Jason Haddix is the Director of Penetration Testing at HP Fortify and a Security Blogger at http://www.securityaegis.com. Jason currently leads all efforts on matters of information security consulting. The gamut stretches from developing test plans for Fortune 100 companies to competing in "bake-offs" to win business against other top tier consulting vendors. This involves being in the trenches and performing actual assessments but also handling clients, architecting solutions, designing services, improving business processes, managing technical consultants, training, technical writing, marketing, and delivering solutions. Jason's strengths are web, network/infrastructure, and mobile assessments, but he has performed a myriad of other services and implemented them for a consultancy as a deliverable (mainframe, wireless, cloud assessment, database, OSINT, APT simulation, binary reversing, and static code analysis). Jason actively participates in research/discussions regarding (E)hacking, Social Engineering, the security-con community, and plays on the academic CtF team, Shellphish, which competes at the Defcon CtF yearly. He also serves on the advisory board for GIAC Penetration Testing curriculum and has earned the GSEC, GPEN, GWAPT, and eCPPT credentials.
Don had his first 'real' job in IT as a Systems Admin for a hospital. He later formed a successful consulting business continuing his work in the medical field while expanding into the SMB and media markets. During the tech boom of the 90s, he ventured into startup territory and became CTO of Telco Billing Solutions, Inc. After the tech bubble burst, he accepted a position in his hometown as Director of IT for the Dept of Medicine at the Univ of Illinois at Chicago (UIC), home to the largest medical school in the country. Being an entrepreneur at heart, he took his experience from a wide range of industries and the security concepts intertwined in each and co-founded The Digital Construction Company (TDCC). A firm believer of life-long education, Don is also an advocate of industry certifications as a baseline of knowledge and the fact that true career advancement comes with experience and sharing with others. For this reason, he created CSP Online Magazine as a free and open exchange of security-focused credentials. He expanded the online media offerings by TDCC with the Ethical Hacker Network. He is again putting his vision to work and his goal of helping others with their careers by organizing a premier security event in the windy city named, appropriately enough, ChicagoCon. Don will continue to preach the wonders of technology through a combination of writing, speaking, studying and, of course, working in IT.
Dr. Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. In his present and previous roles, he has provided information security expertise to a variety of companies operating globally. He has taught undergraduate and graduate security courses since 2005 and conducts research in the area of data protection. He has written several books and publications covering topics including data security, network security, penetration testing, and digital forensics.
The focus on this new column will be to give budding ethical hackers a wider perspective of the entire field of information security and for experienced practitioners some helpful hints by approaching issues from a slightly different angle. Be sure to take a look at his Forum Board for threads on each of his columns as well as misc. thoughts and conversations.
Chris Gates, CISSP, CISA, GCIH, GPEN, C|EH @carnal0wnage
Chris Gates is an Ethical Hacker Network Columnist and runs the very popular security blog, carnal0wnage. Chris joined LARES in 2011 as a Partner & Principal Security Consultant. Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DoD Red Team and other Full Scope penetration testing teams (regular pentesting teams too). Chris holds a BS in Computer Science and Geospatial Information Science from the United States Military Academy at West Point and holds his... redacted...no one cares anyway. In the past, he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, OWASP AppSec DC, ChicagoCon, NotaCon, and CSI. He is a regular blogger carnal0wnage.attackresearch.com and is also a regular contributor to the Metasploit and wXf Projects.
Feel free to email comments and suggestions on his articles or make requests for specific topics.
Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 14 years. Presently his focus is on the "human" aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics aorund the globe and also has had many articles published in local, national and international magazines and journals.
Chris is an student of Paul Ekman's training classes on Microexpressions and has spent time learning and educating others on the values of nonverbal communications. He has combined what he learned with years of experience in a new research he has called Neuro Linguistic Hacking(NLH) that combines nonverbal communications as well as the principles of the controversial study on NLP to influence other peoples emotions.
He is also the lead developer of Social-Engineer.Org as well as a the author of the best-selling book, Social Engineering: The Art of Human Hacking.
He has launched a line of professional social engineering training and pen testing services at Social-Engineer.Com. His goal is to help companies remain secure by educating them on the methods the "bad guys" use. Analyzing, studying, dissecting then performing the very same attacks used by malicious hackers on some of the most recent attacks (i.e. Sony, HB Gary, LockHeed Martin, etc), Chris is able to help companies stay educated and secure.
Chris runs one of the webs most successful security podcasts, The Social-Engineer.Org Podcast which spends time each monthly analyzing someone who has to use influence and persuasion in their daily lives. By dissecting what they do, we can learn how we can enhance our abilities. That same analysis runs over to the equally popular SEORG Newsletter. After two years, both of these have become a staple in most serious security practices and are used by Fortune 500 companies around the world to educate their staff. Chris can be found online at http://www.social-engineer.org/, http://www.social-engineer.com/ and twitter as @humanhacker.
Craig Heffner has been working in information technology with jobs ranging from technical support to systems administration to web development and has published numerous security papers, programs and advisories in his free time. His primary programming languages of choice are C, assembly and Perl. His column is aimed squarely at those in the InfoSec field who are tired of hearing that you truly can't be a security professional without knowing how to code.
Located in Chicago, IL, Dan possesses over 11 years of remote access security knowledge and expertise. He has held positions carrying responsibilities for the transmission and reception of classified data to mobile units while a member of the U.S. Coast Guard, has been a Director of Information Systems, has owned his own VPN and Security consulting company, and has worked as a Senior mobile workforce systems engineer for UUNET/Worldcom/MCI and Fiberlink Communications Corp. He has vast experience designing and implementing mobile workforce security solutions for Fortune 1000 companies as well as small to medium sized businesses. He is also a respected presenter at various computer security events where he is known for his live hacking demonstrations.
Linn( 13 items ) Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.
RichM is a real person. Everything contained in this column is real.
This evolving column will live and breath with RichM's daunting new job. Your feedback helps decide the direction the column will take. It may be a bumpy ride, but it will be educational. Let's call this experiment Reality Web 2.0.
RichM, is an IT professional with over 6 years networking/security experience. In addition to having an MCSE: Security, he also holds a Master’s Degree in Information Security. He plans on sitting for the CISSP in mid-December and will then prepare and take the CEH in late spring, early summer.
Information Security is not just a job, but an unquenchable obsession for RichM. Most of his free time (on average 2-4 hours nightly) are spent learning or playing with all things related to information security. His ultimate goal is to be Chief Security Officer for a Fortune 500 company, which he hopes to attain within the next 7-10 years (if not sooner).
He apologizes in advance for the veil of anonymity, but documenting and discussing a network as vulnerable as this should be guarded as much as possible. If anything, the anonymity allows more details to be revealed and greater amounts of information to be shared.
Mike Murray is a parallel entrepreneur who has spent more than a decade helping companies and individuals understand how they can be exploited by those with nefarious influence skills. From his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization . He is also in charge of the advanced curriculum of The Hacker Academy, an advanced online training environment focused on the newest methods of computer penetration testing and social engineering. Mike has a variety of other diverse interests, from his work on human systems and influence to his work work with many people on their careers both within the security industry (through InfoSec Leaders with Lee Kushner) and outside of security (through the Connected Career). Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at InfoSecLeaders.com and ConnectedCareer.com.
Justin Peltier is a Senior Security Consultant with Peltier Associates with over eight years of experience in firewall and security technologies. As a consultant, Mr. Peltier has been involved implementing, supporting, and developing security solutions, and has taught courses on many facets including vulnerability assessment and CISSP preparation. Formerly with Suntel Services, Justin directed the security practice development. Prior to that he was with Netigy where he was involved with the corporate training effort. Mr. Peltier has lead classes for MIS, Netigy, Suntel Services and Sherwood Associates. Justin currently holds 10 certifications in an array of technical products: CCSP, CISM, CISSP, SSCP, MCP, MCNE, RHCE, CCSE, CCAE, CCNA.
EH-Net's newest columnist, Georgia Weidman, is an expert in mobile security. Her column will focus initially on smartphones and eventually tackle all mobile devices. She will share research, tutorials, videos, articles and anything else to spread the word not only of pen testing best practices for mobile devices but also the passion for being creative in your hacking techniques.
Georgia is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world such as Shmoocon, Blackhat, Security Zone, Hack in the Box, and Derbycon. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security, LLC a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to build the Smartphone Pentest Framework, a tool that allows users to integrate mobile device security into traditional penetration tests.
Brian Wilson has over 12 years experience in IT starting with a tour in the United States Army. He has worked in and out of the US Government in many different organizations and technical roles including a stint as a Cisco Certified Instructor. Currently he works for one of the largest US broadband providers (ISP) as a Senior Data/Voice Engineer supporting over 3 million High Speed Internet/ VoIP subscribers. He has attained a number of industry credentials covering many aspects of IT including CCNA, CCSE, CCAI, MCP, JNCIA, Network+, Security+, and many DoD Certifications. He also uses his knowledge of IT to benefit a number of charitable organizations. Clearly Brian's knowledge and interests are wide, and his affinity for philanthropy will be the overiding theme of his vast set of articles and videos.
Jason Haddix is the Director of Penetration Testing at HP Fortify and a Security Blogger at 
Donald C. Donzal, CISSP, MCSE 2003, CEH, Security+ SME
Dr. Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. In his present and previous roles, he has provided information security expertise to a variety of companies operating globally. He has taught undergraduate and graduate security courses since 2005 and conducts research in the area of data protection. He has written several books and publications covering topics including data security, network security, penetration testing, and digital forensics.
Chris Gates, CISSP, CISA, GCIH, GPEN, C|EH
Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 14 years. Presently his focus is on the "human" aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics aorund the globe and also has had many articles published in local, national and international magazines and journals.
Craig Heffner has been working in information technology with jobs ranging from technical support to systems administration to web development and has published numerous security papers, programs and advisories in his free time. His primary programming languages of choice are C, assembly and Perl. His column is aimed squarely at those in the InfoSec field who are tired of hearing that you truly can't be a security professional without knowing how to code.
Daniel V. Hoffman, CISSP, CWNA, CEH
Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.
RichM is a real person. Everything contained in this column is real. 
Mike Murray is a parallel entrepreneur who has spent more than a decade helping companies and individuals understand how they can be exploited by those with nefarious influence skills. From his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations. Mike co-founded 
Justin Peltier
EH-Net's newest columnist, Georgia Weidman, is an expert in mobile security. Her column will focus initially on smartphones and eventually tackle all mobile devices. She will share research, tutorials, videos, articles and anything else to spread the word not only of pen testing best practices for mobile devices but also the passion for being creative in your hacking techniques.
Brian Wilson, CISSP aka slimjim100
General Certification : CPT Practical Submission
