The SOURCE Mentor Program is an opportunity for students and junior professionals to network and gain insight from speakers & industry experts.  SOURCE Mentors/Mentees are expected to schedule a 30 minute meeting with each mentee during the conference. The content of this session (answering questions, making recommendations, and providing general guidance) can be determined by the mentor & mentee. 

SOURCE Boston 2010 Mentor Workshop

Mentor Workshop
Wednesday, April 21, 2010
5:30pm—7:00pm

Seaport Ballroom B

Dan Guido, David Mortman, Marissa Fagnan, Erin Jacobs

Moderated by Kees Leune

 

To become a successful information security practitioner is far from easy. A combination of hard work, skill, experience, luck, and (often) obtaining the right certifications is required. In this panel/workshop, several highly visible practitioners will share the experiences that have shaped their careers and they will discuss some of the choices that helped further their professional development. Immediately following a short panel, we will break out in a number of smaller groups and continue the discussion on a very personal level. Each break-out group will be chaired by one of the panelists, who will guide the group in discussing topics like setting realistic goals, identifying desirable positions and building a personal network.

 

Dan Guido is a threat intelligence analyst on an incident response team at a large financial in NYC. In his free time, Dan teaches a university course in 'Penetration Testing and Vulnerability Analysis' at NYU:Poly and participates in the OWASP NY and LI chapters. Dan graduated from NYU:Poly with a BS in Computer Science.

Marisa Fagan is a Security Project Manager for Errata Security, based in Atlanta, GA. Errata is a security research and consulting company, so Ms. Fagan manages services and the rapid development of custom penetration testing tools. Ms. Fagan graduated from Georgia State University with a BBA in IT Project Management and Information Security. Her expertise is in the subjects of project management, internships, and social media relating to Information Security.

Dr. Kees Leune is an information security strategist who currently works as Adelphi University's Information Security Officer and for the SANS Institute as a Mentor and GIAC Gold adviser. He holds several certifications and is a firm believer in mentoring.

David Mortman is the Director of Operations and Security for C3, LLC and is Contributing Analyst for Securosis. He's the former CISO for Siebel Systems and writes for a couple of blogs. Rumor has it he occasionally likes to bake.

Erin Jacobs is the Engagement Director and a self-proclaimed rockstar for IOActive. Former CSO for UCB Inc. and 2010 CSO Magazine compass award winner, Erin has been handled all flavors of regulatory compliance in practice as well as in strategic advisement. Often known by her handle as SecBarbie, one might say it's hard to be part of security social media without being terrorized by her!




If you are interested in obtaining a SOURCE mentor, please select a first and second choice from the list below and email your selections to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Please note that matches are made on a first come, first serve basis.

 

HD Moore, Chief Security Officer at Rapid7 and Chief Architect of Metasploit
HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.


Deviant Ollam, The Core Group
While paying the bills as an auditor with The CORE Group, Deviant is also member of the Board of Directors of The Open Organization of Lockpickers. Deviant has coordinated physical security sessions at DEFCON, ShmooCon, Black Hat, DeepSec, ShakaCon, HackInTheBox, CanSecWest, and the United States Military Academy at West Point.

Areas of Expertise: Lockpicking, physical security


Jamie Fullerton, Leviathan Security
Jamie Fullerton is a recognized information security expert and professional computer hacker with over a decade of industry experience and deep technical knowledge. Mr. Fullerton has served as the leader of tactical and strategic Attack and Penetration Teams deployed within small, medium, and large corporations and has performed projects in a wide range of scenarios within the information security industry. Jamie has strong ties to the Boston area Hacker community and feels fortunate to have enjoyed many years surrounded by highly intelligent,talented computer hackers as both friends and colleagues.

Areas of Expertise: Penetration testing, security research, how to develop and build a career upon it, building a team, executing the work, the dynamics and politics of it.  Techniques, technologies, attack methodologies

Andrew Hay, University of Lethbridge
Andrew Hay is a Canadian security professional that writes and speaks on privacy, forensics, incident handling, and network security management. He has authored three books on network security management and in 2008 was honored with the title of Security Thought Leader by the SANS Institute.


Robert Clark, Cybersecurity and Communications, Department of Homeland Security
Robert Clark is currently (in a non-attorney position) with the Office of Cybersecurity and Communications, Department of Homeland Security.  He is the former legal advisor to the Navy CIO; United States Computer Emergency Readiness Team; and, the Army's Computer Emergency Response Team.  In these positions he has provided advice on all aspect of computer network operations and privacy.  He consults regularly with DoJ Computer Crime and Intellectual Property Section and National Security Division; DoD; NSA; and, other agencies involved in cybersecurity and privacy.  He lectures at the iapp; Defcon; Black Hat; the Army's Intelligence Law Conference; and, at the DoD's Cybercrimes Conference.

Areas of Expertise: Legal Aspects of Computer Network Security and Privacy


Christien Rioux, Chief Scientist of Veracode and Former Member of L0pht Heavy Industries
Christien Rioux, co-founder and chief scientist of Veracode, is responsible for the technical vision and design of Veracode’s advanced security technology. Working with the engineering team, his primary role is the design of new algorithms and security analysis techniques. Before founding Veracode, Christien founded @stake, a security consultancy, as well as L0pht Heavy Industries, a renowned security think tank.  Christien was a research scientist at @stake, where he was responsible for developing new software analysis techniques and for applying cutting edge research to solve difficult security problems. He also led and managed the development for a new enterprise security product in 2000 known as the SmartRisk Analyzer (SRA), a binary analysis tool and its patented algorithms, and has been responsible for its growth and development for the past five years.

At L0pht, Mr. Rioux was a senior developer. He co-authored the best-selling Windows password auditing tool @stake LC (L0phtCrack) and the AntiSniff network intrusion detection system. His other activities with L0pht included significant security research, publication work and public speaking engagements. Christien is also responsible for numerous security advisories in many applications, operating systems and environments. He is recognized as an authority in the areas of Windows product vulnerability assessment, application optimization and program analysis.

Chris Eng, Director of Security Research at Veracode
Chris Eng leads Veracode's application security research lab and is primarily responsible for driving innovation and thought leadership.  Drawing on nearly a decade of professional experience in information security, he works closely with the CTO to ensure Veracode's technology and strategy are industry relevant and aligned.  He monitors attack trends, analysis techniques, and other advances in application security to keep Veracode's efforts focused on timely and emerging threats.  Additionally, he provides guidance to engineering and service delivery to maximize the accuracy and consistency of Veracode's security analysis service.

Rob Cheyne, Founder and Safelight Security Advisors
Rob Cheyne is founder and CEO of Safelight Security Advisors, a leading information security training company.  Rob is a Boston-based information security expert who has taught information security training classes to over ten thousand developers, architects, and managers.  Rob has 20 years of experience in the information technology field and has been working in information security since 1998. Over the years, he has played the role of software developer, systems integrator, security expert, consultant, trainer and entrepreneur, which gives him a solid combination of business and technical expertise.

Rob was a co-founder of @stake, a highly regarded pioneer in information security consulting. In this role, he led and conducted secure architecture and design reviews, secure code reviews, application penetration tests, and security audits for numerous Fortune 500 companies.  He helped develop@stake's application security assessment methodologies, and led @stake's Application Security Center of Excellence for two years. Rob was also a co-author of the award-winning L0phtCrack password auditing software and he worked on @stake's SmartRisk Analyzer team, which was eventually spun-off as Veracode.

Areas of expertise: Application security, training & public speaking, startup companies, technology, personal & career development

Raffael Marty, Founder of PixlCloud
Raffael Marty is the founder of PixlCloud. His research interests span anything related to IT data visualization. He has held various positions in the log management space at companies like Splunk, ArcSight, and IBM research where he also earned his masters in computer science. His book, Applied Security Visualization, and the SecViz portal are the primary resources for information related to security visualization. The Data Analysis and Visualization Linux (DAVIX), as well as AfterGlow are two of his past projects that have helped form the security visualization space.

Val Smith, Founder of Attack Research
Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing, reverse engineering and malware research. He works on the Metasploit Project as well as other vulnerability development efforts. Most recently Val Smith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Val Smith founded a public, open source malware research project.

Dov Yoran, Co-Founder of MetroSITE Group
Dov is a co-founder of MetroSITE Group, a firm that provides information security market services to F500 security decision makers and to emerging technology companies.  He has held a number of leadership roles in security firms such as Solutionary, Symantec, and Riptech.  At Symantec he had global responsibility for creating, launching and managing the Service Partner Program. Dov came to Symantec as part of the Riptech acquisition, the leading Managed Security Services Provider at the time. Initially, he began his career with Accenture (formerly Anderson Consulting) focusing on strategy and process engagements in the Financial Services Industry. Dov is a founding member of the Cloud Security Alliance and participates on a number of advisory boards.  He regularly speaks at industry events and has been quoted in numerous publications.  Dov holds an MS in Engineering Management and Systems Engineering with a concentration in Information Security Management from GWU and is a cum laude graduate with a BS in Chemistry from Tufts University.

John Cran, Practice Manager at Rapid7
Jonathan Cran (jcran) is the Professional Services practice manager and security consultant with the Boston-based firm, Rapid7. He has been with Rapid7 for two years and specializes in network penetration testing and application assessment. In previous lives, he was a developer and network administrator at Iowa State University.  He is an active leader in the Boston security community. In his spare time, he enjoys producing music and replacing his job with small shell scripts. He runs a blog at http://www.0x0e.org.

Kees Leune, SANS
Dr. Kees Leune is an certified information security professional who teaches, writes and speaks on information security strategy, incident handling and who sometimes dabbles in penetration testing. He works as information security officer for a regional college in the New York metro area and operates Leune Consultancy, LLC, an information security strategy consultancy. Kees is a SANS mentor and a GIAC Gold adviser.

Dr. Anton Chuvakin
Dr. Anton Chuvakin is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, correlation, data analysis, PCI DSS, security management. His blog "Security Warrior" is one of the most popular in the industry. In addition, Anton teaches classes and presents at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He works on emerging security standards and serves on the advisory boards of several security start-ups. Currently, Anton is developing his security consulting practice, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations. Before LogLogic, Anton was employed by a security vendor in a strategic product management role. Anton earned his Ph.D. degree from Stony Brook University.

Areas of Expertise: Log management, SIEM/SEM/SIM, PCI DSS compliance

Carole Fennelly, Director of Content and Documentation, Tenable Network Security
Carole Fennelly is an information security professional with over 25 years of hands-on experience in the information security field. She is the author of numerous articles for IT World, SunWorld and Information Security Magazine, as well as a frequent speaker at the Black Hat Briefings. Ms. Fennelly is presently the Director of Content and Documentation for Tenable Network Security, creators of the Nessus vulnerability scanner.

Areas of Expertise: Solaris OS Security (editor of the CIS Solaris 10 benchmark), Nessus (Director of Technical Content at Tenable), Forensics (wrote forensics course for Sun), Incident Response, Vulnerability Management , Policy Development, Security Assessments


Dan Crowley
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.

Areas of Expertise:  web applications, pentesting, lockpicking