Marcus J Ranum

Abstract: N/A

Bio:

Marcus J. Ranum, Chief Security Officer of Tenable Security, Inc.,
is a world-renowned expert on security system design and implementation.
Since the late 1980's, he has designed a number of groundbreaking
security products including the DEC SEAL, the TIS firewall toolkit,
the Gauntlet firewall, and NFR's Network Flight Recorder intrusion
detection system. He has been involved in every level of operations
of a security product business, from developer, to founder and CEO of
NFR. Marcus has served as a consultant to many FORTUNE 500 firms and
national governments, as well as serving as a guest lecturer and
instructor at numerous high-tech conferences. In 2001, he was awarded
the TISC "Clue" award for service to the security community, and also
holds the ISSA lifetime achievement award. In 2005 he was awarded
Security Professional of the Year by Techno Security Conference.

Tim Rosenberg

Cyber Exercise:

Abstract:

Abstract for my Talk: A Week with HFC - In August, 2009; Tim Rosenberg and Dwight Hobbs packed up 48 laptops and carted them from Lancaster, PA to Jinja, Unganda. These laptops and the following week in Africa were all in support of Hackers for Charity.  Come learn about HFC and find out how you can be involved.

Bio:

An information security specialist with a strong legal background, Tim is presently responsible for developing and delivering high impact Information Security courses and cyber exercises tailored for his clients.

As President, and CEO, of White Wolf Security Tim leads the company in its development of advanced cyber exercises. These exercises consist of real-time computer network attack and defend scenarios. In 2008, White Wolf Security was the first to integrate VoIP and SCADA into its exercises.  White Wolf Security has conducted these exercises in the US and Asia for an ever growing number of people.

Tim has presented material at a variety of international conferences including: RSA 2002, 2003, and 2005, InfowarCon, the American Bar Association's Annual Conference, NW3C Economic Crime Summit, the FBI National Academy at Quantico, Air Force's Information Warfare Conference and several Electronic Crime Task Forces. Tim has also been a guest lecturer at the U.S. Military Academy at West Point, the Army War College Center for Strategic Leadership, and the Villanova University School of Law. Tim has been an Associate Research Professor at the George Washington University where he taught Information Warfare and Computer Security courses as well as being an Adjunct for Georgetown University's Security Studies Program.

Tim and White Wolf Security's futures research includes presenting material and exercises to the Proteus Management Group(US), Proteus Canada, the Navy's Strategic Studies Group and the Cyber Conflict Studies Association.

Mr. Dale Beauchamp

Branch Chief Digital Forensics

Transportation security Administration (TSA)

Abstract: 

“The first 120” This topic references the use of live forensics during an incident response to investigate any given incident from report to network defense in 2 hours or less. Similar to solving murder cases in the first 48 hours it is crucial to investigate incidents to closure quickly and completely.  This technique answers both the pressure from management and the need to accurately eject attackers from the enterprise.  Use of this rapid response technique has been a proven effective method in limiting the time attackers have to dig in and change their tactics to avoid detection.  The tools and processes to meet this task will be discussed to include a real world case example.

Bio: 

Dale Beauchamp currently serves as Branch chief of Digital Forensics for the Office of Information Security for TSA. Dale previously served as Senior Forensics and Intrusions Instructor for the Defense Cyber Training Academy.  As an instructor for DCITA he developed and delivered courses for federal state and local law agencies engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper.  As a Trooper he was assigned to the Computer Crime section.  Where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and administrative investigations.  Additionally he has served as the Senior Forensics Analyst for the Transportation Security Administration’s, Incident response and Forensics team. While on the TSA incident response team he performed detailed forensics analysis and provided support for a variety of administrative and criminal investigations.   Dale has a Bachelors of Science degree from the University of Baltimore in Business Administration.

Michael Rash

Abstract of Talk:

Title:  Advances in Single Packet Authorization with fwknop  

Single Packet Authorization (SPA) solves many of the inherent problems in Port Knocking implementations, but adoption of both port knocking and SPA has been slow in the security community.  This talk will try to bridge the gap and present the latest research into providing a robust and easily deployed SPA layer for various network services.  Interoperability between Windows, BSD, and Linux systems will be highlighted, and the new libfko C implementation that provides SPA communications via a library that can be used within third party applications will be discussed.  Finally, advanced fwknop functionality such as anti-fingerprinting measures and the creation of inbound NAT rules will be demonstrated, and a live example of using SPA to create ghost services to bypass strict network access control layers will be shown.

Bio:

Michael Rash holds a Master's Degree in applied mathematics with a concentration in computer security from the University of Maryland, and is author of the book "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort" published by No Starch Press.  Michael works professionally as Senior Security Architect for G2, Inc., and previously worked as a developer for the Dragon Intrusion Detection and Prevention system from Enterasys networks.  He is a frequent speaker at computer security conferences, and is the founder of cipherdyne.org, an organization dedicated to open source security technologies.  In his free time, Michael leads the development of the psad, fwsnort, and fwknop security projects.

Richard Bejtlich

Abstract:

Richard Bejtlich will discuss his thoughts on the latest trends in
incident detection and response.  Are we winning?  Are we losing?  Can
we even know the answer?  Does it matter?  Where should we focus our
effort?  Drawing upon his experience in military networks, corporate
networks, and everything in between, Richard will try to make sense of
the incident detection and response world of late 2009, with a look
towards 2010.

Bio:

Richard Bejtlich is Director of Incident Response for General Electric, and serves as Principal Technologist for GE's Global Infrastructure Services  division.  Prior to GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation.  Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency  Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).  Richard is a graduate of Harvard University and the United States Air Force Academy.  He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics."  He also writes for his blog (taosecurity.blogspot.com) and TechTarget.com, and teaches for Black Hat.

Richard Goldberg

Abstract: "Legal and Privacy Issues in Cloud Computing":

As Cloud Computing has become more commonplace, and companies search for seemingly simple, low-cost alternatives to storing, protecting, and providing access to their most sensitive information, the legal and privacy concerns have largely been ignored.  This talk will address the following questions, among others:  What legal risks are created when your data is located "elsewhere" -- and you don't know more than that?  Can you outsource your data storage and access consistent with your company's privacy policy?  Can using Cloud Computing cause you to violate data-privacy laws?  Can you do everything right and still create unreasonable risks to your company?  Who will be responsible if -- or, more likely, when -- something goes wrong?  What precautions can you take to solve these problems?  And will that be enough?

Bio:

Richard Goldberg is a software architect turned attorney who represents small- to medium-sized companies, many of them specializing in software and information security. Prior to joining the legal profession, Mr. Goldberg worked at several Internet start-ups and large commercial and government consultancies designing and implementing enterprise-level systems for Fortune 500 companies, government agencies, and the U.S. military. His legal practice ranges from general corporate work, including spin-offs, large asset sales and purchases, and privacy and information security issues, to litigation, including vendor, client, and shareholder disputes, as well as government investigations.  Mr. Goldberg has represented a wide variety of individuals and corporations, including large and small software companies, small computer security consultancies, federal government appointees and civil service employees, corporate officers, engineering companies, and non-profit entities.  Mr. Goldberg is a graduate of Duke University Law School, where he co-founded the Duke Journal of Constitutional Law & Public Policy.

Abstract:

Compliance, you either love it or you hate it, depending on if you fall
into the technical security camp or the policy and procedures camp.
This presentation gives you a point of view to at least appreciate the
compliance staff and how to get them working with you instead of against
you.

Bio:

Michael Smith is a Manager in the Audit and Enterprise Risk Services
organization of Deloitte & Touche LLP, where he leads engagements to
provide security services to both commercial enterprises and government
agencies. Currently he's engaged as an Information Systems Security
Officer working with embedded devices and associated command systems.

Prior to Joining Deloitte, Michael served as the Chief Information
Security Officer with the Unisys Federal Service Delivery Center based
in Reston, Virginia. His scope of responsibility included both providing
governance and managing risk for several data centers, Security
Operations Center, Network Operations Center, and Server Management
Team.

Michael graduated from the prestigious Defense Language Institute in
Monterey, CA with a Department of Defense advanced linguistic
certification in Russian and spent several years on active duty in the
US army as a translator and specialist in information security.

You can find more of Michael's random rantings on his blog at
http://www.guerilla-ciso.com/

Matt Watchinski

Bio:

Matt Watchinski joined Sourcefire in 2002 as the Director of

Vulnerability Research. He is primarily responsible for leading the
Sourcefire Vulnerability Research Team, a group of leading edge
intrusion detection and prevention experts working to discover, assess
and respond to the latest trends in hacking activity, intrusion attempts
and vulnerabilities. This team is also supported by the vast resources
of the open source Snort community, making it the largest group
dedicated to advances in network security industry.  Prior to joining
Sourcefire Matt held similar roles with Hiverworld (now nCircle) and
Farm9 (now Ambiron Trustwave).