Speakers

2023 Speakers

Danny Adamitis

Danny Adamitis is a Principal Information Security Engineer at Black Lotus Labs, the threat research division of Lumen Technologies. He is responsible for advanced actor tracking and intelligence and has a passion for research on DNS hijacking, and router-oriented malware. He has almost a decade of experience performing threat analysis and reporting on nation-state campaigns. And he does all of this, to fund an opulent lifestyle for his dog Cookie.

Talks:

ZuoRat: Home (not) Alone

Soya Aoyama

Soya Aoyama is a cyber security researcher at Fujitsu System Integration Laboratories Limited. Soya mainly researches attacks using Windows dlls, and has talked at BSidesLV, GrrCON, ToorCon, DerbyCon, HackMiami, LeHack, BSidesSG, ROOTCON, BSidesRDU, HOU.SEC.CON and BSidesSD in the past.

Soya is the founder and organizer of BSides Tokyo and hosted the first of BSides Tokyo in 2018. BSides Tokyo returns review comments to all CFP applicants so that the next submission will be even better.

Talks:

Or Aspir

A cyber security pro with 10+ years experience, Leading Mitiga’s research team. My cyber security experience started when I served in IDF intelligence corp. I derive pleasure from discovering vulnerabilities or loopholes in software systems. I’m also a former salsa instructor and like trolling my friends and colleagues in my free time.

Talks:

Beyond the Perimeter: Uncovering the Hidden Threat of Data Exfiltration in Google Cloud Platform

Yaron Avital

Yaron Avital is a seasoned professional with a diverse background in the technology and cybersecurity fields. With a strong foundation in cutting-edge technologies gained from serving in a technological unit within the Israel Defense Forces (IDF), Yaron’s career has spanned over 15 years in the private sector as a software engineer and team lead at global companies and startups. Driven by a passion for cybersecurity, Yaron made a transition into the role of a security researcher, With expertise in application security, software supply chain security, web security research, and 3rd party protocols reversing.

Talks:

Actions have consequences: The overlooked Security Risks in 3rd party GitHub Actions

Lillian Ash Baker

Lillian Ash Baker (aka Zap!) is a Product Security Engineer with a major aviation manufacturer, securing the next generation of civil aviation aircraft. She is responsible for driving cybersecurity requirements across the entire aircraft ecosystem and maintaining DO-356/326 compliance. Prior to their time in Product Security, Lily was at Collins Aerospace for 15 years, responsible for the development, test, manufacturing, and integration of civil avionics equipment with a focus on Navigation and Inertial Systems. They have dealt with civil avionics certification to ARP-4754A, DO-160, DO-178, D…Ok, you get the idea. From particle accelerators to inertial flight testing, Lily has plenty Certified Scars and their stories to tell. When not designing aircraft, she volunteers as the CFP Organizer at the Aerospace Village.

Talks:

Are We too Early for the Party? (the perils of Baking Cyber in from the Beginning)

(void *)Huxley Barbee

Huxley Barbee (aka void *) s the organizer for BSidesNYC and security evangelist at runZero. Huxley previously worked at Datadog, where he formulated their Cloud Security Platform. Earlier at Cisco, he led a team that automated SecOps and IR playbooks. He holds both the CISSP and CISM certifications.

Talks:

Shining a light into the security blackhole of IoT and OT

Michael Bargury

Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at RSAC, OWASP, BSides and DEFCON.

Talks:

All You Need is Guest: Beyond Enumeration

Wolves in Windows Clothing: Weaponizing Trusted Services for Stealthy Malware

Sure, Let Business Users Build Their Own. What Could Go Wrong?

David Batz

Leveraging over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he brings a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS). David has been with the Edison Electric Institute for over 12 years and has played a central role in developing new programs that aid the EEI membership, and more broadly, has been instrumental in the development and expansion of an industry-wide program called Cyber Mutual Assistance. He is a member of InfraGard and serves on the SANS Institute Advisory Board. He has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems as well as security baseline and standards topics for prominent industry associations including NIST, the National Academies of Sciences, United States Energy Association and the World Economic Forum to name a few.

Talks:

Energy Poverty and Potential Impacts to Other Critical Infrastructures & Powerful Paths to Progress

Steve Bichler

Steve “Bic” Bichler is a Product Security Test Engineer with Boeing Test & Evaluation and Wisk Aerospace focusing on cybersecurity testing of ground and autonomous systems, threat modeling and penetration testing. He reluctantly conducts cyber audits against NIST 800-53 and DO 356/326. Bic is a retired Air Force Lieutenant Colonel who previously worked as a squadron commander of Air Force Cyber Protection Teams, at NSA Red Team as a Mission Commander, and with Air Force Cyber as an Offensive Planner, among a plethora of other military jobs. He has a bunch of cyber security certification alphabet soup that nobody here really cares about, but makes him feel better about himself. He listens to far too much Texas Country music and Boston punk music for someone who lives in Colorado.

Talks:

Are We too Early for the Party? (the perils of Baking Cyber in from the Beginning)

Gal Bitensky

Gal is an experienced researcher from sunny Tel-­Aviv. He is a “full stack researcher, poking anything from x86 malware binaries, ICS protocols to classic web security. He likes to share his thoughts and experiments on-stage using simple concepts and tools to demonstrate surprising results. Some of his previous work contains an evasion technique for sandboxes, a proof-of-concept malware built purely in copy-paste, and a free update-able vaccination framework.

Talks:

Hunting Cryptoscam Twitter Bots: Methods, Data & Insights

Colt Blackmore

Colt Blackmore is Co-Founder and CTO of Reach Security, where he builds technology at the intersection of AI, decision intelligence, and security automation. Before Reach he pioneered the use of machine learning for malware detection at Palo Alto Networks, led the Data Science team at Cylance, and created the algorithms that power People-Centric Security at Proofpoint.

Talks:

F*** Your ML Model

Thiago Bordini

Executive with more than 20 years of experience in the cyber intelligence market, working with analysis and prevention of cyber threats and fraud and dissemination of educational content on the subject to professionals and companies. Technical coordinator and postgraduate professor at IDESP. Speaker at several national and international events such as YSTS, EkoParty, H2HC, HTCIA Summit, Security BSides, SANS, CoronaCon, among others. Member of the HTCIA (High Technology Crime Investigation Association). Member of the Security BSides Sao Paulo/Brazil organization.

Talks:

The Brazillian DeepWeb. How Brazilian fraud groups work on Telegram and WhatsApp

Adam Bradbury

Adam serves as the Intelligence Lead for Meta’s Incident Response team. Before joining Meta, Adam worked in the intelligence vendor space, empowering public and private sector organizations to effectively leverage cyber threat intelligence to enhance their operations. As a strong advocate for open standards, Adam supports intelligence sharing and automation within the industry.

Talks:

Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention

Josh Bressers

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Josh is a member of the OpenSSF Technical Council and co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.

Talks:

Next Generation Enterprise Security

Guillermo Buendia

Guillermo (m0m0) is a Red Team Lead at one of the biggest insurance companies in the USA; he has worked for many Financial Institutions for the last ten years. He has presented his previous research at DEFCON Red Team Village, DEFCON Recon Village, BSidesLV, BSides Manchester, Hackfest CA, etc. He loves CTFs, and his fuel of choice is agnostic drinks and pizza! His primary areas of expertise are Red/Purple Team and Quake III Arena.

Talks:

How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0

Jack Burgess

Jack has helped companies of all sizes navigate the complex and ever-changing landscape of information security. His focus around risk, strategy, good engineering principles and no-nonsense analytics has gone a long way defending against threat actors of all sorts.

Talks:

Raymond CHAN

Raymond Chan is a pentester at Wavestone. He has been doing computer security for 5 years and focusing on cloud topics, mostly Azure, AWS and Microsoft 365. He likes data analysis, and inspired by graph models like Bloodhound, he looked for new paths to compromise domains. He found out that the cloud could be used to achieve that in a sneaky and stealthy way, a method he preferred to, let’s say, Windows kernel reversing and EDR bypass. In his spare time, he enjoys listening to and playing music.

Talks:

Jumping from cloud to on-premises and the other way around

Nicholas Carroll

Nicholas is a threat intelligence researcher who spends far too much time ingesting things from the open and dark web than can possibly be healthy. He’s been in IT and cybersecurity for over a decade. During that time, he’s served as everything from help desk to a state government CISO handling election security projects. He regularly teaches boot-camps trying to help draw more people into the industry. In the past couple years, he’s been working closely with SOC analysts and reverse engineers working to pull apart recently detected threats with relatively little-known indicators and has taken a large interest in looping these workflows into threat intelligence.

Talks:

OH-SINT: Merging OSINT Into RE Workflows to Simplify Analysis

Craig Chamberlain

Craig has seen things you people wouldn’t believe; attack ships on fire off the shoulder of Orion, C-beams glittering in the dark near the Tannhäuser Gate. Craig is a longtime threat detection researcher who has been to the places and done the kinds of things you would expect, most of which cannot be discussed here. He has twice served as a chief security architect including service at one of the ten largest AWS environments. He was a principal at several successful security product startups and did some of early work on practical applications of machine learning to threat hunting and detection. He has presented fourteen security conferences and numerous smaller events .Craig Chamberlain is the Director of Algorithmic Threat Detection at a security product startup.

Talks:

Alfie Champion

Alfie specializes in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of delivr.to.

Talks:

Email Detection Engineering and Threat Hunting

Erin Cornelius

Erin (aka ac0rn) is a Senior Staff Security Researcher at GRIMM who spends her days figuring out how things work, bending systems to her will, mentoring junior researchers, and being smoking hot. In her past life she did development, design, integration, and testing of safety critical systems in telcom, aerospace, medical, and industrial applications. At GRIMM she has used her knowledge of how systems are designed to find bugs, make tools, and help teach others how to do the same. If you haven’t met Erin yet she’s trans and proud of it.

Talks:

Emulation, PowerPC, and Transition

Ethan Crane

Ethan Crane is a senior penetration tester and team lead at Bitcrack Cyber Security. Ethan has been involved in cyber security for 4 years, having a keen interest in web application and mobile application hacking. Ethan has spoken at Bsides Las Vegas and BSides Athens amongst other conferences.

Talks:

Got Hashes. Need Plains | Hands-on Password Cracking

Thomas DIOT

Thomas is a senior analyst at CERT-W, leading IR engagements on small to large perimeters. He also works on security audits, with a specialty in network pentests and Red Teams. While not busy hunting threat actors, Thomas enjoys building offensive and IR security tools as well as practicing his skills by playing in CTFs.

Talks:

Linux Digital Forensics: a theoretical and practical approach

Dor Dali

Dor is the Head of Security Research @ Cyolo. With over a decade of experience across a variety of subjects in the cybersecurity domain both at startups and big companies. Dor is very enthusiastic about everything related to fixing and fixing problems in security and holds deep understanding and knowledge in the fields of web applications, product, and infrastructure security.

Talks:

Unveiling the Hidden: Discovering RDP Vulnerabilities using PDF Files

Jack Daniel

Co-Founder of Security BSides, Director Emeritus BSides Las Vegas.

Talks:

Pub Quiz

Troy Defty

Having worked in the UK and Australian InfoSec industries for just over a decade, and following 8 and a half years of red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.

Talks:

Linux Privilege Escalation

Jamal Drake

Talks:

You CAN get there from here!

Leif Dreizler

Leif Dreizler is an information security professional with over a decade of experience. He is currently leading an engineering team that builds features of Semgrep’s cloud product. Previously, Leif was a Senior Engineering Manager at Twilio Segment where his team was focused on building customer-facing security features and internal security tools.

He is currently an organizer for the LocoMocoSec conference and co-host of the podcast 404: Security not found. He previously helped organize the AppSec California conference and was a leader for the Bay Area OWASP Chapter.

Talks:

Your Ad Here: Helping your organization build their security brand

Kyle Duncan

Kyle Duncan is a penetration tester at Bitcrack Cyber Security.

Talks:

Jen Easterly

Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist. Before joining CISA, Jen led the firm-wide resilience effort at Morgan Stanley after a lengthy public service career that included serving at the White House twice, helping to stand-up the Army’s first cyber battalion, and more than twenty years of service in intelligence and cyber operations, including tours of duty in Haiti, the Balkans, Iraq, and Afghanistan.

Talks:

An Everything Is On Fireside Chat with Jen Easterly, Director of US C.I.S.A.

Ray Espinoza

Ray Espinoza is Vice President and Chief Information Security Officer at Inspectiv, Inc. With over 15 years of both tactical and security leadership experience, Ray has a proven track record of successfully building effective security programs for top companies that include eBay, Cisco, Amazon and Cobalt.io.

Prior to joining Inspectiv, Ray served as VP of Cloud Security at Medallia where he was responsible for developing and executing Medallia’s multi-cloud security strategy. Outside of work, Ray is the head strength and conditioning coach and an assistant football coach at Camas High School.

Talks:

Kate Esprit

Kate Esprit is a Senior Cyber Threat Intelligence Analyst at MITRE and is the author of the Phishing for Answers cybersecurity blog. With over 7 years of experience in information security, Kate’s career highlights include: combatting misinformation at Facebook/Meta, dispatching aircrafts for emergency evacuations during Hurricane Maria, and working for Amnesty International in Argentina. She specializes in Latin American affairs and speaks Spanish and Portuguese. Outside of work, Kate is usually practicing her salsa dancing moves or baking delicious treats.

Talks:

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Tom Eston

Tom Eston is the VP of Consulting & Cosmos at Bishop Fox. Tom’s work over his 17 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and cohost of the Shared Security Podcast; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, SANS, InfoSec World, OWASP AppSec, and ShmooCon.

Talks:

Management Hacking 102: Personalities, Empathy, and Difficult Conversations

Soldier of FORTRAN

Philip Young is a leader in legacy system security. Having spoken at multiple conference around the world, including DEFCON, Black Hat and keynoting at SHARE Europe, he has established himself as the thought leader in this space. Since 2013 Young has released tools to aid in the testing of mainframe security and contributed to both the Nmap and Metasploit projects, allowing those with little mainframe capabilities the chance to test their mainframes. In addition to speaking, he has built mainframe security programs for multiple Fortune 100 organizations starting from the ground up to create a repeatable testing program using both vendor and public toolsets. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously. Outside of his mainframe work he has coached countless BSidesLV and BlackHat speakers and really enjoys mentoring new speakers. He remembers what it was like being a first time speaker and cherishes the BSidesLV proving ground program because that’s how he got started.

Talks:

Harriet Farlow

Harriet Farlow is the CEO of Mileva Security Labs and a PhD Candidate in Machine Learning Security at the University of New South Wales, Canberra. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security (the boring kind unfortunately). She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).

Talks:

Bobby Filar

Bobby Filar is a machine learning researcher and the Head of Data Science at Sublime Security. He leads the development and integration of machine learning technologies for the company’s email security platform. Before joining Sublime Security, Bobby led Security ML teams at Endgame and Elastic, where he spearheaded data science research on malware classification. His research interests span various topics, including reinforcement learning, adversarial machine learning, and natural language understanding.

Talks:

Overcoming Barriers in Security DSLs with BabbelPhish: Empowering Detection Engineers using Large Language Models

Jonathan Fischer

Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has earned various industry certifications (OSCP, GXPN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as ShmooCon, DEF CON Demo Labs, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.

Talks:

High Stakes HIDe-N-SEEK

Kat Fitzgerald

Based in Chicago and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Chicago area.

Talks:

Home Labs for fun and !profit (Put your home lab on your resume!)

Dimitri Fousekis

Dimitri has been in the cyber security industry for over 18 years, and is the CTO of Bitcrack Cyber Security. Having enjoyed many years of Passwords, and password related talks, he is also interested in hacking hardware and deceptive security techniques. Dimitri has spoken at BSides in a few countries as well as PasswordsCon and other conferences.

Talks:

Got Hashes. Need Plains | Hands-on Password Cracking

Allan Friedman

Dr. Allan Friedman is the guy who won’t shut up about SBOM. He is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability initiatives, and works to advance their adoption inside the US government. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.

Talks:

Rick van Galen

Rick, or RvG, is a security engineer at 1Password. He’s worked in security for ten years as a security tester, researcher and engineer.

Talks:

Trusted Devices: Unlocking a Password Manager without a password

Erick Galinkin

Erick Galinkin is a hacker and computer scientist working as principal researcher in Rapid7’s Office of the CTO. Presently, Erick leads R&D supporting Rapid7’s Managed Detection and Response service. An alumnus of Johns Hopkins University, he has published a number of academic papers and given talks on security decision theory and artificial intelligence applications for security at conferences from AAAI and GameSec to DEF CON’s AI Village. He has spent his entire life in different parts of information security, ranging from threat intelligence and malware analysis to cloud security and security architecture.

Talks:

Security Data Science Teams: A Guide to Prestige Classes

Jerry Gamblin

Jerry Gamblin is a security researcher and analyst focusing on network and application security with over 20 years of experience. His research has been presented on numerous blogs, podcasts, and security conferences. When not at work, his personal research focuses on IoT & embedded automotive systems.

Talks:

Vulnerability Intelligence for All: Say Goodbye to Data Gatekeeping

Fabricio Gimenes

My name is Fabrício Gimenes (FgP)

I have 10 years of experience in Offensive Security. I love privilege escalation techinics like “Domain Admin” and some other types of Bypass like EDR and Windows Defender especially  .

I have some security certifications like OSCP and OSWE.

Talks:

Charlie Gladstone

Charlie Gladstone leads the UK Government’s work on software cyber resilience in the Department for Science, Technology and Innovation. He has worked in tech policy for over five years on issues including cyber security, online safety and artificial intelligence. He has worked in both Government and the tech sector to explore the intersection between technology, society and regulation.

Talks:

The British are Coming! (To Talk IOT Secure By Design)

Mister Glass

Mister Glass works as a developer at Aon Cyber Solutions, where he gets to combine his skills as an engineer with his passion for information security. He is a founder of Shabb@tcon and has been a long-time volunteer at Security BSides Las Vegas. He is definitely not a supervillain.

Talks:

Strategies for secure development with GraphQL

Jayson Grace

Jayson is the founder and technical co-lead for Meta’s Purple Team. Previously he built and led the Corporate Red Team at Sandia National Laboratories. He’s spent time as a red teamer, pentester, tool developer, system administrator, and DevOps engineer. Jayson is passionate about empowering engineers to create and maintain secure deployments. He also has a serious automation problem that he’s working through in therapy.

Talks:

Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention

Joe Gray

Joe Gray, a veteran of the U.S. Navy Submarine Force, is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe is the Founder and Principal Instructor at The OSINTion. By day, Joe is a Security Threat Hunting & Intelligence Engineer at Mercari.

As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28 (as a member of The Password Inspection Agency), DEFCON 29 (as a member of The Federal Bureau of OH-SHINT), and DEFCON 30 (as a member of The Eff Ess Bees). Independently, Joe placed 4th in the DerbyCon OSINT CTF and 3rd in the National Child Protection Task Force Missing Persons CTF.

Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to the book, Practical Social Engineering, via NoStarch Press.

Talks:

Asaf Greenholts

Asi has 7 years of experience in the security field, including security architecture, SOC management, incident response, and application security research. Asi has gained his experience working for major organizations in the financial and government sectors. Today, Asi is a security researcher that focuses on revolutionizing CI/CD security at Palo Alto Networks. During his free time, Asi likes to read, invest in the stock market and to snowboard.

Talks:

The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree

Griffin

Talks:

James Griffin

Staff developer at 1Password working on authentication

Talks:

Trusted Devices: Unlocking a Password Manager without a password

Luca Guerra

Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions for multiple platforms, building and breaking secure systems, and vulnerability management. As a Sr. Software Engineer at Sysdig, Luca is responsible for software design and implementation, recently focusing on Falco, its associated libraries, and more open source software.

Talks:

How to have perfect vulnerability reports and still get hacked

Bruno Guerreiro

Cyber Security Executive with 15+ year experience background on Cyber and Information Security. Strong experience leading cyber operations teams and services, with intelligence-led and business thinking mindset. Critical thinking and problem-solve approach. Experienced multi-vendor, multi-customer, multi-vertical environment with good negotiation skills.

Responsible for advising, implementing and supporting Cyber Security projects and programs.

  • SecOPS Strategy
  • SOC Management
  • Cyber Blueprint & Master Plan
  • Cyber Assessment
  • Cyber Teams Capabilities

Talks:

Cyber Threat Hunting (CTH) – Day 1

Cyber Threat Hunting (CTH) – Day 2

Peter Halberg

Peter Halberg is a cyber security researcher located in Minneapolis with a curious mind that ranges from security testing to tinkering with hardware such as Arduino. He has been in the technology field for over 14 years.

After High School, Peter joined the Army as a Counterintelligence Agent, and is an Afghanistan Veteran. Once his time in the Army was complete, he went to school for computers and networking, which led to him becoming a systems administrator. After a few years working in the sysadmin field, Peter switched over to cybersecurity where he has been a security researcher for over 4 years. Peter’s current passion projects are Artificial Intelligence, file permissions abuse, web scraping, and writing his own C2 framework. His latest fun project was creating a script to automate making Generative Pretrained Transformer (GPT) Chat queries using speech to text, and commands stored in a file.

When Peter is not doing research, he enjoys spending time with his wife and kids, playing pool, learning how to not crash in Microsoft Flight Simulator, and spending time outdoors doing many different activities.

Talks:

Building Your Own AI Platform and Tools Using ChatGPT

Brent Harrell

Brent took the scenic route to security, beginning his career with a degree in Political Science and International Affairs and working for Uncle Sam for several years. He saw the light, though, and set out to apply his love for poking holes in things to technology instead of government work. He moved through threat intelligence and system security engineering before achieving his goal of joining a Red Team. He is now a Principal Engineer and the Red Team Lead at Humana.

Talks:

You’ve Gained +2 Perception! Leveling Up Your Red Team with a New Maturity Model

Jasmine Henry

Jasmine is an inadvertent career specialist in security data, data security, and privacy for cloud-native startups. She is the current Senior Director of Data Security and Privacy at JupiterOne and a former Security Director at other high-tech startups. As a permanent student, Jasmine is finishing her PhD in Computer & Information Science with a focus on Information Quality at University of Arkansas, Little Rock. She loves Furiosa, WNBA, and her black rescue cat Nandor.

Talks:

Lewis Heuermann

Experienced board level professional with a track record of effectively managing cyber risk, implementing top industry frameworks to measure and mitigate business risk and effectively communicating with C-suite to align risk management strategies with overall business goals.

Published Technical Editor: Computer Security Fundamentals, 5th Edition (ISBN-13: 978-0-13-798478-7) CompTIA Data+ DA0-001 Exam Cram (ISBN-13: 978-0-13-763729-4) CompTIA PenTest+ PT0-002 (Pearson Practice Test)

Active teaching professional in the following specialties:

  • Data Science (CompTIA Data+)
  • Data Privacy
  • Tableau
  • Cybersecurity Governance
  • Risk Governance and Strategy
  • Cybersecurity and Virtualization

Talks:

Building a Culture of Cybersecurity: A Case Study Approach to Enhancing Risk Management

Wendy Hou-Neely

Wendy Hou is a VP and Sr. Cyber Risk Modeler from Marsh McLennan Cyber Risk Analytics Center. She specializes in data, data analytics, risk quantification models for all aspects of cyber. She designed and created the various cyber risk models for MMC Cyber Risk Analytics Center as well as consults on cyber risk quantification for clients from various industries around the world. Wendy has over 20 years’ experience in the information technology industry, analytics, both in enterprise software, and hardware. She began working in the area of cyber security over 10 years ago to understand the financial impact of cyber incidents on businesses. Her skills in analytics and data science, combined with her understanding finance, technology and the nature of cyber incidents and cyber claims uniquely afford her the ability to quantify cyber risks. In her spare time she enjoys digging in the garden and plant all sorts of fruits and vegetables.

Talks:

Cyber risk: How does cyber events become so costly?

Ayan Islam

Ayan Islam Director, Cyber Workforce Office of the National Cyber Director

Ayan Islam serves as the Director of Cyber Workforce at the Office of National Cyber Director (ONCD) and supports the development of the upcoming National Cyber Workforce and Education Strategy. Previously, she was the Associate Policy Director for R Street’s Cybersecurity and Emerging Threats team, where she supported the oversight and development of the Cybersecurity and Emerging Threats program, and provided subject matter expertise in public policy strategy development and implementation. Prior to R Street, she was the Critical Infrastructure Portfolio Lead at the Cybersecurity and Infrastructure Security Agency (CISA), and also served as the CISA COVID Task Force Tier 0 Project Lead, Operation Warp Speed Liaison, and Cybersecurity Strategist for the Aviation Cyber Initiative (ACI) during her tenure.

Talks:

Separating Fact from Fiction: The Realities of Working in Government

Public Service Journeys (To and From Hacking Culture)

Mackenzie Jackson

Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations. Today as a Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

Talks:

Are your secrets safe - How mobile applications are leaking millions of credentials

The attackers guide to exploiting secrets in the universe

Meghan Jacquot

Meghan Jacquot is a Security Engineer with Inspectiv and focuses on vulnerabilities and attack surface management. She is particularly interested in cloud security, threat intelligence, investigating vulnerabilities, and the ethical use of data. Meghan shares her research via conferences and publications. She has been published in US Cybersecurity Magazine and Sources2Create. Throughout the year, she helps a variety of organizations and folks including DEF CON as a SOC GOON, Diana Initiative, OWASP, SANS, and WiCyS. She firmly believes in breaking barriers for others to enter cybersecurity and also helping others to upskill. To relax she also spends time visiting national parks, gardening, and hanging with her chinchilla. She’s happy to connect with others on LinkedIn or Mastodon (CarpeDiemT3ch).

Talks:

Tanya Janca

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community, podcast, and training company that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.   Advisor: Nord VPN, Aiya Corp Faculty: IANs Research Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC

Talks:

Adding SAST to CI/CD, Without Losing Any Friends

Josh Kamdjou

Josh has been doing offensive security-related things for the past 12 years. He’s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.

Talks:

Email Detection Engineering and Threat Hunting

Doron Karmi

Doron Karmi has worked in the field of cyber security since 2011. Doron began their career as a Team Lead and Data & Intelligence Analyst at 8200 Unit in 2011. In 2014, they joined The DigiTrust Group as an Information Security Analyst. In 2016, they were a Cyber Security Analyst at Check Point Software Technologies, Ltd. From 2017 to 2020, they worked at CyberInt as a Threat Hunter and Cyber Security Incident Responder. In 2020, they were a Senior Threat Hunter at Palo Alto Networks. Currently, Doron is a Cloud Security Researcher and Senior Incident Responder at Mitiga.

Doron Karmi has obtained a GIAC GCFA from the SANS Technology Institute in 2018, as well as certifications from Akamai Technologies in Bot Manager Foundations and Kona Site Defender, and a GIAC Certified Forensic Analyst (GCFA) from GIAC Certifications.

Talks:

Google Workspace Forensics – Insights from Real-World Hunts & IR

Oops, I Leaked It Again - How we found PII in exposed RDS Snapshots

Kenneth Kaye

Over the past 17 years, Kenneth has performed just about every job in the security space that exists. From incident response to malware reverse-engineering to red-teaming to threat hunting, DDoS defense, cyberthreat intelligence analysis, research & development, compliance, automation, and secure architecture design & engineering. Throughout it all his primary goal has always been to automate himself out of that job so he can learn and do new things. Whatever comes next one thing is certain - he doesn’t like to sit still.

Talks:

Big SIEM Energy at micro-SIEM cost

Steve Kelly

Steve is Chief Trust Officer at the Institute for Security and Technology (IST), a non-profit organization seeking to bridge gaps between technology and policy leaders to solve emerging security problems.

Talks:

Farm to Fork(ed): The Forces Fueling Food Chain Risk

Eliad Kimhy

Eliad is the head of Akamai Security Research CORE Team guiding the development of the Akamai Security Research work. He was one of the creators and producers of the podcast Malicious Life which tells stories from the history of cybersecurity, and has a deep passion for the untold stories of hackers. Eliad has worked with security teams for over half a decade, helping build security research organizations and publishing blogs and reports for security researchers. He has spoken at conferences such as Insomnihack, Thotcon, BsidesSF, Code.talks, IT-SA, and TBX Netherlands.

Talks:

The History of Malware- From Floppies to Droppers

Rob King

Rob has over two decades of experience in information security, wearing all manner of hats. He served as the technical lead for TippingPoint DVLabs, the chief architect of InQuest, and wrote security event correlation engines for DARPA at KoreLogic. Most recently, he works as a Principal Researcher at runZero. He has a deep and abiding love of compilers, and a fascination with signature and fingerprint languages.

Talks:

Regular expressions are good, actually: A technical deep-dive into an ideal infosec regex implementation

Erich Kron

Erich Kron, Security Awareness Advocate at KnowBe4, author, and regular contributor to cybersecurity industry publications, is a veteran information security professional with over 25 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army’s 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and many other certifications. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.

Talks:

Yusuke Kubo

Yusuke Kubo works as an Offensive Security Researcher at NTT Communications, Japanese Telecommunication Company, and is also NTT Group Certified Security Principal. His responsibilities include researching attack techniques and providing RedTeam for internal. And he contoributed to MITRE ATT&CK regarding Safe Mode Boot(T1562.009).

Talks:

The Dark Playground of CI/CD: Attack Delivery by GitHub Actions

Ashleigh Lee

With the last 7 years in cybersecurity, Ashleigh brings over 10 years of marketing experience to JupiterOne, where she leads community and customer marketing efforts and hosts a livestream show called “Cyber Therapy”. She built her marketing operations and digital marketing skills at companies like NowSecure, MapR, Sentilla, and Ericsson.

In the winter, you can find her skiing the slopes, and when the weather warms up, she walks her cat around the neighborhood. Ashleigh has a BS in Business Administration from California Polytechnic State University, San Luis Obispo. You can find Ashleigh’s Cyber Therapy episodes at jupiterone.com/cyber-therapy

Talks:

How to communicate with non-security specialists to drive action

Michelle Levesley

I am a teacher turned tech and awareness training specialist. I love tech and security and privacy. I like to help people to use research and their own ideas. We need more people who can think in different ways and do things ethically. I love shopping at Target and Peloton rides.

Talks:

How to build a security awareness strategy that works!

Susan Lindberg

Susan Lindberg is an experienced public company leader who has served on executive teams at energy companies, advised boards of directors, and provided strategic direction on company transformation and risk management. She is a shareholder at GableGotwals in Tulsa, where she has a corporate practice focused on the opportunities and risks created by digital technology.

Susan earned both her law degree, and her undergraduate degree in Plan II, from the University of Texas. She also holds a Master of Science in Cybersecurity from the University of Tulsa.

Talks:

Machine Learning for Insider Threats: At the Intersection of Security and Privacy

Enno Liu

Enno (they/she) is a security researcher at Semgrep, specializing in static analysis. Driven by a passion for data safety and user privacy, they are interested in tools that prevent insecure code semantics while empowering the user through safer and more productive alternatives. They did research in malware analysis and obfuscation during college, and they currently create educational videos about static analysis. Enno also loves their cat Aria, listening to shoegaze music, going to raves, and cooking Chinese food.

Talks:

Adding SAST to CI/CD, Without Losing Any Friends

Christina Liu

Christina is a ex-circus performer turned web developer turned Senior Enterprise Security Engineer. She’s worked in highly regulated tech industries such as healthcare and finance. In her current role, she is the vendor review SME performing reviews and security integration liaison for a company of over 3,000 people. Her favorite outdoors activities include climbing large rocks and hiking extremely slowly to look at wildflowers, mushrooms, and shiny smaller rocks.

Talks:

The Importance of Engineering Privacy From the Get Go

Magno Logan

As an Information Security Specialist for Trend Micro’s Cloud and Container Security Research Team, Magno Logan specializes in various subjects, including Cloud, Container, and Application Security Research, Threat Modeling, and Kubernetes Security. He boasts multiple international certifications and is a sought-after speaker at worldwide security conferences, having presented in countries such as Canada, the US, Brazil, and across Europe. In addition to his professional accomplishments, Magno is the founder of the JampaSec Security Conference and the OWASP Paraiba Chapter. He has previously served as a Snyk Ambassador and member of the CNCF Security TAG and OpenSSF.

Talks:

Stephanie Losi

Stephanie is an independent technology risk consultant and writes the Risk Musings newsletter. She is a huge fan of system dynamics. Previously, she worked as a senior bank examiner, focusing on IT and operational risk assessments of large financial firms. Her interests include operational resilience, risk management of emerging technologies, high-speed trading risk, and cross-pollinating ideas across different fields. In her spare time, she writes songs and makes visual art (the slow way).

Talks:

System Dynamics in Risk Management: A Primer

Steve Luczynski

Steve, aka Spanky, is a former US Air Force fighter pilot who is now the Board Chairman for the Aerospace Village when he’s not consulting on critical infrastructure security in his day job. After retiring in 2017, he continued his career in infosec working with the Village, as a CISO, leading a pandemic task force, and finding ways to give back to the security community and promote better collaboration across government, industry, and hackers. He’s a big fan of well-made cocktails!

Talks:

Separating Fact from Fiction: The Realities of Working in Government

Public Service Journeys (To and From Hacking Culture)

Jonathan Lusthaus

Jonathan Lusthaus is Director of The Human Cybercriminal Project and a Senior Research Fellow in the Department of Sociology, University of Oxford. Jonathan’s research focuses on the “human” side of profit-driven cybercrime: who cybercriminals are and how they are organised. He is a regular speaker at major conferences, such as Black Hat, Enigma and the International Conference on Cyber Security. Jonathan has also written widely across academic, policy and media publications, including for the European Journal of Criminology, the Council on Foreign Relations and The New York Times. He is the author of Industry of Anonymity: Inside the Business of Cybercrime published by Harvard University Press. Fieldwork for this study took place over a 7-year period, involved travel to cybercrime hotspots around the globe, and included almost 250 interviews with law enforcement, the private sector, and former cybercriminals. He also publishes the Industry of Anonymity newsletter, looking at the latest updates in cybercrime research and news.

Talks:

Playing Games with Cybercriminals

Roman Lvovsky

Talks:

The Evolution of Magecart Attacks

Alex Lynd

Alex Lynd is a hardware hacker & cybersecurity content creator who appears on shows like Hak5, where he creates educational hacking videos. He builds low-cost Signals Intelligence demos with microcontrollers, and enjoys building environmental sensing & sustainable tech. Alex also created the Nugget, a cat-shaped hardware console that makes it fun to learn hacking!

Talks:

Build Your Own Cat-Shaped USB Hacking Tool!

David Rogers MBE

David is a mobile phone and IoT security specialist who runs Copper Horse Ltd, a software and security company based in Windsor, UK. His company is currently focusing on product security for the Internet of Things as well as future automotive cyber security.

David chairs the Fraud and Security Group at the GSMA. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and is a member of the UK’s Telecoms Supply Chain Diversification Advisory Council.

David holds an MSc in Software Engineering from the University of Oxford and a HND in Mechatronics from the University of Teesside. He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University.

He has spoken at a number of hacking conferences on his security research work including DEF CON’s Car Hacking Village, 44CON, B-Sides London, B-Sides Cymru and B-Sides LV.

He was awarded an MBE for services to Cyber Security in the Queen’s Birthday Honours 2019.

Talks:

The British are Coming! (To Talk IOT Secure By Design)

Michael McCabe

Talks:

Defense-in-Depth engineering

Kaileigh McCrea

Kaileigh is a Privacy Engineer at Confiant, where she researches violations of privacy regulations and user rights in ad tech, builds tools to detect them, and consumes huge amounts of cookies. She holds a CIPT certification from IAPP. Before joining Confiant she was a software engineer at Swing Left and Vote Forward where she helped volunteers send over 18 million GOTV letters in the 2020 General Election. Her background includes software engineering, comedy writing, and politics, and when she’s not working, she is usually reading excessive amounts and hanging out with her dog.

Talks:

What the Yandex Leak Tells Us About How Big Tech Uses Your Data

Dwayne McDaniel

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Talks:

Do you know where your secrets are? Exploring the problem of secret sprawl and secret management maturity

James McQuiggan

James McQuiggan is a Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked for Siemens for 18 years where he was responsible for various roles, including Product & Solution Security Officer for Siemens Gamesa Renewable Energy. In addition to his work at Siemens, McQuiggan is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division.

Talks:

Maxime Meignan

Maxime Meignan (@th3m4ks) is a security consultant at Wavestone, based in Paris, since the middle of the last decade. Loving to reverse engineer binaries in both professional and CTF contexts, Maxime has an IDA sticker on the back of his smartphone. And writes this uninteresting fact in his bio. He is currently interested in various fields of security, related to EDR software, Windows internals and Virtualisation Based Security.

Talks:

Linux Digital Forensics: a theoretical and practical approach

Gal Meiri

I am a Senior Security Research Team Lead at Akamai, leading the security research of our In-Browser Protection solutions. I am a passionate web security researcher with vast research experience in the fields of client-side Javascript and browser capabilities. My main expertise in the field of client-side attacks is hunting and investigation Magecart attacks, financial malware attacks, phishing and bot detection.

Talks:

The Evolution of Magecart Attacks

Derek Melber

Derek Melber is VP of Product Engagement & Outreach at QOMPLX, where he leverages his 25+ years of world-wide keynote speaking, authoring 18 books, consulting, and enterprise advising around Microsoft solutions and identity security. As a 18X Microsoft MVP, leveraging extensive experience in unifying products, marketing, sales, and content, he assists organizations to achieve success and exceed company goals around identity, security and enterprise IT administration. His broad areas of expertise include Active Directory, Group Policy, identity security, network security, and information technology design. Derek can be reached at derek.melber@qomplx.com and via LinkedIn at @derekmelber.

Talks:

Passwords: Policies, Securing, Cracking, and More

Chris Merkel

Chris Merkel, Senior Director, Cyberdefense – Northwestern Mutual

Chris Merkel leads Northwestern Mutual’s Incident Response, Insider Risk and Detection Engineering functions. Beyond his current role, he has had a distinguished career in cybersecurity, leading global organizations and solving cutting-edge challenges in cloud security, appsec, product security, threat-informed defense strategies and automated assurance methodologies. Chris is passionate about professional development, organizing career villages, performing career counseling, mentoring and being actively involved in helping non-traditional students get their start in cybersecurity.

Talks:

Authentication Proxy Attacks: Detection, Response and Hunting

Michael Messner

As a security researcher and penetration tester I have more than 10 years of experience in different penetration testing areas. In my current position at Siemens Energy, I’m focused on hacking products and embedded devices used in critical environments. This is the area where the firmware scanner EMBA is used and developed.

Talks:

EMBA - From firmware to exploit

Ms.Harb

Ms.Harb is a 20 plus year intelligence vet, former military and 3 letter.

Talks:

Gang Gang: Assembling and Disassembling a Ransomware Gang

Matt Muir

Matt is a security researcher with a passion for UNIX and UNIX-like operating systems. He previously worked as a macOS malware analyst and his background includes experience in the areas of digital forensics, DevOps, and operational cyber security. Matt enjoys technical writing and has published research including pieces on TOR browser forensics, an emerging cloud-focused botnet, and the exploitation of the Log4Shell vulnerability.

Talks:

The Ever-shifting Habits of Cloud-focused Malware Campaigns

Pablo Musa

Pablo is an experienced speaker and trainer with a demonstrated history of working in the computer software industry. Highly skilled in the Observability ecosystem, Pablo is excited to be a part of the new generation of microservices and cloud-centric monitoring and security. Robust software professional with a Master of Science (MSc) focused on Distributed Systems and Programming Languages. Education is his passion, and he believes that knowledge should be shared.

Talks:

Comprehensive Guide to Runtime Security

Zachary Newman

Zack is passionate about developer tooling, supply chain security, and applied cryptography. After 4 years as a software engineer and tech lead on Google Cloud SDK, he moved to MIT CSAIL to research authenticated data structures and Tor network performance. Now, as a research scientist at Chainguard, he works with the TUF and Sigstore communities to make open source more secure.

Talks:

How to have perfect vulnerability reports and still get hacked

Priyank Nigam

As an offensive security engineer, Priyank’s primary areas of focus is conducting security exercises that emulate real-world threats impacting billions of users.

His forte is web/mobile application security assessments, network penetration testing and secure source code reviews. In the past, he has advised Fortune 500 brands and startups and does mobile and IoT related research in his spare time.

As a new parent, he is now (re)learning hacking from his toddler who defeats all the “restrictions” to limit their mobility.

Talks:

Breaking Business as Usual: Attacking Android Enterprise Solutions

Cybelle Oliveira

Cybelle is a researcher of the misfortunes that happen in the cyber world, basically a Gossip Girl of the Malwareland. She has also been involved in privacy and security activism, fighting the good fight for a decade. Cybelle can be found directing the Brazilian organization Casa Hacker, empowering Cybersecurity Girls, curating the Mozilla Festival, and working in a bank in Brazil. She loves cats and is semi-vegan (because it is hard to resist to chocolate).

Talks:

The Telenovela of Latin America Banking Trojans: A Dramatic story about Cybercrime

Ofri Ouzan

Ofri Ouzan is an experienced Security Researcher who has been working in the cybersecurity field for over four years. She specializes in conducting security research on various software platforms, including Linux, Windows, and other software, with a particular focus on vulnerability validation, remediation, mitigation, and exploitation. In addition to her research expertise, Ofri is also developing automation tools in Python and Bash.

One of Ofri’s notable achievements includes the development of the MI-X open-source tool, which she presented at the Black Hat Arsenal stage during both the Black Hat USA 2022 and Black Europe USA 2022 events

Talks:

Hiding in Plain Sight - The Untold Story of Hidden Vulnerabilities

Arnaud PETITCOL

Cybersecurity auditor - Wavestone

Arnaud has been working in IS and Cloud security for 5 years, addressing multiple topics such as offensive security (audit / pentest / red team), incident response (mainly O365), but also design & construction (he has helped build and securing AWS and Azure landing zones for two years, taking advantage of these projects to pass the AWS Solution Architect Associate certification).</br> Capitalizing on these experiences, he likes building CTF and labs to create or reproduce vulnerable environments that he makes available to his co-workers through a self-service app.

Talks:

Jumping from cloud to on-premises and the other way around

Chris Paris

Chris is the Acting Director for Cyber Workforce Management at VA. Fueled by a passion to destroy silos (no grain is safe on his watch), much of his work is focused on bringing federal partners together to think and act differently about the challenges facing the cyber workforce. Whether he’s leading cross agency projects to pay cyber talent what they deserve, developing tools to open the aperture and on who can work in cyber, or streamlining the process to get your foot in the government door – Chris doesn’t shy away from the chance to disrupt the status quo. When not silo-hunting, you’re likely to find him taking on new projects at the local rock climbing gym.

Talks:

Separating Fact from Fiction: The Realities of Working in Government

Susan Paskey

Got bored as a firewall engineer so started a Def Con Group 919 and Cackalacky Con in RTP, NC, USA to share the joy of hacking with others. Eventually found a calling as a threat hunter, finding bizarre things in logs and investigating user access behavior. Believes that emotional security is a key part of information security and hacking.

Talks:

How to Handle Getting Dumped: Compromised Passwords

Sara Perez

Sara started as a penetration tester (before then she did some ever exciting PCI DSS audits) hacked things for a living for a good 6 years and delivered training at Blackhat ASIA, EU and US conferences before moving to the blue side of things, trying to embed security at the design stage, finding ways of hardening long-running systems, and enabling engineering teams to securely do what they need to do. Sara currently serves as Principal Cloud Security Engineer at Okta.

Talks:

The Art of Letting Go: Secure delegation of permissions in AWS environments

Yotam Perkal

Yotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam is also a member of the PyCon Israel organization committee and takes part in several OpenSSF working groups around open-source security as well as several CISA workstreams around SBOM and VEX.

Talks:

Towards Effective & Scalable Vulnerability Management

Hiding in Plain Sight - The Untold Story of Hidden Vulnerabilities

Tom Pohl

Tom is a Principal Consultant and Penetration Testing Team Manager at LMG Security. Prior to LMG, he has spent most of his career on the blue team building and securing systems used by millions of people. And by night, he is a competitive CTF player and has won several black/gold badges including THOTCON, Circle City Con, Wild West Hackin’ Fest and DEF CON. He is good at what he does because he’s already made many of the mistakes that he encounters in client environments on a daily basis.

Talks:

How I Met Your Printer

John Poulin

John Poulin is an experienced Application Security Practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups alike to perform secure code review, architecture, and design discussions, as well as threat modeling.

Currently, as a Staff manager of Product Security Engineering at GitHub, John and his team focus on performing secure code review of features and services, performing threat modeling, and overall helping to ensure that our software ecosystem is moving towards security maturity.

John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, Source, as well as various Ruby and OWASP events about practical Application Security.

Talks:

Defense-in-Depth engineering

Ed "Lulzky" Prevost

Edward Prevost is currently a Senior Princpial Security Architect at Zendesk. Edward got started with computing at a young age when his uncle gifted him C and BASIC textbooks. The son of a master stonemason (who happened to work at Rensselaer Polytechnic Institute [RPI]), he was raised with no computers at home but had access to the converted-cathedral computer lab at RPI and eventually an IBM Aptiva, on which he grew his expertise leveraging dial-in access to the RPI network.

Many late nights on IRC and BBCs later, Edward began his formal career at Albany Medical Center as an application specialist, tackling complex technical problems (C, Java, Coldfusion) found in academia and healthcare. Over the course of his career, he helped to build the Information Security Technology Center of GE in Glenn Allen, Virginia; design, review, and deploy core security architectures for Adobe—most notably adobe.io; lead an ICS research team at Tenable; and build and direct the Fraud Engineering, CIAM, and IVR teams at Zions Bancorporation. Most recently, Edward joined Zendesk to help drive and promote growth and maturity of the organization’s security engineering division.

Talks:

Murali Vadakke Puthanveetil

Murali Vadakke Puthanveetil is a Security Lead at Snap Inc. He is particularly interested in authentication and authorization logic used by web applications. Murali has presented at Bluehat 2016 and at OWASP AppSec USA (2017, 2018, 2019). He tweets as @0xMurali

Talks:

Navigating Security pitfalls during M&A : Playbooks & Strategies for doing acquisitions right

Jay Radcliffe

Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cyber-security. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cyber security issues. Jay holds a Master’s degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor’s degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.

Talks:

Vanessa Redman

Vanessa Redman works in the financial services industry as a Vice President of Information Assurance in Las Vegas, Nevada. She has proudly been playing with computers since getting a used Commodore VIC-20 in the late 1980s and loves learning about new things. Prior to her current position where she runs a team that conducts threat intel, control testing, and threat hunting, Vanessa has worked as a Cyber Scenario Developer and Strategy Consultant, Red Team Tech Lead, and has taught lessons on a variety of cybersecurity topics, including vulnerability management, adversary tactics, and threat intelligence. She loves playing the devil’s advocate and is always looking for assumptions to disprove. She is currently studying Algorithmic and Behavioral Game Theory for use in Cyber Strategy (both offensive and defensive) and has presented her findings so far at conferences such as BSidesLV, The Diana Initiative, Women’s Society of Cyberjutsu (WSC), and Women in Cybersecurity (WiCyS). You can also find her in the recently published book 97 Things Every Information Security Professional Should Know, published by O’Reilly Media in September 2021. You can follow her on Twitter at @RedmanCyber.

Talks:

Good Doesn’t Always Win: Understanding technical and enterprise tradeoffs in Cybersecurity

Negotiating Compromise: How to avoid being labeled a “Chicken Little” while promoting better security decision making

Kirsten Renner

Kirsten Renner is the Senior Recruiting Lead for the National Security Portfolio at Accenture Federal Services. She is an expert in talent acquisition and has more than 20 years of technical recruiting experience. Recruiting primarily in the information security community since 2010, Kirsten is possibly best known as the co-organizer of Car Hacking Village founded in 2015, and as a serial volunteer across the infosec and veteran communities.

Talks:

You CAN get there from here!

So Who’s Line Is It Anyway? Recruiter Panel

Kris Rides

Kris Rides is the President of America’s for Via Resource - a Cybersecurity Staffing company, and the Founder of Tiro Security - a Cybersecurity professional services firm.

He is one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, the previous President, and an honorary board member. He chairs the Industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpine, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).

Kris is committed to using his expertise to make a difference in the cybersecurity Industry.

Talks:

So Who’s Line Is It Anyway? Recruiter Panel

Axel Roc

Axel Roc is a security consultant at Wavestone, an independent French consulting firm. His work involves a mix of penetration testing and incident response with Wavestone CERT-W. Axel enjoys challenging and improving his skills by participating in CTFs with the Wavestone team.

Talks:

Linux Digital Forensics: a theoretical and practical approach

VINEETA SANGARAJU

Vineeta is a senior research engineer at Synopsys. She evaluates current technologies, frameworks and languages in the industry to identify methods of using them securely. Her research contributes to static analysis solutions that influence server-side, mobile, and client-side areas of security. As a software security enthusiast, she obtained her master’s degree in Computer Science from Indiana University and found her calling in application security. She has 8+ years of experience in the field and her key interests lie in web and mobile application security. Before diving into research, she was a Consultant where she performed penetration tests and code reviews for clients in the financial and healthcare industries.

Talks:

Build hybrid mobile applications like a security pro!

Barry Maclaughlin SHRM-SCP

Barry MacLaughlin has spent the past 20+ years in Recruiting, hiring talent focused in Technology and Professional Services, from the Big 4 to fast growth start-ups. For the past 6 years, Barry has exclusively been recruiting and leading global teams in Cybersecurity, hiring technology product, consulting services and sales professionals. He currently leads global recruiting for Bishop Fox, a leader in Offensive Security, serving 8 of the Top 10 Global Tech companies with over 16K projects completed in the past 3 years. Barry was a speaker at DEF CON 30 in a Livestream event and holds a Senior Certified Professional designation in the Society for Human Resources Management.

Talks:

It’s all about Talent

Arnaud SOULLIE

Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 13 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity more than 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON… He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.

Talks:

Pentesting ICS 101

Aldo Salas

With more than 15 years of experience, Aldo has had the opportunity to work on all stages of Application Security, from penetration testing to program management and everything in between. He is currently on a quest to get rid of passwords by leading the Application Security program at HYPR. Aldo has participated as an OWASP local chapter leader for many years, and he has been active in the bug bounty community as well. Aldo has worked with several technologies and businesses, including financial, healthcare, media and entertainment, education, and information technology.

Talks:

Could Passwordless be Worse than Passwords?

Rotem Salinas

Rotem is a Senior Security Researcher in CyberArk Labs’ Malware Research Team. His work focuses on hunting and Reverse Engineering cutting edge malware samples such as rootkits, APTs, banking-trojans, infostealers, client-side exploits and other threats. He previously presented is conferences such as RSA Conference, and Digital Crimes Consortium.

Talks:

Breaking Windows with your ARM

Dr. Ben D. Sawyer

Dr. Ben D. Sawyer is an applied neuroscientist and human factors engineer known for using brainwaves, eye movements, and mathematical theory to build better human-machine teams. His models and algorithms power trustworthy machines that work with their human partners. His design recommendations are leveraged by Fortune 500 companies. His work has been covered by Forbes, Reuters, Fast Company, and The BBC, and more. Dr. Sawyer’s postdoctoral work at MIT was in collaboration with industry including Google, Jaguar-Landrover, Honda, DENSO, Monotype, and Panasonic. A two-time Repperger Research Fellow with the Air Force Research Laboratory (AFRL), he performed research with the 711th Human Performance Wing in both their Applied Neuroscience and Battlefield Acoustics (BATMAN group) divisions. He is a recipient of The Human Factors Prize, for Cybersecurity research, The K.U. Smith Award, for consumer electronics work investigating driving distraction and Google Glass, and an Outstanding Dissertation Award for work investigating the applied psychophysics of warfighter multitasking. Dr. Sawyer is presently faculty in Industrial Engineering and Management Systems and the Institute for Simulation and Training at UCF, and the Director of LabX, an applied neuroscience group addressing human performance.

Talks:

Cognitive Security and Social Engineering: A Systems-Based Approach

Lauren Scheer

Biography

Talks:

So Who’s Line Is It Anyway? Recruiter Panel

Matt Scheurer

Matt Scheurer is a show host for the ThreatReel Podcast, and also works as an Assistant Vice President of Computer Security and Incident Response in a large enterprise environment. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). He volunteers as a “Hacking is NOT a Crime” Advocate and as a technical mentor for the Women’s Security Alliance (WomSA). He has presented numerous Information Security topics at many technology meetup groups and prominent Information Security conferences. Matt is also a 2019 comSpark “Rising Tech Stars Award” winner and was named a “Top 12 Hacking Influencer” by Bishop Fox in 2023.

Talks:

Lies, Telephony, and Hacking History

Reanna Schultz

Reanna Schultz is from Kansas City, Missouri where she attended the University of Central Missouri (UCM). Reanna graduated in 2018 with her Bachelor of Science in Cybersecurity: Secure Software Development and later graduated in 2020 with her Master of Science in Cybersecurity: Information Assurance. While in the industry, Reanna has been exposed to numerous SANS-hosted classes and has a background in endpoint security engineering and network security engineering. Reanna works as a Team Lead out of a Security Operations Center (SOC) at Garmin and as a part-time cybersecurity instructor at UCM. Reanna currently volunteers as a coach for the National Cyber League. Additionally, Reanna guest speaks at numerous colleges and high schools discussing her industry experience across the Midwest for cyber and computer science students.

Talks:

Social Engineering: Training The Human Firewall

Cat Self

Cat Self is an Adversary Emulation Engineer for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team engineer, and threat hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, blogging, and public speaking. Outside of work, she is often planning an epic adventure, climbing mountains in foreign lands, or learning Chinese.

Talks:

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Wes Sheppard

Hello there! I’m Wes, and I come from a lot of places. From America to China to Japan to Europe, and from IT to Engineering to Butt to InfoSec, it’s been a wild ride with stories to spare!

My career focuses have been in Butt Security and Infrastructure-level Security, which over time has migrated to Cyber Risk, Data Privacy, and Cybersecurity Law. The best part of this field is how you can take a side hustle or interest and just roll it into your career (^_^)

These days I’m a CIO in Canada whilst also being a regular contributor to BSides & Defcon, a data privacy advocate and frequent learner-of-things. If I can help open the door or guide a path, please reach out!

Talks:

Failing Upwards: How to Rise in Cybersecurity by finding (and exploiting) your weaknesses

Kiran Shirali

Kiran Shirali is a Senior Manager responsible for Security Engineering functions at eBay. He has been in the space of security for over 10 years.

He works closely with eBay’s security incident response function while supporting it with detection and automation engineering. He also has worked in the space of Application Security and Offensive Security.

When he is not behind a desk, he loves to go out on day hikes or read a good fiction book

Talks:

Hyper-scale Detection and Response

Jeevan Singh

Jeevan Singh is the Director of Product Security at Twilio, where he is embedding security into all aspects of the software development process. Jeevan enjoys building security culture within organizations and educating staff on security best practices. Jeevan is responsible for a wide variety of tasks including architecting security solutions, working with development teams to resolve security vulnerabilities and building out security features. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 20 years.

Talks:

Threat Modeling 101 - Burn risks, not hope

Jay Smith

Jay is a lead security researcher at a Fortune 500 company. He has over 25 years of experience across a variety of IT domains including system and network engineering, development, and offensive security. His current research primarily involves niche technologies such as IVR, MQ, Mainframes, and ATMs.

Talks:

Mainframe Hacking for CICS and Giggles

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Talks:

For Intel and Profit: Exploring the Russian Hacktivist Community

Lea Snyder

Lea is a Principal Security Engineer at Microsoft. She is passionate about helping under-represented folks find a career in information security. She’s worn a lot of hats over her career and mostly worked for companies that begin with the letter ‘A.’ Outside of work she can be found organizing security conferences or enjoying all the PNW has to offer.

Talks:

Rockstar Role: Security TPM

Neerja Sonawane

Neerja Sonawane Manager, Security Engineering

Experience : Neerja manages the Security Analytics and Data Engineering Team at eBay. She led the development and delivery of a hyper-scale, open source based SIEM and Data Analytics platform for eBay that allows real-time threat detection and improves the overall posture of Incident Response at eBay. When not coding, she loves to dance.

Talks:

Hyper-scale Detection and Response

Emma M Stewart

Emma has had a hyper focused career on power delivery and energy resilience, focused primarily on the electric industry in multiple countries. She moved to the US 17 years ago to avoid a career working in the rain in substations in Scotland, and worked at multiple national labs and in the electric grid industry. The last few years were spent working on successfully persuading some of the least resourced utilities in the country to implement basic controls. She spends the majority of her spare time running or cycling up hills, rescuing dogs and recovering from an alternate career as a triathlete.

Talks:

Energy Poverty and Potential Impacts to Other Critical Infrastructures & Powerful Paths to Progress

David Stocks

David is a Director in PwC’s Cybersecurity & Digital Trust team where he leads Incident Readiness, Response, and Recovery services. He regularly leads cyber crisis exercises with C-suite leaders and boards, as well as senior government leaders. In the last three years, he has assisted organisations respond to or recover from some of Australia’s most significant cyber crises, leading cross functional teams of cyber, technology, communications and digital law specialists.

Talks:

Cyber Crash Investigations: Seizing the Opportunity to Learn from Past Crises

Garet Stroup

Garet is a self-described builder, breaker, and automator of things. He thrives when he can enable those around him to bring creative ideas and products to the table to keep things moving forward without getting stuck waiting for perfection. He has made a career of building threat and vulnerability management programs, governance, risk, and compliance programs, and now serves as the Director for Cyber Threat Simulation (all things offensive security) at Humana.

Talks:

You’ve Gained +2 Perception! Leveling Up Your Red Team with a New Maturity Model

Andrew Suters

Talks:

Linux Privilege Escalation

Ariel Szarf

Ariel Szarf works as a Senior Cloud Security Researcher at Mitiga. Prior to that, Ariel was a Cyber Security Specialist Officer in the IDF. In addition, Ariel has a Master’s degree in Computer Science. Today, Ariel researches potential attacks on cloud services and SaaS, and investigates incidents.

Talks:

Oops, I Leaked It Again - How we found PII in exposed RDS Snapshots

Google Workspace Forensics – Insights from Real-World Hunts & IR

Tetsuya Takaoka

Tetsuya Takaoka is a passionate Japanese white hacker. He runs a venture company in Japan that specializes in security consulting services such as pentesting, incident response, forensics. He also has keen interests in education, so he is teaching pentesting and sharing technical knowledge about security on his blog to contribute to the development of cyber human resources in Japan.

He holds certifications such as OSCP, CRTO, CISSP(Associate), and Locksmith Level 2.

Talks:

Breaking In: Unleashing the Power of Physical Offensive Security

George Tang

https://www.linkedin.com/in/georgetang/

Talks:

Alexandrine Torrents

Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

Talks:

Pentesting ICS 101

Jennifer Traband

Jennifer Traband has been a technology professional for the past 28 years; including 18 years as a Project Manager. Having started her career in hardware and software support and administration of automated teller machines (ATM) and desktop computers and servers before becoming a Project Manager provided her the experience and insight to be able to partner with technicians, engineers, and testers in a more relatable fashion. As a Project Manager, Jennifer has managed infrastructure NET NEW buildouts, installations, migrations, and decommissions for Fortune 500 companies in technology, telecommunications, and financial industries. In her current role, she provides the administration and coordination backbone for a Red Team of a financial institution through the utilization of Jira to facilitate the adoption of Agile (Scrum) and Lean (Kanban) methodologies.

Talks:

Wrangling Cats: How We Coordinate Red Team Testing

Arun Viswanathan

Arun leads the cyber defense engineering and research group at the legendary Jet Propulsion Laboratory (JPL), where he and his team defend JPLs daring space missions against cyber adversaries. He actively contributes to the security community in his roles as a senior member of the American Institute of Aeronautics and Astronautics (AIAA), the chair of the AIAA Aerospace Cybersecurity Working Group, and a contributor to the IEEE space cybersecurity standard. When he is not working, he loves to explore the great outdoors, read non-fiction, build DIY projects with his kids, and coach his son’s soccer team.

Talks:

Separating Fact from Fiction: The Realities of Working in Government

Zach Wasserman

Zach Wasserman is the co-founder & CTO at Fleet Device Management where he leads the team in bringing open source solutions to security and IT teams. He is also a co-creator of osquery and member of the technical steering committee. If it weren’t August in Vegas, he’d be out climbing at Red Rock Canyon.

Talks:

Open Source GitOps for Detection Engineering

Matt Weir

Dr. Matt Weir is a principal cyber security researcher at MITRE. He was one of the lead authors of the Playbook for Threat Modeling Medical Devices and is and is an active contributor to the Biohacking Village at the Defcon security conference. Outside of a clinical setting, Dr. Weir has been awarded the test of time award by the IEEE Security and Privacy Conference for his work developing new models to improve password security.

Talks:

Password911: Authentication Adventures in Healthcare

Tim Weston

Timothy Weston serves as the Director for Strategy & Risk in the office of Strategy, Policy Coordination, and Innovation within the Transportation Security Administration’s Office of the Administrator. Mr. Weston also serves as the Cybersecurity Policy Coordinator for the TSA. Previously, Mr. Weston was Senior Counsel for the Security Threat Assessments Division within TSA’s Chief Counsel’s Enforcement and Incident Management Division. Mr. Weston received his B.S. from Oklahoma State University and his J.D. from Oklahoma City University School of Law. Mr. Weston also holds a LL.M. in National Security and U.S. Foreign Relations from The George Washington University Law School.

Talks:

Separating Fact from Fiction: The Realities of Working in Government

Julia Wighton

Julia is a Manager in PwC’s Cybersecurity & Digital Trust team who has led post-incident reviews into some of Australia’s most significant cyber incidents. With a background in law, strategic communications and technology consulting, Julia brings multidisciplinary experience, strong business acumen and a unique skill set which enables her to bridge the gap between the business, people and technology elements of cyber security. She helps clients to identify and capitalise on opportunities to improve capability and build resilience after a cyber incident.

Talks:

Cyber Crash Investigations: Seizing the Opportunity to Learn from Past Crises

Beau Woods

Beau Woods is a leader with the I Am The Cavalry grassroots initiative, Founder/CEO of Stratigos Security, a Cyber Safety Innovation Fellow with the Atlantic Council, leads the public policy space at DEF CON, and helps run the I Am The Cavalry track at BSides Las Vegas. In addition, Beau helped found the ICS Village, Aerospace Village, Hack the Sea, and Biohacking Village: Device Lab. His work bridges the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. He formerly served as Senior Advisor with US CISA, Entrepreneur in Residence with the US FDA, and Managing Principal Consultant at Dell SecureWorks. Over the past several years, Beau has consulted with the energy, healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US and international policy makers, and the White House. Beau is a published author, public speaker, media contributor.

Talks:

Introduction to the Track, Reflections on a Decade of IATC

A Hacker’s Guide for Changing The World (and Where do we go from Here?)

Phillip Wylie

Phillip is a passionate offensive security professional with over two decades of information technology and cybersecurity experience. His experience includes penetration, red teaming, and application security.

When Phillip is not hacking, he educates others about pentesting and web application pentesting during workshops at conferences and other events. Phillip is the concept creator and coauthor of the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker,” based on his conference talk on starting a career as a pentester.

Phillip’s uncommon journey into cybersecurity is preceded by his colorful past as a pro wrestler, where he once wrestled a bear.

Talks:

Penetration Testing Experience and How to Get It

Kiyohito Yamamoto

Kiyohito Yamamoto has 8 years of experience as a Security Engineer at NTT Communications, Japanese Telecommunication Company, and is also NTT Group Certified Security Principal. He served as a Senior Response Expert during the Tokyo Olympics and also conducted TLPT tests.

Talks:

The Dark Playground of CI/CD: Attack Delivery by GitHub Actions

Yiannis

Celebrating almost two decades of password cracking research and proud member of team Hashcat, Yiannis makes his own rules, wordlists and cracks complex passwords. He makes wordlists out of anything, including this bio. Although impractical, he doesn’t care about the 98% of the passwords but is rather obsessed with the remaining 2% - leading to the rabbit.

Talks:

Follow the white rabbit down the rabbit hole

Sounil Yu

Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; is a visiting fellow at GMU Scalia Law School’s National Security Institute; guest lectures at Carnegie Mellon; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before BofA, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, a 2021 Top 10 CISO by Black Unicorn Awards, and for Lifetime Achievement in 2022 by the SANS Institute. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.

Talks:

Double Entry Accounting for Security

From LLM Obstacles to Open Doors: A Tale of Three CISOs

Yuval Zacharia

Yuval Zacharia is a cyber security expert. She served in the prestigious 8200 Unit in the Israel Defense Forces, focusing on research, threat hunting, and incident response. Today she works at Hunters as a Security Research and ML Team Leader. Yuval is also a classical ballet dancer and in her free time she enjoys cooking.

Talks:

Enemy at the Gate, and Beyond: Detecting and Stopping Account Takeover

Zoz

Talks:

Pub Quiz

will baggett

Will draws from his experience as a former CIA officer specializing in Technical and HUMINT Operations and NATO SOF Cyber Security SME to his current role in Cyber Threat Intelligence. He is a graduate of Georgia Tech and is the father of twins.

Talks:

Conti Leaks and CARVER Analysis for Threat Intel Analysts

vinay prabhushankar

Vinay brings over 12 years of experience in the security industry, having previously held positions at Microsoft and Splunk. Currently serving as the Security Lead at Snap Inc. Vinay is responsible for seamlessly integrating Snap’s acquisitions into their ecosystem.

Vinay has shared his expertise as a presenter at Bluehat 2016 and is known for conducting developer security training sessions. He has a keen interest in Cloud security and Zero Trust Architecture. He tweets @zephyrvinay.

Talks:

Navigating Security pitfalls during M&A : Playbooks & Strategies for doing acquisitions right