Mr. Howard is responsible for the day-to-day intelligence gathering and distribution efforts at iDefense and is charged with developing strategic and tactical plans for the department.

He is an experienced computer security professional with proven success in the utilization of network intelligence for network defense. Prior to joining iDefense, Mr. Howard led the intelligence gathering activities at Counterpane Internet Security and ran Counterpane’s global network of Security Operations Centers (SOCs).

Mr. Howard served in the US Army for 23 years in various command and staff positions involving information technology and security and retired as a lieutenant colonel in 2004. He spent the last two years of his career as the US Army’s Computer Emergency Response Team Chief (ACERT) where he coordinated network defense, network intelligence and network attack operations for the Army’s global network. Mr. Howard holds an MS in Computer Science from the Naval Postgraduate School and an Engineering degree from the United States Military Academy, where he also taught computer science later in his military career.

As Internet technologies progress, it is not unlikely that these MOEs will become the successor interface to the Web browser for Internet commerce, social interaction or whatever new Internet use may emerge in the future. Indeed, these MOEs may combine into one “Metaverse.” This Metaverse could potentially provide new and unique opportunities in the areas of extremist group recruitment and penetration, covert operations planning, new tradecraft and require protecting virtual assets. This report discusses the current state of MOEs, predicts future trends for these environments during the next 15 years and suggests areas that the ILECs should consider investing their resources in today to be prepared for the future.

Rob Barnes is the Director, Security, Risk and Compliance Operations with Application Security, Inc. He plays an integral role in driving partnerships with accounting, auditing and consulting organizations to help them meet their database security and audit testing requirements while facing mounting regulatory pressure and global compliance initiatives.  He is responsible for the strategic training, sales and support for all partners and professional services providers.

Prior to joining Application Security, Inc., Rob served as an IT Auditor at Ernst & Young, LLP in the Technology and Security Risk Services practice in New York and Boston.  Rob’s experience in IT Audit and information management advisory services has given him insight into the compliance and security-related issues that impact global organizations.

Rob is a graduate of West Point and spent eight years as a US Army Finance Officer.  He served as a Company Commander and led a deployment to manage financial operations in Baghdad, Iraq during Operation Iraqi Freedom.

Cyber Warfare Awareness by CWFI (The Cyber Warfare Forum Initiative)

Prior to joining Neohapsis, Greg developed a lightweight security framework for mobile devices and implemented a secure boot and re-imaging infrastructure to enforce data integrity.
Topic: TBA

Road to FISMA Compliance

Mike Murray has spent more than a decade helping companies large and small to protect their information by understanding their vulnerability posture from the perspective of an attacker.  From his work in the late 90’s as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations.   Mike is currently in charge of penetration testing and training at Foreground Security, where he leads engagements to help corporate and government customers understand their security organization . He is also in charge of the reknowned curriculum of The Hacker Academy, where he trains security professionals on the newest methods of computer penetration testing and social engineering to help them better protect their organizations.

TBA

Gunter Ollmann serves as Vice President of Research at Damballa and is responsible for evolving threat research and development. Ollmann has over 20 years of experience within the information technology industry and is a known veteran in the security space. Prior to joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS) with the most recent being the Chief Security Strategist. In this role he was responsible for predicting the evolution of future threats and helping guide IBM’s overall security research and protection strategy, as well as being the key IBM spokesperson on evolving threats and mitigation techniques. He also held the role of Director of X-Force as well as the former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006). Prior to joining ISS, Ollmann was the professional services director of Next Generation Security Software (NGS), a vulnerability research and attack-based consulting firm. Ollmann has been a contributor to multiple leading international IT and security focused magazines and journals, and has authored, developed and delivered a number of highly technical courses on Web application security. He is a well-known industry speaker worldwide and is often invited to present at various international security conferences. Ollmann is also highly regarded in the press as an expert source on security threats and is a frequently quoted by the international media.

Factoring Criminal Malware in to Web Application Design

With C&C driven malware near ubiquitous and over one-third of home-PC’s infected with malware capable of hijacking live browsersessions, what attacks are _really_ possible? How can the criminals
controlling the malware make real money from a “secure” e-commerce site? How are Web application developers meant to detect, stop orprevent an attack by their own customers?

Brian Caswell is currently employed as a Principal Research Engineer within the Vulnerability Research Team at Sourcefire, where he is the primary author of the intrusion detection rulesets for Snort, an open source network intrusion prevention and detection system (IDS/IPS), and the de facto standard for IPS.  His credits include working on and contributing to several books on intrusion detection, a Honeynet Project alumni, and Metasploit contributor.  He is also a member of the Shmoo group, an international not-for-profit, non-milindustrial independent private think tank. Before Sourcefire,
Brian was the IDS team leader and all around “supergeek” for MITRE, a government sponsored think tank.

Topic:

With the increasing frequency and complexity of application-level attacks, combined with regulatory requirements for secure application development, todayís development organizations must focus on building security into the software development lifecycle. This talk will encompass techniques for writing secure multi-platform, multi-language code. It will address common mistakes in coding that arise from programmatic misconceptions. It will also bring to light easy-to-use paradigms that can be applied to all programming languages. Various methodologies will be explored for code auditing to provide a basis for security code auditing.