Brian Gorenc is the Manager of Vulnerability Research in HP's Security Research organization where his primary responsibility is running the world's largest vendor-agnostic bug bounty program, the Zero Day Initiative (ZDI). He's analyzed and performed root cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Brian's current research centers on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Oracle, Novell, HP, open-source software, SCADA systems, and embedded devices. He has also presented at numerous security conferences such as Black Hat, DEF CON, and RSA. Prior to joining HP, Brian worked for Lockheed Martin on the F-35 Joint Strike Fighter program where he led the development effort of the Information Assurance (IA) products in the JSF's mission planning environment. He has in-depth knowledge of software vulnerabilities, exploitation techniques, reverse engineering, and secure coding practices. Brian has a MS in Software Engineering from Southern Methodist University and a BS in Computer Engineering from Texas A&M University. He also holds several certifications including ISC2's CISSP and CSSLP.
THINKING OUTSIDE THE SANDBOX - VIOLATING TRUST BOUNDARIES IN UNCOMMON WAYS