Defcon Security Jam III: Now in 3-D?

Presented at DEF CON 18 (2010), July 31, 2010, 7 p.m. (110 minutes)

They say third time is the charm. Some of the biggest mouths in Information Security are back again and once again, we will show you all new of security FAIL. Our panelists will demonstrate innovative hacking techniques in naked routing, web application (in)security, and wireless goats. After taking a sabatical year, we are also proud to announce that Chris "Squirrel" Hoff will be keeping the rest of us honest with his real-time snarkage. Speaking of real time, moderator David Mortman will be making waffles (and maybe pizzelles) on stage as rewards for best comments, questions and shared fail.


  • Larry Pesce -
    Larry Pesce is the Manager for Information Services Security, Disaster Recovery at a mid-sized healthcare organization in New England. Larry is also gainfully employed as a Penetration Tester / Ethical Hacker with PaulDotCom Enterprises, and leads the research efforts in many areas, including projects such as "Evil" USB thumb drives, hiding rogue access points, and tinkering with wireless, RFID, Cellular SIM cards and metadata. Larry co-authored "Linksys WRT54G Ultimate Hacking" and was a contributing author to "How to Cheat at Configuring Open Source Security Tools" and "Wireshark and Ethereal" from Syngress Publishing. In addition to his industry experience, Larry is also a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at
  • David Maynor - Errata   as Dave Maynor
    Dave Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.
  • Robert David Graham - Erratta   as Rob Graham
  • Chris Hoff - Director of Cloud & Virtualization Solutions, Cisco Systems, Inc.
    Chris Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud. Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco, he was Unisys Corporation's Systems & Technology Division's Chief Security Architect. Additionally, he served as Crossbeam Systems' Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005.
  • Rich Mogull - Securosis
    Rich Mogull as twenty years experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered). Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was a bouncer at the age of 19, weighing about 135 lbs (wet). Rich has worked or volunteered as a paramedic, firefighter, and ski patroller at a major resort (on a snowboard); and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf. Rich can be reached at rmogull (at) securosis (dot) com.
  • David Mortman - Director, Operations and Security - C3, LLCr
    David Mortman runs Operations and Security for C3, LLC. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007-2009, InfoSecurity 2003, Blackhat 2004-2009, Defcon 2005-2009 and Information Security Decisions 2007 and 2008 as well. Mr. Mortman sits on a variety of advisory boards including Qualys, Applied Identity and Reflective amongst others. He holds a BS in Chemistry from the University of Chicago.
  • Panel