The relationship between the enterprise and government security organizations and the security researcher community has and continues to evolve rapidly. Mature technology organizations now understand how the community works, how to value its contribution and how to work effectively with security researchers. The community has also learned how large organizations work, the challenges the organizations face and how to productively engage with them. Many organizations and researchers still do not understand this process and even those that do, have periods of friction. How can we apply the lessons from the past more broadly and are there secrets to success as we encounter new issues? Come hear experts from across the security ecosystem share their thoughts on effective collaboration.
William C. Boni has spent his entire professional career as an information protection specialist and has assisted major organization’s in both the public and private sectors. For 30 years, beginning as a Special Agent in U.S. Army Counter-intelligence, Bill has helped a variety of organizations design and implement cost-effective programs to protect both tangible and intangible assets. In a wide range of assignments Bill has assisted clients in safeguarding their digital assets, especially their key intellectual property, against the many threats arising from the global Internet. In addition, he has pioneered the innovative application of technologies including computer forensics, intrusion detection and others, to deal with incidents directed against electronic business systems. Bill has served as a consultant in several professional service organizations and now works as the Vice President and Corporate Information Security Officer of T-Mobile. He is responsible for the company's overall program to protect the company's networks, computer systems and electronic information. Bill has been quoted by leading print publications such as the Wall Street Journal, US News & World Report the Financial Times, LA Times, and CIO Magazine. He has also appeared on many network broadcasts including Prime Time Live, CNN and CNN/fn discussing espionage and cyber crimes directed against American high technology corporations. Other assignments in his distinguished career include work as a U.S. Army counter-intelligence officer; Federal agent and investigator; investigator and security consultant; Vice President of Information Security for First Interstate Bank; and project security officer for “Star Wars” programs and other defense work with Hughes Aircraft Company and Rockwell.
Andrew Cushman: As Sr. Director of Strategy in the Trustworthy Computing Group at Microsoft Corp. Cushman's primary focus is on End to End Trust - Microsoft's initiative for a safer, more trusted Internet, which aims to bring the trustworthiness of the physical world to the cyber world. Cushman is responsible for End to End Trust Outreach and works with teams across Microsoft and the broader security ecosystem. Cushman previously managed the Microsoft Security Response Center (MSRC). The MSRC leads emergency response to security threats, defines and enforces response policies, and monitors monthly update quality and timeliness. Cushman expanded the MSRC's outreach programs to cover security researchers as well as mainstream security organizations, companies and computer emergency response teams. Cushman joined the TwC Security team in 2004 as a member of the Security Engineering Group executive leadership team that made security processes an integral part of Microsoft’s engineering culture. Since then he has been a driving force behind the company’s security researcher outreach strategy and execution efforts, formulating the Responsible Disclosure Initiative strategy and initiating the BlueHat security conference franchise. Since joining Microsoft in January 1990, Cushman has held positions on the Microsoft International Product Group, the Microsoft Money team and the Internet Information Services (IIS) team. He led the IIS product team during the development of IIS 6.0 in Windows Server® 2003. IIS 6.0 was one of the first Microsoft products to fully adopt the security engineering processes that are today embodied in the SDL and remains a “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing. Cushman earned a bachelor’s degree in international studies from the University of Washington and a master of international business degree from Seattle University. Away from work, he is an avid skier.
David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of the Oracle Hacker's Handbook, the Database Hacker's Handbook and SQL Server Security and is the co-author of the Shellcoder's Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. In 2010, David was listed by CRN as a "Security Superstar" and in 2003 he was voted as the "Best Bug Hunter" by Information Security Magazine. In the same year he discovered and developed two methods to bypass the exploit prevention mechanisms built into Microsoft's Windows 2003 Server and consequently worked with Microsoft to improve them. He has found and helped to fix 24 security flaws in SQL Server, including the vulnerability that was exploited by Slammer, 17 in IBM's DB2, 22 in Informix and, somewhere in the hundreds, has lost count of the number in Oracle. In February 2008 David discovered a new class of vulnerability in Oracle that can lead to "Lateral SQL Injection" and, in the November of 2006, another new class of vulnerability in the same RDBMS that can lead to "cursor snarfing" attacks. Both are general programming flaws, that can lead to data compromise. David pioneered major advancements in Oracle forensics and has authored 7 technical papers since March 2007 on the topic. David recently founded V3rity, a new venture, that will develop new tools for use in breach investigations. Until February 2010, David was Chief Research Scientist at NGSSoftware, a UK computer security services and software company he founded in 2001. NGSSoftware was acquired by NCC Group in November 2008. In 2007 NGSSoftware was awarded the Queen's Award for Enterprise, and was listed as one of the UK's fasted growing tech companies by both Deloitte and the Sunday Times. NGSSoftware was winner in the Best Security Company category in the 2008 European SC Magazine Awards and runner up in 2007. Previously David was Director of Research at @stake after his first company, Cerberus Information Security, was acquired in July 2000. In May 2008, David was named the "Entrepreneur of the Year" at the South London Business Awards 2008. Prior to starting a career in computer security David competed as a track and field athlete for Scotland. He was the Scottish Under 20 Champion for both the long jump and decathlon and is the holder of the Scottish Schools Indoor record for long jump.
John N. Stewart: Throughout his career spanning more than two decades, John Stewart has led or participated in security efforts ranging from elementary school IT design to national security programs. A heavily sought public and closed-door speaker, blogger to blogs.cisco.com/security, and 2010 Federal 100 Award recipient, Stewarts’ drive is simple: results. As Vice President and Chief Security Officer for Cisco, Stewart leads the security operations, product security, and government security functions. His team focuses on global information security consulting and services, security evaluation, critical infrastructure assurance, source code security, identification management, and special programs that promote Cisco, Internet, national, and global security. He is also responsible for overseeing security for Cisco.com, the infrastructure supporting Cisco’s $36+ billion business, WebEX, the collaboration service providing 73 million online meetings per year, among other Cisco functions. Stewart remains an active member in the security industry, having served on advisory boards for Akonix, Cloudshield, Finjan, Ingrian Networks, Riverhead, and TripWire. Currently, he sits on technical advisory boards for Core Security Technologies, Panorama Capital (formerly JPMorganPartners Venture), RedSeal Networks, and Signacert, is on the board of directors for KoolSpan, and a standing member of the CSIS Commission on Cyber Security. Stewart holds a Master of Science degree in computer and information science with honors from Syracuse University, Syracuse, New York.
Alex Stamos: researcher and founder, iSEC Partners.