Captain Richard Bejtlich ("bate-lik") is Chief of Current Operations at the Air Force Computer Emergency Response Team, Kelly Air Force Base, Texas, and is one of two FIRST representatives from the AFCERT.  Capt Bejtlich is a 1994 graduate of the US Air Force Academy and a 1996 graduate of Harvard University.  Capt Bejtlich began working in the AFCERT in September 1998 and assumed a network intrusion detection analyst position in January 1999.  During that year he progressed from analyst, to chief of Real Time Analysis, to Crew Commander, and assumed his present position in March 2000.  His primary interest and expertise involves network intrusion detection, particularly interpreting manipulation of the TCP/IP suite for reconnaissance and exploitation.  His papers and presentations are available at http://bejtlich.home.texas.net and his email address is bejtlich@altavista.net.  Capt Bejtlich made a technical presentation at the SANS 2000 conference in March 2000 and is honored to speak at the 12th annual FIRST conference.

Scott Charney served as Chief, Computer Crime and Intellectual Property Section (CCIPS), Criminal Division, Department Of Justice, from 1991 to 1999. In this role, Mr. Charney was responsible for supervising twenty-two federal prosecutors and implementing the Justice Department's computer crime and intellectual property initiatives. Under his direction, CCIPS investigated and prosecuted national and international hacker cases, economic espionage cases, violations of the federal criminal copyright and trademark laws, and supported Internet fraud and child exploitation prosecutions. His section also provided legal advice to U.S. Attorney's Offices and federal investigative agencies; proposed and commented on legislation, represented the United States internationally, and supported the development and implementation of U.S. information technology policy. Mr. Charney also served on the Privacy Working Group of the Information Infrastructure Task Force, and the Justice Department's Privacy Council. He also assisted in the development of several Justice Department databases, including a system to better track requests submitted under the Freedom of Information Act. Prior to serving at CCIPS, Mr. Charney served as an Assistant United States Attorney, Office of the United States Attorney (D. Hawaii), and was responsible for the investigation and prosecution of complex cases involving organized crime (including Yakuza), labor racketeering, narcotics offenses, economic crimes, and public corruption. Prior to joining the federal prosecutive ranks, Mr. Charney was an Assistant District Attorney in the Office of the Bronx District Attorney (New York City), ultimately serving as Deputy Chief of the Investigations Bureau. In that position, he supervised twenty-three Assistant District Attorneys responsible for the prosecution of cases involving arson, racketeering, political corruption and economic crimes. During this time, Mr. Charney developed a prototype computer tracking system, later used throughout the city to manage criminal case tracking. Prior to serving as a Deputy Chief of Investigations, he served as a trial attorney in the Major Offense Bureau with responsibility for the prosecution of persistent violent felony offenders.

Ian Cook is a Vice President at Citigroup who works with the Corporate Information Security Office (CISO) and runs the London 'Threat Assessment Unit'. His role within CISO is to research and keep abreast of all the latest security vulnerabilities and threats and to use this knowledge to develop Secure Configuration Guides and evaluate security products for the numerous Operating Systems in use within the bank. He also tests the effectiveness of these configurations by running the London Ethical Hacking Team that tests the banks European Infrastructure.

Prior to specializing in Information Security, which he has done for the last 10 years, Ian has worked as a programmer, systems analyst, written mathematical models, run a Data Center and been a Technology Head for an Arab Bank.

Ian's interest in computing stems from building a ZX81 from a kit whilst studying for a Degree in Marine Biology. After graduating he decided to pursue a career in computing rather than become a Fish Farmer - if for no other reason that he doesn't like cold water.

Practice Concentration: Intellectual property, technology law, Internet and Web law, e-commerce, litigation, competitive intelligence law Year Joined W&S: 1998, as a Partner

Education and Honors: Creighton University, B.A. in History, 1968; Creighton Law School, J.D., 1973

Admitted to Practice: Illinois, Nebraska; U.S. Court of Appeals, Sixth and Seventh Circuits; United States Supreme Court

Relevant Professional Experience: Technology Practice: Representation of start-up, emerging growth, and mature technology companies in the structuring and negotiation of a broad range of transactions, including information technology licensing and procurement transactions; technology development agreements; electronic commerce transactions, including agreements for the development, hosting, maintenance, and marketing of electronic commerce Web sites; and other Internet-related transactions, including those for the creation and licensing of content for Web sites.

Intellectual Property Practice: Counseling companies regarding ongoing protection and litigation of intellectual property assets, including trade secrets and trademarks, software development agreements, resolution of domain name disputes, and evaluation and due diligence analyses of intellectual property assets.

As a member of the Illinois Attorney General's Commission on Electronic Commerce and Crime Committee, assisted in drafting Illinois' Digital Signature Act; at the request of the House Judiciary Committee, testified as a representative of copyright owners on a panel discussing the liability of online service providers and access providers for online copyright infringement; at the request of the Federal Communications Commission, testified as an expert on telecommunications fraud investigations and prosecutions; assisted with the British Department of Trade and Industry's formation of the British Computer Misuse Act of 1990.

Assistant U.S. Attorney, Chicago, Illinois, 1975-1991

Mark Fischer is the leader of the Secure Architecture Development practice within the Information Risk Management group at Crowe Chizek and Company. Crowe Chizek is the eighth largest accounting/consulting company in the United States with over 1300 professionals in twelve offices.

At Crowe Chizek, Mr. Fischer assists organizations increase the security and reliability of their information systems to support electronic commerce and other business-critical activities. Crowe Chizek designs and implements systems using information security technologies such as firewalls, intrusion detection systems, virtual private networks, and public key infrastructures. As important as deploying technologies, Crowe Chizek advises our clients on processes and procedures to keep their systems secure.

Mr. Fischer has over 10 years of experience designing, installing, operating and securing network systems. He is a graduate of the Rochester Institute of Technology (RIT) in Rochester, New York and is a Certified Information Systems Security Professional (CISSP). He is a member of the Computer Security Institute, Association for Computing Machinery, Institute of Electrical and Electronics Engineers, and Internet Society.

Lance Hayden is a manager with Cisco Systems' Security Consulting services. He is responsible for providing proactive network vulnerability assessments as well as reactive incident response services for Cisco's customers.

Lance served for five years with the Central Intelligence Agency as an Operations Officer before leaving government service to pursue a Masters Degree at the University of Texas, where he focused on network security. Upon completion of his degree Lance entered the private sector, working for KPMG and FedEx before accepting a position with Cisco.

Lance is interested in exploring new and innovative ways in which the often complex and technical aspects of network security can be presented to a greater audience, with more diverse expertise and background.

Lance currently lives and works in Austin, Texas.

George Kurtz is the CEO of Foundstone, Inc. George has performed hundreds of firewall, network, and eCommerce related security assessments through out his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associate Press. Additionally, he is the co-author of the widely acclaimed "Hacking Exposed - Network Security Secrets & Solutions".

Ron Moritz is senior vice president and chief technical officer at Symantec Corporation, where he leads Symantec's Core Technology group, leveraging the company's investment in research and development.

An Internet security expert with 15 years technical experience, Moritz is responsible for building on Symantec's existing research infrastructure to address the growing number of security issues facing the industry. He also will ensure consistent development processes between Symantec's Enterprise Solutions and Consumer Products divisions, maximizing core technologies between the two groups.

Moritz joins Symantec after his tenure with Finjan Software, Inc., where he served as chief technology officer and was responsible for establishing and maintaining the company's technological standards and vision. He also served in a variety of technical positions at companies including PlanSoft Corporation, Invidea Research Group Inc. and Information Access Inc. In addition, Moritz served as associate director for information technology at Case Western Reserve University, one of the nation's leading independent research institutions.

An established expert in Internet security, Moritz currently chairs the Common Content Inspection API interoperability standardization initiative for the security industry. He has published and presented numerous papers on a variety of security topics including mobile code security, web browser security, security and electronic commerce, and computer ethics and privacy. In addition, he is one of a select group of CISSPs, information systems security professionals certified by the International Information Systems Security Certification Consortium.

Moritz attended Case Western Reserve University in Cleveland where he received master's degrees in engineering and business administration and his bachelor's degree in mathematics.

Chris Prosise is the VP of Consulting at Foundstone, a network security firm specializing in security consulting and training. Chris has extensive experience in computer networking ­ specifically attack and penetration testing, incident response, and intrusion detection. A former US Air Force officer and Ernst & Young consultant, Chris has led and performed dozens of security penetrations and incident response engagements on government and Fortune 500 networks. He is an instructor for the highly acclaimed "Ultimate Hacking: Hands On" course from Foundstone. Mr. Prosise holds a BS in Electrical Engineering from Duke University and is a Certified Information Systems Security Professional (CISSP).

Paul Ramstedt is a member of the AT&T Laboratories Information Security Center (AT&T-ISC, www.isc.att.com). This group was initially called the Secure System Engineering (SSE) department before the AT&T split initiated in 1996.

Paul started at Bell Laboratories in 1984 and became interested in security immediately after the "Morris Worm" attack launched against Internet sites in early 1989. Since then, he has been involved in much security area:

• UNIXÓ System V/MLS – Multi-Level Security (MLS); a B1 evaluated version of UNIX System V.
• ComputerWatchâ ATAT – An audit trail analysis tool (ATAT) using expert system rules to parse, dissect and analysis B1 audit trails.
• ComputerWatch Trusted Gateway (CWTG) – A real-time, packet-filtering, state-full firewall built on a trusted computer base (TCB).

Marcus Ranum has been active in the UNIX networking and security community for the last 14 years, designing, developing, and deploying networking and security applications. As a consultant at Digital Equipment Corporation in 1990-1992 he designed and implemented the DEC SEAL Internet Firewall product, and managed its deployment at customer sites worldwide. At Trusted Information Systems, Inc., as senior scientist and development manager for Internet security products, Marcus designed and implemented the TIS Internet Firewall Toolkit under a grant from ARPA on behalf of the Executive Office of The President of the United States, and configured and managed whitehouse.gov for its first year of operation. The Firewall Toolkit has become the de facto standard Internet firewall software, deployed by over 3,000 sites. Over a dozen products currently on the market are based on the toolkit technology licensed from TIS. Marcus initiated and managed the implementation of the TIS Gauntlet Internet Firewall product, and acted as a senior consultant and trainer for managing reseller relationships and training reseller marketing and technical staff. Marcus is a frequent speaker at conferences, and teaches a number of technical tutorials for USENIX and SANS on diverse topics such as firewalls, UNIX internals, security policies and risk assessment, UNIX system and network performance tuning, and UNIX application design. As a consultant, Marcus has performed security audits and analysis, as well as intrusion response, for several large firms.

Today, Marcus Ranum is CEO of Network Flight Recorder, Inc., one of the leading vendors of intrusion detection and network forensics tools (http://www.nfr.net). As CEO, Marcus is responsible for business decisions as well as technological direction of the company. He still lectures at conferences regularly, and recently co-authored the "Web Site Security Sourcebook" (published by John Wiley and sons) with Avi Rubin and Dan Geer. Marcus lives in Woodbine, Maryland, with 3 cats.

Ken van Wyk is an internationally known incident response and anti-virus expert and is an active member of the computer security community. He served on the Steering Committee of the Forum of Incident Response and Security Teams (FIRST), an international organization of incident response teams. He also created and moderated VIRUS-L, the world-renowned Internet discussion group on computer viruses.

Ken was Deputy Division Manager for the Information Protection Operations and Technology Division at Science Applications International Corporation (SAIC). This SAIC division was responsible for penetration testing, open sources monitoring, and information security response. He was also one of the founders of Carnegie Mellon University's Computer Emergency Response Team (CERT).

An engineering graduate of Lehigh University, Ken has done graduate work at both Lehigh and Carnegie Mellon Universities. He is currently writing a book on incident response for O'Reilly and Associates, and is a frequently invited speaker at computer security conferences and symposia.

Dr Warren is a information systems senior lecturer at Deakin University (Department of Computing & Mathematics) (1998 +) and before that a lecturer at the Plymouth Business School, UK (1996 - 1998). He obtained his PhD in Computer Security Risk Analysis at Plymouth University, UK (1996).

He has published 50 refereed journal and conference papers. He is a member of Australian Standards Committee IT/12/4 Security Techniques and is the Australian Representative on IFIP 11 WG 11 - Security Management. He has also worked on several European Union Research projects including projects under the ADAPT, HTCA, INFOSEC and AIM schemes.