Michele Orru' a.k.a. antisnatchor is an IT and ITalian security guy who works as a Penetration Tester for The Royal Bank of Scotland Group in Warsaw, Poland. He mainly focuses his research on web application security. Besides his nasty passion about black, gray, white hat hacking and BeEF (being one of the most active core developers) he enjoys to leave alone his Mac while fishing on salted water and praying for Kubrick resurrection.

Aseem "@" Jakhar is the chief researcher at Payatu Labs, a startup in information security trainings and consulting, with extensive experience in system programming, security research and consulting. He has worked on various security products and tools. He has been a speaker at various security conferences including Xcon, Blackhat EU, Clubhack, IBM Security & Privacy Bangalore, Cocon, ISACA Bangalore, Bangalore Cyber secuity summit, National Police Academy Cyber crime seminar Hyderabad. He is also the founder of null - The open security community (registered not-for-profit organization, http://null.co.in). The focus and mission of null is advanced security research, awareness and assisting Govt./private organizations with security issues. null currently has eight active chapters throughout India and is now planning to expand outside India as well. One of the null initiatives is nullcon security conference http://nullcon.net which is a favourite go-to destination for hackers and security professionals in the Indian sub-continent.

I focus on securing large scale distributed production software across Yahoo! networks. My team is responsible for building and maintaining all software tools and libraries that are used by engineers across Yahoo! to build secure products. My team also conducts security reviews of major product initiatives across Yahoo! to ensure they are secure by design and implementation, and are in compliance with Yahoo! application security policy and guidelines. We also provide training and support to Yahoo! developers to educate them on most common security vulnerabilities and show them best practices to mitigate them.

Bishan (Bish) is from the Yahoo security group, called Paranoids. In his current role, he works with engineers at Yahoo SDC Bangalore to build secure and defensible applications. His role transcends to various groups at Yahoo from Ads, Media, Open Social to Cloud Security. In his early years, he founded and lead the security consulting business for a start-up, Sumeru, later heading the application security practice at IBM GBS. More recently, Bishan was with Foundstone (a division of McAfee) where he worked as Principal Consultant.

Kanwal K. Mookhey (CISA, CISSP, CISM) is the Principal Consultant and Founder at Network Intelligence as well as the Founder of The Institute of Information Security. He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients such as the The Indian Navy, The United Nations, Abu Dhabi & Dubai Stock Exchanges, State Bank of India, Saudi Telecom, Capgemini, BNP Paribas, the Mumbai Crime Branch and manyothers.

His skills and know-how encompass risk management, compliance, business continuity, application security, computer forensics, and penetration testing. He is well-versed with international standards such as COBIT, ISO 27001, PCI DSS, BS 25999, and ITIL / ISO 20000.

He is the author of two books (Linux Security And Controls by ISACA, and Metasploit Framework, by Syngress Publishing), and of numerous articles on information security. He has also presented at conferences such as OWASP, Blackhat, Interop, IT Underground and others.

Nithya is a threat researcher at Symantec, with a focus on web based threats. She has over 6 years of experience in the field of information security, and has been working with the Norton Safe Web product over the past 3 years. She has done extensive research on search engine optimization poisoning and has developed the detection methodology (patent pending) implemented in Norton Safe Web. She has been involved in research and detection of various other web based threats including malware on social networks. During the course of her career, she has also worked on vulnerability scanning/assessment and application security.

Qualifications: BE(CSE), CISM, CISSP, CEH, ISO27001-Implementation, Security+

Web security researcher specialized in the discovery and exploitation of HTML5 vulnerabilities. Author of multiple recognized HTML5/UI redressing attack vectors. Penetration Tester with Securing.pl. IT security trainer with Niebezpiecznik.pl and author of the "Hacking HTML5" training program.

Experienced web application developer, has created secure e-commerce systems, intranet and social networking applications. Contributes to various open-source projects and also develops his own open-source solutions - http://github.com/koto

Vivek is a world renowned security researcher and evangelist. His expertise includes computer and network security, exploit research, wireless security, computer forensics, embedded systems security, compliance and e-Governance. He is the author of the books � "Wireless Penetration Testing using Backtrack" and "The Metasploit Megaprimer", both up for worldwide release in 2011. Vivek is a B.Tech from IIT Guwahati and an advisor to the computer science department's Security Lab.

Vivek is an internationally acclaimed speaker and has spoken in dozens of conferences worldwide. Some of his well known talks include � "WEP Cloaking Exposed" at Defcon 15, Las Vegas, USA and "The Caffe Latte Attack" at Toorcon, San Diego, USA. Both these talks were covered extensively by international media including BBC Online, Network World, The Register, Mac World, Computer Online etc.

In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. The competition was aimed at finding leading Security Experts in India. Vivek was also awarded a Team Achievement Award by Cisco Systems for his contribution to the 802.1x and Port Security modules in the Catalyst 6500 series of switches. These are high end security features used in Enterprises.

He is well known in the hacking and security community as the founder of SecurityTube.net, a free video based computer security education portal. SecurityTube gets an estimated 100,000 monthly visitors and is considered one of top sites for security education. Vivek's videos on Wireless Megaprimer, Exploit Research, Assembly Language Programming, Buffer Overflows, Metasploit videos etc. have received thousands of views and hundreds of appreciating comments from the community.

With more than 28 years of counterintelligence and security experience, Tony Rucci currently in IC Programs for the Global Security Directorate (GSD) at the Oak Ridge National Laboratory (ORNL), Department of Energy, Oak Ridge, Tennessee. Mr. Rucci was hired by ORNL in 2004 as a Technical Security and Intelligence Programs Manager to spearhead the design and accreditation of the Multiprogram Research Facility. After accreditation, Mr. Rucci served as the Director of Intelligence Operations and in 2007, assumed responsibilities as the Collection Manager and Cyber Initiatives. In 2010, was given an opportunity to reach back to his community of interest and become an IC Programs Developer for the Global Security Directorate.

Prior to his employment with ORNL, Mr. Rucci retired after 21 years as a United States Army Counterintelligence (CI) Warrant Officer / Special Agent, having served in a variety of leadership positions and conducted numerous security and espionage investigations to protect our national interests, culminating with his final assignment as the Counterintelligence Operations Officer for the Director of Security, White House Military Office.

During the attacks of 11 September 2001, Mr. Rucci and the Director of Security quickly formulated a plan of action and implemented it. Mr. Rucci relocated with the First Lady where he served as the military support officer providing critical assistance in establishing contact between the President and the First Lady. He also used his extensive knowledge of communications protocol and continuity of government plans to help the United States Secret Service interact with Department of Defense elements to develop plans to provide for the safety of the First Lady.

Mr. Rucci was the lead counterintelligence officer on over 70 Presidential visits to foreign countries. During these trips, he performed diverse tasks to ensure the White House Military Office mission was successfully performed, provided force protection measures to ensure the security of military forces, provided critical intelligence to the Military Aide to the President and the United States Secret Service, which affected the President of the United States. Mr. Rucci accomplished this by fusing disparate information from national intelligence agencies, host country law enforcement agencies, and Department of State personnel into a coherent, succinct threat picture.

Mr. Rucci retired from the U.S. Army and left the White House in December 2004 but continues to serve the intelligence community and national security efforts in his current capacity with Oak Ridge National Laboratory. Tony speaks regularly at government and industry events on such topics as Critical Infrastructure Protection, Spear Phishing, Social Networking and Insider Threats. Mr. Rucci and his Pam are �Proud Empty Nesters� and reside in Knoxville, Tennessee.

Vipin is an independent security consultant and analyst at NVLabs. He has experience in system and network security as well as programming and project design. He likes to develop specialized software and/or stuffs related to windows kernel. He holds MCSE and a Bachelor of Technology in Computer Science. His previous work consists of bootkit,vbootkit,nvbit- Bitlocker Volumes access tool from linux.

Nitin is an independent Security Engineer and researcher at NVLabs. He has been involved in Network Security Analysis and Penetration Techniques. He likes reverse engineering, researching OS and Network Security. He is a recent graduate in Bachelor of Technology, Computer Science and holds RHCE certification. His clients include some of mostreputed organizations. His previous work consists of bootkit, vbootkit, nvbit- Bitlocker Volumes access tool from linux.

Lavakumar is a Web Security Researcher with over 5 years of Penetration testing experience. He has authored multiple security tools like 'Shell of the Future', JS-Recon, Imposter and the HTLM5 based Distributed Computing System - Ravan. He has discovered several novel attacks, one of his techniques was voted by peers and experts as the 5th best 'hack' of 2010. His works have been covered by leading media portals including the Forbes. All his research and tools are available at the Attack and Defense Labs website. He has spoken at multiple conferences like BlackHat, OWASP AppSec Asia & SecurityByte 2009, ClubHack, NullCon etc on topics ranging from browser exploitation to HTML5 Security.

John Bumgarner is the Research Director for Security Technology and Chief Technology Officer of the U.S. Cyber Consequences Unit, an independent, non-profit research organization that investigates the strategic and economic consequences of cyber attacks. He has over 20 years of work experience in information security, military special operations, intelligence, and physical security. His private sector certifications include CISSP, GIAC (Gold), and duel Masters degrees in Information Systems Management and Security Management.

In John's work as a security researcher, he has discovered many widely discussed cyber vulnerabilities, uncovered many previously undetected cyber attacks, and invented important new cyber-attack techniques. He has served as an expert source for national and international news organizations, including Business Week, BBC, CBS, CNN, The Los Angeles Times, The Wall Street Journal, and The Guardian in London. His articles have appeared in the journal of the Information System Security Association, the Homeland Security Journal, the Information Operations Journal, the Counter Terrorist magazine, the Asia-Pacific Defense Forum and other leading security publications.

John is the author of the U.S. Cyber Consequences Unit's much-acclaimed analysis of the August 2008 cyber campaign against Georgia. He is also the co-author, along with Scott Borg, of the US-CCU Cyber Security Check List, which is currently used by cyber security professionals in over eighty countries.

John is a popular speaker, who has addressed many conventions and conferences, including the Network Centric Warfare conference in Brussels, the Cyber Defense conference in Denmark, the Cyber Conflict Policy and Legal conference in Estonia, the World Cyber Security Technology Research Summit in Ireland, the Cyber Warfare conference in London, and the National Defense Industrial Association Cyber Security Symposium in the United States.

The institutions where he has been a guest lecturer include the Center on Terrorism and Irregular Warfare at the Naval Postgraduate School and the International Security Studies Program at the Fletcher School. He is featured in the International Spy Museum's �Weapons of Mass Disruption� cyber warfare exhibit in Washington, D.C.

During his distinguished military career he received approximately three dozen decorations and awards, including the Meritorious Service Medal, the Army Commendation Medal, the Army Achievement Medal, the Navy and Marine Corps Achievement Medal.

John McColl is a Security Consultant for Security-Assessment.com based in Auckland New Zealand. John specializes in telecommunications systems and regularly performs security audits of PBX, Voicemail and other Telecommunications systems.

Bio coming soon.

Deral Heiland CISSP, serves as a Senior Security Engineer at CDW where he is responsible for security assessments, and consulting for corporations and government agencies. In addition, Deral is the founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral is also a member of the foofus.net security team, a group of security professionals focused on penetration testing, security research and tool development. Deral has also presented at numerous conferences including ShmooCon, Defcon, AFCEA InfoTech, Ohio Digital Government Summit. Deral has also spoken on a number of occasions as a guest speaker at various universities including University of Wisconsin, University of Northern Kentucky, Murray State University and also been a guest lecturer at the Airforce Institute of Technology (AFIT). Deral has over 18 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst where he was responsible for delivering security guidance and leadership in the area of risk and vulnerability management for a global Fortune 500 manufacturer.

Kishor has total 7 yrs of experience in Information Security and provided consulting services for variety of International, domestic clients. His clientele includes Financial Institutes, Largest Government Bank in India, Largest private sector bank in India, County government of California, Share Broking Firm, Chamber of Commerce in Middle East, Largest car Distributor in KSA, U nited Nations, Google Store, Stock Exchange, Credit Card Processing Organizations, Largest Cell Phone Manufacturer, Software Firms, and many more private sector companies.

Kishor has discovered / reported vulnerabilities in various applications such as:

• Yahoo
• Hotmail MSN
• Orkut (beta version)
• Oracle Applications Server 11i
• Flexcube (I-Flex Solutions)
• Orkut Worm

Kishor holds his Masters degree in Computer Science (M.C.S.) from Pune University. He is a Certified in BS7799-2 Implementation and Assessment.

Bryan K. Fite a committed security practitioner and entrepreneur is currently a Global Program Security & Compliance Director with British Telecom (BT). Having spent over 20 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn't. Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor. "The challenges facing organizations today require a business reasonable approach to managing risk and protecting information assets."

Professional Highlights

• Founded Meshco� Producers of PacketWars�
• Introduced Forensix� computer forensics collection, analysis and visualization suite
• Released AFIRM: Active Forensic Intelligent Response Method to the general public
• Founded GETSecure� a full service security practice; products, professional services, managed services and training.
• Co-Founded SecureIT� (acquired by Verisign) a pure play security practice; products, services and training

Mr. Marshall, a member of the Senior Cryptologic Executive Service (SES) and the Defense Intelligence Senior Executive Service (DISES) is the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he leads the direction of the following programs: National Cybersecurity Education Strategy; Software Assurance; Research and Standards Integration; Supply Chain Risk Management; and Cybersecurity Education and Workforce Development.

Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shaped the passage of the revised Foreign Intelligence Surveillance Act and was instrumental in shaping the Comprehensive National Cybersecurity Initiative.

In 2001, Mr. Marshall was selected by Dick Clarke, the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing, coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures. He persuasively articulated the business case for enhancing information assurance in government and private sectors, and championed national outreach and awareness of information assurance issues to key stakeholders such as owners and operators of critical infrastructures, opinion influencers, business leaders, and government officials.

George Nicolaou works as an independent security consultant and researcher, he received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK in which he pursued research involving malware and vulnerability analysis. Additionally, George is the head of Research and Development department of the Astalavista community for many years now. His interests involve Reverse Engineering, Malware Analysis, Penetration Testing, Cryptography, various sports such as martial arts and socialising.

Hord Tipton is the former chief information officer for the U.S. Department of the Interior. He is now a board member for ISC2, the organization that maintains the certified information security engineering professional exam and credentialing process. In January 2007, he retired from the government to become president of Ironman Technologies. He previously served as CIO in the Bureau of Land Management's Energy and Minerals, and Resource Use and Protection. He also served as state director for the Bureau of Land Protection, director for offshore minerals and international affairs for the Minerals Management Service, and as acting director of the Office of Surface Mining and Reclamation and Enforcement. Tipton holds a master's degree in engineering administration from the University of Tennessee. He received the President's Meritorious Service Rank Award and the Silver Executive Leadership Award from the Secretary of the Interior.

Sanjay Bavisi is the Co-Founder and President of EC-Council, a global Leader in Information Security Education, Training, and Certification. He is the Co-founder of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensic Investigator (C|HFI), Secure Analyst (E|CSA), and Licensed Penetration Tester (L|PT) programs. With 27 Infosec facing certifications in all, ECC's direct interest is in supporting the global need for Security Certified Professionals in the realm of Ethical Hacking among many other domains.

He is an Information Security Evangelist and Information Security Architect that shares the platform with law and policy makers at various international conferences and seminars. His key expertise is in the area of Ethical Hacking, Information Assurance and Computer Forensics with a special focus in the government space internationally.Jay is also a contributing author of the Computer and Information Security Handbook published by Elsevier in 2009.

Alexander Polyakov aka @sh2kerr, CTO at ERPSCAN, head of DSecRG and architect of ERPSCAN Security scanner for SAP. His expertise covers security of enterprise business-critical software like ERP, CRM, SRM, RDBMS, banking and processing software. He is the manager of OWASP-EAS ( OWASP subproject), a well-known security expert of the enterprise applications of such vendors as SAP and Oracle, who published a significant number of the vulnerabilities found in the applications of these vendors. He is the writer of multiple whitepapers devoted to information security research, and the author of the book "Oracle Security from the Eye of the Auditor: Attack and Defense" (in Russian). He is also one of the contributors to Oracle with Metasploit project. Alexander spoke at the international conferences like BlackHat, HITB (EU/ASIA), Source, DeepSec, CONFidence, Troopers.