As IOActive’s Founder and Chairman of the Board, Joshua Pennell has a proven, 19-year track record of creating and growing a multimillion-dollar, independent security services organization. Under Josh’s leadership, IOActive has emerged as one of the world’s leading technical security consultancies based on cutting-edge research and meritocratic governance. Josh serves on the advisory boards of Source, Vantos, and SiteScout, and is the Chairman of IOActive’s advisory board, which includes luminaries such as Steve Wozniak, Jim Reavis, and Ian Cook. Josh made an early mark on the infosec community when he played an integral role in helping his team win Defcon’s Capture the Flag competition for three consecutive years. He also spent several years revolutionizing the competition’s technology before handing the game over to Kenshoto.
Dave is a well-known IT security leader and visionary. Before founding SecurityStarfish, he was Vice President and Chief Information Security Officer (CISO) for eBay and CISO for a large US bank. He is a Certified Information Systems Security Professional (CISSP) and former Certified Business Continuity Professional (CBCP). Dave is founder and chairman of the Cloud Security Alliance (CSA) and past President and Chairman of IT-ISAC. He served as member of the IT Sector Coordinating Council and National Council of ISACs. He is an ISSA Fellow and was elected to the ISSA Hall of Fame. He serves on ASIS International’s CSO Roundtable Committee and the CSO Magazine and SC Magazine Editorial Advisory Board. He received SC Magazine’s 2005 Global Award as CSO of the Year and CSO Magazine’s 2006 Compass Award for “Visionary Leader of the Security Profession.” In 2012, he received SecureWorld’s first Lifetime Achievement Award for his information security community contributions.
For many years, Jim has worked in the information security industry as entrepreneur, writer, speaker, technologist, and business strategist. His innovative ideas about emerging security trends are widely published and presented. In 1998, he founded SecurityPortal, the largest information security website. As Cloud Security Alliance’s cofounder and CEO, he is shaping the future of information security and technology industries. SearchCloudComputing.com named him a “Top 10” computing leader. As President of Reavis Consulting Group, he advises security companies, governments, and large enterprises on new trends in Cloud, Mobility, and the Internet of Things. He served as advisor on the launch of many industry ventures that have achieved successful M&A exits or IPO status, is widely quoted in the press, and worked with many corporations on their information security strategy and technology roadmap. He received a B.A. in Business Administration and Computer Science from Washington University, where he serves on the alumni board.
Ian is an internationally respected IT security leader, security researcher, and intelligence analyst. For 26 years, he’s pioneered the application of government intelligence procedures to predict corporate security risks and help security managers to better target security resources and make effective strategic decisions. He’s held senior technical and management positions at Saudi American Bank, Citigroup, Merrill Lynch, Barclays, and Team Cymru, and received the Cymraeg “Team Cymru Emeritus” title in recognition for his distinguished career. He has helped many start-ups come to market, including Cogenta.
A long-standing FIRST member, he served on FIRST’s Steering Committee, drove its Best Practice Guide initiative, and was Program Chair for the FIRST 2007 Conference. For 15 years, Ian managed an elite, invite-only Security Mailing list of security industry decision makers. Currently he provides a Virtual Chief Information Security Officer (vCISO) Service for SMEs who cannot hire a full-time CISO; mentors large organization CISOs and provides advice, direction, marketing, funding introductions, and PR to security technology start-ups
For over 25 years, David has managed information security for organizations, such as the Foreign & Commonwealth Office, Royal Dutch/Shell Group, and Royal Mail Group. David is a keen innovator and has developed many contemporary methods and standards. He created the text that is now ISO 27002, founded the Jericho Forum, and helped pioneer computational immunology for fraud detection. David is an independent researcher, writer, and director, and authored the books Managing the Human Factor for Information Security, Managing Security in Outsourced and Offshored Environments, and Business Continuity Management for Small and Medium Sized Companies. He is a visiting Senior Research Fellow of the University of Portsmouth, an Honorary Fellow of the Jericho Forum, and a member of the InfoSecurity Europe "Hall of Fame." He also writes a popular Computer Weekly security blog.
A Silicon Valley icon and philanthropist, Steve helped shape the computer industry with the Apple and Macintosh. In 1976, he founded Apple Computer with Steve Jobs and his Apple I Personal Computer (PC). His Apple II offered a central processing unit, keyboard, color graphics, and floppy disk drive. For his Apple achievements, Steve received the National Medal of Technology from The President of the United States in 1985. After leaving Apple in 1985, he was involved in business and philanthropic ventures. He adopted the Los Gatos School District and provided students and teachers with computers and training. In 2000, he was inducted into the Inventors Hall of Fame and was awarded the Heinz Award for Technology, The Economy, and Employment for designing the PC and his work with grade school students and their teachers. He also founded the Electronic Frontier Foundation and helped found the Tech Museum, Silicon Valley Ballet, and Children’s Discovery Museum of San Jose.
As Qualys Chief Security Officer (CSO), Randy leads the security, risk management, and business continuity efforts for the QualysGuard platform. He also leads Qualys CSO Advisory Board efforts to collaborate with customers on implementing security and compliance best practices. Before this, he was Yodlee’s Information Security Officer and ensured the high-level security posture of Yodlee’s Internet-based financial services. He led Yodlee’s attainment of the SysTrust Seal, SAS-70 Type II, incorporating the ISO-17799 Control Objectives and DIACAP/FISMA reviews. This led to the interim authority to operate on the NIPRNET network for the Department of Defense and Independent Security Report. He also served as CSO for WebEx Communications, where he built a security department and the company’s global security infrastructure. Randy is a frequent speaker at security conferences, including CSO Perspectives, RSA, BITS Security Forum, The Security Standard, and SaaS/Gov. He is often quoted in the media and was featured on SC Magazine’s front cover.
David is a founding member of the Trustworthy Computing Initiative at Microsoft® Corporation. He has developed solutions for computing security issues since 1992 and created award-winning tools to assess network security and uncover security vulnerabilities. David is a Senior Developer in the Microsoft Office Trustworthy Computing Group. He has authored six books, most notably the "Writing Secure Code" series and "24 Deadly Sins of Software Development." He also authored SafeInt, a C++ class that helps solve integer overflow problems. David has a Ph.D. from the Georgia Institute of Technology.
Charlie Miller is currently a computer security engineer with Twitter. Prior to his work at Twitter, he spent five years working for the National Security Agency. Miller is well known for the vulnerabilities he discovered in Apple products. In 2008, he won the top prize at CanSecWest during the Pwn2Own challenge. Recently, he has become known for his research in automotive security. He holds a Bachelors in Mathematics with a minor in Philosophy from Northeast Missouri State (now Truman State University), and a Ph.D. in Mathematics from the University of Notre Dame.