Speakers
Troopers08 will have some of the hottest and „leet“ speakers from all around the world.
Keynote Day 1: Bernstein, Dan US
Dan J. Bernstein is a full professor in the Department of Mathematics, Statistics, and Computer Science at the University of Illinois at Chicago. Professor Bernstein has received a U.S. National Science Foundation CAREER award, a Cyber Trust award, three more U.S. government grants, and a Sloan Research Fellowship for his research in computational number theory, cryptography, and computer security. He is the author of several dozen papers and two of the Internet's most popular server software packages, djbdns and qmail.
Keynote Day 2: Hoff, Christofer US
Christofer Hoff has over 15 years of experience in network and information security administration, engineering, and operations with his expertise focused on developing strategies for innovation in the area of information security, survivability, resilience and assurance with a focus on rational risk management.
Hoff is Unisys Corporation's chief architect of security innovation.
Hoff is a prolific blogger (rationalsecurity.typepad.com,) featured speaker at numerous information security conferences, holds several security credentials and is an accomplished and accredited instructor in multiple security disciplines.
Amato, Francisco AR
Francisco Amato is a security researcher & consultant specialized in vulnerability development, blackbox testing, reverse engineering. He is running his own company, [ISR] - Infobyte Security Research www.infobyte.com.ar, where many of it's developments in audit tools and vulnerabilities in several Novell , IBM products. He is one of the organizers of the ekoparty security conference. www.ekoparty.com.ar
Belenko, Andrey RU
Andrey Belenko specializes in design and analysis of real-world security systems, especially ones involving cryptography. On a regular basis, he is a speaker at Russian Cryptology Association’s conferences RusCrypto. In 2007 Andrey suggested to use GPUs for password recovery, he is also a co-developer of Thunder tables technology. Since 2003, Andrey works at Moscow-based company ElcomSoft as IT security analyst.
Branco, Rodrigo BRAZIL
Rodrigo Rubira Branco (BSDaemon) is a Software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC) Brazil also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is the maintainer of the StMichael/StJude projects (www.sf.net/projects/stjude), the developer of the CMorphism (www.kernelhacking.com/rodrigo) and has talks at the most important security-related events in Brazil (H2HC, SSI, CNASI). Rodrigo is also a member of the Rise Research (www.risesecurity.org).
Bratus, Sergey US
Sergey Bratus is a Senior Research Associate at the Institute for Security Technology Studies at Dartmouth College. His current research focus is on applications of data organization and other AI techniques to log and traffic analysis. His other interests include Linux kernel security (from kernel exploits, LKM rootkits and hardening patches to various security policy mechanisms) and wireless networking. Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.
Callas, Jon US
Jon Callas is the Chief Technical Officer and Chief Security Officer of PGP Corporation. He is an author of cryptographic standards including OpenPGP and DKIM, and a frequent author and commentator. Jon has worked for a number of companies including Counterpane Internet Security, Apple, DEC, and others.
Chiesa, Raoul IT
Raoul "Nobody" Chiesa
Nobody started his hacking & phreaking approaches back in 1986, belonging to the first era of worldwide computer hackers, and had real fun until 1995.
As founder and C.T.O. of @ Mediaservice.net, an italian vendor-independent, security consulting firm, Raoul Chiesa has been active in the field of computer security research at a high level since 1997, together with a team of experts and technicians who gave their contribution to national and international Security R&D projects.
Since 2003, Raoul Chiesa is the Southern Europe Referent for TSTF (Telecom Security Task Force), an international panel of consultants with high level skills on telcos present in four continents; in the same year Raoul Chiesa was elected in the ISECOM International Executive Board, following his role of Director of Communications for the Institute (2004). Raoul is also a founder and Board of Directors Member for CLUSIT (Italian Computer Security Association) and OWASP Italian Chapter, as well as consultant on cybercrime issues for the United Nations at UNICRI (www.unicri.it).
Cushman, Andrew US
As director of security response and outreach for the Microsoft® Security Response Center (MSRC), part of the Trustworthy Computing Group at Microsoft Corp., Andrew Cushman manages the teams responsible for the company’s monthly security updates and those focused on collaborating with researchers and companies to mitigate the effect of security vulnerabilities. Cushman and his teams lead emergency responses to security threats, define and enforce response policies, and monitor monthly update quality and timeliness. Cushman has expanded Microsoft’s outreach programs to cover security researchers as well as mainstream security organizations, companies and computer emergency response teams.
Cushman joined the MSRC in 2004 as a member of the Security Engineering Group executive leadership team that made security processes an integral part of Microsoft’s engineering culture. Since then he has been a driving force behind the company’s security researcher outreach strategy and execution efforts, formulating the Responsible Disclosure Initiative strategy and initiating the BlueHat security conference franchise. Today he is director of the MSRC and a key influencer of Microsoft’s Security Development Lifecycle.
Since joining Microsoft in January 1990, Cushman has held positions on the Microsoft International Product Group, the Microsoft Money team and the Internet Information Services (IIS) team. He led the IIS product team during the development of IIS 6.0 in Windows Server® 2003. IIS 6.0 was one of the first Microsoft products to fully adopt the security engineering processes that are today embodied in the SDL and remains a “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing.
Cushman earned a bachelor’s degree in international studies from the University of Washington and a master of international business degree from Seattle University. Away from work, he is an avid skier and spectator of dressage, a form of competitive horse training.
De Haas, Job NL
Job de Haas has a track record in the security industry of more than 15 years. For 7 years he led the pentesting company ITSX in Amsterdam. Now, as the Director Embedded Technology at Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. These evaluations include a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, PDAs, VoIP enabled devices and a range of modems (ADSL, Wireless). Applied techniques include side channel analysis, physical attacks and reverse engineering of applications and consumer electronics.
Fite, Bryan US
Angus Blitter: Angus is the founder of HackSecKlahn (www.hacksec.org) a group of like-minded technologists who believe diversity is good for the species and hackers are a national resource. Old school, grey hat and previously plump, Angus still likes to eat, drink and hack. He has a day job but he doesn´t like to talk about it.
Holz, Thorsten DE
Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general.
Kemp, Michael UK
Michael is an experienced UK based security consultant, with a specialism in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus, and is currently preparing his first book length technical manuscript. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for British Telecom and planning on touting his shoddy wares via a new start up, which keeps not starting up thanks to life getting in the way. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person.
Kornbrust, Alexander DE
Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, IT Underground and Syscan. Alexander has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander reported over 320 security bugs in different Oracle products.
Kozok, Volker DE
Lieutenant Colonel Volker Kozok is Assistant Branch Chief Technical Data Protection in the Ministry of Defense, Organizational Staff. He is a IT-Security Specialist and Security Analyst in the Bundeswehr. He has worked as a IT-Security Staff Officer in different organizations with the main focus on control and on-site-inspections of IT-Systems, Officies and Agencies. He is an authorized Expert for IT-Incidents & Computer Crime Cases. He was the Head of the first CERT-Bw-Training Course and an IT-Forensic-Expert.
Kroma, Pierre DE
Pierre Kroma is exclusively occupied with Pentesting, Webapplication-,WLAN-Hacking, IT- and Mobile Forensic. He is concentrated to discover and publish new vulnerabilities. In addition his colleagues and he analyse rooms and devices with the focus to discover bugging devices.
Morris, Andrew UK
Andrew Morris has over a decade of security experience and is current the Senior Technical Consultant for LogLogic EMEA, the market leader in Log Management and Intelligence. Focusing on being logging specialist, he has provided consultancy, architected, and implemented logging solutions to some of the largest enterprise customers, worldwide. Before joining LogLogic, Andrew owned his own security consultancy company providing security solutions for financial and telecoms companies in EMEA.
Rey, Enno DE
Roecher, Dror-John DE
Before joining Computacenter Dror worked as a Senior Security Consultant for ERNW assessing the security of networks and researching into different security-technologies. After fiddling around with Cisco gear for some years and presenting on different topics at several international security conferences he has moved on to develop a kind of holistic approach to information security. He still believes that it should be possible to `measure security` in some way and spends some of his time trying to understand how security can be `made measurable`.
Speichert, Horst DE
Horst Speichert is a specialized attorney in the field of IT Law, Data Protection and IT Security Law. He is assistant professor at Stuttgart University, the author of the juristic textbook "Praxis des IT-Rechts", second edition 2007, and lectures on Media Law and International Contract Law. His scope of activity involves the arrangement of software contracts and privacy agreements. He acts as data protection officer in several companies.
Strehle, Rolf DE
Rolf Strehle has a degree in Computer Science and over 16 years of experience as founder and manager of IT-Security companies. He is accredited auditor for ISO/IEC 27001 at BSI (Bundesamt für Sicherheit in der Informationstechnik) and consults customers in the areas of IT-Security and Data Protection as CEO of ditis, a security company in Ulm, Germany. Furthermore he is responsible for the worldwide IT-Security strategies as CSO of VOITH AG, an international manufacturing company with over 34,000 employees worldwide. In this position he was defining new security standards and implementing global defense technologies for the VOITH corporate network.
Thumann, Michael DE
Michael Thumann is Chief Security Officer and head of the ERNW "Research" and "Pen-Test" teams. He has published security advisories regarding topics like 'Cracking IKE Preshared Keys' and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. 'tomas—a Cisco Password Cracker', ikeprobe—IKE PSK Vulnerability Scanner' or 'dnsdigger—a dns information gathering tool') and his experience with the community. Besides numerous articles and papers he wrote the first (and only) german Pen-Test Book that has become a recommended reading at german universities. In addition to his daily pentesting tasks he is a regular conference-speaker and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels' main interest is to uncover vulnerabilities and security design flaws from the network to the application level.
Waissbein, Ariel
Ariel Waissbein joined Corelabs at Core Security Technologies in 1999. During 1999-2002 he worked on a new public-key cryptographic scheme, he discovered cryptographic attacks to popular software products such as SSH and MySQL and designed a cryptographic attack method against polynomial-based public-key schemes. In 2003-2004 he worked in digital rights management projects and developed a provably secure software protection method. Since 2004 he leads a research group which has been tasked with web-application and end-point security and penetration testing. This group has designed a security and privacy enforcement system for web applications called CORE GRASP (see http://grasp.coresecurity.com), a static analysis vulnerability detection scheme and has collaborated in a new web-application penetration testing platform.
Since 2005 he co-leads the Computer Security program in the Ph.D program at ITBA university where he still teaches.
Papers and presentations: see http://community.corest.com/~wata/ for a complete list.