Resident Alchemists
Joe Bonnell
Joe Bonnell, CEO, is an entrepreneur who has spent much of his professional career within information security. Prior to founding Alchemy Security, Joe served as the Managing Principal Consultant for the Western United States for Cybertrust. Prior to Cybertrust, Joe served as Business Development Manager for the Converged Communications Security Team within Avaya. Before joining Avaya, Joe led the Ethical Hacking Team within IBM’s Managed Security Services division. Never one to stray far from his roots, Joe continues to remain active within services delivery and regularly provides strategic consulting services for clients looking to develop robust and cost effective information security solutions.
Joe is a guest lecturer at the University of Colorado at Boulder and has presented at a variety of security conferences. Joe currently resides in Denver, CO.
Gibby McCaleb, Managing Principal Services Delivery, comes to Alchemy Security with many years of entrepreneurial experience with several startup companies. Prior to joining the company, Mr. McCaleb was the co-founder and Chief Operating Officer of AccuScore where he was responsible for managing the company’s internal operations, product concepts and creation, as well as managing all B2B relationships; including strategy, products, development and implementation.
Prior to founding AccuScore, Mr. McCaleb developed his considerable information security chops as founder and CEO of Covert Group, a boutique security consulting firm based out of Los Angeles, CA. Of his many professional accomplishments, Mr. McCaleb is most proud of TigrisNet, the company he founded during the war with Iraq in May of 2003. TigrisNet, was Iraq’s first Internet Service Provider and VoIP services firm within the country. In addition to his role at Alchemy Security, Mr. McCaleb lends his business acumen and technical expertise as a board member for a few select internet-based companies, and remains CEO for the Eden Center for Youth Empowerment, helping special needs children in Africa. Originally from Texas, Gibby now calls Marina Del Ray, CA home.
Sandhya Pallana, Managing Principal Account Services, brings a unique blend of sales and technology experience to our business. Prior to joining Alchemy Security, Sandhya was an Executive Producer for multimedia services firm Media 13, where she was responsible for developing key client relationships and maintaining continuity between clients and creative personnel on high profile client projects. Previous to Media 13, Sandhya served as a solutions architect in network engineering and project management functions for enterprises including AT&T, NorthPoint Communications, MCI WorldCom and VERIO.
Anton Rager, a Technical Principal Consultant and Security Evangelist, is a world-class information security engineer who has contributed much to the security community.
He is best known for his work with 802.11 wireless WEP security and associated testing/analysis tools. In 2001 he released WEPCrack, the first open-source, public domain utility to validate the WEP/RC4 attack discovered by Fluhrer, Mantin and Shamir. Anton’s demonstration of the effectiveness of this attack as well as additional weak Initialization Vector (IV) discoveries associated with this vulnerability resulted in many manufacturers providing workarounds to weak IV attacks. Anton was also a Contributing Technical Editor to the book Maximum Wireless Security. In 2003 he continued researching 802.11/WEP and developed an injection attack and open-source tool (WEPWedgie) that allows network scanning attacks of WEP encrypted networks without knowledge of WEP keys. This tool/attack is mentioned in the book WI-FOO: The Secrets of Wireless Hacking as well as multiple online articles.
Anton has also focused heavily on IPSec VPN security issues and in 2001 implemented the first open-source utility to allow password attacks against IKE based IPSec VPN connections (IKECrack). Follow-on IPSec research resulted in an IKE protocol testing tool (IKEProber) that highlighted multiple vulnerabilities in common IPSec client/gateway implementations.
More recently, he has been working with web application security issues and in 2005 devised a novel Cross-Site-Scripting (XSS) attack method and open-source tool (XSS-Proxy) to allow browser hijacking with XSS vulnerable sites. This tool/attack is also highlighted in Phishing Exposed book and as well as the book XSS-Attacks that he co-authored with other leading XSS researchers.
Anton has presented at well-known security conferences and has conducted many security training and security awareness primers with industry and government sectors. He currently resides near the Denver, CO area.
Jose Santos
Jose Santos, Principal Consultant for Infrastructure Security, is a leading expert and trainer in routing, switching and firewall technologies.
Prior to joining Alchemy Security, Jose served as Lab Director for the Interdisciplinary Telecommunications Program at CU Boulder, supporting and maintaining the training facilities used by this department for academic and enterprise training.
As an educator, Jose has been providing networking training to Masters Students in both the Telecommunications and Computer Science Departments for more than 5 years, in addition to private courses for Government Regulatory agencies and regional corporations. Coursework ranges from Cisco specific training, to areas of enterprise network design, routing deployment for service providers, Voice over IP Signaling and architecture, Network optimization amongst others.
Published work to date primarily relates to remote education and laboratory instruction for distance students and can be credited for a great deal of training materials and configuration environments in networking and security infrastructure fields at the University of Colorado’s curricula.
Jose has a Computer Science degree from USC, a Masters in Telecommunications from CU and is a certified Cisco Professional; he is proficient in several commercial products in both networking and security fields and maintains an extensive network of alumni and industry experts.
Jose resides in the Boulder, CO area and continues to remain active as an instructor and speaker in various courses on VoIP and IP Networking and regularly mentors student research at CU Boulder.
Peter Schawacker, Managing Principal Consultant for SOC Services, is Alchemy Security’s thought leader in Security Operations. Peter has assisted large enterprises and government organizations to transform operational functions within their Information Security operations, systems and processes into highly functioning work groups. Most recently, Peter was the SOC Program Manager for Hydro-Quebec in Montreal, Canada. Prior to joining Alchemy Security, Peter ran SIEM and SOC projects at the Southern California Metropolitan Water District in Los Angeles and at Estee Lauder in Long Island, New York. He has made key contributions to SOC and related Information Security projects at major companies including First Data Corporation, Qualcomm and at Citigroup, where, in the late 1990’s Peter led the bank’s first 24/7 network intrusion detection and vulnerability management team. Prior to that, Peter was an early employee of EarthLink where he worked as a technical writer and NOC analyst. He has spoken at Information Security conferences worldwide. Peter has also served as a technical editor for Wiley Publishing and freelance reporter for Bloomberg. When not globetrotting the world, Peter calls Los Angeles, CA home. These days Peter blogs at www.alchemysecurity.com