August 3-4, 2012
Trivandrum, India

 International Cyber Security and Policing Conference



Papers




Capacity Building for Least Developed and Developed Nations: ITU-IMPACT Case Study

Philip Victor
Director, Centre for Policy and International Cooperation
International Multilateral Partnership Against Cyber Threats (IMPACT)

With the rise of cyber threats, nations need to be better prepared to better protect, defend, and respond to these threats. In our efforts to enhance capacity and capability, ITU-IMPACT, through the Global Cybersecurity Agenda is assisteing nations globally, especially in the least developed and developing nations to enhance these areas. This presentation will share the initiatives undertaken under the capacity building programme to enhance capacity and capability through trainings, cyber drills, cybersecurity workshops, national CIRT deployment, country cybersecutiy assessments and other key activities.



OSINT: Open Source Intelligence for fighting cyber crime & cyber war

Rohit Srivastwa.
Founder, ClubHACK, IN.

To be updated.



The Management of Information Security – A Corporate Practitioner’s Perspective

Pawan Kumar Singh
CISO
Tulip Telecom Limited

A stream that has slowly and steadily sneaked in to the large enterprises and gained importance in the boardrooms. Despite from the above fact the field of Information Security is still not very well understood in the industry.
Pawan Kumar Singh the CISO of Tulip Telecom shall talk about different drivers of Information Security Agenda in an organisation and his success mantra to run it successfully.
He will also dwell upon the IT Act, Regulatory requirements and other upcoming legal requirements coming up in India which corporate will have to oblige to conduct business in the country.



Cyber Crime

Loknath Behera IPS
Additional Director General of Police
National Investigation Agency

Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. With every new technology comes a new opportunity for crime. Thus, the information technology revolution is spawning new opportunities for unethical and criminal activity almost as quickly as the component technologies are invented. These crimes become more advanced on a daily basis, and the associated security issues should be the concern of every knowledge worker.



Business Continuity and Risk Management in Turbulent Times

Venkataram Arabolu
Managing Director
British Standards Institution

Globalisation has led to making companies vulnerable to global & Local issues. The sphere of influence of Risk is increasing and therefore many “black Swans” are emerging from nowhere leading business to completely new challenges which the companies are not prepared to address to thus creating losses or even eventually making the companies go bankrupt. IT Outages, Loss of Key Resources, IT Service management issues, Currency fluctuations, Global Meltdown of economies, Labour unrest, unethical practices and Media bashing are just few examples of what the modern Enterprize faces these days. The New Global Standard on business Continuity Management ISO 22301( BS 25999) is the global best practice available in form of a Standard which will help companies to build resilience and a Risk based framework which can help companies to be able to face the Risk and vulnerabilities with process and system which are created and embedded as a part of organisation culture. Having adopted to ISO 22301, you are assuring your own self, your enterprise and also all the stakeholders to be prepared for such an eventuality well in advance.



Leveraging mobile Technology for Law and Order

Lishoy Bhaskar
Vice President
MobME Wireless solutions

The Mobile Phone has become an important tool for Law and Order Officers today. The advanced features of mobile technology have made the lives of law enforcement officers easier and better. Smart phones being used today offer multiple features which earlier involved multiple hardware units and solutions.



A model to reduce information security risks due to human error

Anup Narayanan
Founder
First Legion Consulting, IN

Let us assume that a person knows all the driving rules. But, does knowing all the driving rules make a person a better driver? This is exactly what is wrong with the way organizations manage the “HUMAN” aspect of information security. Organizations are smart enough to know that the “human” aspect of information security is important. But, they focus only on “AWARENESS” and not “BEHAVIOR”. The end result is that they have employees who know the “security rules”, but do not “apply them or break them”. This proposed talk shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
3) Solution to the problem:
a. Defining ESP’s (Expected Security Practices)
b. Dividing each ESP into “awareness” and “behavior” components
c. Awareness creation strategies: Clarity, Visibility, Impact Visualization, Using psychology
d. Behavior motivation and enforcement strategy
4) Real-life case study of “success” in behavior change

The talk is modeled on the open methodology HIMIS (Human Impact Management for Information Security) authored by Anup Narayanan. To know more about HIIMIS, please visit www.isqworld.com/himis



Building Security Incident Detection & Handling Capabilities in Enterprises

Sunil Varkey
Head: Information Security
IDEA Cellular Ltd, IN

Building an effective and robust Incident response capability with the right combination of people, process and technology in an environment of continuously changing threat and vulnerabilities



Security Incidents – Avoiding the Apocalypse in 2012

Ashish Chandra Mishra
CISO
Tesco HSC, IN

2012 has been a year of security incidents. As per the 2012 Data Breach Investigations Report by Verizon, there have been a total of 855 incidents with a staggering 174 million compromised records in the last year! Some of the recent incidents to hit the headlines include Gamigo (8.2 million user login credentials), eHarmony (28 million passwords reset), Nexon (13 million gamers ID theft scare), Yahoo! (450,000 username and passwords compromised), LinkedIn (6.5 million passwords stolen) and earlier breaches at Last.fm, Formspring, Nvidia, Microsoft India Store, Sony, RSA, Epsilon, etc. There were also other attacks such as Flame, Stuxnet, and Anonymous group taking down or defacing websites such as MTNL, Indian political parties’ websites, British Prime Minister, Home Office website of the British government, Chinese government, etc.

Ashish will attempt in his talk to connect the dots between the various incidents, and how to avoid common pitfalls in corporate security incidents and reach the ‘Cape of Good Hope’ through common best practices.



Impact of cyber laws on various stakeholders

Sagar Rahurkar
B.S.L. LL.M., ACFE, Certified Cyber Crime Investigator
http://cybercrimeopedia.blogspot.in/

Indian Cyber Laws were official born on 17th October, 2000 with the Information Technology Act, 2000 (IT Act) coming into force. It’s been 12 years since it became operational. Nine years after the birth of cyber laws in India, major changes were made in it through the Information Technology (amendment) Act, 2008.

On 11th of April, 11, rules under sections 6A, 43A and 79 of the Information Technology Act have been notified and a new era of cyber law compliance started.
The Indian courts have given their verdict on some of the important cases under the IT Act and other allied laws in the span of last 12 years.

This paper focuses on (but not limited to) –
  • Development of cyber law in India
  • Various issues covered by the cyber laws
  • Legal issues related to digital evidence -> Who is an expert witness in case of digital evidence?
  • Liability of the intermediary -> Sec. 79
  • Liability of companies -> Sec. 85
  • Powers of government with respect to cyberspace
  • Landmark cases decided by the Indian courts
  • Shortcomings in the current system
  • Who is expecting what from the cyber legal system?




Public – Private Participation in combating Cyber Crime

Mohamed Shihab
Advisor (Technical)
IMPACT

To be updated.



Autonomy- A Effective tool for Digital Investigation

Shashank Agrawal
Autonomy, an HP Company


Police forces & investigation agencies today grapple with information overload (which is doubling every 1.5 years) in the form of unstructured data such as internal documents and databases present across various departments, data coming from private sector organizations such as call records or audio intercepts, CCTV images etc. Autonomy automates the quick and easy understanding of these data(s) regardless of the format of the information or source where that information is coming from. It can also automatically co-relate information to give patterns, so that users can focus their energies on what is relevant.



Ensuring Cyber Security for the state of Jharkhand

Vineet Kumar
CTO
CDRC

Presentation highlights CDRC’s activities and research which is aimed at raising the level of cyber security in Jharkhand State. In this Presentation audience will be made aware about CDRC’s initiative in the direction of:
  • Cyber Security
  • Cyber Crime
  • Critical Infrastructure Protection
  • Research
  • Cyber Intelligence Gathering
  • Association and Participation
Presentation focuses on CDRC’s attempt and measures to deal with cyber security, Cyber Crime Control and protection of cyber assets and critical infrastructure in the State of Jharkhand. CDRC is not only creating awareness about various types of cybercrimes, it is also educating the masses through its E-Raksha Campaign in fostering awareness about various types of cybercrimes and methods to be Cyber safe.

CDRC is providing relevant training to Teachers to adopt Cyber Security and best IT practices in teaching / learning process. CDRC is providing training to school students on Cyber Security and best practices for password Security, Social Networking Sites, Credit Card / Debit Card usage, E-Mail etc.

Presentation depicts CDRC’s Research initiative to help build a proactive and resilient cyber defence system and provide solutions to State Government departments and agencies in a guided manner. Audience will also come to know about CDRC’s upcoming areas of Research in the field of Malware Analysis and providing hardware Security.



Network Forensics

Bhadran V K
C-DAC


It is now a well-known fact now that all most all crimes leaves behind a digital trace for investigators. Network Forensics is a multi-disciplinary activity where technologies from various domains are needed for proper investigation such as simple IP address tracing for email related crime to malware analysis and IP tracing for hacking related to crimes. This session provide you an overview of process and procedures of network forensics, challenges faced and currently available solutions.



Cyber Weapons

Sameer Saxena
Mahindra Special Services Group / Head – IAHS Academ


The latest entrant to the arms race are the Cyber Weapons. As with the conventional arms race, countries with significant defence spending have taken the lead for developing their cyber weaponry. It is essential that countries develop their offensive and defensive cyber capabilities. We will define cyber weapons, discuss their reliability factor, destructive potential, risk of collateral damage and their political utility.



Data Security

S Bhansali
Information Security Manager
ICICI Bank

To be updated.



To be updated.

Alok Vijayant
NTRO
PMO

To be updated.



Enterprise server security

Raghav Shandilya
CTO
Ankhorus Cyber Security

Discussion on how different methods/tools used in enterprise servers and what server shield is providing in this context.



Security Incidents – Avoiding the Apocalypse in 2012

Asish Chandra Mishra
CISO
Tesco HSC

Ashish is the Chief Information Security Officer (CISO) at Tesco Hindustan Service Centre (HSC). Ashish has over 12 years of work experience across various fields of Information Technology, including Information Security, Audit & Compliance, Risk Management, Physical Security, Corporate Investigations and Computer Forensics for various companies. He is a BE, MBA, Diploma in Cyber Law and hold leading security certifications viz. CISA, CISM & CRISC (ISACA), BCCE (BCMI), ITIL Foundation, BS 7799 & BS 25999 Lead Auditor. Ashish enjoys consulting in and implementing Information Security and Risk Management best practices and lead the corporate security and risk function of value-based organizations. Ashish has won the Top 100 CISO Awards 2012, he was a part of the team to win SecureSynergy Security Strategist Awards 2005 in IT/ITES category



I haz you and pwn your maal

Harsimran Walia.
Research Scientist / b44nz0r
McAfee

The paper would talk about the evolution of malware in android and then it would delve into discuss about the different types of activities/infections done by the malwares. In a technical aspect the talk would present the lab setup, tools required and the reversing of the apk files in order to do malware analysis. The steps that would be covered includes unpacking the apk followed by decompilation of the dalvik executable to java code. Covering the basic reversing of the java code and patching/modifying the code, how can we compile the code and pack it back to an apk. How the android malware analysis is different from windows malware analysis.

The presentation includes a live demo of a malware. To relate my talk to the title of the presentation I would say the demo of android malware analysis that I would present is a specific one. While reversing that we get to know of a premium phone number to which the infected phone sends sms,hence I have you(your number). Also, if you reverse the malware and change the sms number to your number, that is how I own the malware.



Free and Open Source Software (IC-FOSS)

Satish Babu
Director
ICFOSS

Following the State Government approval by law on the setting up of The International Centre for Free and Open Source Software (IC-FOSS), the institution will be set up at Thiruvanthapuram. In this present era that has witnessed explosion of knowledge thanks to the Internet, it is important to democratise access to knowledge. The Kerala Government has time and again affirmed its intention to foster the State as a global destination for FOSS based software and IT enabled services.

IC-FOSS is expected to go a long way in making Kerala a global FOSS destination. Some of the areas that this institution proposes to take up includes developing and custohtmlhtmlmising Open Source applications, FOSS localization to Indian languages and speech interfaces on FOSS for the illiterate.

Vision and Mission

The vision of IC-FOSS is to become a leading research organisation in Free and Open Source model of knowledge development thereby contributing towards sustainable development of society and to stimulate economic development in the region.

The mission of IC-FOSS is to promote research and development in the area of Free and Open Source Software and the knowledge development model it puts forward.



Contemporary Transcription and Resource Parasitism

Arpit_Patel
Student of Master of Engineering in IT System And Network Security
GTU, Ahmedabad, Gujarat

We have gone through some real life scenarios of industries or organization which are based on Computer system and its resources. From there, we have found one of the most common but serious technical issue faced by every modern industry or organization. The issue is of “resource parasitism” i.e. the misuse of internet resources at workplace without useful requite to the industry itself and “contemporary transcription” i.e. the present anti internet abuse approaches which is used to tackle the misuse but carries many loopholes and serious discrepancies. To tackle this we are developing a system called “INFINITE” which is Intelligent Firewall and Network Inspector and Termination Evidence.



Evil JavaScript

Bishan Singh Kochar
Sr. Principal Security Engineer
Yahoo!

JavaScript is arguably the most important web programming language today with the focus shifting to rich applications that are like desktop apps. If not less, the server-side has seen major advancements in the adoption of JavaScript - in the likes of NodeJS, MongoDB.

This is a completely hands-on session. I use slides as mere placeholders. I will be covering this notorious, lovely, powerful, misunderstood language in the context of security. The evil side of JavaScript. I have spoken about the beautiful parts in my previous talks. And then also spoken about some evil parts in my recent talks on DOM XSS, NodeJS Security and Mashups. This talk is a culmination of questions asked during those talks and other popular issues like JSON exploits that deserved more focused space. I am NOT presenting previously unknown attacks. But taking the old and new, I share my experience. My interesting, real world, exciting encounters with the challenges I see and face with coding, detection, analysis and remediation.

The hands-on lab will be shared with delegates. They can play around later when they wish. I believe - we really understand things only when we do it. Not when we read or hear. At least that holds true for me.



Social Network Analysis and the War on Terror

Hormis Tharakan IPS
Former Director
RAW

This paper attempts to trace the history of the development of social networks analysis as a tool for fighting terror. Ever since anthropologist A.R. Radcliffe-Brown introduced the concept of social network analysis in his 1940 article “On Social Structures”, it has been common practice for social scientists to employ network analysis to comprehend linkages between people. With the rise of terrorist networks in the last few decades, there have been attempts to use network analysis as a tool to detect the evolution of terrorist communities and to unravel the hierarchical structure of such communities with the intent to destabilize them. Almost all the studies about social network analysis of terrorist networks have used models based on information available to the investigators after the terrorist attack had been carried out and loss to life and property had taken place. This paper argues that for an investigative tool to be of practical use, we need to test the tool on the basis of information available at a certain stage in the evolution of a terrorist network and not at its culmination. The paper also highlights the lack of authentic data available to researchers who have to depend almost entirely on open sources. It may be worthwhile for investigative and intelligence agencies to make authentic data based on interceptions and interrogations available to researchers so that social networks analysis (SNA) can be developed as a useful tool in the war on terror.



Public – Private Participation in combating Cyber Crime

Mohamed Shihab
Advisor (Technical)
IMPACT

To be updated.



Integrated Dial 100 New Generation System for Law Enforcement

R Srikumar IPS
Member
Central Vigilance Commission

Dial 100 is an approved project of the National Police Mission-2005 championed by the Union Ministry of Home Affairs. While Sh. R. Sri Kumar, previously CMD KSPHC and later DGP Karnataka, was heading the Micro Mission IV on infrastructure in the National Police Mission, the Dial 100 project was vociferously pushed by him and his team for its immediate adoption. He and his team members that included late Sh. Hemant Karkare believed and continue to believe that Dial 100 as conceived by them, would take the Indian Police to the next generation of policing- better than 911 NG. People familiar with the working of 911 emergency police response system in the United States, are also familiar with the evolution of the system from 911 to 911 E and then 911 NG which was found to be inadequate when the incidents of 9/11 took place. It is therefore necessary for police thinkers to plan for the futuristic police response system in an ever changing virtual world of information explosion and real terror threats.




Bringing Cyber Criminals to Book: Being on the Same Page

Nandkumar Saravade
Director
Citi Security and Investigative Services - South Asia

Improving incident response
  • Stakeholder perspectives
  • Gap analysis
  • Possible solutions



Digital Response solution for Disaster Management

Xminds Pvt Limited



To be updated.



Public – Private Participation in combating Cyber Crime

Mohamed Shihab
Advisor (Technical)
IMPACT

To be updated.



Making a Secure Data Centre

Damanjit
Asia Pacific Evangelist)
HP Security Products, HP

To be updated.



Hacktivism, Anonymous & Security Decoded

C N Shashidhar
Global Information Security Adviser
IBM, IN

Hacktivism is the new buzz word among hackers. Activists turn into Hackers for a cause. With their great skillsets they are able to bring powerful governments to their knees and created major headaches for Law Enforcement agencies across the world.

Anonymous & Lulz, Hackers collective have wreaked havoc the world over in their fight against Governments & Law Enforcement agencies.

It is against this background that the Security challenges and imperatives will be discussed.

The speaker hopes to provide a balanced view on the issues facing Security professionals and contrasts it with the dilemma in countering hacktivism & Anonymous



Public – Private Participation in combating Cyber Crime

Mohamed Shihab
Advisor (Technical)
IMPACT

To be updated.



Impact of cyber laws onvarious stakeholders

Sagar Rahurkar
Advocate


Indian Cyber Laws were official born on 17th October, 2000 with the Information Technology Act, 2000 (IT Act) coming into force. It’s been 12 years since it became operational. Nine years after the birth of cyber laws in India, major changes were made in it through the Information Technology (amendment) Act, 2008. On 11th of April, 11, rules under sections 6A, 43A and 79 of the Information Technology Act have been notified and a new era of cyber law compliance started. The Indian courts have given their verdict on some of the important cases under the IT Act and other allied laws in the span of last 12 years. This paper focuses on (but not limited to) –
  • Development of cyber law in India
  • Various issues covered by the cyber laws
  • Legal issues related to digital evidence -> Who is an expert witness in case of digital evidence?
  • Liability of the intermediary -> Sec. 79
  • Liability of companies -> Sec. 85
  • Powers of government with respect to cyberspace
  • Landmark cases decided by the Indian courts
  • Shortcomings in the current system
  • Who is expecting what from the cyber legal system?



Early Teens and Influence of Cyber Space

Basil Solomon
CISO
UST Global

35 years ago there were very few or no televisions in our households. The best you got was a radio or a tape recorder..Today’s children are exposed to all sorts to digital interfaces. Be it non interactive media like Television or interactive content like Internet and online games.They are a vulnerable lot with the technology at hand and not enough guidelines or controls.



Early Teens and Influence of Cyber Space

Vinay Vashishta
RBH


To be updated.



Social Media, its benefits, its dangers

Matthew W. Stephan CISM, CISSP, CRISC, CGEIT, PMP.
Far East Regional Information Assurance Manager (IAM)
US Government

On Social Media, its benefits, its dangers, active threats being utilized against companies, employee misuse, operational security risks, the future of it, and the increasing perception among people that access to social media/networks is no longer privilage, but a right.



The Weakest Link - Reinforcing the Human Element

Sandeep Godbole
Sr Manager Information Security
Syntel

In the security world humans have long been categorized as the weakest link in the security apparatus. However this weakest link, if transformed in the correct manner can morph onto the best line of defense and security for the organization. The benefits of an aware workforce are huge. The bigger the organization not only do they get bigger, but become more varied and resilient.



Cracking the Mobile Application Source Code

Sreenarayan A
Paladion Networks


Learn how a mobile expert cracks the mobile application source code. While testing / reviewing Android or iOS applications, you will love these tricks which will teach you to extract the source

code of any Mobile Application. Be it Apple provided encryption mechanism or Google Android or Blackberry application, if you have the application, you will learn how to crack the source code. The cracking of the source code reveals the hidden hardcoded secrets, encryption algorithm logics & keys, handshake tokens etc. Using demonstrations on various mobile platforms, the presentation teaches you the tricks of the trade.

Objectives:
  • To learn tested and proven methods of discovering insecurities via dis-assembling the mobile applications.
  • To give live demonstrations for cracking the source code of the various mobile platforms this includes Android, Apple, Blackberry and Windows Mobile.
  • To learn how to utilize the hidden treasures obtained from the source code.



WebApp Remote Code Execution using Server Side Scripting Engines

Rahul Sasi
iSIGHT partners


Remote code execution in web application is as critical as it sounds . The most followed methods to achieve code executions in web applications Pentest|Attack are via LFI|RFI|SQL injections attacks. Where you have un validated inputs passed on to critical (asp,php,java) function calls|Databases. This talk would be extending the code executions surface by trying to attacks the FrameWorks and Scripting Engines via Web Apps.



Easy Money with UI-Redressing

Amol Naik
Web Application Pentester
Mercedes-Benz Research & Development, IN

Did you know that Google gave out $410,000 last year for over 1,100 bugs? Did you know that Facebook paid $40,000 in just three weeks? I personally made more than $4K from Google and Facebook by reporting just 7 bugs. These bugs belong to a category of web vulnerabilities called 'UI Redressing' vulnerabilities. And these are serious enough for companies to pay money to those who report them. Want to know how to identify, exploit and fix these bugs in applications? then you must attend this talk where I go over my personal real-world experience on how I discovered these issues, what approach to follow and how to create a reliable PoC.



The CISO Challenge

Maria Bellarmine. P
CISO
TechMahindra

Emerging Technologies, mutating Threats, ever-evolving Standards and most of all, getting the cybercitizen involved! Quite an interesting combo for a CISO to enable business with optimal cost and ensuring the security of the organization by complying contracts, regulations and legislations. Is that all? There is more than what meets the eye, challenges a CISO...



Layer 8 Exploitation: A threat to National Security

Aakash Kumar Goel
Project Engineer
C-DAC, Hyderabad, IN

Layer 8 Exploitation, better known as Social Engineering is a threat, often overlooked but regularly exploited; to take advantage of what has long been considered the 'weakest link' in the security chain of an organization – the 'human factor'. The following real-life story is a classic illustration of this: “In 1994, a French hacker named Anthony Zboralski called the FBI office in Washington, pretending to be an FBI representative working at the U.S. embassy in Paris. He persuaded the person at the other end of the phone to explain how to connect to the FBI's phone conferencing system. Then he ran up a $250,000 phone bill in seven months.” -Bruce Schneier. “Secret and Lies”.



Gathering security requirements

Prashant KV
Infosys


Traditionally technical requirements are gathered from business requirement document(BRD). Security requirements are often ignored or considered aftermath, the focuses on how to gather security requirements and whats details needs to be captured as part of security requirement.



Deep Dive Android

Anant Shrivastava
Senior Systems Engineer
Infosys
     Ankur Bhargava
Application Security Professional
IBM India Software Labs

Android Needs no introduction, Its one of the fastest growing Smartphone / Tablet OS. Future plans ot just includes telecommunication equipment but also entertainment equipments like TV, Music Players and other house hold items. When the World is moving towards Android subsequently there is a rise in threat's and potential risk's in the same. This talk is geared towards Security professionals Who want to remain on the edge of the fast paced technology and possess in-depth understanding of Android.


Call for Papers


CFP Closed.
Speakers list to be updated on First week of June 2012.

CFP Review Committee


Armando Romeo. Founder, eLearnSecurity
Armando Romeo is the founder of eLearnSecurity, responsible for day-to-day management as well as content creation and delivery of all company courses. Prior to founding eLearnSecurity, Armando served as administrator and head of security for the Hackers Center Research Group and IT Security Services Manager for the Italian Security Brigade. Armando's has extensive experience and expertise in the areas of network security, secure coding and design, Web application security, penetration testing and security awareness.
Dinesh O Bareja. Founder, Honey Net India Chapter
Dinesh has over 23 years work and business experience across varied domains and has been in the technology domain since the past 15 years. His expertise and present work is in security strategy, architecture design and operations in areas like Banking, IPR, Cyber Security and Cybercrime, Critical Infrastructure among others. He is associated with the Cyber Defence Research Center (Jharkhand Police) as Cyber Surveillance Advisor and also leads the Indian Honeynet Project. In his commercial avatar he is an Infosec consultant for specialty services in DLP, SOC, SIEM, GRC, ISMS etc. You can find him blogging, writing or speaking, or on twitter, flckr, facebook linked in and you may not have to search too hard !
Peter Giannoulis. Founder, Source 44 Consulting
Peter is the Founder of Source 44 Consulting, an information security consulting firm based in Toronto, Ontario, Canada. Over the past 13 years Peter has been involved in the design and implementation of client defenses using many different security technologies. He is also skilled in vulnerability and penetration testing having taken part in hundreds of assessments. Peter spent many years involved with SANS and GIAC as an Authorized Grader for the GSEC certification, courseware author, exam developer, Advisory Board member, Stay Sharp instructor and Technical Director for the GIAC family of certifications. Peter's current certifications include: GSEC, GCIH, GCIA, GCFA, GCFW, GREM, GSNA, CISSP, CCSI, INFOSEC, CCSP, & MCSE.
Simon Bennetts, OWASP Zed Attack Proxy project
Simon Bennetts started the OWASP Zed Attack Proxy project, and leads the international group of volunteers who develop it. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. In his day job he works for Sage UK Ltd as a Team Leader for both a development and a security team. His day to day work includes designing and building web applications, performing security assessments and delivering security training.
Vahan Markarov Yerevan, Armenia
Vahan Markarov is researcher and lecturer in the fields of information security and software development. His research interests and areas of expertise include cryptography, steganography, software design and testing, biometrics and computer networks. Since 2001 he presented over dozen scientific articles on different international and local conferences (SAM 09 at WORLDCOMP 09, CSIT 2009, WAITCS2010) and published instructional materials on the subjects of his interests. He received PhD in computer science from State Engineering University of Armenia (SEUA), Yerevan, Armenia in 2003. He is associate professor at the SEUA and giving lectures in the department of Information Security and Software Development on the faculty of Computer Systems and Informatics.


Home   |   Venue  |  Speakers  |  Agenda  |  Workshops  |  Events  |  Register  |  Faq  |  Contact

© Information Security Day. All Rights Reserved.