Blogroll

Maury Shenk, TMT Advisor at Steptoe and Johnson, working with a focus on intellectual property, information security and encryption issues, has agreed to be interviewed for the Security Thought Leadership project, Maury has also recently embarked on a consultancy business to build on new approaches for realizing value in technology and intellectual property He has agreed to be interviewed for the Security Thought Leadership project, and we certainly thank Maury for his time.

Veracode’s CTO and Co-Founder, Chris Wysopal, was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley.

Amir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. His company's booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, but specifically in the virtual environment.

Ed Hammersla has a background in trusted systems, as in the Orange Book. He understands the mechanics of low to high information transfer.

With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.

Amit Klein, CTO of Trusteer, a provider of web browser security technology, tells us about himself and his current project, Rapport. It is designed to secure online transactions between compromised desktops and trusted financial websites.

Stephen could certainly use your help in finding security thought leaders. If you know someone special that has made a major contribution to the field, please download our Security Thought Leader Interview framework, we'd love to learn more about them.

Tenable's Ron Gula gives us an update on Nessus which now performs many of the industry standard web application tests such as SQL injection and Cross Site Scripting analysis. This, combined with Tenable's database, application and operating system configuration audits, can provide a much deeper form of analysis than pure black-box testing.

A.N. Ananth, CEO of Prism Microsystems, Inc. was one of the original architects of the EventTracker product offering, Prism’s enterprise log management solution.

Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent update to their product to include web application testing, the latest web attack techniques, and his security philosophy.

Jeremiah Grossman, founder and CTO of WhiteHat Security, talks with Stephen Northcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment and management.

Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.

Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.

John Pirc from IBM's Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.

We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.

At larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had a great chat. They are a DNSSEC vendor who sells a product based on the HP Itanium architecture. The more they talked, the more I learned about an incredible guy, a security thought leader named Bill Worley, so please let me introduce you to Bill.

One of the important concepts that we want to explore in security thought leadership is the idea of group or team thought leadership. And so we are looking for examples of teams that exhibited security thought leadership. Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill, was on a team that exhibits many of the characteristics of security thought leadership.

Amrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before, we are sure you will find he has some interesting out of the box opinions.

Andrew Hay, one of the authors of the popular OSSEC Host-Based Intrusion Detection Guide and upcoming Nagios 3 Enterprise Network Monitoring book has agreed to be interviewed for the SANS Security Thought Leader series.

The Security Laboratory is pleased to interview Dr. Gene Schultz, one of the most experienced security practitioners in the field.