As CISO at the SANS Institute Frank leads the security risk function for the most trusted source of computer security training, certification, and research in the world. He also helps shape, develop, and support the next generation of security leaders through teaching, developing courseware, and leading the management and software security curricula.
Prior to the SANS Institute, Frank was Executive Director of Cyber Security at Kaiser Permanente with accountability for delivering innovative security solutions to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $55 billion, 9.5 million members, and 175,000 employees. In recognition of his work, Frank was a two-time recipient of the CIO Achievement Award for business enabling thought leadership.
Frank holds degrees from the University of California at Berkeley and is a SANS certified instructor as well as the author of popular courseware on strategic planning, leadership, and application security.
Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. Eric previously spent six years performing web application security assessments for a large financial institution and another four years focusing on ASP .NET web development. He completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. Eric is located in West Des Moines, IA and outside the office enjoys spending time with his wife and daughter, attending Iowa State athletic events, and golfing on the weekends.
Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. He is currently a SANS certified instructor. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.
Gregory Leonard has over 16 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg's responsibilities have included application architecture and security, performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics. Greg is currently focusing on overseeing the integration of secure development practices for his company.
Sri Mallur is a security consultant at a major healthcare provider. Sri has over 15 years of experience in software development and information security. He has designed and developed applications for large companies in the insurance, chemical, and healthcare industries. He has extensive consulting experience from working with one of the big 5. Sri currently focuses on security in SDLC by working with developers, performing security code review, and consulting on projects. He is also currently involved with mobile app security. Sri holds a Masters in industrial engineering from Texas Tech University, Lubbock, TX and an MBA from Cal State University-East Bay, Hayward, CA.
Mano Paul is a seasoned veteran in the discipline of information security, software assurance, and software development, spanning responsibilities that include designing and developing security programs from compliance
to coding, security in the software development lifecycle, risk management, security strategy, awareness, training and education. He is the CEO of SecuRisk Solutions and Express Certifications, companies that specializes in information security training, product development, consulting, and certification assessment. He is also an (ISC)2 appointed software assurance advisor and a member of the Application Security Advisory council. He holds the CISSP, CSSLP, GWAPT, GSSP-.Net, MCSD, MCAD, ECSA and CompTIA Network+ certifications.
Megan is currently a certified instructor with the SANS Institute as well as a senior engineer with Savvis. She has over 16 years of experience in information technology with an extensive background in secure application infrastructure design/management utilizing Linux and Windows environments for both small and large implementations. Her experience spans several verticals, including financial services, healthcare, education, and telecommunications, allowing her to have a well-rounded understanding of various business needs. Megan holds several professional certifications from Red Hat, Cisco, ISC2, and SANS. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and vendor risk assessments.
David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.
Johannes Ullrich, Ph.D.
As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.
Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day. - Brad Meyers, Molina Healthcare