TECHNICAL SESSIONS

Tech Sessions: Wednesday, July 30 | Thursday, July 31 | Friday, August 1 | Invited Talk Speakers

Debra Bowen, Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot
A pioneer in open government reform, election integrity, and personal privacy rights, Debra Bowen became only the sixth woman in California history elected to a statewide constitutional office when she was elected as Secretary of State in November 2006.

As the chief elections officer for the largest state in the nation, Secretary Bowen is responsible for overseeing state and federal elections, a role that also requires her to test and certify the voting equipment used in California. Her goal is to ensure that voting machines certified for use in Californians elections are secure, accurate, reliable, and accessible, and every voter's ballot is counted exactly as it was cast. In her first year in office, Secretary Bowen commissioned an independent, top-to-bottom review of voting technology, as well as a comprehensive review of the state's decades-old election auditing standards. Following the top-to-bottom review, Bowen strictly limited the use of direct recording electronic voting machines and imposed significant security and auditing requirements on systems used in California elections. Secretary Bowen was recognized for her national leadership in election integrity with the 2008 John F. Kennedy Profile in Courage Award, the nation's most prestigious honor for elected public servants who choose principles over partisanship.

Dawson Engler, 10+ Billion Lines of Code Later: Experiences Commercializing a Static Checking Tool
Dawson Engler is an Associate Professor at Stanford. He received his PhD from MIT for his work on the exokernel operating system. His current work focuses on techniques that automatically find interesting errors in real code, ranging from static analysis, through model checking, to symbolic execution. His research group has won numerous Best Paper Awards, and its static checking work formed the basis of a successful startup, Coverity, run by his former students. His only other real-world foray was as a bouncer in Arizona.

Tal Garfinkel, Enterprise Security in the Brave New (Virtual) World
Tal Garfinkel is part of the Advanced Development group at VMware. His current work focuses on developing new security technologies in the context of virtual infrastructure. He is in the process of completeing a PhD in computer science at Stanford University and holds a bachelor's degree in computer science from the University of California, Berkeley.

Darren Lacey, Managing Insecurity: Practitioner Reflections on Social Costs of Security
Darren Lacey is Chief Information Security Officer and Director of IT Compliance for Johns Hopkins University and Johns Hopkins Medicine. He has been working in the technology sector as a developer, attorney, consultant, and executive for nearly twenty years. He was the first Executive Director of the Johns Hopkins University Information Security Institute, a National Security Agency Center of Academic Excellence in Information Assurance.

John Mitchell, Security Analysis of Network Protocols
John Mitchell is the Mary and Gordon Crary Family Professor in the Department of Computer Science at Stanford University. His research interests in the field of computer security include access control, network protocols, privacy, software systems, and Web security. Mitchell has also worked on programming languages, type systems, object systems, formal methods, and other applications of mathematical logic to computer science. Prof. Mitchell is currently a member of the multi-university PORTIA research project to study privacy concerns in databases and information processing systems and a member of the NSF TRUST Science and Technology Center. He is the author of approximately 150 research articles and two books.

Jose Nazario, Political DDoS: Estonia and Beyond
Dr. Jose Nazario is a Senior Security Engineer who heads Arbor Networks' Arbor Security Engineering & Response Team (ASERT). In this capacity he is responsible for analyzing burgeoning Internet security threats, reverse-engineering malicious code, developing software, and creating security mechanisms which are then distributed to Arbor's Peakflow platforms via the Active Threat Feed (ATF) threat detection service.

Dr. Nazario's research interests include large-scale Internet trends such as reachability and topology measurement, Internet-scale events such as DDoS attacks, botnets, and worms, source code analysis tools, and data mining. He is the author of Defense and Detection Strategies Against Internet Worms and Secure Architectures with OpenBSD. He earned a PhD in biochemistry from Case Western Reserve University in 2002.

Niels Provos, The Ghost in the Browser and Other Frightening Stories About Web Malware
Niels Provos is a Senior Staff Software Engineer at Google, where he is responsible for, among other things, protecting users from phishing and malware attacks. His research interests lie in network and computer security in general; most recently he has been focusing on large-scale detection and mitigation of Web-based malware. His latest book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection, was published in 2007.

Ted Schlein, Building the Successful Security Software Company
Ted Schlein is a Managing Partner at Kleiner Perkins Caufield & Byers. He joined the firm in 1996 with a focus on early stage technology companies in the enterprise software and infrastructure markets, including ventures within the network and consumer security arena. Ted was the founding CEO of Fortify Software, a pioneer and market leader in the growing software security market. Now Chairman, he has been instrumental in establishing Fortify as the provider of choice for detecting and eliminating security breaches threatening to derail Fortune 500 and government agency technical deployments. In addition to Fortify, Ted serves on the board of directors of 3VR, 41st Parameter, ArcSight (ARST), Ketera Technologies, IronPlanet, and Verdiem. He also oversees KPCB's investments in LifeLock, Bit 9, and Recycle Bank. Prior to joining KPCB, Ted served as VP of Enterprise Solutions at Symantec. Ted led Symantec's successful move into the software utilities market, as well as the launch of its commercial anti-virus solution, an offering that quickly emerged as the industry gold standard. Ted is the former Chairman of the National Venture Capital Association (NVCA) and the former President of the Western Association of Venture Capitalists (WAVC). He currently serves on the Board of Overseers of the Engineering School at the University of Pennsylvania.

Mark Seiden, From the Casebooks of . . .
Mark Seiden, a programmer since the '60s, has worked since 1983 in areas of security, network, and software engineering for companies worldwide. As a Yahoo Paranoid and as a consultant, recent projects have included design, architecture, and implementation for ebusiness systems, security for online financial transaction processing and for a distributed document processing system, testimony as an expert in computer crime cases, and testing of network, procedural, and physical security in diverse deployed systems, enterprises, and co-location facilities.

Time Digital named him one of the 50 "CyberElite" in their first annual list, and he's been involved with four National Academy of Sciences studies on some trippy subjects. Mark was the first registant of the domain food.com. He's been played by an actor in a rather bad movie. His Erdos number is 4.

Hugh Thompson, Hackernomics
Herbert (Hugh) Thompson is Chief Security Strategist at People Security, a security education firm headquartered in New York. An expert on software security, he has co-authored several books, including How to Break Software Security (Addison-Wesley, 2003) and The Software Vulnerability Guide (Charles River, 2005), and more than 80 academic and industrial publications on the topic. In 2006 he was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine. Hugh has spent his career creating methodologies for building demonstrably more secure software and has trained developers, architects, security testers, and executives at some of the world's largest companies.