Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. At iSEC, Himanshu runs the firm’s product development efforts, manages the sales team, and oversees the marketing program.
Himanshu is also a renowned industry author with six security books published, including Hacking VoIP (No Starch Press), Hacking Exposed: Web 2.0 (McGraw Hill/Professional), Hacker’s Challenge 3 (McGraw Hill/Professional), Securing Storage (Addison Wesley), and Implementing SSH (Wiley). In addition to these books, Himanshu also has a patent pending on Fibre Channel security.
Before starting iSEC Partners, Himanshu was the Regional Technical Director at stake, Inc.
Chris Clark is a principal security consultant at iSEC Partners, where he writes tools, performs penetration tests, and serves as a Windows and Mobile expert. Throughout his software career, Chris has focused exclusively on security and has assisted several large companies in designing and developing secure software. He has led several teams through implementation of the Security Development Lifecycle (SDL) and the initial bootstrapping process required to develop secure products. By working on server, client, and hosted web applications, Chris has amassed a broad range of security experience. Before joining iSEC, Chris worked for Microsoft, where he was responsible for ensuring the security of both a large-scale payment system and a widely deployed enterprise management product.
Chris has presented on security at RSA 2009, NY/NJ and Seattle OWASP chapter meetings, and the SOA Executive Forum, and as a trainer at Black Hat Federal, where he collaborated with Immunity and Microsoft to deliver the Defend-the-Flag training. In addition to public speaking, Chris has developed and delivered several training seminars to both management teams and engineers working to develop more secure products.
David Thiel is a Principal Security Consultant with iSEC Partners. He has over 12 years of computer security experience, auditing and designing security infrastructure in the electronic commerce, government, aerospace, and online wagering industries. Areas of expertise are web application penetration testing, network protocols, fuzzing, Unix, and Mac OS X. Research interests include mobile and embedded device exploitation, media software vulnerabilities, and attack vectors in emerging web application technologies. He has presented research and security topics at Black Hat USA, Black Hat EU, DEFCON, PacSec, and Syscan, and is a contributor to the FreeBSD project.
About the Contributors
Jesse Burns is a founding partner and VP of Research at iSEC Partners. Jesse is considered an industry leader in mobile application security and mobile platforms, including the Android OS. In addition to mobile security research, Jesse performs penetration tests, writes security tools, and leads independent research within the firm.
Jesse has over a decade of experience as a software engineer and security consultant, and has helped many of the industry’s largest and most technically demanding companies with their application security needs. He has led numerous development teams; in addition, he designed and developed a Windows-delegated enterprise directory management system, produced low-level security tools, built trading and support systems for a major U.S. brokerage, and architected and built large frameworks to support security features such as Single Sign-On. Jesse has also written network applications such as web spiders and heuristic analyzers. Prior to founding iSEC, Jesse was a managing security architect at stake, Inc.
Jesse has presented his research throughout the United States and internationally at venues, including the Black Hat Briefings, Bellua Cyber Security, Syscan, OWASP, Infragard, and ISACA. He has also presented custom research reports for his many security consulting clients on a wide range of technical issues, including cryptographic attacks, fuzzing techniques, and emerging web application threats.
Jason Chan is the Director of Security at VMware. Before VMware, he was a consultant with iSEC Partners, where he focused on IT infrastructure and professional services. Jason has worked in security for the last ten years, focusing on various areas of network, system, and application security, compliance, and risk management.
Alex Garbutt is a Senior Security Consultant with iSEC Partners. Alex is an experienced security consultant who regularly performs application penetration testing, code auditing, and network assessments. He also performs relevant research, most recently focusing on the RTP protocol. He authored RTPInject, a polished attack tool that injects arbitrary audio into established RTP connections. Alex has presented at both Black Hat and the iSEC Open Forum.
Before joining iSEC Partners, Alex attended the University of California, Davis, where he studied under some of the premier educators in digital security. He holds a BS with Honors in Computer Science and Engineering.
Zane Lackey is a Senior Security Consultant with iSEC Partners. His research focus includes mobile phone security, AJAX web applications, and Voice over IP (VoIP). Zane has spoken at top security conferences, including Black Hat, Toorcon, MEITSEC, YSTS, and the iSEC Open Forum. Additionally, he is a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill/Professional) and contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a Bachelor of Arts in Economics with a minor in Computer Science from the University of California, Davis.
Luis Miras is an independent security researcher. He has worked for both security product vendors and leading consulting firms. His focus includes vulnerability research, binary analysis, and hardware/software reverse engineering. In the past he has worked in digital design and embedded programming. He has presented at CanSecWest, Black Hat, CCC Congress, XCon, REcon, Defcon, and other conferences worldwide.
About the Technical Editor
Chris “Topher” Chung joined Intuit in 1997 and is a Staff Information Security Analyst on the Corporate Information Security (CIS) team. Topher conducts application security assessments for Intuit products and services. Prior to 2006, Topher was a Senior Software Engineer and Security Engineer on the Quicken for Windows and Quicken Health Care products.
Topher has a BS degree in Mathematics & Computer Science from Emory University and an MS degree in Computer Information Science from the University of Oregon, where he did graduate research in mobile/ubiquitous/wearable computing.
When not working, Topher enjoys golf, cooking, homebrewing, snowboarding, and spending time with his beautiful wife, Mary Ann, and son, Connor.