BSides Toronto 2023

Albert Heinle

Dr. Albert Heinle is driven by a mission to combat the global surge of data breaches and misconfigurations. Albert co-founded CoGuard in 2020 and serves as Chief Technology Officer. Prior to CoGuard, Albert held development positions at FLIR Systems, Inc., Aeryon Labs and Sortable. He completed a Ph.D. in Computer Science at the University of Waterloo.

  • The Current State of Infrastructure as Code (IaC) from a Security Standpoint
Alex Beaver

Alexander Beaver is an Application Security Engineer and student at the Rochester Institute of Technology. He has worked in application security for Paramount, Cisco, and multiple start-ups. Alexander received international recognition for his leadership of a FIRST robotics team, including the shift to a quality-first culture. He also was the Tech Lead at RITSEC, a student-run cybersecurity club with over 200 members. At RITSEC, Alexander developed a multi-year plan to lower the barriers to security education. He specializes on Secure Software Development and Trusted Computing. Alexander is interested in the relationship between organizational culture and security posture, particularly SDLC adoption.

  • How Quality Engineering Transforms Application Security
Allyn Stott

Allyn Stott is a senior staff engineer at Airbnb on the information security technology leadership team where spends most of his time working on threat detection and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.

  • How I Learned to Stop Worrying and Build a Modern Detection & Response Program
Attila Szasz

Researcher in computer security, reported vulnerabilities in Google Chrome, Intel DRM technologies, ASUS routers, SONY consumer products, and even Ghidra. Founder and general manager of BugProve Inc, an IoT security startup.

  • Broadcom router SDK vulnerabilities - the uncomfortable reality of the IoT Linux kernel space
Cristian Di Bartolomeo

Cristian Di Bartolomeo is a consultant within KPMG Canada's GTA Cyber Defense practice. Cristian's primary responsibilities include the delivery of various technical security assessments. Cristian can often be found developing tooling for adversary emulation and purple team exercises.

  • Adversary Emulation for Everyone!
David Storie

David Storie is an Adversarial Collaboration Engineer at Lares LLC. He is a seasoned Red Team operator that leverages his knowledge of modern adversarial tradecraft while delivering Purple Team engagements. Dave spent nearly a decade as a Systems Administrator prior to working in Information Security.

  • Bypassing Browser-Based MFA for Outlook Web Application
Don Mallory

Don Mallory has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He is also involved in various volunteer activities including C3X as a builder and mentor, co-organizer of Hak4Kidz Toronto and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.

  • Unconditionally Conditional - Strong Authentication in Microsoft Entra ID (formerly Azure AD)
Louis Nyffenegger

Louis is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing. He also runs the Youtube channel

  • JWT Parkour
Matthew McPherrin
  • Web PKI Revocation is broken but we can fix it
Sarah H

Sarah is a recovering privacy engineering practitioner based out of the Toronto area. She leads (or has led) teams in security, privacy, and infrastructure engineering at large finance and e-commerce tech companies. She is also a core organizer for BSidesSF, overseeing the program and presenter operations.

Outside of work, she enjoys hanging out with her celebrity cat Sprinkles, playing video games, and playing the accordion poorly.

  • Privacy Engineering for your Privacy Program
Todd Brecher

Todd Brecher is a manager within KPMG Canada's GTA Cyber Defense practice. Todd's primary responsibilities include the management and delivery of technical security assessments like penetration testing, adversary emulation, and purple team exercises.

  • Adversary Emulation for Everyone!