Bsides Cymru 2024

Alicia Cork
  • Exploring the socio-technical challenge: What even are human factors?! and why should I care?
Balazs Greksza

2008-2015 ITSec: IAM, Project Coordinator, Third Party Auditing, Sec Mgmt Lead for Architecture Project
2015- now Cyber: SOC Tech Lead / T2, SOC Manager, CSIRT T3, Senior SOC Eng, Threat Response Lead, Advanced Threat Operations Lead
Prior Certs: CISSP, CEH, CISA, CISM, CRISC, ISO27001LA, GCFA(508), GREM(610), CAPM(project management), CDP(devsecops), CCSE(container sec), CTMP(threat modeling), AOWD, TDI-CD(Cavern diver 🤿)

  • Practical security challenges posed by AI adoption: Code Quality and Threat Modeling
Becky MacBride

A passionate tech-driven professional, with over 15 years in technology and specialising in vulnerability management after working in industry I now help businesses with their security frameworks within a leading global company.

  • Is the biggest cyber security risk the lack of diversity?
Ceri Coburn

Ceri currently works at Pen Test Partners as a Red Team operator and offensive tooling developer. He has contributed and authored several offensive and defensive tools that have been released to the community. He has presented talks at DEF CON and BSides and is looking forward to be returning to talk at his home event, BSides Cymru.

  • Okta Terrify - Persistence in a Passwordless World
Craig Jones, Clare Johnson + Stuart Criddle


  • BattleBots
  • Opening Speeches + Keynote
Dan Cannon

Daniel Cannon is a seasoned cybersecurity professional with over a decade of experience specializing in penetration testing and technical assurance. Throughout his career, Dan has collaborated with diverse public and private sector entities, providing invaluable security assessments and strategic advice.

  • I Don't Care about Domain Admin
Hani Momeninia

Hani is a highly skilled Purple Team consultant with a background in system administration and a deep
passion for teaching and educating the cybersecurity community. With over 7 years of experience in
the field, Hani possesses a comprehensive understanding of computer systems and networks,
specializing in Linux, Windows, and networking technologies.

Beyond his professional endeavors, Hani is dedicated to sharing his knowledge and empowering
others in the cybersecurity community. He actively engages in teaching and educating aspiring
cybersecurity professionals through workshops, webinars, and community events. Hani's ability to
explain complex concepts in a clear and concise manner has made him a highly sought-after speaker
and mentor.

  • Navigating Cloud Frontiers: A War Story of Cloud Purple Teaming
Harry Williams

Harry graduated from the University of Warwick in 2019 with a history degree, before working for PwC in the Ethical Hacking team from March 2020 until November 2023. He now works as a Cyber Security Consultant for Stripe OLT.

  • Dr. Strangequeries or: How I Learned to Stop Worrying and Write Better BloodHound Queries
Hugo Page-Turner

Hugo is a Red Team Operator & Developer at Pen Test Partners.

  • So you want to be a spy - reality is a slap in the face
Ilkin Javadov

Ilkin Javadov, a globally recognized ethical hacker is known for ethically hacking numerous companies and government websites worldwide. Ilkin Javadov also hacked some federal entities(German Armed Forces and Ministry of Defence UK - Awarded Medal of honor).
Check My Linkedin :

  • Securing Online Transactions: How to Keep Your Money Safe about IDOR vulnerability
Illyana M

Illyana Mullins is the founder of the Women in Tech and Cyber Hub (WiTCH), a not for profit that focuses on supporting women in and who are looking to join cyber security and technology. She has a passion for innovation, community, and EDI and is a champion for Neurodiversity. She also is the director of BSides Cheltenham.

  • Decoding Neurodiversity: Spectrums aren't just for RF
James Stevenson

James is a software engineer and security researcher, with a background of over six years in the computer security industry - with a primary focus in vulnerability research.

  • Automating Binary Analysis With Machine Learning… and a bunch of scripts
Joe Gardiner

Joe is a Lecturer in Cyber Physical Systems security at the University of Bristol. His work focusses on the security of Industrial Control Systems.

  • ICS Village
Jon Renshaw

Jon is Deputy Director of Commercial Research at NCC Group, a cyber security consultancy and services company headquartered in Manchester, UK. His role involves managing cyber security research for NCC Group's customers globally, across technologies and sectors, and delivered by technical experts from across the company.

Jon's technical background is in the design and integration of secure networked systems with experience across telecommunications, enterprise and military communications networks, vehicle platforms and key management systems.

  • Home Renewables Security Or: How I forgot to RTFM and got Pwned by my 12 year old
Matt Wixey

Matt Wixey is a threat researcher. He is a former penetration tester, and previously led cybersecurity R&D capabilities at both a professional services firm and a law enforcement unit, digging into emerging attack vectors, vulnerabilities, and new technologies. Matt has spoken at national and international conferences, including Black Hat USA, DEF CON, ISF Annual Congress, 44con, and BruCon.

  • Hurr Durr, He Wrote: That awesome time I trolled the stupidest scammer in the world
Max Corbridge

Max is a practicing Red Teamer who has quickly risen through the ranks to Head of Adversarial Simulation, just three years after getting into cyber from a non-technical, self-taught background. Formerly an English Teacher and Linguist, he has weaponised his communication skills to great effect whilst social engineering on Red Team engagements. Max now has years of experience working in fast-paced offensive security consultancies, and currently leads a highly technical team of consultants who are at the forefront of cloud Red Teaming. His zero-day vulnerabilities in Microsoft Teams and IBM Backup Products have made headline news around the world. Max is a CHECK Team Leader, and was one of the first in the UK to have received the professional entitlement (Principal Cyber Security Professional) from the UK Cyber Security Council.

  • Out of the Frying Pan Into the Cloud: A Red Teamer's View of Your Cloud Estate
Muhammad Yusuf Bambang

Indonesian student, studying for a better future.

  • Modern Vehicle Sabotage
Oishee Kundu

Oishee is a researcher in science technology and innovation (STI) policy, with a focus on the role of government demand in technology development.

  • Exploring the socio-technical challenge: What even are human factors?! and why should I care?
Pete G

Pete G is a Principal Cyber Security Engineer heading up a Security Engineering practice for one of the largest and most famous transport networks in the world.

For over 16 years, Pete has navigated the ever-evolving IT and cybersecurity landscape. His journey has taken him through the darkest corners of the cyberworld, from chasing ransomware operators through labyrinthine networks to resurrecting Active Directory from the ashes of malicious attacks. From crafting brand-new infrastructures from the ground up to unraveling complex fraud schemes, he has done most things.

A passionate advocate for knowledge sharing and community building, you can often find him at BSides conferences, where he's not just an attendee but a source of inspiration for budding cybersecurity enthusiasts. He's also the creator and guardian of the "Cyber Railway," a live interactive hackable railway CTF/War Game. It's a playground where aspiring hackers can sharpen their skills.

Known for his dad jokes, loyalty and entertainment on the decks and off he's a good egg.

  • Whatever you do, don't pull the plug!
Rik Kershaw-Moore

Information Security profession with numerous years experience with physical securty pentesting. Whilst a competant lockpicker still always trying to improve skills.

  • Lockpicking Village
Rob Peace

Rob is a psychologist at the University of Bath and part of the centre for doctoral training in Trust, Identity, Privacy, and Security (at scale). He has a general interest in the human factors of cybersecurity and digital behaviour. His specific research focuses on how individuals' trust in digital information is exploited (from OSS attacks, to phishing, to disinformation) when making decisions over the trustworthiness of information that they are unable to verify.

  • Exploring the socio-technical challenge: What even are human factors?! and why should I care?
Sam Macdonald

A cybersecurity professional with only two years experience, imposter syndrome is a weekly bi-product of having changed careers midlife. Every day is a school day, now looking to tackle the inner fraud that takes so many in the community and share what I have learnt.

  • I Know What You Did Last Summer
Samuel Kavaler

Samuel is a SOC Team Manager at Ontinue, where he leads a team of Analysts providing MDR service for Ontinue’s customers. Samuel has 6 years of experience working in different Security Operation Centres as Analyst and Engineer. He loves all things related to SOC with main interests in SecOps, Threat Hunting and DFIR.

  • SOC Analyst’s Arsenal: Essential Tools, Tips and Tricks for Effective Investigations
Sunny Chau

I work in the adversary simulation team at JUMPSEC. Having been offensive security for a number of years, these days I am passionate in exploring and researching latest techniques and paradigms in cloud red teaming, a relatively nascent field in our industry.
In my free time I listen to math rock and play the guitar.

  • Ohhhh365 - How to (Quite) Reliably Hack into Microsoft 365, And What to Do Afterwards
Tony Gee

For 15 years, Tony's job has been either trying to break technology or defend it from attack. This he has done everywhere from banks to mass transport systems. He specialises in open source intelligence and social engineering, providing intelligence and understanding, helping clients understand their exposure and providing insight and access for red and purple teams. He also speaks the world over at technology and cybersecurity events about how anything from children's toys to cars, planes and ships can be hacked. He has spoken at PCI events in Europe and Asia, at the ISC2 Congress, ISACA CSX Europe, SANS Awareness Conference, WIRED Smarter, technical conferences such as 44Con and BSides. Most notably, he has spoken to US Congress and the European Central Bank about how the underlying digital theories and systems which modern life relies on, are vulnerable to attack.

  • So you want to be a spy - reality is a slap in the face
Vasilis Ieropoulos

I am currently in the third year of my PhD program at Cardiff University, specialising in Cybersecurity. My research focuses on Machine Learning threat detection for resource-constrained devices, aiming to secure the rapidly expanding Internet of Things (IoT) landscape.

In addition to my academic pursuits, I am an active ham radio operator with the callsign 5B4ANU. This hobby allows me to connect with a global community of enthusiasts and reflects my passion for technology and communication.

I am also deeply committed to the open-source community. I have contributed to various projects, not only through code but also by translating project documentation. This has allowed me to help break down language barriers and make these projects accessible to a wider audience.

  • Pocket-Sized Powerhouses: Exploring IDSs on Microcontrollers
Victoria Marcinkiewicz

Victoria is a 3rd year PhD student based in the School of Psychology and is part of the Doctoral Training Program (DTP) in Cyber Security Analytics.

Victoria studied Criminology as an undergraduate at the University of Lincoln and went on to complete her Masters in Criminology and Social Research – Cyber Crime and Cyber Security at the University of Surrey.

Victoria’s research focusses on how self-driving cars would be blamed and trusted (or not) in the event of a cyber attack using methods from both applied and experimental psychology. Victoria is also examining how the initial loss of trust in such technology could be countered by human-computer interactions with the human-machine interface and wider vehicle design.

Around her studies, Victoria has worked as a Research Assistant; spoken at international conferences, workshops and symposiums and is also an established Cyber Security and Information Assurance Consultant.

  • Exploring the socio-technical challenge: What even are human factors?! and why should I care?
Wayne May

Wayne discovered the world of scambaiting in 2005 and has since become deeply involved with both baiting and helping those who have been scammed. In 2012 he created alongside a group of likeminded people. He has appeared in the media worldwide, on such programs in the UK as Crimewatch, Victoria Derbyshire, Scam Interceptors and The Kyle Files as well as both BBC and ITV news.

  • Everything online can be faked. Here's how and here's how to spot it.
Zeyu (Zayne) Zhang

Zayne is a Computer Science student at the University of Cambridge. He is an avid security researcher and CTF player. He holds industry certificates such as the OSWE and OSCP, and has previously worked in TikTok's security team. In his free time, he hunts for bugs on the HackerOne platform, and plays CTFs with Blue Water, one of the top global CTF teams.

  • Client-Side Attacks in a Post-XSS World