Advisory Board
Strategic Advisory Board
Jim Reavis
President of the Advisory BoardJim Reavis helps direct corporate strategy and acts as the external liaison to the information security industry. He has been involved in the security industry for over two decades as an entrepreneur, writer, speaker, technologist, and business strategist. Reavis currently is the president of Reavis Consulting Group, LLC and is the editor of the Risk Bloggers website. His consulting firm offers research and advisory services to help organizations identify and capitalize on trends in the information security industry.
Reavis was an international board member of the ISSA and served as the Executive Director. He also co-founded the Alliance for Enterprise Security Risk Management, a partnership between the ISSA, ISACA, and ASIS, which was created to address the enterprise risk issues associated with the convergence of logical and traditional security. He founded SecurityPortal in 1998 and has worked with hundreds of corporations on their information security strategy and technology roadmap.
Reavis enjoys snowboarding, hiking, and cycling. He received a Bachelor of Arts in Business Administration and Computer Science from Western Washington University.
Steve Wozniak
A Silicon Valley icon and philanthropist for the past three decades, Steve Wozniak helped shape the computing industry with his design of Apple's first line of products the Apple I and II, and influenced the popular Macintosh. For his achievements at Apple Computer, Wozniak was awarded the National Medal of Technology by the President of the United States in 1985, the highest honor bestowed upon America's leading innovators.
In 2000, Wozniak was inducted into the Inventors Hall of Fame and was awarded the prestigious Heinz Award for Technology, The Economy and Employment for single-handedly designing the first personal computer and for then redirecting his lifelong passion for mathematics and electronics toward lighting the fires of excitement for education in grade school students and their teachers.
Wozniak holds Bachelor of Science degrees in Electrical Engineering and Computer Science from the University of California, Berkeley.
Gunter Ollmann
Gunter Ollmann has a long-held passion for threat research and currently serves as Vice President of Research at Damballa, where he is focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Prior to joining Damballa, he held the role of Chief Security Strategist at IBM, was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, and was the key IBM spokesperson on evolving threats and mitigation techniques. Ollmann also served as the Director of X-Force at Internet Security Systems where he was responsible for the company's R&D advancements and the development of security technologies in the field of vulnerability scanning, intrusion prevention, web application protection, and malware detection.
Over the years, Ollmann has been responsible for leading the development of new security consulting and penetration testing methodologies. Leading specialist consulting teams throughout Europe, the Middle East, and Africa, he headed ISS' X-Force consulting services in EMEA and served as Director of Professional Services at NGS Software, a vulnerability research and attack-based consulting firm. Ollmann has been a contributor to multiple leading international IT and security-focused magazines and journals, and has authored and delivered a number of highly technical courses on Web application security and penetration testing. He is a well-known industry speaker worldwide and is frequently invited to present at international security conferences. Ollmann is also highly regarded in the press as an expert source on security threats and is a frequently quoted by the international media.
Ollmann holds a post graduate degree in Atmospheric Physics from the University of Auckland, New Zealand, along with degrees in Applied Physics and Mathematics. He is a keen meteorologist, which appears to have armed him with many of the necessary skills for predicting the evolution of new security threats.
Technical Advisory Board
Jason Larsen
Jason Larsen served as a Principal Security Consultant at IOActive, where he drove its Industrial Control Systems practice, bringing his years of experience as Chief Security Architect for the Department of the Energy's SCADA test bed. Larsen specializes in vulnerability assessments and architectural reviews of many Control Systems Technologies, and is renowned for his ability to assist clients with securing their Critical Infrastructure by using innovative methods to detect weakness and anticipate exploits through design review, threat modeling, and in-depth technical audits.
Larsen is an avid participant in the open security community with his contributions including the creation of a penetration toolkit, a Shellcode Compression tool, Hogwash, Snort, and SPUD. Larsen is expert with a wide range of operating systems including Windows, Linux, Unix, Tru64, Solaris, and embedded systems. Larsen is a regular presenter at security conferences including BlackHat Federal, e-Sec West, RSA Con, SANS Orlando, and MS-IAC.
Larsen received a Bachelor of Computer Information Systems from Idaho State University, where he attended with scholarships from the National Security Agency and the US Department of Energy.
Ward Spangenberg
Ward Spangenberg is the Director of Security Operations at Zynga, a company devoted to connecting the world through games. As an IOActive technical advisor he uses his knowledge of system and network penetration, web application analysis, and security auditing to suggest how we can continue to provide clients with the necessary tools to meet both Federal and Industry compliancy requirements. Mr. Spangenberg has experience in the government, telecommunications, software, and financial services industries.
Mr. Spangenberg's familiarity with NIST 800 guidelines, COBIT, ISO 17799, and HIPAA requirements makes him an asset to organizations seeking compliance with industry and government regulations. His broad background with security solutions enables him to determine best practices for managing confidentiality, security, and privacy issues from both a business perspective (such as process development, informed consent, and data statistics collection) and a technical perspective (host and perimeter security, access control and monitoring).
