• Sondra J. Schneider
• Clement Dupuis
• Director of QISP (open)
• Kevin Cardwell
• Steve Crutchley
• William Alan Matthey II
• Casey Collins
• Metka Dragos
• Krag Botby
• Rob Murphy
• Tom Bowers

• Casey Collins
• Jamie Jaworski
• H. Morrow Long
• Stephen Gantz
• Diana Kelley
• Bruce Potter
• Ed Tittel
• Jay Beale
• Summer Interns

Wanted Director of QISP
Director of Qualified Information Security Professional QISP
his person is a full time employee working in the Northern VA area. Responsibilities are teaching Q/EH Qualified/ Ethical Hacking classes, Q/SA Qualified Security Analyst Penetration Testing, Q/NA Qualified/ Network Defender, and Q/FE Qualified/ Forensic Expertwith a Forensic & incident response background.

Senior Security Evangelist and Security Curriculum Manager Security University
Owner and Maintainers of the CISSP® Open Study Guides web site at www.cccure.org

It's rare to find a true industry luminary and innovator teaching a certification boot camp class for “ordinary” professionals. But leader and standard-setter, Clément Dupuis, sees sharing his extensive knowledge and experience with his students as “a privilege and a responsibility.”

“I come from a small lumberjack village in northern Quebec, Canada,” he explains. “People there help each other. It's how we are. It's what we do.” Even so, Clément's humble beginnings belie the tremendous contributions he has made – and continues to make – to the world of Internet technology and security. For 20 years, he served as a communication and IT Security specialist in the Canadian Department of National Defense (DND). “Where I was first stationed,” he recalls, “there were three things to do in one's spare time – hunt, fish, or drink. There's only so much that anyone can do of any of these activities, so I bought my first computer to learn and explore on my own.” He quickly became known for his expertise and became responsible for the first series of computers deployed within army field units (“they were big 65 pound tempest clunker with tons of screws – 42 to open the cover alone”). He also achieved the milestone of having built the first LAN and WAN ever deployed in an army operational unit. In the early 1990s, he supported NATO operations in Somalia and Rwanda, being one of the few people in the world who could build and support complex computer/satellite communication systems from scratch under the most austere conditions ever experienced by troops oversea.

Clément's knowledge and abilities became so deep and highly regarded by the Canadian military that his last two years within the Department of Defense were spent training others and passing along his huge amount of knowledge. He very actively participated in the development of the first version of the CISSP® and GSEC course materials for the SANS Institute, he supervised the delivery of all security related classes at Vigilar Intense School, he is now exclusively teaching for Security University in the United States. He worked for the SANS institute for many years, he has delivered classes at all of the largest conferences such as Las Vegas and Orlando. Only the instructors who have achieved the highest student satisfaction score gets to present at those conferences. It is reserved for the best instructors of the faculty.

He is one of the company most popular, most successful and often-requested instructors, which is due as much to his dry sense of humor and unassuming manner as to his extensive insights and experience. He is proud of the relationships he builds with his students and is pleased to advise them before, during, and even after they have completed their exams.

Kevin Cardwell
Instructor, CEH/QEH, ECSA/QSA, CHFI/QFE

Kevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and
systems engineer on a variety of Department of Defense projects and was selected to head the team that built a Network Operations Center (NOC) that provided services to the command ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a 5 person Red Team that had a 100% success rate at compromising systems and networks.

He currently works as a free-lance consultant and provides consulting services for companies throughout the US , UK and Europe . He is an Adjunct Associate Professor for the University of Maryland University College where he participated in the team that developed the Information Assurance program for Graduate Students which is recognized as a Center of Excellence program by the National Security Agency (NSA). He is an Instructor and Technical Editor for Computer Forensics, and Hacking courses. He has presented at the Blackhat USA Conference. He is a Certified Ethical Hacker (CEH), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. His current research projects are in Computer Forensic evidence collection on "live" systems, Professional Security Testing and Advanced Rootkit technologies.

Steve Crutchley
Instructor, Q/CA
Founder and Chief Executive Officer Consult2Comply

Steve is a recognized leader and foremost authority in the GRC arena. With more than 25 years of experience in Business Protection, combined with an extensive knowledge of the industrial, commercial, government and financial areas, Steve has dedicated his career to maintaining a highly focused emphasis on risk, governance, compliance, information security and information assurance.

A serial entrepreneur. Steve's string of successes include the sale of his previous venture, 4FrontSecurity, to Symantec. He also sold Systems Solution to AST in South Africa which culminated in the listing of the respective company and the subsequent acquisition of a number of local and international businesses.

Steve has held senior positions in government as well as corporate and private businesses for many years and has a solid track record of prior achievements. In a sector where the noise is mixed and confusing, Steve is able to help organizations navigate through the business protection (security) and compliance maze and assist them in selecting and delivering the processes and solutions that will mitigate risk and support corporate governance. Steve has extensive experience, knowledge and a deep understanding of various standards and control structures such as ISO/IEC 20000, ISO/IEC 27001, BS 25999, COBIT, ISF, COSO, GLBA, HIPAA, NERC, PCI to mention just a few. Steve is an accredited IRCA trainer for ISO/IEC 27001, a renowned Lead Auditor and implementer for ISO 27001, ISO 20000 and BS 25999. Steve is also CISM and CGEIT and has a Bachelor of Science in Management Information Systems (B.Sc. Management Information Systems) degree with concentration on Information Security

William Alan Matthey II
Instructor, CISSP/ CISM, MCSE/ MCITP Security+, A=, Network +, Windows7

William has been delivering security training and consulting for over 25 years. With a formidable skill set that includes management and technical skills. William is currently working on projects worldwide to develop and manage secure Enterprise solutions utilizing Vista & 08 Server technologies and advanced MIS applications for both Microsoft Corporation and the US DOD.

Having worked for the US DOD and State Department William has been delivering security training and consulting services for the US government for several years. William meets DOD 8570.1 Compliance and enjoys US Security Clearance. This involves William traveling worldwide, which takes him to some interesting places.

Education: B.A. Psychology 1974
Texas Christian University, Ft. Worth,
TX Oklahoma University 12 hrs toward MBA

Casey Collins
Instructor CWNA, CWSP Q/WAP


Casey's wireless networking experience started while working as a system engineer for a large healthcare software developer. Casey's job became to solve the constant issues with their customer's wireless networks in support of complex EMR (electronic medical records) solutions. Eventually Casey took over designing the wireless solutions, trained their 100+ technicians across the country on how to properly implement wireless networks in challenging environments, and provided 3rd-tier troubleshooting support.

During that time Casey earned CWNE #16 status, the highest level of vendor-neutral wireless certification available, as well as a Certified Wireless Network Trainer, having been a Microsoft Certified Trainer for several years. Seeing the opportunities in wireless networking and the lack of available resources, Casey started C3-Wireless along with some other partners. Their focus is providing wireless networking professional services for mission-critical networks. During the last four years, Casey has worked with many Fortune 500 companies and in many different verticals, including healthcare, manufacturing/distribution, education, hospitality, transportation, etc.

A few of the more notable customers Casey has worked on include implementing Twitter's and Mozilla's wireless networks, completing site surveys for Google, Kimberly-Clarke, Adventist Healthcare, McDonalds, Hyundai, UCLA, UNLV, Bridgestone, etc.

Casey has completed wireless site surveys, etc. for 2 million sq. ft.+ airports, 1 million sq. ft.+ distribution centers, large hospitals, outdoor networks, etc. He has trained Wal-Mart's core wireless team for Cisco, and troubleshot\remediated numerous wireless networks for customers such as TIVO, etc.

Metka Dragos, CWNE, CWNA, CWSP, CWAP, CWNE, CISSP, Q/SA- Q/PTL, Q/EH, Instructor / Wireless Advisor

Metka is a highly repected Wireless instructor who is a gifted presenter, She is known for her wit and broad wireless & security technical expertise. She holds over multiple technical certifications including a CISSP, Q/SA CWNE.

Metka Dragos has more than twenty years of experience in IT industry and delivering training programs. Her corporate career included positions in Application Programming, Database Administration, System Administration and Network Engineering. Experience gained from these positions, years of mentoring and certifications from Microsoft, Cisco and CWNP give her unique blend of real life and classroom scenarios that she passionately shares with her students. As a consultant, Metka works with clients in greater Bay Area with a specialty in LAN/WLAN security and analysis.

She holds a B.S. degree in Information Technology, Microsoft MCSE and MCT, Planet3 Wireless CWNE and CWNT and Cisco certifications.

Her outside of technology life is catching up with her family and the rest of the world.

Krag Brotby Instructor, CISM, CGEIT

Krag Brotby has more than twenty five years of experience in the area of enterprise computer security architecture, governance, risk and metrics and is certified as a CISM and CGEIT. Extensive experience includes intensive involvement in governance, metrics and current and emerging enterprise security architectures. He holds a foundation patent for digital rights management and has published numerous technical and IT security related articles and books. Krag is the recipient of the 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award.

Krag has served as principal author and editor of the ISACA Certified Information Security Manager Review Manual since 2005, and as the researcher and author of the widely circulated Information Security Governance, A Guide for Directors and Executive Management, 2nd ed., and the Information Security Governance : Guidance for Information Security Managers as well as a new approach to Information Security management metrics to be published in '09. He is the author of Information Security Management Metrics; Auerbach '09 and Information Security Governance; a practical development and implementation approach; Wiley '09.

He has served on the ISACA Security Practice Development Committee, appointed to the Test Enhancement Committee responsible for exam question development, and to a new committee developing a systems approach to information security called the Business Model for Information Security. He is a member of the California High Tech Task Force Steering Committee, an advisory board for law enforcement.

Krag is a frequent workshop presenter and speaker at conferences globally and lectures on information security governance, metrics, information security management and CISM preparation throughout Asia, Australia Europe, the Middle East and North and South America.

As a practitioner in the security industry for over two decades, he was the principal Xerox BASIA enterprise security architect and managed a global PKI implementation plan. He was a principal architect of the SWIFT Next Gen PKI security architecture; served as Technical Director at RAND Corporation for the cyber assurance initiative; and as Chief Security Strategist and PKI architect for TransactPlus, a JP Morgan spinoff; provided governance consulting to Australia Post, New Zealand Inland Revenue, the Singapore Government, the US Department of Defense, Microsoft, ATT, major financial institutions and numerous other organizations

Rob Murphy
Rob Murphy has a Masters in Information Technology Management from the Naval Postgraduate School in Monterey, CA. Professional certifications include CISSP, CEH, CHFI, Network+ and working towards CCE. He is an Adjunct Professor for The College of Southern Maryland and has spoken at several security conferences to include DefCon, DoD Cyber Crime Conference, USMC IA Conference, the NSA Red Team / Blue Team Symposium, MITRE IPv6 Symposium, Redstone Arsenal IA Conference and TechNet Mid-America. Areas of expertise and interest include wireless network and information security, computer forensics, protocol analysis and tool development. Tools developed include MACSpoof, which changes MAC addresses in Windows, v00d00_CD_Key for the recovery of software keys in Windows, a UDP Phone-Home program for remote network monitoring and administration, the PoC tool v00d00N3t, for sending data through ICMPv6 packets and the next generation IPv6 covert channel tool, v2N3t which sends data through the address space of an IPv6 packet. He is also the creator of ‘warl0ck gam3z’ which is an online Jeopardy style hacker challenge used in various conferences and academic settings.

Tom Bowers
In the world of High-Tech, High-Value information, Tom Bowers, CISSP, PMP takes the old proverb, “Keep Your Friends Close, Your Enemies Closer” to heart. As a Certified Ethical Hacker, Tom is a well known expert in the area of data leakage prevention, global enterprise information, security architecture and ethical hacking. 

With over 25 years of experience in the field of computer technology and information systems Bowers has served as the chief architect for information security structures and protections in numerous industries. He brings a real world, pragmatic approach to the business of security based upon his Fortune 100 enterprise experience in both the IT and Global Security functions. Bowers leads the independent think tank and industry analyst group Security Constructs, LLC. His areas of expertise include aligning business needs with security architecture, risk assessment and project management on a global scale

As immediate past president of the Philadelphia chapter of Infragard, a non-profit organization consisting of members of the FBI and physical/cyber security professionals from private industry, Tom lead one of the largest chapters in the country with over 850 members. Tom works closely with law enforcement agencies including the FBI on issues of computer forensics and investigations of security breaches, theft and fraud.

Bowers shares his depth of knowledge with the computer and information technology and security field as a Technical Editor for both TechTarget (Information Security Magazine, SearchSecurity.com...) and IDG Publications (ComputerWorld, InfoWorld…) He is the author of several white papers, >100 articles and is a highly respected speaker at conferences and webinars. He has recently been featured in CSO Magazine, CIO Decisions, InfoWorld, ComputerWorld, NetworkWorld, SearchSecurity.com, Information Security Magazine, BusinessWeek and The Wall Street Journal

Jamie Jaworski
Jamie Jaworski is the Chief Security Officer at ROI Networks, Inc. where he is responsible for delivering secure solutions for ROI's customers and employees. Jaworski joined ROI Networks after serving as the Chief Information Security Officer for Conexant Systems, Inc. At Conexant, he created the information security team and deployed high-security solutions for protecting Conexant's chip and software designs. Jamie has over 25 years experience in information security, working with the U.S. Department of Defense, major financial institutions, and commercial businesses. Jamie has written a number of books on security and Web development, including Java Unleashed, Mastering JavaScript, and The Java Certification Guide. In his off hours, he spends his time paddleboarding and hiking in Southern California.

WANTED - Interns

Looking for an internship in the information security industry? Security University is the place for you! Security University is a small company looking for help in Reston, VA area.

Security University specializes exclusively in information assurance (IA) security certification training. We're passionate about security. Our internship program allows talented college students to learn our business by supporting customers by supporting the administration of our internal systems, and public relations to the Security University community of users.

As an Security University Intern you will be given a real project to work with Security University attendees that are interested in persuing their Qualified Information Security Professional (QISP) Credential. You'll attend one of our computer security classes and will receive mentoring from the team management at Security University. You'll learn about computer security and writing secure code from the experts.

Security University internships frequently start as part time employment during the school year and are full time over the summer. Summer only internships are also available.

Absolutely non-negotiable requirements:

• Excellent command of written and spoken English
• Top grades or a track record of success
• Permanent legal right to work in the United States. student visas (J1, F1, etc) cannot be considered.
• Currently enrolled in a 4 year academic institution or Master's program having at least completed your sophomore year.
• Significant coursework in Computer Science (major not required)
• Knowledge of Java or .NET and at least one other common programming language
• Top notch computer programming and testing skills.
• Position is in our office in Reston VA location telecommuting optional

Apply today!  Officially, applications are due June 1, 2010, but we process them as they come in, so all available openings may be taken well before June 1st.

Applications for 2010 internships are now being processed. They are processed on a first-come, first-served basis so apply soon!

To Apply

To apply for any of these positions, please email us at careers (at) securityuniversity.(dot) net , attaching a current resume in HTML, Word, Plain Text or PDF format. In the body of the email, indicate the position you are interested in and explain why you would be a good fit for this job. If you have a website, send us the URL.

Security University does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.

Meet our 2010 Interns
Devin Kuhn will be in 11th grade at Yorktown High School in Arlington, VA fall 2010.  I enjoy my classes, but my passion is really about computer science.  I have been attending the Arlington Career Center on the weekends for the last seven years.  It is a TV Multimedia class where we make movies and TV shows.  The Career Center is now a Governors Academy and receives grants from the Bill and Melinda Gates foundation.  Last year I took an advanced computer science class at the Career Center during the school day, and was selected to participate in a college level programming course this year.  One of three students in all of Arlington.

At home I have been developing games for the last three years, and now I am one of the co-owners of a web host called 0m3ga.  0m3ga hosts websites, servers, and game servers. Here is a link to our website if you are interested.  http://0m3ga.net

I've been doing a lot of web design and development. Right now I am focusing on php and MySQL.  I have a fairly firm grasp of the lua programming language, and several others.  Python, Javascript, HTML, php, DOS, and am almost done learning MySQL. I'm really looking forward to interning at Security University this summer.




Our Past Interns
Michelle Leung is a current student attending Academy of Information Technology at Stamford , CT. She is an accomplished student who enjoys helping people. She participates in the Stamford High School Marching Band and plays the clarinet. Michelle is an active member of Student Council, Origami Club, and Winter Percussion. On her free time she like to read, write, and every girl's favorite, go shopping. Her new favorite band is now Coldplay, and enjoys listening to Kelly Clarkson. She now enjoys simple pleasures of relaxing at a coffee shop with a cup-of-joe and a good book to read.

Emanuel Olaguivel started attending the University of Connecticut ,Storrs, in Fall 2005. He is a 2005 graduate from the Academy of Information Technology . At UCONN, he majored in Civil Engineering. Working with computers is a hobby and he has been MOS certified in some Microsoft programs. During his free time he likes to watch TV, surf the web, and chat with friends. He especially loves playing and watching soccer; his favorite team is Barcelona . He grew up in Peru and moved to Stamford at the age of 6. His goal in life is to be successful in all aspects of life

H. Morrow Long, CISSP, CEH, CHFI Instructor
H. Morrow Long has been a presenter at (and organizer of) several conferences as well as an instructor at Yale University, Fairfield University, the University of New Haven, Gateway Community Technical College and a number of private training institutes.
H. Morrow Long (CISSP, CISM, CEH) is the University Information Security Officer, Director of the Information Security Office and DMCA Notification Agent for Yale University. He has been with Yale University for the past 20 years, participating in many campus and IT projects (Y2K Planning, Business Continuity/DR, Oracle Financials/HR Business Modernization Project, Yale's Windows NT to Windows 2000 Active Directory Migration Project, HIPAA Security). 

Morrow Long is also a Visiting Scientist with the Carnegie Mellon University Software Engineering Institute's in the CERT/Networked Systems Survivability group. 

Mr. Long is a UNIX, NT and TCP/IP security expert, an author, consultant and educator with more than 23 years of experience with the IP (Internet Protocol) networking protocols and over 13 years of experience designing Internet/Intranet firewalls and information security solutions. 

Morrow has written and released several information security software programs into the public domain (including one of the first TCP portscanners and the first audio Web server CGI cited in Wired magazine).

Morrow has taught computer science, networking and information security courses at several Universities (including Yale, the University of New Haven and Fairfield University) and private seminar institutes (including SecurityUniversity).

Mr. Long was one of the original participants in the Infragard program in Connecticut. Morrow was on the executive board of CUISP (Campus University & Information Security Professionals) and also participates in the EDUCAUSE/I2 Computer/Network Security Task Force (a founder of the annual Educause Security Professionals Conference), CISDG (CT InfoSec Discussion Group) and is President of the Connecticut ISSA Chapter. 

Prior to working at Yale University Mr. Long was a Member Technical Staff at the ITT Advanced Technology Labs in Stratford and Shelton (1984-6) Connecticut and a Lead Programmer Analyst developing INVESTWARE(TM) at New England Management Systems (NEMS 1982-84).Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986).

Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986) as well as CISSP®, CISM® and CEH™ certification.
Morrow has contributed to several papers and books on computer security, computer crime, digital forensics, network survivability and information assurance

Stephen Gantz, CISSP
Instructor

Stephen Gantz, CISSP, is the senior architect for Roundarch, a systems integrator specializing in the development and delivery of enterprise portal and integration solutions. He also leads Roundarch's security practice, which focuses on application security, security architecture, and compliance with civilian and DoD security policies. Steve has 12 years' experience in technology-related professional services and software development, primarily as an IT architect designing e-commerce, enterprise application integration, customer relationship management, and security systems and infrastructures.
Steve's industry expertise includes federal civilian and state government, financial services, insurance, retail, telecommunications, and higher education. His areas of technical expertise include customer relationship management (CRM) and enterprise resource planning (ERP) applications, middleware technologies, security and e-commerce systems architecture, and data transport and exchange using EDI and XML. He is a regular speaker at industry events on enterprise application integration, e-Commerce, and XML. He holds a Masters Degree in technology policy from the John F. Kennedy School of Government at Harvard University, as well as a Bachelors degree in applied mathematics and statistics from Harvard.

Diana Kelley
Instructor

Diana Kelley has been working professionally for over 12 years creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors. She is a security industry Analyst with Baroudi Bloor, a top-tier analyst firm where she has delivered strategic advice to, among others, IBM and Psionic (acquired by Cisco.) She also serves as the Vice President of Security Technology for Safe3W, Inc, a provider of strong, two factor authentication.

At The Hurwitz Group, Diana was the Senior Security Analyst and provided executive strategy advice to Entrust and other clients. She served as a Manager in KPMG's Financial Services Consulting practice, where her clients included Bank of America, General Electric, Merrill Lynch, MetLife and The Travelers.

She has experience in managing penetration testing, conducting security audits and has been certified on a number of security products such as the original TIS Gauntlet and HP Virtual Vault. Diana speaks frequently at major conferences, such as 802.11 Planet, BlackHat, InfoSec, NetWorld/InterOp, The Internet Security Conference, and ComDex, on security topics and has been quoted in publications such as Information Security Magazine and The Wall Street Journal as a security expert. She has authored numerous White Papers and research documents, wrote the chapter on "PKI and Directories" for the book PKI: A Wiley Tech Brief and contributed articles to Security Focus inFocus, Security Products Magazine, and was interviewed by WNBC on the topic of Internet security.

Bruce Potterhas a broad information security background. From application security assessments to low-level smartcard analysis to wireless network deployments, Bruce has worked in both the open- andclosed-source communities. He is a co-author of an upcoming book on 802.11 security published by O'Reilly and Associates. Bruce is the founder of The Shmoo Group of security, crypto, and privacy professionals. Through The Shmoo Group, Bruce has assisted in the development of open-source software tools and participated in various events designed to promote the use of cryptography. He is also the founder and president of NoVAWireless.org, a non-profit community wireless initiative in Northern Virginia. Bruce has spoken at several conferences including Black Hat, DefCon, and the Washington DC chapter of SecurityGeeks.

Ed Tittel has been an active writer and instructor in the computing field since 1994. That same year, he also started his own company LANWrights, Inc. Now the content division of iLearning.com, his group specializes in writing, training, and consulting on Web markup languages, information security, IT certification, and general networking topics and technologies.

A 20-plus year industry veteran, Ed has been teaching courses on Windows security at NetWorld+Interop since 1996 (and was a member of the Program Committee for that conference from 1993 to 1999). Ed is also the author of over 130 computer books. He writes regularly for Certification magazine, InformIT.com, Cramsession.com, and numerous TechTarget.com Web sites (including sites devoted to Windows 2000, information security, networking, and Web development topics).

In 1997, Ed developed and implemented the concept for Exam Cram, now the best-selling series of IT certification books in the world. He still serves as series editor for the recently-revived Exam Cram 2 for Que Certification (a Pearson Technology Group imprint). Recently, Ed has contributed to titles on numerous information security certifications, including TICSA, Security+, and CISSP for Pearson and Sybex Books. Prior to starting his own company in 1994, Ed worked for Novell from 1988 to 1994, where his job titles including networking consultant, systems engineer, national marketing manager, and director of technical content for trade shows and developer conferences.

In earlier incarnations in computing, Ed has also worked as a manager, a software developer, and a trainer. He also taught for Austin Community College in their Certified Webmaster program from 1996 to 2001 on Windows, TCP/IP and a variety of markup language topics.

Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and the Linux leader in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat and LinuxWorld conferences, among others. A senior research scientist with the George Washington University Cyber Security Policy and Research Institute, Jay makes his living as a security consultant through the MD-based firm Intelguardians, LLC, where he works on security architecture reviews, threat mitigation and penetration tests against Unix and Windows targets.

Jay wrote the Center for Internet Security's Unix host security tool, currently in use worldwide by organizations from the Fortune 500 to the Department of Defense. He leads the Center's Linux Security benchmark team and, as a core participant in the non-profit Center's Unix teams, is working with private enterprises and US agencies to develop Unix security standards for industry and government.

Aside from his CIS work, Jay has written a number of articles and book chapters on operating system security. He is a columnist for Information Security Magazine and previously wrote a number of articles for SecurityPortal.com and SecurityFocus.com. He co-authored the Syngress international best-seller "Snort 2.0 Intrusion Detection" and also contributed the Host Lockdown chapter in 'Unix Unleashed,' served as the security author for 'Red Hat Internet Server' Jay's currently finishing a Linux hardening book focused on Bastille entitled, 'Locking Down Linux.'

Formerly, Jay served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution.