Threat Detection and Response Freelancer, working with SecOps teams worldwide to improve their maturity and build better technical systems. Creator and Maintainer of OpenTIDE.

Expertise :
- SecOps HyperAutomation
- Threat Detection & Response Engineering
- Security Operations Architecture
- Engineering and Implementation
- Autonomous SOC DevOps (Continuous Detection/Continuous Response)
- Threat & Attack Intelligence.

Andra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She has a strong background in software development and project management, as well as a master's degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.

Andrei Petrovic is an IT Service manager in DIGIT for almost 5 years and has held different other roles in the European Intitutions over the course of the last 10 years. With a background in IT engineering and a specialisation in IT Security and International Relations, he coordinates the Drupal Hosting service that hosts more than 300 public websites of the different European Institutions.

Cédric Mauny is Strategic Advisor, Cybersecurity at Proximus NXT and current President of CLUSIL, the information security club in Luxembourg. With more than 20 years of experience both in Luxembourg and in the cybersecurity (battle)field, Cédric got specialized in management and governance of the information security, standardization, awareness and training but also in technical fields such as security audits or security event management.

Before, holding his current position, Cédric was Head of Cybersecurity Services by leading a team of 23+ pre-sales and technical consultants in Security Operations Center, Ethical Hacking, Governance-Risk-Compliance and Incident Response. Since 2015, Cédric successfully co-led the ISO 27001 certification program of Telindus’ Managed, Outsourcing, Cloud and CyberSecurity services. Cédric is certified CISM, CISSP, CRISC, ITILv3, ISO 27001 Implementer and ISO 31000 Risk Manager. Cédric is also very active within the Luxembourg’s cybersecurity ecosystem as founding member and board member of several professional associations in the field and currently hold the Chair of CLUSIL.

Cédric is also lecturer, speaker and moderator at various security conferences.

Hi placeholder for workshop introductions

Desiree Sacher-Boldewin is the Directing Manager of Operational IT Security at Finanz Informatik GmbH & Co. KG. She has been working in the cyber security industry for 20 years and spend the past years as a Manager at NVISO and Cyber Security Architect at Finanz Informatik before that. She focused her work on creating intelligent processes and workflows for IT security operations and she did this by utilizing all of her experience from various engineering and analyst positions held and publishing papers with her suggestions. From June 2022 to June 2024 she also was an elected board member of FIRST (the Forum of Incident Response and Security Teams) and she still is the liaison chair for the Special Interest Groups. These days she unifies all of her experience in her manager role. Desiree is also a certified GCIA Forensic Analyst, Network Forensic Analyst, Cyber Threat Intelligence Analyst and GIAC Penetration Tester. References to her work can be found on her GitHub on https://github.com/d3sre/ and she posts on Twitter as @d3sre, when she feels like she has something important to share.

Hi there, I'm Didier, a technology and information security enthusiast. I started my career as an information security Ninja, defending information systems against cyber threats using my Jedi skills. However, I also have another side to me that comes out at night, that of a benevolent hacker. I love using my skills to support the values of open source and firmly believe in them.

I believe that technology can be used to improve people's lives, but this can only be done if we work together and share our knowledge. That's why I'm also a strong advocate of collaboration and openness in the tech industry.

May the source code be with you!

Florin Bota is Head of Sector in DIGIT and leads all activities related to Web Operations and Security. He obtained a PhD in Computer and Control Engineering from Politecnico di Torino and has more than 30 years of experience of working in IT in various roles, including almost 10 years at EC in DIGIT.

Guillaume is a Cybersecurity Researcher at GitGuardian. He holds a PhD in networking. He likes looking at data and crafting packets. He co-maintains Scapy. And he still remembers what AT+MS=V34 means!

Professional Background
Julien Winkin is a recognized expert in data protection, regulatory compliance, and artificial intelligence governance. As the founder and managing director of Luxgap, a consulting firm specializing in data protection and compliance, he has played a crucial role in assisting organizations worldwide in navigating complex legal frameworks such as the General Data Protection Regulation (GDPR) and the AI Act.

With a strong background in data governance, privacy risk management, and cybersecurity, Winkin has established himself as a key player in the field of regulatory technology (RegTech). His firm, Luxgap, provides outsourced Data Protection Officer (DPO) services and offers tailored compliance strategies for companies implementing AI-driven solutions.

Areas of Expertise
Data Protection & GDPR Compliance: Advising companies on best practices for handling personal data in accordance with European and international privacy laws.
Artificial Intelligence Compliance (AI Act): Helping organizations ensure that their AI solutions align with the forthcoming EU AI Act and other global AI regulations.
Cybersecurity Governance: Developing security frameworks to mitigate risks associated with data breaches and AI vulnerabilities.

Corporate Training & E-learning: Luxgap offers an affordable e-learning platform to train employees on data protection and AI ethics.
Professional Impact & Initiatives
Julien Winkin is dedicated to bridging the gap between technological innovation and legal compliance. He actively contributes to discussions on the ethical deployment of AI, emphasizing transparent, accountable, and lawful AI adoption.

Through Luxgap, he has:

Assisted multinational corporations and SMEs in achieving compliance maturity.
Developed a governance framework that aligns business objectives with privacy and AI regulatory requirements.
Advocated for continuous employee education via Luxgap’s micro-learning platform, ensuring that compliance is an integral part of corporate culture.
Speaking Engagements & Thought Leadership
Winkin frequently participates in conferences, panels, and industry events, where he shares insights on data privacy, AI compliance, and cybersecurity governance. His ability to translate complex regulations into actionable business strategies makes him a sought-after speaker in privacy and AI regulation circles.

He is committed to helping businesses maximize AI innovation while ensuring regulatory compliance, reinforcing the idea that responsible AI adoption is key to long-term success in a digitalized world.

Chicago-based and proudly a natural creature of winter, I thrive on snow, OSS, and just the right amount of chaos. Whether sipping Grand Mayan Extra Añejo or warding off cyber threats with a mix of honeypots, magic spells, and a very opinionated flamingo named Sasha (the BSidesChicago.org mascot), I keep things interesting. Honeypots and refrigerators rank among my favorite things—though my neighbors would likely disagree.

Klaus Agnoletti has been an all-round infosec professional since 2004. He co-founded BSides København in 2019. Recently he started out as an infosec freelancer focusing on storytelling in marketing, employer branding, game-based learning or wherever new ideas bring him.

Lavlesh Joshi, sr. security engineer and building the open-source firewall project, with deep expertise in cybersecurity, cloud, infrastructure, and data security. His experience spans blue and offensive security roles, securing systems at scale and bridging the gap between security and engineering. He has contributed to cloud security, Kubernetes security, and DevSecOps initiatives, focusing on operationalizing security within CI/CD pipelines. Passionate about shift-left security, building open-source solutions to help teams seamlessly integrate security into development workflows, eliminate reliance on expensive tools, and drive real-world impact.

In diplomacy for +22 years

Marina Bochenkova wears many hats as a cybersecurity analyst focusing on digital forensics, incident response, and OT security, while also dabbling in security awareness and culture. She combines a passion for protecting people, a strong belief in digital privacy as a human right, and an overly-enthusiastic approach to problem-solving. When not defending digital spaces, Marina actively nurtures her already-unhealthy obsession with cats and resorts to baking or martial arts when desperate.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force.

For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me.

I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

Nicole Fishbein is a security researcher and malware analyst at Intezer who served as an embedded researcher in the Israel Defense Forces (IDF) Intelligence Corps. Nicole has been part of research discovering phishing campaigns, undetected malware, and attacks on Linux-based cloud environments.

Parth Shukla is a dedicated Cybersecurity Analyst at Cequence Security with a strong passion for Web Application Security. He is an accomplished bug hunter, community builder, and cybersecurity enthusiast with a relentless drive to uncover vulnerabilities and share knowledge. Parth’s work focuses on securing modern web applications by addressing critical threats like those outlined in the OWASP API Top 10, including BOLA, SSRF, and Broken User Authentication.

In addition to his professional achievements, Parth has mentored over 600 aspiring cybersecurity professionals, empowering them with skills in ethical hacking, bug bounty hunting, and advanced web application testing. An advocate for continuous learning and collaboration, Parth is a frequent speaker at leading cybersecurity conferences worldwide. Guided by the principle that “security is a myth,” he strives to challenge assumptions and push the boundaries of what’s possible in cybersecurity.

Pauline Bourmeau works at the intersection of artificial intelligence, human cognition, and information security.

She is the founder of Cubessa, where shet puts humans at the center of its research. With a diverse background including linguistics, programming, and criminology, she brings a unique perspective blending humanistic and technical approaches to analyze cyber threats and their evolution.

She is also involved in AI education and open-source projects, notably within the MISP community. Outside of her work, Pauline is a medal-winning para-climber and interested in projects that make AI more accessible.

Peder is an experienced cybersecurity professional with a background in offensive security and penetration testing. His current focus revolves around attack surface-, vulnerability-, and exposure management, helping organizations stay ahead of today's ever evolving threats. As Service Lead for Exposure Management at the Norwegian cybersecurity company mnemonic, he works to identify, assess, and reduce cyber risks for customers across Europe. Peder is passionate about enhancing security visibility and bridging the gap between offensive and defensive security, with a strong emphasis on proactive security measures.

Rahul (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Nullcon, PHDays, c0c0n, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

An experienced Secure by Design Consultant with more than 3 years of experience in the banking and telecommunications industries, I specialize in integrating security into organizational practices. My expertise includes conducting security assessments, performing threat modeling, and managing risk mitigation in cloud and hybrid environments. In addition to my technical skills, I excel in project management, leading cybersecurity initiatives that promote a strong security culture. My ability to combine technical knowledge with leadership has successfully enhanced security acceptance and integration within organizations.

Sparsh has over 5 years of experience in cyber security, research and product development. He has authored multiple security tools, advisories and articles. He has been invited to speak at various security conferences like Bsides Singapore, Bsides Ahmedabad, c0c0n, etc.

Spyros has over 15 years of experience building and maintaing DevSecOps programmes in organizations of all sizes. He's a passionate OpenSource supporter and his latest interest is security information and tooling harmonization. To this end he maintains the open source projects Smithy -- the security tooling workflow automation enigne and OpenCRE.org the largest security knowledge graph in the world.

William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.