DoS Boston 2019 Speakers
Eva Galperin, Director of Cybersecurity, EFF
Eva Galperin is EFF's Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.
Sandy Silk, Director of Information Security Education & Consulting, Harvard University
Sandy leads a team of information security specialists who consult with researchers, faculty, and departments on security risks and controls for the data, technology, and vendors they use within their projects. The team also manages the annual information security self-assessment across the University, coordinates the annual review process for the Information Security Policy, produces the security awareness campaign, and teaches the Information Security Foundations course that all IT professionals at Harvard attend. They are active in volunteerism and community outreach, particularly in spotlighting cybersecurity as an exciting and in-demand career that needs diversity of thinking and experiences to be most effective for the business and personal goals it supports.
Sandy Carielli, Director of Security Technologies, Entrust Datacard
Sandy Carielli has spent over a dozen years in the cyber security industry, with particular focus on identity, PKI, key management, cryptography and security management. As Director of Security Technologies for Entrust Datacard, Sandy guides the organization’s next generation security and technology strategy. Prior to Entrust Datacard, Sandy was Director of Product Management at RSA, where she was responsible for SecurID and data protection. She has also held positions at @stake and BBN. Sandy has been a speaker at RSA Conference, SOURCE Boston, the NYSE Cyber Risk Board Forum and BSides Boston. She has a Sc.B. in Mathematics from Brown University and an M.B.A. from the MIT Sloan School of Management.
Chloe Messdaghi, Security Researcher Advocate/PMM, Bugcrowd
Since entering cybersecurity space, Chloe sees security as a humanitarian issue. Chloe’s Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations. Chloe also heads WIST, mentors and advocates for inclusion in tech, and founded a nonprofit called Drop Labels.
Candis Orr, Security Associate, Bishop Fox
Candis focuses on vulnerability management, social engineering, and information security governance.
Candis’s experience includes building the vulnerability management programs for a Fortune 20 media enterprise and a prominent nonprofit healthcare organization. She worked with both companies’ infrastructure teams to strategize remediation methods. Candis also designed and implemented an application security program for a national airline. During the project, she documented procedures and guidelines for the airline’s security standards and worked with the development team to review vulnerabilities and determine appropriate remediation tactics.
Additionally, Candis has conducted social engineering campaigns against critical infrastructure providers, financial institutions, and multinational media corporations.
Ming Chow, Senior Lecturer, Tufts University Department of Computer Science
Ming Chow is a Senior Lecturer at the Tufts University Department of Computer Science and a member of the Wall of Sheep team. He has served as a mentor to a BSides Las Vegas Proving Ground track speaker since 2014, a track focused on helping new speakers in the information security and hacker communities acclimate to public speaking.
Nazira Carlage, Director, Product and Application Security, Dell.
Nazira leads Dell’s Product Security Incident Response Team that is responsible for managing and resolving security vulnerabilities in Dell products and applications. She drives Dell’s crowdsourced security testing strategy and programs. Additionally, she has the responsibility to drive the strategy and execution of initiatives to manage various product security inquiries from customers, as well as deliver security information to customers.
She represents Dell at the Forum for Incident Response (FIRST: https://first.org/ ) and SAFECode (www.safecode.org). She contributed to the development of CVSSv3 (https://www.first.org/cvss) and CWE/SANS TOP 25 Most Dangerous Software Errors (http://www.sans.org/top25-software-errors/).
Ms. Carlage holds a Master’s degree in Computer Science from Boston University and a Bachelor’s degree in Computer Science from Kyrgyz State Technical University. She is CISSP, GPEN, and GCIH certified.
Lisa Parcella, Vice President of Product Management & Marketing, Security Innovation
With a background in product management, security awareness, marketing communications, and academia, Lisa leverages her vast experience to design and deliver comprehensive security-focused products and educational solutions for the company’s diverse client base.
Lisa’s primary role as Vice President of Product Management and Marketing at Security Innovation is to work with customers, prospects and industry experts to ensure we are creating innovative and holistic products and programs that address the various needs of today’s global workforce.
Lisa also leads the CMD+CTRL in the Community program, actively seeking to encourage the skill development and advancement of underrepresented groups in cybersecurity, and encourage STEM engagement with youth organizations.
Lisa currently serves on the Women in Security and Privacy (WISP) Management Team as the WISP Marketing, Social Media and PR Lead and as a member of the United Way BoSTEM Leadership Committee. Before joining Security Innovation, Lisa served as Vice President of Educational Services at Safelight Security.
Kristin Dahl, Cyber Security Research Consultant, IBM X-Force IRIS
Kristin Dahl is a cyber security consultant with IBM X-Force IRIS and former research staff member at MIT Lincoln Laboratory. Kristin’s experience includes investigative research, policy development, threat assessment, and security operations across the defense sectors, critical systems, academia, and private industry. Kristin has worked collaboratively with multiple stakeholders and federal agencies, including the Department of Defense, the Department of Homeland Security, and the Department of Energy.
Carolyn Duby, Solutions Engineer, Hortonworks
Carolyn helps customers harness the power of their data with Apache open source platforms. Previously, she was the architect for cybersecurity event correlation at SecureWorks. A subject-matter expert in cybersecurity and data science, Carolyn is an active leader in the community and frequent speaker at Future of Data meetups in Boston, MA, and Providence, RI, and at conferences such as Strata, Open Data Science Conference and Global Data Science Conference. Carolyn holds an ScB (magna cum laude) and ScM from Brown University, both in computer science. She is lifelong learner and recently completed the Johns Hopkins University Coursera Data Science Specialization.
Nadean Tanner, Lead Technical Education Consultant, Rapid7
Nadean Tanner is an experienced instructor with over 18 years’ experience in information technology and security training. As an instructor with Rapid7, she teaches Vulnerability Management as well as Metasploit Pro. Before Rapid 7,
Nadean taught for Security Analytics and Advanced Security Operations Center Management for RSA. She taught cyber security and information assurance 8570 classes for the Department of Defense including CISSP at Fort Gordon, Fort Carson and the Pentagon. She has experience with graduate level instruction spending 6 years teaching at Louisiana State University.
Nadean’s expertise is strongest in communicating complex subject matter in a way everyone can understand. She holds many CompTIA certifications including A+, Network+, Security+, Server+ and CASP as well as the ITILv3 and CISSP. She holds several product certifications such as the LogRhythm Certified Administrator and Nexpose Certified Administrator, Advanced Vulnerability Manager, Metasploit Certified Specialist and InsightIDR Specialist.
“Nadean is a passionate, skilled, and seasoned Information Security Professional. She not only can do the work but she can also effectively show others the ropes as an incredible trainer and mentor who is always looking out for the best interests of her students.” Greg Foss, Sr Threat Researcher, CarbonBlack
Jennifer Iwata, Project Manager, Rapid7
Jennifer is an enthusiastic and data-driven Product Operations Manager who has spent the last few years building out multiple Program Management groups, developing large scale systems for cross-functional planning and prioritization, and helping teams achieve success. She enjoys the company of great people with good food and beer, and has even been called a beer snob once or thrice.
Felicia MacArthur, Security Analyst, Bishop Fox
Felicia focuses on hybrid application assessments. Additionally, Felicia has an extensive background in incident response and digital forensics. She is a holder of the SANS Lethal Forensicator coin.
Within the security community, Felicia is a member of the Women’s Society of Cyberjutsu (WSC) and regularly participates in Hack The Box challenges. Felicia also participates in capture-the-flag (CTF) competitions, including competitions held at the annual Digital Forensic Research Workshop (DFRWS). Prior to working at Bishop Fox, Felicia was a senior forensics analyst at PayPal, where she helped the incidence response (IR) team to build out processes to conduct malware response. Felicia also worked in the abuse department at GoDaddy, where she handled phishing and malware incidents. In this position, she discovered that a WordPress plugin was being exploited and spearheaded a campaign to clean up customers’ hosting accounts.
Kelly Albrink, Security Analyst, Bishop Fox
Kelly Albrink is a Security Analyst at Bishop Fox where she specializes in network penetration testing, social engineering, and hardware/embedded security. Kelly has presented at a number of Bay Area events including DeadDrop, Day of Shecurity, and OktaRex.
She is a recipient of the SANS CyberTalent Immersion Academy scholarship and is an active CTF participant. Kelly has competed in the NetWars Tournament of Champions. In addition, she volunteers with her local hackerspace, Noisebridge, where she organizes Infosec Lab Nights and mentors aspiring penetration testers.
Cecillia Tran, Security Analyst, Bishop Fox
Cecillia specializes in application penetration testing, network penetration testing, source code review, wireless penetration testing, and social engineering. She was previously an engagement manager for nearly two years.
Cecillia has interned at Lockheed Martin and Alcon Laboratories, Inc. She was invited to speak at DragonCon 2016 as part of the “Women in Science and Tech Careers” panel. Currently, she is studying toward her OSCP certification.
Cecillia holds a Bachelor of Arts in Liberal Arts and Engineering focused in Computer Science and Technological Communications from California Polytechnic State University – San Luis Obispo.
Kate Broussard (eWPT), Senior Security Analyst, Bishop Fox
Kate's experience at Bishop Fox includes hybrid application assessments for Fortune 500 software companies and startups. During an assessment for a popular transportation company, she discovered a CSV file injection vulnerability, which allowed attackers to inject unsafe input into otherwise secure systems and could act as a vector for more severe issues including cross-site scripting, arbitrary code execution, and second-order SQL injection.
Kate is an active security researcher. Kate holds a Master of Arts in Comparative Literature from the University of Texas at Austin.
Brian Contos, CISO & VP, Technology Innovation, Verodin.
Brian is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information Systems Agency (DISA) and later Bell Labs, he began the process of building cybersecurity startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, and Solera Networks.
Brian has worked in over 50 countries across six continents. He is a board advisor for Cylance, JASK, Appdome, and the University of South Florida. He has authored several books, his latest with the former Deputy Director of the NSA, spoken at leading security events globally such as Black Hat, RSA, and BSides, and has been on C-SPAN, Fox, CNBC, CBS News, Bloomberg, and many others. Brian is a Distinguished Fellow with the Ponemon Institute and an Official Member of the Forbes Technology Council. Brian was recently featured in a cyberwar documentary alongside General Michael Hayden (former Director NSA and CIA).
Christina Mitchell, Application Security Engineer, Indeed
Christina is an Application Security Engineer at Indeed. She formerly managed their crowdsourced bug hunting platform, and currently focuses on application assessments ranging from 3rd parties and internally developed.
O’Shea Bowens, CEO & Founder, Null Hat Security
O'Shea Bowens is a cyber security enthusiast with a decade of information security experience. He is the founder and CEO of "Null Hat Security", which focuses on incident response, security training, SOC program management, and blue team engagements. O'Shea has worked and consulted for companies and clients, including the federal government, Fortune 500 companies, and international firms. He specializes in areas of incident response, network and systems security, security architecture, and malware analysis. O'Shea founded Null Hat Security as an organization with greater focus on personal engagements with cyber security defenders to produce greater fine-tuning of existing skill sets, targeted training for staff, and increased knowledge of industry-wide best practice response efforts. When he's not in front of a computer he enjoys snowboarding and teaching his baby daughter to HACK THE PLANET.
Kaitlin O’Neil, Technical Recruiter, Bishop Fox
Kaitlin focuses on supporting key technical roles, managing the intern program, and hiring support staff. She works to foster the firm’s reputation within the community, collaborating with universities and organizations to enhance Bishop Fox’s outreach efforts.
Kaitlin’s professional background encompasses the spectrum of technical recruiting. At Samsung, Kaitlin supported and developed diversity and military hiring programs and served as a boardmember for “Women in Technology at Samsung.” She expanded their college hiring programs, targeting top engineering schools around the country and acting as the full life cycle recruiter for more than 150 college hires. At Microsoft, Kaitlin hired hundreds of computer science students and served as an intern recruiting partner for the Xbox, Surface, and HoloLens teams.
Jodie Labonte, Security Incident Manager, Novartis Institutes for BioMedical Research (NIBR)
Jorie Labonte is a passionate security professional operating in "Security Operations Centers" over the past decade. Jorie started her security career in the United State Marine Corps, completing four deployments and embedding into agency Cyber Protection Teams. Transitioning from the military, Jorie continued government "Cyber Operations" support and tech start-ups utilizing experience in passive and austere environments to better shape the defensive cyber front for her clients. Jorie focuses her expertise on developing, managing, and executing security incident response and handling for rapid recovery and data recovery. In her free time, Jorie enjoys puppies, whiskey tastings, and any outdoor activity except skiing.
Sarah Gibson, Senior Application Security Consultant, Veracode
Sarah Gibson is an application security consultant who focuses on working with developers to understand and fix the security issues within their code. With a focus on showing developers how secure code is good code. She has been working in application security testing for the past six years and enjoys poking at the internet.
Yolanda Liu, Chief Security Architect, Coinbase
Chief Security Architect for Coinbase, the largest cryptocurrency exchange in North America. Formerly a Lockheed Martin Cyber Security Technical Fellow, specializing in system security design for major weapon systems.
Engineering foundations in software development and telecommunications.