Director of the Trans Tech Tent and Sr. CIRT Analyst, fixing what other people broke for [REDACTED] years!

Hey!

I'm a security enthusiast with a background in web hacking and VDPs, and an interest in OSINT investigations and threat intelligence. My CV looks like a bad game of scrabble with the amount of letters I've picked up from working with various organisations and completing certs.

I've read thousands of bug reports and write synopses and other security topics in the forms of blogs (https://medium.com/@nynan) and I write bash one liners and regexes so horrific that HP Lovecraft couldn't dream of on twitter (https://twitter.com/_nynan).

After a 20 career within the software development space I was looking for a new challenge and moved into pen testing back in 2019. During that time I have created and contributed to several open source offensive tools such as Rubeus, BOFNET and SweetPotato and on the odd occasion contributed to projects on the defensive side too.

• OSEP | OSWE | OSCP | CEH | CPTC | PenTest+ | eWPT | ECIH | CREST
• Founder of Zerotak Security | Co-Founder of Cyber Union
• Providing pentesting & security consultation for clients all over the world: Australia, U.S., U.K., Middle East, Singapore, India, Central Africa, Europe.
• Trainer for U.S. Department of Defense, Slovenian National Bureau of Investigation, Polish Military CERT
• Speaker @ Defcamp, HEK.SI, RST Con, HackTheZone, Unbreakable
• EC-Council Certified Ethical Hacker (CEH) Scheme Committee Member
• InfoSec Writer on Medium

Darren runs the Threat Intelligence function at Admiral Group. Having previously worked as a tester of pens his alumni includes ECSC, NCC Group, CGI and Symantec, he routinely combines defensive and adversarial capabilities to ensure attackers don't win.

Is too boring for a biography.

Emily is a CTI analyst at Cyjax and a student. In her spare time she can be found tinkering with all kinds of electronics and 3D printers, or buried in a book. She tweets from @nyxilar.

I am James, I am 16. I work in Cyber Security as a Junior Security Analyst and an Offensive Web Application Trainer for HackTheBox. I have a background in Offensive Hacking/Penetration Testing. I started at a young age and went down the wrong path where I was investigated and arrested by the National Crime Agency/Federal Bureau of Investigation. I am eJPT Certified and thanked by various companies for reporting vulnerabilities.

I’m a Software Engineer and Security Researcher, with a background of over five years in the computer security industry. These days I’m working at an offensive security start-up, as well as working on a range of other side projects.

Joe Gardiner is a Lecturer in Cyber Physical Systems Security in Bristol Cyber Security Group, the University of Bristol. His primary area of research is the security of industrial control systems.

John Shier is a Senior Research Scientist at Sophos. John is a popular presenter at security events, and is well-known for the clarity of his advice, even on the most complex security topics. He has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen cybersecurity defenses.

John is often consulted by press, and has been quoted in publications like Reuters, WIRED, The Register, Fortune, CNN, The Hill, Fast Co, Yahoo, and more. He’s also a frequent speaker at industry events like RSA Conference, Infosec, GITEX, BSides and more.

My name is Josh, I am 23. I currently work as a Threat Operations Analyst for @HuntressLabs where I am able to defend against a variety of attacks and put Defensive/Forensics techniques into practice.
Lover of all things including IoT, Offensive Sec, Threat intelligence and more.

Now leading the internal S2 research team, Josh has been an analyst with Team Cymru for the past six years. Specialising in the tracking of infrastructure for a diverse target set that includes both nation state and criminal threat actors. Josh has an extensive background in law enforcement and national security investigations.

Blue security person with interests from DFIR to Infrastructure as Code, with a current focus on building cool solutions for various security challenges.

Mark is a software developer turned security specialist and has worked in Application Security for almost 20 years.

Mathias is a Senior Incident Response Consultant at Mandiant and delivers emergency response services for clients facing security breaches. He specialises in providing enterprise-scale incident response operations for sophisticated network intrusions.
Mathias has led organisations and government bodies in responding to breaches by highly sophisticated adversaries such as nation-state sponsored espionage actors and cyber criminals aiming to extort or ransom victim organisations.

Matt Wixey is a Principal Technical Editor and Senior Threat Researcher at Sophos. He is a former penetration tester, and previously led cybersecurity R&D capabilities at both PwC UK and a specialist unit in the Metropolitan Police Service, digging into emerging attack vectors, vulnerabilities, and new technologies. Matt has spoken at national and international conferences, including Black Hat USA, DEF CON, ISF Annual Congress, BSides LDN, 44con, and BruCon.

Phil is a professional penetration tester working in the UK.. He has been a pen tester for the past four years and has completed numerous engagements across different sectors for all sizes of clients. He has written dozens of blogs covering different areas of testing, including: introductions to hardware hacking; threat modelling; owning a company through admin password reuse; and an investigating into an anti-5G USB key which caught the attention of the mainstream media. Phil was also co-speaker at DEF CONs Aviation Village discussing hacking legacy in-flight entertainment systems in retired 747s.

Phil has completed several social engineering jobs: breaking into buildings both big and small, well protected, and not so much. Forever wondering “what is behind that door” has somehow turned into a job, and a quizzical mind combined with quick thinking has allowed him to bypass some brilliant security measures and gain access into some very interesting areas.

Dr Rick Jennings is an acclaimed expert in the field of false identities and credential claims, and has been researching in the field for over a decade. Among other works, he is the author of the recognised authoritative text on the subject 'When You're Not You: Identity and Credential Falsification Through the Ages' and has presented keynotes at a number of globally renowned events.

Rob is a final year PhD student in psychology at the university of Bath. He is part of the centre for doctoral training in trust, identity, security, and privacy in large scale infrastructures (a collaboration between the universities of Bath and Bristol). His research focuses on gaining further understanding of how trust is exploited online (including open-source software attacks, mis/disinformation, and how to increase trust in honeypots).

Thibault Seret is a researcher on the Team Cymru Research Team. He is
currently focusing on crimeware and APT analysis and research, reverse engineering
and threat intelligence, and trying to fight against bad guys. Before joining Team
Cymru, he worked as a Threat Researcher in McAfee’s ATR team, as cybercrime
analyst in a banking institution with the mission to improve the digital forensics
department, and as a CERT analyst at an IT services company where he tried to save
the world with his teammate. He participates a lot in the security community and
CTF competitions and is a teacher for the new generation of cyber defenders. For
the Alliance!

For 15 years, Tony's job has been either trying to break technology or defend it from attack. This he has done everywhere from banks to mass transport systems. He specialises in open source intelligence and recon, providing intelligence and understanding, helping clients understand their exposure and providing insight and recon for red and purple teams. He also speaks the world over at technology and cybersecurity events about how anything from children's toys to cars, planes and ships can be hacked. He has spoken at PCI events in Europe and Asia, at the ISC2 Congress, ISACA CSX Europe, SANS Awareness Conference, WIRED Smarter, technical conferences such as 44Con and BSides. Most notably, he has spoken to US Congress and the European Central Bank about how the underlying digital theories and systems which modern life relies on, are vulnerable to attack.

Vangelis is a developer as well as Senior Penetration Tester. His research is mainly in API and web application security.

His academic research is focused on machine learning and the development of proactive web application security.

During his free time Vangelis helps start-ups secure themselves on the internet and get a leg-up on security.

During the past years he has published research regarding API control functions for ships, smart locks, IP cameras, EV chargers and many other IoT devices.

Victoria is 2nd year PhD student based in the School of Psychology, Cardiff University and is part of the Doctoral Training Program (DTP) in Cyber Security Analytics. Her main research focus is on how self-driving cars would be blamed and trusted (or not) in the event of a cyber attack, and how the initial loss of trust in such technology could be countered by the human-machine interface (HMI).
Victoria studied Criminology as an undergraduate at the University of Lincoln and went on to complete her Masters in Criminology and Social Research – Cyber Crime and Cyber Security at the University of Surrey. Around her studies, Victoria supports a related research project and has represented this team at international conferences and workshops. Victoria is also an established Cyber Security and Information Assurance Consultant.