Jonathan G. Gossels, President & CEO
ISACA/CISM

Jonathan is President of SystemExperts^TM Corporation a consulting firm specializing in computer and network security. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this work, balancing all technical initiatives with business requirements and impact.

Prior to founding SystemExperts, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releasess.

Jonathan is frequently quoted on the emerging challenges as well as best practices in information security in leading publications such as ComputerWorld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine and the ISSA Journal.

Jonathan has served on the editorial advisory board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.

Jonathan is a graduate of Yale University and MIT's Sloan School of Management.

Brad C. Johnson, Vice President
ISACA/CISM, NSA/IAM, PCI QSA

Brad Johnson is Vice President of SystemExperts Corporation. He is a well-known authority in the field of distributed systems and is a frequent speaker on the subjects of security standards, penetration testing, middleware, and practical intrusion detection. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, and the IETF, and has published extensively about open systems.

Brad is frequently quoted in business and technical publications such as SC Magazine, Wall Street and Technology, ISSA Journal, and IT Security Magazine. He has also served as a technical advisor or contributor to Dateline NBC, Information Security Magazine, Internet World, ISSA, WatchIT, and CNN.

At SystemExperts, Brad has pioneered innovative methodologies and operational practices that enable our clients to use penetration testing, event management, and protocol-oriented infrastructure analysis to vastly improve their level of effective security at the lowest possible cost.

Prior to joining SystemExperts, Brad was one of the original members of the OSF DCE Evaluation Team. He was also the engineering project manager to complete the actual integration of those technologies and the project leader for the first three major releases.

Brad holds a Bachelor of Arts degree in Computer Science from Rutgers University (Magna Cum Laude) and a Master of Science degree in Applied Management from Lesley University (Summa Cum Laude).

Richard E. Mackey, Jr., Vice President of Consulting
ISACA/CISM, PCI QSA

Richard E. "Dick" Mackey is regarded as one of the industry's foremost authorities on distributed computing infrastructure, compliance, and security. He has helped many organizations, from online retailers and application service providers to major manufactures assess and improve their security programs. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the Open Software Foundation Distributed Computing Environment.

Prior to joining the consultancy SystemExperts, he was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open), where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2.

Mackey has been a frequent speaker at conferences and a regular contributor to major publications on topics such as regulatory compliance, security standards, identity management, and service-oriented architecture security. Mackey has a B.S. and M.S. in electrical and computer engineering from the University of Massachusetts at Amherst.

Richard was promoted to Vice President of Consulting in early 2007.

Philip C. Cox, Principal Consultant
ISC/CISSP, ISACA/CISM, NSA/IAM, NSA/IEM, PCI QSA

Philip Cox is currently a Principal Consultant with SystemExperts Corporation in Auburn, California. Phil is an industry recognized consultant, author, and lecturer and has an extensive track record of hands-on accomplishment. He specializes in TCP/IP based distributed systems security. He has performed hundreds of security and system management architectures design and reviews, application specific technology roadmaps, and solution deployments. He has also performed penetration and application testing against literally thousands of hosts, as well as emergency response to hacker attacks.

Phil is the primary author of the authoritative Windows 2000 Security Handbook (Osborne-McGraw Hill) that was published in December 2000. He was also the technical editor of Building Internet Firewalls, 2nd Edition and Hacking Linux Exposed. For the past several years, Phil's technical focus has been on Microsoft Windows; in particular, security issues related to securing Windows systems in heterogeneous environments.

Prior to joining SystemExperts, Phil worked as a Computer Scientist at Lawrence Livermore National Laboratory. Prior to the Lab, Phil was co-founder and Technical Information Director for Networking Technology Solutions (NTS). He Has performed numerous tutorials and workshops for SANS, Usenix, Computer Security Institute (CSI), The Internet Security Conference (TISC), Internet World, Secure-World Expo, University California Davis, and NetWorld-Interop. His topics have ranged from high level topics such as "Security in an E-Business World" to detailed advice in "Hardening Windows 2000 Lab".

Phil holds a Bachelor of Science degree in Computer Science from the College of Charleston, South Carolina. He is a Certified Information Security Manager (CISM), and holds the NSA IAM and IEM certifications.

Jason Reed, Principal Consultant
ISC/CISSP, ISACA/CISM, NSA/IAM, PCI QSA

A Principal Consultant with SystemExperts Corporation in Charlotte, North Carolina, Jason Reed is a security professional with exceptional experience in web application penetration testing, intrusion detection, and incident response in mission critical production environments. Jason has worked on and led projects within multiple vertical markets including financial services, manufacturing, web services, on-line retail, brick and mortar retail, and the insurance industry. Jason has successfully completed projects with governmental organizations as well, including the Department of Justice, throughout the United States. Many of his past projects have included web application vulnerability assessments and the development of tools as well as methodologies to identify security weaknesses in web applications based on a variety of technologies (such as Active Server Pages, ASP.NET, Java Server Pages, JavaServer Faces, Cold Fusion, PHP, WebMacro/Velocity, PERL, and a number of other platforms).

Prior to joining SystemExperts, Jason worked for IBM Global Services and AT&T where he developed security standards, managed corporate-wide security initiatives, and implemented some of the most practical intrusion detection mechanisms deployed at the large enterprise scale. Jason was a member of IBM's ASERT (Advanced Security Event Response Team) that provided investigative services, forensic study, and security breach remediation services to IBM and its clients which included major private and government organizations. Prior to his work in intrusion detection and escalation, Jason focused on programming system management solutions including data-flow facilities for IBM's NetView 6000, SNMP polling and reporting systems, and network statistics reporting.

Jason holds the Certified Information Systems Security Professional (CISSP) certification from the International Information Systems Security Certification Consortium (ISC)2, the Payment Card Industry (PCI) designation as a Qualified Security Assessor (QSA), and the Information Systems Audit and Control Association's (ISACA) certification distinction as a Certified Information Security Manager (CISM). He also holds the INFOSEC Assessment Methodology (IAM) certification sponsored by the National Security Agency (NSA) -- originally developed to train the U.S. Department of Defense (DoD) for security assessments and is a member of the Federal Bureau of Investigation's (FBI) InfraGard program and the United States Secret Service's Electronic Crimes Task Force (Miami Office).

Jason has taught tutorials on penetration testing and intrusion detection at major conferences around the U.S. and writes on the topics of web security, incident response management, and practical data handling techniques for intrusion detection events. He remains active in the Information Systems Security Association (ISSA), Information Systems Audit and Control Association.

Jason holds a Bachelor of Science degree from the University of Florida.

Cheng Tang, Senior Consultant
CISSP, ISACA/CISM, PCI QSA

Cheng Tang is a consultant with SystemExperts Corporation. In his work over the past twenty years with academic, government, and commercial clients, Cheng Tang has honed his technical and program management skills across the entire security discipline. With his professional emphasis on very-large scale information systems security and software engineering, he played significant parts in critical programs including: one of the most technologically advanced Authentication and Encryption initiatives in the financial services industry, a roles-based access security model and verification system in academia, compartmentalized security at the Program Executive Office of Cruise Missiles and Unmanned Aerial Vehicles for the U.S. Navy, the Digital Personnel Records Imaging System-Electronic Military Personnel Records System, also for the U.S. Navy, and software engineering requirements and performance for the U.S. Army's STRICOM Close Combat Tactical Trainer.

Mr. Tang has conducted over 100 security assessments from network profiling and white hat testing, to physical site inspections. He has also served as temporary CIO and CSO at several prominent companies. A keen advocate of standards-based security and policy, Mr. Tang has been involved with Sarbanes-Oxley, HIPAA, GLBA, and CoBIT.

Prior to joining SystemExperts, Mr. Tang was a Senior Security Engineer, Project Manager, and Assessor with SAIC and Global Integrity. In those roles, Mr. Tang had a wide variety of engineering and program responsibilities including risk analysis, firewalls, electronic commerce, PKI, tokens/smartcards, and development of security policy. Before SAIC, Cheng worked for Mobil Oil Corporation where he led projects involving mainframes, distributed databases, and secure transactions.

Cheng holds a Bachelor of Science degree in Computer Science from George Mason University, a Masters degree in Computer Science from the University of Virginia, and is currently completing his Ph.D. in Information Technology. He formally held a security clearance of Secret/DoD.

Keith Royster, Senior Consultant
CISSP, ISACA/CISA, PCI QSA

Keith Royster is a senior consultant with SystemExperts Corporation based in Charlotte, North Carolina. With over fifteen years of career experience in consulting, government, e-commerce, brick and mortar retail, and the financial services industry, Keith is a seasoned security professional with deep technical and business risk knowledge of web application security, system and network security, fraud detection and prevention, and physical security. Keith has successfully lead numerous web application vulnerability assessments, fraud analyses, and technology audits.

Prior to joining SystemExperts, Keith worked for Bank of America where he lead several high profile international technology audits, and performed in-depth manual penetration testing of flagship applications, including online banking and VOIP. As a senior member of the Application Vulnerability Assessment team, Keith provided ethical hacking training for other Information Security teams, and implemented an enterprise vulnerability risk scoring methodology for objectively ranking and targeting applications for vulnerability assessments. Prior to his work with application vulnerability assessments, Keith was a senior member of the international technology infrastructure audit team where he created custom scripts to automate the analysis of unix system baseline compliance, as well as providing code analysis and forensics for phishing, carding, and other fraud investigations.

Keith holds the Certified Information Systems Security Professional (CISSP) certification from the International Information Systems Security Certification Consortium (ISC)2, as well as the Certified Information Systems Auditor (CISA) certification from the Information Systems Audit and Control Association (ISACA). Keith is also a member of the Federal Bureau of Investigation's (FBI) InfraGard program, which was developed as an effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena.

Keith holds a Bachelor of Science degree from the University of Florida.

James Doig, Consultant

James Doig is a consultant with SystemExperts Corporation based in Albany, New York. With over eight years of career experience in military service, consulting, government, and the financial services industry, James has developed a wealth of skills in system and network security, malware and network traffic analysis, and physical security.

Prior to joining SystemExperts, James worked for Symantec where he provided proactive security support to 27 different agencies for New York State as well as the Multi-State Information Sharing And Cooperation (MS-ISAC) Organization. He enacted and analyzed vulnerability scans for various customers and external clients, advised of ways to protect themselves from possible attacks, analyzed vulnerabilities and malware, and wrote advisories to help his clients thwart various avenues of attack. James was also responsible for configuring and installing high-availability products and firewalls as well as intrusion detection/prevention systems.

Before Symantec, James was a Network Systems Analyst for New York State’s Environmental Facilities Corporation where he lead the migration of the Netware server infrastructure to SuSE Linux Enterprise Server and was responsible for hardening the network perimeter as well as the network infrastructure. James has also worked for Bank of America supporting its Midrange Infrastructure environment, which included the Mass Consumer Portal, SWIFT Wire Funds Transfer Lines, and Internet Banking Web Servers.

James holds a Bachelor of Science degree in Communications with a minor in Information Sciences from Cornell University.

Randy Wald, Director of Business Development

Randy Wald is an award winning marketing and sales manager with more than 25 years of experience selling solutions combining software and professional services.

For the past ten years, Randy has held senior sales positions in the performance management, compliance, and security markets with Micromuse Software, BindView, and Symantec.

He started his career at Automatic Data Processing. Within two years at the firm, he succeeded in becoming the youngest Sales Manager in ADP history. At ADP, Randy won numerous awards for top District Manager, Regional Manager and Director. After ADP Randy moved on to play key roles in marketing and sales of software for high tech companies. He has held positions such as Regional Director, Area Vice President and Vice President of Sales for Computer Corporation of America, On-Line Software, and Information Resources.

Randy quickly gained an expertise and reputation as a builder and turnaround specialist for young emerging software companies. He did just that at companies such as OpenVision and Tivoli Systems. There, he opened up East Coast operations and built that region so that it contributed more than 50 % of the total revenue of those companies . Both OpenVision and Tivoli went on to launch extremely successful IPO's. Tivoli was the most successful recorded in software IPO history and was eventually acquired for $750 Million dollars by IBM.

Randy is a Cum Laude graduate of Lehman College of the City University of New York with a Bachelor of Science degree in Accounting and Business.

Landon Curt Noll, Principal Project Consultant
ISACA/CISM, RHCE

Landon Curt Noll brings over 30 years of Internet, Unix and System security experience to the table. Among his several areas of specialization are security risk evaluation, Unix system and infrastructure hardening, Linux firewalls, security incident response, and cryptographic security. Landon's underlying philosophy of security is that it is an enabler.

Prior to joining SystemExperts, Landon was the Principle Architect for Certive. Prior to that he spent five years with SGI in a variety of roles working consultatively with both SGI customers and SGI engineering teams. His SGI security responsibilities encompassed cryptography, PKI, Linux development, and networking.

Landon Curt Noll is the co-author of the SMail mail transport system and is the 'N' in the widely used FNV hash. He is also the founder and judge of the International Obfuscated C Code Contest. He was an active member of working group that developed the initial drafts of the IEEE POSIX P1003.1 and P1003.2 standards. He serves as a Co-operative Computing Award advisor to the Electronic Frontier Foundation and has been a key contributor to Usenet.

Landon has significant experience in Number Theory, Cryptography, and Cryptology including PKI design, secure protocol development, and key management. He is also co-inventor of lavarand: a method of cryptographically strong seeding pseudo-random number generators using chaotic systems. Landon has developed or co-developed several high speed computational methods. In addition to his publications, Landon has held or co-held 8 world records related to the discovery of large prime numbers.

Landon graduated from Linfield College with a BA in Math/Physics. He is a member of the American Mathematical Society. He is a Certified Information Security Manager (CISM) and is a certified Linux Engineer (RedHat Certified Engineer - RHCE).

Scott Thorne, Principal Project Consultant

Scott Thorne has an extensive background in Client Server development and is currently Information Architect for MIT and a consultant for SystemExperts. At MIT he is responsible for organizing MIT's information so that it can be used and maintained in an efficient way. Scott is responsible for the design and development of MIT's data warehouse. He was also the designer of MIT's centralized authorization service which is a role based approach for fine grained access control in use across the Institute. He is a member of the Integration Team, a group of senior IT professionals that decides on software products, computing standards, and IT infrastructure for the Institute.

Scott's specialty is data architecture. He is well known for designing data structures to support the often conflicting goals of ease of operation and flexibility and ease of use of data query. At SystemExperts, Scott has worked on projects for major financial institutions and leading network equipment manufacturers covering databases, datamarts, authorization services, ERP, content management, and data analysis and reduction.

Matt Uyboco, Principal Project Consultant

During his 6-year tenure with PeopleSoft, Inc., Matt Uyboco was responsible for security specific training and advising PeopleSoft end-users and business partners in HRMS, Financial/SCM, CRM, EPM, and Student Administration applications. He has extensive PeopleSoft 8 Technology experience and was a regular contributor to PeopleSoft's Security and Enterprise Portal training and workshop sessions. Matt has played a significant role in building SystemExperts' PeopleSoft Applications Security services.

His expertise includes defining the scope of PeopleSoft security projects, rollout strategies, and supporting activities. He consistently has helped his clients achieve their business goals related to PeopleSoft utilization while doing so in a prudently secure manner. Additionally, he has been instrumental in helping clients understand the value of security to different audience groups such as executive sponsors, eBusiness managers, department heads, webmasters, technical IT staff, and developers. Matt also has performed numerous PeopleSoft Application Security reviews.

In addition to his PeopleSoft-specific knowledge, Matt has over 15 years of comprehensive experience in all aspects of information systems projects with various US government agencies. This includes IT security management, security policy implementation, risk management assessment and security awareness training. He also has held a Top Secret Clearance.

Matt attended California State University, Pomona where he earned a Master�s Degree in Electronics Engineering and also minored in BioMedical Engineering.