Cosimo is a seasoned SecDevOps and Open Source Supply Chain Security expert with over a decade of experience in software development. His diverse background spans Test Automation, Tooling, Feature Development, DevOps, and Cybersecurity. Cosimo has a proven track record of delivering innovative solutions for both large-scale enterprises and agile startups in sectors such as Telecommunications, Embedded/IoT Security, Automotive, Industrial Automation, and Paid Fantasy Sports. Committed to advancing the field, he actively contributes to various open source projects and initiatives. Outside of work, Cosimo enjoys spending time with his wife Rita and their two daughters, Penelope and Allegra.
Key Highlights
- SecDevOps and Open Source Supply Chain Security Specialist
- 10+ Years of Software Development Experience
- Diverse Industry Background
- Proven Track Record of Delivering Innovative Solutions
- Active Contributor to Open Source Community
The easiest way to contact & communicate with Cosimo is via his LinkedIn Network
- Shift Left, Secure Right: Building an Open Source SBOM-driven Vulnerability Management System
Ezz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
- The ins and outs of exposing coordinated attacks hiding in the sheer noise of FALSE POSITIVES and LONE INCIDENTS: A data science correlation & contextualization journey of LOGS, EVENTS, and ALERTS
Ian is the Co-Founder and CEO of Gomboc.ai who are providing cloud infrastructure security solutions.
Before Gomboc.ai, Ian served as a CSO/CISO for 5 years, held senior leadership positions with Rapid7, Cimpress, Amazon, ZeroFOX, IOActive and has over 25 years of experience in the security industry as a practitioner.
Ian is also the co-founder of DC9723 - the Tel Aviv DEFCON group-and serves as a BSides Las Vegas board member.
He is also the creator and co-CEO of The CISO Track - a series of CISO centric curated events, as well as an IANS faculty member.
- AI Won't Help You Here!
Katie Knowles is a Security Researcher at Datadog, focused on Azure research. Through her past roles, Katie has had the chance to approach security as both an attacker and defender, from incident response and detection engineering to penetration testing. She holds Azure (AZ-104, AZ-500) and offensive security (OSCP, GPEN) certifications.
- Hidden in Plain Sight: (Ab)using Entra's AUs
Tas has spent the last seven years immersed in the worlds of threat hunting, detection engineering, and security research. Currently, he's making changes at Microsoft, specializing in cloud security research. Beyond his professional endeavors, Tas is a passionate contributor to the cybersecurity community, holding roles in the DFIR report and Curated Intelligence. He's also no stranger to the stage, having presented at various conferences around the globe, to name a few SANS Summits and DEF CON BTV. When he's not navigating the digital landscape, Tas enjoys the art of astrophotography and embarking on spontaneous adventures across the globe exploring landscapes and cuisines.
- OWASP Won't Save You Here: Tale of a Modern Web App Challenge
Michael Silva is a technology leader with 17+ years of experience. Presently, Michael is the Director of Solution Engineering with Astrix Security, the pioneers of non-human identity management. Using the combined expertise of technical and customer facing roles, Michael has developed the ability to relate to customers, understand their pain points, and help define a strategy that will map to successful execution of business requirements.
Before joining Astrix, Michael has been part of taking multiple start-ups from their infancy to acquisition. Most recently he was the Technical Director for a CNAPP (Cloud Native Application Protection Platform) called Lightspin, that was acquired by Cisco. At Lightspin, Michael designed the technical go-to-market strategy, developed strategic partnerships, and helped grow the business from its inception into the U.S. market. Michael has led a variety of teams from customer facing roles at Nutanix and Progress Software (formerly Chef) to technical teams at Cisco and various managed service providers. His knowledge is deeply rooted in public cloud security across all major cloud service providers as well as Kubernetes security.
Aside from professional experience, Michael holds many professional and specialty certifications from AWS, GCP, SANS, and Nutanix, and is a veteran of the U.S. Marine Corps.
- Non-human Identity Attack Surface: A Live Hacking Demo and Defense Strategies
My name is Muhammad, I participate in CTF challenges and in a capstone project, creating a Code Injection Cyber Range, developing code injection techniques as a Cybersecurity graduate.
- Code Injection Cyber Range
Natalia is a cybersecurity professional with 15+ years of international experience in the industry, based in Toronto. She started her career in the academic environment after achieving PhD degree in mathematical statistics and cryptography, but later transitioned into the corporate sector where she progressed from identity and access management developer to senior security architect at Microsoft and later at Google Cloud. Currently Natalia is working on securing AI technologies in a boutique consulting company.
- From breaking into cyber to breaking down - and beyond! Overcoming newcomer frustration
Niharika is a seasoned cybersecurity professional with over 10 years of experience in application security and a deep interest in security threat modeling. Currently residing in Ottawa, Canada, she works with EPAM Systems as a Senior Security Systems Engineer. In her current role, Niharika conducts threat modeling for applications in the healthcare industry, addressing unique challenges and ensuring robust security measures. Her work involves analyzing potential threats, identifying vulnerabilities, doing risk analysis, and implementing effective security strategies to protect sensitive healthcare data.
Throughout her career, Niharika has developed a comprehensive understanding of the complexities involved in securing applications and mitigating potential threats. Her passion for threat modeling has driven her to explore both manual and automated approaches, striving to create a resilient security posture that adapts to the evolving threat landscape.
This is my first time as a speaker, and I am excited to share my knowledge and insights with a broader audience. I hope that my talk will provide valuable perspectives and practical strategies to enhance security practices in today's rapidly evolving digital landscape. My goal is to help others understand the importance of threat modeling and how it can be effectively integrated into their security frameworks to protect against sophisticated cyber threats.
- Deciphering Threat Modeling: Balancing Tools and Manual Approaches for Effective Security
Piyush Verma is a tenured cybersecurity professional with over 11 years of experience in the field. Currently working as a Staff Technical Engagement Manager at HackerOne, Piyush helps organizations run their hacker-powered penetration testing (pentest) programs, also known as pentest-as-a-service (PTaaS).
In his current role, Piyush oversees the planning, execution, and reporting of penetration tests tailored to each client's unique needs. His expertise extends to managing these engagements effectively, improving internal delivery efficiencies and expanding service capabilities.
Throughout his career, Piyush has been committed to continuous learning and advancing the field of cybersecurity through knowledge sharing while teaching courses related to cybersecurity at York University and Seneca Polytechnic.
Piyush holds a Master's degree in Cyber Law and Security and several industry certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) and SANS GIAC Certified Incident Handler (GCIH) to name a few.
- Crafting Compelling Pentest Reports