BSidesAugusta 2025

Alberto Rodriguez is a seasoned Information Security Professional with over 9 years of experience in penetration testing, red team engagements, threat hunting, and incident response. As a former Army Cyber Operations Officer, he specializes in adversary detection and simulation. Currently, Alberto leads offensive security teams as Senior Managing Security Consultant at Guidepoint Security and creates security solutions at Bad Sector Labs. He has presented at BSides Augusta, BSides Orlando, AvengerCON, GRRCon, and VetSec CON. Alberto holds a graduate degree in Digital Forensics from Champlain College and maintains industry certifications including OSCP, CISSP, CRTO, GRTP, GCWN, and GPEN.

As a Threat Hunter, Alex works to proactively identify active threats through advanced analysis and data gathering. These efforts span multiple detection domains and target the activity most prevalent in today’s threat landscape. He began his career in banking, emulating attacker techniques to sharpen detection and response, and now focuses on hunting identity driven and cloud based threats at scale.

Andrew Gomez is a security professional with a passion for security operations and red teaming. He is currently an Adversary Simulations Consultant at SpecterOps specializing in red teaming and network penetration testing. Andrew previously worked for the Department of Defense.

Ankit Gupta is a Cybersecurity Research Architect with over a decade of experience specializing in cloud security, AI governance, and Zero Trust implementation for critical infrastructure. He currently serves as a Senior Security Engineer, where he has led the development of AI governance frameworks, enterprise-wide data loss prevention strategies, and Zero Trust security models aligned with NIST and FTC standards.

His work spans regulatory compliance (CPRA, GLBA, ISO 27001), threat detection engineering, and secure DevSecOps integration across hybrid environments. Ankit is widely recognized for translating applied research into practical enterprise controls, particularly in the areas of AI risk, identity security, and cloud-native threat mitigation.

Dr. Anna Bertiger uses math to find villains in computer networks as an ML researcher at Sublime Security working on email security. Before Sublime, she worked on post breach security and identity security at Microsoft and was a postdoctoral fellow in the Department of Combinatorics and Optimization at the University of Waterloo.

Antero is an Offensive Cyber Operator with 8 years of experience in cybersecurity. His background spans red teaming, web application and network penetration testing, and custom tool development. With a strong focus on offensive security, Antero has a deep interest in Windows internals and is passionate about building and refining tools that support offensive security operations

Chris works as an Information Security Consultant, conducting pentests and social engineering assessments for clients of all sizes and industries. With deep corporate experience, Chris understands the kinds of risks that organizations face and knows how to help them stay secure from both a technical and non-technical perspective. He has given conference presentations on and is an advocate for personal privacy. He also frequently volunteers his time in the local community by sitting on non-profit Board seats and helping organizations and individuals understand how to stay cyber safe.

David is a Global Partner Solutions Architect for Security, Compliance and Identity at Microsoft. In this role, David is responsible for training and supporting Microsoft partners on the latest security compliance and identity solutions, including Microsoft 365, Azure and Windows.
David has been with Microsoft for 17+ years in a variety of roles, from Microsoft Consulting Services to Premier Field Engineer and most recently in the partner support organization.
David is a certification junkie and holds numerous security certifications, including14 GIAC certs, CISSP, and MCT.
Because of this passion, David speaks at dozens of partner events, internal Microsoft training events and 3rd party security events worldwide every year.
He has been married for 34 years, has 4 children (3 boys and a girl) and 2 golden retrievers – all of which keep him very busy!

Dr. Johannes Ullrich is the Dean of Research for SANS Technology Institute, a SANS Faculty Fellow, and founder of the Internet Storm Center (DShield.org) which provides a free analysis and warning service to thousands of Internet users and organizations. He is the host of the SANS Internet Storm Center Daily Stormcast, a daily podcast that provides a brief 5-minute summary of current network security related events, and the author of SEC546: IPv6 Essentials, co-author of SANS SEC522: Defending Web Applications Security Essentials, and can be found teaching his own courses as well as SEC503: Network Monitoring and Threat Detection In-Depth.

Prior to his two decades at SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes has always been attracted to the fast pace of information security and curious to understand and measure the intricate dependencies of attacks and countermeasures. While the fast pace of the field can be overwhelming at times, it does offer constant opportunities for learning, and any change and impact is quickly measurable.

Johannes’s first network was a lab network used to remote control physics experiments. When he first got his hands on an “early” cable modem, which allowed him to control experiments from home, he overlooked the fact that the router (which he built himself from a Linux distribution) was also an open mail relay. Of course, it didn’t take long for a spammer to find and abuse it, which led to an angry call from his ISP. Like most of us who start to worry about security after an incident, that was when he started learning about firewalls and security. In the process, he discovered his interest in collecting data about the attackers scanning for systems like his own. This led to the development of DShield.org, a website that still today collects logs from users worldwide to better understand these attacks.

Johannes’s daily work revolves around the Internet Storm Center. Leading this group brings him in direct contact with packets, web applications, and malware on a day-to-day basis. This work keeps his skills sharp and relevant while informing the material he presents in class. Johannes enjoys working for SANS due to the ability to disseminate what he’s learned researching current attacks, as well as bringing him in contact with students who are working in the trenches of information security. This back-and-forth sharing and learning with others drives his passion for information security.

It can be exhausting to have to deal with “yet another attack” day in and day out, but being part of the great team at the Internet Storm Center allows Johannes to affect how networks are defended. It is rewarding for him to hear from former students, readers of the Internet Storm Center, or listeners to the podcast how they applied what they learned and how it helped them. Teaching technology “from the ground up” can be challenging at times, yet crafting even a dry topic like packet analysis into something exciting and seeing students light up as they capture new concepts makes even hex conversion and counting offsets more exciting than a good movie for Johannes.

Johannes has found that students starting out in the field will often question why they need to know some of the background and details about protocols that are taught. His ability to link these topics to practical examples where this detail made the difference wins them over. His approach to teaching is to convey an understanding for the underlying principles to get students ready for what’s next since information security is developing too fast to focus on specific techniques and tools.

Johannes is a partner of the Cyberwire Podcast, a member of the Board of Advisors for Threatstop, Inc, earned a PhD in physics from SUNY Albany, and holds multiple security-related certifications, including the GIAC GMON, GNFA, GWEB, GCIA and GSIP. Over the years, Johannes has been honored with a variety of awards, as well:

• ISSA President’s Award for Public Service 2018 – 2018 from ISSA
• Best Security Podcast – Mar 2014 from Security Bloggers Network
• Historic Preservation Award Mobile Web Application for Historic Springfield – from City of Jacksonville, FL
• Best Technical Security Blog – 2009 & 2010 from honorSecurity Bloggers Network
• Best Paper Award – 2008 from Usenix
• Top 5 Influential Security Thinkers – Dec 2005 from SC Magazine
• Top 50 Most Powerful People in Networking – 2004 from Network World

Greg Conti is a hacker, maker, and computer scientist. He is Principal at Kopidion, a cyber security training and professional services firm. Greg is a long-time Defcon, Black Hat, and infosec community speaker and trainer. Formerly he served on the West Point faculty for 16 years where he led their cybersecurity research and education programs, and has published approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg is a graduate of West Point, Johns Hopkins, and Georgia Tech.

Jeff Lucovsky has been a core Suricata developer since 2019 and has made significant contributions to various areas of Suricata. Jeff is also a Principal Software Engineer at Corelight, where his primary focus is to oversee the development and deployment of Suricata across Corelight’s sensors. He is also a technical lead for Corelight’s performance engineering team.

Patrick Kelley brings over 25 years of experience in cybersecurity, specializing in network forensics, ICS/OT security, and advanced threat detection. As the Founder and CEO of Léargas Security and Critical Path Security, Patrick leads innovation in AI-driven extended detection and response (XDR) solutions, helping organizations stay one step ahead of adversaries.

Patrick's expertise has made him a sought-after keynote speaker and trainer for organizations like NERC, CISA, CRISP, and E-ISAC. He's spoken alongside experts from the FBI, CIA, and NSA and serves as a cybersecurity commentator for NBC News. His research and insights have been featured in Fortune, CNN, The Guardian, Bleeping Computer, and Krebs on Security.

Patrick combines precision and discretion in his work with the aerospace industry, luxury maritime vessels, and high-net-worth individuals. Off the stage, Patrick is a passionate advocate for child abuse prevention and has spent over 20 years leading initiatives to support emergency shelters.

Whether guiding teams through complex threat landscapes or mentoring the next generation, Patrick delivers practical wisdom with a direct, no-nonsense style.

With over 24 years of hands-on experience in information security and IT, specializing in developing security programs with a focus on risk management, I've consistently delivered value for Fortune 100 and 500 companies, as well as the public sector. As the former CISO at Portland Community College, I orchestrated the alignment of security initiatives with the organization's mission and objectives. My expertise spans all three lines of defense, including security strategies, engineering and security innovation, security operations and incident response, threat intelligence, vulnerability management governance, risk and compliance (GRC), internal and external audit and Board reporting. I've successfully cultivated high-performing security and GRC teams, devised and executed security roadmaps and frameworks, and adhered to industry best practices to ensure compliance, resilience, and excellence.

Ryan is a detection engineer and former corporate Red Teamer with a background in consulting.

Sharon is a former Arabic Linguist who served in Operation Iraqi Freedom before pivoting to cybersecurity, earning a Master’s Degree in Information Security & Assurance. She went on to work for U.S. Army Cyber Command (ARCYBER), where she became a certified instructor for the National Cryptologic School and an elite graduate of the Offensive Cyber Operations (OCO) cyber operator program.

After leaving government service, Sharon transitioned into the private sector, serving as a Product Owner and Product Architect for Huntress. There, she helped design the foundational detection capabilities of their EDR and Microsoft 365 ITDR products — enterprise-grade cybersecurity solutions built specifically to protect small businesses.

Now, as the visionary behind Managed Nerds, Sharon brings her deep expertise in security, AI, and automation to help small businesses scale, stay secure, and compete with the big players.

I'm a passionate cybersecurity leader dedicated to building resilient, scalable, and future-ready security programs. With a strong focus on cloud, identity, and application security, I help organizations stay ahead of evolving threats while enabling innovation and driving business growth. I thrive at the intersection of strategy and execution, translating complex security needs into real-world solutions that empower teams, protect data, and drive business confidence.

Stef Rand is a Senior Intelligence Analyst at Red Canary. She’s passionate about researching threats to share insights with defenders. Prior to joining Red Canary, Stef was a DFIR consultant at Mandiant, and before she started her career in cybersecurity she earned a master’s degree in Clinical Psychology. She is an Augusta University School of Computer and Cyber Sciences alum (December 2019). When she’s not online, she’s off-grid in the woods or on the water.

Suril is VP Engineering at Acalvio Technologies. Suril has domain expertise in cybersecurity and has built industry-leading security products. Suril holds several patents. Suril has spoken at numerous security conferences and believes in sharing his knowledge and learning from the interactions.

I have a lot of experience (10 years) in threat hunting (IT, OT, and Cloud) and red teaming. 13 years Active Duty. In my short time, I’ve had the privilege of doing it all and I’m having a blast. Had a YouTube channel once. Blew up to 14K subscribers and then I had to abandon it. My current pet projects deal with agentic AI and n8n workflows.

In the vast, uncharted expanse of the digital frontier, I proudly hold the title of Head of Security Exploration at Exploring Information Security—think of me as the cybersecurity equivalent of an intergalactic explorer, but with fewer spaceships and more firewalls. My mission? To boldly go where no security program has gone before, mapping the hidden threats and uncovering innovative solutions to keep the cyberverse safe.

Each day is a new expedition into the unknown, navigating the treacherous waters of ransomware reefs, evading the phishing pirates, and scaling the towering zero-day vulnerabilities. With my trusty toolkit of cutting-edge strategies, creative problem-solving, and an unyielding curiosity, I chart paths through the chaos, transforming the complex into the comprehensible and the chaotic into the secure.

I’m also something of a digital cartographer, translating the vast, enigmatic world of cybersecurity into stories and insights that anyone can understand—because what’s an exploration without sharing tales of the journey? These narratives don’t just demystify cybersecurity; they inspire others to become explorers themselves, fostering a culture of curiosity and vigilance across the organization.

Join me as I continue the adventure, delving deeper into the labyrinth of cybersecurity. Together, we’ll uncover new ways to make the digital world safer, smarter, and maybe even a little more fun. Grab your compass (or your keyboard)—and let’s go exploring!

Tom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.

Wes Lambert is a lead engineer at Target, where he focuses on network security monitoring at scale. He spends his time designing and tuning network-based detection architecture and helps the organization achieve visibility across the enterprise.