Panel 1: Building a Security Culture
Peter Oehlert is the Director of Product Security at Facebook. Peter has more than fifteen years of experience in application security and development. He spent seven years at Microsoft, during the time in which Microsoft embraced Trustworthy Computing and learned how to build software security at scale. He later worked for a startup as a developer and for security consulting companies, including iSEC Partners. At iSEC, Peter worked across industries with companies large and small, helping them understand and mitigate technical risks. Peter has a special interest in static and dynamic analysis techniques, and he wrote some of the seminal work in fuzzing as that technique dawned.
Adam Shostack is a technologist, entrepreneur, author and game designer. He is a member of the BlackHat Review Board, and helped found the CVE. He is currently building his fifth startup, focused on improving security effectiveness. Previously, at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3, and created the “Elevation of Privilege” game. Adam is the author of “Threat Modeling: Designing for Security,” and the co-author of “The New School of Information Security.”
Matt Thomlinson is the Vice President of Cloud and Enterprise Security at Microsoft. Matt leads the organization responsible for Microsoft’s security response, innovative security protections and attack detection, fundamental Azure datacenter security services, and security analytics, as well as cyber threat intelligence that powers defenses for Microsoft and its products and services. During his two decades at Microsoft, Matt has led many security engineering efforts such as delivering security features into Windows, developer tools, O365, and Azure. In 2003, he directed the creation of Windows XP Service Pack 2. He is former Chairman and 5-year board member of NIST’s Information Security & Privacy Advisory Board (ISPAB). Matt has been recognized as a 2014 Federal 100 winner for his work to secure the US federal government, and a 2015 Computerworld Premier 100 IT Leader. Matt is an inventor/co-inventor on 20+ patents on technologies. Matt holds both master’s and bachelor’s degrees in Electrical Engineering from the University of Washington.
Tarah Wheeler Van Vlack is co-founder and CEO of Fizzmint, an end-to-end employee management company, and the lead author of the book “Women In Tech,” coming March 29th, 2016. She has led projects at Microsoft Game Studios (Halo and Lips), architected systems at Silent Circle, and holds master and developer certifications in agile development through the Scrum Alliance. She founded Red Queen Technologies, LLC (web development), Infosec Unlocked (initiative to add diversity in Infosec conference speakers), the Women In Tech Council (to increase women’s participation in tech conference speaking), and Hack The People Foundation (nonprofit mentorship initiative focused on underprivileged people in technology). Tarah holds an MS from Portland State University and a BA from Carroll College.
Panel 2: Integrating Security into the Development Pipeline
Julian Dunn is a product manager at Chef, a company that provides tools for system and application configuration management. He previously led Chef’s field solutions engineering team and worked on the company’s professional services team. Prior to working at Chef, he was a senior systems engineer at SecondMarket, a New York-based alternative markets startup that is now part of NASDAQ Private Market. He has more than fifteen years of systems administration, product development, and engineering management experience at outfits large and small in diverse sectors such as advertising, broadcasting, Internet security, and video hardware. He is a graduate of the University of Toronto and attended City University of New York.
John Heasman is Senior Director of Software Security at DocuSign, a company that provides electronic signature technology and digital transaction management services. In this role, he supervises key tenets of the SDL: threat modeling, code review, and security training for developers. Prior to joining DocuSign, John spent a decade on the other side of the fence as a lead penetration tester with the NCC Group, consulting to blue chip software vendors and financial institutions. During this time he also co-authored The Database Hacker’s Handbook and The Shellcoder’s Handbook and published ground-breaking research into firmware and kernel-level malware persistence. John has previously spoken at Black Hat, Defcon, CEIC and other security conferences; he holds a master’s degree in Engineering and Computing from Oxford University.
Patrick Lamphere is Director of Security and Compliance at Socrata, a company that leads open data initiatives worldwide to enable government clients to make data publicly accessible and usable. In that role, he is working as a change agent to build an efficient and effective security and compliance team. He has experience working in information security for companies, ranging from startups to Fortune 10 companies, and for large and small governments. He has deep knowledge of global security and privacy laws and regulations, as well as hands-on experience building and running a team that successfully hunted for advanced persistent threat actors (APTs) at Microsoft. He graduated from Central Washington University.
Lunch Presentation: Avoiding Catastrophe: An Introduction to OWASP Proactive Controls
Ian Gorrie is the principal consultant at Locked Networks. He has been providing security consulting for eighteen years, leading projects at all levels of engagement including deeply technical implementations, risk management and strategy, improving security programs, and supporting policy. Ian has provided security consulting to organizations including Palo Alto Networks, Fannie Mae, and Microsoft. He began his career working for web startups and internet service providers. Ian is a chapter leader for the Seattle chapter of the Open Web Application Security Project (OWASP), and is a former director of the Seattle chapter of the Information Systems Security Association (ISSA).
Panel 3: The Business Case for Security
Saira Nayak is Chief Privacy Officer at TUNE, a SAAS-based platform that provides solutions for mobile and performance marketers. Previously, she was Director of Policy at TRUSTe, where she helped define the company’s external policy platform while advocating the TRUSTe position with industry, regulators, and other stakeholders. Before joining TRUSTe, Saira was Principal at Nayak Strategies, where she advised digital era companies on privacy and data security compliance under international, U.S. and state laws. She has also worked in-house at the Microsoft Corporation, practiced antitrust and consumer protection law at Dickstein Shapiro (Washington, DC), and served as Antitrust Counsel for the National Association of Attorneys General (NAAG).
Mike Simon is the Chief Information Security Officer and Chief Technical Officer of Creation Logic. From 1993 to the present, Mike has been building security awareness and improving the security posture for hundreds of companies as Chief Scientist for his own consulting firms. Mike is an adjunct faculty member for the University of Washington and occasionally lectures at Seattle University and the University of Idaho. He sits on the advisory boards for the University of Washington Information School’s Information Assurance certificate program and the University of Idaho’s Computer Science Department. Mike began working in computer security and policy development in 1985 at the University of Idaho, building the network laboratory infrastructure used for the research programs and teaching senior and graduate courses in networking and network topology. He earned a BS in Computer Science from the University of Idaho.
Aravind Swaminathan is a partner at Orrick, Herrington & Sutcliffe and a global co-chair of the firm’s Cybersecurity & Data Privacy practice. Aravind is a former federal prosecutor and trial lawyer with extensive experience in cybersecurity and data breaches and privacy-related matters. Aravind advises clients in proactive assessment and management of cybersecurity risks, breach incident response planning, and cybersecurity corporate governance responsibilities.
Panel 4: Securing the Internet of Things
Tadayoshi Kohno is the Short-Dooley Professor of Computer Science & Engineering at the University of Washington and an Adjunct Associate Professor in the UW Information School. His research focuses on helping protect the security, privacy, and safety of users of current and future generation technologies. Kohno is the recipient of an Alfred P. Sloan Research Fellowship, a U.S. National Science Foundation CAREER Award, and a Technology Review TR-35 Young Innovator Award. Kohno is an alumnus of the U.S. Government’s Defense Science Study Group and a member of the National Academies Forum on Cyber Resilience, the IEEE Center for Secure Design, and the USENIX Security Steering Committee.
Shwetak Patel is the Washington Research Foundation Entrepreneurship Endowed Professor in Computer Science and Engineering and Electrical Engineering at the University of Washington, where he directs the Ubicomp Lab. His work includes developing new sensing systems, energy and water sensing, mobile health, and developing new interaction technologies. Shwetak was a founder of Zensi, Inc., a residential energy monitoring company that was acquired by Belkin, Inc. in 2010. He is also a co-founder of a low-power wireless sensor platform company called SNUPI Technologies and a consumer home sensing product called WallyHome, which was acquired by Sears in 2015. Shwetak is a recipient of a MacArthur Fellowship (2011), Microsoft Research Faculty Fellowship (2011), Sloan Fellowship (2012), TR-35 Award (2009), World Economic Forum Young Global Scientist Award (2013), and NSF Career Award (2013). He was named a 2010 top innovator of the year by Seattle Business Magazine and a Newsmaker of the year by the Puget Sound Business Journal in 2011. Shwetak holds a PhD and BS in Computer Science from the Georgia Institute of Technology.
Arjmand Samuel is a Principal Program Manager at Microsoft, working in the Windows Azure Internet of Things team. In his current role, Arjmand is involved in the design and development of Windows Azure IoT Hub, a scalable framework for connecting, monitoring and controlling millions of IoT assets. In his previous role, Arjmand led external academic collaborations around devices and services research for Microsoft Research, where he developed programs and research initiatives to harness the power of the Internet of Things. He has published in a variety of publications on topics of security, privacy, location aware access control and innovative use of mobile technology. Arjmand has a bachelor’s degree in avionics engineering from NED University of Engineering and Technology, Pakistan; a master’s degree in control engineering from Beijing University of Aeronautics and Astronautics, China; and a PhD in Information Security from Purdue University, USA.
Lorie Wigle leads Intel’s corporate wide IoT security efforts. She works across the business groups to set the strategy and drive execution. Lorie and her team are also very active in industry efforts such as the Industrial Internet Consortium and she helped found the Intel Automotive Security Review Board. Lorie represented Intel on the National Security Telecommunications Advisory Committee’s IoT work, which resulted in recommendations to the White House. In her prior roles at Intel, Lorie has led Intel’s product-related efforts on environment and initiated a number of internal start-up businesses. She has been at Intel for 31 years with the last 2+ on assignment at Intel Security (formerly McAfee). Lorie was named one of the three most powerful women in smart grid by Smart Grid Newsletter and one of top 10 women in sustainability by PINK magazine. In 2011, she received the Sustainable Business Leadership Award from Sustainable Business Oregon. She has an MBA from Portland State University and a BA degree from the University of Oregon.