Overview | Monday | Tuesday | By Instructor

Training Instructors

Richard Bejtlich (M1, T1) is founder of TaoSecurity, a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. He was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He has created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001, Richard defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, he holds degrees from Harvard University and the United States Air Force Academy. Richard wrote The Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking Exposed, 4th Edition, Incident Response, 2nd Edition, and Sys Admin magazine. Richard holds the CISSP, CIFI, and CCNA certifications. His popular Web log resides at https://taosecurity.blogspot.com. Steven M. Bellovin (M4) is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don't get along. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were award the 1995 USENIX Lifetime Achievement Award. He is a member of the National Academy of Engineering and the Department of Homeland Security's Science and Technology Advisory Board. Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds several patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996–2002; he was co-director of the Security Area of the IETF from 2002 through 2004. Sven Dietrich (M2) is a senior member of the technical staff at CERT Research at Carnegie Mellon University and also holds an appointment at the Carnegie Mellon University CyLab, a university-wide cybersecurity research and education initiative. Previously he was a senior security architect at the NASA Goddard Space Flight Center, where he observed and analyzed the first distributed denial-of-service attacks aainst the University of Minnesota in 1999. He taught Mathematics and Computer Science as adjunct faculty at Adelphi University, his alma mater, from 1991 to 1997. His research interests include survivability, computer and network security, anonymity, cryptoraphic protocols, and cryptography. His previous work has included a formal analysis of the secure sockets layer protocol (SSL), intrusion detection, analysis of distributed denial-of-service tools, and the security of IP communications in space. His publications include the recent book Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, 2004), as well as the articles "Analyzing Distributed Denial of Service Tools: The Shaft Case" (2000) and "The 'mstream' Distributed Denial of Service Tool" (2000), and others on Active Network Defense, DDoS tool analysis, and survivability. David Dittrich (M2) is a Senior Security Enineer and Researcher for the UW Center for Information Assurance and Cybersecurity and the Information School at the University of Washington, where he has worked since 1990. Dave is also a member of the Honeynet Project and Seattle's "Agora" security group. He is most widely known for his research into Distributed Denial of Service (DDoS) attack tools and host & network forensics. He has presented talks and courses at dozens of computer security conferences, workshops, and government/private organizations worldwide. He has been a prolific self-publisher of white papers, FAQs, and malware tool analyses, all intended to make his (and everyone else's) life easier in dealing with computer intrusions. Dave has contributed to the books Know Your Enemy, by the Honeynet Project (Addison-Wesley, 2001), The Hacker's Challenge, edited by Mike Schiffman (McGraw Hill, 2001), and two articles in the Handbook of Information Security, edited by Hossein Bidoli (John Wiley & Sons, 2005), and was another co-author of Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, 2004). Dave was recently named one of Information Security Magazine's "Security Seven" (representing the education sector) in 2006. His home page can be found here. Kevin Fu (T3) is an assistant professor in Computer Science at UMass Amherst where he develops privacy-preserving RFID tickets for public transportation. He has a PhD from MIT.     Dan Geer (M3)—Milestones: The X Window System and Kerberos (1988), the first information security consulting firm on Wall Street (1992), convenor of the first academic conference on electronic commerce (1995), the "Risk Management Is Where the Money Is" speech that changed the focus of security (1998), the presidency of the USENIX Association (2000), the first call for the eclipse of authentication by accountability (2002), principal author of and spokesman for Cyberinsecurity: The Cost of Monopoly (2003), and co-founder of SecurityMetrics.Org (2004). Ari Juels (T3) is presently the research manager and principal research scientist at RSA Laboratories, where he has worked for nearly a decade. He has a PhD from UC Berkeley.     Vern Paxson (T2) is a principle investigator of the 5-year, NSF-sponsored Collaborative Center for Internet Epidemiology and Defenses. He is also a senior scientist at the International Computer Science Institute (ICSI) and a staff scientist at the Lawrence Berkeley National Laboratory. His main active research projects are network intrusion detection in the context of Bro, a high-performance network intrusion detection system he developed; large-scale network measurement and analysis; and Internet-scale attacks. Paul Robertson (T4) has over 22 years of experience. Currently he is an independent consultant providing IT, security, computer forensics, training, telecom, and RFID services. He moderates the Firewall-Wizards mailing list and is the editor of the Network Firewalls FAQ. Mr. Robertson was Director of Risk Assessment for TruSecure (now CyberTrust,) where he founded their computer forensics, and ISAC programs, and assisted ICSA Labs in its IDS and firewall testing programs. Prior to TruSecure, he worked at Gannett Company, putting USAToday.com on the Internet, providing corporate-wide Internet and information security expertise, investment analysis, and network design. Mr. Robertson spent a number of years as a mainframe assembly language programmer for an ISV writing DBMS software. Mr. Robertson started his career in the U.S. Army, including a tenure at The White House during the Reagan administration providing computer and telecommunications support to the President of the United States, Vice President, National Security Advisor, National Security Council, and others as directed. Stefan Savage (T2) is a principle investigator of the 5-year, NSF-sponsored Collaborative Center for Internet Epidemiology and Defenses. He also serves on the faculty of the Computer Science and Engineering Department at the University of California, San Diego. He has published extensively on the characterization of and defense against large-scale denial-of-service and worm attacks on the Internet.   Abe Singer (T4) is a Computer Security Researcher in the Security Technologies Group at the San Diego Supercomputer Center. In his operational security responsibilities, he participates in incident response and forensics and in improving the SDSC logging infrastructure. His research is in pattern analysis of syslog data for data mining. He is co-author of of the SAGE booklet Building a Logging Infrastructure and author of a forthcoming O'Reilly book on log analysis. Adam Stubblefield (T3) is a research professor at the JHU Information Security Institute and a partner at Independent Security Evaluators. Adam specializes in evaluating the security of devices ranging from RFID payment systems to electronic voting and wireless security. He has a PhD from Johns Hopkins University. Geoff Voelker (T2) is a principle investigator of the 5-year, Collaborative Center for Internet Epidemiology and Defenses. He also serves on the faculty of the Computer Science and Engineering Department at the University of California, San Diego. He has published extensively on the characterization of and defense against large-scale denial-of-service and worm attacks on the Internet. Prof. Voelker likes to surf. Nicholas Weaver (T2) is a principle investigator of the 5-year, NSF-sponsored Collaborative Center for Internet Epidemiology and Defenses. He is also a researcher at ICSI, specializing in automated detection and response systems, with a particular interest in hardware-friendly algorithms and implementations.