Folgende Referenten haben bereits für die IT-DEFENSE 2005 fest zugesagt:

Marcus Ranum – Chairman und weltweit renommierter IT-Security Experte

Marcus J. Ranum, Senior Scientist at Trusecure Corporation, is a world-renowned expert on security system design and implementation. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and also holds the ISSA lifetime achievement award.


Brian Carrier

Brian Carrier is a digital forensics researcher and author of several forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser.  His research at CERIAS (Purdue University) involves digital forensic analysis tools and procedures.  Previously, he was a Research Scientist at @stake, where he led the @stake Response Team and Digital Forensic Labs.

Brian has taught forensics and incident response at SANS, FIRST, and the @stake Academy and has given talks at many conferences on his tools and computer forensics.  As a member of the Honeynet Project, he has presented at the FBI Academy and other U.S. military and intelligence agencies.  He is also a co-author of the 2nd edition of the Know Your Enemy book.

Fred Cohen

Fred Cohen is best known as the inventor of computer virus defense techniques, the principal investigator who’s team defined the information assurance problem as it relates to critical infrastructure protection today, and a seminal researcher in the use of deception for information protection. But his work on information protection extends far beyond these areas.

In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems, consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the prestigious international Information Technology Award for his work on integrity protection. In the 1990s, he developed protection testing and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, and early systems using deception for information protection. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers in the world.

Fred has authored almost 200 invited, refereed, and other scientific and management research articles, writes a monthly column for Network Security magazine on managing network security, and has written several widely read books on information protection. His series of "Infosec Baseline" studies have been widely used by the research community as stepping off points for further research, his "50 Ways" series is very popular among practitioners looking for issues to be addressed, and his most recent "Protection for Deception" series of papers is widely cited.

As a corporate consultant Fred has helped secure some of the world's largest companies in the fields of information technology, microelectronics, pharmaceuticals, manufacturing, telecommunications, and the financial and information industries. As a consultant to and researcher for the U.S. government he was the principal investigator on seminal studies in defensive information operations , he was the principal investigator on the national information security technical baseline series of reports, founded the College Cyber Defenders program at Sandia National Laboratories that ultimately led to the formation of the CyberCorps program, and led projects ranging from 'Resiliance' to 'The Invisible Router'. He has also worked in critical infrastructure protection, with law enforcement, and with the intelligence community to help improve their ability to deal with computer related crime and emerging threats to national security. He has worked on issues of digital forensics, including work for many large corporations and pro bono and state-funded work for indigent defendants, and in 2002, won the "Techno-Security Industry Professional of the Year" Award.

Fred has participated in and created numerous strategic scenario games. He devised and ran the first Internet-based strategic information warfare wargame and held several initial trial Internet-based games involving national defense and corporate personnel. In 1998, he introduced the Internet Game for information security policy development, training, and awareness in corporate, educational, and government environments, and followed this up with the Sexual Harassment Game which helps train employees on sexual harassment policies and processes. His recent introduction of several security games and simulations to the Internet are excellent examples of the work he has done in this area. He has also developed several strategic scenarios for government and private use.

Renaud Deraison

Founder and the primary author of the open-source Nessus vulnerability scanner project. He has worked for SolSoft, and founded his own computing security consulting company, "Nessus Consulting S.A.R.L." Nessus has won numerous awards, most notably, is the 2002 Network Computing 'Well Connected' award. Mr. Deraison also is an editorial board member of Common Vulnerabilities and Exposures Organization. He has presented at a variety of security conferences including Blackhat and CanSecWest. 

Prof. Dr. Gunter Dueck

Professor Dr. Gunter Dueck, Jahrgang 1951, lebt mit seiner Frau Monika und seinen Kindern Anne und Johannes in Waldhilsbach bei Heidelberg. Er studierte von 1971-75 Mathematik und Betriebswirtschaft, promovierte 1977 an der Universität Bielefeld in Mathematik. Er forschte 10 Jahre mit seinem wissenschaftlichen Vater Rudolf Ahlswede zusammen, mit dem er 1990 den Prize Paper Award der IEEE Information Theory Society für eine neue Theorie der Nachrichtenidentifikation gewann. Nach der Habilitation 1981 war er fünf Jahre Professor für Mathematik an der Universität Bielefeld und wechselte 1987 an das Wissenschaftliche Zentrum der IBM in Heidelberg. Dort gründete er eine große Arbeitsgruppe zur Lösung von industriellen Optimierungsproblemen und war maßgeblich am Aufbau des Data-Warehouse-Service-Geschäftes der IBM Deutschland beteiligt. Gunter Dueck ist einer der IBM Distinguished Engineers, IEEE Fellow, Mitglied der IBM Academy of Technology, Mitglied im Präsidium der GI und der DMV. Er arbeitet an der technologischen Ausrichtung der IBM mit, an Strategiefragen, an Cultural Change.

Dr. Burt Kaliski

Dr. Burt Kaliski is chief scientist and director of RSA Laboratories, the research center of RSA Security, where he works to transform promising technologies into competitive advantages for the company and its customers.

Burt joined RSA Data Security in 1989 when it was a startup, and in 1991 helped launch RSA Laboratories as an academic environment within RSA Data Security. (RSA Data Security was acquired by Security Dynamics in 1996; the merged companies were renamed RSA Security.) Since 1996 he has been director and chief scientist of RSA Laboratories, leading a group of applied researchers and standards developers that has produced a range of new concepts and technologies.

Burt has also been involved extensively in the development of cryptographic standards. During the early days of RSA Laboratories, he coordinated the development of the Public-Key Cryptography Standards (PKCS), working with major early adopters of public-key cryptography. From 1993-99, he served as chair of the IEEE P1363 working group, which developed a standard, IEEE Std 1363-2000, covering the three main families of public-key cryptography. Since 1999 he has been the editor of the IEEE P1363a amendment and he is currently the editor of ANSI X9.44, the emerging banking standard for key establishment based on the RSA cryptosystem. He is also an author of several Internet RFCs.

Burt’s research interests over the years have included public-key cryptography, efficient implementation of cryptographic algorithms, block cipher cryptanalysis, elliptic curve cryptography, user authentication, and privacy protection. He is an inventor on eight patents with several others pending.

Burt has served as general chair of CRYPTO ’91 and program chair of CRYPTO ’97 and CHES 2002. He has participated on program committees for several major conferences, and on the editorial board of ACM TISSEC. He is currently on the advisory board for the forthcoming Encyclopedia of Information Security to be published by Kluwer. He has been a frequent speaker at industry conferences and was an invited speaker at ASIACRYPT ’98, and has more than 20 conference and journal publications.

Burt was one of 11 winners of the 2003 New England Business and Technology Award.

Burt received his bachelor’s, master’s and Ph.D. degrees in computer science from MIT, where his research focused on cryptography. Prior to joining RSA Data Security, he was a visiting assistant professor of computer engineering at Rochester Institute of Technology. He is a member of the IEEE Computer Society and the International Association for Cryptologic Research.

Tobias Klein

Nach Abschluss seines Studiums arbeitet Tobias Klein seit Juli 2002 als IT-Sicherheitsberater bei der Firma cirosec GmbH.

Er ist Autor des 2001 beim dpunkt Verlag erschienenen Fachbuches „Linux-Sicherheit – Security mit Open-Source-Software – Grundlagen und Praxis“ und des Buches „Buffer-Overflow- und Format-String-Attacken-Problematik“.

David Litchfield

David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software companies (the majority in Microsoft, Oracle).

David is also the original author for the entire suite of security assessment tools available from NGSSoftware. This includes the flagship vulnerability scanner Typhon III, the range of database auditing tools NGSSquirrel for SQL Server, NGSSquirrel for Oracle, OraScan and Domino Scan II.

In addition to his world leading vulnerability research and the continued development of cutting edge security assessment software, David has also written or co-authored on a number of security related titles including, "SQL Server Security", "Shellcoder's handbook" and "Special Ops: Host and Network Security for Microsoft, UNIX and Oracle"


Gregoire Ribordy - Fachmann im Bereich Quanten-Kryptographie

Gregoire Ribordy is the CEO and founder of id Quantique, a company based in Geneva, Switzerland. id Quantique was founded in 2001 and develops innovative cryptographic equipment exploiting quantum physics to enhance the security of communications. The company was the first to commercially offer quantum cryptography systems and quantum random number generators. Id Quantique closed its first round of financing in December 2003 and raised 1 mio Euros. Prior to founding id Quantique, Gregoire Ribordy obtained a PhD in quantum physics from the University of Geneva. Having lived in the United States and Japan, he has extensive international experience.

Dr. Eugene Schultz

Eugene Schultz, Ph.D., CISM, CISSP, is a Principal Engineer at Lawrence Berkeley National Laboratory of the University of California.

He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 100 published papers. Gene is the Editor-in-Chief of "Computers and Security" and is an associate editor of "Network Security" and "Information Security Bulletin". He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies.

He has been an adjunct professor of computer science at Purdue University, where he taught courses and participated in research in the CERIAS (Center for Education and Research in Information Assurance and Security) program.

He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the National Information Systems Security Conference Best Paper Award, and has been elected to the ISSA Hall of Fame.

While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC).

He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams.

Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Clifford Stoll

Involved with computer networks since their inception, Clifford Stoll is widely known -- both on-line and off -- as an astronomer, computer security expert and network maven.

Despite this, Stoll admits to being deeply ambivalent about computers, and is having second thoughts about the role of networks in our culture. Stoll’s newest book, High Tech Heretic: Why Computers Don’t Belong in the Classroom and Other Reflections by a Computer Contrarian, looks at how computers have encroached on our lives. As one who loves computers as much as he disdains the inflated promises made on their behalf, Stoll has become a P. J. O’Rourke of the computer age, focusing his droll wit and penetrating views on everything from why computers have to be so darned ‘ugly’ to the cultural aftershocks of living in a high-tech society. In his book, Silicon Snake Oil, he questions our infatuation with the Internet and the overselling of the information highway; he worries about the over promotion of computers in education and the negative impact on libraries.

Stoll became a computer security expert somewhat by accident. He was an astrophysicist turned systems manager at Lawrence Berkeley Lab when he discovered an accounting error that alerted him to the presence of an unauthorized user on his system. Stoll spent a year stalking an elusive, methodical hacker who was using numerous techniques -- from simply guessing passwords, to exploiting software bugs, to setting up bogus "Cuckoo’s Egg" programs -- to access unauthorized American computer files.

The trail led Stoll and a half-dozen national agencies through computer networks all over the world, ending up in Hanover, West Germany, where he discovered a hacker linked to a mysterious agent in Pittsburgh. The spy ring he single-handedly uncovered sold computer secrets to the KGB for cocaine and tens of thousands of dollars. It was finally broken in March 1989, when Stoll again found himself on the cover of The New York Times. Newspapers across the country followed suit, calling Stoll a genuine, if somewhat unlikely, American hero.

He related this story in his book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. With all the suspense of a classic spy novel, this amazing and unprecedented book is the first true story of international computer espionage. Told as only Stoll could describe the events, it is the first and only book to lead readers into, through and back out of the esoteric, shadowy world of computer espionage, which is without question the single most important security issue of the 1990s.

Since catching the 'Hanover Hacker,' Stoll has become a leading authority on computer security, delivering more lectures on the subject than he cares to admit. He has given talks for both the CIA and NSA and has appeared before the U.S. Senate.


Stefan Strobel ist Geschäftsführer der Firma cirosec GmbH. Er verfügt über langjährige Erfahrungen in der Beratung großer Firmen mit sehr hohem Sicherheitsbedarf und in der Erstellung von Konzepten und Policies. Er war einer der Gründer der Centaur Communication GmbH in Heilbronn, die später in der IntegralisCentaur und der Articon-Integralis AG aufging.

Neben seiner Tätigkeit ist er Dozent an Berufsakademien und an der Fachhochschule Heilbronn, hält Vorträge auf Fachkongressen und ist Autor verschiedener Fachbücher, die in mehreren Sprachen erschienen sind.


nach oben