Scientific Hooligans – PSW #632

Sandy advises security and risk professionals on application and product security, with a particular emphasis on the collaboration among security and risk, product management, application development, operations, and business teams. Her research covers topics such as proactive security design, protecting modern and emerging application architectures, protection of applications in production environments, and embedding security throughout the product lifecycle.

Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security specific architecture, partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor to the OWASP bug bounty initiative and most recently was the Head of Application & Product Security at Data Robot. Prior to that role, Frank was the Sr. Director of Application Security & DevSecOps and Security Researcher at Gartner, and was also the Director of Application Security for Qualys. Outside of work and hacking things, Frank and his wife maintain a family farm. He is an avid outdoors fan and loves all types of fishing, boating, watersports, hiking, camping and especially dirt bikes and motorcycles.

For over the last 20 years, Jason has been ethically peering into Client Behavior, Wireless Networks, Web Applications, APIs and Cloud Systems, helping organizations secure their assets and intellectual property from unauthorized access. As a consultant he’s taken hundreds of organizations through difficult compliance mine fields, ensuring their safety. As a researcher he has found flaws in consumer IoT systems and assisted in hardening them against external attacks. At Cequence Security Jason does research, community outreach and supports efforts in identifying Automated Attacks against Web, Mobile, and API-based Applications to keep Cequence’s customers safe.

Eric is co-founder and Principal Security Engineer at Puma Security focusing on cloud security, static code analysis, and DevSecOps automation. His experience includes performing cloud security reviews, infrastructure as code automation, application security automation, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is also a Principal Instructor with the SANS Institute where he authors information security courses on cloud security, DevSecOps automation, secure coding, and defending mobile apps. He delivers security training for SANS around the world, and presents security research at conferences including SANS, BlackHat, OWASP, BSides, RSA, DevOpsDays, and ISSA.

Chris Eng is Chief Research Officer at Veracode. A founding member of the Veracode team, he is responsible for all research initiatives including applied research and product security, as well as advising on product strategy and M&A. Chris is a frequent speaker at industry conferences and serves on the review board for Black Hat USA. He is also a charter member of MITRE’s CWE/CAPEC Board. Bloomberg, Fox Business, CBS, and other prominent media outlets have featured Chris in their coverage. Previously, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency. Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California.

As a technology leader with wide-ranging experience over 24 years at ADP, instilling entrepreneurial dynamism into product development has been a constant theme of my career. ADP is a world-class provider of solutions. My efforts delivered the technical vision and direction for dozens of products addressing complex business needs with well-designed simplicity. This set me up well to transition to helping other companies solve difficult problems… My value comes from knowing what to do to bring a product to life with minimal risk and maximum benefit to customers and the bottom line. I’ve seen just about every business, project, and technology situation, and can look at an idea from both big picture and detail perspectives to ensure a product’s success. Much of my work focuses on the people side of technology. I thrive on shaping great teams and cultures needed for breakthrough innovation, and on being an evangelist – I love to share knowledge about new products, practices, and technologies to help emerging companies punch above their weight and achieve their business goals through technology.

Keith Hoodlet is an Engineering Director at Trail of Bits, where he leads a world-class team of AI/ML and Application Security consultants that blend cutting-edge security research with a practical attacker mindset. In addition to being a pioneer in AI bias bounty hunting, Keith holds both the Offensive Security Certified Professional (OSCP) and Offensive Security Web Assessor (OSWA) certifications.

Joshua Corman is a Founder of I am The Cavalry (dot org), and recently served as Chief Strategist for the CISA COVID Task Force. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon’s Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. Ron has served on the Board of Directors for a number of GTA’s portfolio companies and has been a steadfast mentor and advisor to many founders. Ron has also supported a variety of cyber nonprofits and think tanks, with both his substantive expertise and through philanthropic funding.

From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. Under Ron’s leadership, Tenable grew to 20,000 customers, raised $300m in venture capital, and grew revenues to $100 million annually; this positioned the company for a successful IPO in 2018, where it was valued at $3 billion.

Prior to founding Tenable, Ron was a cyber industry pioneer. Ron developed Dragon, one of the first commercial network intrusion detection systems, and he also ran risk mitigation for one of the first cloud companies. While serving as a US Air Force officer, Ron deployed network honeypots in the mid 90s for the US Defense Department (DOD) and served as a penetration tester at the National Security Agency (NSA), participating in some of the nation’s first cyber exercises.

For these efforts, Ron received in 2020 both the Northern Virginia Technology Council Cyber Investor of the Year award and the Baltimore Business Journal Power 10 CEO award.

Wendy Nather has been working in cybersecurity for over 25 years. She was previously the Director of Advisory CISOs at Duo Security, Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the board of directors for Sightline Security, is on the steering committee for the IST Ransomware Task Force, and is a Senior Fellow at the Atlantic Council’s Cyber Statecraft Initiative.

Alex Wood has over 20 years of experience in Information Security is currently the CISO for The Anschutz Corporation. Alex has managed security programs and services at major companies across verticals, including telecommunications, energy, healthcare, entertainment, travel, and financial services. Additionally, Alex has served as a Director on the International Board of the Information System Security Association (ISSA) and is Past-President of the ISSA Denver Chapter. Alex is also Co-host of the Colorado = Security Podcast. Alex received a Bachelor of Arts from Grinnell College and a Masters of Applied Science in Computer Information Systems Security from the University of Denver.

Jon Fredrickson is the Information Security and Privacy Officer for Blue Cross and Blue Shield of Rhode Island. He graduated from the University of Rhode Island with a B.A. in Economics. Prior to joining BCBSRI, Jon was the CISO of Southcoast Health and has had various other IT Security positions in healthcare, services and manufacturing. During the past 15 years of working in the IT security field, Jon has developed a pragmatic approach to implementing cybersecurity solutions and assisting his organizations in properly measuring and managing cyber and privacy risk. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG), and is a Certified Information Security Manager.

Jim Hietala, is Vice President, Security for The Open Group, where he manages security and risk management programs and standards activities, He has participated in the development of several industry standards including O-ISM3, O-ESA, and the Open FAIR Body of Knowledge. He led the development of the Open FAIR standards and the certification program for risk analysts, and a joint Open Group and SIRA risk management practices survey project. He also led the development of compliance and audit guidance for the Cloud Security Alliance’s v2 publication.

Jeremiah Grossman is a world-renowned expert in information security, a highly acclaimed security researcher, and an industry innovator. Over the last 20 years, Jeremiah pioneered application security as the founder of WhiteHat Security and served as Chief of Security Strategy for SentinelOne, focusing on ransomware and EDR. Today, as CEO of Bit Discovery, he’s taking on arguably the hardest and most important unsolved problem in the entire industry — attack surface management.

Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. Ron has served on the Board of Directors for a number of GTA’s portfolio companies and has been a steadfast mentor and advisor to many founders. Ron has also supported a variety of cyber nonprofits and think tanks, with both his substantive expertise and through philanthropic funding.

From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. Under Ron’s leadership, Tenable grew to 20,000 customers, raised $300m in venture capital, and grew revenues to $100 million annually; this positioned the company for a successful IPO in 2018, where it was valued at $3 billion.

Prior to founding Tenable, Ron was a cyber industry pioneer. Ron developed Dragon, one of the first commercial network intrusion detection systems, and he also ran risk mitigation for one of the first cloud companies. While serving as a US Air Force officer, Ron deployed network honeypots in the mid 90s for the US Defense Department (DOD) and served as a penetration tester at the National Security Agency (NSA), participating in some of the nation’s first cyber exercises.

For these efforts, Ron received in 2020 both the Northern Virginia Technology Council Cyber Investor of the Year award and the Baltimore Business Journal Power 10 CEO award.

Jayson E. Street referred to in the past as:

A “notorious hacker” by FOX25 Boston, “World Class Hacker” by National Geographic Breakthrough Series and described as a “paunchy hacker” by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.

He’s a Simulated Adversary for hire. The author of the “Dissecting the hack: Series” (which is currently required reading at 5 colleges in 3 countries that he knows of). Also the DEF CON Groups Global Ambassador. He’s spoken at DEF CON, DEF CON China, GRRCon, DerbyCon at several other ‘CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.

He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc.. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!

*He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time’s persons of the year for 2006.