Worked in the realms of web development and web application security for the past 20 years. I create educational content such as interactive labs, Capture The Flag (CTF) Events and gamified learning experiences.
- Mastering Recon: Mapping the External Perimeter
Alexandra Forsyth is currently a Security Delivery Senior Analyst, based within the cyber threat intelligence (CTI) team at Accenture.
In her role, Alexandra is the subject matter expert for retail and consumer goods and services industries. Alexandra is responsible for conducting strategic research, analysing data and collating evidence, to facilitate threat landscape reports for relative Accenture clients, and helping deliver presentations to stakeholders highlighting recommendations based on the industry research.
Prior to Accenture, Alexandra acquired the ability and enthusiasm to deliver bespoke intelligence services to clients in the cyber security space, as part of employment with a managed service provider (MSP) specialising in cyber threat intelligence. Alexandra has experience collaborating within a team, and independently on tasks pertinent to clients, supporting business as usual (BAU) operations, on-demand investigations, and open-source data gathering.
- Exploring Retail’s Cyber Threat Landscape
Cyber security enthusiast, finally free from academia, interned as a cybersecurity consultant at WithSecure, and currently filling my time picking locks and job-hunting.
Favourite security areas: Mobsec, Access Control/Physical Security
Favourite Padlock: Abus 72/40
- "Open, Sesame!" - unlocking Bluetooth padlocks with polite requests
Alfie is a founder of delivr.to and specialises in the delivery of attack detection and adversary emulation services. He actively contributes educational content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat, DEF CON, RSA and Blue Team Con.
- Email Detection Engineering and Threat Hunting
Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP.
- Beyond the Code / SBOM: Supply Chain Security
Senior IT Security Analyst
- The simple approach to security risk management
Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Security Leadership, Future Tech and the associated security challenges for practitioners and CISOs.
- Breaking the Cloud: A Tale of 3 Breaches!
Alex is a Senior Incident Response Analyst supporting a multinational consulting firm in the UK. Along with extensive experience in SOC operations, Alex is a proficient coder and enjoys general coding & automation projects. When not engaged in securing organisations, Alex enjoys hanging out and sampling all varieties of food.
- Abusing RWX-S binaries for post-exploitation
Aunart Grajqevci is a third year Cyber Security student at Manchester Metropolitan University, with particular interests in network security and AI.
In his spare time, he works towards achieving the top 1% on Hacker101 and gaining industry professional qualifications such as Cisco Certified Support Technician (CCST).
- Wires gone Rogue: IoT security at the cable level
Ben Sadeghipour AKA NahamSec is a security researcher and content creator. He’s currently in the top 100 for both HackerOne(25) and Bugcrowd’s (95) leaderboards. He has helped identify over a thousand vulnerabilities in companies like Amazon, Apple, Airbnb, Lyft, Snapchat and more. Prior to doing content creation full time, he worked as a research and community education executive at Hadrian and HackerOne. Ben has presented many talks and workshops at cons such DEFCON, BSides, OWASP AppSec, RSA, Red Team Village, and more. He also enjoys hosting and organizing hacker meetups or virtual conferences such as NahamCon and Hacktivitycon!
- Mastering Recon: Mapping the External Perimeter
Chester Wisniewski is Director, Global Field CTO at Sophos. With more than 25 years of security experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.
Chester works with Sophos X-Ops researchers around the world to understand the latest trends, research and criminal behaviors. This perspective helps advance the industry's understanding of evolving threats, attacker behaviors and effective security defenses. Having worked in product management and sales engineering roles earlier in his career, this knowledge enables him to help organizations design enterprise-scale defense strategies and consult on security planning with some of the largest global brands.
- Breaking Bad Multifactor: MFA bypasses and how to assess the risks
Claudio is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15 years long journey in the security space. Security consultant first, then moving through different roles, from technical sales engineering to security research and product engineering. This has allowed him to experience application security from a variety of perspectives.
He fell in love with static source code analysis early on and spent most of his career working with, and on, the leading static analysis solutions.
He’s now leading the security research team at Semgrep and trying to make the world a safer place, one rule at a time.
In his free time he enjoys doing way too many things. If he had to pick up four: synthesizer nerd, avid runner, beginner Go player, foreign languages enthusiast.
- Scaling your AppSec Program with Secure Defaults
- The (Non)inclusivity of InfoSec - My Experience
Dhruv is an experienced cybersecurity professional with a key interest in leading & delivering Adversarial Attack (Red/Purple Team) simulations. He formerly established & served as the Head of the Red Team at Resillion and is about to start as the Head of Adversarial Simulations for a UK Bank.
Over the last few years, Dhruv’s core focus has been on developing the red team capability at Resillion, while focusing on testing less common environments such as MacOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. Dhruv possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. Dhruv’s role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.
- Building a macOS Red Team playground
- Oh My Phish!
IT help desk analyst with hopes of going into infosec in the future
- Of Microchips and Mammals
Specializing in penetration testing and red teaming, Granit has a track record of assessing and enhancing the security of complex infrastructures. His commitment to staying at the forefront of cybersecurity ensures he consistently delivers superior measures to safeguard organizations against evolving threats and vulnerabilities.
In a dynamic digital landscape, Granit's dedication to cybersecurity remains unwavering, making him a trusted guardian of critical information and systems. His career is a testament to his passion for cybersecurity and commitment to ensuring the safety of enterprises and individuals in an ever-changing world.
- Red Teaming on Critical Infrastructure
Hela Lucas is an Incident Response Consultant at CrowdStrike. She spends her time helping customers investigate and recover from cybersecurity incidents.
- Anti-forensics techniques used by Threat Actors in the Wild
Currently a senior security consultant at Rootshell Security. He has over 18 years experience of the fire alarm and access control/security industry moving into penetration testing and, in particular, physical intrusion engagements in 2020. Since that time he has completed a number of physical and social engineering engagements including some internationally.
- Physical Intrusion - Access Un-Controlled
Iain Smart is a Principal Consultant with ControlPlane, where he performed offsec engagements against cloud-native deployments. He enjoys playing with new technologies, and if he's not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found writing new home automations to annoy his family.
- Container Security and Hacking with Docker and Kubernetes
Idan Ron is a Senior Red Team Consultant in Mandiant’s U.K. office. As part of the Red Team team (also known as APT66), Idan specialises in adversary simulation, red and purple team assessments, and cloud assessments. Idan delivers proactive red team assessments to Mandiant’s clients across all industries.
- Your friendly neighbourhood penguin: Using Linux and WSL to stay under the radar
Jack McBride is a senior red teamer at Resillion, a global cyber security services provider. In his role, Jack has managed and delivered a multitude of red and purple team engagements in seasoned Windows environments spanning multiple industry sectors, including finance, defence and government. Seeking a new challenge, he has recently made the jump into researching and breaking into macOS-based environments. In addition to being an Offensive Security MacOS Researcher (OSMR), Jack also holds the OSEP, OSWE and OSCP.
- Building a macOS Red Team playground
James (@FranticTyping) has over 10 years of experience working in a number of incident response, detection engineering and security engineering roles. James is currently a Principal Incident Responder within the CSIRT at Coinbase. Before joining Coinbase, James was the global continuous improvement lead in the Managed Detection and Response (MDR) team at F-Secure Countercept.
- Scaling Detection and Response Teams - Enabling Efficient Investigations
IT Security Analyst
- ASR Fatigue Reduction - Managing Attack Surface Reduction rules
With over 17 years of experience in the field of Cyber Defense (Incident Response, Security Engineering, Threat Hunting), Jinto currently working as Senior Incident Response Consultant at WithSecure (formerly known as F-Secure Business) in London, UK.
- Bytes of Insight - YARA in Incident Response and Malware Hunting
Joe Wrieden is a Computer Science graduate from the University of York, who has been involved in the security sector for over three years. Over this time Joe has become fascinated with how threat actors operate, and the techniques that can be used to track cybercriminal activity. He now works as an Intelligence Analyst for Cyjax, a UK-based Cyber Threat Intelligence company, where he has found a passion for writing and presenting on cyber security topics. His research specifically focuses on following threat actor activity and the security concerns in the cryptocurrency and blockchain landscape.
- Security is Key: The Vulnerabilities of API Security
Josh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
- Game of Codes: QR Thrones, Image Battles, and the Quest for Initial Access
- Email Detection Engineering and Threat Hunting
Graduate consultant at Logiq Consulting. Particularly interested in cloud security and the application of novel cyber technologies.
- The art of cyber deception
Ken Westin is currently Field CISO at Panther and has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.
Ken lives in Oregon in the United States and splits his time between a house in the woods near Portland and a beach shack on the Coast with his wife, son, and two dogs. He holds a BA from Lewis & Clark College, a graduate degree from the University of Portsmouth UK, and several security certifications. He is a self-professed guitar and record hoarder and amateur musician.
- Purple Teaming with Detection-as-Code for Modern SIEM
Laurence is an application security consultant with a broad range of interests. He is the co-founder of CryptoHack, a popular cryptography challenge platform. He got addicted to CTFs at university and has been learning as much as he can about web, cryptography, network, and infrastructure security since then. In his spare time he loves going on cycling and hiking trips.
- Bugs Are Shallow: Finding Vulnerabilities in Top GitHub Projects
A blue security person and aspiring maker and breaker of all the things, with interests from DFIR to DevOps. Currently architecting and implementing solutions to challenges in security operations and beyond for three years.
- Soc Adventurez In TiETW
Now a doctoral researcher at Brunel University and security analyst at ThreatSpike Labs, martyn studied materials science and metallurgy and worked in the chemicals industry across various parts of the UK, mainly writing Excel macros, before moving into infosec.
- Automated wargaming of a Chemical Plant
Max is a security consultant within Mandiant's Red Team, regularly conducting a wide variety of Red and Purple Team operations.
- Your friendly neighbourhood penguin: Using Linux and WSL to stay under the radar
Maya edits text files, throws some of them at interpreters and compilers, with the objective of either breaking things or fixing things... but you can't really be sure until it happens.
They are a cybersecurity practitioner with interest in application security as well as a software engineer, and a life-long student (just not in academia anymore... thankfully).
On the side, she helps out with communities, likes to build events and help people get their feet wet in this field we call "cybersecurity".
- Decentralization: Mo' Systems, Mo' Bridges, Mo' Comms, ... Mo' Problems?
Miłosz is a mobile security specialist at WithSecure, having previously spent entirely too much time working in academia.
His current work revolves around Mobile Device Management solutions, Android device security audits, advisory consultancy, and complaining about password managers. Outside of technical work, his primary interests are in education and the culture of education.
- "Open, Sesame!" - unlocking Bluetooth padlocks with polite requests
Electronics, radio, Linux and cyber
- In space; everyone can hear your downlink
Hacker, researcher, student
- Game hackers and you: Knowledge extraction from toxic places
He/Him
3rd Year BSc Cyber Security
Top 1% on TryHackMe
Ethical Enthusiast
- Ethical Hacking: Navigating the Modern Ethical and Moral Landscape
Niall Caffrey is a Senior Security Consultant at Edgescan for over eight years. Specialising in a comprehensive array of security services, Niall routinely performs in-depth auditing, assessments, consulting, and penetration tests. His expertise spans a broad range of technologies, including networks, cloud infrastructure, web and mobile applications, and more. Trusted by blue-chip companies across diverse sectors - from fintech and government to insurance and medical - Niall's proficiency ensures that these organisations remain safeguarded against ever-evolving cyber threats. With a deep understanding of the nuances and intricacies of digital security, he is a pivotal asset to the Edgescan team.
- Mobile Application Pentesting 101
Coming from a background of software development and architecture, I spent a few years as software developer, architect, team lead, working in secure software for the financial sector
I moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on code review, penetration testing, threat modelling, and automating security testing with new tools, scripts, etc.
- Slightly SOSL'ed - Locating and Testing SOSL Injection
A computer science student from York. They're known to enjoy Wikipedia rabbit holes and data protection standards
- An Abridged History of Malware
Pete G is a Principal Cyber Security Engineer heading up a Security Engineering practice for one of the largest and most famous transport networks in the world.
For over 16 years, Pete has navigated the ever-evolving IT and cybersecurity landscape. His journey has taken him through the darkest corners of the cyberworld, from chasing ransomware operators through labyrinthine networks to resurrecting Active Directory from the ashes of malicious attacks. From crafting brand-new infrastructures from the ground up to unraveling complex fraud schemes, he has done most things.
A passionate advocate for knowledge sharing and community building, you can often find him at BSides conferences, where he's not just an attendee but a source of inspiration for budding cybersecurity enthusiasts. He's also the creator and guardian of the "Cyber Railway," a live interactive hackable railway CTF/War Game. It's a playground where aspiring hackers can sharpen their skills.
Known for his dad jokes, loyalty and entertainment on the decks and off he's a good egg.
- Unearthing the Secrets of Securing a 160-Year-Old Railway: Beyond the Basics!
From his hands on experience working in cross functional teams as a full stack engineer to his theoretical knowledge gained during his studies in computer science with a specialism in cyber security, Robbie hopes to bring a unique perspective looking at the challenges faced by security teams in the modern software development world.
- DevSecOps on a Budget: Building a Secure Development Pipeline Without Breaking the Bank
Rory has worked in the Information and IT Security arena for the last 23 years in a variety of roles in information security and penetration testing. These days he spends his work time on container and cloud native security. He is an active member of the container security community having delivered presentations at a variety of IT and Information security conferences. He has also presented at major containerization conferences and is an author of the CIS Benchmarks for Docker and Kubernetes and main author of the Mastering Container Security training course which has been delivered at numerous industry conferences including Blackhat USA. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.
- Container Security and Hacking with Docker and Kubernetes
Hi I'm Sascha, a Computer Science student with a star-crossed love for Cyber Security! Besides my fondness of technology, languages and cookies, I love to learn new things and get stuck in wherever the opportunity arises!
- Cloudy with a chance of security
Hi, I'm Shaza, I enjoy security and reading books- probably somewhere laughing at my own jokes
- Cyber Resilience in Industry 4.0: Strengthening Standards and Embracing Emerging Tech
Pursuing MSc in Cybercrime & Security | Cybersecurity Writer | Threat Intelligence Analyst Intern
- Exploring the Dark Web: Forums, Markets, and Scam Insights
Taylor Rhoades is a cybersecurity sales leader with the past 7 years in the SIEM industry. She is currently the Senior Sales Director at Graylog.
- Off the Hinge: Dating with OSINT
Theram is a red teamer at Resillion, a global cybersecurity firm, where he has orchestrated and executed a wide array of red and purple team operations. In his role, Theram specialises in crafting sophisticated phishing campaigns to target small-medium sized businesses and mature organisations alike, across industries ranging from banking and finance, to legal and healthcare. Eager to push boundaries, Theram has lately delved into researching initial access techniques, with a spotlight on mastering the intricacies of phishing. Amongst other industry certifications, Theram currently holds the OSEP, OSCP and CRTO.
- Oh My Phish!
Thomas Preece is a Lead Architect working in the BBC handling security within the BBC’s digital estate. His focus is around building security community, technical security education and giving developers the tools they need to create secure systems and ensure they continue to be secure.
- The internet never forgets: OSINT'ing myself to uncover 30 years of data leakage
Tijme is Product Lead Adversary Simulation in a red team. In his role, he facilitates red team operators with the tools needed to simulate APT’s as accurately as possible. He spends most of his time on cyber security research. Over the past years, this research mainly focused on Adversary Tactics and Red Team Operations. Furthermore, with his polyglot software engineering background, he works on the development of current exploit code and malware, used to simulate APT’s penetrating target organisations. One of his latest projects is KernelMii , an open-source Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation.
- Elevate & Conquer: A Journey Into Kernel Exploitation
Timur Yunusov has twelve years of experience in practical security assessment and security research. Specializing in the security assessment of financial systems: online, core, and mobile banking, ATM, POS, and card processing. Expert in banking application security. One of the DEF CON Payment Village organizers.
- Offensive Payment Security 101
Cybersecurity professional with a background in Marketing and Software Development.
- A talk about Cross-Site Scripting (XSS) in 2023? The mitigated unmitigated vulnerability.
Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
He currently applies his skills as a Chief Technology Officer at Tremau, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices.
Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
- Connected Chaos: Uncovering Router Vulnerabilities via Cloud API Connections
Will Thomas (aka @BushidoToken) has been a security researcher for over 4 years and has had his work featured by several well-known publications such as The Telegraph, VICE Motherboard, CyberScoop, BleepingComputer, TheRecord, TheRegister, and InfosecurityMag, among others. He is currently a CTI researcher and threat hunter at the Equinix Threat Analysis Center (ETAC) and is the co-author of the SANS FOR589: Cybercrime Intelligence course. He has previously appeared on Darknet Diaries (Ep 126) and has spoken at multiple conferences, such as NCSC Response22, DTX Europe, BSides Cheltenham, and BSides Basingstoke.
- Keep Your Enemies Closer: How to Profile and Track Threat Actors
Zayne is a Computer Science student at the University of Cambridge. He is an avid security researcher and CTF player. He holds industry certificates such as the OSWE and OSCP, and has previously worked in TikTok's security team. In his free time, he hunts for bugs on the HackerOne platform, and plays CTFs with Blue Water, one of the top global CTF teams.
Previous talks he has given include HTTP Request Smuggling in the Multiverse of Parsing Flaws at BSides Singapore 2022.
- XS-Leaks: Client-Side Attacks in a Post-XSS World