Team
BOARD OF DIRECTORS
Pete Herzog
Pete is the co-founder of ISECOM and as Managing Director is directly involved in all ISECOM projects. In 2000, Pete created the OSSTMM for security testing and analysis. He is still the lead developer of the OSSTMM but has also leads the organization into new research challenges like Smarter Safer Better, the Bad People Project, and the Home Security Methodology. Pete's strong interest in the properties of trust and how it affects us and our lives has led to trust metrics and has brought ISECOM more deeply into Human Security. In addition to managing ISECOM, Pete taught the Masters for Security at La Salle University in Barcelona which accredits the OPST and OPSA training courses and Business Information Security in the MBA program from ESADE which is the foundation of the OPSA. In addition to security, Pete is an avid Maker, Hacker, and reader.
Marta Barceló
Marta is the co-founder of ISECOM and is responsible for ISECOM business operations. She maintains the media presence of all ISECOM projects, provides technical server administration for the websites and runs ISECOM's advertising campaigns. She attended Mannheim University of Applied Sciences in Germany and graduated with a Masters in Computer Science. In addition to running ISECOM, Marta has a strong passion for the arts, especially photography and graphic design, and her first degree is in music from Conservatori del Liceu in Barcelona. Marta had worked in mainstream IT corporations before settling down with ISECOM.
Nicolas Mayencourt
Nicolas Mayencourt has 20 years of professional experience in Information Technology and 15 years in Information Security Practice. He is an experienced and recognised practitioner, with a comprehensive knowledge of Information Security both technically as well as business-orientated. He is the founder and CEO of Dreamlab Technologies Ltd, a Switzerland-based company specializing in Open Standard IT. As senior consultant Nicolas Mayencourt has played a variety of security-related roles, including Technical Direction of Corporate Security Management and Controlling Frameworks, Supervision of Security Competence Centers of Major International Companies as well as Coaching of SOX and BS7799 Compliance Projects. Within ISECOM he is responsible for Business Development and Academic Alliances. He launched the OPST and OPSA courses at Universities in Switzerland and regularly promotes the OSSTMM at Major European Security Conferences.
Raoul "Nobody" Chiesa
Co-founder and C.T.O. of @ Mediaservice.net - a vendor-independent and "on-the-edge" security consulting firm based in Torino, Italy - Raoul Chiesa hangs out with IT security since 1986, being for more than a decade one of the most worldwide-known hackers on the X.25 and IP networks. Nobody describes himself now as an ethical hacker and he seriously works for the promotion of the genuine hacker's philosophy and the Open Source visions, helping with his knowledge in the development of security solutions and culture - both on the public and the private sector - worried for the national's and european infrastructures security flaws and exposures; back in 2002 Raoul brought the OSSTMM Professional Certifications to Italy, being the first private partner to believe in ISECOM's views. Raoul belongs to the Executive Board of CLUSIT (Italian Security Association) for the 2001-2002 and 2003-2004 terms, and he's a referral member of the Telecom Security Task Force); he certified as OPST and OPSA trainer in December 2002. His contributions to the OSSTMM especially refers to the Communications section.
Richard Feist
Richard has been working in the computer industry since 1989 where he started as a programmer. He started Nyx Technologies in 1996 with the crazy vision of 'doing the job properly' and to this day continues to beat his head against an apparent brick wall. He currently holds various vendor certifications (CISSP, MCSE, CCNA, dah di dah...) and is in the process of doing a MSc in Information Security (to fill the 25'th hour every day). He certified as an OPST and OPSA trainer in 2003. Richard is always available for conversation and can be found at the keyboard if he isn't emmersed in 'another' book or out trying to kill himself in his latest outdoor activity.
Jaume Abella
Jaume Abella (Barcelona, 1970) is Electronic Engineer (La Salle, URL). He is Head of the Networking Section and Associate Professor in the field of Networking at La Salle Engineering School of the Ramon Llull University (URL), where he teaches Communication Networks, CCNA and CCNP certifications within the Networking Academy Program of CISCO Systems, and directs La Salle-URL's Master in Security. His research interests are security systems in computer networks and their improvement through artificial intelligence techniques, working within URL's research group of Intelligent Systems.
Kim Truett
Kim started tinkering with computers on an Apple II, where she discovered that if she coded in machine language she could sneak additional programming instructions into memory addresses that the Apple OS had reserved, but wasn't actually using. From there she has made a career out of programming computers with a focus on management of accurate, secure data warehouses. Today, she is Director of a global Data Management department, but she still does her own programming and still explores with what's "beyond the obvious" in her spare time.
Robert E. Lee
Robert E. Lee got his start into computers at an early age with his first computer being a VAX 11/780 running BSD UNIX. After entering the professional work force in 1992 he has built his career as a Business Survivability consultant with a focus on Security, High Availability, and Disaster Recovery. In 2003, Robert founded Dyad Security, Inc. in Newport Beach, CA. In 2006 he sold Dyad to Swedish based Outpost24 AB and now serves as their Chief Security Officer.
Robert is a regular face at security conferences world-wide and is always up for friendly engaging conversation. If you happen to bump into him at an upcoming show, be sure to say hi.
Christoph Baumgartner
Christoph is the founder and CEO of OneConsult GmbH, a Swiss-based, internationally operating, IT security consulting firm with offices in Thalwil (Zurich, Switzerland), Munich (Germany) and Vienna (Austria), and a client base of hundreds of companies and international groups in Europe and overseas. OneConsult GmbH offers unbiased, product-independent consulting services - with a focus on sophisticated security audits (penetration test, application security audit, ethical hacking and conceptual security audit), digital forensics and related training. Christoph holds a Master's degree in Information Technology & Business Administration (University of Zurich) and is an OPST. He has been working as a security and strategy consultant since 1996 and has been applying and promoting the OSSTMM from 2002 onwards. Christoph is author of numerous articles in the specialist media and regularly delivers speeches at major IT security conferences. Based on OneConsult's wealth of experience with hundreds of OSSTMM-compliant audits, he is a valuable contributor to the methodology from a practical and commercial perspective.
Heiko Rudolph
Heiko Rudolph founded adMERITia in 2004 and serves as the CEO of the information security consulting company located in Langenfeld, Germany between Cologne and Duesseldorf. The vendor-independent company operates internationally in the field of technical, organizational and legal information security audits and consulting. adMERITia is specialized in KPI-based security measurement.
Working in the IT-business since 1996, Heiko has a strong focus on security management, business alignment, BCM, risk analysis and organizational information security. He has promoted the OSSTMM since 2006 through various articles and presentations at major German security conferences.
CORE TEAM
PROJECT MANAGERS
Dru Lavigne
Manager of the OPRP
Dru Lavigne entered the networking world in 1996 and soon discovered the joy of protocols, encapsulations, RFCs and penetration testing utilities. She now spends her working hours developing security curriculum and providing instruction in all manner of networking, routing, and security technologies. The rest of her time is spent experimenting with her network of FreeBSD systems. www.onlamp.com/pub/ct/15
Jeremy Wilde
Manager of the BIT
Jeremy Wilde has been working in information technology for over 12 years holding senior positions in large, medium and start-up software and service organizations.
A specialist in operational risk, business process and change management , a CISSP and professional member of the British Computer Society he brings a wide range of experience and general knowledge to the consulting table not least his enthusiasm for Beethoven and Cricket which may have only tangental application to a technology problem but are always, so he says, worth talking about.
TEAM
Fabrizio Sensibile
Born in 1975, expert in computer intrusion & defense techniques, Fabrizio works professionally in the IT Security field since 1997, applying his knowledge in top-level environments and data networks. Since 1998 he's employed as Network Security Consultant and Senior Security Prober in the Data Security Division of @Mediaservice.net, a well-known vendor-independent security consulting firm based in Torino, Italy. Fabrizio has been certified by ISECOM back in December 2002 as an authorized international trainer for the OPST and OPSA certification programs, EMEA area. He planned and currently manages the ITN (ISECOM Testing Network) firewall assets for the OSSTMM professional accreditation classes and for Hacker Highschool seminars.
Marco Ivaldi
Marco is an information security researcher and consultant, a UNIX expert, and a software developer. His main interests are networking, telephony, and control systems.
He is employed as Senior Security Advisor at @Mediaservice.net, where he is in charge of team coordination, advanced penetration testing, vulnerability research, and exploit development.
Marco is co-founder and editorial board member of Linux&C, the first Italian magazine about Linux and open source.
His homepage is www.0xdeadbeef.info.
Aaron Brown
After graduating from Georgetown University, Aaron realized he enjoyed taking programs apart more than he did building them. This led him to a career in the IT Security field.
Aaron is a security consultant, tester and analyst at adMERITia GmbH and specializes in the examination of test results and application of security metrics for data networks, telecommunications and web applications.
Since becoming OPSA certified, Aaron has made numerous contributions to the ISECOM and OSSTMM. Among his contributions are the further development of the security metric “Risk Assessment Value” (RAV) and the creation of an OSSTMM Applied Methodology for VoIP. Since 2007, Aaron has also promoted the OSSTMM through various publications and numerous presentations at IT conferences throughout Europe.
Jan Alsenz
Jan is CTO & Co-Partner at the Swiss-based, internationally operating, vendor-independent IT security consulting firm, OneConsult GmbH. His areas of expertise include technical and conceptual security consulting with a special focus on sophisticated penetration tests, application security audits and reverse engineering. Even before his computer science studies at the Swiss Federal Institute of Technology (ETH) in Zurich, which he completed with a MSc and a specialization in information security, he had developed a great interest in security, ranging from physical to theoretical approaches. In his role as a Security Consultant, Jan deals with the OSSTMM almost daily, which helps him provide valuable input based on his practical project experience.
Lars Heidelberg
Lars has been working in the IT business since 1999, and began focusing on security in 2002.
Since he joined adMERITia in 2004, he has been working in security audit teams as a tester for large companies all over Germany and Europe. He holds the OPST and OPSA certificates and in 2008 also became a trainer for ISECOM in Germany.
At ISECOM Lars is mostly working on the OPST course material, getting it updated and introducing new technologies.
Chris Griffin
I live in Indiana, USA. I have certifications for CISSP and CNDA. I have been in IT for 13 years and ITSEC professionally 5 years with much dabbling in the past. Currently working in a Government subcontractor environment as a Sr Security Analyst. While always trying to stay on top of all aspects of Information Security, lately I have been trying to learn more in Web Application Security. Im also considering going to college for a BS in INFOSEC.
Hernán Marcelo Racciatti
Hernán Marcelo Racciatti, is a collaborator of ISECOM in Argentina. System Analyst, Microsoft Certified Profesional and NSP (Network Security Program).
Hernán is an independent security researcher in Buenos Aires, Argentina. Nowadays he carries out as Systems and Technology chief in a Retail enterprise, leader in its business area. In his spare time, he works as security consultant, advising public and private companies, conducting controlled vulnerability tests and as orator in conferences related to his speciality. Along this last ten years he has worked actively in different areas related to computing and Communications. Colaborator in some of the ISECOM projects, GNU/AULA and diverse tecnical documents compiled for some publications of the computing underground. He can be contacted at:
Rick Tucker
Rick Tucker currently lives in Portland, OR and has recently formed a support services company for individual attorneys and small law firms (msummary.com). He has provided technical writing assistance to ISECOM in the past and has recently been selected to manage the Hacker Highschool Project.
Michael Menefee
Michael is the President& CEO of WireHead Security, a consulting firm in Raleigh, NC. He is also the Founder and President of Infosec Island, a free online information security community.
He has 15 years of direct Information Security consulting experience, working with clients in all verticals, markets and mentalities.
Michael is keenly interested in "Trust" and it's role in Operational
Security, regularly speaking on the topic and contributing to the Trust research for OSSTMM4 at ISECOM. Coincidentally, he is also fond of risk, having been married in Las Vegas, NV, gone sky-diving 12 times and fathering 2 sons with his wife.
Ty Miller
Ty Miller is the Chief Technical Officer at Pure Hacking in Sydney, Australia. Ty has performed penetration tests against countless systems for large Banking, Government, Telecommunications, and Insurance organizations worldwide, and has designed and managed large security architectures for a number of Australian organizations within the Education and Airline industries.
Ty presented at Blackhat USA 2008 in Las Vegas on his development of DNS Tunneling Shellcode, and was also involved in the development of the CHAOS Linux distribution, which aimed to be the most compact, secure openMosix cluster platform.
He is a certified ISECOM OPST and OPSA Instructor, and contributes to the Open Source Security Testing Methodology Manual. Ty has also run web application security courses and penetration testing tutorials for various organizations and conferences.
Ty holds a Bachelor of Technology in Information and Communication Systems from Macquarie University, Australia. His interests include web application penetration testing and shellcode development.
Rob J. Meijer
Manager of the SIPES Project
Rob started out as an electronics engineer, and got involved in computers at the OS, software, and networking levels in the early 1990s, at which point he got interested in the development of networking software on the UNIX platform. In 1995, his graduation assignment led him to come in contact with software programming for network protocol analyses, and he has been doing personal and professional projects in the field ever since. After his graduation in 1995, he worked for a few years as a system/network administrator for several ISP's. With these job functions, he was largely concerned with the security and containment issues involved in running internet services. During that period, he also worked as a private consultant in the area of internet servers, firewall configuration, and overall network security. Three years ago, he ended his system administration career and started to focus on software development. In his spare time, he now works on several GPL projects with respect to network servers and security. His main concern regarding network and system security is the current overexposure of the 'bugs' regarding security that seem to overshadow other important security issues, such as containment.
Joerg Simon
After a history as Linux user/enthusiast since 1995 mostly security within the defence-sector, his active involvement with FOSS started 2004 with the ldap workgroup of bwcon:boss to work on new schemes, new concepts and to encourage and enable the ldap interoperapility between different foss projects. Starting with his first FUDCon in 2005, today he is contributing to multiple groups within the Fedora Project, where he also serves as the FAmSCo ViceChair. He is one of the founding members of the Fedora EMEA e.V. NPO. His main focus in Fedora today is: the work on Community Development and Mentoring, Fedora as Security Testing Platform and the Fedora Security Spin, the Fedora mailing list and membership administration and working on strong support for Fedora in the former eastern bloc.
With his involvement to the OSSTMM and to the ISECOM team, he gave several talks about the OSSTMM, he recently initiated a german localization project and he work's on a customized OSSTMM Security-Live-System based on Fedora to use it along with the ISECOM-Curriculum to teach the OSSTMM.
Chuck Truett
Chuck Truett is a writer and editor with a particular interest in non-linear, self-reflexive metafiction. In the past he has written for audiences ranging from children to role-playing gamers. His work with ISECOM frequently involves attempting to turn text that he himself doesn't understand into text that everyone can understand. His preferred word processor is WordPerfect.
Glenn Norman
Glenn Norman is a Unix, network and security consultant in Albuquerque, New Mexico. He has worked with both Sandia and Los Alamos National Laboratories, and with secure networks for the VA and other large hospital systems.
As adjunct faculty for the University of New Mexico and New Mexico State University, Glenn teaches technical and security courses for IT students, state employees and Department of Defense personnel. Supporting the Unix network at the Mind Research Network reinforces his interest in psychology and MRI/MEG brain imaging, and also lets him provoke interest in cyber security among psychology researchers.
When he's not teaching or hacking, Glenn flies hang gliders and paragliders from every mountain he can find.