Joel Scambray
Joel Scambray is co-author of
Hacking Exposed
(http://www, the international best-selling Internet security book that
reached its third edition in October 2001. He is also lead author of
Hacking Ex-
posed Windows 2000,
the definitive insider’s analysis of Microsoft product security,
released in September 2001 and now in its second foreign language translation.
Joel’s past publications have included his co-founding role as InfoWorld’s
rity Watch
Test Center Analyst, and inaugural author of
Microsoft’s TechNet
Ask Us About...Security
Joel’s writing draws primarily on his years of experience as an IT security
consultant for clients ranging from members of the Fortune 50 to newly minted startups, where he
has gained extensive, field-tested knowledge of numerous security technologies, and has designed
and analyzed security architectures for a variety of applications and products. Joel’s consulting ex-
periences have also provided him a strong business and management background, as he has per-
sonally managed several multiyear, multinational projects; developed new lines of business
accounting for substantial annual revenues; and sustained numerous information security enter-
prises of various sizes over the last five years. He also maintains his own test laboratory, where he
continues to research the frontiers of information system security.
Joel speaks widely on information system security for organizations including The Computer
Security Institute, ISSA, ISACA, private companies, and government agencies. He is currently
Managing Principal with Foundstone Inc. (, and previously held po-
sitions at Ernst & Young, InfoWorld, and as Director of IT for a major commercial real estate firm.
Joel’s academic background includes advanced degrees from the University of California at Davis
and Los Angeles (UCLA), and he is a Certified Information Systems Security Professional (CISSP).
—Joel Scambray can be reached at
Mike Shema
Mike Shema is a Principal Consultant of Foundstone Inc. where he has performed dozens of Web
application security reviews for clients including Fortune 100 companies, financial institutions,
and large software development companies. He has field-tested methodologies against numerous
Web application platforms, as well as developing support tools to automate many aspects of test-
ing. His work has led to the discovery of vulnerabilities in commercial Web software. Mike has also
written technical columns about Web server security for Security Focus and DevX. He has also ap-
plied his security experience as a co-author for
The Anti-Hacker Toolkit.
In his spare time, Mike is an
avid role-playing gamer. He holds B.S. degrees in Electrical Engineering and French from Penn
State University.
—Mike Shema can be reached at
About the Contributing Authors
Yen-Ming Chen
Yen-Ming Chen (CISSP, MCSE) is a Principal Consultant at Foundstone, where he provides secu-
rity consulting service to clients. Yen-Ming has more than four years experience administrating
UNIX and Internet servers. He also has extensive knowledge in the area of wireless networking,
cryptography, intrusion detection, and survivability. His articles have been published on
SysAdmin, UnixReview,
and other technology-related magazines. Prior to joining Foundstone,
Yen-Ming worked in the CyberSecurity Center in CMRI, CMU, where he worked on an
agent-based intrusion detection system. He also participated actively in an open source project,
“snort,” which is a light-weighted network intrusion detection system. Yen-Ming holds his B.S. of
Mathematics from National Central University in Taiwan and his M.S. of Information Networking
from Carnegie Mellon University. Yen-Ming is also a contributing author of
Hacking Exposed,
Third Edition.
David Wong
David is a computer security expert and is Principal Consultant at Foundstone. He has performed
numerous security product reviews as well as network attack and penetration tests. David has pre-
viously held a software engineering position at a large telecommunications company where he de-
veloped software to perform reconnaissance and network monitoring. David is also a contributing
author of
Hacking Exposed Windows 2000
Hacking Exposed, Third Edition.
