Frank Kim is a security leader with over 16 years of experience in information security, risk management, and enterprise IT. He has a passion for developing security strategies and building teams focused on practical solutions to business risks. He currently serves as the curriculum lead for application security at the SANS Institute and is the author and an instructor for the Secure Coding in Java course. Frank is a popular public speaker and has presented at security, software development, and leadership events around the world.
James Jardine is a senior security consultant at Secure Ideas and the founder of Jardine Software. James has spent over twelve years working in software development with over seven years focusing on application security. His experience includes penetration testing, secure development lifecycle creation, vulnerability management, code review, and training. James is focused on helping developers build more secure applications, working with small start-ups as well as large corporations. He has worked with mobile, web, and Windows development with the Microsoft .NET framework. James is a mentor for the Air Force Association's Cyber Patriot competition. He currently holds the GSSP-NET, CSSLP, MCAD, and MCSD certifications and is located in Jacksonville, Florida.
Eric Johnson is a security consultant at Cypress Data Defense, and an instructor and contributing author for the SANS DEV544 Secure Coding in .NET course. He previously spent six years performing web application security assessments for a large financial institution, and another four years focusing on ASP .NET web development. Other experience includes developing security tools, secure code review, vulnerability assessment, penetration testing, risk assessment, static source code analysis, and security research. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University. Eric currently holds the GSSP-.NET, GWAPT, and CISSP certifications and is located in West Des Moines, IA. Outside the office, Eric enjoys spending time with his wife and daughter, attending Iowa State athletic events, and playing golfing on the weekends.
Kevin Johnson is a Senior Security Consultant with Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture, and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies. Kevin is an instructor and author for the SANS Institute and a contributing blogger at TheMobilityHub.
Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.
In addition, Kevin is very involved in the open source community and runs a number of open source projects. These include SamuraiWTF, a web pen-testing environment; Laudanum, a collection of injectable web payloads; Yokoso!, an infrastructure fingerprinting project; and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.
Kevin does an excellent job of explaining the content to less-experienced users. - Andrew Downey, DND
Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. He is currently a SANS certified instructor. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.
Gregory Leonard has over 13 years of experience in software development, with an emphasis on writing large-scale enterprise applications. He has worked with several government agencies, including designing and developing applications for the U.S. Treasury. Greg's current responsibilities include application architecture and security; performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics.
Sri Mallur is a security consultant at a major healthcare provider. Sri has over 15 years of experience in software development and information security. He has designed and developed applications for large companies in the insurance, chemical, and healthcare industries. He has extensive consulting experience from working with one of the big 5. Sri currently focuses on security in SDLC by working with developers, performing security code review, and consulting on projects. He is also currently involved with mobile app security. Sri holds a Masters in industrial engineering from Texas Tech University, Lubbock, TX and an MBA from Cal State University-East Bay, Hayward, CA.
Mano Paul is (ISC)2 appointed software assurance advisor and is a seasoned veteran in the discipline of information security, software assurance and software development, with responsibilities that include designing and developing security programs from compliance to coding, security in the software development lifecycle, and providing risk management, security strategy and security awareness and education. He is the CEO and founder of SecuRisk Solutions, which specializes in security product development and consulting, and Express Certifications, a professional certification assessment and training company.
Before founding his two companies, Paul worked for Dell, Inc. in a variety of security and software positions, including software developer to technical architect, global application security consultant, senior global security program manager, and workforce strategist for both IT and the business. He is a contributing author for the Information Security Management Handbook, writes periodically for information security and certification magazines, and has participated in and contributed to several security articles for the Microsoft Solutions Developer Network (MSDN).
Additionally, Paul has been featured at numerous security conferences around the world as an invited speaker and panelist, delivering keynotes and talks to such conferences as CSI, SC World Congress, Burton Group Catalyst and OWASP. He is also an appointed faculty member and served as the industry liaison for the Capitol of Texas Information Systems Security Association (ISSA) chapter.
Paul is a Certified Secure Software Lifecycle Professional (CSSLPCM) and Certified Information Systems Security Professional (CISSP2), both (ISC)2 certifications. He also holds the MCAD, MCSD, CompTIA's Network+ and ECSA certifications.
Paul has already undertaken a number of tasks for (ISC)2, including creating the online self-assessment tool known as studISCope, authoring the upcoming Official (ISC)2 Guide to the CSSLP, collaborating on the development of the CSSLP curriculum, establishing and fostering relationships between (ISC)2 and other professional security organizations, and writing several white papers underscoring the need for software assurance. In his software assurance advisor role, he will continue many of these pursuits in addition to speaking engagements and other opportunities as they arise.
Megan is currently a certified instructor with the SANS Institute as well as a senior engineer with Savvis. She has over 16 years of experience in information technology with an extensive background in secure application infrastructure design/management utilizing Linux and Windows environments for both small and large implementations. Her experience spans several verticals, including financial services, healthcare, education, and telecommunications, allowing her to have a well-rounded understanding of various business needs. Megan holds several professional certifications from Red Hat, Cisco, ISC2, and SANS. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and vendor risk assessments.
David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.
Johannes Ullrich, Ph.D.
Dr. Johannes Ullrich is the Dean of Research and a faculty member of the SANS Technology Institute. In November of 2000, Johannes started the DShield.org project, which he later integrated into the Internet Storm Center. His work with the Internet Storm Center has been widely recognized. In 2004, Network World named him one of the 50 most powerful people in the networking industry. Secure Computing Magazine named him in 2005 one of the Top 5 influential IT security thinkers. His research interests include IPv6, Network Traffic Analysis and Secure Software Development. Johannes is regularly invited to speak at conferences and has been interviewed by major publications, radio as well as TV stations. He is a member of the SANS Technology Institute's Faculty and Administration as well as Curriculum and Long Range Planning Committee. As chief research officer for the SANS Institute, Johannes is currently responsible for the GIAC Gold program. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also maintains a daily security news summary podcast and enjoys blogging about application security.
Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day. - Brad Meyers, Molina Healthcare