Amann, Carsten

After his business information systems studies Carsten Amann started his career with a very large consulting company. He was assigned in managerial positions to software implementation projects for different clients. In 2007 he continued his career with a global supplier for technology and services. There he was initially responsible for the global IT security operations (virus protection, encryption, anti-spam etc.). After this assignment he took over the responsibility for the IT-Client topic (operating system, software distribution). Thereafter he took over the responsibility for services within a product area.

 

Alonso, Chema

Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politecnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including BlackHat Briefings, Defcon, ShmooCon, HackCON, Ekoparty and RootedCon. He is a frequent contributor on several technical magazines in Spain, where he is +involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors.

Twitter: @chemaalonso
Blog: www.elladodelmal.com

 

Block, Frank

Frank Block is a security consultant working for ERNW GmbH and penetration tester focusing web application pentests. One of his passions is the analysis of security mechanisms to find ways to circumvent those.

 

Branco, Rodrigo

Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America.

Editor’s note: Rodrigo is one of our veteran TROOPERS. Rodrigo’s highly technical talks are among the most demanding ones TROOPERS has to offer.

Twitter: @bsdaemon

 

Bratus, Sergey

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D. in Mathematics from Northeastern University and worked at BBN Technologies on natural language processing research before coming to Dartmouth.

Editor’s note: Sergey is a veteran TROOPER. He delights the TROOPERS audience with his unchallenged intellect and genius since day one.

Twitter: @sergeybratus

 

Cofta, Piotr

Dr Piotr Cofta is managing Security Transformation, having moved from his role as a Chief Researcher, Identity and Trust. Before that, he has been working for many years for Nokia and for Media Lab Europe, concentrating on the relationship between trust, risk, technology and society.

Dr Cofta is a contributor to several international standards; he publishes and speaks frequently. He is an author of several patents and publications, from areas such as trust management, identity and privacy, digital rights management and electronic commerce. He is a CISSP and a senior member of IEEE.

Website: piotr.cofta.net

 

Deutsch, Johnny

Johnny Deutsch is a manager in the Advisory Services practice of Ernst & Young LLP. Johnny leads the cyber warfare and crime section at Ernst & Young?s Hacktics Advanced Security Center (HASC) based in Tel Aviv, Israel. This cutting-edge security team is dedicated to conducting attack and penetration assessments for EY clients. In this role Johnny is in charge of developing new methodologies and performs cyber vulnerability assessments for HASC clients. Johnny has over 10 years of experience in the field of IT systems and security specializing in large scale VoIP systems and data networking. Prior to Johnny`s employment at HASC, he was a consultant at the Israeli Ministry of Defense and managed large scale projects in the field of IRM (Information Rights Management) and NAC (Network Access Control) systems. Prior to the MoD, Johnny was employed by an American sub contractor for the American Department of Defense and managed projects in the field of cellular communication and its integration of VoIP based PBXs. Prior to the DoD, Johnny served in the Israeli Defense Force and managed integration projects in the field of enterprise storage systems (Netapp) and enterprise WAN communications. Johnny is an active reserve duty officer in the Israeli army at the rank of Lieutenant.

 

Garrido, Juan

Juan Garrido “Silverhack” is a forensics professional who had been working as security consultant the last seven years. He is the writer of two books about Forensic Analysis in Windows Environments and actually works as security consultant in Informatica 64.

 

Graf, Rene

Rene Graf leads the “Mobile Security” team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.

 

Heiderich, Mario

Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany, focuses on HTML5, SVG security and believes XSS can be eradicated by using JavaScript. Maybe. Some day. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies for sweet sweet money and the simple minded fun in breaking things. Mario has spoken on a large variety of international conferences, co-authored two books, several academic papers and doesn’t see a problem in his some weeks old son having a netbook already. There you have it.

Twitter: @0x6d6172696f
Website (Warning: Your eyes could take some damage here.): mario.heideri.ch

 

Herzog, Pete

Pete Herzog is the Managing Director of the security research organization ISECOM and the creator of the OSSTMM.

Twitter: @peteherzog

 

Leithner, Manuel

Manuel was introduced to information security while graduating from a technical college and has done research in the areas of mobile security, cloud computing and compile-time obfuscation. He has appeared on national television, podcasts and possibly Chinese security blacklists. Furthermore, he has been known to use presentations with an average of 0.3 words per slide.

 

McGraw, Gary

Gary McGraw, Ph.D. is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient, Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).

Company Blog:  www.cigital.com/justiceleague

Silver Bullet Podcast Series:  www.cigital.com/silverbullet

Personal Website: www.cigital.com/~gem

 

Meer, Haroon

Haroon Meer is the founder of Thinkst, an applied research company with a deep focus on Information Security. Haroon has contributed to several books on Penetration Testing and Security and is a regular speaker at both academic and industry conferences around the world. He is also involved with ZACON, a security conference in South-Africa.

Twitter: @haroonmeer

Blog: blog.thinkst.com

 

Mende, Daniel

Twitter: @nikhil_mitt

Blog: labofapenetrationtester.blogspot.com

 

Neilson, Graeme

Graeme Neilson is NOT a quantum physicist or any other kind of physicist…not in this universe anyway…

Still, he does think it’s probable that he can help illuminate the subject of quantum computing for other non-physicists in IT. With over 14 years of experience in IT security Graeme currently works as a security researcher / consultant for Aura Information Security with specialisations in cryptography, reverse engineering and networking. Based out of New Zealand he is a regular speaker at international conferences including Blackhat, H2HC, CanSecWest, DayCon and TROOPERS.

 

Nuñez Di Croce, Mariano

Mariano Nunez Di Croce is the CEO at Onapsis. Mariano is a renowned researcher in the ERP & SAP Security field, being the first to present on real-world security attacks to SAP platforms. Since then, he has been invited to lecture in some of the most important security conferences in the world, such as BlackHat DC/USA/EU, RSA, SAP, HITB Dubai/EU, Troopers, Ekoparty, HackerHalted, DeepSec, Sec-T, Hack.lu and Seacure.it, as well as in Fortune-100 companies and military organizations.

Mariano has discovered 50+ vulnerabilities in SAP, Microsoft, Oracle and IBM applications. He leads the strategic development of Onapsis X1, has been the developer of the first open-source SAP & ERP Penetration Testing Frameworks and leads the “SAP Security In-Depth” publication. Mariano is also a founding member of BIZEC.org, the Business Security Community. Because of his research work, he has been interviewed and featured in mainstream media such as CNN, Reuters, IDG, New York Times, eWeek, PCWorld, Darkreading and others.

Twitter: @marianonunezdc

 

Ossmann, Michael

Michael Ossmann is a wireless security researcher who makes hardware for hackers. He founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

Previous work includes:

ShmooCon 2011: Project Ubertooth: Building a Better Bluetooth Adapter
ToorCon 2010: Real Men Carry Pink Pagers (with Travis Goodspeed)
ShmooCon 2010: Bluetooth Keyboards: Who Owns Your Keystrokes?
ShmooCon 2009: Building an All-Channel Bluetooth Monitor (with Dominic Spill)
Black Hat USA 2008: Software Radio and the Future of Wireless Security

Twitter: @michaelossmann

 

Patterson, Meredith L.

Meredith L. Patterson is a software engineer at Red Lambda. She developed the first language-theoretic defense against SQL injection in 2005 as a PhD student at the University of Iowa, and has continued expanding the technique ever since. She lives in Brussels, Belgium.

Twitter: @maradydd
Blog: maradydd.livejournal.com

 

Rey, Enno

Enno Rey is CEO of ERNW and your TROOPERS host. We’ll soon feature details on his person and his motivation to invest a lot of time and thoughts into this project in a blog post.

Blog: www.insinuator.net

 

Rogers, Edmond

Edmond Rogers is a Smart Grid Cyber Security Engineer at the University of Illinois Information Trust Institute. His research efforts focus on assessment of electric grid SCADA systems. Prior to his tenure at the university Edmond was a Security Analyst at a fortune 500 utility in the Midwest of the United States.

 

Sklyarov, Dmitry

Dmitry Sklyarov is a Security Researcher at Elcomsoft and a lecturer at Moscow State Technical University. He did a research on the security of eBooks and on the authentication of digital photos. Recent research projects involved mobile phone and smartphone forensics. Dmitry is also a co-developer of the Elcomsoft iOS Forensic Toolkit.

Twitter: @_dmit

 

Stocker, Thomas

Thomas Stocker works as Information Security Officer for the Holding of Allianz SE. He has initially established and continuously improved the business application security process since he took over the job six years ago. Prior to that he worked as an application developer and architect, so he knows his stuff from the ground up.

 

Thumann, Michael

Michael Thumann is the Chief Security Officer and the head of the ERNW’s application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and buffer overflows in web servers or VPN software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first German book on pentesting that has become a recommended reading at German universities.

In addition to his daily pentesting tasks he is a regular conference-speaker (incl. several Black Hat events, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and to reverse almost everything to understand the inner workings.

 

Wiegenstein, Andreas

Andreas Wiegenstein has been working as a professional SAP security consultant for 9 years. He performed countless SAP code audits and has been researching security defects specific to SAP / ABAP applications. He leads the CodeProfiler Research Labs at Virtual Forge, a team focusing on SAP/ABAP specific vulnerabilities and countermeasures. At the CodeProfiler Labs, he works on ABAP security guidelines, ABAP security trainings, an ABAP security scanner as well as white papers and publications. Andreas has trained large companies and defense organizations on ABAP security and has spoken at SAP TechEd on several occasions as well as at security conferences such as BlackHat, HITB, Troopers and RSA. He is co-author of the first book on ABAP security (SAP Press 2009). He is also a founding member of BIZEC.org, the Business Security community.