|
|
Secure Software Forum 2007
| Forum Keynote |
|  Howard A. Schmidt
President and CEO,
R & H Security Consulting LLC
Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.
He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President’s Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.
Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.
Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.
Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.
Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.
Mr. Schmidt also serves as the international president of the Information Systems Security Association (ISSA) and was the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He had served as a board member for the CyberCrime Advisory Board of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.
He served as an augmented member to the President’s Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security and author of “Patrolling CyberSpace, Lessons Learned from a Lifetime in Data Security”.
Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems.
Howard holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).
Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard is a Professor of Practice at GA Tech, GTISC and Adjunct Senior Fellow with Carnegie Mellon’s CyLab.
|
| Forum Moderator |
 Jim Reavis
President
Reavis Consulting Group
For more than twelve years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. His original articles about emerging security trends have been published by Information Security Magazine, InfoWorld, Network World, SANS and Secure Computing Magazine, among others.
Jim is the President of Reavis Consulting Group and editor of the CSOinformer newsletter. Jim is an international board member of the Information Systems Security Association (ISSA), the world's largest not-for-profit association of information security professionals. Jim currently serves in an advisory capacity for many of the industry's most successful companies.
Jim founded SecurityPortal in 1998 and has been an advisor on the launch of many industry ventures. Jim has been interviewed for TV, radio and print by TechTV, CNN, CRN, InternetWeek, Interactive Week and CNET and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim was also formerly Chief Marketing Officer for VIGILANTe, a European security software company. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and began his career shortly thereafter as the MIS Manager for InterWest Bank, now part of Wells Fargo.
|
| Forum Presenters |
 Brian Cohen
President and Chief Executive Officer,
SPI Dynamics
Brian Cohen is the president and chief executive officer of SPI Dynamics, the expert in Web application security testing and assessment, and has 24 years of experience in high-level and executive positions within the information technology industry. Recognizing that the next wave of Internet security would strategically occur at the application level due to lack of security development in this critical area, Brian took on his role with SPI Dynamics in 2001 which provides an ideal venue for him to share and combine his application software and Internet security expertise. With Brian’s guidance and expert credentials, SPI Dynamics has grown to be the expert in Web application security with several hundred customers worldwide. These customers include large organizations in virtually all major categories; financial services, health care, transportation, manufacturing, distribution, retail, services, state and local government, and federal government. The last 10 years of Brian’s career has focused exclusively on Internet security. His successful background includes key positions at Technologic, eSoft, Dun & Bradstreet Software, MSA and EDS. After 14 years of leadership positions in the application software business, Brian became a pioneer in the Internet security industry when he founded Technologic and developed the first software and hardware combination firewall appliance. As his career with Technologic progressed, Brian guided the company to produce the first all-in-one firewall, Virtual Private Networking (VPN) and Internet connectivity appliance. Brian is a frequent speaker to C-level audiences on the importance of application security throughout the lifecycle and was recently invited to speak at the annual Microsoft Global Briefing on security best practices in development. In addition, Brian was recognized as a Top 50 Entrepreneur in Atlanta by Catalyst Magazine for 2005. |
 Thomas Dawkins
Senior Marketing Manager
Microsoft
Thomas Dawkins is Senior Marketing Manager in the Core Operating Systems Division at Microsoft. He is a part of the Microsoft Trustworthy Computing team responsible for helping IT Professionals and Developers to adopt better security practices. Mr. Dawkins has over twenty five years' experience as a developer, development manager, IT general manager and manager within a consulting firm that provided security services. |
| Panelists |
 Jennifer Fischer
Director
VISA USA
Jennifer Fischer is a Director with Visa USA, responsible for the Cardholder Information Security Program (CISP). Jennifer manages Visa's CISP data security initiative and her team is responsible for driving compliance with the Payment Card Industry Data Security Standard (PCI DSS). Jennifer's has been focused on CISP since 2001 when Visa began requiring merchants to validate their compliance with the CISP data security requirements. Over the past five years, she has been involved in the enhancements of the program requirements and development of the PCI DSS.
|
 William Geimer
Director of Information Assurance, Open System Sciences
U.S. Agency for International Development (USAID)
Mr. Geimer is the Director of Information Assurance for Open System Sciences in Newington, VA. He has worked at the U.S. Agency for International Development as the Program Manager for the USAID Chief Information Security Office for the past four years. In this capacity, he has helped to develop the USAID information security program, information security technologies, and the USAID FISMA compliance program.
He has led the development of the technical systems that support USAID’s award-winning information security program. This includes a web application security technology, a robust vulnerability management system, intrusion detection, security information management, and a leading-edge automated risk management tool.
USAID’s program was rated at an A+ level by the US House of Representatives in 2005 and 2006. It is the only agency ever to receive such high marks. Additionally, USAID was recognized with an SC Award in 2006 for Best Security Implementation.
Mr. Geimer has held various other leadership positions in the IT and Information Security field. He holds an MS in Information and Telecommunications Systems from Johns Hopkins, and a BS in Computer Science from Marquette University. He is GSEC Gold certified.
|
 Steve B. Lipner
Senior Director of Security Engineering Strategy, Security Business Unit,
Microsoft Corporation
Steven B. Lipner is Senior Director of Security Engineering Strategy at Microsoft. He is responsible for the definition and implementation of the Security Development Lifecycle that focuses on improving the security of Microsoft's products. Mr. Lipner has over thirty years' experience as a researcher, development manager, and general manager in IT security. He holds S.B. and S.M. degrees from M.I.T. and attended the Harvard Business School's Program for Management Development .
|
 William L. Scherlis
Professor in the School of Computer Science
Carnegie Mellon
William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is the founding director of CMU's PhD Program in Software Engineering and director of CMU's International Software Research Institute (ISRI). His research relates to software assurance, software evolution, and technology to support software teams. Dr. Scherlis joined the CMU faculty after completing a PhD in Computer Science at Stanford University, a year at the University of Edinburgh ( Scotland) as a John Knox Fellow, and an A.B. at Harvard University.
He is lead Principal Investigator of the five-year High Dependability Computing Project (HDCP), in which CMU leads a collaboration with five universities to help NASA address long-term software dependability challenges. He is also co-Principal Investigator (with two colleagues) of a new four-year project with NASA and diverse industry and laboratory subcontractors focused on dependable real-time and embedded software systems.
Scherlis is involved in a number of activities related to technology and policy, recently testifying before Congress on innovation and information technology, and, previously, on roles for a Federal CIO. He interrupted his career at CMU to serve at DARPA for six years, departing in 1993 as senior executive responsible for coordination of software research. While at DARPA he had responsibility for research and strategy in computer security, aspects of high performance computing, information infrastructure, and other topics.
Scherlis is a member of the National Research Council (NRC) study committee on cybersecurity and the DARPA Information Science and Technology Study Group (ISAT). He recently completed chairing a NRC study on information technology, innovation, and e-government. He has led or participated in national studies related to cybersecurity, crisis response, analyst information management, Department of Defense software management, and health care informatics infrastructure. He has been an advisor to major IT companies. He has served as program chair for a number of technical conferences, including the ACM Foundations of Software Engineering (FSE) Symposium. He has more than 70 scientific publications.
|
 Caleb Sima
Co-founder, Chief Technology Officer, Director of SPI Labs,
SPI Dynamics
Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in Web application security assessment and testing. Caleb is responsible for directing the lifecycle of the company’s Web application security solutions and is the director of SPI Labs, the renowned application security research and development group within SPI Dynamics. Here, he leads a team of accomplished security experts who have received worldwide recognition for the identification of security vulnerabilities and exploits.
Caleb has been engaged in the Internet security arena since 1996, a time when the concept of Internet security was just emerging. Since then, he has become widely recognized within the industry as an expert in penetration testing, and for identifying emerging security threats. In early 2000 Caleb co-founded SPI Dynamics and helped define the direction the industry has taken. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security Systems’ elite X-Force research and development team where he led the creation of the first pen testing team and drove enterprise security assessments for the company. Caleb began his security career as a security engineer for S1 Corporation. In this role, he was responsible for testing the security of software products for the banking and finance industries. Additionally, he was in charge of security for S1’s Datacenter, which managed the data transfer and security of some of the world’s leading financial institutions.
Caleb’s engineering exploits have gained media attention in publications such as the New York Times and the Washington Post, and he is often called upon by press as an expert resource. He has also contributed articles to various publications and was featured in the Associated Press. A frequent speaker at industry events and tradeshows, Caleb’s most recent appearances include Software Security Summit 2006, Software Security Summit 2005, RSA 2005, HP World 2004, and RSA 2004, as well as various industry organizations and associations events. He is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).
|
| |
|
|
