suffer when it fails. This work is now spreading into the behavioural economics and psychology of security. I have written a book, ‘Security Engineering – A Guide to Building Dependable Distributed Systems’ which is now the standard reference. Along the way I’ve contributed to the design of a number of widely- deployed systems, from peer-to-peer systems through prepayment utility meters to the HomePlug standard for power-line communications. Security engineering will replace ‘information security’ or ‘computer security’ as a subject because of the spread of computation and communications. There are already more mobile phones connected to the Internet than computers. Within a few years we will see many of the world’s fridges, heart monitors, bus ticket dispensers, burglar alarms, and utility meters talking IP. Computing will be embedded invisibly everywhere; and many of the problems we’ve experienced with PCs are starting to turn up in other applications. Many insecure systems are built, and the resulting safety, privacy and crime prevention problems (both real and perceived) are a significant impediment to building the ‘electronic society’. The resulting policy issues – privacy, surveillance, forensics, DRM and competition policy – are steadily moving up the political agenda. I chair the Foundation for Information Policy Research, the UK’s premier information think-tank, and am on Cambridge University’s Board of Scrutiny. I also teach undergraduate software engineering, a service course in economics and law for computer science, two graduate courses in security, and a systems course for our Masters in Public Policy degree. |
| Volker Kozok | |
 | Lieutenant-Colonel Volker Kozok works in the German Federal Ministry of Defence as an official for the Commissioner for Data Protection in the German Armed Forces. For many years he held various positions as an IT Security Officer and oversaw the 11-month training of the Computer Emergency Response Team of the German Armed Forces as a training manager in 2001. As an IT Forensic Investigator and Security Analyst he focuses on reviewing and evaluating complex IT systems, on network analysis and on auditing. Based on his work for national and international teams on cyber security and his close ties to U.S. authorities, he dealt extensively with the issues of cyber security and cyber crime, focusing on risk management and analysis of network-based attacks. In addition to his work, he is a frequent speaker at specialist conferences and conducts awareness training courses in the German Armed Forces and external organizations. |
| Ron Gutierrez | |
 | Ron Gutierrez is a technical lead at Gotham Digital Science (GDS), where he specializes in application security code reviews, mobile application assessments, black box application testing and application design reviews. Ron is a frequent contributor to the GDS Security Blog (http://blog.gdssecurity.com). Ron is frequent speaker at security conferences such as Blackhat, AppSec USA, Shmoocon and also delivers custom security training for clients. Ron's current interests include development of secure containers on mobile devices, mobile application security, NodeJS security and Cryptography. Ron is a member of the SendSafely development team and helped in the design and development of their solution for securely sending large files to users. |
| Zach Lanier | |
 | Zach Lanier is a Senior Research Scientist with Accuvant Labs, specializing in various bits of network, mobile, and application security. Prior to joining Accuvant, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook." |
| Rüdiger Trojok | |
 | Rüdiger Trojok studied systems and synthetic biology at the Universities of Potsdam, Copenhagen (DTU) and Freiburg. He works for the Technology Assessment Bureau of the German Parliament and the University of Karlsruhe (ITAS). His research explores new ways of using life science discoveries for social purposes and of communicating a molecular understanding of the relationships between nature and civilization to interested citizens. He is currently establishing a citizen science biolab in Berlin, and is supporting open-source biotechnology projects related to public life, politics and the arts. |
| Bruce Schneier | |
 | Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including Liars and Outliers: Enabling the Trust Society Needs to Survive -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Co3 Systems, Inc. |
| Adam Laurie | |
 | Adam "Major Malfunction" Laurie is a security consultant working in the field of electronic communications, and a Director of Aperture Labs Ltd., who specialize in reverse engineering of secure systems. He started in the computer industry in the late Seventies, and quickly became interested in the underlying network and data protocols. During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world's first CD ripper, 'CDGRAB'. He was also involved various early open source projects, including 'Apache-SSL' which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software. You can find further information at aperturelabs.com |
| Starbug | |
| Starbug studied microsystems technology and computer engineering in Berlin. Since receiving his degree in engineering, he has worked at different Fraunhofer Society institutes, for security companies and as a freelance consultant. He is currently involved in the Security in Telecommunications (SECT) working group, a cooperation between Telekom Innovation Laboratories and the TU-Berlin. Starbug has been dealing with overcoming biometric systems for more than 15 years now, recently demonstrated when hacking the iPhone fingerprint sensor. He also inspects the security of microchips, e.g. the access system based on MIFARE Classic or the LEGIC prime chip installed in the immobilizer. | |
| Jayson E. Street | |
 | Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. |
| Felix 'FX' Lindner | |
 | Felix 'FX' Lindner is the founder and technical and research lead of Recurity Labs GmbH, a high-end security consulting and research team specializing in the design of secure systems and protocols. He is a well-known expert in the computer security industry and has been presenting the results of his research at conferences around the world for more than ten years now. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional. He is highly specialized in digital attacking technologies; he has, however, recently changed the field of his research to defense since the latter appears to be much less fun. |