BSides Toronto 2022

Alan McDermott

Alan is a virtual CISO with Fractional CISO working with companies to make better informed decisions around data, technology and business risk. He has held numerous technical and security leadership roles over the course of 20+ years in industry along with multiple degrees and certifications in security, risk and privacy.

Cat Coode is the founder of Binary Tattoo, with a mission to help safeguard your data and protect your digital identity. Backed by two decades of experience in mobile development and software architecture, as well as a certification in data privacy law, Cat helps individuals and corporations better understand cybersecurity and data privacy. She specializes in Privacy Regulation Compliance and delivering privacy education seminars.

  • Cyber security's new silver bullets - Privacy and Insurance
Craig Barretto

Craig is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)² Toronto Chapter.

- Offensive Security Certified Professional (OSCP)
- Certified Information Systems Security Professional (CISSP)
- GIAC Web Application Penetration Tester (GWAPT)
- Certified Ethical Hacker (CEH)

  • Defrauding merchants like it’s Y2K
Georgia Weidman

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the National CyberWatch Center's National Visiting Committee and an Adjunct Professor. Georgia was previously a New America Cybersecurity Policy Fellow. She presents or conducts training around the world and is regularly featured internationally in media. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah, a graduate of Virginia’s Mach37 cybersecurity accelerator, whose products assess and manage the risk of mobile devices in the enterprise. Georgia was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science; CISSP, Pentest+, and OSCP certifications; and U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing. Georgia is a software engineer in security at Aiven.

  • Controlled Flight into Terrain: How [NOT] to Succeed at Cybersecurity Startups.
Katie Knowles

Katie Knowles is a cloud security enthusiast with a passion for keeping new technology secure. In her current role, she is a Senior Manager on PwC’s Threat Response team with a focus on all things cloud. Her previous work includes penetration testing Fortune 500 corporations, securing aerospace networks, and helping run a corporate bug bounty program. She has earned OSCP, GPEN, GCSA, AZ-104, and AZ-500 certifications, and holds a BS in Electrical Engineering from RIT.

  • Layers of Cloud: Azure and the (Mis-)Storage of Secrets
Mangatas Tondang

Mangatas Tondang is currently working as Security Researcher in a Global Technology company, where his main responsibility is to improve their Detection Engineering capabilities by researching novel attacks and create detection mechanisms. Before that he worked in multiple companies such as Big 4 Consulting and Telecommunication, performing and building Threat Hunting and Detection Engineering functions.

He is a seasoned Incident Responder and Threat Hunter with Detection Engineering mindset; he believes after every incident there is always a new detection opportunity. He loves to be involved in the security community and has presented at numerous world class conferences such as SANS Summits and DEF CON BTV. He is also an active contributor to the DFIR Report, where he took part in real attacks analysis and provide the public with high quality threat intelligence report and article. He is also a proud member of CDEF.ID, and Indonesian Security community where he has presented, talked in podcast and is volunteering as a mentor.

Outside of security, he enjoys traveling with friends and family, doing astrophotography and cooking new foods from different part of the world.

  • Lesson Learned from Detection Engineering
Peter Luo

Ph.D. in computer science. Four patents on cyber security solutions.
He co-founded DTonomy, an AI-based security analysis and response company.
Before that, he is tech lead for Microsoft Office 365 SOC center, built the first ML-based EDR protecting Exchange/Sharepoint/One Drive, etc.

  • NoiseTotal - the opposite of VirusTotal
Rahul Raghavan

Rahul Raghavan is a Director of Advisory within the Cyber Risk practice, based in Toronto. Rahul is a leader in application security and leverages more than 12 years of experience in assisting product teams building and scaling software security programs across market verticals, allowing him to customize application security solutions and delivery models for customers.

Prior to joining Kroll, Rahul served as a director of advisory for AppSec and DevSecOps at Security Compass Advisory, which was acquired by Kroll in 2021. Before that, he was one of the founding members of we45, a global application security firm, as well as mentoring and advising early-stage cyber security firms as part of the accelerator program, Rogers Cybersecure Catalyst, at Ryerson University.

Rahul received a Bachelor’s Degree in Information Technology from Anna University. He is also a Certified Information Systems Auditor (CISA). Further, Rahul is a regular speaker on a variety of application security topics – automation, DevSecOps, AppSec tooling and threat modeling in agile engineering – at global conferences and seminars, such as BSides, ISACA, OWASP and ISC2.

  • Threat Modeling Wins for Agile AppSec

Kurt Hundeck is a seasoned cybersecurity professional with twenty years of experience developing and securing software systems. He has attended many security conferences (DEFCON, Blackhat, HOPE) and is continuously learning. Kurt is eager to see your code and to help you navigate the complex topic of Application Security (Designations & Certifications: CISSP, GCSA)

Farshad Abasi
An innovative technologist with over twenty years of experience in security, software design and development, network and system architecture and management. Farshad spent a decade as a senior member of HSBC’s IT security team and currently leads OWASP’s Vancouver chapter. (Designations & Certifications: CISSP, AWS Security Professional)

Jared Meit
Jared Meit, OSWE, has always had a passion for taking things apart, learning how they work, and forgetting how to put them back together. He was a professional software developer for 12 years before shifting his focus to Application Security 5 years ago. His dev experience allows him to create tools that developer's will actually want to use.

Iman Sharafaldin
Iman is an Application Security Lead at Forward Security who is passionate about all things code. He has more than 8 years of cybersecurity and software related experience and is also a PhD candidate in Computer Science with more than 1000 citations on his cybersecurity related publications in top journals and conferences. In his spare time, he researches and invests in crypto and blockchain technologies.

  • We Taught Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API With Burp
Yuk Fai Chan

Yuk Fai is an information security consultant with proven experience advising clients on application security, vulnerability management, threat modelling, penetration testing, incident response, breach preparedness, and cyber security programs. He has also been the Co-Leader of the Open Web Application Security Project (OWASP) Toronto Chapter since 2011.

Yuk Fai is an Offensive Security Certified Professional (OSCP) and a GIAC Certified Forensic Examiner (GCFE).

Craig is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)2 Toronto Chapter.

Craig is an Offensive Security Certified Professional (OSCP), a Certified Information Systems Security Professional (CISSP), a GIAC Web Application Penetration Tester (GWAPT) and a Certified Ethical Hacker (CEH).

  • Defrauding merchants like it’s Y2K