Black Hat | Review Board

James Butler is a highly respected member of the information security community with fourteen years of experience in operating system security. He is a recognized leader in attack and detection techniques and has focused in recent years on memory analysis research.

Jamie is the Director of Research and Development at MANDIANT and formerly led its Endpoint Security Team on its enterprise product MANDIANT Intelligent Response®. Prior to joining MANDIANT, Jamie was the Chief Technology Officer of Komoku, Inc. and Director of Engineering at HBGary. His experience also includes Host Intrusion Detection Systems (HIDS) development at Enterasys Networks and over five years of experience at the National Security Agency.

Jamie is the co-author of the bestseller, Rootkits: Subverting the Windows Kernel. (Addison-Wesley, 2005). In addition, he has authored numerous articles for publication and is a frequent speaker at the foremost computer security conferences. He is the co-author and instructor of the popular security courses Advanced Memory Forensics in Incident Response, Advanced 2nd Generation Digital Weaponry, and Offensive Aspects of Rootkit Technology. Jamie's unique knowledge of Windows' internal structures resulted in the free, cutting edge memory analysis tool Memoryze, which he co-authored with Peter Silberman. Jamie holds a Master of Computer Science degree from the University of Maryland, Baltimore County. He also holds a Bachelor of Science degree in Computer Science and a Bachelor of Business Administration degree in Computer Information Systems from James Madison University.

Twitter: http://twitter.com/jamierbutler
Company Blog: http://blog.mandiant.com

Matt Devost is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cybersecurity issues.

Currently, Mr. Devost is President & CEO of FusionX, LLC, a cybersecurity consultancy that helps international corporations identify and manage dynamic threats in complex operational environments. Additionally, Mr. Devost has been an Adjunct Professor at Georgetown University since 2002 where he teaches a graduate course on Information Warfare and security, and is a Founding Director of the Cyberconflict Studies Association. Mr. Devost founded the Terrorism Research Center, Inc. (TRC) in 1996, where he served as President and CEO until November 2008. As founder and President, Mr. Devost oversaw all research, analysis, intelligence, assessment, and training programs. Previously, Mr. Devost held leadership positions at iSIGHT Partners, Technical Defense, Security Design International, iDEFENSE and SAIC. Mr. Devost has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.

Company site: http://www.fusionx.com
Personal site: http://www.devost.net

Mark Dowd is an expert in application security, specializing primarily in host and server based Operating Systems. His professional experience includes several years as a senior researcher at a fortune 500 company, where he uncovered a variety of major vulnerabilities in ubiquitous Internet software. He also worked as a Principal Security Architect for McAfee, where he was responsible for internal code audits, secure programming classes, and undertaking new security initiatives. Mark has also co-authored a book on the subject of application security named "The Art of Software Security Assessment," and has spoken at several industry-recognized conferences.

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 25+ years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He has been a speaker at conferences such as Black Hat, Defcon, CodeCon, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. In his spare time he is the Dean of Hacking for the Sk3wl of r00t, past champions of the Defcon Capture the Flag Competition.

Jeremiah Grossman is the Founder and Chief Technology Officer of WhiteHat Security, where he is responsible for Web security R&D and industry evangelism. Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, NY Times and many other mainstream media outlets. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on five continents at hundreds of events including BlackHat Briefings, RSA, SANS, and others. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!

Nathan Hamiel is a Principal Consultant for FishNet Security's Application Security Practice. He is also an Associate Professor of Software Engineering at the University of Advancing Technology. He spends most of his time focusing in the areas of application, Web 2.0, and enterprise security. Nathan has been a speaker at security events around the world including: Black Hat, DefCon, ShmooCon, ToorCon, SecTor, OWASP and many others. He is also a developer of several open source security projects including the pywebfuzz and RAFT.

Twitter: @nathanhamiel

Robert Hansen CISSP (CEO and Founder of SecTheory) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies.

Mr. Hansen wrote Detecting Malice authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES and OWASP Appsec Asia. Mr. Hansen is a member of Infragard, West Austin Rotary, WASC, IACSP, APWG, and contributed to the OWASP 2.0 guide.

Christofer Hoff is a senior director at Juniper Networks where he serves as chief security architect.

He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities.

Prior to Cisco, he was Unisys Corporation's chief security architect, served as Crossbeam Systems' chief security strategist, was the CISO and director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.

Hoff is interviewed regularly by the media and press, is a featured guest on numerous podcasts and has keynoted and presented at numerous high-profile conferences including: Black Hat, DefCon, Glue, GigaOm's Structure, MISTI, Secure360, Microsoft's Bluehat, RSA, Source, SecTor, FIRST, SANS and Troopers.

Hoff is a founding member and technical advisor to the Cloud Security Alliance, founder of the CloudAudit project and the HacKid conference and blogs at http://www.rationalsurvivability.com/blog. He serves on numerous advisory boards.

Hoff was a CISSP, CISA, CISM and NSA IAM but he spends the AMF's on coffee now, instead. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005. Hoff was a 2010, 2011 Microsoft MVP (Security) and a 2010 VMware vExpert.

Vincenzo Iozzo is a student at the Politecnico di Milano and an independent security researcher. In the past he has worked as a penetration tester and reverse engineer focusing on a variety of topics including vulnerability research, Mac OS X security and smartphones exploitation. He is a regular speaker at various information security conferences including Black Hat, CanSecWest and DeepSec. He is perhaps best known in the information security industry for co-writing the exploits for BlackBerryOS and iPhoneOS to win Pwn2own 2010 and Pwn2own 2011.

Twitter: @_snagg

Felix 'FX' Lindner runs Recurity Labs. FX has over 10 years experience in the computer industry, eight of them in consulting for large enterprise and telecommunication customers. He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planning, implementation, operation and testing using advanced methods in diverse technical environments. FX is well known in the computer security community and has presented his and Phenoelit's security research on Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.

Ping Look has over a decade of experience building, promoting and managing events in the IT space including two of the most iconic and massively influential IT security events: The Black Hat Briefings+Training and DEF CON. At Black Hat she managed the growth of brand from obscurity to profitability and grew the event from a three track, two day event to a six day, 11 track and training intense event that brought together the best and the most relevant (and occasionally the most obscure) speakers and content providers to Black Hat events in Asia, Europe, the Middle East and the US. During her tenure at Black Hat she was often referred to as the "The One You Don't Want to Piss Off (or you will die)".

Prior to entering the information security and events space, she worked in brand development and management in publishing, textiles and consumer products. She has extensive experience in design and marketing as well as product development.

Ping is currently engaged at Accuvant LABS working with one of the most technically proficient pentest and research teams in the world.

Jeff Moss has been a hacker for over twenty years. In 1992 Jeff founded DEF CON, the largest hacker community and gathering in the world. Five years later, he started Black Hat, a series of technical conferences featuring the latest security research. In 2009, Jeff was appointed to the DHS Homeland Security Advisory Council, a group of subject matter experts providing advice to the Secretary of DHS. In 2011 Jeff was named Vice President and Chief Security Officer at the Internet Corporation for the Assignment of Names and Numbers.

ICANN is a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers such as IP address allocations, AS and protocol numbers, and digitally signing and maintaining the root zone of the Internet.

Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and responsible application. As such, he is a popular keynote speaker at conferences and referenced in the Associated Press, CNN, New York Times, Reuters, Vanity Fair, and the Wall Street Journal. In 2011 Moss received the ICSA President's Award for Public Service and in 2012 he was named in Discovery Magazines "top 100 stories of 2012" as story #50.

Prior to ICANN Moss was the founder and CEO of Black Hat, where he remains as Conference Chair. He was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia. He has also worked for Ernst & Young, LLP in their Information System Security division. Moss graduated from Gonzaga University with a BA in Criminal Justice. He currently serves as a member of the U.S. Department of Homeland Security Advisory Council, and is a member of the Council on Foreign Relations.

Shawn Moyer manages the Research Consulting Practice for Accuvant Labs, working with some of the most-renowned security researchers in the world to perform private on-spec vulnerability research, software audits, and reverse engineering for a global customer base ranging from utilities and financials to telecommunications and software firms. Shawn has been involved professionally in information security for over 15 years, and unprofessionally for longer than he'd care to admit. After spending a number of years splitting most of his time between web-centric research and red-team penetration testing, Shawn's most recent work has been focused on Smart Grid and related technologies.

Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times. Shawn has been an eight-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.

Chris Rohlf is an independent security consultant and owner of Leaf Security Research where he specializes in vulnerability discovery and reverse engineering. Chris has ten years of experience in various security roles including developer, researcher and consultant. Prior to founding Leaf SR he was a Principal Security Consultant at Matasano Security in NYC and has previously worked as a Security Researcher for the US Department of Defense. Chris has discovered and published numerous security vulnerabilities affecting web browsers, operating systems and more. He has spoken at industry conferences including BlackHat and is the author of numerous open source security tools.

Adam Shostack helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He has been a leader at a number of successful information security and privacy startups, and is co-author of the widely acclaimed book, The New School of Information Security. Shostack is currently a principal program manager on the Microsoft Trustworthy Computing Usable Security team, where among other accomplishments, he shipped the Microsoft Security Development Lifecycle (SDL) Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL team.

Alex Sotirov is an independent security researcher with more than ten years of experience with vulnerability research, reverse engineering and advanced exploitation techniques. He is well-known for his work on exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the browser exploitation mitigations of Windows Vista and developing the Heap Feng Shui exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. Currently he is working as an independent security consultant in New York. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.

Alex Stamos is a co-founder and CTO of iSEC Partners. While helping to build iSEC into an industry leader, Alex has been focused on helping his clients address their most difficult security challenges. He has worked to secure mobile platforms, cloud computing infrastructures and other emerging technologies while pushing forward the industry's understanding of how to build trustworthy systems in these new computing paradigms. He is a frequent speaker at conferences such as BlackHat, FS-ISAC, the Critical Infrastructure Protection Congress, Infragard, CanSecWest and Interop. Before forming iSEC, Alex was a Managing Security Consultant at @stake and had operational security responsibility at Loudcloud. He received a BSEE from the University of California, Berkeley.

Robert J. Stratton III is a serial entrepreneur, technologist, and researcher specializing in multinational network security, commercial development of early-stage security technologies, technology policy, and innovation management.

Mr. Stratton is currently Chief Strategy & Security Officer at WiTopia, Inc., where he develops methods to protect privacy, security, and access to communications for Internet users around the world. Previously, he was Director of Government Research at Symantec Research Labs where he focused on security research, technology transfer and cybersecurity policy. Before joining Symantec, he was co-founder and Chief Technology Officer at StackSafe, a startup focused on self-healing software and automated software assurance. Mr. Stratton was the first Director of Technology Assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community. Mr. Stratton also co-founded and served as Chief Technologist at Security Design International, a services firm specializing in multinational and critical infrastructure network security. Before founding SDI, Mr. Stratton established the Security Posture Assessment™ practice at WheelGroup Corporation and the security organization at UUNET, one of the first tier 1 Internet service providers.

Yuji Ukai is the chief executive officer of Fourteenforty Research Institute, Inc, known as a technical opinion leader in Japanese security industry.

After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.

In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.

Alex Wheeler is a distinguished security researcher. Wheeler is an expert in software reverse engineering & code auditing. His skill is evidenced by world-wide industry recognition. Wheeler's public research received consecutive Pwnies awards for both "Best Server Side Bug" and "Best Client Side Bug". His work is often referenced by top tier media outlets. Alex's most notable public discoveries include default remote flaws in Microsoft's IP stack and systemic default remote flaws in every top tier security vendor's server and client security products (e.g., Symantec, McAfee, TrendMicro, Computer Associates, Microsoft, Cisco, F-Secure, Kaspersky, ClamAV, Novell, etc.).

Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an assistant professor with the Dipartimento di Elettronica e Informazione. His research focuses on intrusion detection, malware analysis, and systems security. Besides teaching “Computer Security” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 40 scientific papers and books. He is an associate editor for the “Journal in computer virology”. He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), the IEEE Computer Society (for which he is a member of the Board of Governors), and the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association), of which he is a senior member. He sits in the International Board of Directors of the same association. A long time op-ed writer for magazines (among which “Computer World”), Stefano is also a co-founder and chairman of Secure Network S.r.l., a leading Italian information security consulting firm.