Conference: August 5 - 7, 2003
The Peter Kiewit Institute
Scott Conference Center
Omaha, NE USA
Home Page

CONTACT INFO

CONFERENCE

Bios

TT-1:

Introduction to Forensics 101

Joseph A. Juchniewicz, Americredit

Joe Juchniewicz graduated of the University of Texas at Arlington, with a BA in Criminology and Criminal Justice with a minor in Sociology; December 1991; and a MA in Criminal Justice; August 1996. His Criminal Justice background was put to good use at Lockheed Martin Tactical Aircraft Systems - Fort Worth, TX for over 9 years. There he was introduced to a multitude of security disciplines starting out as a Uniform officer dealing with physical security and then subsequently the COMSEC Security Analyst for the F-22 Program. He is an active member of ASIS, CSI and the SANS institute.

TT-2:

Methodology for Incident Prevention & Response (MIPR)

Robert Bagnall, IDefense

As Special Projects Lead for CSC’s Defense Core Team in Washington, DC. Robert Bagnall has extensive experience in CERT building and CERT Operations. He also built/led the Army National Guard's NGB-CERT, the DoD-CERT, the Air Force's ATC-CERT, and the Missile Defense Agency's MDA-CIRT. Additionally, he served as Senior SOC Security Engineer at Counterpane Internet Security.

TT-3:

Process Capability for Information Assurance: Security Engineering Practices for Better Bottom-Line Results

Matthew O’Brien, SAIC

Mr. O'Brien, CISSP, is an Assistant Vice President and Business Area Manager for SAIC's Systems Security Engineering and Assurance team. He has extensive experience providing lifecycle systems security engineering support for mission-critical Department of Defense information systems. Mr. O’Brien manages software development efforts in an SEI Level 3 organization and continues to refine security engineering practices based upon the SSE-CMM. He is responsible for management, organizational and engineering activities that promote and expand a systems security engineering and assurance capability across multiple projects.

TT-4 & TT-5:

Best Practices for Secure Development, Free Security

Ron Woerner, Solutionary

Ron Woerner is currently employed by Solutionary. Recently, Ron was a Modis contractor working as the Information Security Officer for the Nebraska Dept. of Roads (NDOR). After spending five years as an Air Force Intelligence Officer, Ron moved to the private sector as an UNIX and security administrator. In addition to Solutionary and NDOR, he has worked for Sterling Software, the Mutual of Omaha Companies, and CSG Systems, Inc. He recently spoke at the 29th CSI Conference and at the Omaha CERT and Infotec conferences. Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University. He was awarded the CISSP security certification in August of 2001.

WT-1:

Using Cryptographic Methods to Verify the Authenticity of Mobile Agents

Dr. Volker Roth, CRCG Omaha and Fraunhofer, Germany

WT-2:

Wireless LANs, Lessons Learned

David Borden, ACS Defense

Mr. Borden is an employee of ACS Defense Inc. He is currently supporting a contract with the United States Air Force. In his current position, he travels to Air Force bases as part of a team conducting network security assessments of both wired and wireless LANs. He holds a Masters Degree in Computer Systems Management from the University of Maryland, University College, Graduate School of Management and Technology. He also holds the Certified Information Systems Security Professional (CISSP) credential.

WT-3:

Web Application Security: Risks and Concepts of Security

T Kris Drent, Partner, Information Security Consultant, Security PS, Inc.

Mr. Drent has served as a professional in the information technology industry for nine years and is co-founder of Security PS. Combining his extensive technical background in application development, internetworking, and systems design, he has become an expert information security consultant specializing in attack and penetration testing, application security, enterprise and network security architecture, intrusion detection, host security, and best practices as they relate to information security technologies and processes. Mr. Drent is also the Web Application Security practice lead for Security PS and continues to develop their successful methodology for testing and assessing web application security.

WT-4:

Kerberos and Active Directory Interop

Bob McCoy, Microsoft Corporation

Mr. McCoy is a consultant with Microsoft Services. He travels throughout the central United States performing infrastructure and security consulting for Microsoft clients. Before joining Microsoft he had extensive experience with IBM mainframes and UNIX servers which has served him well in the interoperability space. He has a Bachelor's Degree in Computer Information Systems from Bellevue University. He also holds the Certified Information Systems Security Professional (CISSP) credential.

WT-5:

Effective Use of SNORT IDS System

Aaron Grothe, President/CEO of Heimdall Linux Incorporated

Aaron Grothe is developing Linux products, which are being submitted to the National Institute of Standards and Technology's Common Criteria project for independent security evaluation and accreditation. Mr. Grothe is also the current project leader of the Linux Kernel Audit Project (LKAP), which has as one of its goals to perform a source code audit of the Linux Kernel.

HT-1, HT-2:

Open Source and Incident Response

Joe Loftshult, InteliData Technologies

Joe Lofshult, CISSP, is Director of Operations for InteliData Technologies, an application service provider for the financial services marketplace. He has an M.S. in Computer Science and a B.S. in Nuclear Engineering. Joe has been working and playing with Unix and TCP/IP since the late 80’s. Prior to joining InteliData, Joe was the Director of Enterprise Infrastructure for Ameritrade.

HT-4, HT-5:

System and Network Hacking

David Askey, TechNow, Inc.

After graduating with a degree in computer science from the University of Wisconsin – Madison, Dave worked for the University in the fields of networking and kernel development. Heavily involved with large systems and enterprise networks, he founded TechNow in 1990. Dave instructs and holds certifications in the following tracks: Solaris Administration, Solaris Network Administration, Veritas Volume Manager, Windows NT4.0/2000 MCSE, Citrix, Database Administration (Oracle, Sybase, Microsoft), Programming Courses, Security Courses, Cisco CCNP Track. Over the years, Dave has been invited to several seminars and always enjoys bringing knowledge to attendees.

TM-1:

Solaris 8 Security

Tom Roehr, Physicians Mutual

Tom Roehr has over 22 years experience in the Information Technology industry. He has a diverse background ranging from writing real-time UNIX device drivers to being the system architect for a global client server system. Tom has consulted for Bell Labs, Lucent Technologies, AT&T Communications, IBM, Giorgio Armani, Brooks Brothers, and Fleet Trading.

TM-2:

A Methodology to Implement, Operate, and Maintain an Information Security Process

Leonardo Garcia, Intelematica

Leonardo Garcia is a CISSP with 11 years working on mission critical systems & information security implementation, maintenance and operation across different industries such as Financial, Telecommunications, Oil, National Security Programs, and Strategic Security Private Programs. He has been a speaker in different national and international conferences, and he has published articles about information security methodology and information security risk analysis.

TM-3:

Organizational Issues of Implementing IDS

Shayne Pitcock, First Data Corporation

Mr. Pitcock began his career working with the US Army, Civil Service, pursuing multiple aspects of systems engineering requirements creation, design, and quality assurance. In January 1996, Mr. Pitcock specialized in the implementation of Intrusion Detection Systems (IDS) for Army installations throughout the US. From July 1998 to July 2000, Mr. Pitcock worked for The Boeing Company as the project manager implementing both server- and network-based IDS. Between August 2000 and February 2001, Mr. Pitcock worked as director of IDS Services at Breakwater Security Associates in Seattle, WA providing the creation and delivery of a managed security services program. Currently, Mr. Pitcock is the Senior Security Administrator for IDS technologies with First Data Corporation (FDC). His role is to integrate IDS tools for the newly formed FDC Security Operations Center. Mr. Pitcock is also responsible for integrating the next level of Security Information Management (SIM) tools that will aggregate all security alerts from various security devices throughout FDC.

TM-4:

Day in the Life of a Hacker

Michael Endrizzi, InterSec

Founder, CEO and CTO of InterSec, Mr. Endrizzi has over seventeen years of experience in the computing and security industries. He uses his extensive security knowledge and expertise to work with the InterSec team to design the unique security service, training and support services that have helped InterSec attain national recognition as a premier security company. Mr. Endrizzi is the principal developer of InterSec’s security training courses and seminars and principal manager of InterSec’s expert Security Consultants. Mr. Endrizzi also serves as an interim Chief Security Officer (CSO) for select InterSec customers, providing expert security advice for the development of effective security infrastructures and architectures founded on security best practices. Mr. Endrizzi regularly speaks about information security at computer security seminars and Fortune 500 companies throughout the United States. He is currently performing research on Public Key Infrastructure (PKI) and LDAP integration and deployment. Mr. Endrizzi has a Masters of Computer Science degree from the University of Minnesota and a Bachelors of Computer Science degree from the University of Wisconsin-Oshkosh.

TM-5:

Security Policies: Your First Line of Defense

Bruce Hartley, Privisec

Dr. Hartley has over 21 years of technical and managerial experience in systems, software, and security engineering. He is currently the President and CEO of Privisec, Inc. He was previously the President and Chief Executive Officer at PoliVec, Inc. Prior to PoliVec, Inc. he was the Executive Vice President and Chief Technology Officer at DMW Worldwide, Inc. as well as Senior Vice President and Chief Technology Officer at Trident Data Systems. His experience includes managing rapid growth technology companies and creating leading edge software products such as PoliVec’s Builder, Scanner and Enforcer products, DMW’s UNIX security software product, HostCHECK™, and the complete Enteroä Market Support Solutions product line. Dr. Hartley is recognized by the National Computer Security Center as a Vendor Security Analyst and has been certified by the ISC2 as a Certified Information System Security Professional (CISSP). Bruce Hartley holds a Doctorate in Computer Science from the Colorado Technical University in Colorado Springs, Colorado, and a Master of Arts degree in Computer Data Management from Webster University in St. Louis, Missouri. In addition, Dr. Hartley holds a Bachelor of Science degree in Technical Management and Computer Science and an Associate of Science degree in Business Administration from Regis College in Denver, Colorado. He also holds an Associate of Applied Science degree in Electronic Computer Technology from the Community College of the Air Force.

WM-1:

Justify the Return on Investment

Chris Shepherd, ICCT Corp

Chris Shepherd has provided directive management consulting for the last 9 years to the financial, software and utility industries in regards to information & physical security, disaster recovery and project management. As President of ICCT Corp, Chris has applied his years in project management, banking and consulting experience to assist in raising the level of education in security awareness. Currently, ICCT Corp is providing onsite support to regional electric power utilities through managing all of the information & physical Security initiatives and is involved in preparing the local electric utilities for complying to the FERC security mandates.

WM-2:

Wireless Network Security: Technologies, Guidelines & Management

Steve A. Rodgers, Security PS, Inc.

Mr. Rodgers is the co-founder of Security PS and has been assisting clients in securing their information assets for over eight years. Prior to establishing Security PS he worked as a security consultant for Greenwich Technology Partners and Lucent Technologies (formerly International Network Services). Combining his extensive technical background in internetworking and operating systems, he specializes in attack and penetration testing, wireless network security, policies and procedures, and secure perimeter architectures. Mr. Rodgers is also the Wireless Security practice lead for Security PS and continues to develop their successful methodology for testing and assessing wireless networks.

WM-3:

The Insider Threat – Are You Safe From Internal Attack?

Bruce Hartley, Privisec

Dr. Hartley has over 21 years of technical and managerial experience in systems, software, and security engineering. He is currently the President and CEO of Privisec, Inc. He was previously the President and Chief Executive Officer at PoliVec, Inc. Prior to PoliVec, Inc. he was the Executive Vice President and Chief Technology Officer at DMW Worldwide, Inc. as well as Senior Vice President and Chief Technology Officer at Trident Data Systems. His experience includes managing rapid growth technology companies and creating leading edge software products such as PoliVec’s Builder, Scanner and Enforcer products, DMW’s UNIX security software product, HostCHECK™, and the complete Enteroä Market Support Solutions product line. Dr. Hartley is recognized by the National Computer Security Center as a Vendor Security Analyst and has been certified by the ISC2 as a Certified Information System Security Professional (CISSP). Bruce Hartley holds a Doctorate in Computer Science from the Colorado Technical University in Colorado Springs, Colorado, and a Master of Arts degree in Computer Data Management from Webster University in St. Louis, Missouri. In addition, Dr. Hartley holds a Bachelor of Science degree in Technical Management and Computer Science and an Associate of Science degree in Business Administration from Regis College in Denver, Colorado. He also holds an Associate of Applied Science degree in Electronic Computer Technology from the Community College of the Air Force.

WM-4:

Ethical Hacking: The Value of Penetration Testing

Bruce Hartley, Privisec

Dr. Hartley has over 21 years of technical and managerial experience in systems, software, and security engineering. He is currently the President and CEO of Privisec, Inc. He was previously the President and Chief Executive Officer at PoliVec, Inc. Prior to PoliVec, Inc. he was the Executive Vice President and Chief Technology Officer at DMW Worldwide, Inc. as well as Senior Vice President and Chief Technology Officer at Trident Data Systems. His experience includes managing rapid growth technology companies and creating leading edge software products such as PoliVec’s Builder, Scanner and Enforcer products, DMW’s UNIX security software product, HostCHECK™, and the complete Enteroä Market Support Solutions product line. Dr. Hartley is recognized by the National Computer Security Center as a Vendor Security Analyst and has been certified by the ISC2 as a Certified Information System Security Professional (CISSP). Bruce Hartley holds a Doctorate in Computer Science from the Colorado Technical University in Colorado Springs, Colorado, and a Master of Arts degree in Computer Data Management from Webster University in St. Louis, Missouri. In addition, Dr. Hartley holds a Bachelor of Science degree in Technical Management and Computer Science and an Associate of Science degree in Business Administration from Regis College in Denver, Colorado. He also holds an Associate of Applied Science degree in Electronic Computer Technology from the Community College of the Air Force.

WM-5:

Risk Considerations in Developing Security Ops Center

Ed Covert, ICS Corp

Edwin Covert is a Certified Information Systems Security Professional (CISSP) and a Global Incident Analysis Center (GIAC) Certified Incident Handler (GCIH) with over ten years in the information security and information assurance arenas. He is the Director of Information Security Services for Integrated Communication Solutions, with responsibility for developing and delivering security solutions to its diverse clients. Mr. Covert serves on ICS' Security Advisory Council with other industry thought leaders to provide insights on Information Assurance policy and procedure changes in federal agencies, and how those changes will affect commercial organizations.

HM-1, HM-2:

Back to the Future

John Casciano, SAIC

John P. Casciano is Senior Vice President and Group Manager for the Enterprise Security Solutions Group, Science Applications International Corporation (SAIC), Reston, VA. John manages SAIC’s Information Security business which includes security consulting, implementation services, security education and training, managed security services, and security operations. His customers are both government and commercial, domestic and international. Prior to joining SAIC in April 2001, he was Senior Vice President, Enterprise Security Strategic Business Unit, for Litton-TASC, Chantilly, VA. Prior to entering the business world, John spent a 32-year career in the United States Air Force. In his last assignment in the military, he was the US Air Force’s director of intelligence, surveillance and reconnaissance. John entered the Air Force in 1967 as a graduate of Georgetown University’s Reserve Officer Training Corps Program and retired from active duty on May 1, 1999. John served in various senior staff positions in the Pentagon; Headquarters Strategic Air Command, Offutt Air Force Base, NE; Headquarters Air Combat Command, Langley Air Force Base, VA; and Headquarters U.S. European Command, Stuttgart-Vaihingen, Germany. He also served as Commander, Air Intelligence Agency, and the Director, Joint Command and Control Warfare Center, both at Kelly Air Force Base, TX. In his last Air Force assignment he was the Air Force’s Senior Intelligence Official and the proponent for intelligence, surveillance, reconnaissance, and information warfare.

HM-3:

Information Security Career Guide

William Sieglein, Fortrex Technologies Inc.

William Sieglein has over 20 years in the IT industry specializing in information security. His INFOSEC experience is broad and includes assessments, architecture development, infrastructure planning, product evaluation and implementation, program and policy development, project management and training & awareness development and delivery. His career includes 11 years with the NSA, 6 years with Booz Allen consulting the US and foreign intelligence communities, 3 years as the security infrastructure planner at T. Rowe Price and over 2 years managing the security services group at Fortrex Technologies. He recently published "Security Planning & Disaster Recovery" with Fortrex CTO Eric Maiwald through Osborne/McGraw-Hill.

HM-4, HM-5:

Privacy & Security Laws

Kate Wakefield, Costco

Kate Wakefield brings twelve years of information management and Unix system administration skills to create solutions to the problems of network and information security. Kate is a Certified Information Systems Security Professional and leads the CISSP_PNW study group. She also holds a Master of Library Science and a Master of Public Administration with an emphasis on non-profit administration. Kate's areas of expertise include secure Solaris system administration, encrypted email products, HIPAA, and the implication of privacy laws upon business practices. She enjoys quilting, beading jewelry, target shooting, and ballroom dancing. Kate Wakefield serves on the board of the ISSA Puget Sound chapter. Kate is currently serving on the American Bar Association’s Information Security Committee working groups to create a Corporate Privacy Handbook and to write an International Strategy for Cyberspace Security. She is also the primary HIPAA compliance project manager for Costco’s Information Systems Department. (Costco is a covered entity under HIPAA due to its billion-dollar Pharmacy business unit.) Kate has been interested in privacy issues since her former life as a librarian (which included four years of service at the Nebraska Library Commission).

TE-1:

AI Techniques

Steve Nugen, NuGenSoft

Stephen Nugen is founder and President of NuGenSoft, LLC, a provider of Information Security services since 1998. Steve's experience includes research, development, and management responsibilities at Harris Corporation, Iowa State University, GTE, and Raytheon. Steve is a CISSP whose local affiliations include: NEbraskaCERT, Infotec, College of Saint Mary, Infragard, and others.

TE-2:

MVS (z/OS) Security Issues

Steve Wiggin, Mutual of Omaha

Steve Wiggin, CISSP, is a Senior Security Analyst at Mutual of Omaha, headquartered in Omaha, Nebraska. He has over 25 years experience in Information Systems. His background includes work in the U.S. Navy as a Cryptologic Technician, and work in the banking and insurance industries where he worked in Information Security. Steve has also been the Information Security Office at a defense contractor, and spent 4 years as an Information Security consultant.

TE-3:

Creating an Effective Audit Policy for Oracle Databases

Aaron Grothe, President/CEO of Heimdall Linux Incorporated

Aaron Grothe is developing Linux products, which are being submitted to the National Institute of Standards and Technology's Common Criteria project for independent security evaluation and accreditation. Mr. Grothe is also the current project leader of the Linux Kernel Audit Project (LKAP), which has as one of its goals to perform a source code audit of the Linux Kernel.

 

TE-4, TE-5:

Tutorial & Case Study in Implementing Linux Network Security

Oskar Andreasson

Oskar Andreasson is currently occupied as an open source documentation writer and as a Unix Specialist at Direct2Internet AB. He started with a VIC-64 in 1987 and learned to code Basic in the late 1980's. He got interested in system and network security in the beginning of the 1990's. He has since continued in those tracks. Mr. Andreasson has been a vivid Linux user and administrator since 1994. He is the author of "Linux/Unix" as well as "Windows 2000" courses, and books, available through Multisoft Education. Also author of the Iptables-tutorial and Ipsysctl-tutorial available on the Internet at www.frozentux.net, as well as working on several smaller projects. Mr. Andreasson is currently located and settled down in Stockholm, Sweden.

WE-1:

Computer Forensics – How to Conduct a Cyperspace Autopsy

Doug Conorich, IBM Managed Services

Mr. Conorich is the Global Solutions Manager for IBM Global Service’s Managed Security Services. In this capacity, he has responsibility for developing new security offerings, insuring that the current offerings are standardized globally, and all training of new members of the MSS team worldwide in how to do "Ethical Hacking" and service delivery. Mr. Conorich teaches people how to use the latest vulnerability testing tools to monitor Internet and Internet connections and develop vulnerably assessments suggesting security related improvements. Mr. Conorich is also actively engaged in the research of bugs and vulnerabilities in computer operating systems and Internet protocols and is involved in the development of customized alerts notifying clients of new potential risks to security. Mr. Conorich has over 30 years of experience with computer security holding a variety of management positions. He joined IBM in 1997. He is a networking and UNIX expert, with more than 15 years experience in these areas. He is a popular speaker at conferences on information security for UNIX and multi-platform environments and has presented papers at over 250 conferences such as CSI, ISSA, CACS, DECUS, UNIXExpo, and HPWorld. He also has published numerous computer security-related articles on information security in The EDP Auditor's Journal and Auerbach's Information Systems Security magazine and The Information Security Management Yearbook. He has held Associate Professor positions at the University of Wisconsin-Milwaukee, the University of Maryland, Chapman College, City College of Chicago, and Hartford Community College. He taught physics, mathematics, solid-state circuit design, and other computer-related courses. Mr. Conorich has undergraduate degrees in Physics, Computer Science, and Meteorology and a Masters Degree in Physics from the University of New Mexico.

WE-2, WE-3:

Checkpoint NG VPN/Securemote

FishNet Security

WE-4:

How to Write a Security Policy

Doug Conorich, IBM Managed Services

Mr. Conorich is the Global Solutions Manager for IBM Global Service’s Managed Security Services. In this capacity, he has responsibility for developing new security offerings, insuring that the current offerings are standardized globally, and all training of new members of the MSS team worldwide in how to do "Ethical Hacking" and service delivery. Mr. Conorich teaches people how to use the latest vulnerability testing tools to monitor Internet and Internet connections and develop vulnerably assessments suggesting security related improvements. Mr. Conorich is also actively engaged in the research of bugs and vulnerabilities in computer operating systems and Internet protocols and is involved in the development of customized alerts notifying clients of new potential risks to security. Mr. Conorich has over 30 years of experience with computer security holding a variety of management positions. He joined IBM in 1997. He is a networking and UNIX expert, with more than 15 years experience in these areas. He is a popular speaker at conferences on information security for UNIX and multi-platform environments and has presented papers at over 250 conferences such as CSI, ISSA, CACS, DECUS, UNIXExpo, and HPWorld. He also has published numerous computer security-related articles on information security in The EDP Auditor's Journal and Auerbach's Information Systems Security magazine and The Information Security Management Yearbook. He has held Associate Professor positions at the University of Wisconsin-Milwaukee, the University of Maryland, Chapman College, City College of Chicago, and Hartford Community College. He taught physics, mathematics, solid-state circuit design, and other computer-related courses. Mr. Conorich has undergraduate degrees in Physics, Computer Science, and Meteorology and a Masters Degree in Physics from the University of New Mexico.

 

WE-5:

How to Deploy an IDS Solution for Internet Hosts

Doug Conorich, IBM Managed Services

Mr. Conorich is the Global Solutions Manager for IBM Global Service’s Managed Security Services. In this capacity, he has responsibility for developing new security offerings, insuring that the current offerings are standardized globally, and all training of new members of the MSS team worldwide in how to do "Ethical Hacking" and service delivery. Mr. Conorich teaches people how to use the latest vulnerability testing tools to monitor Internet and Internet connections and develop vulnerably assessments suggesting security related improvements. Mr. Conorich is also actively engaged in the research of bugs and vulnerabilities in computer operating systems and Internet protocols and is involved in the development of customized alerts notifying clients of new potential risks to security. Mr. Conorich has over 30 years of experience with computer security holding a variety of management positions. He joined IBM in 1997. He is a networking and UNIX expert, with more than 15 years experience in these areas. He is a popular speaker at conferences on information security for UNIX and multi-platform environments and has presented papers at over 250 conferences such as CSI, ISSA, CACS, DECUS, UNIXExpo, and HPWorld. He also has published numerous computer security-related articles on information security in The EDP Auditor's Journal and Auerbach's Information Systems Security magazine and The Information Security Management Yearbook. He has held Associate Professor positions at the University of Wisconsin-Milwaukee, the University of Maryland, Chapman College, City College of Chicago, and Hartford Community College. He taught physics, mathematics, solid-state circuit design, and other computer-related courses. Mr. Conorich has undergraduate degrees in Physics, Computer Science, and Meteorology and a Masters Degree in Physics from the University of New Mexico.

HE-1, HE-2, HE-3:

Network Perimeter Security

Marty Gillespie, Haverstick Government Solutions

Marty Gillespie is a Senior Information Security Consultant at Haverstick Government Solutions. He has over seventeen years information security and networking experience in diverse environments involving integration of multiple platforms, network operating systems, protocols and logical/physical network designs. In addition, Mr. Gillespie is a Certified Information Systems Security Professional (CISSP) and a Check Point Certified Systems Engineer (CCSE). He was most recently a Senior Information Security Consultant at Lucent Technologies.

HE-4, HE-5:

Secured n-Tier Web Services - Case Study

Matthew G. Marsh, Paktronix Systems LLC

Matthew Marsh is Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix Systems LLC, Author of "Policy Routing Using Linux" (SAMS), and Creator of PakSecured Linux. He has worked in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. He also worked extensively with various routing platforms both as a user and as a vendor. On NEAR & BIT-Net in 1984 (PreHistoric Internet) and has been addicted ever since. As Chief Scientist of the NEbraskaCERT, he is researching IPv4/IPv6/IPSec Integrated Security Networks. Additionally, he developed the first (and currently still the only) SNMPv3 manageable policy routing firewall system for Linux available under GPL at http://www.paksecured.com. He is currently researching management and design of Integrated Security Networks.

TG-1:

ISC2 Certification

Dow Williamson, Director of Communications, ISC2

Dow Williamson is the Director of Communications at the International Information Systems Security Certification Consortium (ISC)˛, a non-profit organization that has certified approximately 20,000 information security professionals in 90 countries over the last 15 years. Prior to coming to (ISC)˛, he spent 2 years as the Vice President of Marketing at Trusted Computer Solutions, a cyber-security software provider located in Herndon, VA. Additionally, he was the Senior Product Manager for the Trusted Solaris Operating Environment at Sun Microsystems and was the Market Development Manager for Government Operations at RSA Security. Williamson also spent 12 years in the Department of Defense in various Information Assurance-related assignments. These assignments included the DoD Multilevel Security Program Office and Chief of Information Assurance Policy at United States Strategic Command. He is a Certified Information Systems Security Professional, holds a BS in Computer Science/Mathematics from Norwich University, a MS in Space Operations from the University of North Dakota, and a MBA from Embry-Riddle Aeronautical University.

TG-2:

Fiber Optic Vulnerability

Mark Gross, NeSTronix, Inc

Pending

TG-3:

HIPAA Final Security Rule

James O'Connor, Baird Holm Law Firm

James E. O'Connor is a partner with Baird, Holm, McEachen, Pedersen, Hamann, & Strasheim, LLP. He represents the firms' clients with respect to the development, acquisition and use of technology and other forms of intellectual property. In addition, Jim assists clients with matters involving e-commerce, the Internet and emerging technologies. From 1982 until joining the firm in 1999, Jim worked for a Fortune 500 company as Senior Counsel & Special Technologies Counsel, Assistant General Counsel, Associate General Counsel and Senior Vice President and Chief Compliance Officer. Jim counseled senior operations and division officers on all aspects of their business, chaired the negotiating teams responsible for acquiring mission critical technologies, and structured and negotiated complex systems integration agreements, software development transactions and hardware acquisitions. Jim also has experience negotiating contracts for data processing, telecommunications and related technologies and advising on the protection of proprietary rights and other legal implications of emerging technologies. Jim also served as Secretary and General Counsel for a national software development and services company. Jim received his law degree from Notre Dame in 1978. In 1975 he received his B.A., magna cum laude, from the University of Nebraska-Omaha, where he was awarded a Regents' Scholarship. Jim also teaches "Technology and Law" at Creighton University School of Law 1985-2001 and "E-Commerce and the Law" starting in 2002. Jim also is an adjunct faculty member of the University of Nebraska at Omaha, Peter Kiewit Institute, Information, Science, Technology & Engineering where he teaches "Cyberlaw." He is a member of the Omaha Bar Association, Nebraska Bar Association, the Computer Law Association and the American Bar Association's Section of Intellectual Property Law and Section of Science & Technology.

TG-4:

Enhancing your Security Architecture with Multi-Level IDS

Mike Hrabik, Solutionary, Inc.

Michael Hrabik is a founding partner and Chief Technology Officer of Solutionary, Inc. Mike is the principal architect for Solutionary’s proprietary eV3™ processing, patent-pending ActiveGuard™ software and Security Operations Center. Mike has over 20 years of high-level information technology experience. Prior to joining Solutionary, he was a partner at ITI Marketing Services, Inc., where he served as Director of Systems and Operations. Mike was the technology executive in charge of the company’s internal system and network security that surrounded the more than two million transactions processed daily by the firm. He oversaw the technology department’s security on all client data, the system configuration, LAN/WAN support and Disaster Recovery. He was also responsible for development and support of all facility teleservices, scripting, list processing and back-end corporate processing. In each area, Mike was responsible for meeting the stringent security requirements of the voluminous client data and proprietary information the company managed on a day-to-day basis. After his tenure at ITI, Mike served as the Vice President of Technology for NetCount Price Waterhouse, LLC, a Los Angeles-based third-party web-measurement and analysis company. NetCount, which was the industry’s leader and first 100% census-based traffic-measurement company, processed over 70 million transactions per day. Following NetCount’s sale, Mike spent two years consulting with multiple companies in the Internet and wireless fields. Mike received his B.S. in Computer Science from the University of Nebraska at Omaha. In addition, he is a member at large of the Omaha Chapter of the FBI’s InfraGard program. He has also been a featured speaker at various industry events, most recently at the Administaff Conference.

TG-5:

The War Against Spam

Christopher Baker, MCSE

Chris Baker, MCSE, resides in Columbus, Ohio, and has five years of networking experience in Windows, Linux, Netware, and e-mail. His war against spam began almost immediately after he first logged onto CompuServe in 1995. He has spoken before several groups on the subject, including the Columbus Computer Society. His writing has appeared in the Columbus Dispatch, Liberty, Baseball America, and Ideas on Liberty. He is an active member of his local Toastmasters club and also enjoys fitness and ballroom dancing.

WG-1:

Evolution of the Firewall

Mark Kraynak

WG-2:

Challenges of Enterprise Security

Conrad Herrmann, Zone Labs

Conrad Herrmann, Zone Labs Chief Technology Officer, has a strong history of shipping award-winning products. He was software architect at Borland International for several market-leading products, among them Borland C++ and the Borland Database Engine. Mr. Herrmann's fourteen years in the high-technology industry include a number of years with startup companies, including Surpass Systems, which was acquired by Borland, and MultiScope, which was acquired by Symantec.

WG-3:

Online Education in Security

Tom Myers, Bellevue University

 

WG-4, WG-5:

Building a Viable Information Assurance Program

Harry Bouris, Sumaria

Mr. Bouris has over 30 years experience in information and communications security with the Federal Government. For the past ten years, he has served as the Technical Services Director for the B-2 Stealth Bomber System Program Office. In this capacity, he also served as the Information System Security Officer, responsible for the entire Information Assurance Program for two major Air Force weapons systems. He was certified through the International Security Certification Consortium (ISC2) as a Certified Information Systems Security Professional and as a Certified Information Systems Security Officer for Special Compartmentalized Information (SCI) and Special Access Programs (SAP) by the Secretary of the Air Force for Acquisition Security.

HG-3:

Application Security

S. Ramesh, Razorwire Security

Mr. S. Ramesh is the CEO of Razorwire Security. He is an experienced Chief Technology Officer, Chief Software Architect, successful entrepreneur and active investor. Ramesh is an expert in the security and design of complex computer systems. He currently sits on the board of five companies in the Internet infrastructure and enterprise software spaces. He is a frequent speaker and panelist on security and Internet technology in southern California. Prior to founding Razorwire Security, Ramesh has worked in senior technology positions in various industries, including Banking and Finance, Telecommunications, Enterprise Software, and Internet Technology.

HG-4, HG-5:

Taxonomy of Cryptographic APIs in JAVA

Brian Smith, Solutionary, Inc.

Brian Smith is Senior Software Engineer currently contracted to Solutionary, Inc. Brian did both his graduate and undergraduate work in Computer Science at the University of South Dakota where he received awards for academic performance and outstanding contributions to the Computer Science department. In 1996 Brian was inducted into Upsilon Pi Epsilon the National Honors society for Computing Sciences. Brian has applied cryptography to an Internet voting pilot project as well as to security related projects for Solutionary, Inc.

NEbraskaCERT Conference 2003 is brought to you by NEbraskaCERT
*CERT is a servicemark of Carnegie Mellon University. Used with permission.