BSides Cape Town

Charles "AngusRed" Wroth

Highly accomplished and motivated cybersecurity professional with a unique blend of experience as a seasonedrecruiter, headhunter, and active community contributor. Leveraging a comprehensive background in the securityindustry, I have cultivated an extensive network and a profound understanding of the cybersecurity landscape.Rooted in a foundation of military service and further honed through years as a security contractor, my expertiseencompasses a range of strategic, technical, and interpersonal proficiencies.

  • Hack South: Home of the ubiquitous South
Colin Domoney

Colin Domoney is an API security research specialist and developer advocate with 42Crunch. He oversees the development of the 42Crunch community and curates the industry newsletter. Colin has a long and varied career in producing secure, rugged and trustable software and hardware products covering a range of industries from military, consumer, medical, automotive to financial services. Colin has recently built and consulted on large scale AppSec programmes and oversaw Deutsche Bank's global AppSec program, and is an expert and enthusiast on all things DevSecOps. Colin is also a regular conference speaker and DevOps instructor, and is currently authoring the industry's first book on defending APIs.

  • Avoiding the API security apocalypse

I love technology and security :)

Frida is the best tool ever, change my mind!

  • ed2root - how ancient IPC mechanisms can benefit you today
Dale Nunns

I'm a Jack of all trades, serial skill collector and high-functioning hoarder.
Father, Husband, Software Developer, Hardware Hacker, Maker, Retro computer enthusiast.

By day I'm a Team-lead and Senior Software Developer building distributed, big data systems for structured finance markets.

In my free time I take things apart and occasionally they go back together.

  • A Practical Supply Chain Hack: Blinking RGBs for fun & profit.
David Baker Effendi

David is the Director of Research & Development at Whirly Labs where he leads the team of developers to create in house program analysis tools for effective program audits. In addition to this role, he communicates, designs, creates, and maintains custom analysis software at an industry-leading standard to either be integrated as the core of the client’s product offering or for their own in house services.

Over the period of his master’s studies, he made major contributions in the open-source community, where he became a leading contributor to the Joern static analysis framework. It was here that his precise and effective feature delivery became self-evident, proving that early on in his science career the ability to own, lead, and maintain major components of cutting edge static analysis software, delivering impactful features on time that solve the needs of both the academic and tech industry communities alike. His work is used by Amazon Web Services’ program analysis group, as well as part of the core analysis backbone of QwietAI and Privado Inc.

David’s experience is deeply rooted in academia where he graduated from Stellenbosch University, South Africa with a focus on static program analysis research. From an academic capacity, he has presented his research at A tier international software and security conferences.

  • Forging Chains: The Java Blacksmith
Denver Abrey

Infrastructure engineer by day, making poor attempts at breaking hardware/software by night.

  • Fun with GPON
Fabian Yamaguchi

Prof. Dr. Fabian Yamaguchi is co-founder and CTO of Whirly Labs, Adjunct Professor for Computer Security at Stellenbosch University, and Chief Scientist Emeritus at (formerly ShiftLeft Inc.) and a member of the German hacking group Phenoelit. He is a seasoned expert in cyber security with over 15 years of experience, both as an individual contributor and in leadership roles.

Most recently, he was a founding team member of ShiftLeft Inc where he built and lead the R&D team that designed and implemented the technology for automated vulnerability discovery at the heart of the product offering - based on his 2015 award-winning PhD thesis "Pattern-Based Vulnerability Discovery".

Throughout his career, he has identified previously unknown vulnerabilities in widely used software such as Microsoft Windows and Linux kernels, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, IEEE Security and Privacy, and CCS.

He is the inventor of the code property graph and lead developer of the open-source code analysis platform Joern. Fabian holds a PhD in computer science from the University of Goettingen and a master's degree in computer engineering from Technical University Berlin.

  • Forging Chains: The Java Blacksmith
Gerhard Botha

A human with a passion for malware development, offensive security research and tooling. Likes hacking and gaming, also likes game hacking, does not like scope-creep. During the day, this human pentests and annoys co-workers with memes. His boss probably thinks he doesn't do much work.

  • The cyber-pirate's guide to C2 development
Jared Naude

Jared is the Head of Security at Synthesis, where he specializes in enterprise cloud architecture. Jared is passionate and deeply committed to guiding large organizations through the complexities of architecting, securing and operationalizing enterprise cloud environments. Beyond Jared’s professional responsibilities, Jared is an enthusiastic advocate for community building, serving as the organizer of several local security events, including 0xcon, BSides Cape Town, and BSides Joburg. Jared’s research focuses on cybersecurity topics that intersect with national security and foreign policy issues such as encryption, privacy, surveillance, disinformation, and nation-state activity.

  • 2023 Year in Review: Threads of nation-state dystopia
Javan Mnjama

Javan holds a Masters degree from Rhodes University and has had experience in penetration testing for over five years where he has a strong interest in cloud security. He previously spoke at 0xCon conference in 2022, where he presented an introduction to Azure pentesting. In his spare time, he enjoys going to the gym and making music.

  • Oops!!... did I reveal something?
Jessie Auguste

Jessie is a Software Engineer at CybSafe. Having come from an academic Psychology background, she made the career switch utilising the power and resources of tech communities. She is passionate about secure software development, as an active OWASP member, and speaks internationally on topics of web security.

She's hosted world-leading tech conferences such as LeadDev and ReactBrussels, and thrives in tech communities around people passionate about building innovative technology.

Jessie is part of the Leadership Team for Coding Black Females, and co-hosts a podcast: Glowing In Tech, which showcases Black Women in technical roles.

She's a technical instructor, who has created a variety of taught courses and workshops on behalf of CybSafe, Coding Black Females and other community driven non-profit organisations.

Jessie is passionate about equality, diversity and inclusion, and spends time volunteering with organisations that help underrepresented people get into the technology industry.

  • Embracing Dystopia: Building Secure Web Applications in the Age of Fast Development + Vulnerabilities
Jonathon Everatt
  • The Wide World of Consent
Keith Makan

Keith Makan (BSc) is an author and a passionate security researcher with a storied career of helping clients all over the world. Keith has worked for clients in Europe, the Americas and Asia and in that time gained experience assessing clients from a plethora of industries and technologies. Keith’s experience renders him ready to tackle any application, network or organisation his clients need help with and is always eager to learn new environments. As a security researcher Keith has uncovered bugs in some prominent applications including Google Chrome Browser, various Google Services and components of the Mozilla web browser.

  • How to sink a UBoot : Understanding bootloader attack surface
Kyle Riley

Founder/CEO/Researcher @ iosiro, a web3 focused security consultancy. Since 2017 I've spent most of my time on smart contract and DeFi security for some of the biggest names in the space. In a previous life, I led the research team at MWR, focusing on mobile and embedded systems - snagging a Mobile Pwn2Own win back in the day.

  • Securing A Derivatives Platform With Over $25b Volume

With over a decade of experience, Leon now applies his trade at Orange Cyberdefense's SensePost Team as the CTO. Having previously worked for an investment bank and ISP in South Africa, Leon spends most of his daytime hours hacking anything from large organisations to web and mobile applications. While doing this, Leon enjoys building things and in doing so tries to contribute back to the InfoSec community. You can find him on social media as @leonjza /

  • Attacking Microsoft Exchange: Fusing LightNeuron with Cobalt Strike
Marvin Ngoma

I am a Principal Solutions Architect in the Global Security Specialist Group at Elastic, covering the EMEA area. I help organizations harness the power of Elastic Security in order to create security value. I have several years of experience working with various SIEM solutions and big data technologies, using these to help set up security operations capabilities for organizations.

I am a regular speaker about security in various community and partner events as well as other conferences.I have spoken at ElasticON europe, the nordic baltic summit, and many other conferences in EMEA. I also speak at meetups alot. I have also delivered public workshops, as well as customer focused ones.

  • Elastic Security Capture The Flag
Michael Rodger

Starting out as an electronic engineer, I quickly learned that my penchant for disassembling things and figuring out how they functioned also meant that I liked breaking things.
I joined the dots to infosec and since around 2013 I’ve been involved in the ZA hacker community. I’ve been helping with conference and meetup organising and badge building for most of the time since then, and in 2023 I made things official by joining the research team at Orange Cyberdefense.
I still tinker with hardware every chance I get, either fixing or improving something I have, or building something new. I’ve already come to terms with the consequences I’ll one day face when I teach my 2 small kids to question and dismantle everything, although my wife has already put a moratorium on bringing home broken electronics because “I’m sure I can fix this”.
I don’t like long walks on the beach because the sand gets everywhere and it smells like fish. I do like mountain biking though. Sorry, did you say “brief?”

  • Noooooooooo touch!

Mikhail Aksenov, founder, previously development teamlead in multiple infosec companies

I love automating staff, DevOps, and Python. Sometimes I talk about infosec tools I developed

  • Defenders' Den: Building a Reproducible Environment to Verify Cyber Defense Skills
Nea Paw

is a seasoned speaker and trusted name in Cybersecurity. Come attend the talk, you might be surprised.

  • Dystopian much: The Rise of the Influence Machines
Reino Mostert

Reino likes to hack things, and drink coffee.

  • LPE in enterprise software
Roshan Harneker

Personal: I'm a prolific gamer (PS5 and Xbox). I'm autistic and I'm completely devoted to my 2 Rottweilers who own me.

Professional: I'm currently the CISO for a UK and SA-based MSSP called KHIPU Networks. Prior to that I worked at UCT for 13,5 years, my final role being that of Senior Manager of the Information and Cybersecurity Services team. I hold MCom and BCom Honours degrees in Information Systems specialising in Digital Forensics from UCT and guest lectured periodically about both digital forensics and information security. I've spoken at the SANReN NICIS conference, UCT's CSSA, SACLA and Microsoft Tech Summit, the inaugural BSides Cape Town event in 2011, the ICFP virtual conference, the 1st BRICS workshop on digital forensics, an ITweb/Splunk webinar regarding powering the transformation of education services through data.

I have 25 years of IT sector experience in the Network Service Provider (NSP), Managed Security Service Provider (MSSP) and Internet Service Provider (ISP) industries (SA and UK), as well as the Telecoms and Higher Education sectors. In addition, I have extensive experience spanning digital forensics, network engineering, information security, cybersecurity, systems administration, project management, technical management and mentorship.

  • Outsmarting cyber villains on a shoestring budget
Ross Simpson

Ross Simpson is a retro computing enthusiast and has been involved in the local hacker community for several years. He runs the monthly 0xC0FFEE Cape Town meetup, and has spoken at B-Sides Cape Town, ZaCon and 0xCON conferences.

  • Hacking "AAA" Unreal Engine Games with... Python?

singe on twitter &

  • Impose Cost: Our defences eventually fail and we need to take the the fight to the criminals
  • Performance Hacking - how to hack your tools to go faster

Tinus is currently the Head of Consultancy, where he leads the entire consultancy division, including all service areas and the research division. Previously he was the Service Lead for the Network Security and Application Security divisions and second-in-command for these services globally. In these services, he helped innovate in the respective service space to ensure that MWR provides top-tier, research-driven services to their clients.

In the Cyber-defence field, he assists executives and senior management teams of several strategic clients in an advisory capacity in helping solve business and operational security challenges. This includes creating long-term roadmaps for cyber resilience and using the tools available to the organisation to better track and understand their security posture.

He was responsible for creating a Technical Tabletop Exercise solution. This service simulates real-life attacks in a mock environment to provide training opportunities for Computer Security Incident Response Teams (CSIRTs) to enable companies to improve their Incident Response and Management processes.

Since Tinus has a passion for training, he is also involved as a content engineer for TryHackMe to create cyber security training content and a part-time final-year project leader at the University of Pretoria for their EEC Engineering division.

  • Let the Children play - Leveraging AD CS for persistence and profit in Parent-Child configured forests.