Rich has twenty years experience in information security, physical security, and risk management. He specializes in cloud security, data security, application security, emerging security technologies, and security management. He is also the principle course designer of the Cloud Security Alliance training class and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.
Rich is the Security Editor of TidBITS and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).
Eric Baize is the head of Product Security and Trusted Engineering at EMC Corporation. In his role, Mr. Baize leads EMC’s Product Security Office with company-wide responsibility for all aspects of product security including vulnerability response, security development lifecycle, implementation of common security technology, and supply chain risk management. He also oversees the definition of EMC’s security and integrity practices to protect engineering systems and product code.
Throughout his career, Mr. Baize has been passionate about building security into technology and processes. Since joining EMC in 2002, he played a central role in EMC’s evolution in security and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC, Mr. Baize held various positions for Groupe Bull in Europe and in the US.
Mr. Baize also serves as Chairman of the SAFECode board of directors and on the BSIMM board of advisors. He holds a Master of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France. He is a Certified Information Security Manager, holder of multiple U.S. patents, author of international security standards and a regular speaker at security conferences in the US and Europe.
Frances Paulisch drives cross-company initiatives related to software and to IT security for products and solutions. These activities include strategic topics, best practice sharing, reporting, and training. A main focus of her work is empowering cross-functional teams to work together well over the whole development lifecycle. In particular with a focus on how to realize not only the set of features but also other relevant attributes such as performance, security, scalability etc. At Siemens she has driven the development of a role-based “Software Curriculum” qualification program which is established as one of the global core learning programs at Siemens. Dr. Paulisch has over 20 years experience in software engineering and management areas.
She is also active member of the global software engineering community, playing an active role in various major software conferences such as the International Conference on Software Engineering. She is also Chair of the Advisory Board of the IEEE Software magazine.
She received her doctorate in software engineering at the University of Karlsruhe in Germany and her Masters in Computer Science at Purdue University.
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and serves on WWU’s alumni board.
Randall Brooks is an Engineering Fellow for Raytheon Company (NYSE: RTN), representing the company within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1). Brooks has more than 15 years of experience in Cybersecurity with a recognized expertise in Software Assurance (SwA) and secure development life cycles (SDLC). In addition to holding seven patents, Brooks is a CCSK, CISSP, CSSLP, ISSEP, ISSAP and ISSMP. Brooks graduated from Purdue University with a Bachelors of Science from the School of Computer Science.
David Doughty is the Director of Product Security Engineering at Intel Corporation. In 2003 he led the formation of Intel’s security assurance initiative. Mr. Doughty drove the creation of robust programs to prevent the introduction, detect the presence and respond to vulnerabilities in all Intel products and services. He is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code.
Prior to joining Intel in 1997, Mr. Doughty worked in the Design Automation Industry where he led the development of commercial and proprietary tools to support the design and validation of semiconductors.
Mr. Doughty earned his Bachelor’s degree in Computer Engineering from the University of California, San Diego.
Edward Bonver is a technical director and software security architect on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Mr. Bonver is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures, and tools for secure coding and security testing. He is a software security evangelist, leading Symantec’s security training initiative, and assisting product teams across the company with all aspects of building software security into the product development lifecycle. Mr. Bonver joined Symantec in 2004. Prior to joining Symantec he held software engineering positions at Digital Equipment Corporation, Nbase, and Zuma Networks.
Mr. Bonver is a frequent speaker at global security events and conferences. In addition to representing Symantec on the SAFECode Board of Directors, he is also on the board of the Open Web Application Security (OWASP) Los Angeles chapter, and is a co-organizer of OWASP California regional application security conferences and summits.
Mr. Bonver is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology.
Glenn Pittaway has spent nearly two decades working in IT security. After studying Jurisprudence at Oxford, he moved into computing, joining Microsoft Limited in 1993, and Windows security Program Management in 1999. He joined Trustworthy Computing Security in 2007, to work on assurance and certification strategy. Glenn runs the Government Security Program and Microsoft Transparency Centers, and spends most of his time working through software security assurance concerns with Governments worldwide.
As head of the Securability Center of Excellence and Product Vulnerability Response teams Anders Magnusson is responsible for managing all aspects of the Secure Software Development Lifecycle at CA Technologies – including securability training and testing, architecture reviews, usage of 3rd party components and vulnerability response activities.
During his tenure at CA Technologies, Anders has held a number of different roles and responsibilities. After his start as a pre-sales technician in Europe, he spent several years working as liaison between corporate management in US and technical managers in Europe, Asia and South America. He later leveraged this experience as a software architect, designing standards for product development as well as best practices for solutions spanning multiple products.
Anders developed and continues to manage the Foundational Requirements for CA Solutions which establish basic standards for all products – such as accessibility, scalability, securability and upgradeability. Anders is a member of the CA Council for Technical Excellence and has contributed as a principal author for publications such as CA Technology Exchange, CA Green publications and a multitude of Best Practices documents.
David Lenoe is Director, Secure Software Engineering at Adobe. In his role, Lenoe manages the Product Security Incident Response Team (PSIRT) dedicated to responding to and communicating about security issues, as well as the Adobe Secure Software Engineering Team (ASSET) responsible for ensuring Adobe’s products are designed, engineered and validated using security best practices. Lenoe is also responsible for Adobe’s vulnerability information sharing via the Microsoft Active Protections Program (MAPP). Lenoe represents Adobe on SAFECode’s Board of Directors.
Lenoe joined Adobe as part of the Macromedia acquisition in 2004. At Macromedia, Lenoe held several management and engineering positions in the areas of product security, product management and quality assurance.
Lenoe earned a BA in Japanese language and literature from Connecticut College.
Manuel Ifland has been with Siemens since 2008. As an IT Security Consultant Manuel conducted various cyber security assessments and penetration tests for Siemens products and solutions. Manuel used to train IT security experts in awareness workshops and moderated numerous threat and risk analyses. Today, Manuel is a Senior IT Security Consultant in the Siemens ProductCERT. He is responsible for a Siemens-wide service to support product teams in timely patching of security vulnerabilities in third-party components used in Siemens products and solutions. Manuel is doing research in the field of third-party component security and works closely together with product development teams.