Jack, the lead author of The Shellcoder's Handbook: Discovering and Exploiting Security Holes, is a Senior Instructor and Security Program Manager at InfoSec Institute, a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP and Citibank on how to better secure their networks and applications.

When not teaching hacking classes, Jack regularly performs penetration tests and application security assessments for a number of clients. He has years of private vulnerability development and exploitation experience for his customers and himself. Jack is also the author of Intrusion Detection with Snort , one of the best selling security books in its first year of publication, 2003. The book has been translated into several languages, including French and Japanese , and has received rave reviews from Linux Journal , Slashdot and Information Security Magazine. Jack has appeared in USA Today, CNN, MSNBC, First Business and other media outlets for his expert opinions on information security.

View Jack Koziol's Ethical Hacking and Computer Forensics Blog

Mr. Andreu is the author of "Professional Pen Testing Web Applications", published by Wrox.

Mr. Andreu, a Cuban born American with a diverse background, comes from a strong Federal Government background. He served the United States of America in Information Technology and Security capacities, from 1991 to 2000, where he was the recipient of numerous Deprtment of Justice awards.

He holds a Bachelors Degree in Computer Science, graduating Summa Cum Laude with a 3.9 GPA from the American College of Computer and Informational Sciences. His employment is in the enterprise software space where he specializes in software / data security and cryptography. His experience comes from having architected and engineered, with a distinct focus on security, numerous software solutions for business and government/intelligence entities.

Mr.Andreu specializes in software, application, & web services security working with XML security, TCP and HTTP(S) level proxying technology, and strong encryption. He has many years of experience with technologies like LDAP, Web Services (SOA, SOAP, etc), enterprise applications, & application integration.

Publications authored by Mr. Andreu:

Using LDAP to solve one company's problem of uncontrolled user data and passwords

"Salted Hashes Demystified" - This paper is featured on:
    OWASP
    SecurityDocs
    IT Toolbox
    Infosec Writers

Open Source projects authored by Mr. Andreu:
    CSV2LDIF
    XML2LDAP
    WSFuzzer

Dan is currently one of the Senior Instructors at InfoSec Institute specializing in advanced technical training. He has an extensive background and interest in vulnerability research, secure coding, protocol analysis and cryptography. He also has experience in red team and deception operations, Information Operations and Information Warfare. Much of Dan's research remains classified. He has assisted several high profile cyber investigations including Solar Sunrise.

Prior to his current position, Dan spent over 10 years running SIGINT operations for the United States Navy; collecting network based intelligence on such targets as narcotics traffickers, nuclear proliferation operations and counterterrorism targets. He spent 4 years at the NSA (National Security Agency) conducting vulnerability research and supporting national cyber intelligence operations. Dan also served as the Director of Security at MFS Investment Management in Boston, MA.

Dan completed his graduate studies at the Naval Postgraduate School and did extensive research into computational trust models. He also studied and taught at the National Cryptologic School. Dan has spoken at such venues as RSA, Gartner, and CSI.

Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare.  Starting his career in 1995 Mr. Martin has worked with fortune 200 companies and Federal Government agencies, receiving a number of awards for service.  Jeremy is a published author, teaches, and speaks at security conferences around the world.  Current projects include vulnerability analysis, threat profiling, exploitation automation, anti-forensics, and reverse engineering malware. 

Mr. Martin currently holds over 20 professional certifications including: CISSP-ISSAP/ISSMP, NSA-IAM/IEM, CEI-CHFI/CEH/CNDA/ECSA/LPT, IPTQ/IPTE, CASS, CHS-III, ACSA, Network+/A+

He is active in the Information Security/Assurance world and is the current President for the Open Information Systems Security Group (OISSG) while sitting on the Board of Directors for Denver’s Infragard chapter.  Jeremy is also an active member of the Business Espionage Controls & Countermeasures Association.

Nathan has been teaching computer forensics courses at the University and Corporate level since 1995. Prior to 1995 Nathan served in the US Army, where he spent six years as a military police investigator specializing in computer forensics. He holds a MBA in Computer Business Information Systems and several Industry certifications such as CHFI, CISSP, CCNP, and MCSE. In addition to teaching with InfoSec Institute, he also teaches the Computer Forensics Examiner (CFE) course at Southern Methodist University. Nathan currently works in the Computer Forensics field, working on high profile multi-million dollar intellectual property theft cases. In addition to Computer Forensics he teaches courses for certification in CISSP, CCNP, MCSE, Ethical Hacking, Wireless Security, and Security+.

Trevor has 12 years of information security experience in various roles.  Trevor specializes in risk management, application and infrastructure vulnerability assessment, penetration testing, wireless security and incident response.  He is also a regular instructor of the Certified Ethical Hacker (CEH) training course.  Previously he was a Senior Security Consultant with Cybertrust (Formerly TruSecure) where he performed information security assessments for organizations across multiple industries.  Prior to Cybertrust Trevor was a Security Engineer at UUNET Technologies where he was heavily involved in DDoS Attack mitigation, protection of critical infrastructure and special security projects.  While at UUNET, Trevor gave bi-annual presentations to the FBI’s NIPC group at the FBI Training Academy in Quantico, VA.  Additionally he provided training and presentations to the US Secret Service, Florida Department of Law Enforcement, and the Mid-Atlantic chapter of the Hi-Tech Crime Investigation Association.  Trevor also worked for EarthLink Network, Inc. as the first Network Abuse Administrator where he responded to reports of spamming, hacking, fraud and other threats.

Dan Moniz has over ten years experience in information security, and is a former member of The Shmoo Group. He has spoken at security industry conferences including Defcon, ShmooCon, ToorCon, The Intelligence Summit, and The Black Hat Briefings in both Las Vegas and Tokyo.

In addition, he has provided security training for audiences at global Fortune 50 companies. He previously held positions at Alexa Internet (an Amazon.com company), The Electronic Frontier Foundation, Cloudmark, and Viasec.

Peter Thermos has worked in the information security and assurance area since 1995, when he started working for Bellcore (now Telcordia). Peter acts as the lead technical expert on various tasks (for commercial and government organizations) associated with information security and assurance, including security risk assessments, standards and requirements development, ISO 17799 assessments, network security architecture, and organizational security strategy. In addition, Peter has been the principal investigator on research tasks, in the area of Internet Multimedia and Next Generation Networks and security, that were are funded by government organizations such as NIST (National Institute of Standards and Technology) and LTS (Lab for Telecommunication Sciences).

At LTS, Peter performed research for Telecommunication Sciences in the area of VoIP. The support included development and testing of protocols (e.g. SIP, STUN), developing reports and giving presentations to interested LTS audience and participating on online IETF discussions (e.g. MIDCOM IETF Working Group) to reflect findings to improve the protocols under investigation.

At NIST the project was divided into four sub-tasks, for which Peter acted as the lead researcher and manager on two. The tasks included: 1) Identification and evaluation of NGN/VoIP technologies, including protocols and components; 2) Development of advanced protection profiles for next generation networks; 3) Development of an anomaly detection capability for NGN/VoIP signaling gateways and a study of their behaviors, including detection, suppression, scalability, and manageability; and 4) Design and implementation of an enterprise VoIP (Voice over IP) network to study the effects of using IPSec to protect SIP signaling. Peter also lead the information security assessment exercises for the 2004 Athens Olympics telecommunications network provided by OTE (Greek telecommunications provider). Peter holds a Masters of Science in Computer Science from Columbia University and is a member of ACM and IEEE.

Peter is also the organizer for the Voice over Packet Security Consortium, you can view the VoPSecurity website here:

In addition, Peter has written one of the top technical articles on SIP security attacks.

Nate has 12 years of information security experience in government and commercial markets, including security architecture and design for large networks, risk management, application security assessment, vulnerability and penetration testing and wireless security assessment engagements.  Nate is a regular instructor of the Certified Ethical Hacker (CEH) training course.  Previously, he was employed as a Senior Security Consultant at Cybertrust, performing many types of engagements primarily focusing on web application security assessments and delivering web application security testing training.
Prior to working at Cybertrust, Nate worked at International Network Services as a Senior Network Security Consultant and performed many engagements including penetration testing, vulnerability assessments, secure network design and implementation.  Prior to that, he was employed by a large Government Contractor and was involved in a number of secure network deployment projects for Federal, State, and Local Law Enforcement Agencies.

Danny Quist is the co-founder of Offensive Computing, LLC. He is a PhD candidate at New Mexico Tech working on automated analysis methods for malware with software and hardware assisted techniques. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults with both private and public sectors on system and network security. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems.

Danny is a part-time instructor for the University of New Mexico. He has also taught courses at the New Mexico Institute of Mining and Technology, as well as delivered several colloquium talks at various institutes. A listing of Danny's publications are:

1. D. Quist, "Reverse Engineering Software Armoring", Insecure Magazine, July 2008, pp 17-20
2. D. Quist, "Reverse Engineering Malware and Commercial Software Armoring", RSA 2008 Conference, San Francisco, CA  
3. V. Smith, D. Quist, "Malware Economics", $-Gard 2008 Conference Invited Talk, Albuquerque, NM
4. D. Quist, V. Smith, "Malware Software Armoring Circumvention", Shmoocon 2008, Washington, DC
5. D. Quist, M. Fisk, E. Gavrilov, "Network Topology Mapper", United States Patent 7,319,677
6. D. Quist, A. Clark, "Security Vulnerabilities in the Sun Ray Device Manager Daemon", December 2007, Sun Vulnerability Document ID 201227
7. D. Quist, V. Smith, "Covert Debugging: Circumventing Software Armoring", Blackhat USA 2007 / Defcon 15, Las Vegas, NV
8. D. Quist, V. Smith, "Further Down the VM Spiral", Offensive Computing, 2006
9. V. Smith, D. Quist, "Hacking Malware: Offense Is the new Defense", Defcon 14, 2006
10. D. Quist, V. Smith, "Generically Determining the Presence of Virtual Machines", Offensive Computing, 2006
    
    

Terrence has worked in Information Security in both the public and private sector for over 9 years. He has public and "private" vulnerability discovery and development experience. Terrence is often called upon by Fortune 100 companies to assess security of mission critical information systems, such as ATM, cellular base station, and wire transfer software. He regularly performs penetration tests for national financial institutions, hedge funds, and insurance providers. Terrence was the top rated ethical hacking instructor at his previous employer. He graduated with summa cum laude from Stanford University with a bachelor's degree in computer science.