|
|
|
BOARD OF DIRECTORS |
|
 Pete Herzog
Managing Director
public key
As Managing Director, Pete is the
co-founder of ISECOM and is directly involved in all ISECOM projects. His
main objective is for ISECOM to assure truth in security application and
deployment. Pete focuses on scientific, methodical testing for
controlling the quality of security, countermeasures, access controls, and
business integrity. In addition to managing ISECOM, Pete teaches the
Masters for Security at La Salle University in Barcelona which accredits
the OPST and OPSA training courses and Business Information Security in
the MBA program from ESADE which is the foundation of the OPSA. Other than
security, Pete reads a lot. He reads pretty much everything he can get
his hands on and most often is seen with a book, a magazine, and a pen for
marking them up. |
 Marta Barceló
Director of Operations
public key
Marta is the co-founder of ISECOM, and is responsible for
ISECOM business operations. She maintains the
media presence of all ISECOM projects, provides technical server
administration for the websites and runs
ISECOM's advertising campaigns. She
attended Mannheim University of Applied Sciences in Germany and
graduated with a Masters in Computer Science. In addition to running
ISECOM, Marta has a strong passion for the arts, especially
photography and graphic design, and her first degree is in
music from Conservatori del Liceu in Barcelona.
Marta had worked in
mainstream IT corporations before settling down with ISECOM.
|
|
 Nicolas
Mayencourt
Director of Business Development
Nicolas Mayencourt has 20 years of professional experience in Information
Technology and 15 years in Information Security Practice. He is an
experienced and recognised practitioner,
with a comprehensive knowledge of Information Security both technically as
well as business-orientated. He is the founder and CEO of Dreamlab
Technologies Ltd, a Switzerland-based company specializing in Open
Standard IT. As senior consultant Nicolas Mayencourt has played a variety
of security-related roles, including Technical Direction of Corporate
Security Management and Controlling Frameworks, Supervision of Security
Competence Centers of Major International Companies as well as Coaching of
SOX and BS7799 Compliance Projects. Within ISECOM he is responsible for
Business Development and Academic Alliances. He launched the OPST and OPSA
courses at Universities in Switzerland and regularly promotes the OSSTMM
at Major European Security Conferences. |
 Raoul
"Nobody" Chiesa
Director of Communications
public key
Co-founder and C.T.O. of @ Mediaservice.net - a
vendor-independent and "on-the-edge" security consulting firm based in
Torino, Italy - Raoul Chiesa hangs out with IT security since 1986,
being for more than a decade one of the most worldwide-known hackers on
the X.25 and IP networks. Nobody describes himself now as an ethical
hacker and he seriously works for the promotion of the genuine hacker's
philosophy and the Open Source visions, helping with his knowledge in the
development of security solutions and culture - both on the public
and the private sector - worried for the national's and european
infrastructures security flaws and exposures; back in 2002 Raoul brought
the OSSTMM Professional Certifications to Italy, being the first private
partner to believe in ISECOM's views. Raoul belongs to the Executive Board
of
CLUSIT (Italian
Security Association) for the 2001-2002 and 2003-2004 terms, and he's a
referral member of the
Telecom Security Task Force); he certified as OPST and OPSA trainer in
December 2002. His contributions to the OSSTMM especially refers to the
Communications section. |
|
 Richard
Feist
Director of Operations Development
Richard has been working in the
computer industry since 1989 where he started as a programmer. He started
Nyx Technologies in 1996 with the crazy vision of 'doing the job properly'
and to this day continues to beat his head against an apparent brick wall.
He currently holds various vendor certifications (CISSP, MCSE, CCNA, dah
di dah...) and is in the process of doing a MSc in Information Security
(to fill the 25'th hour every day). He certified as an OPST and OPSA
trainer in 2003. Richard is always available for conversation and can be
found at the keyboard if he isn't emmersed in 'another' book or out trying
to kill himself in his latest outdoor activity.
|
 Jaume Abella
Director of Academic Development
Jaume Abella (Barcelona, 1970) is
Electronic Engineer (La Salle, URL). He is Head of the Networking Section
and Associate Professor in the field of Networking at La Salle Engineering
School of the Ramon Llull University (URL), where he teaches Communication
Networks, CCNA and CCNP certifications within the Networking Academy
Program of CISCO Systems, and directs La Salle-URL's Master in Security.
His research interests are security systems in computer networks and their
improvement through artificial intelligence techniques, working within
URL's research group of Intelligent Systems.
|
|
 Kim
Truett
Director of Operations Development
Kim started tinkering with computers
on an Apple II, where she discovered that if she coded in machine language
she could sneak additional programming instructions into memory addresses
that the Apple OS had reserved, but wasn't actually using. From there she
has made a career out of programming computers with a focus on management
of accurate, secure data warehouses. Today, she is Director of a global
Data Management department, but she still does her own programming and
still explores with what's "beyond the obvious" in her spare time. |
 Robert E. Lee
Director of Projects &
Resources
Robert E. Lee got his start into computers at an early age with his
first computer being a VAX 11/780 running BSD UNIX. After entering
the professional work force in 1992 he has built
his career as a Business Survivability consultant
with a focus on Security, High Availability, and
Disaster Recovery. In 2003, Robert founded Dyad Security, Inc. in
Newport Beach, CA. In 2006 he sold Dyad to Swedish based Outpost24
AB and now serves as their Chief Security Officer.
Robert is a regular face at security conferences world-wide and is
always up for friendly engaging conversation. If you happen to bump
into him at an upcoming show, be sure to say hi. |
|
CORE TEAM |
|
PROJECT MANAGERS |
|
 Dru Lavigne
Manager of the OPRP
Dru Lavigne entered the networking world in 1996 and soon
discovered the joy of protocols, encapsulations, RFCs and penetration
testing utilities. She now spends her working hours developing security
curriculum and providing instruction in all manner of networking, routing,
and security technologies. The rest of her time is spent experimenting
with her network of FreeBSD systems.
www.onlamp.com/pub/ct/15 |
 Rick
Tucker
Manager of the Hacker Highschool
Project
Rick Tucker currently lives in
Portland, OR and has recently formed a support services company for
individual attorneys and small law firms (msummary.com). He has provided
technical writing assistance to ISECOM in the past and has recently been
selected to manage the
Hacker Highschool Project. |
 Rob J. Meijer
Manager of the SIPES Project
Rob started out as an electronics
engineer, and got involved in computers at the OS, software, and
networking levels in the early 1990s, at which point he got interested in
the development of networking software on the
UNIX platform. In 1995, his graduation assignment led him to come in
contact with software programming for network protocol analyses, and he
has been doing personal and professional projects in the field ever since.
After his graduation in 1995, he worked for a few years as a
system/network administrator for several ISP's. With these job functions,
he was largely concerned with the security and containment issues involved
in running internet services. During that period, he also worked as a
private consultant in the area of internet servers, firewall
configuration, and overall network security. Three years ago, he ended his
system administration career and started to focus on software development.
In his spare time, he now works on several GPL projects with respect to
network servers and security. His main concern regarding network and
system security is the current overexposure of the 'bugs' regarding
security that seem to overshadow other important security issues, such as
containment. |
 Jeremy
Wilde
Manager of the BIT
Jeremy Wilde has been working in information technology for over 12 years
holding senior positions in large, medium and start-up software and
service organizations.
A specialist in operational risk, business process and change management ,
a CISSP and professional member of the British Computer Society he brings
a wide range of experience and general knowledge to the consulting table
not least his enthusiasm for Beethoven and Cricket which may have only
tangental application to a technology problem but are always, so he says,
worth talking about. |
|
 Christoph Baumgartner
Project Manager of SOMA
Christoph is the founder and CEO
of OneConsult GmbH, a Swiss based, internationally operating,
vendor-independent IT security consulting firm. OneConsult specializes in
technical and organisational security audits, as well as strategic
consulting, providing services for clients in the financial services,
pharmaceutical, retail and government sector.
He has a Master's degree in Information Technology & Business
Administration (University of Zurich) and is an OPST. He is working as a
security consultant since 1996 and is applying and promoting OSSTMM since
2002. Christoph Baumgartner is author of several articles in various IT
publications and regularly holds speeches at major IT security conferences
(e.g. 'IT Risk Management 2004' of SwissICT, Swiss Infosec 2004, 2005,
2006 and Euroforum 'SecurITy 2006'). |
|
|
TEAM |
 Fabrizio Sensibile
Born in 1975, expert in computer
intrusion & defense techniques, Fabrizio works professionally in the IT
Security field since 1997, applying his knowledge in top-level
environments and data networks. Since 1998 he's employed as Network
Security Consultant and Senior Security Prober in the Data Security
Division of @Mediaservice.net, a well-known vendor-independent security
consulting firm based in Torino, Italy. Fabrizio has been certified by ISECOM back in December 2002 as an authorized international trainer for
the OPST and OPSA certification programs, EMEA area. He planned and
currently manages the ITN (ISECOM Testing Network) firewall assets for the OSSTMM professional accreditation classes and for Hacker Highschool
seminars. |
 Marco
Ivaldi
Marco is a computer security researcher and consultant, a UNIX software
developer, and a system administrator. His particular interests are
networking, telephony, and cryptography. He's employed as CSO at
@Mediaservice.net, a leading
Italy-based security company: his jobs include network security, advanced
penetration testing, and R&D. He's founder and editorial board member of
Linux&C, the first italian tech
magazine about Linux and open-source. Homepage:
www.0xdeadbeef.info. |
 Aaron
Brown
After graduating from Georgetown University, Aaron realized he enjoyed
taking programs apart more than he did building them. This led him to a
career in the IT Security field.
Aaron is a security consultant, tester and analyst at adMERITia GmbH and
specializes in the examination of test results and application of security
metrics for data networks, telecommunications and web applications.
Since becoming OPSA certified, Aaron has made numerous contributions to
the ISECOM and OSSTMM. Among his contributions are the further development
of the security metric “Risk Assessment Value” (RAV) and the creation of
an OSSTMM Applied Methodology for VoIP. Since 2007, Aaron has also
promoted the OSSTMM through various publications and numerous
presentations at IT conferences throughout Europe. |
 Heiko
Rudolph
Heiko Rudolph founded adMERITia in 2004 and serves as the CEO of the
information security consulting company located in Langenfeld, Germany
between Cologne and Duesseldorf. The vendor-independent company operates
internationally in the field of technical, organizational and legal
information security audits and consulting. adMERITia is specialized in
KPI-based security measurement.
Working in the IT-business since 1996, Heiko has a strong focus on
security management, business alignment, BCM, risk analysis and
organizational information security. He has promoted the OSSTMM since 2006
through various articles and presentations at major German security
conferences. |
 Lars
Heidelberg
Lars has been working in the IT business since 1999, and began focusing on
security in 2002.
Since he joined adMERITia in 2004, he has been working in security audit
teams as a tester for large companies all over Germany and Europe. He
holds the OPST and OPSA certificates and in 2008 also became a trainer for
ISECOM in Germany.
At ISECOM Lars is mostly working on the OPST course material, getting it
updated and introducing new technologies. |
 Chris Griffin
I live in Indiana, USA. I have
certifications for CISSP and CNDA. I have been in IT for 13 years and
ITSEC professionally 5 years with much dabbling in the past. Currently
working in a Government subcontractor environment as a Sr Security
Analyst. While always trying to stay on top of all aspects of Information
Security, lately I have been trying to learn more in Web Application
Security. Im also considering going to college for a BS in INFOSEC.
|
|
 Hernán
Marcelo Racciatti
Hernán Marcelo Racciatti, is a collaborator of ISECOM in
Argentina. System Analyst, Microsoft Certified Profesional and NSP
(Network Security Program).
Hernán is an independent security researcher in Buenos Aires, Argentina.
Nowadays he carries out as Systems and Technology chief in a Retail
enterprise, leader in its business area. In his spare time, he works as
security consultant, advising public and private companies, conducting
controlled vulnerability tests and as orator in conferences related to his speciality. Along this last ten years he has worked actively in different
areas related to computing and Communications. Colaborator in some of the ISECOM projects, GNU/AULA and diverse tecnical documents compiled
for some publications of the computing underground. He can be contacted
at:
http://www.hernanracciatti.com.ar |
 Colby
Clark
public key
Senior IT Security Professional
Colby Clark has many years of IT consulting and security experience. He
has served Fortune 500 companies, law firms, financial institutions,
educational institutions, telecommunications companies, and middle market
organizations throughout North America. Projects include comprehensive
security assessments, risk evaluations, incident response, and business
continuity activities. Mr. Clark has also obtained numerous certifications
from companies such as ISC2, ISECOM, Checkpoint, Cisco, and Microsoft
including: CISSP, OPSA, CCSA, CCNP, CCNA, MCSE, MCP+I. Mr. Clark received
an advanced degree in Business Administration from the University of
Southern California where he graduated Cum Laude and was the Vice
President of the Student Consulting Association.
|
 Thomas
Bader
Thomas Bader is
working at Dreamlab Technologies Ltd. as a trainer and solution architect.
Since the early summer of 2007 he is in charge of the ISECOM courses
throughout Switzerland. As an OSSTMM trainer he is also participating in
the development of the OPSE certificate courses and the test network for
the OPST courses.
As from the time when he first came into contact with Open Source software
as a student preparing the federal certificate in computer sciences in
1997, he began specialising in network and security technologies. In the
upcoming years he professionally works in that field and gains a lot of
experience with different firms which occupy him as a consultant and also
as a technician. Since 2001 Thomas Bader has worked on the development of
the LPI training course which he teaches himself. Since 2006 he works for
Dreamlab Technologies Ltd. who is the official ISECOM representative for
Switzerland, France and Germany. |
 Ty
Miller
Ty Miller is the Chief Technical Officer at Pure Hacking in Sydney,
Australia. Ty has performed penetration tests against countless systems
for large Banking, Government, Telecommunications, and Insurance
organizations worldwide, and has designed and managed large security
architectures for a number of Australian organizations within the
Education and Airline industries.
Ty presented at Blackhat USA 2008 in Las Vegas on his development of DNS
Tunneling Shellcode, and was also involved in the development of the CHAOS
Linux distribution, which aimed to be the most compact, secure openMosix
cluster platform.
He is a certified ISECOM OPST and OPSA Instructor, and contributes to the
Open Source Security Testing Methodology Manual. Ty has also run web
application security courses and penetration testing tutorials for various
organizations and conferences.
Ty holds a Bachelor of Technology in Information and Communication Systems
from Macquarie University, Australia. His interests include web
application penetration testing and shellcode development. |
|
 Chuck
Truett
Chuck Truett is a
writer and editor with a particular interest in
non-linear, self-reflexive metafiction. In the past he has written for
audiences ranging from children to role-playing gamers. His work
with ISECOM frequently involves attempting to turn
text that he himself doesn't understand into text
that everyone can understand. His preferred word
processor is WordPerfect.
|
 Joerg
Simon
After a history as Linux
user/enthusiast since 1995 mostly security within the
defence-sector, his active involvement with FOSS started 2004 with
the ldap workgroup of bwcon:boss to work on new
schemes, new concepts and to encourage and enable
the ldap interoperapility between different foss projects. Starting
with his first FUDCon in 2005, today he is contributing to multiple
groups within the Fedora Project, where he also
serves as the FAmSCo ViceChair. He is one of the
founding members of the Fedora EMEA e.V. NPO. His main focus in
Fedora today is: the work on Community Development and Mentoring,
Fedora as Security Testing Platform and the Fedora
Security Spin, the Fedora mailing list and
membership administration and working on strong support for Fedora in
the former eastern bloc.
With his involvement to the OSSTMM and to the ISECOM team, he gave several
talks about the OSSTMM, he recently initiated a german localization
project and he work's on a customized OSSTMM
Security-Live-System based on Fedora to use it
along with the ISECOM-Curriculum to teach the OSSTMM. |
|
|
ISECOM is an open, collaborative,
non-profit, scientific, security research organization registered in Catalunya, Spain. All research here has been performed without
commercial or partisan influence. Contact
us directly to be a security researcher on the ISECOM team.
 |
|
Disclaimer:
While all documents on this site are available under
Copyleft and the
Open Methodology License,
do check the licenses within each tool or document prior to copying,
modifying, or distribution for any individually stated requirements.
Additionally, all research is provided here for information purposes
only and ISECOM is not responsible for any misuse. |
|
TEAM ACCESS