Jack Koziol
Senior Instructor

Jack, the lead author of The Shellcoder's Handbook: Discovering and Exploiting Security Holes, is a Senior Instructor and Security Program Manager at InfoSec Institute, a provider of advanced ethical hacking training. He regularly is called upon to train members of the United States intelligence community, military, and federal law enforcement agencies. Additionally, Jack provides training for Fortune 500 companies, such as Microsoft, HP and Citibank on how to better secure their networks and applications.

When not teaching hacking classes, Jack regularly performs penetration tests and application security assessments for a number of clients. He has years of private vulnerability development and exploitation experience for his customers and himself. Jack is also the author of Intrusion Detection with Snort , one of the best selling security books in its first year of publication, 2003. The book has been translated into several languages, including French and Japanese , and has received rave reviews from Linux Journal , Slashdot and Information Security Magazine. Jack has appeared in USA Today, CNN, MSNBC, First Business and other media outlets for his expert opinions on information security.

View Jack Koziol's Ethical Hacking and Computer Forensics Blog

Josh Daymont
Senior Instructor

Josh has a proven track record of information security technical and business leadership, including groundbreaking published research, new product development and launches, as well as P&L responsibility for several regional North American information security consulting practices. Josh has held senior-level Security Researcher positions at ISS, McAfee and Fortify Software. He most recently held the position of Director of Research at SecureWorks,Inc, one of the largest Managed Security Service Providers (MSSPs) in North America.

Josh has discovered many vulnerabilities for private and public institutions. Some of his public vulnerability research can be found through a number of high-profile vulnerability advisories. As one of the founding members of the highly regarded ISS X-Force security research team, Josh discovered the PCNFSD vulnerabilities over 10 years ago. He also discovered the high-impact NIS vulnerabilities while conducting research at ISS .

Josh is frequently invited to speak at industry leading conferences, such as RSA, Black Hat Briefings, OWASP, Toorcon, WIB and many others. Josh has also been quoted frequently in the tech media from media outlets such as Information Security Magazine for subjects on Email Privacy, Web Compression Vulnerabilities, and iPod exploits.

Josh holds a BBA from Temple University in Philadelphia, and a Masters in Information Technology from the Georgia Institute of Technology.

Andres Andreu
Senior Instructor

Mr. Andreu is the author of "Professional Pen Testing Web Applications", published by Wrox.

Mr. Andreu, a Cuban born American with a diverse background, comes from a strong Federal Government background. He served the United States of America in Information Technology and Security capacities, from 1991 to 2000, where he was the recipient of numerous Deprtment of Justice awards.

He holds a Bachelors Degree in Computer Science, graduating Summa Cum Laude with a 3.9 GPA from the American College of Computer and Informational Sciences. His employment is in the enterprise software space where he specializes in software / data security and cryptography. His experience comes from having architected and engineered, with a distinct focus on security, numerous software solutions for business and government/intelligence entities.

Mr.Andreu specializes in software, application, & web services security working with XML security, TCP and HTTP(S) level proxying technology, and strong encryption. He has many years of experience with technologies like LDAP, Web Services (SOA, SOAP, etc), enterprise applications, & application integration.

Publications authored by Mr. Andreu:

∞  Using LDAP to solve one company's problem of uncontrolled user data and passwords

∞  "Salted Hashes Demystified" - This paper is featured on:

        OWASP

        SecurityDocs

        IT Toolbox

        Infosec Writers

Open Source projects authored by Mr. Andreu:

∞  CSV2LDIF

∞  XML2LDAP

∞  WSFuzzer

Dan Hestad
Senior Instructor

Dan is currently the director of the Advanced Threat Analysis Center (ATAC) for Northrop Grumman Corporation. He has an extensive background and interest in vulnerability research, secure coding, protocol analysis and cryptography. He also has experience in red team and deception operations, Information Operations and Information Warfare. Much of Dan's research remains classified. He has assisted several high profile cyber investigations including Solar Sunrise.

Prior to his current position, Dan spent over 10 years running SIGINT operations for the United States Navy; collecting network based intelligence on such targets as narcotics traffickers, nuclear proliferation operations and counterterrorism targets. He spent 4 years at the NSA (National Security Agency) conducting vulnerability research and supporting national cyber intelligence operations. Dan also served as the Director of Security at MFS Investment Management in Boston, MA.

Dan completed his graduate studies at the Naval Postgraduate School and did extensive research into computational trust models. He also studied and taught at the National Cryptologic School. Dan has spoken at such venues as RSA, Gartner, and CSI.

Rolf Rolles
Senior Instructor

Rolf has over 10 years experience with binary analysis and reverse engineering. Rolf was the principal engineer behind the Bindiff and VXclass tools developed by Sabre Security. Bindiff automatically discovers the difference between two binaries, thus enabling security researchers to pinpoint vulnerabilities that are patched by vendors. You can read more about Rolf's bindiff here:

http://www.securityfocus.com/news/11235

Recently, Sabre Security made the news by winning a $100,000 prize for innovation in the area of IT security with their product, VxClass.

Rolf has performed analysis of many binaries for both public and private sources. You can read a sample of one of Rolf's analysis at the OpenRCE portal.

Justin Peltier
Senior Instructor

Justin Peltier is a Senior Security Consultant with Peltier Associates, with over ten years of experience in firewall and security technologies.

As a consultant, Justin has been involved in implementing, supporting, and developing security solutions, and has taught courses on many facets of information security, including vulnerability assessment and CISSP preparation. His previous employment was at Suntel Services, where he directed their security practice development. Prior to that, Justin was with Netigy, where he was involved in their corporate training efforts.

Justin currently holds 10 professional certifications (MCNE, MCP, CCSE, RHCE, CISSP, CCNA, CCSI, CCAE, SSCP, CFA, CEH) in an array of technical disciplines.

Justin has lead classes across the United States, as well as in Europe and Asia, for Peltier Associates, Sherwood Associates, Computer Security Institute, ISC2, the Mark I. Sobell Training Institute, Netigy Corporation, and Suntel Services.

Justin has developed and/or lead the following courses:

• Introduction to Windows NT Security
• Intermediate Windows NT Security
• Advanced Windows NT Security
• Installation and Configuration of Red Hat Linux
• Business Benefits of Virtual Private Networks
• Developing Policies and Procedures
• Risk Assessment Processes
• Conducting a Penetration Test
• Introduction to Checkpoint Firewall-1 Administration
• Advanced Checkpoint Firewall-1 Administration
• Conducting a Vulnerability Assessment
• WinX Vs. Linux: Which is more secure?

Nathan Weilbacher
Senior Instructor

Nathan has been teaching computer forensics courses at the University and Corporate level since 1995. Prior to 1995 Nathan served in the US Army, where he spent six years as a military police investigator specializing in computer forensics. He holds a MBA in Computer Business Information Systems and several Industry certifications such as CHFI, CISSP, CCNP, and MCSE. In addition to teaching with InfoSec Institute, he also teaches the Computer Forensics Examiner (CFE) course at Southern Methodist University. Nathan currently works in the Computer Forensics field, working on high profile multi-million dollar intellectual property theft cases. In addition to Computer Forensics he teaches courses for certification in CISSP, CCNP, MCSE, Ethical Hacking, Wireless Security, and Security+.

Leonard Smart
Senior Instructor

Mr. Smart has over thirty years of professional experience in telecommunications and computing technology. Through most of his career, he has specialized in the application of telecommunications technology to business and industrial computing applications.

Mr. Smart has been responsible for technical designs, project management and budget control for a number of large energy-related projects in Canada and overseas. He managed key data communications planning and design projects for the Saudi ARAMCO, including performance and reliability features of these activities.

He held responsibility for the design and provisioning of communications services for a Northern Canada oil pipeline system, supporting all aspects of planning and procurement of telecommunications services, specifically including operational supervisory control and data acquisition (SCADA) systems.

Mr. Smart has established a widely respected reputation as a consultant to industry and government clients in context of business data network design, strategic analysis, detailed requirements specification and reengineering initiatives. He has acted as project leader for a number of key projects, including a national weather service data collection infrastructure design, a multi-vendor open architecture enterprise network design for a Fortune 500 company, and a regional mobile radio-based data network for a law enforcement application.

Since his first encounter with a consulting assignment that gave him opportunity to teach a professional training course in 1983, he has increasingly focused his career on this role as a personal priority. He is in high demand as a uniquely experienced presenter, having successfully delivered in excess of 500 Internet Architecture (TCP/IP), Data Networking, Mobile Computing, Network Security, Broadband Cable and SCADA Technology training courses in some 20 countries world-wide.

Mr. Smart is a registered Professional Engineer in the Province of British Columbia, and a member of the IEEE.

Trevor Hawthorn
Senior Instructor

Trevor has 12 years of information security experience in various roles.  Trevor specializes in risk management, application and infrastructure vulnerability assessment, penetration testing, wireless security and incident response.  He is also a regular instructor of the Certified Ethical Hacker (CEH) training course.  Previously he was a Senior Security Consultant with Cybertrust (Formerly TruSecure) where he performed information security assessments for organizations across multiple industries.  Prior to Cybertrust Trevor was a Security Engineer at UUNET Technologies where he was heavily involved in DDoS Attack mitigation, protection of critical infrastructure and special security projects.  While at UUNET, Trevor gave bi-annual presentations to the FBI’s NIPC group at the FBI Training Academy in Quantico, VA.  Additionally he provided training and presentations to the US Secret Service, Florida Department of Law Enforcement, and the Mid-Atlantic chapter of the Hi-Tech Crime Investigation Association.  Trevor also worked for EarthLink Network, Inc. as the first Network Abuse Administrator where he responded to reports of spamming, hacking, fraud and other threats.

Bryce Galbraith
Senior Instructor

Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem - he never looked back. As a contributing author of the internationally bestselling book, Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye.

Bryce regularly teaches at the ever popular "Black Hat Briefings & Training" conferences and provides consulting services to clients around the world. Bryce is a member of several security-related professional organizations and is a Certified Information System Security Professional (CISSP), a GIAC Certified Incident Handler (GCIH) and a Certified Ethical Hacker (CEH)..

Dan Moniz
Senior Instructor

Dan Moniz has over ten years experience in information security, and is a former member of The Shmoo Group. He has spoken at security industry conferences including Defcon, ShmooCon, ToorCon, The Intelligence Summit, and The Black Hat Briefings in both Las Vegas and Tokyo.

In addition, he has provided security training for audiences at global Fortune 50 companies. He previously held positions at Alexa Internet (an Amazon.com company), The Electronic Frontier Foundation, Cloudmark, and Viasec.

Peter Thermos
Senior Instructor

Peter Thermos has worked in the information security and assurance area since 1995, when he started working for Bellcore (now Telcordia). Peter acts as the lead technical expert on various tasks (for commercial and government organizations) associated with information security and assurance, including security risk assessments, standards and requirements development, ISO 17799 assessments, network security architecture, and organizational security strategy. In addition, Peter has been the principal investigator on research tasks, in the area of Internet Multimedia and Next Generation Networks and security, that were are funded by government organizations such as NIST (National Institute of Standards and Technology) and LTS (Lab for Telecommunication Sciences).

At LTS, Peter performed research for Telecommunication Sciences in the area of VoIP. The support included development and testing of protocols (e.g. SIP, STUN), developing reports and giving presentations to interested LTS audience and participating on online IETF discussions (e.g. MIDCOM IETF Working Group) to reflect findings to improve the protocols under investigation.

At NIST the project was divided into four sub-tasks, for which Peter acted as the lead researcher and manager on two. The tasks included: 1) Identification and evaluation of NGN/VoIP technologies, including protocols and components; 2) Development of advanced protection profiles for next generation networks; 3) Development of an anomaly detection capability for NGN/VoIP signaling gateways and a study of their behaviors, including detection, suppression, scalability, and manageability; and 4) Design and implementation of an enterprise VoIP (Voice over IP) network to study the effects of using IPSec to protect SIP signaling. Peter also lead the information security assessment exercises for the 2004 Athens Olympics telecommunications network provided by OTE (Greek telecommunications provider). Peter holds a Masters of Science in Computer Science from Columbia University and is a member of ACM and IEEE.

Peter is also the organizer for the Voice over Packet Security Consortium, you can view the VoPSecurity website here:

In addition, Peter has written one of the top technical articles on SIP security attacks.

Nate Miller
Senior Instructor

Nate has 12 years of information security experience in government and commercial markets, including security architecture and design for large networks, risk management, application security assessment, vulnerability and penetration testing and wireless security assessment engagements.  Nate is a regular instructor of the Certified Ethical Hacker (CEH) training course.  Previously, he was employed as a Senior Security Consultant at Cybertrust, performing many types of engagements primarily focusing on web application security assessments and delivering web application security testing training.
Prior to working at Cybertrust, Nate worked at International Network Services as a Senior Network Security Consultant and performed many engagements including penetration testing, vulnerability assessments, secure network design and implementation.  Prior to that, he was employed by a large Government Contractor and was involved in a number of secure network deployment projects for Federal, State, and Local Law Enforcement Agencies.

Stephen Ridley
Senior Instructor

Stephen Ridley was most recently a Senior Security Architect in the McAfee Security Architecture Group, a division of Avert Labs. There he performed manual code audits as well as static and run-time reverse engineering of vulnerable software. Prior to McAfee, Stephen did reverse engineering and vulnerability research with a highly skilled skunkworks team at a leading U.S. Defense/Intel contractor. Stephen is an original member of Kenshoto, the organizers that returned dignity to Capture-The-Flag at Defcon.

Terrence O'Brien
Instructor

Terrence has worked in Information Security in both the public and private sector for over 9 years. He has public and "private" vulnerability discovery and development experience. Terrence is often called upon by Fortune 100 companies to assess security of mission critical information systems, such as ATM, cellular base station, and wire transfer software. He regularly performs penetration tests for national financial institutions, hedge funds, and insurance providers. Terrence was the top rated ethical hacking instructor at his previous employer. He graduated with summa cum laude from Stanford University with a bachelor's degree in computer science.