2021 Speakers
Alan Sheng
He/Him
Alan is a software architect with Intel Corp, Shanghai, China. With over 16 years of experience, Alan mostly focus on system firmware and IP FW design with comprehensive security features on Intel SoC, IP and platform for many generations. His security expertise includes system/IP FW boot authentication, secure and measured boot and memory based attack mitigations.
Talks:
Alison Goh
She/Her
Alison is the Security Program Manager at the Democratic National Committee and brings over a decade of political campaign experience from electoral and labor campaigns across the country. She worked to create a culture of security to secure the Presidential campaigns and the DNC. In her spare time, she is President of the League of Women Voters of San Francisco (@LWVSF), and is passionate about voting rights and women’s representation in government.
Talks:
Securing the 2020 Presidential Campaign: Threats, Challenges, and a Global Pandemic!
Alyssa Miller
She/Her - Business Information Security Officer - S&P Global Ratings
Alyssa began her IT career as a programmer for a Wisconsin based provider of financial software and services. Her passion for security quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team. Later, Alyssa would expand her view of the security industry by moving into consulting. With her programming background, Alyssa was able to focus her efforts on Application Security. Her continued role as a leader in multiple consulting organizations allowed her to work with high level business leaders to address security at a strategic level. Today, Alyssa leads the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. Additionally, she shares her message about evolving the way people think about and approach security, privacy and trust through speaking engagements at various conferences.
Talks:
Anchal Raheja
Anchal Raheja currently works as a Security Engineer at Apple. Anchal’s areas of expertise include Security automation, Cloud Security, Penetration Testing, Threat Management, Digital Forensic and Incident Response (DFIR). While getting his Master’s in Computer Science he got his thesis published on Malware Detection using Hardware Performance Counters. Anchal currently holds various certificates with recent ones being OSCP and GCFA.
Talks:
Andrew Brandt
He/Him - Principal researcher - Sophos
Andrew Brandt is a former investigative reporter turned network forensics investigator and malware analyst, who works as a Principal Researcher for SophosLabs. Brandt uses his knowledge about the behavior of malicious software to profile identifiable characteristics of undesirable or criminal activity. His analysis techniques seek to determine general principles that can help analysts and defenders rapidly and comprehensively identify the root cause of infection and data loss, putting real-time network data analysis at the front line of prevention.
Talks:
Andy Applebaum
He/Him - Principal Cyber Security Engineer - MITRE
Andy Applebaum is a security researcher at MITRE, where he works on applied and theoretical security research problems, including as one of the leads on the CALDERA automated adversary emulation project. His work tends to lie at the intersection of security, automation, and reasoning, with a growing interest in the ability of attackers to both misuse and thwart machine learning and artificial intelligence systems. Andy has published numerous papers and spoken at multiple conferences, including Black Hat Europe, CAMLIS, BSides NoVA, and the FIRST Conference.
Andy received his PhD in computer science from the University of California Davis and he holds the OSCP certification. Outside of work, Andy is an avid chess player, having won the 2018 DEF CON chess championship.
Talks:
Revenge on the Worms! Towards Deception Against Automated Adversaries
Anna Skelton
Vice President, Cyber Threat Intelligence - Bank of America
Anna grew up skiing and hiking in the mountains of Colorado. In college she studied Global Security and Intelligence studies and built GoDaddy’s international travel security program. Post-graduation she started with Bank of America as a business information security officer. Now she’s a strategic analyst on the cyber threat intelligence team, preforming predictive analysis on nation state actors and composing threat assessments for senior leadership. On the side she has spoken about the potential impact of deepfakes on the financial services industry at DefCon, BSidesLV, and FS-ISAC. Her hobbies include western art and Being Existential.
Talks:
Chen Cao
He/Him - Security Engineer @Cloudflare
A security engineer at Cloudflare focuses on Detection and Response. Chen holds a Master of Science degree in Security Informatics from Johns Hopkins University and has been in the security industry for about 4 years now. He enjoys sharing & learning good practices in the industry and currently working on finding a reliable, scalable and cheap way for log collection and alerting.
Talks:
Chester Wisniewski
Principal Research Scientist - Sophos
Chester Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of security to the press and public in a way they can understand.
Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin and many Security BSides events around the world in addition to regularly consulting with NPR, CNN, CBC, The New York Times and other media outlets.
Talks:
Aristotle In Security: How an Ancient Greek Can Improve Your Security Program
Chris Krebs
Founding Partner - The Krebs Stamos Group
Founding Partner, Krebs Stamos Group. Co-Chair @AspenDigital Commission on Information Disorder. Former Director @CISAgov. Fired by tweet.
Talks:
Colleen Dai
Colleen Dai is a security software engineer at r2c, a startup working on building static analysis tools that focus on precision and being custom-fit to the consumer. At r2c, Colleen has worked on language parsing along with AST matching. She is also writing rules and performing research to find security vulnerabilities in open source code. Colleen recently received her B.S. in Computer Science and M.S. in Statistics from Stanford. She regularly enjoys Brazilian Jiujitsu, drawing, and trying (and failing) not to eat everything in her fridge.
Talks:
The power of guardrails: How to slash your risk of XSS in half
Daniel Stinson-Diess
He/Him - Security Engineer - Cloudflare
Daniel is a Security Engineer @ Cloudflare who builds tools and systems to detect security incidents and improve the response time. Studied computer science at UC Riverside and first got involved in security through the WRCCDC competition and other CTFs. Has attended BSidesLA, BSidesSF and many DEFCON conferences. If not hacking on tooling then out with my dog.
Talks:
Diana Kramer
She/Her - Security Operations Manager
My name is Diana Kramer, I live in Barcelona and I am a Security Engineer leading the Security Operations team for King. I am passionate about videogames, even if I am a very bad gamer, and I lead the Women in Security, WoSEC, meetup chapter in Barcelona. I am and will always be an engineer at hearth, viewing each challenge, from the implementation of a security control to a policy, like a state based system, that can always be improved. And this makes me love exploring new technologies and try combining different ideas to solve one of the most entertaining problems in security (for me): logging and monitoring!
Talks:
Dileep Gurazada
Application Security Lead
A strong engineering background along with knowledge in infrastructure and application security vulnerabilities has allowed Dileep to develop cutting edge solutions for a wide-ranging set of use cases.
With an M.S. in Computer Science from the University of Texas at Dallas, Dileep is currently an application security lead at Copart.
Talks:
Dmitriy Beryoza
He/Him - Senior Security Researcher - Vectra AI
Dmitriy is a Senior Security Researcher at Vectra AI. Before that he was a pentester and secure software development advocate at IBM. He spent over 25 years of his life building software before realizing that breaking it is much more fun. Dmitriy is passionate about all things security, with particular interest in reverse engineering, binary exploitation, secure software development, and CTF competitions.
Talks:
All Software is Open Source: An Introduction to Reverse Engineering
Dr. Allan Friedman
He/Him - Director of Cybersecurity and Not Buying Things - NTIA
Dr. Allan Friedman is a failed academic, a full-service technocrat, and a human who should probably talk about SBOM just a little less. He is currently Director of Cybersecurity Initiatives at the National Telecommunications and Information Administration in the US Department of Commerce. Friedman coordinates NTIA’s multi-stakeholder processes on cybersecurity, focusing on addressing vulnerabilities in connected systems and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard’s Computer Science Department, the Brookings Institution and George Washington University’s Engineering School. He is the co-author of the popular text ‘Cybersecurity and Cyberwar: What Everyone Needs to Know,’ has a degree in computer science from Swarthmore College and a Ph.D. in public policy from Harvard University.
Talks:
Your critical system IS (NOT?) vulnerable: CSAF, VEX, SBOM and the future of advisories
Dr. John Seymour
John works on the Detection and Response team at Salesforce, which focuses on aggregating all security logs at Salesforce, applying rules and models to obtain high fidelity alerts, and sharing those results with other pertinent Security teams. In particular, John performs machine learning on security logs to alert to new attacks, to improve our existing alerts and rules, and to find/make new contextual data to help in investigations. He previously focused on data science at a startup focused on social media security. He has presented at several security cons, including Black Hat, DEF CON, and SecTor.
Talks:
Dr. Ron Alford
He/Him - MITRE
Ron is an A.I. researcher specializing in automated planning. He has served as a grant panelist for NASA and the NSF, and on the organizing and program committees for major A.I. conferences and workshops. His interests include theoretical foundations of automated planning and developing new algorithms for autonomous cyber operations and response.
Talks:
Revenge on the Worms! Towards Deception Against Automated Adversaries
Dr. Vincenzo Ciancaglini
He/Him - Senior Threat Researcher - Trend Micro Research
Vincenzo earned a M.Sc. in Telecommunications Engineering from the Politecnico of Turin and a M.Sc. in Electrical Engineering from the KTH in Stockholm. For several years, he worked as a developer in Sophia Antipolis, France, during which he also took part in the formation of an innovation lab within his company, where he was responsible for analyzing upcoming technologies and their potential business developments.
From 2009-2013, he obtained his PhD from the National Research Institute in Automation and Computer Science (INRIA) in Sophia Antipolis, with a thesis about peer-to-peer networks interoperability and next-generation internet protocols. Since 2012, he has worked as a senior threat researcher within the Forward-Looking Threat Research team in Trend Micro Research.
His duties on the team spans from the development of new data analytics prototypes to identify new upcoming threats, analysis of darknet and underground forums to the research to the research of IOT vulnerabilities.
Talks:
Duncan Sparrell
He/Him - Chief Cyber Curmudgeon - sFractal Consulting
sFractal (aka Duncan Sparrell) is a seasoned (aka old) software developer and cybersecurity evangelist. He graduated from RPI back when computers were the size of buildings and programmed with punch cards. He is semi-retired and trying to give back to the community while pursuing his passions for cybersecurity automation, SBOM, quantitative risk analysis, elixir/erlang/OTP, and genealogy.
Most of his cyber experience is blue team but he kick-started his cyber chops as part of a AFIWC cyber attack team during the first Gulf War. Besides various certs (CSSIP, CSSLP, CCSK, PE), he was awarded the Intelligence Community Seal Medallion, and the AT&T Science and Technology Medal. He spends a significant amount of time on pro bono activities including cochairing OASIS OpenC2 and participating in NTIA SBOM, @iamthecavalry, ITU, NoVA Hackers, …
Talks:
Emily Rexer
Emily Rexer is a software engineer in the Cloud Platforms and Architectures Department at The Aerospace Corporation. Her experience ranges from AWS and Kubernetes to machine learning and data science. Rexer is primarily interested in the intersection of applied math and computer science, including machine learning, numerical methods, mathematical modeling, and quantum computing.
Talks:
Static Detection of Novel Malware Using Transfer Learning with Deep Neural Networks
Gabor Szappanos
He/Him - Principal researcher - Sophos
Gabor graduated from the Eotvos Lorand University of Budapest with a degree in physics. His first job was in the Computer and Automation Research Institute, developing diagnostic software and hardware for nuclear power plants. He started antivirus work in 1995, and began developing freeware antivirus solutions in his spare time. Gabor joined VirusBuster in 2001 where he was responsible for taking care of macro virus and script malware and became head of the virus lab in 2002. In 2008 he became a member of the Board of Directors in AMTSO (Anti Malware Testing Standards Organization) and, in 2012, joined Sophos as a Principal Malware Researcher.
Talks:
Gabriel Ryan
Security Engineer - AWS
Gabriel is a security engineer at AWS working on a six-person team responsible for vetting all wireless / RF technology used across AWS and Amazon. He currently specializes in kinetic threats, identifying attack vectors against “edge” devices (i.e. alarm systems, water pumps, automotive sensors) deployed in hostile environments, and safely connecting these devices to cloud-based infrastructure . Prior to joining AWS, he worked at companies such as SpecterOps, focusing on SIGINT and Windows-focused adversarial tradecraft.
Gabriel has participated as a speaker and instructor at numerous international conferences including DEFCON, DerbyCon, BlackHatUSA, and BSidesLV. He is the author of EAPHammer, SilentBridge, DropEngine, and has contributed to high-profile projects such as hostapd-wpe and Empire. His most recent open-source work includes EDR bypasses using polymorphic payload engines and environmental keying, the first working bypass of 802.1x-2010, new techniques for attacking networks using WPA2-EAP and Opportunistic Wireless Encryption (a.k.a. WPA3’s Enhanced Open).
Talks:
Securing and Trusting Third-Party Javascripts in Your Web App
Grayson Hardaway
Grayson Hardaway is a security researcher at r2c, a startup working on static analysis tools purpose-built for the modern workflow. At r2c, Grayson authors static analysis tailored for finding security vulnerabilities in open source code. Previously, Grayson worked for the US Department of Defense fuzzing and exploiting obscure protocols. When not submitting patches, Grayson is hefting a heavy pack uphill, crafting guitar solos, or learning something new: currently woodworking.
Talks:
The power of guardrails: How to slash your risk of XSS in half
Henry Reed
Henry Reed is a cybersecurity engineer in the Cyber Defense Solutions Department at The Aerospace Corporation. His work primarily focuses on developing defensive capabilities that are out of scope of current market solutions. Reed obtained the OSCP, RHCSA and GPEN certifications, worked directly with customers on software assessments and evaluation and authored one of the CTF challenges at the 2019 Malware Technical Exchange Meeting. In his free time, Reed focuses on offensive security research, with a slant towards malware.
Talks:
Static Detection of Novel Malware Using Transfer Learning with Deep Neural Networks
Jens Wiesner
He/Him - Section Head for Cyber Security in Industrial Control Systems - German Federal Office for Information Security (BSI)
Jens Wiesner heads the section ‘Cyber Security in Industrial Control Systems’ of the German Federal Office for Information Security (BSI). To increase security of critical infrastructures he and his team cover many areas starting with establishing trust and good relations with vendors and asset owners over committee work, baseline security documents over supporting standardization efforts (ISA99 and DKE 62443) to working with academia to improve research and education. He started his career in times of NCSA Mosaic and administrating DEC Alphas while studying physics. For some years he programmed risk management (Sarbanes Oxley 404) for a German car manufacturer. Since 2013 he works for BSI and since 2016 he is responsible for ‘Cyber Security in Industrial Automation and Control Systems’ and technical aspects of critical infrastructure protection in Germany. In his spare time he is cycling and rowing all over the world. (Mostly quad sculls)
Talks:
Your critical system IS (NOT?) vulnerable: CSAF, VEX, SBOM and the future of advisories
Jeremy Brown
He/Him - Computer Toucher
Many moons ago, after viewing the groundbreaking documentary “Hackers” through a pirate cable box, Jeremy knew he had to dive into the world of information security. Despite the initial devastation upon discovering the actual amount of inline skating involved in hacking, he continued down his path of understanding all of the reasons why computers were a mistake.
Today, after competing in a number of CTFs as part of his college’s infosec club and a large amount of outside research, he is your typical maybe-a-bit-too-paranoid computer toucher with lots of ideas on software to benefit the community and the world at large - now if he could only start building some of them…
Talks:
Jerome Radcliffe
Director - Thermo Fisher Scientific
Jay Radcliffe has been working in the computer security field for over 20 years. Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cyber-security. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cyber security issues. Jay holds a Master’s degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor’s degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.
Talks:
Joshua Danielson
He/Him - CISO
Copart Cheif Information Security Officer for 5 years.
Results-driven information security leader with over a decade of experience in ensuring the security of critical business systems, to include classified national defense assets. Experience in leading and motivating global team members to achieve organizational and career goals and deliver business-focused, value-driven solutions.
Talks:
Kathleen Smith
She/Her - Chief Outreach Officer - ClearedJobs.Net
Kathleen Smith, CMO, ClearedJobs.Net, a veteran owned company she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cyber security world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2 day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area.
Talks:
Kelly Ohlert
She/Her - Risk Advisor - Leviathan Security Group
Someone’s mooooom, recovering attorney, security risk advisor/tabletop nerd at Leviathan Security Group, certified Mindfulness-Based Stress Relief trainer, certified Neurolinguistic Programming Advanced Practitioner, yoglet, gnome.
A Philadelphia native, I started out doing a Bachelor’s/Master’s combo in four years at Penn, thinking I wanted to be a therapist. Turns out I like talking as much as listening, so a couple of years later I, like lots of other underemployed and overeducated young people, made the wonderful decision to go to law school in the middle of the Great Recession. I’ve worked as a public defender, a Disability Rights Attorney in Vegas, and a Federal Social Security Disability lawyer.
As a lifelong gamer and DM, I’m currently interested in making tabletop exercises less boring for fun and profit. If I never wear a suit again in my life I’ll be happy.
Talks:
Kirsten Renner
She/Her - Recruiting Director
Possibly best known as the co-organizer of Car Hacking Village and serial volunteer across our community, Kirsten has been recruiting, primarily in infosec since 2010. After a brief spell programming and running help desks, she combined the love for both, by settling into recruiting to find the best of the best talent, and specializes in the hacking community, as well as hiring for diversity and veterans.
Talks:
Konrad Kording
He/Him - PIK professor, University of Pennsylvania, Departments of Bioengineering and Neuroscience, Fellow, CIFAR - University of Pennsylvania
Dr. Kording is trying to understand how the world and in particular the brain works using data. Early research in the lab focused on computational neuroscience and in particular movement. But as the approaches matured, the focus has more been on discovering ways in which new data sources as well as emerging data analysis can enable awesome possibilities. The current focus is on Causality in Data science applications - how do we know how things work if we can not randomize? But we are also very much excited about understanding how the brain does credit assignment. Our style of working is transdisciplinary, we collaborate on virtually every project.
Talks:
Krishna Chirumamilla
He/Him - Application Security Researcher - Adobe
Passionate about cyber security, application security to be specific. Architecture reviews, Threat-modeling and Evangelizing Secure coding practices has been my bread and butter for the last 5 years. Presented at Dreamforce and TrailHeaDX on Security for Salesforce Developers and Admins. In addition to Security, my favorite pastime activities include Yoga and Meditation.
Talks:
Securing and Trusting Third-Party Javascripts in Your Web App
Krishnan Aiyer
He/Him - Acting Chief Security Officer - Democratic National Committee
Krishnan Aiyer is the acting Chief Security Officer at the Democratic National Committee. During the 2020 presidential cycle, he led a team that deployed nearly 3000 Chromebooks and security keys in a matter of weeks to staff that were fully remote. He is an alum of the tech and government sectors, and one of his first jobs was on the 2008 Obama campaign.
Talks:
Securing the 2020 Presidential Campaign: Threats, Challenges, and a Global Pandemic!
Lourdes Turrecha
She/Her - Founder & CEO - The Rise of Privacy Tech
Lourdes M. Turrecha is a privacy, cybersecurity, and data protection lawyer and leader, with 10+ years of combined experience in privacy, law, security, policy, and compliance. Lourdes is also the Founder & CEO of PIX LLC, an innovative privacy firm in Silicon Valley, and the Founder of The Rise of Privacy Tech, a movement that brings together privacy innovators, investors, experts, and evangelists to further privacy innovation.
Talks:
Lessons Drawn From Cybersecurity In The Rise of Privacy Tech
Lucas J Morris
Senior Manager, Cybersecurity
Lucas is a senior manager and leader within the cybersecurity and digital risk practices at Crowe. He has over 13 years of information security experience with much of that time spent performing penetration testing and red teaming against organizations both global and small. Outside of work, Lucas works with several universities and cybersecurity competitions, including as a director of the Collegiate Penetration Testing Competition (CPTC) and on various red teams for the Collegiate Cyber Defense Competition (CCDC) to help develop the next generation. In his free time, he develops or contributes to new tools, brews his own beer, and works in his wood shop.
Talks:
Revisiting the Analog Hole: Using OCR and other techniques to exfiltrate data
Luis Quispe Gonzales
He/Him
Luis Quispe Gonzales is Lead Offensive Security Engineer at Halborn, a blockchain-specialized cybersecurity company. He has more than 11 years of professional experience in cybersecurity consulting, with clients belonging to banking, finance, energy and mass consumption sectors. His area of expertise is offensive security and has tested the security of ATMs, cloud and on-premises services, different types of applications (web, mobile, thick client, DApps), smart contracts and legacy systems.
Previously, he has worked as Lead Penetration Tester at IBM Security SSA (Spanish South America) and as Cybersecurity Manager at Everis Perú.
Talks:
All your Ether are belong to us (a.k.a Hacking Ethereum-based DApps)
Masha Arbisman
She/Her
Masha runs a team of behavioral scientists, security analysts, and data wizards to foster positive change in employee behaviors. She graduated from UC Davis with a Bachelor’s Degree in Quantitative Psychology and has focused her efforts on human behavior as it applies to learning, consumerism, and security. Masha has been a part of the community for about 6 years, both professionally and by volunteering for Defcon, BSidesLV, and WISP. She is thrilled to pave the way for Behavioral Engineering as a function and hopes to make it a staple in every security organization worldwide.
Talks:
Matt Hodges
He/Him - Head of Technology - Zinc Collective
Matt Hodges was the Director of Engineering at Biden for president and in 2016 worked for “The Groundwork”, a software vendor to Hillary for America. He’s long had a passion for politics. He is currently the Head of Technology for Zinc Collective. During the campaign he was fully remote and sometimes would be broadcast on an laptop and walked around the Biden campaign offices.
Talks:
Securing the 2020 Presidential Campaign: Threats, Challenges, and a Global Pandemic!
Melanie Ensign
She/Her - Founder & CEO - Discernible, Inc.
After managing security and privacy communications for some of the world’s most notable brands, including Facebook, Uber, and AT&T, Melanie Ensign founded Discernible to help even more organizations adopt effective communications strategies to improve risk-related outcomes. She counsels executives and technical teams alike to cut through internal politics, dysfunctional inertia, and meaningless metrics. Additionally, Melanie is the press department lead for DEF CON, the world’s largest hacker con. She is also an accomplished scuba diver and brings many lessons learned preparing for and navigating unexpected, high-risk underwater incidents to her work.
Talks:
Lessons Drawn From Cybersecurity In The Rise of Privacy Tech
Michelle Dennedy
She/Her - Co-founder - Zen Data Privacy, Inc.
Michelle is the VP and Chief Privacy Officer at Cisco and works to raise awareness and create tools that promote privacy, quality, integrity, respect and asset level possibilities for data. Michelle is passionate about data privacy and protection, and for building better technology that matters. She works closely with families, executives, innovators and dreamers at all levels and in businesses & organizations at all stages to support the combination of policy, practice and tools.
Talks:
Lessons Drawn From Cybersecurity In The Rise of Privacy Tech
Mike Murray
He/Him - Founder/CEO - Scope Security
For the past decade I’ve been focused on information security in many diverse forms. I have led an information security consulting practice within industry leading organizations including GE Healthcare and Neohapsis or as an entrepreneur/founder of The Hacker Academy and MAD Security, where we bootstrapped the company to over $25M in revenue in the first 4 years. For the past year, I’ve been building out the global research function at Lookout, where we’re leading detection of malware, vulnerabilities and risky applications on mobile platforms. I’ve built global information security programs and have a proven track record of implementing pragmatic and results-driven security organizations which balance risks against business imperatives and rewards. I have always taken a “talent first” approach, surrounding myself with great people and doing what I could to enable them and our business partners to execute on information security outcomes from a business focus.
Talks:
Mr. Ali Kabeel
He/Him - Student
Ali Kabeel is a security researcher with more than 5 years of expertise in web & network security, bug hunting and security research. During his journey, Ali found and exploited vulnerabilities in gigantic companies including Facebook, Google, Microsoft, Snapchat, Apple and many more! His research interests revolve around business logic vulnerabilities, microservices’ security, and network security. Apart from security, Ali likes building stuff that would make his life as well as others life easier. He is extremely passionate about automation and is actively learning how to automate staff, especially using Python. Ali can be found on social media @l0gicbreaker on Twitter and @kabeel on LinkedIn.
Talks:
Mr. Bo Wang
He/Him
Bo is currently a software engineer who is mainly interested in low level security, system design and fuzzing. His interest includes but not limited to operating system, virtual machine, browser and compilers in general. In his spare time, he plays CTFs as a hobby. He really enjoys problem solving and learning new things.
Talks:
Mr. Brandon Clark
He/Him - CEO and Founder - Triton Technology Consulting
Brandon spent eight years at Pricewaterhouse Coopers in their Cyber Security practice. During that time, he worked with some of the world’s largest companies, and spent three years as a manager before leaving to start his own consulting firm. In 2018, he left PwC to start his own consulting firm, Triton Technology Consulting, which serves both large, multinational companies as well as small startups and local businesses. He is also the author of 5 novels, and plans to publish two more in 2021. He is a CISSP and former PCI QSA, and graduated from the University of Georgia with a Bachelors in Management Information Systems.
Talks:
Aristotle In Security: How an Ancient Greek Can Improve Your Security Program
Mr. Chris Neal
He/Him - Threat Researcher - Cisco Talos Intelligence
I am a threat intel researcher and previous SOC analyst. I am 32 y/o and have been working in tech since 2013. Most of my days are spent researching malware and writing research posts for the Talos Intelligence blog. I specialize in obscure Windows malware and AutoIt malware. Part of my job at Talos is speaking at conferences, webinars, schools and appearing occasionally on the Talos podcasts.
Talks:
Mr. Douglas A Brush
He/Him - Global Security Advisor - Splunk
Douglas is an information security executive with over 27 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee misconduct, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, and diversity, equity and inclusion, in the information security industry.
Talks:
You Don’t Have to Be Crazy to Work Here: An Honest Talk About Mental Health
Mr. Eric Kaiser
He/Him - Security Engineer - Uptycs, Inc
I am a security engineer focused on endpoint & cloud workloads, specifically macOS & Linux.I have a deep and abiding interest in macOS internals, in security via configuration & compartmentalization, and designing secure systems for usability. In my spare time off from playing aggressive defense, I am a motorcycle rider and amateur mechanic, and an avid reader and runner.
Talks:
JOINing Across the Stack: Structured Security Analytics for the modern attack surface
Mr. Indiana Moreau
Security Engineer - Security Innovation
Indiana is a security engineer at Security Innovation who specializes in testing web applications, APIs, and cloud configurations. He has a background in web development and previously worked in telecommunications and banking, performing penetration tests and security assessments. In his spare time, he works on personal coding projects and eats copious amounts of sushi.
Talks:
Repo Jacking: How GitHub exposes over 70,000 projects to remote code injection
Mr. Itsik Mantin
He/Him - Head of Innovation - Imperva
In the last 20 years I had researched and innovated in variety of security domains, including web application security, advanced persistent threats, DRM systems, automotive systems, data security and more. While thinking as an attacker is my second nature, my first nature is problem solving and algorithm development - in the past in cryptography and watermarking, and today mostly around harnessing ML/AI technology to solve security-related problems. While I am fascinated with bleeding edge technologies like AI and federated learning and the opportunities these technologies unlock, as a security veteran I am also continuously asking what can go wrong and the answer is never NULL. I am the inventor of 20 patents in security, cryptography, data science and privacy-preserving computation arenas. I hold an M. Sc. in Applied Math and Computer Science from the Weizmann Institute.
Talks:
Mr. JUNFENG YANG
He/Him - Security researcher
Junfeng Yang is an enthusiastic security researcher. He previously worked at NSFOCUS and FireEye as a vulnerability researcher. Junfeng has a keen interest in cybersecurity, his work revolves around malware analysis, vulnerability analysis and so on. He won Microsoft’s mitigation bypass bounty three years in a row from 2016 to 2018.
Talks:
Mr. Timothy Ball
He/Him - Director of Cybersecurity - Civis Analytics
timball is a veteran of four Presidential campaigns and currently works at a Democratic data analytics company that works with campaigns of all sizes across the country. He was the Senior Security Engineer at the Hillary for America and led the response to the Russian cyber attacks during that cycle. His dog is semi-famous.
Talks:
Securing the 2020 Presidential Campaign: Threats, Challenges, and a Global Pandemic!
Mrs. Che’ Jackson
She/Her
I am a college student pursuing my Masters in Cybersecurity. One of my career goals is to be a security and cloud consultant for organizations in the healthcare industry. Most of my IT career has been as an IT Business Systems Analyst where I served as the SME and client liaison for enterprise clients. I am the CEO and Founder of Helping Young People Excel in Math and HYPE Career & Education Foundation. I am an indie author of math workbooks for students in 3rd-8th grade; I review the workbook problems on my YouTube channel. My nonprofit organization exposes underrepresented students to STEM by tutoring them in math and introducing them to coding.
Talks:
Ms. Brittany D Little
Risk & Compliance
Brittany is a Risk & Compliance Analyst at Copart and has helped develop and implement strategies that mitigate any risk associate with the business and ensure the organization meets the necessary compliance regulations. With an M.S,. in Strategic Communication, Brittany focuses on communicating various Cyber Security initiatives within Copart as well.
Talks:
Ms. Cheryl Biswas
Cheryl Biswas is a Strategic Threat Intel Specialist with a major bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG. Cheryl has experience with security audits and assessments, privacy, DRP, project management, vendor management and change management. She holds an ITIL certification and a specialized honors degree in Political Science. She engages in the security community as a conference speaker and volunteer, mentors, and champions women and diversity in Cyber Security as a founding member of the “The Diana Initiative”.
Talks:
Ms. Wendy Knox Everette
She/Her - Senior Security Advisor - Leviathan Security Group
Wendy is a hacker lawyer and a Senior Security Advisor at Leviathan Security Group. She works to keep users safe and secure, to translate complex legal topics for security teams, and to empower teams to build safe software. She started my career as a software quality assurance engineer, and has worked as a software developer and information security professional. She believes in working with users to find security solutions that make sense with their workflows and in focusing on our security fundamentals to protect users, employees and sensitive data. She grew up in New Jersey and has Opinions about pizza, which she’ll happy debate with you about.
Talks:
Nick Rosario
Nick (MasterChen) Rosario has a background in Psychology and phone phreaking. He has spent most of his public speaking career on advocating for the need of “privacy by default” social profiles through his research in automated stalking and social interaction. His favorite aspect of the conferences is just meeting like-minded people and having great conversation.
Talks:
Nishith Shah
Nishith is a Sr. Security Engineer at Salesforce and has been working in the security industry for the past 6 years. He has experience in deploying, automating, managing, and configuring multiple security tools across the organization. Apart from securing host and infrastructure, Nishith is also cloud security and automation enthusiast.
Talks:
####
Talks:
Keynote: A Fireside Chat With Jack Daniel and Chris Krebs
Norberto García Marín
He/Him - Junior Security Engineer
Norberto is a Junior Security Engineer at King. He is part of the Security Operations team in which actively participates in response, detection, and automation processes. Norberto as a computer science engineer, started his career in cyber-security while he pursued a Master’s degree at the University of Murcia. His researches about complex cyber-attacks and their mitigation on current networks led him to collaborate on Security, Artificial Intelligence, and Software-based solutions. His ultimate passion is Cloud Computing and its security concerns.
Talks:
Peter Keenan
He/Him - Chief Information Security Officer - Lazard
A security leader focused on applying risk management principles and agile methodologies with the goal of empowering organizations to meet security and business challenges. Demonstrated track record of delivering security capabilities that mitigate threats while enabling users. Specialties: Technology, Information Security, and Privacy Risk Management Cloud, AWS, Azure, CI/CD, DevOps Policy Development and Assessment (ISO17799/27002) Data Center Design and Operations Threat and Vulnerability Management Security Architecture Business Continuity Planning IS Governance and Organization Design Payment Card (PCI-DSS), Broker Dealer (FINRA), and Banking (AML, Fraud, KYC) Control and Compliance COBIT, Sarbanes-Oxley (SOX), HIPAA, FFIEC, FSA, Basel, GLBA, IFRS EC-Council - Certified Ethical Hacker (CEH) ACFE - Certified Fraud Examiner (CFE) ACAMS - Certified Anti-Money Laundering Specialist (CAMS) ISC2 - Certified Information Systems Security Professional (CISSP) Cisco Systems - Cisco Certified Network Associate (CCNA) Cisco Certified Design Associate (CCDA) Novell - Certified Netware Administrator (CNA)
Talks:
Philippe Z Lin
He/Him - Senior Threat Researcher - Trend Micro Research
Philippe Z Lin is a senior threat researcher for the Forward-looking Threat Research team in Trend Micro. He is mainly working on data analysis, embedded system and software defined radio with a focus on 5G and next generation neteworks. He was a BIOS engineer, a maker, and an enthusiast of open source software.
Talks:
Samuel J Greenfeld
He/Him
Samuel Greenfeld (CISSP/CSSLP) is a Software Quality Assurance Engineer. He has worked for cybersecurity companies such as McAfee and FireEye and non-security firms such as the One Laptop per Child project.
Samuel is a senior member of ISSA. He is also a lifetime member of OWASP and involved with the HackMiami conference and local operations.
Talks:
Revisiting the Analog Hole: Using OCR and other techniques to exfiltrate data
Suchi Pahi
She/Her - Acting Chief Privacy Officer - Rally Health
I am a data privacy and cybersecurity attorney with extensive experience in health data privacy, biometric privacy, incident response, domestic and international data protection laws, data transfers, privacy by design, technology implementation and more.
I write client-friendly pieces about data privacy and cybersecurity law regularly and speak on legal information security/ cybersecurity topics. I have presented at several Information Security industry conferences like Security BSides, DEF CON’s Crypto Privacy Village, The Diana Initiative, SummerCon, and others. I’ve also presented at the Texas Minority Counsel Program for the State Bar of Texas, presented incident response CLEs, and am active with NAPABA’s Privacy and Data Security Committee. I love bringing legal to the engineering, product, and security teams, and communicating cross-industry.
Talks:
Tamás Vörös
He/Him - Data Scientist – Presenter - Sophos
Tamás Vörös is a Data Scientist at Sophos. He is researching various machine learning models for security applications at Sophos AI. Prior to joining the data science team he has been with SophosLabs. During his first two years with Sophoslabs he graduated from Eötvös Loránd University in Hungary with a masters degree in Computer Science.
Talks:
Bad Neighborhoods – data-driven detection of malicious internet infrastructure
Tom Porter
Tom Porter (@porterhau5) is a red teamer by trade, however he began his professional career as a baseball player in the San Diego Padres organization. He eventually stopped throwing baseballs and started writing netflow analytics for a DoD-based blue team, later pivoting to a career as an offensive security consultant. When his infant son is taking a nap, he can be found scripting, participating in CTFs, dissecting packets, tinkering in his home lab, performing password analysis, or chasing high IBUs.
Talks:
Will Rogers
Will Rogers is the CISO of ActBlue, a non-profit fundraising platform for democratic campaigns. During the 2020 cycle ActBlue processed over 15 million unique donors who gave more than $4.8 billion to progressive organizations and nonprofits. He has a long career in Cybersecurity having worked at BAE Systems, Etsy, and mParticle before joining ActBlue.
Talks:
Securing the 2020 Presidential Campaign: Threats, Challenges, and a Global Pandemic!
Mamani Older
Mamani Older serves on Security Risk Advisor’s executive leadership team overseeing the direction and operations of the consulting firm that specializes in providing clients with ethical hacking, cyber defense engineering, compliance, and 24×7 security monitoring and response. SRA’s work is distinguished by its independent perspective, commitment to educating the next generations of cyber security professionals, thought leadership, and diverse client base. Ms. Older has nearly two decades of information security experience in a vast range of industry disciplines including retail, infrastructure, and finance, and has spent most of her career to date in financial services at BNY Mellon, Citigroup, and Synchrony Financial. Older started her career at Deloitte and then PricewaterhouseCoopers, advising both private and public sector organizations. She then moved from consulting to industry, where she established, oversaw, and enhanced cybersecurity programs at BNYMellon, Citigroup, Synchrony Financial, and finally Omnicom Media Group, where she served as CISO. Most recently, Older was the first Executive Director of Enterprise Architecture at Raytheon Technologies. During her tenure at RTX, Mamani served as the Cyber Lead for Raytheon’s simultaneous divestiture of Carrier and Otis. In the 12 months it took to finalize the spinoff, she supported both companies’ CISOs plan for and establish their security programs while maintaining compliance and operational stability for RTX globally. As Enterprise Architect, Mamani led the deployment of a global DevSecOps platform for the newly merged organization, planned for application transformation across a portfolio of roughly 4200 corporate applications, and launched a digital thread initiative across the company.
Talks:
Bandon Wu
Brandon is an information risk management executive with significant experience across cybersecurity governance, risk, and compliance (GRC), architecture and engineering, and operations. He brings 15 years of experience as a pragmatic leader who drives adoption of modern security practices in organizations operating with extensive technology environments or undergoing large-scale digital transformation. Brandon is a security solutions architect with AWS helping to transform an industry by advising financial services organizations on securing critical cloud-based workloads that enable financial markets and transactions across the globe. Prior to AWS, Brandon built and led security programs for companies either born in or undergoing large-scale digital transformations in the cloud. Whether they were cloud-native fintech start-ups, growing cloud providers, or tech-enabled companies, Brandon was responsible for building security programs that exceeded regulatory requirements and stayed within organizational risk tolerance. He started out his career providing security consulting services helping financial services clients leverage technology more efficiently and securely.
Talks: