BSides Toronto 2025

There are 2 speakers for this talk. Below is the biography of both speakers:

Aakansha Puri: Aakansha Puri is a Cloud Security Associate Architect at Thomson Reuters with 6 years of information security experience specializing in AI and cloud security. She leads enterprise AI/ML security reviews, develops AI security standards, and assesses AI applications from third-party SaaS to internal development.
A Thomson Reuters CISO Award and Hall of Fame recipient, she previously worked in Deloitte's Cyber Detect and Respond practice. AWS Solutions Architect certified, Aakansha actively shares AI security research through blogs and community engagement, focusing on the critical intersection of AI, cloud, and enterprise security.

Who am I?

I'm a Security Engineer at a global digital privacy company, where I’ve spent the last few years building security programs from the ground up.

What do I do?

I’ve been in software and security since 2017, and I specialize in transforming chaos into scalable, privacy-respecting operations.

What do I care about?

I care about security that doesn’t get in the way, privacy that isn’t just checking boxes, and systems that survive audits without making anyone miserable.

Why am I speaking?

Because I wish someone had told me earlier that it’s possible to start with security without getting intimidated or to continue on this path without burning out. Or burning bridges.

Allyn Stott is a senior staff engineer at Airbnb where he works on the InfoSec Technology Leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and led detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.

Allyn has previously presented at Black Hat (Europe, Asia, MEA), Kernelcon, The Diana Initiative, Blue Team Con, Swiss Cyber Storm, SecretCon, Texas Cyber Summit, and BSides around the world. He received his Master’s in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.

In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter that you can subscribe to at meoward.co.

Calvin Star is a Security Researcher at jTag Labs Ltd and a full-time Systems Administrator by day. With a passion for security that extends into his off-hours, Calvin applies his deep knowledge of systems architecture and administration to uncover vulnerabilities in real-world software and infrastructure. His past research includes multiple disclosures, such as the Roomcast vulnerabilities (CVE-2023-33742 through CVE-2023-33745) and a series of flaws in Caterease (CVE-2024-38881 through CVE-2024-38891). Calvin's approach bridges practical IT operations and offensive security, helping make systems more secure through responsible disclosure and hands-on research.

Cedric Brisson is a Lead SOC Analyst at Coveo, where he leads detection and response operations to protect against active threats. Outside of work, he pursues malware reverse engineering as a passion, often publishing his findings and experiments under the alias Humpty on Humpty’s RE Blog. Cedric’s research is driven by curiosity and focuses on uncovering the inner workings of malicious code, documenting techniques, and sharing lessons learned with the security community. He enjoys bridging his operational experience in the SOC with the technical depth of reverse engineering to gain a fuller picture of how attackers operate.

Chris is a Principal Systems Engineer at Veeam, where he helps organizations strengthen their data resilience and cyber resiliency strategies. With deep expertise in data protection, cloud technologies, and modern IT infrastructure, Chris has guided both commercial and enterprise customers—including senior leadership and C-level executives—through building strategies that safeguard critical data against evolving cyber threats.

Chris brings both technical authority and practical experience to his sessions. His presentations balance thought leadership with actionable insights, empowering audiences to adopt effective data protection strategies that not only meet today’s business needs but also prepare for tomorrow’s challenges.

Driven by a passion for education and enabling organizations to stay one step ahead of cyber criminals, Chris is a trusted voice on topics ranging from backup and recovery to cyber resiliency best practices.

Damien works as a Threat Researcher at Obsidian Security where he specializes in SaaS security and ITDR. He publishes original research and ramblings on his blog, cybercorner.tech, and maintains several projects such as the Osprey PowerShell module and the HoneyTenant CTI project. In his free time you can find him spending time with his flock of birds, making terrible art, or getting into trouble on the internet.

Dr Nestori Syynimaa is a Principal Identity Security Researcher at Microsoft Threat Intelligence Center. He has over a decade of experience with the security of Microsoft cloud services and is known as the creator of the AADInternals toolkit. Before joining Microsoft in early 2024, Dr Syynimaa worked as a researcher, CIO, consultant, trainer, and university lecturer for over 20 years.

Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, Black Hat USA, Europe, and Asia, Def Con, RSA Conference, and TROOPERS.

Ikhtear holds a Master of Science degree in Computer Science from the University of New Brunswick. He is also a certified IBM Security Specialist and has earned the Certified Cloud Security Professional (CCSP) designation from ISC². His practical experience and academic background make him a trusted advisor in building secure, scalable, and compliant IT environments.

Joshua Reynolds is the founder of Invoke RE, a cybersecurity training and research company focused on reverse engineering, malware analysis and threat intelligence. With over a decade of experience, Joshua has held senior roles at industry leading companies, including Cisco and CrowdStrike. Joshua has spoken at major conferences such as REcon, RSA, DEF CON and Virus Bulletin on topics including ransomware, malicious document analysis and automating malware analysis. In addition to his speaking engagements and research, Joshua has developed industry standard malware analysis training courses that are taught to hundreds of students globally through his company Invoke RE.

I am a Senior Security Researcher specializing in open source supply chain security, with a focus on offensive security and malicious packages. Over the past several years, I’ve led security research teams, analyzed a wide range of vulnerabilities, and published articles on malicious package detection, source code analysis, and software supply chain threats.

My professional journey spans offensive security, penetration testing, red teaming, and malware research, supported by certifications such as OSCP and CRTE. I’m passionate about unravelling complex threats, mentoring others in the security community, and advancing secure software practices.

Outside of work, I enjoy hiking and outdoor adventures, solving puzzles with my wife, and finding new challenges, whether in code or the great outdoors, that keep my mind sharp and curious.

Penetration tester by day, Julian identifies vulnerabilities to exploit for a wide range of clients. OSINT enthusiast by night, Julian follows emerging threats to the Western world.

https://www.linkedin.com/in/julianb34/

A Solutions Engineer specializing in Cybersecurity, Cloud and DevOps Engineering. Always looking to learn, share knowledge and impact positively via Information Technology.

Navjot Singh is a Cloud Security Associate Architect at Thomson Reuters with 7 years of information security experience in cloud security and AI/ML. He specializes in AI/ML security reviews, cloud security architecture and governance, and cyber due diligence for mergers and acquisitions. Previously at Deloitte Risk Advisory, he worked with major retail and government clients to design and secure cloud-native environments, critical workloads, and built vulnerability management program.
Navjot holds a Master of Applied Science in Electrical and Computer Engineering from the University of Ottawa and a Bachelor of Technology in Computer Science. He is multi‑cloud certified (AWS, Azure, GCP)

Pavel Shukhman is Co-Founder and CEO of Reliza, where he oversees the company's efforts in managing software and hardware releases, xBOMs, versioning and component identification. With over a decade of experience leading software teams, he has helped organizations implement DevOps and DevSecOps best practices. Pavel holds a Master’s degree in Computer Science from the University of Illinois Urbana-Champaign.

Rene Brandel is the Cofounder & CEO of Casco. Before Casco, he was the Head of Product at AWS and inventor of "Kiro" - AWS' agentic IDE. He has a long-standing passion for AI, cloud, and developer tools. In fact, he won Europe's largest hackathon in 2016 with a voice-to-code agent before generative AI became a common-place technology.

Snir Aviv is an application security researcher at Cato Networks and member of Cato CTRL. Snir specializes in penetration testing, vulnerability research, and development of offensive security tools. Prior to joining Cato in 2024, Snir built and led the penetration testing team at Clear Gate, delivering high-impact security assessments for clients across diverse industries. Snir holds a Burp Suite Certified Practitioner (BSCP) certification, has published multiple CVEs, and is known for his practical approach to security challenges and his ability to uncover complex vulnerabilities.

Yuval Moravchick is the Application Security Research Team Leader at Cato Networks. With over 10 years of technical experience in the cybersecurity industry, Yuval has built and led security teams at various organizations. He specializes in penetration testing, security research, and the development of offensive security tools. Before joining Cato Networks, Yuval held roles at Wix.com and ControlUp, where he led an application security research team, detected 0-day bugs, and managed the SSDLC activities. Prior to joining Wix.com and ControlUp, Yuval honed his expertise at BugSec in managing a team of skilled penetration testers and also conducted red team simulations, and developed malware. Yuval holds a B.Sc. in Industrial & Management Engineering and has several industry certifications, including Offensive Security Certified Professional (OSCP) and Offensive Security Web Expert (OSWE).