The following speakers have already confirmed their attendance at IT-Defense 2004:

Marcus Ranum – Chairman and world-renowned IT-security expert

Marcus J. Ranum, Senior Scientist at Trusecure Corporation, is a world-renowned expert on security system design and implementation. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and also holds the ISSA lifetime achievement award.


Brian Carrier

Brian Carrier is a digital forensics researcher and author of several forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser.  His research at CERIAS (Purdue University) involves digital forensic analysis tools and procedures.  Previously, he was a Research Scientist at @stake, where he led the @stake Response Team and Digital Forensic Labs.

Brian has taught forensics and incident response at SANS, FIRST, and the @stake Academy and has given talks at many conferences on his tools and computer forensics.  As a member of the Honeynet Project, he has presented at the FBI Academy and other U.S. military and intelligence agencies.  He is also a co-author of the 2nd edition of the Know Your Enemy book.

Fred Cohen

Fred Cohen is best known as the inventor of computer virus defense techniques, the principal investigator who’s team defined the information assurance problem as it relates to critical infrastructure protection today, and a seminal researcher in the use of deception for information protection. But his work on information protection extends far beyond these areas.

In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems, consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the prestigious international Information Technology Award for his work on integrity protection. In the 1990s, he developed protection testing and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, and early systems using deception for information protection. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers in the world.

Fred has authored almost 200 invited, refereed, and other scientific and management research articles, writes a monthly column for Network Security magazine on managing network security, and has written several widely read books on information protection. His series of "Infosec Baseline" studies have been widely used by the research community as stepping off points for further research, his "50 Ways" series is very popular among practitioners looking for issues to be addressed, and his most recent "Protection for Deception" series of papers is widely cited.

As a corporate consultant Fred has helped secure some of the world's largest companies in the fields of information technology, microelectronics, pharmaceuticals, manufacturing, telecommunications, and the financial and information industries. As a consultant to and researcher for the U.S. government he was the principal investigator on seminal studies in defensive information operations , he was the principal investigator on the national information security technical baseline series of reports, founded the College Cyber Defenders program at Sandia National Laboratories that ultimately led to the formation of the CyberCorps program, and led projects ranging from 'Resiliance' to 'The Invisible Router'. He has also worked in critical infrastructure protection, with law enforcement, and with the intelligence community to help improve their ability to deal with computer related crime and emerging threats to national security. He has worked on issues of digital forensics, including work for many large corporations and pro bono and state-funded work for indigent defendants, and in 2002, won the "Techno-Security Industry Professional of the Year" Award.

Fred has participated in and created numerous strategic scenario games. He devised and ran the first Internet-based strategic information warfare wargame and held several initial trial Internet-based games involving national defense and corporate personnel. In 1998, he introduced the Internet Game for information security policy development, training, and awareness in corporate, educational, and government environments, and followed this up with the Sexual Harassment Game which helps train employees on sexual harassment policies and processes. His recent introduction of several security games and simulations to the Internet are excellent examples of the work he has done in this area. He has also developed several strategic scenarios for government and private use.

Renaud Deraison

Founder and the primary author of the open-source Nessus vulnerability scanner project. He has worked for SolSoft, and founded his own computing security consulting company, "Nessus Consulting S.A.R.L." Nessus has won numerous awards, most notably, is the 2002 Network Computing 'Well Connected' award. Mr. Deraison also is an editorial board member of Common Vulnerabilities and Exposures Organization. He has presented at a variety of security conferences including Blackhat and CanSecWest. 

Prof. Dr. Gunter Dueck

Gunter Dueck, born 1951 studied mathematics and business administration, he took a degree in mathematics from the University of Bielefeld.He spent 10 years in research together with his “scientific father” Rudolf Ahlswede, with whom he won the Prize Paper Award from the IEEE Information Theory Society for a new theory of message identification.After taking his doctorate in 1981 he was a professor of mathematics at the University of Bielefeld. He joined the IBM Scientific Center in Heidelberg in 1987.There he founded a large workgroup involved in solving industrial optimization problems, and played a major role in setting up IBM Germany’s Data Warehouse Service Business.Gunter Dueck is an IBM Distinguished Engineer, winner of the Prize Paper Award given by the IEEE Information Theory Society, IEEE Fellow, and member of the IBM Academy of Technology.Gunter Dueck works for IBM in the areas of technological alignment, as well as strategic issues and cultural change.

Dr. Burt Kaliski

Dr. Burt Kaliski is chief scientist and director of RSA Laboratories, the research center of RSA Security, where he works to transform promising technologies into competitive advantages for the company and its customers.

Burt joined RSA Data Security in 1989 when it was a startup, and in 1991 helped launch RSA Laboratories as an academic environment within RSA Data Security. (RSA Data Security was acquired by Security Dynamics in 1996; the merged companies were renamed RSA Security.) Since 1996 he has been director and chief scientist of RSA Laboratories, leading a group of applied researchers and standards developers that has produced a range of new concepts and technologies.

Burt has also been involved extensively in the development of cryptographic standards. During the early days of RSA Laboratories, he coordinated the development of the Public-Key Cryptography Standards (PKCS), working with major early adopters of public-key cryptography. From 1993-99, he served as chair of the IEEE P1363 working group, which developed a standard, IEEE Std 1363-2000, covering the three main families of public-key cryptography. Since 1999 he has been the editor of the IEEE P1363a amendment and he is currently the editor of ANSI X9.44, the emerging banking standard for key establishment based on the RSA cryptosystem. He is also an author of several Internet RFCs.

Burt’s research interests over the years have included public-key cryptography, efficient implementation of cryptographic algorithms, block cipher cryptanalysis, elliptic curve cryptography, user authentication, and privacy protection. He is an inventor on eight patents with several others pending.

Burt has served as general chair of CRYPTO ’91 and program chair of CRYPTO ’97 and CHES 2002. He has participated on program committees for several major conferences, and on the editorial board of ACM TISSEC. He is currently on the advisory board for the forthcoming Encyclopedia of Information Security to be published by Kluwer. He has been a frequent speaker at industry conferences and was an invited speaker at ASIACRYPT ’98, and has more than 20 conference and journal publications.

Burt was one of 11 winners of the 2003 New England Business and Technology Award.

Burt received his bachelor’s, master’s and Ph.D. degrees in computer science from MIT, where his research focused on cryptography. Prior to joining RSA Data Security, he was a visiting assistant professor of computer engineering at Rochester Institute of Technology. He is a member of the IEEE Computer Society and the International Association for Cryptologic Research.

Tobias Klein

After concluding his university studies, Tobias Klein joined cirosec GmbH in July 2002 as an IT-security consultant.

He is author of the book "Linux-Sicherheit – Security mit Open-Source-Software – Grundlagen und Praxis" (Linux Security – Security with Open Source Software – Fundamentals and Practice) published by dpunkt Verlag, and the book "Buffer Overflow und Format-String-Attacken-Problematik" (Buffer Overflow and Format String Attack Problems).


David Litchfield

David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software companies (the majority in Microsoft, Oracle).

David is also the original author for the entire suite of security assessment tools available from NGSSoftware. This includes the flagship vulnerability scanner Typhon III, the range of database auditing tools NGSSquirrel for SQL Server, NGSSquirrel for Oracle, OraScan and Domino Scan II.

In addition to his world leading vulnerability research and the continued development of cutting edge security assessment software, David has also written or co-authored on a number of security related titles including, "SQL Server Security", "Shellcoder's handbook" and "Special Ops: Host and Network Security for Microsoft, UNIX and Oracle"


Gregoire Ribordy - Fachmann im Bereich Quanten-Kryptographie

Gregoire Ribordy is the CEO and founder of id Quantique, a company based in Geneva, Switzerland. id Quantique was founded in 2001 and develops innovative cryptographic equipment exploiting quantum physics to enhance the security of communications. The company was the first to commercially offer quantum cryptography systems and quantum random number generators. Id Quantique closed its first round of financing in December 2003 and raised 1 mio Euros. Prior to founding id Quantique, Gregoire Ribordy obtained a PhD in quantum physics from the University of Geneva. Having lived in the United States and Japan, he has extensive international experience.

Dr. Eugene Schultz

Eugene Schultz, Ph.D., CISM, CISSP, is a Principal Engineer at Lawrence Berkeley National Laboratory of the University of California.

He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 100 published papers. Gene is the Editor-in-Chief of "Computers and Security" and is an associate editor of "Network Security" and "Information Security Bulletin". He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies.

He has been an adjunct professor of computer science at Purdue University, where he taught courses and participated in research in the CERIAS (Center for Education and Research in Information Assurance and Security) program.

He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the National Information Systems Security Conference Best Paper Award, and has been elected to the ISSA Hall of Fame.

While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC).

He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams.

Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Clifford Stoll

Involved with computer networks since their inception, Clifford Stoll is widely known -- both on-line and off -- as an astronomer, computer security expert and network maven.

Despite this, Stoll admits to being deeply ambivalent about computers, and is having second thoughts about the role of networks in our culture. Stoll’s newest book, High Tech Heretic: Why Computers Don’t Belong in the Classroom and Other Reflections by a Computer Contrarian, looks at how computers have encroached on our lives. As one who loves computers as much as he disdains the inflated promises made on their behalf, Stoll has become a P. J. O’Rourke of the computer age, focusing his droll wit and penetrating views on everything from why computers have to be so darned ‘ugly’ to the cultural aftershocks of living in a high-tech society. In his book, Silicon Snake Oil, he questions our infatuation with the Internet and the overselling of the information highway; he worries about the over promotion of computers in education and the negative impact on libraries.

Stoll became a computer security expert somewhat by accident. He was an astrophysicist turned systems manager at Lawrence Berkeley Lab when he discovered an accounting error that alerted him to the presence of an unauthorized user on his system. Stoll spent a year stalking an elusive, methodical hacker who was using numerous techniques -- from simply guessing passwords, to exploiting software bugs, to setting up bogus "Cuckoo’s Egg" programs -- to access unauthorized American computer files.

The trail led Stoll and a half-dozen national agencies through computer networks all over the world, ending up in Hanover, West Germany, where he discovered a hacker linked to a mysterious agent in Pittsburgh. The spy ring he single-handedly uncovered sold computer secrets to the KGB for cocaine and tens of thousands of dollars. It was finally broken in March 1989, when Stoll again found himself on the cover of The New York Times. Newspapers across the country followed suit, calling Stoll a genuine, if somewhat unlikely, American hero.

He related this story in his book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. With all the suspense of a classic spy novel, this amazing and unprecedented book is the first true story of international computer espionage. Told as only Stoll could describe the events, it is the first and only book to lead readers into, through and back out of the esoteric, shadowy world of computer espionage, which is without question the single most important security issue of the 1990s.

Since catching the 'Hanover Hacker,' Stoll has become a leading authority on computer security, delivering more lectures on the subject than he cares to admit. He has given talks for both the CIA and NSA and has appeared before the U.S. Senate.


Stefan was one of the founders of Centaur in 1995 where he built up the security department which was sold to Integralis in 1998.

He did consulting for many multinational industrial clients in IT Security and later moved to the European Strategic Development Team of Articon-Integralis where he was responsible for finding and evaluating new technologies.

He is the author of several books which have been translated in more than 5 languages. His book on Firewalls is now in the 3rd edition. He regularly speaks at security congresses and teaches IT-Security and Cryptography at University of Applied Sciences at Heilbronn.

He is now co-founder and managing director of cirosec.