Ranum – Chairman
und weltweit renommierter IT-Security Experte
Marcus J. Ranum, Senior Scientist at Trusecure Corporation,
is a world-renowned expert on security system design and
implementation. Since the late 1980's, he has designed a
number of groundbreaking security products including the
DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall,
and NFR's Network Flight Recorder intrusion detection system.
He has been involved in every level of operations of a security
product business, from developer, to founder and CEO of NFR.
Marcus has served as a consultant to many FORTUNE 500 firms
and national governments, as well as serving as a guest lecturer
and instructor at numerous high-tech conferences. In 2001,
he was awarded the TISC "Clue" award for service
to the security community, and also holds the ISSA lifetime
Brian Carrier is a digital forensics researcher and author
of several forensic analysis tools, including The Sleuth
Kit and the Autopsy Forensic Browser. His research
at CERIAS (Purdue University) involves digital forensic analysis
tools and procedures. Previously, he was a Research
Scientist at @stake, where he led the @stake Response Team
and Digital Forensic Labs.
Brian has taught forensics and incident response at SANS,
FIRST, and the @stake Academy and has given talks at many
conferences on his tools and computer forensics. As
a member of the Honeynet Project, he has presented at the
FBI Academy and other U.S. military and intelligence agencies. He
is also a co-author of the 2nd edition of the Know Your Enemy
Fred Cohen is best known as the inventor of computer virus
defense techniques, the principal investigator who’s
team defined the information assurance problem as it relates
to critical infrastructure protection today, and a seminal
researcher in the use of deception for information protection.
But his work on information protection extends far beyond
In the 1970s he designed network protocols for secure
digital networks carrying voice, video, and data; and he
helped develop and prototype the electronic cashwatch for
implementing personal digital money systems. In the 1980s,
he developed integrity mechanisms for secure operating
systems, consulted for many major corporations, taught
short courses in information protection to over 10,000
students worldwide, and in 1989, he won the prestigious
international Information Technology Award for
his work on integrity protection. In the 1990s, he developed
protection testing and audit techniques and systems, secure
Internet servers and systems, defensive information warfare
techniques and systems, and early systems using deception
for information protection. All told, the protection techniques
he pioneered now help to defend more than three quarters
of all the computers in the world.
Fred has authored almost 200 invited, refereed, and other
scientific and management research articles, writes a monthly
column for Network Security magazine on managing
network security, and has written several widely read books
on information protection. His series of "Infosec
Baseline" studies have been widely used by the research
community as stepping off points for further research,
his "50 Ways" series is very popular among practitioners
looking for issues to be addressed, and his most recent "Protection
for Deception" series of papers is widely cited.
As a corporate consultant Fred has helped secure some
of the world's largest companies in the fields of information
technology, microelectronics, pharmaceuticals, manufacturing,
telecommunications, and the financial and information industries.
As a consultant to and researcher for the U.S. government
he was the principal investigator on seminal studies in
defensive information operations , he was the principal
investigator on the national information security technical
baseline series of reports, founded the College Cyber Defenders
program at Sandia National Laboratories that ultimately
led to the formation of the CyberCorps program, and led
projects ranging from 'Resiliance' to 'The Invisible Router'.
He has also worked in critical infrastructure protection,
with law enforcement, and with the intelligence community
to help improve their ability to deal with computer related
crime and emerging threats to national security. He has
worked on issues of digital forensics, including work for
many large corporations and pro bono and state-funded work
for indigent defendants, and in 2002, won the "Techno-Security
Industry Professional of the Year" Award.
Fred has participated in and created numerous strategic
scenario games. He devised and ran the first Internet-based
strategic information warfare wargame and held several
initial trial Internet-based games involving national defense
and corporate personnel. In 1998, he introduced the Internet
Game for information security policy development,
training, and awareness in corporate, educational, and
government environments, and followed this up with the Sexual
Harassment Game which helps train employees on sexual
harassment policies and processes. His recent introduction
of several security games and simulations to the Internet
are excellent examples of the work he has done in this
area. He has also developed several strategic scenarios
for government and private use.
Founder and the primary author of
the open-source Nessus vulnerability scanner project. He
has worked for SolSoft, and founded his own computing security
consulting company, "Nessus Consulting S.A.R.L." Nessus
has won numerous awards, most notably, is the 2002 Network
Computing 'Well Connected' award. Mr. Deraison also is
an editorial board member of Common Vulnerabilities and
Exposures Organization. He has presented at a variety of
security conferences including Blackhat and CanSecWest.
Prof. Dr. Gunter Dueck
Professor Dr. Gunter Dueck, Jahrgang
1951, lebt mit seiner Frau Monika und seinen Kindern Anne
und Johannes in Waldhilsbach bei Heidelberg. Er studierte
von 1971-75 Mathematik und Betriebswirtschaft, promovierte
1977 an der Universität Bielefeld in Mathematik. Er
forschte 10 Jahre mit seinem wissenschaftlichen Vater Rudolf
Ahlswede zusammen, mit dem er 1990 den Prize Paper Award
der IEEE Information Theory Society für eine neue Theorie
der Nachrichtenidentifikation gewann. Nach der Habilitation
1981 war er fünf Jahre Professor für Mathematik
an der Universität Bielefeld und wechselte 1987 an das
Wissenschaftliche Zentrum der IBM in Heidelberg. Dort gründete
er eine große Arbeitsgruppe zur Lösung von industriellen
Optimierungsproblemen und war maßgeblich am Aufbau
des Data-Warehouse-Service-Geschäftes der IBM Deutschland
beteiligt. Gunter Dueck ist einer der IBM Distinguished Engineers,
IEEE Fellow, Mitglied der IBM Academy of Technology, Mitglied
im Präsidium der GI und der DMV. Er arbeitet an der
technologischen Ausrichtung der IBM mit, an Strategiefragen,
an Cultural Change.
Dr. Burt Kaliski is chief scientist
and director of RSA Laboratories, the research center of
RSA Security, where he works to transform promising technologies
into competitive advantages for the company and its customers.
Burt joined RSA Data Security in 1989 when it was a startup,
and in 1991 helped launch RSA Laboratories as an academic
environment within RSA Data Security. (RSA Data Security
was acquired by Security Dynamics in 1996; the merged companies
were renamed RSA Security.) Since 1996 he has been director
and chief scientist of RSA Laboratories, leading a group
of applied researchers and standards developers that has
produced a range of new concepts and technologies.
Burt has also been involved extensively in the development
of cryptographic standards. During the early days of RSA
Laboratories, he coordinated the development of the Public-Key
Cryptography Standards (PKCS), working with major early
adopters of public-key cryptography. From 1993-99, he served
as chair of the IEEE P1363 working group, which developed
a standard, IEEE Std 1363-2000, covering the three main families
of public-key cryptography. Since 1999 he has been the editor
of the IEEE P1363a amendment and he is currently the editor
of ANSI X9.44, the emerging banking standard for key establishment
based on the RSA cryptosystem. He is also an author of several
Burt’s research interests
over the years have included public-key cryptography, efficient
implementation of cryptographic algorithms, block cipher
cryptanalysis, elliptic curve cryptography, user authentication,
and privacy protection. He is an inventor on eight patents
with several others pending.
Burt has served as general chair
of CRYPTO ’91 and
program chair of CRYPTO ’97 and CHES 2002. He has participated
on program committees for several major conferences, and
on the editorial board of ACM TISSEC. He is currently on
the advisory board for the forthcoming Encyclopedia of Information
Security to be published by Kluwer. He has been a frequent
speaker at industry conferences and was an invited speaker
at ASIACRYPT ’98, and has more than 20 conference and
Burt was one of 11 winners of the 2003
New England Business and Technology Award.
Burt received his bachelor’s, master’s
and Ph.D. degrees in computer science from MIT, where his research
focused on cryptography. Prior to joining RSA Data Security,
he was a visiting assistant professor of computer engineering
at Rochester Institute of Technology. He is a member of the
IEEE Computer Society and the International Association for
Nach Abschluss seines Studiums arbeitet
Tobias Klein seit Juli 2002 als IT-Sicherheitsberater bei
der Firma cirosec GmbH.
Er ist Autor des 2001 beim dpunkt
Verlag erschienenen Fachbuches „Linux-Sicherheit – Security
mit Open-Source-Software – Grundlagen und Praxis“ und
des Buches „Buffer-Overflow- und Format-String-Attacken-Problematik“.
David Litchfield leads the world in the discovery and publication
of computer security vulnerabilities. This outstanding research
was recognised by Information Security Magazine who voted
him as 'The World's Best Bug Hunter' for 2003. To date, David
has found over 150 vulnerabilities in many of today's popular
products from the major software companies (the majority
in Microsoft, Oracle).
David is also the original author for the entire suite of
security assessment tools available from NGSSoftware. This
includes the flagship vulnerability scanner Typhon III, the
range of database auditing tools NGSSquirrel for SQL Server,
NGSSquirrel for Oracle, OraScan and Domino Scan II.
In addition to his world leading vulnerability research
and the continued development of cutting edge security assessment
software, David has also written or co-authored on a number
of security related titles including, "SQL Server Security", "Shellcoder's
handbook" and "Special Ops: Host and Network Security
for Microsoft, UNIX and Oracle"
Ribordy - Fachmann im Bereich Quanten-Kryptographie
Gregoire Ribordy is the CEO and founder of id Quantique,
a company based in Geneva, Switzerland. id Quantique was
founded in 2001 and develops innovative cryptographic equipment
exploiting quantum physics to enhance the security of communications.
The company was the first to commercially offer quantum cryptography
systems and quantum random number generators. Id Quantique
closed its first round of financing in December 2003 and
raised 1 mio Euros. Prior to founding id Quantique, Gregoire
Ribordy obtained a PhD in quantum physics from the University
of Geneva. Having lived in the United States and Japan, he
has extensive international experience.
Dr. Eugene Schultz
Eugene Schultz, Ph.D., CISM, CISSP, is a Principal Engineer
at Lawrence Berkeley National Laboratory of the University
He is the author/co-author of five
books, one on Unix security, another on Internet security,
a third on Windows NT/2000 security, a fourth on incident
response, and the latest on intrusion detection and prevention.
He has also written over 100 published papers. Gene is
the Editor-in-Chief of "Computers and Security" and is
an associate editor of "Network Security" and "Information
Security Bulletin". He is also a member of the editorial
board for the SANS NewsBites, a weekly information security-related
news update and is on the technical advisory board of three
He has been an adjunct professor of computer science at
Purdue University, where he taught courses and participated
in research in the CERIAS (Center for Education and Research
in Information Assurance and Security) program.
He has received the NASA Technical Excellence Award, the
Department of Energy Excellence Award, the Information
Systems Security Association (ISSA) Professional Achievement
and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best
Conference Contributor Award, the National Information
Systems Security Conference Best Paper Award, and has been
elected to the ISSA Hall of Fame.
While at Lawrence Livermore National Laboratory he founded
and managed of the U.S. Department of Energy's Computer
Incident Advisory Capability (CIAC).
He is also a co-founder of FIRST, the Forum of Incident
Response and Security Teams.
Dr. Schultz has provided expert testimony before committees
within the U.S. Senate and House of Representatives on
various security-related issues, and has served as an expert
witness in legal cases.
Involved with computer networks since their inception, Clifford
Stoll is widely known -- both on-line and off -- as an astronomer,
computer security expert and network maven.
Despite this, Stoll admits to
being deeply ambivalent about computers, and is having
second thoughts about the role of networks in our culture.
Stoll’s newest book, High
Tech Heretic: Why Computers Don’t Belong in the Classroom
and Other Reflections by a Computer Contrarian, looks
at how computers have encroached on our lives. As one who
loves computers as much as he disdains the inflated promises
made on their behalf, Stoll has become a P. J. O’Rourke
of the computer age, focusing his droll wit and penetrating
views on everything from why computers have to be so darned ‘ugly’ to
the cultural aftershocks of living in a high-tech society.
In his book, Silicon Snake Oil, he questions our
infatuation with the Internet and the overselling of the
information highway; he worries about the over promotion
of computers in education and the negative impact on libraries.
Stoll became a computer security
expert somewhat by accident. He was an astrophysicist turned
systems manager at Lawrence Berkeley Lab when he discovered
an accounting error that alerted him to the presence of
an unauthorized user on his system. Stoll spent a year
stalking an elusive, methodical hacker who was using numerous
techniques -- from simply guessing passwords, to exploiting
software bugs, to setting up bogus "Cuckoo’s
Egg" programs -- to access unauthorized American computer
The trail led Stoll and a half-dozen national agencies through
computer networks all over the world, ending up in Hanover,
West Germany, where he discovered a hacker linked to a mysterious
agent in Pittsburgh. The spy ring he single-handedly uncovered
sold computer secrets to the KGB for cocaine and tens of
thousands of dollars. It was finally broken in March 1989,
when Stoll again found himself on the cover of The New
York Times. Newspapers across the country followed suit,
calling Stoll a genuine, if somewhat unlikely, American hero.
He related this story in his book, The
Egg: Tracking a Spy Through the Maze of Computer Espionage. With
all the suspense of a classic spy novel, this amazing and
unprecedented book is the first true story of international
computer espionage. Told as only Stoll could describe the
events, it is the first and only book to lead readers into,
through and back out of the esoteric, shadowy world of
computer espionage, which is without question the single
most important security issue of the 1990s.
Since catching the 'Hanover Hacker,'
Stoll has become a leading authority on computer security,
delivering more lectures on the subject than he cares to admit.
He has given talks for both the CIA and NSA and has appeared
before the U.S. Senate.
Stefan Strobel ist Geschäftsführer
der Firma cirosec GmbH. Er verfügt über langjährige
Erfahrungen in der Beratung großer Firmen mit sehr hohem
Sicherheitsbedarf und in der Erstellung von Konzepten und
Policies. Er war einer der Gründer der Centaur Communication
GmbH in Heilbronn, die später in der IntegralisCentaur
und der Articon-Integralis AG aufging.
Neben seiner Tätigkeit ist er Dozent
an Berufsakademien und an der Fachhochschule Heilbronn, hält
Vorträge auf Fachkongressen und ist Autor verschiedener
Fachbücher, die in mehreren Sprachen erschienen sind.