Cut the Crap
Up in the Clouds
EC-Council Certification Training
Advanced Security Training (CAST)
Other Infosec Training
HH2011 Post Event Report
HH-2012 Post Event Report
Up in the Clouds
Up in the Clouds is a track focused on cloud computing and the security elements surrounding it.
Mr. Freddie Beaver has more than 35 years in systems security, information assurance (IA), and IT governance. He is presently a Senior Vulnerability Assessment Manager at SAIC and IA Certification and Accreditation (C&A) Project Lead for a DoD Agency. Previously, he was a Principal Systems Security Architect at Intelligent Decisions and, prior to that, an IBM Senior Managing Consultant and the DoD Program Lead for Federal Information Security Management Act (FISMA) compliance. Mr. Beaver is a seasoned professional in Federal cybersecurity assessments using the DoD IA Certification and Accreditation Process (DIACAP) and the NIST Risk Management Framework (RMF). He has used international standards such as the ISO 27000 as a cybersecurity consultant in industries that include government, defense, logistics, transportation, academia, and international finances. He has given back to his profession through university lectures and conference presentations. Mr. Beaver holds an MSBA in Management Information Systems (MIS) and professional certifications in IT enterprise governance (CGEIT), systems security (CISSP), security management (CISM), and security authorizations (CAP). He is a retired veteran of the United States Air Force and resides in Arlington, VA, with his family.
“Riding on Cloud 9 – Holistic Security for a Euphoric Cloud Experience”
Michael Berman joined Catbird as Chief Technology Officer in October 2006, with over 20 years experience in system engineering, architecture, design and implementation of secure computing. Michael’s experience in information security is far-reaching, including implementation of C2 UNIX; Fortune 100 enterprise security; and expert support in the prosecution of high profile computer crimes such as “United States v. Robert S. Gordon.”
Michael was previously a principal at IS–DATA, LLC an elite enterprise security design and computer forensic investigation professional services company. He performed hundreds of computer forensic investigations, designed enterprise security solutions and lead security assessments. Michael served in numerous roles for his service customers: ISO 27001 compliance manager, Chief Security Officer and Incident Response Manager.
Prior to IS–DATA, Mr. Berman was the Western Region, VP of Professional Services for Predictive Systems, Inc, delivering security services and assessments nationally to numerous industries.
Michael received his BA in Computer and Information Sciences from the University of California Santa Cruz. He is a Certified Information Security Systems Professional (CISSP 4097) and a member of the SF Electronic Crimes Task Force
"Security and Software-defined Networks"
Steven F. Fox, CISSP, QSA is a Security Architecture and Engineering Advisor at the U.S. Department of the Treasury. In this role, Steven advises multiple groups within the Treasury,offering security guidance on system architecture and engineering to ensure compliance with Federal standards and requirements. He also contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup.
Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He has performed security services including risk/vulnerability/penetration testing assessments, incident response planning, PCI DSS services, and social engineering.
Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. He also sits on the Board of the ISSA Detroit chapter. His speaking engagement include ISSA and ISACA events, SecureWorld Dallas/Detroit, Security B-Sides Chicago/Detroit/Vegas, and GrrCon.
Mr. Fox holds an MS in Business Information Technology from Walsh College, an NSA recognized Center of Excellence. He has a BS in Psyhology from Eastern Michigan Universitry where he studied industrial applications of behavioral theory. He is also Six Sigma Specialist certified.
“FedRAMP - How the Feds Plan to Manage Cloud Security Risks"
Aamir has been with World Wide Technology for 5+ years. Aamir holds a doctorate in advanced modern cryptography and has over 100 industry certifications from Cisco, Juniper, F5, VMware, HP, and many others. Aamir has extensive experience with federal, defense, and large enterprise customers in both a pre and post sales role. He has acted as the lead architect for some World Wide Technology largest clients. He was responsible for designing and implementing data centers for global 100 corporations as well DoD and intelligence agency networks. He has designed and implemented networks on 6 continents and over 50 countries. Aamir has an extensive and diverse background in data center, security, forensics, and audit. Aamir is a trusted advisor to government organizations, law enforcement, and large corporations in the area of cyber-terrorism, cybersecurity, and attack mitigation. He is a frequent speaker and active participant at many cyber-security events and conferences. He is considered one of the foremost thinkers in Cyber-security, IT Security solutions. He is a highly sought after speaker at many industry events and recently he has been the technical advisor to the popular show “The Big Bang Theory” on CBS Television.
"Bring Your Own Destruction"
Victor Nappe is CEO of CloudJacket Security, an award-winning cybersecurity solution that protects intellectual property, health information, personally identifiable information, financial information and other sensitive data against external piracy and internal accidents. Nappe is a widely recognized Internet entrepreneur and e-commerce visionary with two decades of experience in emerging technologies, including a stint as director of e-commerce for Apple Computer’s enterprise software and professional services division. He has founded and counseled start-ups and Fortune 500 firms in the Internet, payment systems, communications, entertainment and wireless industries, and is a frequent speaker in technology and cybersecurity forums. Nappe writes an Internet Security column for Attorney At Law Magazine, and shares his expert perspectives in View From The Cloud, a CloudJacket publication.
"A Perfect Cyber Storm is Brewing – and We Are Not Prepared"
Technical trainer for the past 23 years and is an industry leader in both Security and Virtualization. He has been a notable speaker at many industry events including Novell's Brainshare, Innotech, GISSA and many military venues including the Pentagon and numerous nuclear facilities addressing security both in the US and Europe. He is contributor to Secure Coding best practices and coauthor of Global Knowledge Windows 2000 bootcamp. Current projects include contributing author of "VMware Virtual Infrastructure Security:- Securing ESX and The Virtual Environment" released in April 2009 by Pearson Publishing and has done work for the bimonthly Virtualization Security Roundtable Podcast available as a download on iTunes and Talk Shoe. Tim is one of the EC-Council's Master Instructors.
“The Cloud Whisperer: What Security Secrets is your Cloud not disclosing?”
Hemma Prafullchandra is Hytrust’s Chief Technology Officer and SVP, Products. As CTO and SVP, she is responsible for helping drive the company's security and compliance product innovations and strategy. As an evangelist for what's possible, she pushes the organization and the eco-system (partners, industry bodies, customers) to enable cost-effective, secure deployment of virtualization. She is an active participant in the PCI SSC Virtualization SIG, and a regular panelist on the Virtualization Security Roundtable podcast. Hemma brings over 20 years of industry experience in the field of security and distributed networking. Her expertise includes Solaris security, IPSec, Firewall, Certificate Authority/PKI, Java 2 Security Model, Secure Messaging, Web Services Security (WSS), Managed Security Services and Strong Authentication. Before joining HyTrust, Hemma was CTO of FuGen Solutions, a managed provider of federated identity interoperability and compliance services. During this time she co-chaired the Liberty Alliance Identity Assurance SIG. Prior to that, Hemma was VP of the Advanced Products and Research at VeriSign, where she led the development of numerous next-generation product concepts and co-authored specifications in various industry forums, including WSS and OpenID. Before VeriSign, Hemma held several management and technical positions at Sun Microsystems, Critical Path and The Wollongong Group. Hemma holds a BSc (Honors) in Computer Science with Electronic Engineering from UCL, England; and has authored several patents in the field of security.
“How to successfully get your Cloud through FedRAMP, PCI, and HIPAA”
Rob Randell is a Principal Security and Compliance Specialist at VMware with over 16 years experience in IT and over 12 years in Security. Rob’s current role is to advise VMware customers on security related aspects of virtualization as well as speak at different security and virtualization events like VMworld and the RSA Security Conference. Rob came to VMware as part of the Determina acquisition where Rob was a Senior Systems Engineer where he was responsible for working with customers on the technical aspects of Determina’s next generation memory protection technology. Prior to Determina, Rob was a Senior SE at Webroot and prior to that Vericept which was the original player in the DLP space.
"Architecting and Building a Secure Virtual Infrastructure and Private Cloud"
Shakeel Tufail is the Federal Practice Director for HP Enterprise Security Solutions with over 20 years of computer industry-related experience with responsibilities in conducting management of IT Staff & enterprise systems, infrastructure design, system engineering, customer needs analysis, technical writing, presentations, seminars, program management, software development, implementation, deployment, and maintenance. His past employers include Pentagon Force Protection Agency (PFPA), DEA, Dept of Treasury, Fortify Software, Cigital, Electric On-Ramp, CompUSA, and America Online. Mr. Tufail’s tactical security experience ranges a wide spectrum including Risk Management, Vulnerability Assessments, Trust and Threat Modeling, Architectural Risk Analysis, Systems & Network Architecture, Penetration Testing, Application Security Testing, Forensics Investigation, Incident Response, Disaster Recovery, Business Continuity Planning, Certification and Accreditation, CVE, CWE, CAPEC, US-CERT and Ethical Hacking and Countermeasures.Mr. Tufail has performed numerous software security assessments and penetration testing on various enterprise applications for commercial, government & military customers. This involved teams conducting in-depth application risk assessments for large, mission-critical software systems. These assessments involved interviews with key stakeholders, collection of quality and security metrics, architectural risk analysis, artifact analysis, secure code review, application penetration testing, risk analysis and mitigation planning. An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, US-CERT, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. Mr. Tufail has spoken at numerous conferences across the globe and holds over 30 industry certifications such as CEH, ECSA, CHFI, MCITP, MCSE, MCSD, CCNA, Security+, Network+, & Project+. In his spare time, Shakeel enjoys travel, photography, and teaches technical training at local colleges. Recently, he hiked the Tibetan Himalaya Mountains to Mt. Everest base camp. As the Deputy Program Manager at Pentagon Force Protection Agency he assisted in standing up the PFPA's SOC (Security Operation Center) and Managed Information Assurance (IA) program for Certification and Accreditation (C&A) of NIPRNet & SIPRNet, using DoD Information Technology Security Certification and Accreditation Process (DITSCAP). He also drafted and evaluated Certification & Accreditation, System Test & Evaluation, Residual Risk Reports, and Risk Assessment reports. Mr. Tufail managed the security testing of the highly acclaimed Pentagon Shield Project during his tenure at PFPA.
"Software Threat Modeling for the Cloud"
Copyright 2013 by EC-Council