Frank Kim is a security leader with over 16 years of experience in information security, risk management, and enterprise IT. He has a passion for developing security strategies and building teams focused on practical solutions to business risks. He currently serves as the curriculum lead for application security at the SANS Institute and is the author and an instructor for the Secure Coding in Java course. Frank is a popular public speaker and has presented at security, software development, and leadership events around the world.
Eric Johnson is a security consultant at Cypress Data Defense and an instructor and contributing author for the SANS DEV544 Secure Coding in.NET course. He previously spent six years performing web application security assessments for a large financial institution and another four years focusing on ASP .NET web development. Other experience includes developing security tools, secure code review, vulnerability assessment, penetration testing, risk assessment, static source code analysis, and security research. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University. Eric currently holds the GSSP-.NET, GWAPT, and CISSP certifications and is located in West Des Moines, IA. Outside the office, Eric enjoys spending time with his wife and daughter, attending Iowa State athletic events, and golfing on the weekends.
Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. He is currently a SANS certified instructor. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.
Gregory Leonard has over 16 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg's responsibilities have included application architecture and security, performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics. Greg is currently focusing on overseeing the integration of secure development practices for his company.
Sri Mallur is a security consultant at a major healthcare provider. Sri has over 15 years of experience in software development and information security. He has designed and developed applications for large companies in the insurance, chemical, and healthcare industries. He has extensive consulting experience from working with one of the big 5. Sri currently focuses on security in SDLC by working with developers, performing security code review, and consulting on projects. He is also currently involved with mobile app security. Sri holds a Masters in industrial engineering from Texas Tech University, Lubbock, TX and an MBA from Cal State University-East Bay, Hayward, CA.
Mano Paul is a seasoned veteran in the discipline of information security, software assurance, and software development, spanning responsibilities that include designing and developing security programs from compliance
to coding, security in the software development lifecycle, risk management, security strategy, awareness, training and education. He is the CEO of SecuRisk Solutions and Express Certifications, companies that specializes in information security training, product development, consulting, and certification assessment. He is also an (ISC)2 appointed software assurance advisor and a member of the Application Security Advisory council. He holds the CISSP, CSSLP, GWAPT, GSSP-.Net, MCSD, MCAD, ECSA and CompTIA Network+ certifications.
Megan is currently a certified instructor with the SANS Institute as well as a senior engineer with Savvis. She has over 16 years of experience in information technology with an extensive background in secure application infrastructure design/management utilizing Linux and Windows environments for both small and large implementations. Her experience spans several verticals, including financial services, healthcare, education, and telecommunications, allowing her to have a well-rounded understanding of various business needs. Megan holds several professional certifications from Red Hat, Cisco, ISC2, and SANS. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and vendor risk assessments.
David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.
Johannes Ullrich, Ph.D.
As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.
Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day. - Brad Meyers, Molina Healthcare