Back in January 2001, ISECOM (the Institute for Security and Open Methodologies) began with the release of the OSSTMM, the Open Source Security Testing Methodology Manual. It was a move to improve how security was tested and implemented. Many researchers from various fields contributed because they saw the need for an open method, one that was bound towards truth and not commercial gain or political agendas. This is also true for all of the research areas covered by ISECOM projects. And it's not enough to just find the facts, we need to find ways to apply it to the world we live in. So it needs to be a security philosophy and it needs to make sense. And that's what ISECOM does every day for millions of people around the world. From governments to businesses to schools to just regular people, we help to make sense of security.
ISECOM is an open community and a non-profit organization officially registered in Catalonia, Spain. ISECOM maintains offices in Barcelona, Spain and in New York, USA. Financing for ISECOM is provided through partnerships, subscriptions, certifications, licensing, seminars, and private research endowments.
BOARD OF DIRECTORS
Pete is the co-founder of ISECOM and as Managing Director is directly involved in all ISECOM projects. In 2000, Pete created the OSSTMM for security testing and analysis. He is still the lead developer of the OSSTMM but has also leads the organization into new research challenges like Smarter Safer Better, the Bad People Project, and the Home Security Methodology. Pete's strong interest in the properties of trust and how it affects us and our lives has led to trust metrics and has brought ISECOM more deeply into Human Security. In addition to managing ISECOM, Pete taught the Masters for Security at La Salle University in Barcelona which accredits the OPST and OPSA training courses and Business Information Security in the MBA program from ESADE which is the foundation of the OPSA. In addition to security, Pete is an avid Maker, Hacker, and reader.
Marta is the co-founder of ISECOM and is responsible for ISECOM business operations. She maintains the media presence of all ISECOM projects, provides technical server administration for the websites and runs ISECOM's advertising campaigns. She attended Mannheim University of Applied Sciences in Germany and graduated with a Masters in Computer Science. In addition to running ISECOM, Marta has a strong passion for the arts, especially photography and graphic design, and her first degree is in music from Conservatori del Liceu in Barcelona. Marta had worked in mainstream IT corporations before settling down with ISECOM.
Bob Monroe grew up in Southern California before he joined the U.S. Army in 1985. One of Bob's first military assignments introduced him to the world of hacking. His prankster ways ended abruptly in 1996 when he was almost caught hacking by an eighty-two year old librarian. This incident led to a renewed interest in cyber security, as a good guy. Since then, he has written several articles for publication and maintains a passion for digital security. Bob holds a Master of Science in Information Assurance from Norwich University.
Bob's specialty is public teaching and security awareness training. Along with work for the U.S. Army, he has provided security classes for the Veterans Administration, Military District of Washington, Commandant of the Marine Corp and staff, as well as countless others across the world. He holds a U.S. Patent for airport security automation technology that combines radar and thermal imaging to protect aircraft movement areas and the surrounding airspace.
Bob works with ISECOM as an editor and writer. He also works as an editor/writer and English interpreter for Hackin9 and Eforensic Magazines. Both publications are produced in Europe with an international clientele.
In his spare time, Bob makes children's toys in his small woodshop. He still has all eight fingers, too.
Kim started tinkering with computers on an Apple II, where she discovered that if she coded in machine language she could sneak additional programming instructions into memory addresses that the Apple OS had reserved, but wasn't actually using. From there she has made a career out of programming computers with a focus on management of accurate, secure data warehouses. Today, she is Director of a global Data Management department, but she still does her own programming and still explores with what's "beyond the obvious" in her spare time.
Jaume Abella (Barcelona, 1970) is Electronic Engineer (La Salle, URL). He is Head of the Networking Section and Associate Professor in the field of Networking at La Salle Engineering School of the Ramon Llull University (URL), where he teaches Communication Networks, CCNA and CCNP certifications within the Networking Academy Program of CISCO Systems, and directs La Salle-URL's Master in Security. His research interests are security systems in computer networks and their improvement through artificial intelligence techniques, working within URL's research group of Intelligent Systems.
Robert E. Lee got his start into computers at an early age with his first computer being a VAX 11/780 running BSD UNIX. After entering the professional work force in 1992 he has built his career as a Business Survivability consultant with a focus on Security, High Availability, and Disaster Recovery. In 2003, Robert founded Dyad Security, Inc. in Newport Beach, CA. In 2006 he sold Dyad to Swedish based Outpost24 AB and now serves as their Chief Security Officer.
Robert is a regular face at security conferences world-wide and is always up for friendly engaging conversation. If you happen to bump into him at an upcoming show, be sure to say hi.
Nicolas Mayencourt has 20 years of professional experience in Information Technology and 15 years in Information Security Practice. He is an experienced and recognised practitioner, with a comprehensive knowledge of Information Security both technically as well as business-orientated. He is the founder and CEO of Dreamlab Technologies Ltd, a Switzerland-based company specializing in Open Standard IT. As senior consultant Nicolas Mayencourt has played a variety of security-related roles, including Technical Direction of Corporate Security Management and Controlling Frameworks, Supervision of Security Competence Centers of Major International Companies as well as Coaching of SOX and BS7799 Compliance Projects. Within ISECOM he is responsible for Business Development and Academic Alliances. He launched the OPST and OPSA courses at Universities in Switzerland and regularly promotes the OSSTMM at Major European Security Conferences.
Raoul "Nobody" Chiesa
Founder and President of Security Brokers ScPA, a global think-tank and top security consulting firm.
Raoul Chiesa hangs out with IT security since 1986, being for more than a decade one of the most worldwide-known hackers on the X.25 and IP networks. Nobody describes himself now as an ethical hacker and he seriously works for the promotion of the genuine hacker's philosophy and the Open Source visions, helping with his knowledge in the development of security solutions and culture - both on the public and the private sector - worried for the national's and european infrastructures security flaws and exposures; back in 2002 Raoul brought the OSSTMM Professional Certifications to Italy, being the first private partner to believe in ISECOM's views. Raoul belongs to the Executive Board of CLUSIT (Italian Security Association) for the 2001-2002 and 2003-2004 terms, and he's a referral member of the Telecom Security Task Force); he certified as OPST and OPSA trainer in December 2002. His contributions to the OSSTMM especially refers to the Communications section.
Richard has been working in the computer industry since 1989 where he started as a programmer writing business applications in Clipper, building the Novell ARCnet networks and the XT / 286 pc’s to run the applications and anything else that was needed. Over the ensuing 20+ years he continued to ‘learn’ about technology across ‘specialisms’ and now generally found performing a senior role in Architecture/Design or Security. In his spare time he continues to play ( arduino, Raspberry Pi, IoT, security visualisation, C#, python ) , read and share his knowledge.
He has, like many, held/completed various vendor certifications (CISSP, Prince2 Prac. , MCSE, CCNA, SCNA, FCNSA, dah di dah...) . He certified as an OPST and OPSA trainer in 2003 and has been involved in development of OSSTMM and the related training courses.
Richard is always available for conversation and can be found at the keyboard if he isn't emmersed in 'another' book or out trying to kill himself in his latest outdoor activity (although he is slowing down as he get older).
Christoph is the founder and CEO of OneConsult GmbH, a Swiss-based, internationally operating, vendor-independent IT security consulting firm. OneConsult specializes in technical and organizational security audits, as well as strategic consulting, providing services for clients in all kinds of sectors. Christoph holds a Master's degree in Information Technology & Business Administration (University of Zurich) and is an OPST. He has been working as a security and strategy consultant since 1996 and has been applying and promoting the OSSTMM from 2002 onwards. Christoph is author of numerous articles in the specialist media and regularly delivers speeches at major IT security conferences. Based on OneConsult's wealth of experience with over 250 OSSTMM-compliant audits, he is a valuable contributor to the methodology from a practical and commercial perspective.
Heiko Rudolph founded adMERITia in 2004 and serves as the CEO of the information security consulting company located in Langenfeld, Germany between Cologne and Duesseldorf. The vendor-independent company operates internationally in the field of technical, organizational and legal information security audits and consulting. adMERITia is specialized in KPI-based security measurement.
Working in the IT-business since 1996, Heiko has a strong focus on security management, business alignment, BCM, risk analysis and organizational information security. He has promoted the OSSTMM since 2006 through various articles and presentations at major German security conferences.
I live in Indiana, USA. I have certifications for CISSP and CNDA. I have been in IT for 13 years and ITSEC professionally 5 years with much dabbling in the past. Currently working in a Government subcontractor environment as a Sr Security Analyst. While always trying to stay on top of all aspects of Information Security, lately I have been trying to learn more in Web Application Security. Im also considering going to college for a BS in INFOSEC.
Chuck Truett is a writer and editor with a particular interest in non-linear, self-reflexive metafiction. In the past he has written for audiences ranging from children to role-playing gamers. His work with ISECOM frequently involves attempting to turn text that he himself doesn't understand into text that everyone can understand. His preferred word processor is WordPerfect.
Started working and developing Free Software in 1996, focusing in large internet systems, high availability clusters and network security. Worked for Sainsel (Abengoa), Silicon Computer International and Octek Computer Spain, and joined CASSFA as CTO in 2004 where he developed Guadalinex Edu 2.0 and collaborated Hewlett- Packard in adapting its line of desktops to Debian and Guadalinex platforms for use in the Government of Andalusia.
In 2009 he joined as CTO at Price -Roch Ltd., where he managed development projects for Guadalinex V7, Migration of Public Administrations to Open Source platforms in Andalusia, Development AR3D systems while continuing working on security consultancy (He really needs it!)
Currently he works as Security Consultant for Outpost24. When he's not hacking, he prefers to visit as many places as he can, meet new friends and enjoy life as much as possible.
Manager of the OPRP
Dru Lavigne entered the networking world in 1996 and soon discovered the joy of protocols, encapsulations, RFCs and penetration testing utilities. She now spends her working hours developing security curriculum and providing instruction in all manner of networking, routing, and security technologies. The rest of her time is spent experimenting with her network of FreeBSD systems. www.onlamp.com/pub/ct/15
Manager of the BIT
Jeremy Wilde has been working in information technology for over 12 years holding senior positions in large, medium and start-up software and service organizations.
A specialist in operational risk, business process and change management , a CISSP and professional member of the British Computer Society he brings a wide range of experience and general knowledge to the consulting table not least his enthusiasm for Beethoven and Cricket which may have only tangental application to a technology problem but are always, so he says, worth talking about.
Born in 1975, expert in computer intrusion & defense techniques, Fabrizio works professionally in the IT Security field since 1997, applying his knowledge in top-level environments and data networks. Since 1998 he's employed as Network Security Consultant and Senior Security Prober in the Data Security Division of @Mediaservice.net, a well-known vendor-independent security consulting firm based in Torino, Italy. Fabrizio has been certified by ISECOM back in December 2002 as an authorized international trainer for the OPST and OPSA certification programs, EMEA area. He planned and currently manages the ITN (ISECOM Testing Network) firewall assets for the OSSTMM professional accreditation classes and for Hacker Highschool seminars.
Marco is an information security researcher and consultant, a UNIX expert, and a software developer. His main interests are networking, telephony, and control systems.
He is employed as Senior Security Advisor at @Mediaservice.net, where he is in charge of team coordination, advanced penetration testing, vulnerability research, and exploit development.
Marco is co-founder and editorial board member of Linux&C, the first Italian magazine about Linux and open source.
His homepage is www.0xdeadbeef.info.
After graduating from Georgetown University, Aaron realized he enjoyed taking programs apart more than he did building them. This led him to a career in the IT Security field.
Aaron is a security consultant, tester and analyst at adMERITia GmbH and specializes in the examination of test results and application of security metrics for data networks, telecommunications and web applications.
Since becoming OPSA certified, Aaron has made numerous contributions to the ISECOM and OSSTMM. Among his contributions are the further development of the security metric “Risk Assessment Value” (RAV) and the creation of an OSSTMM Applied Methodology for VoIP. Since 2007, Aaron has also promoted the OSSTMM through various publications and numerous presentations at IT conferences throughout Europe.
Jan is Team Leader Security Audits at the Swiss-based, internationally operating, vendor-independent IT security consulting firm, OneConsult GmbH. His areas of expertise include technical and conceptual security consulting with a special focus on sophisticated penetration tests, application security audits and reverse engineering. Even before his computer science studies at the Swiss Federal Institute of Technology (ETH) in Zurich, which he completed with a MSc and a specialization in information security, he had developed a great interest in security, ranging from physical to theoretical approaches. In his role as a Security Consultant, Jan deals with the OSSTMM almost daily, which helps him provide valuable input based on his practical project experience.
Lars has been working in the IT business since 1999, and began focusing on security in 2002.
Since he joined adMERITia in 2004, he has been working in security audit teams as a tester for large companies all over Germany and Europe. He holds the OPST and OPSA certificates and in 2008 also became a trainer for ISECOM in Germany.
At ISECOM Lars is mostly working on the OPST course material, getting it updated and introducing new technologies.
Pablo Endres is an experienced Security Consultant and Technological Solution Architect. His main interests are information security, networking, telephony, *NIX and technological research. He holds a degree in computer engineering, ISC2 CISSP, Comptia Security+, ISECOMs OPSA + OPST Certifications, and a black belt in Shuri-Ryu karate-do; and has worked in a variety of industries: wireless phone providers, VoIP solution providers, contact centers, university labs, and founded a IT consulting company. Pablo enjoys reverse engineering, research, self learning, an intellectual challenge, and collaboration. As of 2008 he is a published author after collaborating with ISECOM in the writing of Hacking Linux Exposed 3rd Edition. In this project he served as technical reviewer and author of chapter 14: Mail Services.
Hernán Marcelo Racciatti
Hernán Marcelo Racciatti, is a collaborator of ISECOM in Argentina. System Analyst, Microsoft Certified Profesional and NSP (Network Security Program).
Hernán is an independent security researcher in Buenos Aires, Argentina. Nowadays he carries out as Systems and Technology chief in a Retail enterprise, leader in its business area. In his spare time, he works as security consultant, advising public and private companies, conducting controlled vulnerability tests and as orator in conferences related to his speciality. Along this last ten years he has worked actively in different areas related to computing and Communications. Colaborator in some of the ISECOM projects, GNU/AULA and diverse tecnical documents compiled for some publications of the computing underground. He can be contacted at:
Rick Tucker currently lives in Portland, OR and has recently formed a support services company for individual attorneys and small law firms (msummary.com). He has provided technical writing assistance to ISECOM in the past.
Michael is the Founder & CEO of Trusted Metrics, Inc, provider of the Elastic SOC® platform used by Managed Security Providers around the globe to help their clients with regulatory compliance and on-going security threats. He has over 20 years of direct Information Security experience, working with clients in all verticals, markets and mentalities.
Michael is keenly interested in "Trust" and it's role in Operational Security, regularly speaking on the topic and contributing to the
Trust research for OSSTMM4 at ISECOM. Coincidentally, he is also fond of risk, having been married in Las Vegas, NV, gone sky-diving 12
times and fathering 2 sons with his wife.
Cor is an ICT-professional since 1983. During his career he fulfilled
plenty of roles in ICT: operator, programmer, functional designer,
system administrator, network administrator, department manager, etc.
This century he became involved in IT security more and more. Initially
for evaluations of security products or proposed controls, but soon he
designed the controls himself. In 2007 Cor started as a security
consultant and penetration tester and got involved with ISECOM for the
first time. In 2009 he became an ISECOM trainer. Next to the ISECOM
certifications he also holds CISSP and ISSAP.
Rob J. Meijer
Manager of the SIPES Project
Rob started out as an electronics engineer, and got involved in computers at the OS, software, and networking levels in the early 1990s, at which point he got interested in the development of networking software on the UNIX platform. In 1995, his graduation assignment led him to come in contact with software programming for network protocol analyses, and he has been doing personal and professional projects in the field ever since. After his graduation in 1995, he worked for a few years as a system/network administrator for several ISP's. With these job functions, he was largely concerned with the security and containment issues involved in running internet services. During that period, he also worked as a private consultant in the area of internet servers, firewall configuration, and overall network security. Three years ago, he ended his system administration career and started to focus on software development. In his spare time, he now works on several GPL projects with respect to network servers and security. His main concern regarding network and system security is the current overexposure of the 'bugs' regarding security that seem to overshadow other important security issues, such as containment.
After a history as Linux user/enthusiast since 1995 mostly security within the defence-sector, his active involvement with FOSS started 2004 with the ldap workgroup of bwcon:boss to work on new schemes, new concepts and to encourage and enable the ldap interoperapility between different foss projects. Starting with his first FUDCon in 2005, today he is contributing to multiple groups within the Fedora Project, where he also serves as the FAmSCo ViceChair. He is one of the founding members of the Fedora EMEA e.V. NPO. His main focus in Fedora today is: the work on Community Development and Mentoring, Fedora as Security Testing Platform and the Fedora Security Spin, the Fedora mailing list and membership administration and working on strong support for Fedora in the former eastern bloc.
With his involvement to the OSSTMM and to the ISECOM team, he gave several talks about the OSSTMM, he recently initiated a german localization project and he work's on a customized OSSTMM Security-Live-System based on Fedora to use it along with the ISECOM-Curriculum to teach the OSSTMM.