Speakers

Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet

Emily Austin

Research Scientist - Censys

Emily is a Research Scientist at Censys, where she studies security threats and other interesting Internet phenomena. Previously, she was a security engineer focused on threat hunting, detection, and incident response. She is interested in the application of data science and analytics techniques to problems in security, and in the past has worked on projects related to antiabuse, fraud, and malicious web app traffic detection.

Talks:

Brittany Bahk

Security Engineer / Operations Process Lead - Yahoo Paranoids

Brittany Bahk is a Security Engineer and Operations Process Lead having learned, contributed to, and led multiple security operational workflows for Compliance Audit, Vulnerability Management, Zero Days, Bug Bounty, and Cloud Security. Being able to stabilize chaotic processes and simplify complex procedures has allowed me to scale workflows into automation and meaningful metrics. It is this very background that has created a passion for exploring new methods like machine learning algorithms for process improvement.

Talks:

Repurposing Vulnerability Tickets to Predict Severity Levels: An Introduction to Natural Language Processing and Classification Algorithms

Leonard Bailey

DOJ

Leonard Bailey is Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section. He has prosecuted computer crime cases and routinely advised on cybersecurity, searching and seizing electronic evidence, and conducting electronic surveillance. He has managed DOJ cyber policy as Senior Counselor to the Assistant Attorney General for the National Security Division and as an Associate Deputy Attorney General. He has also served as Special Counsel and Special Investigative Counsel for DOJ’s Inspector General. Leonard is a graduate of Yale University and Yale Law School. He was awarded the John C. Keeney Award in 2015.

Talks:

The Hip Hacker’s Guide to Policy.

Gabriel Bassett

Gabriel is the lead data scientist and a contributing author on the Data Breach Investigations Report team at Verizon Enterprise Solutions specializing in data science and graph theory applications to cyber security including Attack Flow. He supports several information security data science conferences, is game architect for the Pros vs Joes Capture the Flag series and has previously held cyber security risk management, testing, intelligence, architect, and program management positions at the Missile Defense Agency and Hospital Corporation of America.

Talks:

Attack Flow: From Data Points to Data Paths

Yael Basurto

Cyber Security Consultant II - Bishop Fox

Yael is a cyber security consultant currently working at Bishop Fox. He specializes in offensive security and has a varied background in security assessments for different industries such as financial, government, retail, hotel, and mining. He has performed pentest for network, web, and mobile applications and red teaming for financial and critical control infrastructure. Yael is also a security conference enthusiast, coorganizes Security BSides CDMX, and has talked in DEFCON recon village, BSides events, and HackFest.

Talks:

ICS Security Assessments 101 or How da Fox I Test Dis?

David Batz

Managing Director

Leveraging over 20 years of utility experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he leverages a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS).

Talks:

STUFF is on Fire - a Panel

Don Benack

CISA

Don Benack is a senior advisor to the Integrated Operations Division of the Cyber and Infrastructure Security Agency (CISA) and was previously the Deputy Associate Director of Vulnerability Management for CISA. As a trusted advisor in government, he established and led the Nation’s first civilian Federalwide cybersecurity risk assessment program, and is known for driving process improvement, maximizing operational excellence, and delivering security services that drive best practices. A seasoned professional with decades of federal and civilian cyber experience, Don now focusses on initiatives and partnerships with others across government and critical infrastructure to reduce risk and increase national resilience. He holds a Bachelor of Science degree from the University of Buffalo.

Talks:

Target Rich Cyber Poor

Kellon Benson

Senior Incident Handler - Red Canary

Kellon Benson is a Senior Incident Handler at Red Canary. They found their passion for information security working as a security analyst at their alma mater developing skills in digital forensics, compliance, network monitoring, threat hunting, and more. In their free time, Kellon likes getting away from the computer and enjoys board games, photography, cooking, and going to poppunk and EDM concerts.

Talks:

I got an alert, now what?

Konstantin Berlin

Dr. Konstantin Berlin is a Senior Director at Sophos AI. His research focuses on machine learning, cloud architecture, and large scale distributed systems. Konstantin received his Ph.D. in Computer Science from the University of Maryland in 2010. You can follow his research on Google Scholar. His twitter handle is @kberlin.

Talks:

Weeding Out Living-off-the-land Attacks at Scale

Cheryl Biswas

Threat Intelligence Specialist

Cheryl Biswas is a Strategic Threat Intel Specialist with a major bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG and has experience with security audits and assessments, privacy, DRP, project management, vendor management and change management. Cheryl holds an ITIL certification and a specialized honors degree in Political Science. She engages in the security community as a conference speaker and volunteer, mentors, and champions women and diversity in Cyber Security as a founding member of the “The Diana Initiative”.

Talks:

Code Dependency: Chinese APTs in Software Supply Chain Attacks

Ron Bowes

Lead Security Researcher - Rapid7

Ron is a security researcher at Rapid7, where he analyzes vulnerabilities and hunts 0days. In his spare time, he develops capture the flag (CTF) competitions (including BSides San Francisco!), picks locks, and develops opensource tools. Before Rapid7, he worked at Counter Hack where he built CTFs full time (including Holiday Hack Challenge and NetWars). If you’ve ever played one of his CTFs, you might recognize the challenges from vulnerabilities he’s worked on using CTFs as a teaching tool is his specialty!

Talks:

From Vulnerability to CTF

Christiaan J Brand

Group Product Manager - Google

Christiaan Brand cofounded financial services security firm Entersekt in 2009. He has since moved to Google where he’s part of their security and identity teams. Brand is a frequent industry commentator on all areas involving cybercrime and cybersecurity and is cochair of the FIDO2 technical working group with the FIDO (Fast IDentity Online) Alliance looking to standardize strong online security protocols.

Talks:

Passkeys: Where we started and where we’re going

Adding DAST to CI/CD, Without Losing Any Friends WORKSHOP

Akira Brand

Developer Relations - Bright Security

Akira is a developer advocate with Bright Security. She delights in the dance between security and software development, and is on a mission to enable software developers to integrate security into their daytoday practices. One of her favorite hobbies is introducing developers to the cybersecurity world in a way that relates to their lives, not the lives of the security team. For fun, she’s turning her lawn into a pollinator habitat and food forest.

Talks:

Katie Bratman

Katie is a Security Operations Engineer for NewYorkPresbyterian Hospital and a member of the Daggerboard (SBOM analysis tool) development team. She has worked in offensive security, incident response, vulnerability management, and security engineering. Katie applies this diverse experience and cybersecurity expertise to create custom solutions and automate operational tasks.

Talks:

Your Passwords Should Be Shorter

Jeremy Brown

Computer Yeller

Many moons ago, after viewing the groundbreaking documentary “Hackers” through a pirate cable box, Jeremy knew he had to dive into the world of information security. Despite the initial devastation upon discovering the actual amount of inline skating involved in hacking, he continued down his path of understanding all of the reasons why computers were a mistake.

Today, after competing in a number of CTFs as part of his college’s infosec club and a large amount of outside research, he is your typical maybeabittooparanoid computer yeller with lots of ideas on software to benefit the community and the world at large now if he could only start building some of them…

Talks:

Bill Budington

Mukund Rathi is an attorney and Stanton Fellow at EFF, focusing on free speech litigation. He previously worked at the National Association of Criminal Defense Lawyers (NACDL) on digital privacy rights in criminal cases and securing freedom for incarcerated people during the COVID19 pandemic. Mukund interned with EFF as a law student. He received his J.D. from UC Berkeley School of Law and B.S. in Computer Science from the University of Texas at Austin. He likes climbing things and making pizza at home.

Talks:

The Hip Hacker’s Guide to Policy.

Andrew Buel

Special Agent - FBI

Andrew Buel is a Special Agent with the FBI and is assigned to the FBI Las Vegas Cyber Task Force. He has investigated criminal computer intrusions and national security matters, to include ransomware, pointofsale malware, business email compromises, botnets, IP hijacking and other cyberrelated investigations. SA Buel is a member of the FBI Cyber Action Team (CAT), a specialized, intrusion response team deployed globally at the direction of FBI Cyber Division to bring indepth cyber intrusion expertise and specialized investigative skills to FBI initiatives, investigations, and national emergencies. SA Buel holds several industry certifications, including Cisco, CompTIA, Fortinet, Packeteer, Microsoft, and GIAC certifications.

Talks:

Ask a Fed

Jack Cable

Independent Security Researcher

Jack Cable is a hacker who works at the intersection of cybersecurity and public policy. He most recently was a security architect at the Krebs Stamos Group. Jack has worked on the Cybersecurity and Infrastructure Security Agency’s election security team and at the Defense Digital Service. Jack holds a B.S. in computer science from Stanford University, and does research in election security, computer security, and mis/disinformation.

Talks:

Tim Cappalli

Microsoft

Trying to rid the world of passwords.

Talks:

Model Robustness Isn’t Security

Sven Cattell

Founder - nbhd.ai

Sven is the founder of nbhd.ai, a startup focused on the security and integrity of datasets and the AI they build. He was previously a senior data scientist at Elastic where he built the malware model training pipeline. He has a PhD in Algebraic Topology, focused on equivariant KTheory with KacMoody groups, and a postdoc in geometric machine learning where he focused on anomaly and novelty detection.

Talks:

Nethanel Coppenhagen

Security Researcher, CyberArk Labs

Nethanel Coppenhagen is a cyber security researcher at CyberArk Labs,where he focuses on vulnerability research and applicative penetration testing. Nethanel’s research areas span across network, cloud, OS, or wherever there is a vulnerability; because that’s where he wants to be. Before CyberArk, Nethanel served in an elite intelligence unit in the IDF.

Talks:

Trust Me, I’m a Robot: Can we trust RPA with our most guarded secrets?

Joshua Corman

Founder - I am The Cavalry

Joshua Corman is a Founder of I am The Cavalry (dot org), and served recently as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served in senior roles like CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, and CTO for Sonatype. He cofounded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He is also Adjunct Faculty for Carnegie Mellon’s Heinz College and served on the Congressional Task Force for Healthcare Industry Cybersecurity

Talks:

Rivers on Fire; Shaping the next phase of the mission

Ethan Crane

Information Security Consultant - Bitcrack Cyber Security

Ethan is an information security consultant at Bitcrack Cyber Security in South Africa. He has a keen interest in mobile and web application hacking and finding vulnerabilities in production systems. His primary focus is on highvalue transactional systems. He also enjoys password cracking and finding new ways to approach the cracking of passwords.

Talks:

The One With The Foreign Wordlist

Falcon Darkstar

Talks:

Proving Ground Prep/Signups

Ray Davidson

Program Lead - Michigan Cyber Civilian Corps

Ray Davidson served as dean at the SANS Technology Institute during its founding, and now leads the Michigan Cyber Civilian Corps, which is currently the only civilian state sponsored team of incident responders in the country. He continues to serve as a mentor, subject matter expert and technical reviewer for the SANS Institute, and for anyone else who will listen. He holds a doctorate in Chemical Engineering, and several infosec certifications. He has worked as a paperboy, gymnastics instructor, telephone information operator (in the days before Directory Assistance), research scientist and he has led global security projects for a major pharma company. He has been a college professor, and has cofounded a security startup. Mostly he is passionate about empowering others to do the right thing. And dance.

Talks:

We’re not from the government, but we’re here to help them help you

Daniel A Donze

Master’s Student - LSU Applied Cybersecurity Lab

Daniel Donze (He/Him) has a master’s degree in computer science. His research has previously contributed to the Volatility Framework, and his current interests include memory forensics and malware analysis. He has previously worked as a fullstack web and software developer and security researcher. His hobbies include cooking, playing guitar, mixology and craft beer.

Talks:

See you later, allocator!’: Updating Volatility’s analysis of modern Linux memory allocators

Karan Dwivedi

Security Manager - Google

Karan Dwivedi is a manager and technical lead in the security team at Google. He has over 6 years of experience specializing in digital forensics and incident response. Prior to Google, he was part of the incident response team at Yahoo where he gained experience in responding to the world’s largest breach. He serves as a program committee member of the DFRWS conference and DFIR Reviews publication. He graduated from Carnegie Mellon University with a Masters in Information Security in 2016. He owns the blog allthingspwned.com where he provides interviewing advice for security engineers. His articles are provided as a reference by Google’s hiring team.

Talks:

Clean Forensics: Analyzing network traffic of vacuum bots

Jen Ellis

As vice president of community and public affairs at Rapid7, Jen Ellis is focused on advancing cybersecurity by building collaboration between the security community and those outside it. Partnering with security experts, technology providers and operators, civil society, and governments, Jen is committed to driving greater understanding of cybersecurity challenges and ways of addressing them. She is the cohost of the Security Nation podcast, a cochair of the Ransomware Task Force, sits on the boards of the Center for Cybersecurity Policy and Law, I Am The Cavalry, the Aerospace Village, and the Rapid7 Cybersecurity Foundation, and is a member of the board of advisors for the CyberPeace Institute and the Global Cyber Alliance. She has testified before U.S. Congress and spoken at numerous security or business conferences.

Talks:

The Hip Hacker’s Guide to Policy.

Remi Escourrou

Red Team Leader - Wavestone

Rémi Escourrou (@remiescourrou) is leading the Red Team at Wavestone. Before moving to red team operation and exploiting CI/CD pipeline, he was involved in audits and pentests of large enterprise networks with emphasis on Active Directory. During his research time, he enjoys tackling technical problems to compromise its targets. He’s passionate about the security field and already teaches workshops at BSides Las Vegas, Brucon, BSides Lisbon.

Talks:

CICD security: A new eldorado (talk)

CICD security: A new eldorado (training)

Tom Eston

AVP of Consulting - Bishop Fox

Tom Eston is the Associate Vice President of Consulting at Bishop Fox. Tom’s work over his 17 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and cohost of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, SANS, InfoSec World, OWASP AppSec, and ShmooCon.

Talks:

Management Hacking 101: Leading High Performance Teams

Jim Fenton

Technologist - Altmode Networks

Jim Fenton is an independent technologist specializing in user authentication and messaging security. For the past several years, Jim has been a contributor to NIST Special Publication 800633 Digital Identity Guidelines and lead editor of the Authentication and Lifecycle Management volume. He is also an Internet Engineering Task Force participant and was coauthor of the DomainKeys Identified Mail (DKIM) standard.

Talks:

Comparing Centrally and Locally Verified Memorized Secrets

Jonathan Fischer

Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and offhighway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking.

Talks:

Injectyll-HIDe: Hardware Implants at Scale

Kat Fitzgerald

Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Seattle area.

Talks:

Honey, I’m Home! (Customizing honeypots for fun and !profit)

Dimitri Fousekis

Chief Technology Officer - Bitcrack Cyber Security

Dimitri has been in the cyber security industry for over 17 years, and is the CTO of Bitcrack Cyber Security. Having enjoyed many years of Passwords, and passwordrelated talks, he is branching out to cover another one of his passions: Ways to exfiltrate data. Dimitri has spoken at BSides in a few countries as well as PasswordsCon and other conferences.

Talks:

The One With The Foreign Wordlist

Lawrence Fox

Intelligence Analyst - American Military University

Lawrence Fox is currently a Doctoral Candidate of Technology at Capital Technology University, possesses a Master of Arts in Intelligence Studies from American Military University, and a Master of Business Administration from California Coast University. He was previously a US Navy contractor and is currently working on traffic analysisresistant communications.

Talks:

Solid Tradecraft for Cryptomarket Drug Trafficking

Allan Friedman

Allan Friedman is the guy who won’t shut up about SBOM at the Cybersecurity and Infrastructure Security Administration. He coordinates the global crosssector community efforts around software bill of materials (SBOM), and works to advance its adoption inside the US government. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the coauthor of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore college and a PhD in public policy from Harvard University. He is quite friendly for a failedprofessorturnedtechnocrat.

Talks:

Prowler Open Source Cloud Security: A Deep Dive Workshop

Sergio Garcia

Security Engineer

I’m a Cloud Security Engineer with mainly experience in AWS. Among my roles, I completed an internship in Amazon and support a digital bank to secure its assets in the cloud for 2 years. I’m passionate about cloud automation, even more if it helps to ease the security management. At present, I am working as a fulltime engineer for Prowler Open Source.

Talks:

Chris Gates

Velentium

Talks:

That Escalated Quickly: A System for Alert Prioritization

Ben U Gelman

Senior Data Scientist - Sophos AI

Ben Gelman is a Senior Data Scientist at Sophos. His prior work has focused on deep learning in a variety of domains, including source code analysis, natural language processing, image recognition, data privacy, and hyperparameter optimization. Currently, he is working on machine learning approaches to triaging alerts and optimizing analyst workflows.

Talks:

Xavier Gerondeau

Cybersecurity Manager - Wavestone

Xavier Gerondeau is an penetration tester in Wavestone. He once performed a tests on a CI/CD pipeline and rocked it. Because of this socoolness, he became a DevOps expert in Wavestone and pwned every CI/CD pipeline he encountered during his missions. He’s so talented that his clients now fear him!

Talks:

CICD security: A new eldorado (talk)

CICD security: A new eldorado (training)

Omer Gil

Director Of Research - Cider Security

Omer is a seasoned application and cloud security expert with 15 years of experience across multiple security disciplines. An experienced researcher and public speaker, Omer discovered the Web Cache Deception attack vector in 2017, coauthored the “Top 10 CI/CD Security Risks” project, and participated in the creation of the “CI/CD Goat” project.

After having spent many years in various positions in the InfoSec domain, including the IDF, EY HASC and Magic Leap (leading cloud security), today, Omer leads research at Cider Security, a hypergrowth startup focused on securing CI/CD pipelines.

Talks:

Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat

Jeffrey P Goldberg

Principal Security Architect - 1Password

In the late 1990s, Jeffrey Goldberg believed that the “password problem” would be solved within a few years, and had his own password killer proposal. He was wrong about that, and so much more. He was a dilettante academic (Linguistics) who ended up in system administration and then security. He’s been at 1Password since 2010.

Talks:

Can a password management service safely learn about users’ passwords?

Asaf Greenholts

Security Researcher - Cider Security

Asaf has 7 years of experience in the security field, including security architecture, SOC management, incident response, and application security research. Asaf has gained his experience working for major organizations in the financial and government sectors. Today, Asaf is a security researcher at Cider Security that focuses on revolutionizing CI/CD security. During his free time, Asaf likes to read, invest in the stock market and travel with friends.

Talks:

Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat

Matt Hand

Security researcher - Independent

Matt Hand is a threat defense expert with certifications and experience in incident response, forensics analysis, security architecture, and cyber threat emulation. He has remotely administered networks across the globe and has wild stories to share. He is always dressed to impress and welcomes anyone in the audience to a fashion walkoff.

Talks:

Watching the Watchers: Exploiting Vulnerable Monitoring Solutions

Jack Hatwick

Missionary - Power Vers

0DDJ0BB has been around InfoSec for 10 years now and have been coming to Las Vegas since DEFCON 20 (NOOOOOB!). He enjoys brewing mead, playing video games, filming videos for his youtube channel, and speaking the the third person. He has been a core organizer for CircleCityCon for 9 years and the Lead Organizer since 2019. He’s never written a CVE, but still is a hacker and uses that mindset in his very unhacker like day job to enlighten defenders as well as builders perspectives as to the vulnerability that really exists in their environments.

Talks:

Busting Biases in Infosec

Blue Hephaestus

Elytra Labs, Hephaestus Data Recovery - Founder - so no, you don’t need to credit them lol

(she / her) Software Engineer / Hacker / Biotech / Trans Girl. Love messing with and learning about things, one of the recent interests is data recovery and hard drives. Also loves carpentry and fixing things, and making AI and working in biotech and slowly getting to be a better hacker.

Talks:

Tomb Raider - Automating Data Recovery and Digital Forensics

Carl Hertz

Carl is a technology generalist with 35 years of experience. In that time his technical job roles have included (but are not limited to) customer service, documentation writer, software development, software testing, software deployment, presales engineer, network engineering, system administration, incident responder, head of security, project manager, team lead, IT Manager, and IT Director, Carl is currently the Director of Security for Elevate, a nonprofit headquartered in Chicago which seeks to create a just and equitable world in which everyone has clean and affordable heat, power, and water in their homes and communities. When he isn’t working or shitposting on Twitter he has been known to throw small parties where cocktails are involved.

Talks:

Secure IT Operations, or, How to Shoehorn Security into a Small/Medium Business

Chris Hoff

CTSO - LastPass

Christofer Hoff joined LastPass as Chief Secure Technology Officer in 2022, bringing more than 29 years of experience in highprofile global roles in network and information security architecture, development, engineering, operations and management. 

Before joining LastPass, Christofer had multiple cybersecurity leadership roles at Bank of America. Prior to working at Bank of America, his roles include the Chief Information Security Officer at Citadel, Vice President and Security CTO at Juniper Networks, and Director of Cloud & Virtualization Solutions at Cisco Systems, among other securityfocused roles. 

In addition to his professional leadership responsibilities, Chris takes an active role in engaging youth in the impact of technology, privacy and security on society and culture as founder of HacKid, an interactive STEAM conference for parents and kids from diverse backgrounds.  Chris was a founding member of and technical advisor to the Cloud Security Alliance and serves as an advisor to numerous companies and organizations.

Talks:

Fragilience - The quantum state of survivable resilience in a world of fragile indifference

Michelle Holko

Talks:

Lessons Learned from the CISA COVID Task Force & Healthcare Attacks

Tanya Janca

Director of DevRel and Community - Bright

Tanya Janca, also known as SheHacksPurple, is the bestselling author of ‘Alice and Bob Learn Application Security’. She is the Director of Developer Relations and Community at Bright Security, as well as the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an awardwinning public speaker, active blogger & streamer and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. Advisor: Nord VPN, Cloud Defense, Aiya Corp

Talks:

When DevSecOps Fails

Adding DAST to CI/CD, Without Losing Any Friends WORKSHOP

It's Malware

Threat Intel Nerd

Army SIGINT vet who grew up in the intelligence world with a passion for cyber threat intelligence and malware analysis. I love tacking apart networks and tracking threats. “A target is a target and a network is a network human or digital. In the shadows, it’s one in the same.” itsmalware

Talks:

Follow the Rabbit

Shaun Jones

Shaun is the Director of Strategic Security Red Team @ ebay. He enjoys red teaming, writing custom exploits, purple teaming, adversary emulations, threat intel, social engineering, network security etc . You will often find Shaun cross collaborating with various team to fix large security issues and providing guidance improving the security posture.

Talks:

Ransomware Emulation Done Right

Wendy Knox Everette

Senior Security Advisor - Leviathan Security Group

Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer at Amazon.com and Google, before going to law school, where she focused on national security law and computer security issues. She interned with the FTC, FCC, and several other three letter agencies, and completed a fellowship with ZwillGen in Washington, D.C. During her fellowship she assisted with vendor cybersecurity reviews, drafted data breach incident reports and assisted with incident response, as well as working with clients in responding to law enforcement requests for customer data. Currently, she lives in Washington State where she advises companies on risk and security regulations. She is a Senior Security Advisor at Leviathan Security Group and a Visiting Fellow at the National Security Institute at GMU.

Talks:

I’m a Little Bit (FedRAMP) Country, I’m a Little Bit SOC2 ‘n Roll

Weaponizing Your Fitness Tracker Against You: Health, Fitness, & Location Tracking in a Post-Roe World

Adam Kojak

New York Presbyterian

Adam is a SecDevOps Engineer for NewYorkPresbyterian Hospital and a member of the Daggerboard (SBOM analysis tool) development team. His specialization in Python development and DevOps practices are broadly applied in the development, automation, and integration of Information Security applications at NYP.

Talks:

Malware Analysis - Red Team Edition

Uriel Kosayev

Red Team Tech Leader - ABInBev

Author of the Antivirus Bypass Techniques book, experienced security researcher, who lives both on the offensive and defensive fronts. Passionate about malware research and red teaming while providing realworld security solutions. Contributing through creating content on YouTube, and writing blogs while also leading an adversary red team, leading various courses, and mentoring people both on the offensive and defensive fronts.

Talks:

Chris Kubecka

Distinguished Chair - Middle East Institute

CEO and Founder of HypaSec NL and Distinguished Chair for the Middle East Institute Cyber Security and Emerging Technology Program. Advises the United Nations, multiple governments, militaries, television and documentary technical advisor as a subject matter expert on cyber warfare national defense. Author of Hack The World With OSINT. USAF military combat veteran, former military aircrew, and USAF Space Command. She defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Previous to HypaSec, she reconnected Saudi Aramco international business operations & established digital security after the world’s most devastating cyberwarfare attack. She lives and breathes IT/IOT/ICS SCADA control systems security. Using her unique technical skills, honed starting age six programming and busted hacking into the DOJ at age 10.

Talks:

Russian Malware in the Ukraine War

Eric Kuehn

Principal Consultant - Secure Ideas

Eric has over 20 years Industry experience working with enterprise scale Microsoft infrastructures for large fortune 100 companies. Before joining Secure Ideas, he was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures; used by one of the world’s biggest financial institutions. Since becoming a Senior Security Consultant with Secure Ideas, Eric has continued to utilize his knowledge of Active Directory, both in exploiting common configurations in penetration tests as well as providing training and awareness briefings to multiple audiences.

Talks:

Cookie Monster: Exfiltrating Data and More, Byte by Tasty Byte

Adarsh D Kyadige

Senior Data Scientist - Sophos

Adarsh is a Senior Data Scientist at Sophos, working at the intersection of Machine Learning and Security since 2018. He graduated from UC San Diego with a Masters degree in Computer Science, specializing in Artificial Intelligence and Machine Learning. His research interests include Deep Learning and Graph ML. In his free time, Adarsh can be found at the archery range, tennis courts or in the great outdoors.

Talks:

Weeding Out Living-off-the-land Attacks at Scale

Mia Landsem

Mia Landsem (25) is an award winning Norwegian author, writer, speaker and ethical hacker. She started in Orange Cyber Defense Norway as a pentester August 2020 after finishing her IT Security education. Mia has a great skill in social engineering and has written a bestselling children’s book about how to be safe online and have had hundreds of lectures about imagebased abuse. Mia has won several prices for her work in helping thousands of victims of online image abuse, hacking and fraud, winning “The Girl Award” (Plan International) in 2018 and “Influencer of the year”. She has also been a finalist in “Bravest woman of the year” and “Årets Trønder” /”Trønder of the year”. She has also been a top 3 finalist (2021) in the international award “Cyber security woman of the year”.

Talks:

Why kidz couldn’t care less about your password advice.

Mia Landsem

Talks:

Why kidz couldn’t care less about your password advice.

Tony Lauro

Director of Security Technology & Strategy - Akamai

Tony Lauro is Akamai’s Director of Security Technology & Strategy. Tony works with CISO’s and other business leaders to identify areas in which security technology can be used strategically to reach their business objectives while mitigating risk and optimizing operational efficiencies. Tony’s previous roles include managing Akamai’s Enterprise Security Architecture team, managing security operations for a mobile startup, and building and managing security and compliance for a global financial services software organization.

Talks:

Zero Days should not be a fire drill

Younghoo Lee

Research Scientist - Sophos

Younghoo Lee is a research scientist with a strong background in deep learning models and big data systems. Prior to joining Sophos, he developed malware classification systems at Symantec and mobile software platforms at Samsung Electronics. His research interests include deep learning models for detecting malicious emails and mobile applications and categorizing web content. In his free time, he explores amazing bushwalking tracks in Sydney.

Talks:

GPT-3 and me: How supercomputer-scale neural network models apply to defensive cybersecurity problems

Jonathan Leitschuh

OSS Security Researcher - Dan Kaminsky Fellowship @ HUMAN Security

Jonathan Leitschuh is a Software Engineer and Software Security Researcher. He is the first ever Dan Kaminsky Fellow. Jonathan is best known for his July 2019 bombshell Zoom 0day vulnerability disclosure. He is amongst the top OSS researchers on GitHub by advisory credit. He’s both a GitHub Star and a GitHub Security Ambassador. In 2019 he championed an industrywide initiative to get all major artifact servers in the JVM ecosystem to formally decommission the support of HTTP in favor of HTTPS only. In his free time he loves rock climbing, surfing, and sailing his Hobie catamaran.

His current work is sponsored by the new Dan Kaminsky Fellowship which celebrates Dan’s memory and legacy by funding OSS work that makes the world a better (and more secure) place.

Talks:

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

David Levitsky

David is a security practitioner with a passion for all things related to the cloud. He has experience with designing, building, and securing cloud infrastructure. While David mostly focuses on standing up infrastructure and services, he also has dabbled with tearing down binaries during malware analysis. David enjoys working with large amounts of data and finding ways to make it useful.

Talks:

Whose encryption key is this? It’s a secret to everybody.

Andrew Lewton

Cprossu is a computer nerd/geek first and has worked on and built PC systems from the original IBM 5150 (8088) all the way up to today’s much more advanced systems. He built his first computer from loose parts when he was 9, and got their A+ certification at age 13. He would like to consider himself a jack of all trades, master of none and dabbles into many different seemingly unrelated fields.

Talks:

Reverse engineering a DOS PC FMV Game from 1994

Michael Lisi

Founder - Maltek Solutions

Talks:

How to Succeed as a Freelance Pentester

Matthew J Lorimor

Matthew is a cloud security practitioner that has been in the field for just over a decade too long if you ask him. With a historic focus on AWS, he’s seen his fair share of “WAT?”, but he also fully believes that all these cloud platforms are tools of nearlyuniform unfortunate existences and that computers, much like the universe, have made a lot of people very angry and are widely regarded as a bad move.

Talks:

Whose encryption key is this? It’s a secret to everybody.

Tracy Z Maleeff

Security Researcher - Krebs Stamos Group

Tracy Z. Maleeff, aka InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held the roles of Information Security Analyst at The New York Times Company and a Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. Tracy publishes a daily Information Security & Privacy newsletter and maintains an OSINT research blog at infosecsherpa.medium.com.

Talks:

Long Overdue: Making InfoSec Better Through Library Science

Kendra L Martin

Cross-Functional Planning and Coordination (CFPC) Section Chief - CISA

After 25+ years working in private sector industry trade associations, Kendra Martin joined the federal government to help support the Cybersecurity and Infrastructure Security Agency’s national pandemic response efforts as a member of the CISA COVID Task Force. She directly supported the CISA Chief Strategist on projects and strategies to protect the nation’s critical infrastructure, in particular the HealthCare sector, during the COVID19 pandemic, She also served as the Risk Management Cell Lead, delivering products to support the National Critical Functions and the critical infrastructure workforce.

Ms. Martin continues to work for CISA, currently in the Vulnerability Management SubDivision as the Insights CrossFunctional Planning and Coordination Section Chief. She lives in Falls Church, Virginia, with her husband and their two teenagers, as well as two rescue labrador retrievers.

Talks:

Lessons Learned from the CISA COVID Task Force & Healthcare Attacks

Josh Michaels

Senior Director, Security Architecture - Docusign

Josh Michaels: Defcon SoCGoon, Burner, believer in humanity. In my day to day, I lead Security Architecture for a leading SaaS company. When not securing the sign, Josh abhors boredom, as evident by the crazy calendar of conference support, Bsides goodness, and getting outdoors. A proud cat dad, yes my cats are cuter than yours :p

Talks:

The Technical Trap

Tom Millar

CISA

Talks:

Target Rich Cyber Poor

Jeremy Miller

Jeremy Miller is a 12+ year security professional that has worked in various industries including lifesciences, finance, and retail. Jeremy has worked both sides of the security spectrum ranging from Security Research, Red Teaming and Penetration Testing to Threat Intelligence and SOC Analyst. Jeremy currently works as a Security Technical Lead for an emerging R&D Life Science Platform where he works on product and infrastructure security.

Talks:

Injectyll-HIDe: Hardware Implants at Scale

Alyssa Miller

CISO - Epiq Global

Alyssa Miller is a hacker who, in her preteens, bought her first computer and hacked her way into a paid dialup community platform. She grew up in hacker culture, finding her hacker family in IRC channels during her adolescent years. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting, her focus on defending technology systems and personal privacy grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs.

Alyssa is now the CISO at New York based Epiq Global. Still very much a hacker to this day, she’s built on that identity to grow her career. She is an internationally recognized public speaker and author of “Cybersecurity Career Guide”. She’s an advocate for helping others make a career out of their passion for hacking and security in general. She’s also a proponent for the open sharing of ideas and perspectives on improving our technologically connected world.

Talks:

How to Win Over Executives and Hack the Board

Omri Misgav

CTO, Security Research Group - Fortinet

Omri has over a decade of experience in cybersecurity. He serves as the CTO of a security research group at Fortinet focused on OS internals, malware and vulnerabilities and spearheads development of new offensive and defensive techniques. Prior to Fortinet, Omri was the security research team leader at enSilo. Before that, He led the R&D of unique network and endpoint security products for largescale enterprise environments and was part of an incident response team, conducting investigations and hunting for nationstate threat actors. Omri is a past speaker in multiple BSides conferences and FIRST TC.

Talks:

Putting Driver Signature Enforcement Tampering to Rest?!

Rodrigo Montoro

Security Researcher - Tempest Security

Rodrigo “Sp0oKeR’’ Montoro has more than 20 years of experience in Information Technology and Computer Security. Most of his career worked with open source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently, he is a Senior Threat Detection Engineer at Tempest Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Clavis, Senior Security Administrator at Sucuri, Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several opensource and security conferences (OWASP AppSec, SANS DFIR & SIEM Summit, Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e SP)).

Talks:

Understanding, Abusing and Monitoring AWS AppStream 2.0

Speeding Up AWS IAM Least Privileges with Cloudsplaining, Elastic Stack & AWS Access Analyzer

Matt Muir

Threat Intelligence Engineer - Cado Security

Matt Muir is a security researcher with a passion for UNIX and UNIXlike operating systems. He previously worked as a macOS malware analyst and his background includes experience in the areas of digital forensics, DevOps, and operational cyber security. Matt enjoys technical writing and has published research including pieces on TOR browser forensics, an emerging cloudfocused botnet, and the exploitation of the Log4Shell vulnerability.

Talks:

A Tale of Two Malware Families - Overcoming Anti-Forensics and Foiling Botnets in the Cloud

Shea Nangle

Shea Nangle does not now, nor has he ever, worked for a three letter agency. He has, however, been accused on several occasions of being a Fed, and there was a multiyear period when his wife really thought he worked for a front company. To the best of his knowledge, only one of his previous employers has ever been investigated by the US government as a potential front for foreign intelligence. GLOMAR.

Talks:

I’m a Little Bit (FedRAMP) Country, I’m a Little Bit SOC2 ‘n Roll

Gadi Z Naveh

Security Data Scientist - Canonic Security

Gadi is a security researcher for the past 20 years. Starting from network protocol analysis in the Israeli intelligence corps, and continuing in different Tel Aviv based Security Giants such as PayPal, Check Point and Radware and in security startups such as Trusteer (Acquired by IBM), PerimeterX, and currently Canonic Security where he leads the behaviorbased detections for Canonic’s SaaS thirdparty integrations protection.

Gadi’s interests include reflecting on current perceptions and misperceptions about what can be done with technology with his valued teammates.

Talks:

Oauth third party not departing

Lily H Newman

Senior Writer - WIRED Magazine

Lily Hay Newman is a senior writer at WIRED Magazine focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate magazine and was the staff writer for Future Tense, a publication of Slate, the New America Foundation, and Arizona State University. Additionally her work has appeared in Gizmodo, Fast Company, IEEE Spectrum, and Popular Mechanics.

Talks:

M33t the Press: CyberSafety Got Real… Now What?

Adrien Ogee

Adrien began his career teaching piano but found his rhythm programming an obscure building automation protocol in Java Card. With degrees in telecommunication engineering and global security, Adrien spent the next 15 years in various cyber crisis response roles in the private sector, the French government, the EU and the World Economic Forum, before going back to school to get an MBA. Adrien likes to build things that connect people: he is the father of the EU cyber crisis response processes and the Cyber Europe exercise series, the founder of OpenCSAM and cofounder of the CyberPeace Builders. By day, Adrien helps NGOs in cyberspace and by night, builds LEGOs with his kids.

Talks:

We’re not from the government, but we’re here to help them help you

Cybelle Oliveira

Cyber Security Analyst - Tempest Securiy Intelligence

Cybelle is a proud cat mom and senior cybersecurity analyst at Tempest Security Intelligence. She loves researching cyber threats and vulnerabilities (even in her spare time!). She has been involved in privacy and security activism for many years, has given several talks at events such as Internet Freedom Festival (Valencia), Radical Networks (NYC), Mozfest (London), Roadsec ( Brazil), Cryptorave (Brazil) and many other events and cryptoparties around the world. Cybelle worked at the Tor Project and was also one of the organizers of Cryptorave, one of the largest cryptoparties in the world. She is part of the Mozilla community, one of the ambassadors and curators of the Mozilla Festival and director of the Brazilian organization Casa Hacker.

Talks:

Look! The scammer is coming! The peculiarities of Brazilian frauds, hackers creativity, and their resilience

Kurt Opsahl

General Counsel - EFF

Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives and is the lead attorney on EFF’s Coders’ Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, representing technology clients on intellectual property, privacy, defamation, and intermediary liability matters and coauthored the “Electronic Media and Privacy Law Handbook.” After graduating Berkeley Law, Opsahl was a research fellow to Professor Pamela Samuelson. In 2007, Opsahl was named as one of California Lawyer Magazine’s “Attorneys of the Year.” Opsahl has been a member of the USENIX Board of Directors since 2014.

Talks:

Secrets of the Second Factor: Threat Hunting with Multi Factor Authentication

Susan Paskey

As a threat hunting investigator, I love staring at logs until I find weird and chase down the root cause. I really enjoy educating people about logic, logs, and logging practices to bring secrets to the surface so they can be resolved. When not working I run Def Con Group 919, Cackalacky Con, and volunteer for BSides RDU. I live for engaging in respectful uncomfortable conversations that push thought patterns beyond previous limits, both technically and personally.

Talks:

Felipe A Pr0teus

Security Researcher - Tenchi Security

Felipe Espósito also known as Pr0teus, graduated in Information Technology at UNICAMP and has a master’s degree in Systems and Computing Engineering from COPPEUFRJ, both among the top technology universities in Brazil. He has over ten years of experience in information security and IT, with an emphasis on security monitoring, networking, data visualization, threat hunting, and Cloud Security. Over the last years he has worked as a Security Researcher for Tenchi Security, a Startup focused in secure the cloud, he also presented at respected conferences such as Hackers 2 Hackers Conference, BHACK, BSides (Las Vegas and São Paulo), FISL, Latinoware, SecTor, SANS SIEM Summit, and Defcon’s CloudSec Village.

Talks:

The Northern Virginia Shuffle: Lateral Movement and other Creative Steps Attackers Take in AWS Cloud Environments and how to detect them.

Shreyas Rami

Shreyas is an Information Security Engineer @ ebay and focuses on detection engineering where he is responsible to expand and improve the detection coverage of critical assets / applications . Shreyas enjoys purple teaming / adversary emulations, threat hunting, developing analytic rules/queries and help improve the overall security posture .

Talks:

Ransomware Emulation Done Right

Mukund Rathi

Talks:

So Who’s Line Is It Anyway? (A Recruiter Panel)

Kirsten Renner

Accenture Federal Services

Kristen is a Recruiting Director for a division of a large national cyber security company with 20 years of experience. Specializes in intel and has a passion in connecting talent to the right opportunities. She is a frequent presenter in the community on a variety of job search topics. Can also be found in the Car Hacking Village in a con near you.

Talks:

Kris Rides

TiroSec

Kris is CEO and CoFounder of Tiro Security, a Cybersecurity Staffing and professional services company. He is a retained advisor to the Cloud Security Alliance and one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, previous President, and an honorary board member. He serves as an advisory board member to the National Cybersecurity Training & Education Center (NCYTE) as well as for the nonprofit; GRC for intelligent Ecosystems (GRCIE). When it comes to cyber security staffing Kris is recognized as one of the most experienced specialists in the industry, he has spoken at some of the most prestigious conferences in our industry including DEFCON, RSA, BSidesLV, and the (ISC)2 Congress. When he isn’t working, Kris is looking forward to a time when family holidays can involve snowboarding and scuba diving with sharks.

Talks:

So Who’s Line Is It Anyway? (A Recruiter Panel)

Joshua D Saxe

Chief Scientist - Sophos

Joshua Saxe is Chief Scientist at Sophos, where he’s responsible for machine learning research, development, and operations across a broad portfolio of security products and services. Prior to Sophos, he worked on governmentfunded cybersecurity research. Josh got his start in security as part of the hacker culture of the 1990s.

Talks:

Security AI in the real world: Lessons learned from building practical machine learning systems deployed to hundreds of thousands of networks

GPT-3 and me: How supercomputer-scale neural network models apply to defensive cybersecurity problems

Joe Schottman

Principal Security Engineer - Truist (not speaking on its behalf)

Joe Schottman has worn most hats in IT and Security, ranging from web app development to DevOps to offensive and defensive security. His experience is enterprisey but his content applies to organizations of all sizes. He’s spoken and given training on topics such as Purple Teams, API security, Web Shells, Web Threat Hunting, and more at AppSec Village at DEF CON, OWASP Global, SANS Summits, various BSides, Circle City Con, and other events.

Talks:

Building Security Automation Using Jupyter Notebooks

Gauthier Sebaux

Gauthier Sebaux has been performing penetration tests in Wavestone for years for a large number of clients. His passion for cybersecurity started even before he was already exploiting buffer overflows and participating to CTF competitions when he was in high school. When he is not pentesting, he administrates his personal infrastructure and contributes to opensource projects. It provided him with deep knowledge on Linux environments, Linux container isolation and more recently Kubernetes. He brought back his expertise in his work and specialized in penetration testing of DevOps infrastructure.

Talks:

CICD security: A new eldorado (talk)

CICD security: A new eldorado (training)

Wes G Sheppard

Chief Security Officer - OrderGrid, Inc.

Ohai! I’m Wes, and I come from a lot of places. From America to China to Japan to Europe, and from IT to Engineering to Cloud to InfoSec, it’s been a wild ride with stories to spare!

My career focuses have been in Cloud Security and Infrastructurelevel Security, which over time has migrated to Cyber Risk, Data Privacy, and Cybersecurity Law. The best part of this field is how you can take a side hustle or interest and just roll it into your career (^_^)

These days I’m a Chief Security Officer in Canada whilst also being a regular contributor to Defcon, a data privacy advocate and frequent learnerofthings. If I can help open the door or guide a path, please reach out!

Talks:

Failing Upwards: How to Rise in Cybersecurity by finding (and exploiting) your weaknesses

Andrew Shikiar

Executive Director & CMO - FIDO Alliance

206raised, 310based exec in emerging tech. Dad to 2 girls. Exec Director + CMO @FIDOAlliance.

Talks:

SBOM challenges and how to fix them!

Trupti Shiralkar

Trupti Shiralkar is a security engineering manager at Datadog. She is passionate about implementing a holistic approach to security and privacy by design, and believes in scaling product security through “Shifttoleft” transformations. She holds a Master of Science degree in Information Security from Johns Hopkins University Information Security Institute (JHUISI) and several security certifications. Trupti’s industry experience ranges from Fortune 500s to small startups including Illumio, Amazon, Hewlett Packard, Q2ebanking and ATSEC Information Security. She is also a certified meditation instructor and loves teaching meditation techniques to others.

Talks:

Hossein Siadati

Senior Security Engineer - Datadog

Hossein Siadati is a computer scientist and Sr Security Engineer at Datadog. He specializes in addressing software supply chain security, network security, user authentication and fraud issues using technical and social approaches. He holds a PhD from New York University, 2019, and has published several peerreviewed papers in top security conferences including CCS, USENIX, and NDSS. Hossein is also a coauthor of a security related book (Understanding Social Engineering Based Scams) and a reviewer of security journals. Hossein’s industry experience ranges from Agari (email security Startup acquired by HelpSystems), PayPal, Qualcomm, and Google. Hossein loves nature and is a recent fan of surfing!

Talks:

SBOM challenges and how to fix them!

Cher Boon Sim

Software engineer by day, web junkie by night. I explore the different realms of web security by participating in capture the flag competitions online, and read what others have done in this field. I am also an Internet of Things enthusiast, where I find myself making my own smart systems at home, thereafter finding ways to break the logic of the system and learning from mistakes.

Talks:

Parsing Differential Problem

Suzanne Smalley

CyberScoop

Talks:

M33t the Press: CyberSafety Got Real… Now What?

Lea Snyder

Principal Security Engineer - Microsoft

Lea Snyder: Left hand of order, mentor, and explorer. I’m a Principal Security Engineer for a large tech company working in the Detection and Response space. Outside of my day job, I stay busy as evidenced by the time blocked for conference support (TDI, BSides Seattle, and Layer8), mentoring women in security, and getting out into the world. And yes, Josh’s cats are definitely cuter than yours.

Talks:

The Technical Trap

Alon Rosenblum

CTO - Canonic Security

Alon Rosenblum has more than 10 years experience as a security researcher, Alon joined Canonic Security as the first member of the research team, and leads SaaS platform research, risk classification and mitigation. Alon joined Canonic Security from Sygnia, where he was an Incident Response team lead and researcher, responsible for developing both IR tools and methods, as well as managing continuous monitoring of remediated networks. Alon’s interests include camping, gardening and DIY projects to improve creativity, process planning and delivery of final results.

Talks:

Oauth third party not departing

Rock Stevens

Security Researcher - Independent

Rock Stevens (@ada95ftw) is a security researcher and cybersecurity advisor. He holds a PhD in Computer Science from the University of Maryland. A former Madison Policy Security Fellow, Rock has worked in the security field for over 20 years and is still learning. Whenever he has time, he’s a nonprofit consultant.

Talks:

Watching the Watchers: Exploiting Vulnerable Monitoring Solutions

Nimrod Stoler

Principal Security Researcher

Nimrod Stoler is a cyber security researcher at CyberArk Labs where he focuses on researching the latest attack techniques and applying lessons learned to improve cyber defenses. Nimrod’s primary research areas are network defense, DevOps analysis and security and Linux containers. Prior to CyberArk, Nimrod served in several hightechnology roles doing research and development of software and hardware. Nimrod holds an LLB in law and BA in economics.

Talks:

Trust Me, I’m a Robot: Can we trust RPA with our most guarded secrets?

Russell Thomas

Principal Modeler, Cyber Risk - Risk Management Solutions (a Moody’s Analytics Company)

15 years experience in quantitative information security metrics and risk modeling. Worked in banking, Big 4 IT consulting, solo consulting, and 10 years at HewlettPackard in R&D, marketing, and manufacturing. BS in Electrical Engineering and Management from Worcester Polytechnic Institute. PhDlevel studies in Computational Social Science at George Mason University.

Talks:

It was a million to one shot, Doc. Million to one’ – Lessons learned while modeling rare catastrophic cyber loss events

Steve Thomas

Steve Thomas, aka Sc00bz, is a cryptography enthusiast and specializes in the defensive side of passwords. His current focus is on PAKEs and key stretching for aPAKEs. He was on the Password Hashing Competition’s panel that ultimately picked Argon2. He was able to break two of the submissions with one being fixable. “I do stuff… sometimes.”

Talks:

bscrypt - A Cache Hard Password Hash

Per Thorsheim

Founder of PasswordsCon

Founder of PasswordsCon. Cormac Herley has publicly stated that Per is pathologically obsessed with passwords. He’s right, but forgot to mention pins, biometrics, 2FA and all kinds of digital authentication as part of that. Per is also the founder of PasswordsCon, running the conference since December 2010. Since then PasswordsCon has taken place in Norway, Sweden, Germany, UK & USA, either standalone or as tracks at other major conferences. Sometimes Per can be funny.

In RL Per is the CISO of BankID & BankAxept in Norway. BankID is used by all the country’s banks, public digital services and an increasing number of enterprises in a wide range of sectors, with almost every adult person registered. BankAxept is the national payment system in Norway.

Talks:

Password surveys are shit!

Cracking passwords for good, bad & commercial purposes: second thoughts on password cracking

M33t the Press: CyberSafety Got Real… Now What?

Joe Uchill

SC Magazine

Talks:

Christopher Vos

Principal Modeler, Cyber Risk - Risk Management Solutions (a Moody’s Analytics Company)

Christopher is a Principal Modeler at RMS, developing mathematical models that quantify catastrophic cyber risk. His current focus is building and parameterizing a “synthetic world” from which synthetic, realistic cyber events are spawned. Christopher has a particular interest in how ransomware and other “unauthorized encrypting” incidents affect victim business operations. Christopher is originally from the UK and now lives in Boulder, CO.

Talks:

It was a million to one shot, Doc. Million to one’ – Lessons learned while modeling rare catastrophic cyber loss events

Robert "TProphet" Walker

Travel Hacker - Seat 31B

TProphet has lived in 4 countries on 3 continents, and has travel hacked his way to all 7 continents using miles and points. Recently, TProphet “house hacked’ his way into the Vancouver, BC area, where he lives in a peneexclave: one of the most unusual and unique geographic oddities in the United States. Find out more about travel hacking and TProphet’s adventures on his travel blog, seat31b.com.

Talks:

The Exclave Experience: Relocating To ‘Almost Canada’

Amanda Walker

Sr. Director, Privacy, Safety, & Security Research, & Open Source Security - Google

After an early career focused on networking, communication, and security going back to the days before the web, Amanda joined Google in 2006, and moved into Google Security in 2009. She is currently leading applied research for privacy, safety, and security and open source security. In her spare time she is an amateur blacksmith and glassblower.

Talks:

Beyond logs and time series: observability for security & privacy

Patrick Way

Patrick Way is a Senior Software Engineer on the OpenRewrite team at Moderne. He has been in software engineering for over 20 years. His software spans domains including agriculture, ecommerce, and healthcare. Between 2001 and 2011, he owned and operated a small consulting business providing geospatial permitting applications for many of California’s agricultural commissioners. Recently Patrick has focused on mass, automated remediation of security vulnerabilities across the open source ecosystem.

Talks:

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

Mic Whitehorn-Gillam

Senior Security Consultant / Developer

Mic WhitehornGillam is a Senior Security Consultant for Secure Ideas. Before entering the Information Security field he spent about a decade in web application architecture and development, and nearly five years in systems integration consulting. He possesses broad knowledge across many programming languages ranging from legacy COBOL to enterprise Java and C# to modern Ruby, Python, and JavaScript.

Mic is a perennial opensource contributor, having guided the Musashi and the Client Script Injection Kit (CSIK) projects, in addition to his contributions on SamuraiWTF and Arrrspace. He also strongly believes in providing quality developer training and has provided accessible public classes at a number of conferences. Mic’s class topics have included secure coding, advanced web proofofconcept development, and attacking and securing microservice API architecture.

When he finds a moment of spare time, Mic enjoys experimenting with sophisticated crosssite scripting payloads, building computers, and trail running.

Talks:

Cookie Monster: Exfiltrating Data and More, Byte by Tasty Byte

Cecilie Wian

Talks:

I know…But I Have a System

Beau Woods

Connecting hacker & cyber policy communities w/ @cyberstatecraft @iamthecavalry @CISAgov @defcon @supplychainsbx @bsideslv @hillhackers @columbiadefrag ++

Talks:

Rivers on Fire; Shaping the next phase of the mission

Mathew Woodyard

Principal Threat Intelligence Researcher - Okta, Inc.

Mat is a principle threat intelligence research at Auth0. He has played a wide variety as roles before diving into his current research position: as sysadmin, fraud analyst, developer, data scientist and information security architect. In his ample free time, he devours true crime and studies philosophy and economic thought.

Talks:

Protecting Against Breached Credentials in Identity Workflows

Phillip Wylie

Manager, Tech Evangelism & Enablement - CyCognito

Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and coauthor of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.

Talks:

Penetration Testing Experience and How to Get It

Hannah Zhao

Hannah is a staff attorney who focuses on criminal justice and privacy issues, and is part of the Coders’ Rights Project. Prior to joining EFF, she represented criminal defendants on appeal in state and federal courts in New York, Illinois, and Missouri, and also worked at the human rights NGO, Human Rights in China. While pursuing her law degree at Washington University in St. Louis, Hannah represented indigent defendants and refugee applicants in Durban, South Africa, and studied international law at Utrecht University in the Netherlands. She also competed in, and remains involved with, the Philip C. Jessup International Moot Court Competition, including as a problem author in 2019. In college, Hannah studied Computer Science and Management at Rensselaer Polytechnic Institute. In her spare time, she likes to climb things.

Talks: