The Cybersecurity Factory
A summer program for security startups
in collaboration with Highland Capital Partners
Frank Wang
is a PhD student at MIT focusing on building secure systems. He did his undergraduate at Stanford, focusing on cryptography. He runs the MIT security seminar and is a member of the student team at Roughdraft Ventures, which provides small capital to early stage student startups. He has interned at the security teams at Google and Facebook as well as consulted for various security companies, such as Qualys.
Sean Dalton
is a partner at Highland Capital. Sean focuses on disruptive technologies in the mobile, enterprise and media markets. He represents Highland on the boards of Anova Data, CENX, ClearSky Data, ExaGrid, Infinio, QD Vision, Xometry. Previously, Sean acted as Venture Associate -- focusing on communications and electronic commerce at Fidelity Capital. Before that, he was a Product Manager for GTE (now Verizon), leading the nation's first DSL trial for Internet access. Sean holds an M.B.A. from Harvard Business School, an M.S., Electrical Engineering from University of Pennsylvania and a B.S., Electrical Engineering from University of Delaware.
Frank Catucci
is currently the Director of Web Application Security and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Scanning and Application Security duties, Frank also conducts security research, freelance penetration testing, and often speaks at information security conferences and events such as BSides, OWASP, ISSA, etc.
Maxwell Krohn
was the CTO and co-founder of TheSpark.com, SparkNotes.com and OkCupid.com. He earned a PhD in Computer Science from MIT in 2008 with a focus on operating sytems and security. Most recently, he cofounded Keybase.io, a new company that makes cryptography more practical, through better U/X, and workable key distribution. He spends his days designing and programming security protocols in New York City.
David Ting
was the co-founder and Chief Technology Officer at Imprivata where he directs all System Architecture and Research and Discover initiatives. He is a global expert in healthcare IT security, whose work in authentication and identity management have earned him a reputation for enabling "invisible" security. David has more than twenty years of experience in developing advanced imaging software and systems for high security, high-availability systems. Prior to founding Imprivata, he developed fingerprint and facial biometric applications for government programs and web-based applications for secure document exchange. At Eastman Kodak, David managed an engineering group that developed the software platform used in most of Kodak's digital photography products including Photo CD print applications. David also managed Atex System's Imaging Department, where he was responsible for the first full color output system used in the newspaper industry. He has been involved in a number of start-up ventures and was a member of the scientific staff at the BNR/INRS Labs in Montreal, a collaborative research institution jointly operated by Bell-Northern Research, McGill University and University of Quebec. David holds fourteen patents with several pending. He frequently speaks and publishes on issues relating to identity management, biometrics, secure clinical communications and healthcare IT security.
Justin Somaini
is the Chief Security Officer at SAP and was the Chief Trust Officer at Box, Inc. With more than 15 years of information security experience, Somaini is seen as a leader in the industry who promotes an evolution of the security and risk management models. Through his public speaking and industry involvement he has given extensive talks and interviews on the threat landscape, public policy, security management and risk management. Prior to Box, Mr. Somaini created and held the role of Chief Information Security Officer (CISO) at Yahoo!, driving security planning and operations for the company, which serves more than 700 million consumers worldwide. Prior to Yahoo!, he was CISO of Symantec. He developed the company's Information Security Enterprise Risk Management process, worked cross-functionally to manage critical incidents to resolution and drove implementation of controls for both a significant threat environment and regulatory needs. In addition to his roles at Yahoo! and Symantec, Mr. Somaini was Director of Information Security at Verisign and an advisor to Qualys, Palo Alto Networks, Sentinel Labs, SourceClear, Solve Media and others. He received a Bachelor's of Science degree in Management Information Systems from Drexel University.
Jay Kaplan
is the CEO and co-founder of Synack. Prior to Synack, Jay served in several security-related capacities at the Department of Defense, including the DoD's Incident Response and Red Team. Most recently, Jay was a Senior Cyber Analyst at the National Security Agency (NSA), where his focus was supporting counterterrorism-related intelligence operations. In 2015, Jay was selected as one of Forbes 30 Under 30 in Enterprise Technology. Jay graduated with a BS and MS in Computer Science from George Washington University, studying under a DoD/NSA-sponsored fellowship.
Harold Moss
is the Sr Director of Strategy for the Akamai Security division, the leading provider of cloud services for delivering, optimizing and securing online content and business applications. Harold joined Akamai earlier this year, and leads the definition of Akamai's overall security strategy and business development efforts, including advising on enterprise related security requirements and capabilities, expanding overall security revenues for Akamai, and participating in broader strategic initiatives. Prior to joining Akamai, Harold was responsible for security strategy and emerging technology for EMC's Global security office. In that role he evaluated technologies necessary for the sustainability and protection of EMC corporation as well as participated in numerous IT leadership exercises for the broader EMC corporation, including providing advise and insights to EMC divisions and federation partners. Harold has held numerous security roles through out his career including that of Strategist, Big Data analyst and CTO for IBM corporation, as well as leading engineering and quality teams at numerous smaller organizations.
Jeremy Segal
is Vice President of Corporate Development at LogMeIn. He was VP of Corporate Development at Akamai, the leading provider of cloud services for delivering, optimizing and securing online content and business applications. Prior to joining Akamai, Jeremy was a consultant at PriceWaterhouseCoopers in their mergers and acquisitions and corporate value consulting practices. Jeremy sits on the Board of Advisors for Point Judith Capital. Jeremy holds a Bachelor's degree in Government and Economics from Bowdoin College and an M.B.A. from Cornell University's Johnson School.
Mary Ellen Zurko (Mez)
has made a career of encompassing both security research and product development. She is a member of the Office of the CTO, Security Business Group, at Cisco Systems, and a Principal Engineer on the Next Generation Firewall team. She leads the Cisco security patent committee and holds 30 granted patents. Prior to Cisco, she was the Security Architect for one of IBM's first cloud offerings, SaaS collaboration for business. She has been involved in the technical side of acquisitions at both Cisco and IBM, and successfully transitioned security research into product. She was named a Woman To Watch by Mass High Tech. She started her security career at DEC working on a high assurance A1 Virtual Machine Monitor, and defined the field of User-Centered Security while working as a Senior Research Fellow at The Open Group Research Institute. Mez is a founding member of the National Academies of Sciences Forum on Cyber Resilience. She is General Chair Elect of the Symposium on Usable Privacy and Security, and on the steering committee of New Security Paradigms Workshop. She has published research on security and the web, public key infrastructures, distributed authorization, active content security, and user-centered security. Mez received M.S. and B.S. degrees in computer science from MIT.
Raphael (Rafi) Yahalom
is an Affiliated Researcher at MIT Sloan School of Management, focusing on Cyber-Security and Data Management. He co-founded Onaro, an enterprise data-storage management software company that was acquired by Netapp for $125 Million, with a 10x return to its VCs. Rafi received his PhD in Computer Science at Cambridge University, and BSc in EECS at the Technion- Israel Institute of Technology. Rafi served in the Israeli Navy and in the Israeli Air-Force and played Basketball in Israel semi-professional premier league, in Cambridge University Varsity Basketball team, and was selected to the British Universities All-Star Basketball team.
Chris Poulin
brings a balance of technical skills and entrepreneurship encompassing 30 years in information security and software development to his role as Research Strategist for IBM's X-Force Research & Development team. Chris is responsible for researching and analyzing security trends as they relate to cybercrime, cyberwarfare, corporate espionage, hacktivism, and emerging threats, with a special focus on security for the Internet of Things (IoT), especially connected vehicles. Chris joins IBM through the Q1 Labs acquisition, where he served as CSO. He started his security career in the U.S. Air Force managing global intelligence networks and developing software. Chris left the Department of Defense to leverage his leadership and technical skills to found and build FireTower, Inc., a successful information security consulting firm serving many Fortune 100 clients.
Corey Thomas
is President and CEO of Rapid7 and also a member of the Rapid7 board of directors. He has more than 15 years of experience in leading companies to the next stage of growth and innovation. His previous positions include VP of Marketing at Parallels, Inc., a virtualization technology company, Group Project Manager of the Microsoft Server and Tools division, launching the worldwide availability of SQL Server 2005 and steering product planning for Microsoft’s data platform, and a consultant at Deloitte Consulting. Corey received a B.E. in electrical engineering and computer science from Vanderbilt University and a MBA from Harvard Business School.
Chris Wysopal
is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
Lee Weiner
is the Chief Product Officer at Rapid7. He brings a wealth of security and product leadership experience to Rapid7, where he is responsible for leading the direction and delivery of Rapid7's entire product portfolio. Before becoming SVP of Products & Engineering he was VP of Products at LogMeIn, Inc., a provider of cloud-based remote connectivity solutions. He has also held leadership roles at several software security firms, including Netegrity, Inc., IMlogic, Inc., and Symantec Corporation. Lee received a B.A. from the University of Massachusetts.
Harry Sverdlove
has been building and leading technology solutions for 25 years. He is founder and CTO of a new cyber security startup, Edgewise Networks, focused on operationizing security insights for IT professionals. Prior to founding Edgewise, Sverdlove was CTO for Carbon Black (formerly Bit9) where he led their technical and strategic vision, and helped grow the company from 40 to over 600 employees. He was principal research scientist for McAfee, Inc., responsible for the architecture of their web safety rating engine. He joined McAfee through its 2006 acquisition of SiteAdvisor, where he was Chief Scientist. Sverdlove is frequently quoted in leading media outlets including The Wall Street Journal, The New York Times, CNN, CNBC and many trade and vertical market publications as an expert on cyber security. He is also a regular speaker at industry events and conferences. Sverdlove earned a bachelor's degree in electrical engineering from the Massachusetts Institute of Technology.
Steve Surdu
is the Principal of Surdu Consulting. He has assisted clients in a variety of computer security and general management areas. From 2007 until 2014 Steve was the Vice President of Professional Services at Mandiant. At Mandiant, Steve oversaw all aspects of Mandiant's consulting organization - including sales, business development, service delivery, research, recruitment, personnel development, process improvement and financial management. During his time at Mandiant his group conducted nearly 350 investigations while working for more than 30% of the Fortune 100. Steve has more than thirty years of experience in information technology consulting at Accenture, Cerner Corporation, BBN Technologies, Foundstone and Mandiant. He has worked with clients in many industries including financial services, high technology, healthcare, regulated industry, manufacturing, hospitality, energy, state/federal government, and retail.
Katie Curtin
is a Lead Product Marketing Manager for Internet of Things (IoT) Security at AT&T. She has helped lead the AT&T cybersecurity business and is responsible for the development and management of its IoT security capabilities, which includes Machine-to-Machine (M2M) and emerging connected technologies. Katie is a seasoned sales and marketing leader with experience in mobility and cybersecurity. She holds a degree in Marketing from the University of Notre Dame and currently resides in Dallas, TX.
Kevin O'Brien
is GreatHorn's CEO and Co-Founder. With a background in the cybersecurity industry that began in the late 1990s with the seminal security firm @stake (now Symantec), his expertise has helped GreatHorn become the market leader in the cloud communication security space. Prior to founding GreatHorn, Kevin held multiple senior executive roles in Boston-area startups. He is a frequent speaker, commentator, and author within the security industry, and has appeared both regionally and nationally to discuss data security and privacy issues. He holds a BA from the University of Massachusetts in Philosophy. Outside of the office, he holds a black belt in the martial art of Aikido, and is both an amateur carpenter and cabinetmaker.
Ed Moyle
is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 20 years in information security, Ed has held numerous positions including: Senior Manager with CTG's global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as author, public speaker, and analyst.
Diana Kelley
is Field CTO for Microsoft Cybersecurity. She was the Global Executive Security Advisor to IBM Security and manage the IBM Security Newsroom. As Global ESA, she leverages my 25+ years of cyber risk and security experience to provide advice and guidance to CISOs and security professionals. She is a regular contributor to SecurityIntelligence, X-Force Research and a co-author of IBM's "Securing the C-Suite" study. She is also a faculty member with IANS Research and serve on the Advisory Board for InfoSec World, Structure Security and the Content Committee for the Executive Women's Forum. She was an IEEE "Rock Star of Risk" in 2016 and speak frequently at major conferences including: TED, RSA, CyberTech, CompuTex, and InfoSec World. She has been quoted as a cybersecurity expert in many publications including: NYTimes, TIME, MSNBC.com, Fortune, Information Security Magazine and The Wall Street Journal. Along with Ed Moyle, she co-authored the book Cryptographic Libraries for Developers, and wrote the chapter on "PKI and Directories" for the PKI: Wiley Tech Brief. In 2016, she was a guest lecturer at Boston College's Master of Science in Cybersecurity program.
Yonatan Striem-Amit
is the CTO and co-founder of Cybereason. He is a machine learning, big data analytics and visualization technology expert, with over a decade of experience applying analytics to security in the Israeli Defense Forces and Israeli Governmental Agencies. Prior to founding Cybereason, Mr. Striem-Amit headed the development for Watchdox, a leading DRM and SaaS security startup.
Ron Hale
is a researcher, business leader, risk manager and information security / cybersecurity practitioner and consultant with decades of experience helping practitioners and enterprises to protect information and information systems. He brings the perspective that security needs to be integrated into the business as part of a systemic design. Ron has worked with leading enterprises to help them understand security requirements and to build solutions which enable the business by integrating security technology and programs as part of a holistic solution. Ron currently is the chief scientist at Cooraclare Institute, and was the Chief Knowledge Officer for ISACA, a global professional association serving the needs of risk management professionals in IS Audit and Assurance, Enterprise Risk Management, Information Security Management and the Governance of Enterprise Information and Information Technology. He has been recognized as a thought leader in Governance by the National Association of Corporate Directors and is a subject expert participating in standards development as part of ISO SC27. Ron has a master's degree in Criminal Justice from the University of Illinois and a doctorate in Public Policy and Administration from Walden University.
Benjamin Warsinske
has worked with clients around the world, from conceptualizing resort residential communities in the Middle East to engaging in highly strategic studies with the United States Air Force across the Pacific Theater. He is a recognized thought leader in brand strategy and is a frequent contributor to a number of publications, including the Huffington Post and HustleTime Magazine. Mr. Warsinske is the author of GroundWork, a new book that provides a simple framework to develop a foundation for an unshakable brand. As founder and CEO of BrandedWorld.co, he and his team work with clients to build unshakable brands and deliver exceptional brand experiences.
Michael Coates
is the Chief Information Security Officer at Twitter. He leads Twitter's security program across all elements of information security. Coates is also the former chairman and a current member of the global board of directors for OWASP, the largest open source application security community. Michael has been a leader in the security industry for over a decade where he focuses on building risk and security programs for technology companies such as Twitter, Mozilla, financial institutions and government. Michael was featured as one of SC Magazine's Influential IT security minds and is a strategic advisor for several startups.
Joel Quejada
is a technology professional with 25 years of extensive experience in the mobility and telecommunications industries, working with world leaders in mobility and telecommunications services. Currently, Joel is responsible for cybersecurity innovation at a global leader in media and telecommunications, working with the security industry and the startup community to find truly innovative partners and help bring their solutions to market. Joel acts as a liaison between the security product development team and innovation centers to help ensure the most innovative products are brought to market as quickly as possible. Joel is frequently engaged as an innovation and technology subject matter expert conferences, meet ups, industry events, and investor relations and media tours. Joel is also a regular mentor at local hackathons as well as the local chapter of the Young Entrepreneurs Academy.
Sam Curry
is the Chief Product Officer and Chief Security Officer at Cybereason. He is an IT security visionary with over 25 years of IT security industry experience. Sam served as Chief Technology and Security Officer at Arbor Networks, where he was responsible for the development and implementation of Arbor's technology, security and innovation roadmap. Previously, he spent more than seven years at RSA (the Security Division of EMC) in a variety of senior management positions, including Chief Strategy Officer, Chief Technologist and Senior Vice President of Product Management and Product Marketing. Sam has also held senior roles at Microstrategy, Computer Associates, and McAfee and has led 2 startups in addition to 24 patents (to date) and sitting on the boards of Sequitur Labs, Inc and the Coalition for Cybersecurity Policy and Law.
Ellen Dulberger
had responsibility for designing and implementing IBM's Enterprise Risk Management program from 2006 until her retirement in 2012. From the beginning, the effort engaged the senior executive team to focus on strategic and operational risk and across all dimensions of the management matrix. Ellen's background in business strategy development and economic analysis and measurement contributed to her business insight and to developing methodologies to analyzing risk and measuring risk management effectiveness. Over the preceding decade of her career, Ellen held several strategy development roles. Drawing on her economics background, Ellen was well suited to developing insights into the big picture, and using her abilities to see the forest for the trees, helped the company identify and pursue non-traditional opportunities and with non-traditional approaches. One example was called at the time, "Intelligent Infrastructure" which evolved along one branch into Cloud Computing.
Anthony Bettini
has over 20 years of experience in cybersecurity and advises managers of high growth cybersecurity software companies. At Tenable, makers of Nessus, he is head of the Research team, responsible for detecting vulnerabilities and exposures on modern assets (IT, OT, IoT, cloud, containers, etc.). Anthony was the founding CEO of mobile security startup Appthority (named Most Innovative Company of the Year at RSA Conference 2012) and container security startup FlawCheck (acquired by Tenable in 2016). Anthony previously built security products and led security research teams at Intel, McAfee (acquired by Intel), Foundstone (acquired by McAfee), Guardent (acquired by VeriSign), Bindview (acquired by Symantec), and Netect (acquired by Bindview).
Gene Fay
is General Manager of IBM Resilient, which he joined as VP of Sales and Technical Services in 2013. Prior to joining IBM Resilient, Gene founded FVF Partners, a firm that helped CEOs and senior managers at early-stage high-tech companies to refine their sales and marketing strategies to boost revenue. Before starting FVF Partners, Gene was president of Nine Technology, an online backup and recovery developer, with responsibilities spanning sales, marketing, business development, and partner relationships. Gene also served as VP of worldwide sales and global alliances for the security information and event management business unit of RSA, the security division of EMC.
Scott Behrens
is a senior application security engineer for Netflix. Prior to Netflix Scott worked as a senior security consultant at Neohapsis (Cisco) and an adjunct professor at DePaul University. Scott's expertise lies in both building and breaking for application security at scale. As an avid coder and researcher, he has contributed to and released a number of open source tools for both attack and defense. Scott has presented security research at DEF CON , DerbyCon, OWASP AppSec USA, Shmoocon, Shakacon, SOURCE Boston, Security B-sides Chicago, and others.
Christina Richmond
is a Program Vice President for IDC's Security Services research practice. In this role, she is responsible for IDC's worldwide research and analysis on enterprise and service provider security consulting and integration services. She provides insightful market analysis and actionable recommendations to clients worldwide. Ms. Richmond is responsible for identifying trends and analyzing strategies that are key to the success of the security-focused IT suppliers, global system integrators, and service providers. In this role, she analyzes key issues faced by these suppliers examining their services strategies, ecosystems, strategic alliances, and partnering strategies in this complex and fast moving market segment.
Prior to her role with the Infrastructure Security Services team, Ms. Richmond covered Channels and Alliances for IDC. Ms Richmond came to IDC from StorageTek in Louisville, CO where she ran Channel Marketing Communications. Ms. Richmond worked with a variety of hardware, software and service resellers discussing channel marketing and communication strategies, best channel practices and solution provider ecosystem dynamics.
Ms. Richmond holds a Bachelors Degree from Bryn Mawr College and lives in Louisville, Colorado with her husband and son.
John Viega
is the CEO and founder of Capsule8. He is an expert in building defensive systems to protect against exploitation of previously unknown vulnerabilities and building successful companies to bring those systems to market. Most recently, John was EVP of cloud security provider SilverSky, successfully transforming them from a managed services provider to an innovative cloud security company. Following the successful acquisition of SilverSky by BAE Systems, John went on to serve as EVP of Product, where he also had responsibility for a portfolio of analytics products that spanned financial crime and security. Prior to SilverSky, John was SaaS CTO at McAfee. John is an award-winning author with a half dozen books to his name, including “Building Secure Software” (the first book for software engineers on how to build secure programs) and “Network Security with OpenSSL.” He also co-designed the GCM encryption mode, which is used for more than 70% of encrypted web traffic.
Chris Lord
is CTO and Co-Founder of Armored Things where he leads efforts to build an AI platform for physical security and operations to make smarter, faster and safer decisions. He was previously Head of R&D and Chief Architect at Carbon Black, where he helped pioneer new approaches to cybersecurity; and is the founder of Latch Mobile, a cybersecurity company that protects children from risks online (and MassChallenge 2017 finalist).
Chris has been active in the field of cybersecurity since 2000 when he worked with the survivable systems group at US-CERT. He is passionate about decentralized and emergent systems, and has had the good fortune to work with many great teams solving interesting problems in large scale distributed systems.
He earned a Master's degree in Electrical and Computer Engineering from Carnegie Mellon University, and a Bachelor's degree in Computer Science from Fitchburg State University.
Jean Yang is an assistant professor in computer science at Carnegie Mellon University. She was one of the founders of Cybersecurity Factory. Jean creates programming languages and tools that make it easier for people to write the programs they intend to write. During her PhD she created a language, Jeeves, that automatically enforces information flow policies for security and privacy. She graduated with a degree in Computer Science from Harvard University in 2008 and has interned at Google, Facebook, and Microsoft Research. She won Best Paper Award at the Programming Language Design and Implementation conference in 2009 for her paper "Safe to the Last Instruction: Automated Verification of a Type-Safe Operating System."
Sponsors
Sustaining
Gold
Corporate Partners
