2010 Speaker Details

The Central Ohio InfoSec Summit is proud to present the following lineup of speakers and topics



Aaron Bedra


Aaron Bedra is a programmer for Relevance, Inc. (http://thinkrelevance.com) in Chapel Hill North Carolina. He is a member of Relevance's audit team as well as serving as a full time project developer. Aaron has worked on large and small software systems utilizing almost every major language and platform. Aaron also contributes heavily to the open source community releasing tools such as Tarantula (http://github.com/relevance/tarantula), a sql injection, xss, and fuzz testing tool, and Castronaut (http://github.com/relevance/castronaut) an implementation of the CAS single sign on and central authentication server.

Ooo: Crypto CUDA
Your Video Card isn't just for Fragging Anymore
 The current trend in hardware evolution has driven software to some incredible places. WIth multicore technology only beginning to show it's potential we have already seen significant strides in the power of our latest software. But with great power comes great hackability! More cores means more potential for evil. NVidia has made it cheap to get all the cores you desire. Watch as Aaron Bedra demonstrates the power of the CUDA framework and shows you that the thing in your computer that draws monsters can also be used to crack passwords with a quickness. You will learn about how the current architectures facilitate these improvements and talk about the some of the upcoming challenges that you face as a security professional over the next few years. You will also learn how to test passwords to determine their likely crackability using some simple software and a few good tweaks.

Back to top

Miki Calero


Miki Calero is Chief Security Officer (CSO) for the City of Columbus, Ohio. He has 19 years of leadership experience, and has held responsibilities for risk management and information security functions in both strategic and tactical capacities. He is a frequent speaker and writer on Information Security and Project Management subjects. Miki Calero holds a Master of Arts in Computer Resources and Information Management from Webster University. He is a Certified Information Security Manager (CISM) and a Project Management Professional (PMP).

Security and Project Management: the Missing Link to Success
At some point in your career as a security professional, you will be asked to implement a system, deploy a technology, develop a process…You may be told, “Get it done!” when you ask for direction, or be provided insightful guidance such as “Good luck!” You will be expected to not spend too much money, meet a deadline, and deliver what was asked.

Back to top

Tim Crawford


Tim Crawford is an internationally renowned thought leader in the areas of Cloud Computing and IT Optimization Strategies. Tim has over 20-years of Information Technology experience in Operations, Infrastructure, Information Security and Core Applications. Areas of focus include Cloud Computing, Infrastructure Optimization and key game-changing strategies for IT organizations. Tim has held senior IT leadership roles with global organizations such as Stanford University, Knight-Ridder, Philips Electronics, and National Semiconductor.

Tim speaks at industry conferences and has written for leading publications including InfoWorld, PC Magazine and VAR Business. Tim also serves on a number of boards including the Society for Information Management (SIM) San Francisco Bay Area Chapter, the Golden Gate University Alumni Association and Data Center Pulse.

Tim received an MBA in International Business with Honors and a Bachelor

Cloud Computing: Information Security’s Collaborative Role: The presentation deconstructs cloud computing into the cloud’s true value proposition. Traditional IT operations are buckling under the increased demand from business organizations. A significant change is needed. With change come new risks. The presentation identifies the risks and opportunities for Information Security while playing a collaborative role.

Back to top

Mick Douglas


Mick Douglas (CISSP, GCIH, GSNA) is the Consulting Systems Engineer for Information Security at OCLC - an international library cooperative based in Dublin, Ohio. He is an instructor for the SANS institute and has taught SANS 504 "Hacker Techniques, Exploits and Incident Handling" and SANS 507 "Auditing Networks, Perimeters & Systems". He is a senior contributor to the PaulDotCom weekly security podcast. While Mick enjoys and actively participates in penetration testing, his true passion is defense -- tweaking existing networks, systems, and applications to keep the bad guys out. In addition to his technical work, Mick jumps at every chance to participate in a social engineering engagement. Mick has a bachelor's degree from The Ohio State University in Communications. In his spare time, you'll likely find him fleeing all things electronic by scuba diving, trying in vain to improve his photography skills, and either hiking or camping. You can follow Mick on Twitter at twitter.com/bettersafetynet .

Smart phones are a smart choice for pen tests: With the size and ubiquity of smart phones, an interesting convergance has happened. Many people now carry around computing platforms that are able to do real meaningful work on a penetration test, but because everyone's using them, you never are suspected of a thing... until it's too late! This talk focus on tools, strategies, and tips you will want to look into -- after all, it could make your next pen test more successful!

Back to top

Joe Greene


Joe Greene is the Director of Information Security at OhioHealth. His professional experience exceeds twelve years in the information security field with ten years of that being in healthcare. To date, he has performed hundreds of vulnerability assessments, penetration tests, and security reviews against target organizations such as banks, credit unions, financial companies, and e-commerce sites. He is well versed in the use and implementation of all major security tools, standards, and systems.

Back to top

Brent Huston


Brent has 20+ years experience in technical information security, risk management and executive consulting. He is an expert in PCI, GLBA, HIPAA/HITECH and other regulatory scope management/reduction, effective security and compliance program creation and enterprise risk management. Author of the 80/20 Rule for InfoSec which details creating security and compliance programs based on leverage and scope management. Developer of HoneyPoint technology and several other software products over the last two decades.

As CEO of MicroSolved, Brent has bootstrapped a company through solely organic growth into a nearly 20 year, multi-million dollar organization doing business on a global scale. Our focus on real-world results, customer service and new technologies to reduce risk has allowed us to become a bleeding-edge leader in our industry.

Brent regularly speaks before industry groups, provide bleeding-edge threat intelligence to Fortune 500 companies and help organizations create, manage and improve their security initiatives. I am an active author, developer and teacher of information security methodologies, tools and techniques that create huge changes in corporate security team effectiveness.

Back to top

Jack Jones


Jack Jones (CISM, CISA, CISSP) has been employed in technology for the past twenty-seven years, and has specialized in information security and risk management for nineteen years. During this time, he’s worked in the United States military, government intelligence, consulting, as well as the financial and insurance industries. Jack has over seven years of experience as a CISO, with five of those years at a Fortune 100 financial services company. His work there was recognized in 2006 when he received the 2006 ISSA Excellence in the Field of Security Practices award. He is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework.

In 2007, Jack was selected as a finalist for the Information Security Executive of the Year, Central United States, and judged the national Information Security Executive of the Year competition. He also has been a member of the ISACA task forces that developed the Risk IT Framework and CRISC

Why compliance is such a pain: The focus on compliance continues to increase for many industries as regulations become more pervasive and stringent. The problem is, compliance is often very difficult to achieve and even tougher to maintain. In this session, Jack explores why compliance is such a tough nut to crack, why the common approach is flawed to begin with, and what organizations can do to successfully achieve and maintain compliance with the things that matter.

Back to top

Jon Miller


Jon is a Director with Accuvant Labs possessing over 12 years of experience in information security consulting; Jon provides leadership into the marketing, sales, and research and development functions of the Accuvant Labs team. Prior to taking over his current role Jon was a Principal Consultant on the Accuvant Labs team, specializing in penetration testing and enterprise level security assessment programs. Jon provides world-class security consulting services to Accuvant clients and he provides technical leadership, direction and strategy to Accuvant’s security assessment services sales organization.

Jon has performed hundreds of penetration tests and enterprise security assessments. His experience includes wireless assessments/penetration testing, threat analysis, application assessments (web and binary), ISO compliance, Visa/MasterCard PCI/SDP, HIPAA compliance, incident response and forensics, physical security auditing, as well as network architecture design and review. His customers include many of the Fortune 500, with professional references that include Intel, T-Mobile, Sears, multiple financial services/banking institutions, multiple federal government agencies, and four of the five largest law firms in the world. Prior to joining Accuvant, Jon served as a member of IBM Internet Security Systems’ X-Force Penetration Testing Team, where he spent 4 1/2 years as a senior consultant and manager. At IBM-ISS, Jon was responsible for managing and engaging in multiple high visibility projects.

Cutting Through the Hype: An Analysis of Application Testing Methodologies: In this presentation we will discuss the different testing methodologies used when assessing the security of both binary applications as well as web-based applications. We will focus on the differences and advantages as they relate to blackbox testing, whitebox testing, graybox testing, reverse engineering, and fuzzing. Unfortunately there is no one testing methodology that provides the best balance of time and accuracy for every application, in this talk we will provide metrics for helping decide what methodology should be used for what types of applications.

Back to top

Kevin Richards, CISSP

President ISSA International


Kevin Richards is the Director of Risk and Security Services for Neohapsis. Kevin has over 18 years of experience in information and cybersecurity, business continuity, and enterprise risk management. Kevin’s expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices. Working with large multi-national corporations, as well as the United States Department of Defense (DoD), Kevin provides an array of technical and practical perspectives on building and protecting an organization’s critical information assets.

The Current State of Cybersecurity: this discussion focuses on the current state of cybersecurity, including current trends and new challenges, as well as ideas and approaches for Cybersecurity moving into a new decade.

Back to top

Gal Shpantzer


Gal Shpantzer is a trusted advisor to CSOs of Fortune 500 corporations, Silicon Valley startups, large universities and international non-profits. Gal has been involved in multiple SANS Institute projects, including co-editing the SANS Newsbites from 2002-2008, presenting SANS@Night talks and revising the E-Warfare course. Gal is a chapter co-author in the upcoming edition of the Information Security Management Handbook and has presented on cyberstalking, digital forensics and mobile device security, and will be presenting at RSA 2010 on the Culture of Security Leadership. CSO magazine will feature Gal as a blogger and columnist in early 2010.

Security Domination via Hard Drive Isolation: Every organization is a reluctant participant in the malware arms-race, investing untold blood and treasure in securing the essentially unsecurable: Commercial general-purpose, fat-client endpoints that are simply inappropriate for certain high-risk business processes. This talk goes through this problem and proposes an alternative approach to the one-size-fits-all desktop. SANS.edu grad students call this approach ROBAM, while Gartner calls it Trusted Portable Personality Devices.

You will learn how leading government, financial and emergency response sector organizations are enabling security while simultaneously extending remote access and mobility to administrators as well as end users. Several specific use-cases are outlined and demonstrated in this talk.

Back to top

Paul Stamp


Paul Stamp is the Senior Manager of Product Marketing for the Information and Event Management Group at RSA. In this role, Paul is responsible for reinforcing RSA's position as a market leader in the Security Information and Event Management space. Paul has been active in the information security industry for the past 11 years, and is regularly featured in the media, including NPR Marketplace, Wall Street Journal, New York Times, Washington Post and a host of industry publications. Prior to joining RSA, Paul was Principal Analyst for Forrester Research, covering security information and event management and data security, and a security architect with Unisys Corporation. Paul holds an MA (Oxon) in Mathematics from Oxford University

Reducing the cost of compliance, even as regulatory pressures increase: This session will focus on devising an efficient and cost effective way to stay current and compliant with the ever-increasing number of regulations that effect your business. It will focus on how companies satisfy multiple regulations with the leanest set of controls, leverage best practices across IT and business domain, and how this allows them to become more flexible and use their compliance resources more effectively.

Back to top

Hord Tipton

(ISC)² Executive Director



Is the Earth Moving under Your Feet?
The Shifting Legislative Landscape and Its Impact on Cybersecurity:
Just months after the Obama Administration’s appointment of a Cybersecurity Coordinator, the legislative landscape continues to shift. Join Hord Tipton, (ISC)² Executive Director and former CIO for the U.S. Department of the Interior, for a discussion of the Administration’s progress with cybersecurity initiatives and pending legislation and their impact on the information security workforce. He’ll cite results from the organization’s 2nd annual survey of Federal CISOs, titled “State of Cybersecurity from the Federal CISO’s Perspective – An (ISC)² Report”, which will be released the opening day of the Summit.

Back to top

Dino Tsibouris


Dino Tsibouris is the founding principal of the law firm Tsibouris & Associates, LLC. His practice concentrates in the area of technology and intellectual property law with specific expertise in electronic commerce, online financial services, licensing, and privacy law. In addition, Mr. Tsibouris' practice includes the implementation of electronic signatures, records management and information security.

He was previously an attorney with Thompson Hine LLP and a Vice President and Counsel for eCommerce and Technology at Bank One Corporation (now JPMorgan Chase).

He has conducted CLE and trade association presentations on various e-banking and e-commerce matters, and he has participated in many regulatory and industry task forces addressing new legislation.

Mr. Tsibouris was selected to be listed in the 2007, 2008, and 2009 editions of The Best Lawyers in America in the area of Technology Law.

Law relating to security, privacy, and its effects on technology: Dino Tsibouris and Mehmet Munur from Tsibouris & Associates, LLC will focus on the latest developments in privacy and security legal compliance enforcement and the impact of information security in the E-Discovery process in litigation. We will look at the recent state law enforcement of HIPAA under the HITECH Act and provide examples of E-Discovery problems and sanctions associated with litigation holds, security, deletion, and access issues. The presentation will also provide examples of new developments in the law relating to security, privacy, and its effects on technology.

Back to top

Jeff Williams


Jeff Williams is the founder and CEO of Aspect Security, a leading provider of security code review, penetration testing, training, eLearning, and other application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP) where he has made extensive contributions, including the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, Application Security Verification Standard, OWASP Risk Rating Methodology, starting the worldwide local chapters program, and starting the Rugged Software movement.

Back to top