2011 BASC Speakers

We would like to thank our speakers for donating their time and effort to help make this conference successful.

Michael Anderson
NetSPI Michael Anderson is a security consultant at NetSPI with experience in penetration testing, application security, computer forensics, network architecture, and code reviews. He has presented at DefCON 18 on cloud-based threats, and is currently engaged in research on threats to mobile infrastructure.

Francis Brown
Stach & Liu Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.

Francis has presented his research at leading conferences such as Black Hat USA, DEFCON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.

Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

John Carmichael
Safelight John Carmichael is the Director of Product Management at Safelight Security. John is responsible for the product strategy for all training products at Safelight. John has applied his software security expertise to the creation and delivery of security training for some of the world’s largest organizations. His experience is rooted in a background of software development with deep expertise in a myriad of languages and environments. John has developed enterprise-class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned a B.S. degree in Computer Science and Business Administration from the University of Vermont and a M.S. degree in Computer Information System Security from Boston University.

Robert Cohn
Intel Robert Cohn was the initial developer and project leader for the Pin dynamic instrumentation system. He has 20 years experience in advanced and product development for compilers, post-link optimization, binary translation, instrumentation, and CPU simulation.

Josh Corman
Akamai Joshua Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top innovators of IT for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded RuggedSoftware.org – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.

Rob Cheyne
Safelight Security Advisors Rob is the CEO of Safelight Security, a leading provider of both instructor-led and computer-based security training. He is a Boston-based information security expert who has taught information security training classes to over ten thousand students, including developers, architects, and managers for industry-leading organizations. He has 20 years of experience in the information technology field and has been working in information security since 1998. Over the years, he has played the role of software developer, systems integrator, security consultant and trainer. Rob was a co-founder of @stake, a highly regarded pioneer in information security consulting. In this role, he led and conducted secure architecture and design reviews, secure code reviews, application penetration tests, security assessments, and training for numerous Fortune 500 companies. Rob worked on @stake's SmartRisk Analyzer team, building software that automatically scans applications for vulnerabilities, and he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool. @stake was acquired by Symantec Corporation in October 2004. Rob regularly speaks at security conferences, and frequently presents to the Boston OWASP chapter on a variety of security topics. His specialties are application security architecture and information security training.

Ming Chow
Lecturer at Tufts University Department of Computer Science Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).

Jack Daniel
Tenable Jack Daniel is old, and has a Unix Beard, so people mistakenly assume he knows stuff. He still makes no attempt to correct this gross misunderstanding. Jack has proven himself to be an inciteful moderator on compliance topics. He has many years of network and systems administration experience, and a bunch of letters after his name. Jack lives and breathes network security as Product Manager for Tenable.

Zach Lanier
The Intrepidus Group Zach Lanier is a Principal Consultant with the Intrepidus Group, specializing in network, mobile, and web application penetration testing. Prior to joining Intrepidus, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach likes Android, vegan food, and cats (but not as food).

HaoQi Li
Mozilla HaoQi Li is a CS student at MIT. She interned on the Infrastructure Security Team at Mozilla this summer and created MozSecWorld under the mentorship of Michael Coates, an OWASP member.

Anirudh Ramachandran
Nouvou Anirudh Ramachandran serves as Chief Technology Officer of Nouvou.

Christien Rioux
Veracode Christien Rioux, co-founder and chief scientist of Veracode, is responsible for the technical vision and design of Veracode’s advanced security technology. Working with the engineering team, his primary role is the design of new algorithms and security analysis techniques. Before founding Veracode, Mr. Rioux founded @stake, a security consultancy, as well as L0pht Heavy Industries, a renowned security think tank. Mr. Rioux was a research scientist at @stake, where he was responsible for developing new software analysis techniques and for applying cutting edge research to solve difficult security problems. He also led and managed the development for a new enterprise security product in 2000 known as the SmartRisk Analyzer (SRA), a binary analysis tool and its patented algorithms, and has been responsible for its growth and development for the past five years

Roy Wattanasin
Roy Wattanasin is a information security professional working in the healthcare industry. He spends most of his time on leading and developing an organization's information security program and working on PCI-DSS compliance, privacy, regulatory efforts, education efforts and with other projects. He also teaches information security at Brandeis University.

Andrew Wilson
Trustwave SpiderLabs Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 9 years experience building, testing, and securing software in a variety of industries. Andrew specializes in application security assessment, penetration testing, and secure development life cycle. Andrew is an active speaker in the developer and security communities. Andrew is recognized as a Microsoft MVP in Windows Azure.