2024 Speakers
0DDJ0BB
0DDJ0BB has been Blue since 2013. he has quickly risen from the ranks as an engineer, consultant, IR analyst, Vulnerability Management Lead, and Senior Director. His background in education, bio-sciences, finance, retail, manufacturing, and healthcare give him a unique view on what it takes to build an InfoSec program given limited resources. He is host of the Glass of 0J YouTube Channel and is a Founding member of CircleCityCon (RIP)
Talks:
Bård Aase
Breaking mass mailings and data exports since 1983 Bård Aase has 20 years of experience as a developer and is currently a DevOps specialist in the platform team at Sbanken - et konsept fra DNB. He is committed to quality in every step throughout the software lifecycle. Bård is an avid supporter of open source and has been an active member of the Bergen Linux User Group, where he has organized lectures and meetings for many years. github.com/elzapp | mastodon.cloud/@elzapp | linkedin.com/in/bardaase/
Talks:
Actuator
Edward Warren has worked in Information Technology over 5 years & currently serves as a Security Analyst at Sedara. In 2023, Edward found critical flaws in Wi-Fi Internet Modems and Android applications & has a passion for researching emerging threats to user privacy. When not hunting for digital bugs he participates in various outdoor activities & also enjoys rearing biological bugs.
Talks:
CVE Hunting: Wi-Fi Routers, OSINT & ‘The Tyranny of the Default’
Adi
Adi is an experienced security manager, used to leading teams to protect some of the most sensitive systems around. While her background was originally as a software developer and manager, she was most recently Vice President of Cybersecurity at JPMorgan Chase & Co., one of the largest banks in the world. Adi is now serving as Director IT & Security of Mitiga. Ms. Belinkov has well over a decade of experience in management roles, with security, operations, and development teams. She works closely with developers, QA engineers, Devops, and Product managers to deeply embed security into their daily workflows, often delivering internal training sessions. Adi has a pragmatic understanding of organizational constraints and requirements, and leverages these to ensure we deliver the optimal results to stakeholders. Adi has served in the famous 8200 unit in the IDF, has a degree in Software Engineering, and Executive MBA. She also volunteers for SheCodes, and previously ran one of the chapters.
Talks:
Adversaries Also Lift & Shift: Cloud Threats Through the Eyes of an Adversary
Lenin Alevski
Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog. https://www.alevsk.com
Talks:
A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations
Sing Ambikapathi
Sing is a software engineer specialized in security and compliance. Primarily design, build and support software products to keep the customer's application, data and infrastructure secure. Lead, mentor and learn along the way.
Talks:
Brad "Sno0ose" Ammerman
Senior Director of Security @ Prescient Security – manage 5 teams of independent hacker types in all areas of offsec • Experienced cybersecurity professional skilled in hacking and managing teams of hackers. • Proud husband/dad, speaker, educator, mentor, and veteran dedicated to educating and protecting others. • Prior companies include – DIA, DOD, Lockheed Martin, Optiv, and the Supreme Court of Nevada • Employed in information technology since 2001 • 14 years in information security I am the guy you talk to when you are sick of paying 30k+ for penetration testing
Talks:
Soya Aoyama
Soya Aoyama is a cybersecurity researcher and Global Fujitsu Distinguished Engineer. Soya worked as a Windows software developer at Fujitsu for over 20 years, developing NDIS drivers, Bluetooth profiles, WinSock applications, and more. Soya started working in security research in 2015, mainly researching attacks using Windows DLLs, and has spoken at a number of international hacker conferences, including Black Hat, BSidesLV, GrrCON, DerbyCon and LeHack, and was also a mentor at BSidesLV in 2023. Soya is one of the founders of BSides Tokyo, and has been involved with the organization since its first edition in 2018.
Proving Ground Mentor
Max Arnold
Max is a security engineer at Security Innovation, where he performs security assessments for web and mobile applications, backend services, and hardware. In his free time, Max enjoys solving cryptography problems, designing electronics projects, and lockpicking.
Talks:
PCR 9: How a simple misconfiguration can break TPM full disk encryption
Emily Austin
Emily is a Principal Security Researcher at Censys, where she studies security threats and other interesting Internet phenomena. Previously, she was a security engineer focused on threat hunting, detection, and incident response. She is interested in the application of data science and analytics techniques to problems in security, and in the past has worked on projects related to anti-abuse, fraud, and malicious web app traffic detection.
Talks:
Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you
Yaron Avital
Yaron Avital is a seasoned professional with a diverse background in the technology and cybersecurity fields. Yaron's career has spanned over 15 years in the private sector as a software engineer and team lead at global companies and startups. Driven by a passion for cybersecurity, Yaron now focuses on security research, With expertise in application security, software supply chain security, web security research, and 3rd party protocols reversing.
Talks:
Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories
Lillian Ash Baker
Lillian Ash Baker (aka Zap!) is a Product Security Engineer with a major aviation manufacturer, securing the next generation of civil aviation aircraft. She is responsible for driving cybersecurity requirements across the entire aircraft ecosystem and maintaining DO-356/326 compliance. Prior to their time in Product Security, Lily was at Collins Aerospace for 15 years, responsible for the development, test, manufacturing, and integration of civil avionics equipment with a focus on Navigation and Inertial Systems. They have dealt with civil avionics certification to ARP-4754A, DO-160, DO-178, D…Ok, you get the idea. From particle accelerators to inertial flight testing, Lily has plenty Certified Scars and their stories to tell. When not designing aircraft systems, she volunteers as the CFP Organizer at the Aerospace Village.
Proving Ground Mentor
Aarav Balsu
Aarav is a red team engineer at Costco Wholesale. In his free time, he enjoys reading, long meandering hikes in the beautiful Pacific Northwest, and swimming!
Talks:
Rolling out the C2: A Take on Modern Red Team Infrastructure
Rohit Bansal
Rohit has extensive security expertise and over sixteen years of practical experience. Throughout his career, he has collaborated with prominent organizations such as PayPal and Robinhood, where he successfully tackled intricate security challenges. Now, he's on a mission to share his expertise and empower startups to do the same. Rohit has donned multiple hats as a manager, architect, and engineer. His active volunteering for BSidesSF for the past four years is a testament to his commitment to the security community. By fostering a proactive security culture, Rohit is dedicated to helping young companies steer clear of critical mistakes and grow securely.
Talks:
Practical Perimeter-less authentication solutions for Startups using AWS native solutions
David Batz
Leveraging over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he brings a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS). David has been with the Edison Electric Institute for over 14 years and more broadly, has been instrumental in the development and expansion of an industry-wide program called Cyber Mutual Assistance. He is a member of InfraGard and serves on the SANS Institute Advisory Board. He has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems as well as security baseline and standards topics for prominent industry associations including NIST, the National Academies of Sciences, United States Energy Association and the World Economic Forum to name a few.
Talks:
Getting Serious (Un)-Resilience of Lifeline Critical Infrastructure.
Introduction to I Am The Cavalry - Day Two - Preparing for 2027
John-André Bjørkhaug
John-André Bjørkhaug is a seasoned penetration tester with over 15 years experience doing penetration testing, currently working as a Principle Penetration Tester for the Norwegian security company Netsecurity. He has a bachelor's degree in electronic engineering, but prefers to break stuff instead of building stuff. John specializes in penetration testing of internal infrastructure, physical security, Social Engineering, and full blown Red Teaming. He is also doing penetration testing of IoT, OT, and embedded systems. John is an active participant in the Norwegian security community and has presented at conferences like HackCon and Securithon. He is also running the lockpick village at HackCon, where he is devoted to teaching others about lock picking and bypass techniques.
Talks:
Bluescreenofwin
Michael Glass aka "Bluescreenofwin" is a senior security engineer and Windows hacker. He is currently employed at one of the largest streaming companies in the world (aka the “entertainment” business) making sure your favorite time on the Internet goes uninterrupted. He has ran the infrastructure for the Western Regional Collegiate Cyber Defense Competition, mentors cybersecurity students for several colleges across the U.S., and brews copious amounts of delicious beer for consumption in his spare time.
Talks:
Fabricio Bortoluzzi
Fabricio Bortoluzzi Experienced university educator. He accounts for over 10 thousand hours of live lectures in computer science, cyber security and cloud computing courses, including computer architecture, operating systems, computer networks, distributed systems, computer network attacks and application vulnerability exploitation. He is a full-time Cyber Security Associate Professor at Noroff, in Kristiansand, Norway, and a Guest Computer Science Lecturer at the University of Vale do Itajai, in Brazil. Fabricio previously spoke about penetration test techniques at FISL - International Forum on Free/Libre Software in Porto Alegre, Brazil and at smaller cyber security meetings. https://www.linkedin.com/in/fabriciobortoluzzi/ https://www.researchgate.net/profile/Fabricio-Bortoluzzi https://www.noroff.no/en/contact/staff/53-academic/392-prof-fabricio-bortoluzzi-b-sc-m-sc
Talks:
Insights on using a Cloud Telescope to observe internet-wide botnet propagation activity
Troy Bowman
Troy has spent the last 4 years working alongside a group of highly talented Information security professionals at a fortune 15 company. Prior to trekking through the trenches of threat modeling and application security, he spent 6 years enlisted in the United States Navy as a Fire Controlman, operating, repairing and maintaining some of the most valuable IT assets found on a Naval Warship. While he may not be 100% sure on a few things in life, (What to have for lunch? Should I really have that extra Cinnabon?) He is absolutely certain that threat modeling is not something to “shrug off” or avoid and it can be done at scale! Troy enjoys spending time with his wife and two kids and is an avid video gamer, dog lover, beer drinker, and man of science. He is passionate about his future in InfoSec and is ready to keep his love for this industry going by bringing his knowledge, passion, and expertise to a new level with his upcoming company Threat Archer - Cyber Security Solutions LLC.
Talks:
Ricki Burke
A passionate contributor to the infosec community, Ricki is a co-organizer of BSides Gold Coast (2024) and SecTalks Gold Coast. He has also organized career villages, hosted workshops, and presented at AISA CyberCon, AusCERT, BSides Canberra, BSides Melbourne, BSides Perth, and CHCon. Ricki is also a former Resume Review volunteer at BSides LV.
Talks:
Brute Force Your Job Application
What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
Brian Burnett
Brian Burnett is a penetration tester for a Fortune 500 in the Washington, DC area. He served five years in the United States Army as a Russian linguist.
Talks:
Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 101
Matthew Canham
Dr. Matthew Canham is a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting human-technology and security research. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on threats posed by maliciously produced AI generated content and synthetic media social engineering. Dr. Canham recently founded the Cognitive Security Institute, a non-profit organization dedicated to understanding the key components of cognitive attacks and discovering the best ways to defend against these. Dr. Canham has provided synthetic media threat awareness training to NASA (Kennedy Space Center), DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the BSides Las Vegas security conference, the Misinformation Village at DefCon, and the Black Hat USA security conference. He has appeared on multiple podcasts including BarCode Security, Weapons of Mass Disruption, 8th Layer Insights, The Cognitive Crucible Podcast, the ITSP Podcast, and he has appeared as a deepfake subject matter expert on several news outlets.
Talks:
Joel Cardella
Joel is a recovering CISO, currently focused on the world of medical device security. He's done almost all the IT jobs since the mid 1990s, and has worked with some really stellar people, building his success on their shoulders with their help.
Proving Ground Mentor
Jay Chen
Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats. In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
Talks:
Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.
Talks:
Mea Clift
Mea Clift is a distinguished cybersecurity leader with a remarkable multi-decade career defined by her commitment, innovation, and mission-driven cybersecurity practices. She represents the excellence in cybersecurity leadership, demonstrated through her professional accomplishments, contributions to thought leadership, and investment in developing the next generation of Cybersecurity practitioners. With Liberty Mutual as Principal Advisor, Cyber Risk Engineering she provides guidance to commercial underwriters evaluating the cyber risks of organizations, and advisory services to insureds, educating on trends and opportunities for maturity. In previous roles, Mea led cyber efforts at a top water and wastewater consultancy firm, highlighting the increased risk of cyber threats in this Critical Infrastructure arena. She is also a respected mentor and advocate for belonging in the cybersecurity field, having built a stellar reputation for credibility with executive management, key clients, and employees. Notably, Mea was the recipient of the Cyversity Mentor of the Year Award in 2023, a testament to her outstanding contributions to the field. As an educator, Mea participates mentorship programs with Cyversity and ISACA and teaches a Fundamentals of GRC class regularly for Cyversity members. She lives in St. Paul, Minnesota with 4 greyhounds and is a quilter and living historian.
Talks:
How Living and Quilting History made me a better Cybersecurity Professional
Josh Corman
Joshua Corman is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.
Talks:
Time is up. You have three years, 3 months, 3 weeks, to protect your Stuff. What do you do?
Getting Serious (Un)-Resilience of Lifeline Critical Infrastructure.
Introduction to I Am The Cavalry - Day Two - Preparing for 2027
Christian Dameff
Dr. Christian Dameff is an Emergency Physician, Clinical Informaticist, and researcher. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records. Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides: Las Vegas, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.
Talks:
Caleb Davis
Caleb Davis is a founding member of the Cybersecurity organization, SolaSec. Caleb operates out of the Dallas/Fort Worth area and has a degree in Electrical Engineering from the University of Texas at Tyler. He is an inventor/patent holder and has a background in embedded hardware/software development. He leads a team of experts that regularly perform penetration testing across a wide variety of products including medical devices, ATMs, chemical control systems, security solutions, and other commercial products. Additionally, Caleb has a passion for integrating security into the product development life cycle and has helped several organizations in their approach to shifting left.
Talks:
Rick Davis
Rick Davis is currently a Senior Product Manager at Microsoft focusing on Cybersecurity. With over 20 years in the field he has worked in all industry verticals, both public and private, in roles ranging from architecture to red team as well as adjunct professor and guest lecturer in areas of statistics, number theory and cryptanalysis. Rick is a subject matter expert on technologies such as PKI, Active Directory and the Microsoft Defender ecosystem.
Proving Ground Mentor
Troy Defty
Following over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at Google. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
Talks:
Andy Dennis
Andy Dennis - Andy heads up the Cloud and Platform practice at Modus Create. This covers DevOps/DevSecOps, Build Systems, Internal Developer Platforms, Cloud Infrastructure and Cybersecurity. Andy has spoken at multiple BSides events around the US (including BSides CT, and BSides Tampa ) and also at the DEFCON Recon Village.
Talks:
Leif Dreizler
Leif Dreizler is an information security professional with over a decade of experience. He is currently leading an engineering team that builds features of Semgrep’s product. Previously, Leif was a Senior Engineering Manager at Twilio Segment where his team was focused on building customer-facing security features and internal security tools. Leif is a conference organizer and active member of the security community, and is passionate about helping folks on his team and within the broader security community develop in their careers.
Talks:
Kirill Efimov
As a seasoned security researcher, I've led teams at Snyk and now helm security research at Mobb. With a wealth of publications and speaking engagements, I've delved deep into the intricacies of cybersecurity, unraveling vulnerabilities and crafting solutions. From pioneering research to impactful talks, my journey is fueled by a passion for safeguarding digital landscapes. Join me as I share insights, strategies, and innovations in the ever-evolving realm of cybersecurity.
Talks:
Don’t Make This Mistake: Painful Learnings of Applying AI in Security
Michelle Eggers
Security Consultant, NetSPI As a Security Consultant, Michelle Eggers executes penetration testing for a variety of client environments. After making a strong pivot from operations into proactive security, Michelle focuses on web application, mainframe, and network pentesting. Michelle has contributed to the security community by speaking about mainframe and web application security at various cybersecurity conferences, volunteering with Black Girls Hack during Hacker Summer Camp, and driving forward interest in securing mission critical systems and critical infrastructure through authoring blog posts and social media content on the subjects. Credentials and certifications earned include CompTIA Security+ and ISC2 Certified in Cybersecurity. She also holds a Bachelor of Science degree in Accounting, a Project Management Certificate from Cornell University, and an Evolve Security Certified Professional credential.
Talks:
The Immortal Retrofuturism of Mainframe Computers and How to Keep Them Safe
Mauro Eldritch
Talks:
The B-side that no one sees: the ransomware that never reached mainstream popularity
Casey John Ellis
Casey is the Founder, Chairman, and CTO of Bugcrowd. He is a 20 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the https://disclose.io vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s passionately pursuing potential.
Talks:
Tom Eston
Biography
Proving Ground Mentor
John Evans
John Evans is the Technical Operations Manager at Cedar, a health tech startup based in NYC, where he is responsible for corporate IT, business systems and cloud engineering. He’s spent most of his career in IT and security-adjacent work. As a former Apple Retail Lead Genius, he’s also passionate about user experience and building IT and security teams that help people do their best work. He enjoys working with complex IAM problems, DevOps teams and high-growth startups; and finding speed not just in automation but in bikes and sim racers, too.
Talks:
Emma Yuan Fang
Emma is an Enterprise Security Architect at EPAM Systems, with expertise spanning cloud security, DevSecOps, and security strategy. In her current role, she designs and implements security solutions into cloud platforms and software development projects for her clients. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to diverse clientele, from emerging tech startups to established FTSE 100 firms. She is passionate about cloud security, Zero Trust, and AI/ML security. Alongside her professional work, Emma is dedicated to promoting a more diverse workforce in cybersecurity through mentorship and community programs. She is an ambassador of WiCyS UK&I, a member of the Industry Advisory Board for the Faculty of Computing, and a guest speaker at the University of Buckingham in the UK.
Talks:
Harriet Farlow
Harriet Farlow is CEO at Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in co-founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
Talks:
Edward Farrell
Edward Farrell (faz) is a cyber security consultant with over fourteen years experience in cyber security and eighteen years experience in the IT industry. As the director of Mercury, he has conducted and overseen the delivery of independent cyber security audit activities and incident responses in the past nine years.
Proving Ground Mentor
Talks:
Jose Fernandez
José Fernández is the President of CompSec Direct. Jose's background in CNO, CND, and engineering has allowed him to work in some of the most technically demanding environments in both private and public sector. Mr. Fernandez is a Puertorican Hacker Dude, Veteran, Vice-president of Obsidis Consortia Inc which does the BSides in Puerto Rico, and the Director of Recruitment for AUSCF.
Talks:
Jonathan Fischer
Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GXPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as ShmooCon, Black Hat Arsenal, DEF CON Demo Labs, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.
Proving Ground Mentor
Tal Folkman
Tal Folkman is a seasoned senior malware researcher and accomplished expert in cybersecurity with over 8 years of experience in the field. Tal possesses exceptional skills in detecting and analyzing malicious code present in open-source software supply chains. In 2021, Tal joined Dustico, a software supply chain security startup that was later acquired by Checkmarx. Prior to this, she served for 5 years as both member and leader of IDF's Cybersecurity Red Team. Currently, Tal and her team are dedicated to identifying and combating software supply chain attackers, thereby ensuring the safety and security of the ecosystem.
Talks:
Larissa Fonseca
According to the World Economics Forum annual report “Approximately half of executives say that advances in adversarial capabilities (phishing, malware, deep fakes) present the most concerning impact of generative AI on cyber”. It is already a fact that the world is already entering, if not inside, the AI bubble and facing this reality as soon as possible will help companies be better prepared for the future. However, with the velocity required to implement AI and surf into this new technology the risks involved may be put behind to give place to velocity. Based on this scenario this talk is designed to explore the adversarial attacks applied to ML systems and present the results of research made observing cybersecurity communities focused on sharing AI Jailbreaks and how those behave when applied to the most used AIs in the market.
Talks:
And what if it was hacked? Tactics and Impacts of Adversarial Machine Learning
Dean Ford
Over 25 years of experience in the Automation Systems industry in leadership and management positions; directed sales, operations, and administrative teams in start-up, turnaround, and high-growth environments. Extensive background in automation, information and integration initiatives, identifying critical areas within businesses, manufacturing and other areas for systems implementations. Strong, decisive, and trailblazing leader with excellent planning, analytical, organizational, and team building skills. Grow top line revenues through aligning value propositions and offerings to marketplace. Promoter of the Automation Profession through extensive volunteer work.
Talks:
Chris Formosa
Chris Formosa is a Lead Information Security Engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Chris discovers and tracks malicious botnet activity, mapping the infrastructure crimeware families use to operate. His work prior to Lumen Technologies involved uncovering and stopping fraud rings in the financial space. He has a background in data science and a master’s in computer science from Georgia Tech. When Chris isn’t by his computer, he is searching for his first beach volleyball tournament win.
Talks:
Grey Fox
Author: Grey Fox (he/him) greyfox@wcassembly.com Grey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
Talks:
Introduction to Software Defined Radio – For Offensive and Defensive Operations
Elysee Franchuk
Elysee Franchuk is a Cybersecurity Consultant. He enjoys breaking things apart, and understanding the processes that enable systems to function. With a background in programming, penetration testing, and information technology, Elysee has a creative perspective in detecting vulnerabilities, and finding new ways to exploit new and old problems. Other interests of Elysee are playing video games, listening to EDM, and Lego.
Talks:
Jason Fredrickson
Jason Fredrickson is the Managing Director of software development for Aon Cyber Solutions, the arm of the services firm dedicated to helping clients achieve cyber resiliency. Jason graduated with a degree in computational physics from Harvey Mudd College and then got his "MBA" at the School of Hard Knocks with a succession of failed startups during the late 90s. Since then, he's been running software development teams in the cyber security industry and building online platforms used by tens and hundreds of thousands of users worldwide. He's never afraid to ask the stupid question and dedicates his time to making people 42% more awesome. In his spare time, he builds Lego and practices Taekwondo with his daughter.
Talks:
Behavioral Interviewee-ing: Inverting the Corporate Interview to Get You Hired
David French
David French is a Detection & Response Engineer and Threat Hunter with many years of experience both working as a defensive cybersecurity practitioner and on the vendor side of life doing threat research and building security solutions. He currently works at Google Cloud where he helps security practitioners defend their organization from attack using Google Security Operations. He likes to pay it forward by sharing knowledge and research with the community via blogging, presenting at conferences such as Black Hat and BSides, and contributing to MITRE ATT&CK. David has shared extensive research on implementing Detection-as-Code and is the creator of Dorothy, a tool to simulate attacker behavior in Okta environments.
Talks:
Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise
Allan Friedman
Allan Friedman is a Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency in the US Government. Known as "Dr. SBOM," he coordinates the global cross-sector community efforts around software bill of materials (SBOM). He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.
Proving Ground Mentor
Nick Frost
Nick is an engineer on Figma's Security Team. He's been working on security teams at SaaS companies since the first season of Succession came out. He spends his time helping engineers write more secure Electron apps, OAuth flows, and login code.
Talks:
Angel Gamboa
Angel Gamboa is one of the security consultants of all time. He has 6 years experience in various disciplines such as netpen, appsec, red team, and vuln research offensive roles. This sounds cool, but he's really just a dude from Kansas.
Talks:
Dennis Giese
Dennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. As side-projects, launches rockets with the MIT Rocket team. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a "robot collector" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
Proving Ground Mentor
Fabricio Gimenes
Fabricio Gimenes is Offensive Security Directory at Redwolves, specialist “Redteam/Pentest”. Graduated in Cyber Security Defense, he also has some certifications related to offensive security "OSCP/OSWE/OSEP/CRTP".
Talks:
Carlos Gonçalves
Carlos Gonçalves has over 10 years of experience in the information security industry. Currently, he is the CTI Leader at a Fortune 500 financial company. Carlos also has experience conducting pentests, managing the red team, and the incident response teams.
Talks:
Intel-Driven Adversary Simulation for A Holistic Approach to Cybersecurity
Alexis Hancock
Alexis works to keep the networks strong and encrypted by managing the Certbot project. She researches an intersection of issues on digital rights, encryption, and consumer technology. She believes in an open and equitable web through encouraging local tech literacy, educating other engineers, and advocating for better and stronger tech policy. She has spoken about user privacy, digital identity, cloud security, open technology standards, and government & corporate surveillance. She has worked in web development and application security for over 10 years.
Talks:
Jennifer Havermann
Biography.
Proving Ground Mentor
James Hawk
James Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to a number of different assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.
Talks:
Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 101
Kerry Hazelton
Kerry Hazelton - better known as "Professor Kilroy" - has been involved in the technology and security industry for twenty-five years crafting his own version of "Protection Against the Dark Arts" with an extensive knowledge of information systems, data center operations, Cloud computing, digital forensics, and incident response. Ever the security enthusiast and a sucker for movie references, combined with a deep passion for teaching and mentoring; Kerry created the Cloud Forensics Workshop and CTF Challenge in 2017, which is a technical workshop that focuses on learning about the science of Cloud forensics and its real-world applications, followed by a Capture-the-Flag competition to gauge his students’ comprehension and critical-thinking skills by solving multiple forensic puzzles in a race against each other within the allotted amount of time. He can be found posting his random thoughts on gaming, hacking, or life in general via X under the handle of @ProfKilroy.
Talks:
Fred Heiding
Fredrik Heiding is a research fellow in computer science at Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS). He researches AI-enabled cyberattacks from the intersection of technology, business implications, and national security policies. His work demonstrates how AI models can be used to hack devices and users and create mitigation strategies for preventing those hacks. He also red teams the AI models themselves and the US national cybersecurity strategy to find out how to better prepare our national security for AI-enabled cyberattacks. In early 2022, Fredrik got media attention for hacking the King of Sweden and the Swedish European Commissioner. Fredrik currently works with the World Economic Forum's Cybercrime Center and White House Officials to improve global and domestic cybersecurity standards of AI-based cyber defense. Fredrik is a teaching fellow for the Generative AI for Business Leaders course at the Harvard Business School and leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST). Twitter: @fredheiding
Talks:
Anthony Hendricks
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy, one of Oklahoma’s largest and oldest firms. At Crowe & Dunlevy, Anthony serves as founder and chair of the firm’s Cybersecurity and Data Privacy Practice Group. His legal practice focuses on data privacy compliance, regulatory enforcement and permitting, and other “bet-the-company” suits in the areas of data security, privacy, and other complex business litigation. Anthony is an adjunct professor who teaches Cybersecurity Law and Information Privacy courses at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology,” a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Anthony is a proud graduate of Howard University and was selected as Howard’s first British Marshall Scholar. Anthony holds two masters from the London School of Economics and earned his JD from Harvard Law School. To learn more about Anthony’s current projects and upcoming speaking events or listen to the latest episodes of his podcast, visit www.anthonyjhendricks.com
Talks:
HexxedBitHeadz
Passionate about the convergence of cutting-edge technology and artistic expression, Hexxed BitHeadz are always looking to merge the realms of ethical hacking and digital art creation. With a strong background in cybersecurity and a keen eye for aesthetics, we bring a unique and innovative approach to the world of digital creativity.
Talks:
Karl Holmqvist
Karl's security journey began with early Bulletin Board (BBS) payment systems and continued through to the modern internet age with the creation of Canada's first high-speed mobile network using licensed PCS spectrum. These efforts sparked Karl’s interest in telecommunications, internet engineering and cybersecurity solutions more broadly, which formed the foundation for Karl’s nearly three decade career building security systems and critical infrastructure. Karl Holmqvist is the CEO of Lastwall, a trusted Identity Platform company used by the U.S. Department of Defense and a growing number of civilian Government agencies and critical infrastructure entities. Karl is an outspoken advocate for quantum resilient systems to mitigate threats posed by the advent of a Quantum computer.
Talks:
Wars and Rumors of Wars - What are the implications for Domestic Critical Infrastructure?
Wendy Hou-Neely
Wendy is from Marsh McLennan Cyber Risk Intelligence Center. She specializes in data, data analytics, risk quantification models for all aspects of cyber. She designed and created the various cyber risk models for MMC as well as consulting on cyber risk quantification for clients from various industries since 2017. Wendy has over 30 years’ experience in the information technology industry, analytics, both in enterprise software, hardware and security. Like many others in the space, she began working in the area of cyber security more than 10 years ago to understand the financial impact of cyber breaches on businesses. Her skills in analytics and data science, combined with her understanding finance, technology and the nature of cyber breaches uniquely afford her the ability to quantify cyber risks.
Talks:
Navigating the Changing Cyber Landscape: Trends, Costs, and Risk Mitigation Strategies
Blake Hudson
Blake is a seasoned cybersecurity professional, boasting over 6 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and cloud security. Previously a Red Teamer through the Department of Education where he obtained several SANS certifications and is currently serving as an Offensive Security Engineer at PayPal, Blake orchestrates and executes engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Blake demonstrates his ability to identify common vulnerability patterns through continual participation in CTFs and has a passion for continuing education. Additionally, he has refined his skills through constant security research, further enhancing his expertise in cybersecurity.
Talks:
Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain Insecurity
Suha Sabi Hussain
Suha Sabi Hussain is a security engineer on the machine learning assurance team at Trail of Bits. She has worked on projects such as the Hugging Face Safetensors security audit and Fickling. She received her BS in Computer Science from Georgia Tech where she also conducted research at the Institute for Information Security and Privacy. She previously worked at the NYU Center for Cybersecurity and Vengo Labs. She’s also a member of the Hack Manhattan makerspace, a practitioner of Brazilian Jiu-Jitsu, and an appreciator of NYC restaurants.
Talks:
Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
J
I am a US Army Veteran with over 20+ years of experience with 14+ solely within the cybersecurity domain. I was a Signals Intelligence (SIGINT) analyst in the military primarily supporting Operation Enduring Freedom. Within cybersecurity I have worked on Cyber Threat Intelligence (CTI), cyber counterintelligence (CI), maturity assessments, GRC, Advanced Persistent Threat (APT) analysis, course development, and instruction. I have experience across industry verticals including US Federal Government, DoD, USIC, and SLED. I am passionate about helping others in INFOSEC and volunteer in the community with several non-profits.
Talks:
Law Enforcement and IMSI catchers – A privacy nightmare - Session 6
Laura Johnson
Laura Johnson is a Security Manager, who started her career by joining the military unaware of how much she would fall in love with "security and things". Earlier in her career, Laura held roles such as Maintenance/Integrator, Network Engineer, Consultant, and Managing Security Engineer. Laura has first-hand experience in regards to cyber harassment and would like to share her knowledge to assist individuals in options.
Talks:
Josh Kamdjou
Josh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
Talks:
Atsushi Kanda
Atsushi Kanda works as a cyber threat intelligence researcher in NTT Communications. He established a threat intelligence team, NA4Sec, and has been leading the team both as a manager and a tech lead. His specialities include network security in general, cyber threat intelligence, network and security operations. Some of his work has been presented at Internet Week (2022, 2023), JSAC2024.
Talks:
Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
Hirofumi Kawauchi
Dr. Hirofumi Kawauchi is SOC manager at NTT-ME. In his 10+ years’ background in cyber security, he previously led incident response, vulnerability management, and Security by Design at NTT East, the largest telecom carrier in Japan. He also experienced SOC analyst, threat intelligence development, SIEM and security device management for Managed Security Service (MSS) at NTT Security US. After coming back to Japan, he newly launched NTT East’s MSS as a tech-lead and developed SOC infrastructure. He contributes to Japan’s telecom industry and educational field in cyber security by sharing his knowledge and experience at ICT-ISAC JAPAN, university classes, several events, etc. He holds CISSP, GPEN, GCFA, AWS-SAP/SCS. He is also NTT Group Certified Security Principal and PhD Engineering.
Talks:
Reassessing 50k Vulnerabilities: Insights from SSVC Evaluations in Japan’s Largest Telco
Krity Kharbanda
I am working as an Application Security Engineer, after graduating with a Master's in Science Information Science, and a diverse skillset and experience in data management, qualitative and quantitative analysis of data, troubleshooting, posture management, security scanning, cloud security, and container security, in a cross-functional collaborative work environment. I appreciate new perspectives, love talking to people, and am on the lookout to learn and grow more.
Talks:
Patrick Kiley
Principal Consultant at Mandiant/Google Cloud has over 20 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick is a skilled embedded security consultant and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
Talks:
Introducing Serberus - a multi headed serial hardware hacking tool
Charissa Kim
Charissa Kim is a Security TPM at Semgrep. She has spoken on various panels and presented at conferences such as the National Cryptologic Foundation (NCF), National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE), and many others. Charissa also founded Cyber Youth Tech (CyTech), a non-profit organization devoted to empowering the next generation of STEM and cybersecurity professionals. Furthermore, Charissa directed and produced K-12 Cyber Talk, a cybersecurity webcast sponsored by the National Security Agency, providing a welcoming environment for K-12 students to learn and explore cybersecurity along with its diverse career options and opportunities. She is also the first female All-American from the National CyberPatriot and Northrup Grumman Nationals competition."
Talks:
Mike Larkin
Mike Larkin is CTO and co-founder of Deepfactor, Inc. Mike is also a contributor to OpenBSD, working on hypervisors, low-level platform code, and security. Mike is also an adjunct faculty member at San Jose State University, where he teaches application security technologies and virtualization.
Talks:
101 Things Your Application is Doing Without Your Knowledge
Workshop: Vulnerability Reachability Analysis Using OSS Tools
Mário Leitão-Teixeira
I work in AppSec at Checkmarx. I hear 'vulnerability' daily, and I'm never sick of it. I dub myself a 'self-certified idiot' because I love learning and hatching ideas. So much I've made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. That results in learning about critical vulnerabilities before they become widely exploited, and we knew about CVSSv4 before it was cool. Well, the version 4 isn't cool yet, but in the meantime, I've researched and come up with this talk. Why? It's cool, CVSS is still widely adopted and has many limitations. If you give me a chance, I would like to bring it forward as 'food for thought'. I wasn't given the chance to win a 'Best Speaker' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I'm also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check. Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning. Full bio: https://bit.ly/3SShO1C
Talks:
Sylvia Lemos
Over 8 yrs of recruiting experience covering corporate, start-up and staffing, specializing in process and training as well as leading teams. Speaks fluently in English, Spanish and Portuguese!
Talks:
What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
Simon Lermen
I am currently an independent AI researcher. I look into the misuse risks of AI agents for things like spear phishing or automated forensics.
Talks:
Craig Lester
Craig relocated interstate for his first tech role 18 years ago, where a need for travel developed into a hobby interest. Once a mileage runner, he was called crazy by some for doing long-haul weekends away. His technical career has spanned from Data & Carrier Networking into Security, where he currently assists SOC teams with detection and analytics.
Talks:
Hubert Lin
Hubert Lin is an offensive security expert, specializing in remote vulnerability exploitation, honeypots, and penetration testing. He previously led the signature team for network threat defense and was a senior staff engineer on the Red Team at Trend Micro. In his roles, he assessed network intrusion prevention systems and conducted sanctioned red team exercises to enhance corporate security. Hubert holds certifications as a Red Hat Certified Engineer (RHCE) and an Offensive Security Certified Professional (OSCP). Currently, he works at Netskope as a Sr. Staff Researcher.
Talks:
Alex Lynd
Alex Lynd is a hardware hacker & cybersecurity instructor who builds low-cost wireless hacking tools at LyndLabs. He creates educational hacking content on shows like Hak5, and also founded DevKitty, where he develops cat-themed hardware for makers & hackers!
Talks:
Jeff Man
Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, co-host on Paul's Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the "whiz" wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Pioneering member of the first penetration testing "red team" at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME.
Talks:
MasterChen
MasterChen has a background in Psychology and Network Operations and Security. He started presenting at conferences back in 2014, and looks forward to Hacker Summer Camp every year. His latest work has been focused on thwarting cyber stalkers, or stalking them back. MasterChen has been published a few times in "2600: The Hacker Quarterly", and loves contributing to the community.
Proving Ground Mentor
Liv Matan
Liv Matan (@terminatorLM) is a Senior Security Researcher at Tenable, where he specializes in application and web security. He previously worked as a Security Researcher at Ermetic and served in the Israeli Intelligence Corps as a Software Developer. As a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure, Google Cloud, AWS, Facebook and Gitlab, was recognized by Microsoft as a Most Valuable Researcher, and has presented at conferences such as DEF CON Cloud Village and fwd:cloudsec. Liv studied computer science at the Weizmann Institute of Science, in Israel. In his free time, he boxes, lifts weights and plays Capture the Flag (CTF).
Talks:
Andrea M. Matwyshyn
Andrea M. Matwyshyn is an American law professor and engineering professor at The Pennsylvania State University. She is known as a scholar of technology policy, particularly as an expert at the intersection of law and computer security and for her work with government
Talks:
Ravid Mazon
Ravid is a Senior Security Researcher with more than 6 years of hands-on experience in the Application & API Security field. As a Bachelor of Information Systems with a specialization in Cyber, Ravid brings an innovative attitude to the table, while researching different aspects in the AppSec world. He’s eager to experience, experiment, and learn something new every day. In his free time, Ravid likes to travel, exercise, and have a good time with friends and family. Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats. In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
Talks:
Paul McCarty
Paul is a DevSecOps OG and a spends most of his time red teaming the software supply chain for GitLab. He was also the founder of SecureStack, a cloud-native software supply chain security startup. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, and Australian government amongst others. More recently Paul started SourceCodeRED.com as a way to facilitate his commercial and free training products. Paul is a frequent contributor to open source and is the author of the DevSecOps Playbook, Visualizing Software Supply Chain, TVPO threat modelling framework and several other open-source projects. He’s also a pretty good snowboarder and most importantly a husband and father to 3 amazing kids.
Talks:
Dwayne McDaniel
Senior Security Developer Advocate at GitGuardian Dwayne has been working as a Developer Advocate since 2016 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and far-off places like Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv. On the internet, most places, as @mcdwayne.
Talks:
Long Live Short Lived Credentials - Auto-rotating Secrets At Scale
Kenton McDonough
I got my MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. I currently do security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems.
Talks:
Douglas McKee
Douglas McKee is the Executive Director of Threat Research at SonicWall where he and his team focus on identifying, analyzing, and mitigating critical vulnerabilities through daily product content. He is also the lead author and instructor for the SANS SEC568 class focused on combating supply chain attacks using product security testing. Doug is a regular speaker at industry conferences such as DEF CON, Blackhat, Hardware.IO, and RSA, and in his career has provided software exploitation training to many audiences, including law enforcement. His research is regularly featured in publications with a broad readership including Politico, Bleeping Computer, Security Boulevard, Venture Beat, CSO, Politico Morning eHealth, Tech Republic, and Axios.
Talks:
Seek out new protocols, and boldly go where no one has gone before
Rizwan Merchant
Rizwan Merchant is VP of Engineering at Deepfactor. A seasoned engineering leader at the intersection of DevOps and security, Rizwan has also played key roles at companies like Qualys and FireEye.
Talks:
Workshop: Vulnerability Reachability Analysis Using OSS Tools
Chloé Messdaghi
Chloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé's expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
Talks:
Ryo Minakawa
Ryo Minakawa is a malware and intelligence analyst at NFLaboratories. His works include analyzing malware used in APT attacks targeting East Asia and generating threat intelligence. He also works with NTT Communications’ NA4Sec project and monitors the infrastructure used by various attackers. He is also a developer and contributes to OSS intelligence platforms such as OpenCTI. Some of his research has been presented at JSAC2023 and JSAC2024. I hold GREM, GCTI, OSCP, OSEP and CISSSP certification.
Talks:
Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
Rory Mir
As Associate Director of Community Organizing, Rory (they/them) coordinates EFF's support of local advocacy groups through the grassroots information-sharing network, Electronic Frontier Alliance (EFA). They also lead on EFF's policy responses to emerging areas of technology such as decentralization, virtual/extended reality, and artificial intelligence. Prior to joining the EFF, Rory studied impact of technology as a doctoral student of psychology. During their stint in academia they advocated for student and worker privacy, open science, and open education on campus. They also offered cybersecurity trainings for workers, activists, and the general public.
Talks:
Ariana Mirian
Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.
Talks:
HD Moore
HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and co-founder of runZero, a provider of cutting-edge cyber asset management software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD's professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. When he's not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.
Proving Ground Mentor
Eiji Mori
# Eiji Mori Eiji Mori joined Flatt Security in April 2021 after completing graduate studies at Kagoshima University. As a security engineer, he is mainly in charge of web application diagnostics and smartphone application diagnostics. He has been involved in security camp related events in the past and has a wide range of interests from hardware to software. His hobbies are vulnerability research and muscle training.
Talks:
Wendy Nather
Wendy Nather leads the Advisory CISO team at Cisco. She was previously research director at the Retail ISAC, and research director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS) and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security and is a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative.
Proving Ground Mentor
Ignacio Navarro
Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security. Speaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty. @Ignavarro1
Talks:
Insert coin: Hacking arcades for fun
Insert coin: Hacking arcades for fun (Extended version) - Session 10
Ron Nissim
Ron Nissim is the CEO and Co-founder of Entitle. Prior to founding Entitle, Nissim served in 8200, the elite intelligence unit of the Israeli Defense Forces. Ron is an entrepreneur in spirit with a passion for identity security and software engineering.
Talks:
Ryan O'Donnell
Ryan O'Donnell is a Red Team Operator at Altus Consulting. Over the last 12+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted workshops at Hack Space Con and Bsides Nova. Ryan has a Masters in Computer Forensics from GMU and the following Certifications: OSCP, OSEP, CRTO, GREM, GCFE, GCIH, CRTO.
Talks:
Brendan O'Leary
Brendan O'Leary is Head of Community at ProjectDiscovery, on a mission to democratize security, and an advisor to various startups. Having worked in software his entire career, Brendan has had the privilege of working with many customers. Previously at GitLab and a board member of the CNCF – it is clear, every company is a software company. That means every company needs software and security operational excellence. Outside of work, you'll find Brendan with 1 to 4 kids hanging off of him at any given time or occasionally finding a moment alone to build something in his workshop.
Talks:
Fuzzing Frontiers: Exploring Unknown Unknown Vulnerabilities
Jason Odoom
Self proclaimed Autodidact Digerati, Jason has many interests ranging from Application and Cloud Security to Machine Learning. Though he is not a fan of titles he enjoys the label Security Engineer because it gives him a lot of flexibility. He often has a hard time writing his bio so he will end it here.
Talks:
Unleashing the Future of Development: The Secret World of Nix & Flakes
Kelly Ohlert
A recovering attorney and trained therapist, I'm passionate about bringing the best of tabletop roleplaying games into high-level security tabletop simulations. I've designed and facilitated single-scenario and multi-table games for companies ranging from VC-stage startups to Fortune 100 companies, for virtual tables of two and live groups of two hundred, and for audiences including both the information security and indie RPG game spaces. Speaker, NSGSCon 2024, Fal.con 2023, Blue Team Village at DEF CON 31, ShmooCon 2023, Security BSides Las Vegas 2021, Security BSides Delaware 2021, and more. Yes, I’m the blue-and-purple-haired woman you saw at that conference with that tiny long dog.
Proving Ground Mentor
Cybelle Olivera
Cybelle is a researcher of the disasters that happen in the cyber world, basically a Gossip Girl from Malwareland. She has also been involved in privacy and (cyber)security activism for 10 years and has participated in security events in various countries. Cybelle is one of the directors of the Casa Hacker organization and part of the Mozilla community. And not least, she loves her cats.
Proving Ground Mentor
Talks:
The B-side that no one sees: the ransomware that never reached mainstream popularity
Yotam Perkal
Yotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam is also a member of the PyCon Israel organization committee, a member of the EPSS SIG, takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications.
Talks:
Beyond Whack-a-Mole: Scaling Vulnerability Management by Embracing Automation
Brandon Pinzon
A seasoned leader with over 17 years of experience across technology, banking, and insurance, Brandon is an experienced CSO and currently lends his experience safeguards companies through his advisory and consultation efforts. He oversees a comprehensive global security program, encompassing cyber defense, data protection, identity management, physical security, data privacy, and business continuity/disaster recovery. From the boardroom to the classroom, Brandon's expertise is wide-ranging, spanning data collection, computer forensics, and crafting robust security and privacy strategies for heavily regulated industries. His ability to navigate complex data systems and collaborate with multinational corporations to establish best practices is well-recognized within the industry. This recognition is evident through his frequent speaking engagements and guest lectures while advising companies on how they can leave their mark on the industry. He plays a pivotal role in academia by actively advising on programming and curriculum, ensuring the next generation of professionals are well-equipped to navigate the dynamic landscape of cybersecurity.
Talks:
Looking for Smoke Signals in Financial Statements, for Cyber
Filipi Pires
I’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
Talks:
George Polivka
George Polivka has been a tech enthusiast for over two decades. With a knack for software development, architectural design, and enterprise auditing, he's now on the front lines securing network borders as a Red Teamer. George boasts a collection of tech certifications, from the foundational A+ Technician to the prestigious OSCP. When he's not busy fortifying networks, you can find George immersed in cybersecurity challenges on Hack the Box, honing his skills and uncovering new tricks of the trade. Lately, he's been delving into cutting-edge research on deploying infrastructure and tooling to empower red team operators, making networks tremble.
Talks:
Rolling out the C2: A Take on Modern Red Team Infrastructure
Elad Pticha
Elad Pticha is a passionate security researcher with a focus on software supply chain and API security. Elad specializes in finding vulnerabilities in SDLC-related software. In his free time, Elad loves to code, hunt for vulnerable technologies, and use his skills to help companies mitigate their security risks. Before his current work at Cycode, Elad dedicated his time to finding critical vulnerabilities in web applications, IoT devices, and pretty much anything with an IP address, but his recent focus has shifted towards software supply chain security vulnerabilities. Elad is committed to staying up-to-date with the latest security trends and technologies and always seeking new challenges to tackle.
Talks:
Redis or Not: Argo CD & GitOps from an Attacker’s Perspective
Abhijith "Abx" B R
Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, security researcher, red team consultant, trainer, and public speaker. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, bridge the gap between business leadership and security professionals. In the past, he managed offensive security operations for Envestnet, Inc., held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a sr. security analyst at EY. As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security. Abx also acts as the Lead of DEF CON Group DC0471, he is actively involved in leading the tacticaladversary.io project. Abhijith has spoken at security conferences such as Nullcon, c0c0n, BSides, DEF CON 28 safemode - DCG Village, The Diana Initiative, Opensource India, Adversary Village at DEF CON 29, DEF CON 30, RSAC 2023 etc.
Talks:
Kickstarting adversary emulation engagements in your organization
Harini Ramprasad
I'm a Product Security Engineer at Salesforce, where I have led several security reviews for new products and features in Tableau. Aside from acting as a security liaison during incidents, I have also been working on Generative AI security, as well as using GenAI to build security tooling :) Lately, I have been leading a project in the supply chain security space to identify vulnerabilities in third party packages and remediate them efficiently. I completed my Master's in Electrical and Computer Engineering at Carnegie Mellon University, and have completed coursework in the areas of network security, reverse engineering, and security analysis of software systems. Being part of various organizations, I have experience in carrying out research and development of security products and features for users. I also worked with the National University of Singapore on an acoustic side-channel attack and co-authored papers at international conferences. Aside from professional activities, I have largely been associated with international cybersecurity communities for women in voluntary positions. I'm currently on the Advisory Board of a non-profit, Breaking Barriers for Women in Cybersecurity, to lead initiatives in the academic and research space for women.
Talks:
Carrie Randolph
Carrie Randolph is a Senior Security Consultant, leading the GRC practices of Go Security Pro with thirteen years of experience. Prior to joining Go Security Pro, Carrie was the CIO for the Oklahoma State Department of Education, with over a decade of public service. Carrie has her Bachelors of Technology from Oklahoma State University Institute of Technology in Information Assurance and Digital Forensics, and she is a co-founder of BSides Oklahoma and a founding member of Techlahoma.
Talks:
Preeti Ravindra
Preeti solves security problems with data driven methods and software as appropriate. Her research interest spans forward looking AI for security as well as security for AI. She has experience developing and operationalizing machine learning differentiator solutions in security operations and attack surface management. Her value proposition is working cross-functionally and integrating security, data and services functions in adopting data driven practices to deliver business value. She gives back to the cybersecurity community by sharing her work at conferences and supporting women in cybersecurity through mentoring. She is currently a Principal Research Engineer and holds a Masters Degree with a cybersecurity specialization from Carnegie Mellon University.
Talks:
Brian Reilly
Brian Reilly is a security engineer focused on application security, penetration testing, and vulnerability research. He enjoys working with product teams to build and deploy secure software. His professional experience has included various roles within the financial services, technology, higher education, and state/local government sectors. He holds degrees from Georgetown University and the George Washington University.
Talks:
Kirsten Renner
After a brief run in IT and SWE, Kirsten has been in recruiting for over 20 years. She is the VP of Talent at SilverEdge and specializes in and has a passion for connecting talent to the right opportunities. She is a frequent presenter in the community on a variety of career development related topics. A known serial volunteer for decades, co-founder and previous board member of Car Hacking Village, currently a member at ICS Village and in addition to co-directing BSLV HireGround this year, and also runs the Hiring Village at BSidesCharm.
Talks:
What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
William Reyor
William F. Reyor III is a seasoned cybersecurity professional and the Director of Security at Modus Create, where he leads the security consulting practice. With a passion for solving complex puzzles, William's journey into cybersecurity was inspired by curiosity and his love for solving puzzles. His role at Modus Create involves overseeing a talented team of DevSecOps, AppSec, and Security Architects, all dedicated to enhancing the security posture of their clients. As a core organizer and co-founder of BSidesCT since 2011, William has been instrumental in fostering a collaborative and educational environment for security enthusiasts and professionals. In addition to his professional achievements, William is also a ham radio operator, known by his call sign KB1HAX, and a co-author of the Defensive Security Handbook, Second Edition a great resource for the infosec neophyte.
Talks:
Kris Rides
Kris Rides is the CEO and Founder of Tiro Security - a Cybersecurity professional services and staffing firm. He is one of the original founding Board Members of the SoCal CSA Chapter, the previous President, and an honorary board member. He chairs the industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpline, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).
Talks:
What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
James Ringold
James is a Director in Microsoft’s Security, Identity and Compliance Business Development and Strategic Ventures (BDSV) team. At Microsoft, BDSV works to identify and help to capture opportunities that will deliver growth not just today but three, five, even ten years out. BDSV leans on the knowledge of the past and the technology of today to anticipate and shape the future of technology and security. James has been in information security for more than 25 years. He has a successful record of helping large companies in retail, wholesale, aerospace, defense, and nuclear energy sectors recover and rebuild information security programs after significant security events. A former CISO, security architect, security operations manager and incident responder, James has focused on helping companies mature their security programs through development of threat, vulnerability, and risk management practices. James has authored and co-authored articles featured in Information Security Magazine on the topics of Nation-State sponsored attacks and vulnerability management program development.
Talks:
Quantum Computing: When will it break Public Key cryptography?
Norihide Saito
Norihide Saito has been involved in development and security-related work since he was a student, and joined Flatt Security in 2020. He is currently a security engineer in charge of security diagnostics mainly for web applications and public clouds, and is active in external organizations such as ISOG-J WG1.
Talks:
Aldo Salas
Aldo has more than 15 years of experience in all stages of Application Security, from penetration testing to program management, and he’s currently in a quest to get rid of passwords by leading the Application Security program at HYPR. Aldo has participated as an OWASP local chapter leader for many years and he’s active in the bug bounty community as well. Aldo has worked with a wide variety of technologies and businesses including financial, healthcare, media and entertainment, education, and information technology.
Talks:
Kaichi Sameshima
Kaichi Sameshima is currently involved in the NA4Sec project at NTT Communications. His role is to actively investigate and analyze threat infrastructure. During his university days, he was deeply involved in the research of IoT malware, focusing on the analysis of vulnerabilities exploited by malware and the monitoring of C&C servers. He also gave a presentation at JSAC2024.
Talks:
Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
Mathieu Saulnier
With a passion for Offensive Security, he automates OffSec Tools to improve the security posture of organizations around the world. Building on his strong technical background he now focuses on Threat Research, Threat Hunting, Detection Engineering and Incident Response. Mathieu is a recognized security professional and Core Mentor for Defcon’s Blue Team Village that has over 2 decades of experience in security. He shared his passion for IT Security and captivated audiences at Derbycon, SANS Summits and RSAC, amongst others.
Proving Ground Mentor
John Seymour
John is a Principal Engineer on the Salesforce Threat Management team, which includes Salesforce's Threat Intelligence, Threat Detection, Data Science, and Platform Defense and Safety teams. From prototyping new ETL pipelines to finding log quality issues to analyzing logs at scale during incidents, there's never a dull moment for him! Previously, John was a data scientist at Salesforce, and performed machine learning on security logs to alert to new attacks, to improve existing alerts and rules, and to find/make new contextual data to help in investigations. Before that, he focused on data science at a startup focused on social media security. He has presented at several security cons, including Black Hat, DEF CON, and SecTor.
Proving Ground Mentor
Jimmy Shah
Biography.
Proving Ground Mentor
Raymond Sheh
Dr. Raymond Sheh is a researcher with a focus on Trusted Robots and Autonomous Systems, particularly in the areas of Cybersecurity and Artificial Intelligence (AI) Risk Management, Standard Test Methods and Performance Measurement, Explainable AI, and fostering the development of technically and operationally meaningful policy and regulation for robotic and cyberphysical systems. He has a particular interest in working with public safety, academia, and industry, to develop research competitions for intelligent response robots that advance state-of-the-science capabilities while also educating competitors about the need to manage and address cybersecurity and AI risks. He previously taught undergraduate and graduate subjects in Computer Science, Software Engineering, AI, and Cyber Security. Ask him about his experience with robotic lion cubs and his superhero alter-ego's efforts to avert the next AI winter.
Talks:
Oreen Livni Shein
Hi, I'm Oreen, a cybersecurity expert from Tel Aviv. I specialize in supply chain security, with a background in Kerberos, domains, and networking. Outside work, I enjoy surfing, climbing, reading, and gardening. I'm always up to connect and collaborate to make our digital world more secure and resilient
Talks:
Redis or Not: Argo CD & GitOps from an Attacker’s Perspective
Sherman
Roei Sherman, Field CTO at Mitiga, is a seasoned expert in Cloud Incident Response and adversarial cybersecurity. His career, spanning over ten years in cybersecurity roles, showcases a specialization in Red Team operations. Roei's approach is marked by an adversarial mindset and guerrilla tactics, aiming for a proactive defense in a variety of security engagements that encompass training, lectures, and consulting. His expertise is rooted in a distinguished background, including roles in a Field Intelligence unit of the IDF, where he continues to serve in the Reserve. Roei has also played key roles at AB InBev as Global Director of Offensive Services and led significant projects as an information security consultant and Red Team leader for EY Israel. His technical breadth covers a wide range of areas including Red Team engagements, social engineering, physical security, and incident response across diverse platforms. Roei's academic foundation enhances his professional endeavors, holding a B.A. degree in Business Administration with a major in Cyber Security and an M.A. in Criminology. Beyond his primary role, he contributes as a co-organizer of BSidesTLV and serves on the CFP team for Diana's Initiative, demonstrating his commitment to advancing the cybersecurity community.
Talks:
Adversaries Also Lift & Shift: Cloud Threats Through the Eyes of an Adversary
Shota Shinogi
Shota Shinogi is a security researcher at Macnica, pentest tools author and CTF organizer. He is an expert in writting tools for Red Team to evade the detection from EDR, sandbox, IPS, antivirus and other security solutions. His malware simulator "ShinoBOT" and "ShinoLocker" contributes to the cybersecurity industry to help the people who want to test malwares safely. He has more than 15 years experience on the Cyber security industries, starting his carrier with HDD Encryption, NAC, IPS, WAF, Sandbox, EDR, and penetration testing. He has spoken in several security/hacking conferences; Black Hat, DEF CON, BSides. He is also contributing for the education for the next generation security engineer through the Security Camp from 2015 consecutively in Japan.
Talks:
How (not) to Build a Vulnerable LLM App: Developing, Attacking, and Securing Applications
Kyle Shockley
Kyle Shockley is one of the founding members of SolaSec. He received a B.S. in Finance and International Business, as well as an M.S. in Information Systems from Indiana University. Kyle has delivered high-value information technology solutions for over 12 years to clients in multiple industries. With experience in a variety of projects, Kyle has developed vulnerability management programs, executed advanced adversarial attack simulations, and built IT strategic roadmaps for clients around the world.
Talks:
Sick.Codes
Sick Codes is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 22k+ stars, 250k+ downloads. I’ve spoken 2x at DEF CON, published 20+ CVEs, competed in CTFs, and I’m here to stay.
Talks:
Travis Smith
Travis Smith is the Vice President of ML Threat Operations at HiddenLayer where he is responsible for the services offered by the organization, including red-teaming machine learning systems and teaching adversarial machine learning courses. He has spent the last 20 years building enterprise security products and leading world class security research teams. Travis has presented his original research at information security conferences around the world including Black Hat, RSA Conference, SecTor, and DEF CON Villages.
Talks:
AI Insecurity - An introduction to attacking AI and machine learning models.
Amit Srour
About the researcher: Amit Srour, Working as an API security engineer for a major global fortune 100 financial institution Biography :With nearly a decade of experience in Application development and application security, I specialize in Application Security Engineering and Software Development. My fascination with software began at a young age, leading me to develop hacking tools, intentionally vulnerable applications, and web applications. I've also provided technology advice to startups and small companies. Currently, I'm based in Modi'in, Israel. Xitter - @sirappsec Linkedin - https://www.linkedin.com/in/amitsrour/
Talks:
Prepare for the Appocalypse - Exposing Shadow and Zombie APIs
Dr. Emma Stewart
Emma has had a hyper focused career on power delivery and energy resilience, focused primarily on the electric industry in multiple countries. She moved to the US 18 years ago to avoid a career working in the rain in substations in Scotland, and worked at multiple national labs and in the electric grid industry. The last few years were spent working on successfully persuading some of the least resourced utilities in the country to implement basic controls. She spends the majority of her spare time running or cycling up hills, rescuing dogs and recovering from an alternate career as a triathlete.
Talks:
Living With the Enemy – How to protect yourself (and Energy Systems)
Allyn Stott
Allyn Stott is a senior staff engineer at Airbnb where he works on the infosec technology leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials. In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter. This morning espresso shot can be served directly to your inbox by subscribing at meoward.co. Allyn has previously presented at Black Hat Europe, Black Hat Asia, Kernelcon, The Diana Initiative, Texas Cyber Summit, and BSides around the world. He received his Masters in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.
Talks:
The Fault in Our Metrics: Rethinking How We Measure Detection & Response
Stryker
Ashley Stryker (“Stryker”) specializes in translating technical security findings and qualitative cyber intelligence into potential organizational impact for the security teams who want to prove the *why* – not just the *what* – behind their strategic plans. Stryker’s 2023 original cybersecurity research series “Press Reset” has won multiple industry awards, including best use of original research and best data insights. You can find her on LinkedIn or in the Lonely Hackers Club (LHC) Telegram chat, ranting about how commercial gun safes do *not* make for secure off-site data storage options. Stryker lives in the Baltimore-DC area, renovating a townhouse with her ancient beagle-hound mix and growing parsley for swallowtail butterfly caterpillars.
Talks:
Career Campaigns: Re-Specing Your Professional Class for an InfoSec Role [Tabletop RPG Workshop]
Matthew Sullivan
Matthew Sullivan leads the infrastructure and identity security functions at Instacart, where he manages a talented team of individual contributors responsible for all cloud platform security controls across all three major cloud providers. Prior to joining Instacart, Matthew spent ten years at Workiva, where he helped establish and mature the company’s security program as a security engineer, infrastructure architect, and then finally as the lead product manager for IAM and security features. He is also the founder of BugAlert.org, a non-profit service that alerts the security community about time-sensitive, high-impact vulnerabilities.
Talks:
JIT Happens: How Instacart Uses AI to Keep Doors Open and Risks Closed
John O. THORNE
John O. Thorne, a former intelligence officer, transitioned to the commercial sector after a career collecting HUMINT and technical data following 9/11 and during the Global War on Terror. His expertise in counterintelligence, particularly in identifying surveillance, remains a strong trait. His career in Cyber Threat Intelligence collection was interrupted when he was voluntold to Insider Threat teams. In this talk, he will share insights into corporate monitoring practices, explaining how employees are unwittingly tracked and what can be done to raise awareness. His goal is not to help employees bypass corporate surveillance but to inform them about the existing boundaries and how to maintain their roles within the company.
Talks:
Christophe Tafani-Dereeper
Christophe lives in Switzerland and works on cloud security research and open source at Datadog. He previously worked as a software developer, penetration tester and cloud security engineer. Christophe is the maintainer of several open-source projects such as Stratus Red Team, GuardDog, CloudFlair, Adaz, and the Managed Kubernetes Auditing Toolkit (MKAT).
Talks:
From keyless to careless: Abusing misconfigured OIDC authentication in cloud environments
Ezz Tahoun
Ezz Tahoun is a distinguished cyber data scientist, who won awards at Yale, Northwestern and Princeton universities as well as prizes from CCCS, CSE, Microsoft, Trustwave and PIA. During his PhD studies in University of Waterloo, he had authored 19 papers, 4 open source projects, and was a reviewer for top conferences. He led innovative security projects for Royal Bank of Canada, Orange, Canarie, Huawei, Forescout, various governments, and others. He holds the following certifications: GIAC Advisory Board, GCIH, GSEC, GFACT, CEH, CISM, CRISC, PMP, GCP Prof Cloud Architect, and was an Adjunct Professor of Cyber Security. Ezz speaks at many cyber confs year round.
Talks:
Per Thorsheim
Founder & organizer of PasswordsCon. I know your next password. Linkedin.com/in/thorsheim for all the corporate details.
Talks:
Standardizing Password Surveys
Combating phone spoofing with STIR/SHAKEN - a BSidesLV crowd-sourced status quo, demo & explanation
Emanuel Valente
Emanuel Valente is the principal cybersecurity engineer at iFood, the largest food tech company in Latin America, where he technically leads the security engineering team dedicated to designing and implementing advanced cybersecurity solutions. With over ten years of experience, Emanuel specializes in various security disciplines, including cloud and edge security, runtime security, and AI security. He brings a solid foundation in mathematics, statistics, and computer science to his work. Emanuel is pursuing a Master's in Cyber Security at the University of São Paulo. He has studied under the Fulbright Scholarship at the University of Arizona and the University of Florida, focusing on malware analysis. Additionally, Emanuel actively contributes to the OWASP Top 10 for LLM Apps. Committed to advancing cybersecurity technology, he shares his expertise through speaking engagements and research collaborations. Organization: iFood - Cybersecurity Team Email: emanuel.valente@ifood.com.br Twitter Handle: @emanu_valente Blog: https://blog.ifoodsecurity.com/ Linkedin: https://www.linkedin.com/in/emanuelvalente/
Talks:
DoH Deception: Evading ML-Based Tunnel Detection with Black-Box Attack Techniques
Will Vandevanter
With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP, HackMiami and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses. He currently works as Senior Staff Security Researcher at Sprocket Security hacking hard things at scale.
Talks:
WHOIS the boss? Building Your Own WHOIS Dataset for Reconnaissance
Ira Victor
Ira Victor has spent more than 25 years as an information security and digital forensics professional. In that time, he’s been a first responder to data incidents of all kinds. Ira is a founding Ambassador for the Center for Internet Security, and helped craft a state law that defines reasonable security by using The Center for Internet Security Controls. He is most proud of his role as a founding member the Nevada-based Computers for Kids Club, a unique chapter of the long-established Lions Club International. The 100% volunteer club has provided Linux-powered equipment and security/privacy training to more than 10,000 lower-income students in the local school district. The effort is entirely grounded in Open-Source security and privacy technology. Ira is the co-developer of patented infosec technologies that relies on metadata to protect email systems. He's a recognized by Nevada’s legal community as a top-flight expert on eDiscovery matters.
Talks:
Munish Walther-Puri
Munish Walther-Puri (he/him) is the VP of Cyber Risk at Exiger, where he focuses on supply chain and cyber risk in the tech, media, and telecom sectors. He is the former Director of Cyber Risk for New York City Cyber Command. He also teaches on cyber resiliency and cybersecurity at NYU Center for Global Affairs and Columbia SIPA. Prior to working for the City of New York, he led analysis and intelligence for a dark web monitoring company, advised startups in corporate investigations, encrypted communications, and political risk, and consulted independently on applying technology and analytics to geopolitical analysis, forecasting, and open-source intelligence analysis. He also spent time at a large American bank, working on the intersection of fraud, cyber investigations, and terrorism, and at a leading think tank, focused on nuclear policy and international security. Munish is a Life member of the Council on Foreign Relations and co-founder and advisor to the Fletcher Political Risk Group. He is an ally for the #ShareTheMicInCyber campaign and an Eagle Scout.
Talks:
How to Stop Looking for a Job, and Start Looking for Culture
Cultivating Resilience: How to Succeed in a Role that Didn’t Exist
George Wang
George is a software engineer by career and training. He has worked at a biotech creating genetically modified crops, a video games studio, and a large cloud provider company. In the past few years, George was thrust into the world of cybersecurity by proximity to other folks doing it far longer than he has. Despite having built many things used by many people, George’s claim to fame is having worked with a founding member of WhatsApp, who sadly turned down a sizable stake in the company for higher base pay. An event that gave him unrealistic start up expectations due to sampling bias. Nowadays, George enjoys broadening his horizon from interactions with eclectic engineers. He currently works at CloudKitchens.
Talks:
Building a Security Audit Logging System on a Shoestring Budget
Wade Wells
Wade Wells is a Lead Detection Engineer for a Fortune 50 company. He has worked for eight years in security operations, performing threat hunting, cyber threat intelligence, and detection engineering, primarily in the financial sector. He holds a master's degree in cybersecurity from Georgia Tech, is a board member of BSides San Diego, and teaches a cyber threat intelligence course. Wade has given talks for BSides San Diego, GrimmCon, Wild West Hackin Fest, and Defcon 858/619. In his spare time, he mentors people trying to get into the infosec field, reads fantasy novels, and spends as much time as he can with his family.
Proving Ground Mentor
Cecilie Wian
Cecilie Wian is a recognized expert in software testing with a specialization in abusability testing. With over 10 years of experience in the IT industry, Cecilie has developed into an authority on identifying and evaluating potential abuse scenarios and logical security vulnerabilities in various software products.
Talks:
Eoin Wickens
Eoin Wickens is the Technical Research Director at HiddenLayer, where he works as a leading researcher in securing artificial intelligence systems. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been published over a dozen times, including co-authoring a book on cyber threat intelligence focusing on Cobalt Strike. Eoin has spoken at conferences such as BSides San Francisco, DEF CON AI Village, LABSCON and 44CON and proudly supports the Irish cybersecurity community as a south chapter member lead of Cyber Ireland.
Talks:
AI Insecurity - An introduction to attacking AI and machine learning models.
Dave Bailey Amelia Wietting
Dave and Amelia are two SecDSM IoT/hardware hackers that love to see how things work. They are makers, volunteers, and mentors. Dave and Amelia work on embedded systems in $dayjobs.
Talks:
Beau Woods
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, Founder/CEO of Stratigos Security, a Cyber Safety Innovation Fellow with the Atlantic Council, leads the public policy space at DEF CON, and helps run the I Am The Cavalry track at BSides Las Vegas. In addition, Beau helped found the ICS Village, Aerospace Village, Hack the Sea, and Biohacking Village: Device Lab. His work bridges the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. He formerly served as Senior Advisor with US CISA, Entrepreneur in Residence with the US FDA, and Managing Principal Consultant at Dell SecureWorks. Over the past several years, Beau has consulted with the energy, healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US and international policy makers, and the White House. Beau is a published author, public speaker, media contributor.
Talks:
Wars and Rumors of Wars - What are the implications for Domestic Critical Infrastructure?
Eitan Worcel
Eitan Worcel is the co-founder and CEO of Mobb, the 2023 USA Black Hat StartUp Spotlight winner. He has over 15 years of experience in the application security field as a developer, product management leader, and now startup founder. He has previously spoken at Black Hat, OWASP chapter meetings, dozens of new outlets and podcasts.
Talks:
Don’t Make This Mistake: Painful Learnings of Applying AI in Security
Paul Wortman
Wortman is a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.
Talks:
Randall Wyatt
Randall Wyatt is currently an Application Security engineer on the Product Security Team at CoverMyMeds (CMM). He participates in active development on an in-house vulnerability management solution, HIPAA technical risk assessments, and various other security related tasks. Randall spent the first part of his career in Automated QA testing for a couple of companies. He then moved into Application Development with auticon (a leading neurodivergent consulting company) as a contractor at CMM. Once at CMM, he made the connections necessary to pivot into Application Security. Randall is passionate about championing neurodivergence in the workplace and developing the active defender mindset and a security first culture. In his free time, Randall enjoys video games, reading, and spending time with his partner.
Talks:
Phillip Wylie
Phillip is a passionate offensive security professional with over twenty six years of information technology and cybersecurity experience. His experience includes penetration, red teaming, and application security. When Phillip is not hacking, he educates others about pentesting and web application pentesting during workshops at conferences and other events. Phillip is the concept creator and coauthor of the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker,” based on his conference talk on starting a career as a pentester. Phillip’s uncommon journey into cybersecurity is preceded by his colorful past as a pro wrestler, where he once wrestled a bear.
Talks:
Misha Yalavarthy
Misha Yalavarthy is currently an Security Engineering Manager of a research team at Semgrep that is building rules to find vulnerabilities in our customers code. Before Semgrep, she was the Security Engineering Manager for the Detection and Response team at Sentry and was responsible for building the program from the ground up. Prior to that, she was a Senior Security Engineer at Cloudflare focused on internal security and building detections to secure the global network and infrastructure.
Talks:
Dominic Zanardi
Dom is a New York City-based Senior Security Engineer at Instacart, where he specializes in Cloud Security, Infrastructure, and Identity. His current focus is on developing scalable internal tooling and enhancing automation processes. Before joining Instacart, Dominic led the Security Engineering team at Latch, where he was instrumental in establishing foundational security protocols, emphasizing hardware-based controls, and Public Key Infrastructure (PKI). Before moving into security-focused roles, he also served as a Backend Engineer at Microsoft.
Talks:
JIT Happens: How Instacart Uses AI to Keep Doors Open and Risks Closed
Kathy Zhu
Having worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.
Talks:
crudd
Steve "crudd" Rudd is a Senior Lead Information Security Engineer at Lumen Technologies responsible for reverse engineering malware samples across a wide variety of architectures and operating systems from a broad range of threats, including cybercriminals, ransomware operators and APTs. In addition to reversing network protocols and gleaning IoCs from custom loaders and implants to aid in investigations, Steve develops the automated threat validation capabilities of Black Lotus Labs through bot emulation and C2 validation to track and disrupt threats at scale. A self-taught practitioner, Steve is passionate about understanding how things work and digging into low-level assembly, operating system internals and network protocols. He is rumored to have been used by EA sports as the character for their 1987 skateboarding game for the Commodore 64. Uncredited, of course.
Talks:
dade
dade is a former fortune 50 red teamer turned startup staff security engineer. While at work, he's passionate about all things security, software, and infrastructure related. While he's not at work, he's passionate about getting back to work. He also enjoys developing software, blogging, self-hosting, and writing rap songs about his interests and hobbies.
Talks:
jeff deifik
Jeff Deifik has a MS in Cybersecurity and a CISSP and C|CISO credentials. His interest in the intersection of cybersecurity and software development began with white hat password cracking over 30 years ago. Career projects included ten years at the first e-commerce system (from 1985-1995), the first orbiting radio telescope satellite, the worlds most advanced pulse oxineter, and most recently cybersecurity for government satellite ground control, balancing sound cybersecurity with cost and schedule. He is currently employed at The Aerospace Corp.
Talks:
arun vishwanath
Arun Vishwanath, PhD., MBA, (https://www.arunvishwanath.us) is a well-known and recognized expert on the human aspects of cybersecurity. He has made 200 media appearances, published more than 50 peer-reviewed research articles, and presented at notable venues from the US Senate to the Army Cyber Institute at West Point and Black Hat USA. His writings have appeared in CNN, The Washington Post, and other leading publications. He is the author of The Weakest link: How to Diagnose, Detect, and Defend Users From Phishing, published by MIT Press, and the founder of the Cyber Hygiene Academy, an organization dedicated to developing cyber resilience in children.
Talks:
I won’t allow my child to have a smartphone: Why Smart parents make not so smart children
