Security Bsides Las Vegas 2024

The speaker’s profile picture
0DDJ0BB

0DDJ0BB has been Blue since 2013. he has quickly risen from the ranks as an engineer, consultant, IR analyst, Vulnerability Management Lead, and Senior Director. His background in education, bio-sciences, finance, retail, manufacturing, and healthcare give him a unique view on what it takes to build an InfoSec program given limited resources. He is host of the Glass of 0J YouTube Channel and is a Founding member of CircleCityCon (RIP).

  • Nothing Went to Plan..... Because You Didn't Have a Plan
The speaker’s profile picture
Aarav Balsu

Aarav is a red team engineer at Costco Wholesale. In his free time, he enjoys reading, long meandering hikes in the beautiful Pacific Northwest, and swimming!

  • Rolling out the C2: A Take on Modern Red Team Infrastructure
The speaker’s profile picture
Abhijith "Abx" B R

Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, security researcher, red team consultant, trainer, and public speaker.
Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, bridge the gap between business leadership and security professionals. In the past, he managed offensive security operations for Envestnet, Inc., held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a sr. security analyst at EY.
As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security.
Abx also acts as the Lead of DEF CON Group DC0471, he is actively involved in leading the tacticaladversary.io project. Abhijith has spoken at security conferences such as Nullcon, c0c0n, BSides, DEF CON 28 safemode - DCG Village, The Diana Initiative, Opensource India, Adversary Village at DEF CON 29, DEF CON 30, RSAC 2023 etc.

  • Kickstarting adversary emulation engagements in your organization
The speaker’s profile picture
Actuator

Edward Warren has worked in Information Technology over 5 years & currently serves as a Security Analyst at Sedara. In 2023, Edward found critical flaws in Wi-Fi Internet Modems and Android applications & has a passion for researching emerging threats to user privacy. When not hunting for digital bugs he participates in various outdoor activities & also enjoys rearing biological bugs.

  • CVE Hunting: Wi-Fi Routers, OSINT & 'The Tyranny of the Default'
The speaker’s profile picture
Adi

Adi is an experienced security manager, used to leading teams to protect some of the most sensitive systems around. While her background was originally as a software developer and manager, she was most recently Vice President of Cybersecurity at JPMorgan Chase & Co., one of the largest banks in the world. Adi is now serving as Director IT & Security of Mitiga.
Ms. Belinkov has well over a decade of experience in management roles, with security, operations, and development teams. She works closely with developers, QA engineers, Devops, and Product managers to deeply embed security into their daily workflows, often delivering internal training sessions. Adi has a pragmatic understanding of organizational constraints and requirements, and leverages these to ensure we deliver the optimal results to stakeholders.
Adi has served in the famous 8200 unit in the IDF, has a degree in Software Engineering, and Executive MBA. She also volunteers for SheCodes, and previously ran one of the chapters.

  • Adversaries Also Lift & Shift: Cloud Threats Through the Eyes of an Adversary
The speaker’s profile picture
Aldo Salas

Aldo has more than 15 years of experience in all stages of Application Security, from penetration testing to program management, and he’s currently in a quest to get rid of passwords by leading the Application Security program at HYPR. Aldo has participated as an OWASP local chapter leader for many years and he’s active in the bug bounty community as well. Aldo has worked with a wide variety of technologies and businesses including financial, healthcare, media and entertainment, education, and information technology.

  • We removed passwords, now what?
The speaker’s profile picture
Alexis Hancock

Alexis works to keep the networks strong and encrypted by managing the Certbot project. She researches an intersection of issues on digital rights, encryption, and consumer technology. She believes in an open and equitable web through encouraging local tech literacy, educating other engineers, and advocating for better and stronger tech policy.

She has spoken about user privacy, digital identity, cloud security, open technology standards, and government & corporate surveillance. She has worked in web development and application security for over 10 years.

  • Ask the EFF - Session 12
The speaker’s profile picture
Alex Lynd

Alex Lynd is a hardware hacker & cybersecurity instructor who builds low-cost wireless hacking tools at LyndLabs. He creates educational hacking content on shows like Hak5, and also founded DevKitty, where he develops cat-themed hardware for makers & hackers!

  • Solder Your Own Cat-Themed Wardriving Tool! (with DevKitty)
The speaker’s profile picture
Alex Thines
  • Weaponizing Drones and Where To Find Them - Session 4
The speaker’s profile picture
Allyn Stott

Allyn Stott is a senior staff engineer at Airbnb where he works on the infosec technology leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.

In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter. This morning espresso shot can be served directly to your inbox by subscribing at meoward.co.

Allyn has previously presented at Black Hat Europe, Black Hat Asia, Kernelcon, The Diana Initiative, Texas Cyber Summit, and BSides around the world. He received his Masters in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.

  • The Fault in Our Metrics: Rethinking How We Measure Detection & Response
The speaker’s profile picture
Amit Srour

About the researcher:
Amit Srour, Working as an API security engineer for a major global fortune 100 financial institution
Biography :With nearly a decade of experience in Application development and application security, I specialize in Application Security Engineering and Software Development. My fascination with software began at a young age, leading me to develop hacking tools, intentionally vulnerable applications, and web applications. I've also provided technology advice to startups and small companies. Currently, I'm based in Modi'in, Israel. Xitter - @sirappsec
Linkedin - https://www.linkedin.com/in/amitsrour/

  • Prepare for the Appocalypse - Exposing Shadow and Zombie APIs
The speaker’s profile picture
Andrea M. Matwyshyn

Andrea M. Matwyshyn is an American law professor and engineering professor at The Pennsylvania State University. She is known as a scholar of technology policy, particularly as an expert at the intersection of law and computer security and for her work with government

  • Keynote, Day 2: Homicideware
  • Difficult Conversations
The speaker’s profile picture
Andy Dennis

Andy Dennis - Andy heads up the Cloud and Platform practice at Modus Create. This covers
DevOps/DevSecOps, Build Systems, Internal Developer Platforms, Cloud Infrastructure and
Cybersecurity. Andy has spoken at multiple BSides events around the US (including BSides CT,
and BSides Tampa ) and also at the DEFCON Recon Village.

  • DevSecOps and Securing your SDLC
The speaker’s profile picture
Angel Gamboa

Angel Gamboa is one of the security consultants of all time. He has 6 years experience in various disciplines such as netpen, appsec, red team, and vuln research offensive roles. This sounds cool, but he's really just a dude from Kansas.

  • Tactics of a Trash Panda
The speaker’s profile picture
Anthony Hendricks

Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy, one of Oklahoma’s largest and oldest firms. At Crowe & Dunlevy, Anthony serves as founder and chair of the firm’s Cybersecurity and Data Privacy Practice Group. His legal practice focuses on data privacy compliance, regulatory enforcement and permitting, and other “bet-the-company” suits in the areas of data security, privacy, and other complex business litigation. Anthony is an adjunct professor who teaches Cybersecurity Law and Information Privacy courses at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology,” a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices.

Anthony is a proud graduate of Howard University and was selected as Howard’s first British Marshall Scholar. Anthony holds two masters from the London School of Economics and earned his JD from Harvard Law School. To learn more about Anthony’s current projects and upcoming speaking events or listen to the latest episodes of his podcast, visit www.anthonyjhendricks.com

  • You Need a Jay-z and a Beyoncé: How Sponsors and Mentors Can Supercharge Your Career in Cybersecurity
The speaker’s profile picture
Ariana Mirian

Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.

  • Why does Measurement Matter in Security?
  • What Do We Learn When We Scan the Internet every hour?
The speaker’s profile picture
arun vishwanath

Arun Vishwanath, PhD., MBA, (https://www.arunvishwanath.us) is a well-known and recognized expert on the human aspects of cybersecurity. He has made 200 media appearances, published more than 50 peer-reviewed research articles, and presented at notable venues from the US Senate to the Army Cyber Institute at West Point and Black Hat USA. His writings have appeared in CNN, The Washington Post, and other leading publications. He is the author of The Weakest link: How to Diagnose, Detect, and Defend Users From Phishing, published by MIT Press, and the founder of the Cyber Hygiene Academy, an organization dedicated to developing cyber resilience in children.

  • I won't allow my child to have a smartphone: Why Smart parents make not so smart children
The speaker’s profile picture
Atsushi Kanda

Atsushi Kanda works as a cyber threat intelligence researcher in NTT Communications. He established a threat intelligence team, NA4Sec, and has been leading the team both as a manager and a tech lead. His specialities include network security in general, cyber threat intelligence, network and security operations. Some of his work has been presented at Internet Week (2022, 2023), JSAC2024.

  • Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
The speaker’s profile picture
Bård Aase

Breaking mass mailings and data exports since 1983

Bård Aase has 20 years of experience as a developer and is currently a DevOps specialist in the platform team at Sbanken - et konsept fra DNB. He is committed to quality in every step throughout the software lifecycle. Bård is an avid supporter of open source and has been an active member of the Bergen Linux User Group, where he has organized lectures and meetings for many years. github.com/elzapp | mastodon.cloud/@elzapp | linkedin.com/in/bardaase/

  • That's not my name
The speaker’s profile picture
Beau Woods

Beau Woods is a leader with the I Am The Cavalry grassroots initiative, Founder/CEO of Stratigos Security, a Cyber Safety Innovation Fellow with the Atlantic Council, leads the public policy space at DEF CON, and helps run the I Am The Cavalry track at BSides Las Vegas. In addition, Beau helped found the ICS Village, Aerospace Village, Hack the Sea, and Biohacking Village: Device Lab. His work bridges the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. He formerly served as Senior Advisor with US CISA, Entrepreneur in Residence with the US FDA, and Managing Principal Consultant at Dell SecureWorks. Over the past several years, Beau has consulted with the energy, healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US and international policy makers, and the White House. Beau is a published author, public speaker, media contributor.

  • Wars and Rumors of Wars - What are the implications for Domestic Critical Infrastructure?
The speaker’s profile picture
Blake Hudson

Blake is a seasoned cybersecurity professional, boasting over 6 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and cloud security. Previously a Red Teamer through the Department of Education where he obtained several SANS certifications and is currently serving as an Offensive Security Engineer at PayPal, Blake orchestrates and executes engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Blake demonstrates his ability to identify common vulnerability patterns through continual participation in CTFs and has a passion for continuing education. Additionally, he has refined his skills through constant security research, further enhancing his expertise in cybersecurity.

  • Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain Insecurity
The speaker’s profile picture
Bluescreenofwin

Michael Glass aka "Bluescreenofwin" is a senior security engineer and Windows hacker. He is currently employed at one of the largest streaming companies in the world (aka the “entertainment” business) making sure your favorite time on the Internet goes uninterrupted. He has ran the infrastructure for the Western Regional Collegiate Cyber Defense Competition, mentors cybersecurity students for several colleges across the U.S., and brews copious amounts of delicious beer for consumption in his spare time.

  • How the police use, misuse, and abuse your data - Session 8
The speaker’s profile picture
Brad "Sno0ose" Ammerman

Senior Director of Security @ Prescient Security – manage 5 teams of independent hacker types in all areas of offsec
• Experienced cybersecurity professional skilled in hacking and managing teams of hackers.
• Proud husband/dad, speaker, educator, mentor, and veteran dedicated to educating and protecting others.
• Prior companies include – DIA, DOD, Lockheed Martin, Optiv, and the Supreme Court of Nevada
• Employed in information technology since 2001
• 14 years in information security
I am the guy you talk to when you are sick of paying 30k+ for penetration testing

  • Weaponizing Drones and Where To Find Them - Session 4
The speaker’s profile picture
Brandon Pinzon

A seasoned leader with over 17 years of experience across technology, banking, and insurance, Brandon is an experienced CSO and currently lends his experience safeguards companies through his advisory and consultation efforts. He oversees a comprehensive global security program, encompassing cyber defense, data protection, identity management, physical security, data privacy, and business continuity/disaster recovery. From the boardroom to the classroom, Brandon's expertise is wide-ranging, spanning data collection, computer forensics, and crafting robust security and privacy strategies for heavily regulated industries. His ability to navigate complex data systems and collaborate with multinational corporations to establish best practices is well-recognized within the industry. This recognition is evident through his frequent speaking engagements and guest lectures while advising companies on how they can leave their mark on the industry.

He plays a pivotal role in academia by actively advising on programming and curriculum, ensuring the next generation of professionals are well-equipped to navigate the dynamic landscape of cybersecurity.

  • Looking for Smoke Signals in Financial Statements, for Cyber
The speaker’s profile picture
Brendan O'Leary

Brendan O'Leary is Head of Community at ProjectDiscovery, on a mission to democratize security, and an advisor to various startups. Having worked in software his entire career, Brendan has had the privilege of working with many customers. Previously at GitLab and a board member of the CNCF – it is clear, every company is a software company. That means every company needs software and security operational excellence. Outside of work, you'll find Brendan with 1 to 4 kids hanging off of him at any given time or occasionally finding a moment alone to build something in his workshop.

  • Fuzzing Frontiers: Exploring Unknown Unknown Vulnerabilities
The speaker’s profile picture
Brian Burnett

Brian Burnett is a penetration tester for a Fortune 500 in the Washington, DC area. He served five years in the United States Army as a Russian linguist.

  • Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 101
The speaker’s profile picture
Brian Reilly

Brian Reilly is a security engineer focused on application security, penetration testing, and vulnerability research. He enjoys working with product teams to build and deploy secure software. His professional experience has included various roles within the financial services, technology, higher education, and state/local government sectors. He holds degrees from Georgetown University and the George Washington University.

  • Modern ColdFusion Exploitation and Attack Surface Reduction
The speaker’s profile picture
Caleb Davis

Caleb Davis is a founding member of the Cybersecurity organization, SolaSec. Caleb operates out of the Dallas/Fort Worth area and has a degree in Electrical Engineering from the University of Texas at Tyler. He is an inventor/patent holder and has a background in embedded hardware/software development. He leads a team of experts that regularly perform penetration testing across a wide variety of products including medical devices, ATMs, chemical control systems, security solutions, and other commercial products. Additionally, Caleb has a passion for integrating security into the product development life cycle and has helped several organizations in their approach to shifting left.

  • How We Accidentally Became Hardware Hackers
The speaker’s profile picture
Carlos Gonçalves

Carlos Gonçalves has over 10 years of experience in the information security industry. Currently, he is the CTI Leader at a Fortune 500 financial company. Carlos also has experience conducting pentests, managing the red team, and the incident response teams.

  • Intel-Driven Adversary Simulation for A Holistic Approach to Cybersecurity
The speaker’s profile picture
Carrie Randolph

Carrie Randolph is a Senior Security Consultant, leading the GRC practices of Go Security Pro with thirteen years of experience. Prior to joining Go Security Pro, Carrie was the CIO for the Oklahoma State Department of Education, with over a decade of public service.

Carrie has her Bachelors of Technology from Oklahoma State University Institute of Technology in Information Assurance and Digital Forensics, and she is a co-founder of BSides Oklahoma and a founding member of Techlahoma.

  • Hacking Trust Establishment
The speaker’s profile picture
Casey John Ellis

Casey is the Founder, Chairman, and CTO of Bugcrowd. He is a 20 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the https://disclose.io vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s passionately pursuing potential.

  • Hungry, Hungry Hackers
The speaker’s profile picture
Cecilie Wian

Cecilie Wian is a recognized expert in software testing with a specialization in abusability testing. With over 10 years of experience in the IT industry, Cecilie has developed into an authority on identifying and evaluating potential abuse scenarios and logical security vulnerabilities in various software products.

  • Picking a fight with the banks
The speaker’s profile picture
Charissa Kim

Charissa Kim is a Security TPM at Semgrep. She has spoken on various panels and presented at conferences such as the National Cryptologic Foundation (NCF), National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE), and many others. Charissa also founded Cyber Youth Tech (CyTech), a non-profit organization devoted to empowering the next generation of STEM and cybersecurity professionals. Furthermore, Charissa directed and produced K-12 Cyber Talk, a cybersecurity webcast sponsored by the National Security Agency, providing a welcoming environment for K-12 students to learn and explore cybersecurity along with its diverse career options and opportunities. She is also the first female All-American from the National CyberPatriot and Northrup Grumman Nationals competition."

  • GEN-Z Critique on SOC 2
The speaker’s profile picture
Chloé Messdaghi

Chloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé's expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.

  • Security for AI Basics - Not by ChatGPT
The speaker’s profile picture
Chris Formosa

Chris Formosa is a Lead Information Security Engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Chris discovers and tracks malicious botnet activity, mapping the infrastructure crimeware families use to operate. His work prior to Lumen Technologies involved uncovering and stopping fraud rings in the financial space. He has a background in data science and a master’s in computer science from Georgia Tech. When Chris isn’t by his computer, he is searching for his first beach volleyball tournament win.

  • The Dark Side of TheMoon
The speaker’s profile picture
Christian Dameff

Dr. Christian Dameff is an Emergency Physician, Clinical Informaticist, and researcher. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records.

Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides: Las Vegas, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.

  • Health Care is in Intensive Care
The speaker’s profile picture
Christophe Tafani-Dereeper

Christophe lives in Switzerland and works on cloud security research and open source at Datadog. He previously worked as a software developer, penetration tester and cloud security engineer. Christophe is the maintainer of several open-source projects such as Stratus Red Team, GuardDog, CloudFlair, Adaz, and the Managed Kubernetes Auditing Toolkit (MKAT).

  • From keyless to careless: Abusing misconfigured OIDC authentication in cloud environments
The speaker’s profile picture
Craig Lester

Craig relocated interstate for his first tech role 18 years ago, where a need for travel developed into a hobby interest. Once a mileage runner, he was called crazy by some for doing long-haul weekends away. His technical career has spanned from Data & Carrier Networking into Security, where he currently assists SOC teams with detection and analytics.

  • An adversarial approach to Airline Revenue Management
The speaker’s profile picture
crudd

Steve "crudd" Rudd is a Senior Lead Information Security Engineer at Lumen Technologies responsible for reverse engineering malware samples across a wide variety of architectures and operating systems from a broad range of threats, including cybercriminals, ransomware operators and APTs. In addition to reversing network protocols and gleaning IoCs from custom loaders and implants to aid in investigations, Steve develops the automated threat validation capabilities of Black Lotus Labs through bot emulation and C2 validation to track and disrupt threats at scale. A self-taught practitioner, Steve is passionate about understanding how things work and digging into low-level assembly, operating system internals and network protocols. He is rumored to have been used by EA sports as the character for their 1987 skateboarding game for the Commodore 64. Uncredited, of course.

  • The Dark Side of TheMoon
The speaker’s profile picture
Cybelle Olivera

Cybelle is a researcher of the disasters that happen in the cyber world, basically a Gossip Girl from Malwareland. She has also been involved in privacy and (cyber)security activism for 10 years and has participated in security events in various countries. Cybelle is one of the directors of the Casa Hacker organization and part of the Mozilla community. And not least, she loves her cats.

  • The B-side that no one sees: the ransomware that never reached mainstream popularity
The speaker’s profile picture
dade

dade is a former fortune 50 red teamer turned startup staff security engineer. While at work, he's passionate about all things security, software, and infrastructure related. While he's not at work, he's passionate about getting back to work. He also enjoys developing software, blogging, self-hosting, and writing rap songs about his interests and hobbies.

  • Free Your Mind: Battling Our Biases
The speaker’s profile picture
Daemon Tamer

I am only an egg.

  • 14 Years Later, Proving Ground is Proving Out
  • Opening Remarks - Day Two
  • Opening Remarks - Day One
  • Closing Ceremony
  • BSides Organizers Meet-Up, Tuscany Room at Tuscany Hotel
The speaker’s profile picture
Dave Bailey Amelia Wietting

Dave and Amelia are two SecDSM IoT/hardware hackers that love to see how things work. They are makers, volunteers, and mentors. Dave and Amelia work on embedded systems in $dayjobs.

  • Hell-0_World | Making Weather Cry
The speaker’s profile picture
David Batz

Leveraging over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he brings a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS).
David has been with the Edison Electric Institute for over 14 years and more broadly, has been instrumental in the development and expansion of an industry-wide program called Cyber Mutual Assistance.
He is a member of InfraGard and serves on the SANS Institute Advisory Board. He has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems as well as security baseline and standards topics for prominent industry associations including NIST, the National Academies of Sciences, United States Energy Association and the World Economic Forum to name a few.

  • Introduction to I Am The Cavalry - Day Two - Preparing for 2027
  • Getting Serious (Un)-Resilience of Lifeline Critical Infrastructure.
The speaker’s profile picture
David French

David French is a Detection & Response Engineer and Threat Hunter with many years of experience both working as a defensive cybersecurity practitioner and on the vendor side of life doing threat research and building security solutions. He currently works at Google Cloud where he helps security practitioners defend their organization from attack using Google Security Operations.

He likes to pay it forward by sharing knowledge and research with the community via blogging, presenting at conferences such as Black Hat and BSides, and contributing to MITRE ATT&CK. David has shared extensive research on implementing Detection-as-Code and is the creator of Dorothy, a tool to simulate attacker behavior in Okta environments.

  • Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise
The speaker’s profile picture
Dean Ford

Over 25 years of experience in the Automation Systems industry in leadership and management positions; directed sales, operations, and administrative teams in start-up, turnaround, and high-growth environments. Extensive background in automation, information and integration initiatives, identifying critical areas within businesses, manufacturing and other areas for systems implementations. Strong, decisive, and trailblazing leader with excellent planning, analytical, organizational, and team building skills. Grow top line revenues through aligning value propositions and offerings to marketplace. Promoter of the Automation Profession through extensive volunteer work.

  • Blood in the Water: Preparing For the Feeding Frenzy
The speaker’s profile picture
Dominic Zanardi

Dom is a New York City-based Senior Security Engineer at Instacart, where he specializes in Cloud Security, Infrastructure, and Identity. His current focus is on developing scalable internal tooling and enhancing automation processes. Before joining Instacart, Dominic led the Security Engineering team at Latch, where he was instrumental in establishing foundational security protocols, emphasizing hardware-based controls, and Public Key Infrastructure (PKI). Before moving into security-focused roles, he also served as a Backend Engineer at Microsoft.

  • JIT Happens: How Instacart Uses AI to Keep Doors Open and Risks Closed
The speaker’s profile picture
Douglas McKee

Douglas McKee is the Executive Director of Threat Research at SonicWall where he and his team focus on identifying, analyzing, and mitigating critical vulnerabilities through daily product content. He is also the lead author and instructor for the SANS SEC568 class focused on combating supply chain attacks using product security testing. Doug is a regular speaker at industry conferences such as DEF CON, Blackhat, Hardware.IO, and RSA, and in his career has provided software exploitation training to many audiences, including law enforcement. His research is regularly featured in publications with a broad readership including Politico, Bleeping Computer, Security Boulevard, Venture Beat, CSO, Politico Morning eHealth, Tech Republic, and Axios.

  • Seek out new protocols, and boldly go where no one has gone before
The speaker’s profile picture
Dr. Emma Stewart

Emma has had a hyper focused career on power delivery and energy resilience, focused primarily on the electric industry in multiple countries. She moved to the US 18 years ago to avoid a career working in the rain in substations in Scotland, and worked at multiple national labs and in the electric grid industry. The last few years were spent working on successfully persuading some of the least resourced utilities in the country to implement basic controls. She spends the majority of her spare time running or cycling up hills, rescuing dogs and recovering from an alternate career as a triathlete.

  • Living With the Enemy – How to protect yourself (and Energy Systems)
The speaker’s profile picture
Dwayne McDaniel

Senior Security Developer Advocate at GitGuardian
Dwayne has been working as a Developer Advocate since 2016 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and far-off places like Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv. On the internet, most places, as @mcdwayne.

  • Long Live Short Lived Credentials - Auto-rotating Secrets At Scale
The speaker’s profile picture
Edward Farrell

Edward Farrell (faz) is a cyber security consultant with over fourteen years experience in cyber security and eighteen years experience in the IT industry. As the director of Mercury, he has conducted and overseen the delivery of independent cyber security audit activities and incident responses in the past nine years.

  • Theranos 2.0- Vapourware inside - Session 3
The speaker’s profile picture
Eiji Mori

Eiji Mori

Eiji Mori joined Flatt Security in April 2021 after completing graduate studies at Kagoshima University. As a security engineer, he is mainly in charge of web application diagnostics and smartphone application diagnostics.
He has been involved in security camp related events in the past and has a wide range of interests from hardware to software. His hobbies are vulnerability research and muscle training.

  • Are you content with our current attacks on Content-Type?
The speaker’s profile picture
Eitan Worcel

Eitan Worcel is the co-founder and CEO of Mobb, the 2023 USA Black Hat StartUp Spotlight winner. He has over 15 years of experience in the application security field as a developer, product management leader, and now startup founder. He has previously spoken at Black Hat, OWASP chapter meetings, dozens of new outlets and podcasts.

  • Don’t Make This Mistake: Painful Learnings of Applying AI in Security
The speaker’s profile picture
Elad Pticha

Elad Pticha is a passionate security researcher with a focus on software supply chain and API security. Elad specializes in finding vulnerabilities in SDLC-related software. In his free time, Elad loves to code, hunt for vulnerable technologies, and use his skills to help companies mitigate their security risks. Before his current work at Cycode, Elad dedicated his time to finding critical vulnerabilities in web applications, IoT devices, and pretty much anything with an IP address, but his recent focus has shifted towards software supply chain security vulnerabilities. Elad is committed to staying up-to-date with the latest security trends and technologies and always seeking new challenges to tackle.

  • Redis or Not: Argo CD & GitOps from an Attacker's Perspective
The speaker’s profile picture
Elonka Dunin
  • Breaking Historical Ciphertexts with Modern Means
The speaker’s profile picture
Elysee Franchuk

Elysee Franchuk is a Cybersecurity Consultant. He enjoys breaking things apart, and understanding the processes that enable systems to function. With a background in programming, penetration testing, and information technology, Elysee has a creative perspective in detecting vulnerabilities, and finding new ways to exploit new and old problems. Other interests of Elysee are playing video games, listening to EDM, and Lego.

  • LOLS: LO Level Shells
The speaker’s profile picture
Emanuel Valente

Emanuel Valente is the principal cybersecurity engineer at iFood, the largest food tech company in Latin America, where he technically leads the security engineering team dedicated to designing and implementing advanced cybersecurity solutions. With over ten years of experience, Emanuel specializes in various security disciplines, including cloud and edge security, runtime security, and AI security. He brings a solid foundation in mathematics, statistics, and computer science to his work. Emanuel is pursuing a Master's in Cyber Security at the University of São Paulo. He has studied under the Fulbright Scholarship at the University of Arizona and the University of Florida, focusing on malware analysis. Additionally, Emanuel actively contributes to the OWASP Top 10 for LLM Apps. Committed to advancing cybersecurity technology, he shares his expertise through speaking engagements and research collaborations.

Organization: iFood - Cybersecurity Team
Email: emanuel.valente@ifood.com.br
Twitter Handle: @emanu_valente
Blog: https://blog.ifoodsecurity.com/
Linkedin: https://www.linkedin.com/in/emanuelvalente/

  • DoH Deception: Evading ML-Based Tunnel Detection with Black-Box Attack Techniques
The speaker’s profile picture
Emily Austin

Emily is a Principal Security Researcher at Censys, where she studies security threats and other interesting Internet phenomena. Previously, she was a security engineer focused on threat hunting, detection, and incident response. She is interested in the application of data science and analytics techniques to problems in security, and in the past has worked on projects related to anti-abuse, fraud, and malicious web app traffic detection.

  • Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you
The speaker’s profile picture
Emma Yuan Fang

Emma is an Enterprise Security Architect at EPAM Systems, with expertise spanning cloud security, DevSecOps, and security strategy. In her current role, she designs and implements security solutions into cloud platforms and software development projects for her clients. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to diverse clientele, from emerging tech startups to established FTSE 100 firms. She is passionate about cloud security, Zero Trust, and AI/ML security. Alongside her professional work, Emma is dedicated to promoting a more diverse workforce in cybersecurity through mentorship and community programs. She is an ambassador of WiCyS UK&I, a member of the Industry Advisory Board for the Faculty of Computing, and a guest speaker at the University of Buckingham in the UK.

  • Securing Your Cloud-Native DevOps: A Zero Trust Approach
The speaker’s profile picture
Eoin Wickens

Eoin Wickens is the Technical Research Director at HiddenLayer, where he works as a leading researcher in securing artificial intelligence systems. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been published over a dozen times, including co-authoring a book on cyber threat intelligence focusing on Cobalt Strike. Eoin has spoken at conferences such as BSides San Francisco, DEF CON AI Village, LABSCON and 44CON and proudly supports the Irish cybersecurity community as a south chapter member lead of Cyber Ireland.

  • AI Insecurity - An introduction to attacking AI and machine learning models.
The speaker’s profile picture
evan
  • Confessions of an Exploit Broker - How to Efficiently Sell Your Research - Session 6
The speaker’s profile picture
Ezz Tahoun

Ezz Tahoun is a distinguished cyber data scientist, who won awards at Yale, Northwestern and Princeton universities as well as prizes from CCCS, CSE, Microsoft, Trustwave and PIA. During his PhD studies in University of Waterloo, he had authored 19 papers, 4 open source projects, and was a reviewer for top conferences. He led innovative security projects for Royal Bank of Canada, Orange, Canarie, Huawei, Forescout, various governments, and others. He holds the following certifications: GIAC Advisory Board, GCIH, GSEC, GFACT, CEH, CISM, CRISC, PMP, GCP Prof Cloud Architect, and was an Adjunct Professor of Cyber Security. Ezz speaks at many cyber confs year round.

  • ZERO-RULES Alert Contextualizer & Correlator
The speaker’s profile picture
Fabricio Bortoluzzi

Fabricio Bortoluzzi
Experienced university educator. He accounts for over 10 thousand hours of live lectures in computer science, cyber security and cloud computing courses, including computer architecture, operating systems, computer networks, distributed systems, computer network attacks and application vulnerability exploitation.
He is a full-time Cyber Security Associate Professor at Noroff, in Kristiansand, Norway, and a Guest Computer Science Lecturer at the University of Vale do Itajai, in Brazil.
Fabricio previously spoke about penetration test techniques at FISL - International Forum on Free/Libre Software in Porto Alegre, Brazil and at smaller cyber security meetings.

https://www.linkedin.com/in/fabriciobortoluzzi/
https://www.researchgate.net/profile/Fabricio-Bortoluzzi
https://www.noroff.no/en/contact/staff/53-academic/392-prof-fabricio-bortoluzzi-b-sc-m-sc

  • Insights on using a Cloud Telescope to observe internet-wide botnet propagation activity
The speaker’s profile picture
Fabricio Gimenes

Fabricio Gimenes is Offensive Security Directory at Redwolves, specialist “Redteam/Pentest”. Graduated in Cyber Security Defense, he also has some certifications related to offensive security "OSCP/OSWE/OSEP/CRTP".

  • Windows EventLog Persistence? The Windows can help us
The speaker’s profile picture
Filipi Pires

I’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

  • Cloud Attack: Dissecting Attack Paths with Graph-Mode
The speaker’s profile picture
Fred Heiding

Fredrik Heiding is a research fellow in computer science at Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS). He researches AI-enabled cyberattacks from the intersection of technology, business implications, and national security policies. His work demonstrates how AI models can be used to hack devices and users and create mitigation strategies for preventing those hacks. He also red teams the AI models themselves and the US national cybersecurity strategy to find out how to better prepare our national security for AI-enabled cyberattacks. In early 2022, Fredrik got media attention for hacking the King of Sweden and the Swedish European Commissioner. Fredrik currently works with the World Economic Forum's Cybercrime Center and White House Officials to improve global and domestic cybersecurity standards of AI-based cyber defense. Fredrik is a teaching fellow for the Generative AI for Business Leaders course at the Harvard Business School and leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST).

Twitter: @fredheiding

  • Devising and detecting spear phishing using data scraping, large language models, and personalized spam filters
The speaker’s profile picture
@g1a55er
  • SteamOS: Literally Anyone With A Keyboard Can Pwn This - Session 2
The speaker’s profile picture
Gabriel Bassett
  • Security Data Science Meet-Up, Pool at the Tuscany Hotel
The speaker’s profile picture
George Polivka

George Polivka has been a tech enthusiast for over two decades. With a knack for software development, architectural design, and enterprise auditing, he's now on the front lines securing network borders as a Red Teamer. George boasts a collection of tech certifications, from the foundational A+ Technician to the prestigious OSCP. When he's not busy fortifying networks, you can find George immersed in cybersecurity challenges on Hack the Box, honing his skills and uncovering new tricks of the trade. Lately, he's been delving into cutting-edge research on deploying infrastructure and tooling to empower red team operators, making networks tremble.

  • Rolling out the C2: A Take on Modern Red Team Infrastructure
The speaker’s profile picture
George Wang

George is a software engineer by career and training. He has worked at a biotech creating genetically modified crops, a video games studio, and a large cloud provider company. In the past few years, George was thrust into the world of cybersecurity by proximity to other folks doing it far longer than he has.

Despite having built many things used by many people, George’s claim to fame is having worked with a founding member of WhatsApp, who sadly turned down a sizable stake in the company for higher base pay. An event that gave him unrealistic start up expectations due to sampling bias.

Nowadays, George enjoys broadening his horizon from interactions with eclectic engineers. He currently works at CloudKitchens.

  • Building a Security Audit Logging System on a Shoestring Budget
The speaker’s profile picture
githur
  • Why Would They Hack When They Can Get Hired Instead? - Session 11
The speaker’s profile picture
Glenn Thorpe
  • Discover the Hidden Vulnerability Intelligence within CISA's KEV Catalog
The speaker’s profile picture
Grant Dobbe
  • 14 Years Later, Proving Ground is Proving Out
The speaker’s profile picture
Grey Fox

Author:
Grey Fox (he/him)
greyfox@wcassembly.com

Grey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.

  • Introduction to Software Defined Radio – For Offensive and Defensive Operations
The speaker’s profile picture
Hannah Zhao
  • Ask the EFF - Session 12
The speaker’s profile picture
Harini Ramprasad

I'm a Product Security Engineer at Salesforce, where I have led several security reviews for new products and features in Tableau. Aside from acting as a security liaison during incidents, I have also been working on Generative AI security, as well as using GenAI to build security tooling :) Lately, I have been leading a project in the supply chain security space to identify vulnerabilities in third party packages and remediate them efficiently.
I completed my Master's in Electrical and Computer Engineering at Carnegie Mellon University, and have completed coursework in the areas of network security, reverse engineering, and security analysis of software systems. Being part of various organizations, I have experience in carrying out research and development of security products and features for users. I also worked with the National University of Singapore on an acoustic side-channel attack and co-authored papers at international conferences. Aside from professional activities, I have largely been associated with international cybersecurity communities for women in voluntary positions. I'm currently on the Advisory Board of a non-profit, Breaking Barriers for Women in Cybersecurity, to lead initiatives in the academic and research space for women.

  • Demystifying SBOMs: Strengthening cybersecurity defenses
The speaker’s profile picture
Harriet Farlow

Harriet Farlow is CEO at Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in co-founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).

  • On Your Ocean's 11 Team, I'm the AI Guy (or Girl)
The speaker’s profile picture
HexxedBitHeadz

Passionate about the convergence of cutting-edge technology and artistic expression, Hexxed BitHeadz are always looking to merge the realms of ethical hacking and digital art creation. With a strong background in cybersecurity and a keen eye for aesthetics, we bring a unique and innovative approach to the world of digital creativity.

  • A New Host Touches the Beacon
The speaker’s profile picture
Hirofumi Kawauchi

Dr. Hirofumi Kawauchi is SOC manager at NTT-ME. In his 10+ years’ background in cyber security, he previously led incident response, vulnerability management, and Security by Design at NTT East, the largest telecom carrier in Japan. He also experienced SOC analyst, threat intelligence development, SIEM and security device management for Managed Security Service (MSS) at NTT Security US. After coming back to Japan, he newly launched NTT East’s MSS as a tech-lead and developed SOC infrastructure. He contributes to Japan’s telecom industry and educational field in cyber security by sharing his knowledge and experience at ICT-ISAC JAPAN, university classes, several events, etc. He holds CISSP, GPEN, GCFA, AWS-SAP/SCS. He is also NTT Group Certified Security Principal and PhD Engineering.

  • Reassessing 50k Vulnerabilities: Insights from SSVC Evaluations in Japan's Largest Telco
The speaker’s profile picture
Hubert Lin

Hubert Lin is an offensive security expert, specializing in remote vulnerability exploitation, honeypots, and penetration testing. He previously led the signature team for network threat defense and was a senior staff engineer on the Red Team at Trend Micro. In his roles, he assessed network intrusion prevention systems and conducted sanctioned red team exercises to enhance corporate security. Hubert holds certifications as a Red Hat Certified Engineer (RHCE) and an Offensive Security Certified Professional (OSCP). Currently, he works at Netskope as a Sr. Staff Researcher.

  • One Port to Serve Them All - Google GCP Cloud Shell Abuse
The speaker’s profile picture
Ignacio Navarro

Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security.
Speaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.
@Ignavarro1

  • Insert coin: Hacking arcades for fun (Extended version) - Session 10
  • Insert coin: Hacking arcades for fun
The speaker’s profile picture
Ira Victor

Ira Victor has spent more than 25 years as an information security and digital forensics professional. In that time, he’s been a first responder to data incidents of all kinds.

Ira is a founding Ambassador for the Center for Internet Security, and helped craft a state law that defines reasonable security by using The Center for Internet Security Controls. He is most proud of his role as a founding member the Nevada-based Computers for Kids Club, a unique chapter of the long-established Lions Club International. The 100% volunteer club has provided Linux-powered equipment and security/privacy training to more than 10,000 lower-income students in the local school district. The effort is entirely grounded in Open-Source security and privacy technology.

Ira is the co-developer of patented infosec technologies that relies on metadata to protect email systems. He's a recognized by Nevada’s legal community as a top-flight expert on eDiscovery matters.

  • Security Trek: The Next Generation
The speaker’s profile picture
J

I am a US Army Veteran with over 20+ years of experience with 14+ solely within the cybersecurity domain. I was a Signals Intelligence (SIGINT) analyst in the military primarily supporting Operation Enduring Freedom. Within cybersecurity I have worked on Cyber Threat Intelligence (CTI), cyber counterintelligence (CI), maturity assessments, GRC, Advanced Persistent Threat (APT) analysis, course development, and instruction. I have experience across industry verticals including US Federal Government, DoD, USIC, and SLED. I am passionate about helping others in INFOSEC and volunteer in the community with several non-profits.

  • Law Enforcement and IMSI catchers – A privacy nightmare - Session 6
The speaker’s profile picture
James Hawk

James Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to a number of different assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.

  • Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 101
The speaker’s profile picture
James Ringold

James is a Director in Microsoft’s Security, Identity and Compliance Business Development and Strategic Ventures (BDSV) team. At Microsoft, BDSV works to identify and help to capture opportunities that will deliver growth not just today but three, five, even ten years out. BDSV leans on the knowledge of the past and the technology of today to anticipate and shape the future of technology and security.
James has been in information security for more than 25 years. He has a successful record of helping large companies in retail, wholesale, aerospace, defense, and nuclear energy sectors recover and rebuild information security programs after significant security events.
A former CISO, security architect, security operations manager and incident responder, James has focused on helping companies mature their security programs through development of threat, vulnerability, and risk management practices. James has authored and co-authored articles featured in Information Security Magazine on the topics of Nation-State sponsored attacks and vulnerability management program development.

  • Quantum Computing: When will it break Public Key cryptography?
The speaker’s profile picture
Jason Fredrickson

Jason Fredrickson is the Managing Director of software development for Aon Cyber Solutions, the arm of the services firm dedicated to helping clients achieve cyber resiliency. Jason graduated with a degree in computational physics from Harvey Mudd College and then got his "MBA" at the School of Hard Knocks with a succession of failed startups during the late 90s. Since then, he's been running software development teams in the cyber security industry and building online platforms used by tens and hundreds of thousands of users worldwide. He's never afraid to ask the stupid question and dedicates his time to making people 42% more awesome. In his spare time, he builds Lego and practices Taekwondo with his daughter.

  • Behavioral Interviewee-ing: Inverting the Corporate Interview to Get You Hired
The speaker’s profile picture
Jason Odoom

Self proclaimed Autodidact Digerati, Jason has many interests ranging from Application and Cloud Security to Machine Learning. Though he is not a fan of titles he enjoys the label Security Engineer because it gives him a lot of flexibility. He often has a hard time writing his bio so he will end it here.

  • Unleashing the Future of Development: The Secret World of Nix & Flakes
The speaker’s profile picture
Jay Chen

Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.

In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.

  • BOLABuster: Harnessing LLMs for Automating BOLA Detection
The speaker’s profile picture
jeff deifik

Jeff Deifik has a MS in Cybersecurity and a CISSP and C|CISO credentials. His
interest in the intersection of cybersecurity and software development began
with white hat password cracking over 30 years ago. Career projects included
ten years at the first e-commerce system (from 1985-1995), the first orbiting
radio telescope satellite, the worlds most advanced pulse oxineter, and most
recently cybersecurity for government satellite ground control, balancing
sound cybersecurity with cost and schedule. He is currently employed at The
Aerospace Corp.

  • Passwords 101
The speaker’s profile picture
Jeff Man

Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, co-host on Paul's Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the "whiz" wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Pioneering member of the first penetration testing "red team" at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME.

  • The State of Information Security Today - Session 9
The speaker’s profile picture
John-André Bjørkhaug

John-André Bjørkhaug is a seasoned penetration tester with over 15 years experience doing penetration testing, currently working as a Principle Penetration Tester for the Norwegian security company Netsecurity. He has a bachelor's degree in electronic engineering, but prefers to break stuff instead of building stuff. John specializes in penetration testing of internal infrastructure, physical security, Social Engineering, and full blown Red Teaming. He is also doing penetration testing of IoT, OT, and embedded systems.
John is an active participant in the Norwegian security community and has presented at conferences like HackCon and Securithon. He is also running the lockpick village at HackCon, where he is devoted to teaching others about lock picking and bypass techniques.

  • All your badge are belong to me
The speaker’s profile picture
John Evans

John Evans is the Technical Operations Manager at Cedar, a health tech startup based in NYC, where he is responsible for corporate IT, business systems and cloud engineering. He’s spent most of his career in IT and security-adjacent work. As a former Apple Retail Lead Genius, he’s also passionate about user experience and building IT and security teams that help people do their best work. He enjoys working with complex IAM problems, DevOps teams and high-growth startups; and finding speed not just in automation but in bikes and sim racers, too.

  • Building Data Driven Access with the tools you have
The speaker’s profile picture
John O. THORNE

John O. Thorne, a former intelligence officer, transitioned to the commercial sector after a career collecting HUMINT and technical data following 9/11 and during the Global War on Terror. His expertise in counterintelligence, particularly in identifying surveillance, remains a strong trait. His career in Cyber Threat Intelligence collection was interrupted when he was voluntold to Insider Threat teams.

In this talk, he will share insights into corporate monitoring practices, explaining how employees are unwittingly tracked and what can be done to raise awareness. His goal is not to help employees bypass corporate surveillance but to inform them about the existing boundaries and how to maintain their roles within the company.

  • Insider Threat: The Unwilling Watchman - Session 7
The speaker’s profile picture
Jose Fernandez

José Fernández is the President of CompSec Direct. Jose's background in CNO, CND, and engineering has allowed him to work in some of the most technically demanding environments in both private and public sector. Mr. Fernandez is a Puertorican Hacker Dude, Veteran, Vice-president of Obsidis Consortia Inc which does the BSides in Puerto Rico, and the Director of Recruitment for AUSCF.

  • Using containers to analyze malware at scale
The speaker’s profile picture
Josh Corman

Joshua Corman is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.

  • Introduction to I Am The Cavalry - Day Two - Preparing for 2027
  • Getting Serious (Un)-Resilience of Lifeline Critical Infrastructure.
  • Time is up. You have three years, 3 months, 3 weeks, to protect your Stuff. What do you do?
The speaker’s profile picture
Josh Kamdjou

Josh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.

  • Email Detection Engineering and Threat Hunting
  • EHLO World: Spear-Phishing at Scale using Generative AI
The speaker’s profile picture
Kaichi Sameshima

Kaichi Sameshima is currently involved in the NA4Sec project at NTT Communications. His role is to actively investigate and analyze threat infrastructure. During his university days, he was deeply involved in the research of IoT malware, focusing on the analysis of vulnerabilities exploited by malware and the monitoring of C&C servers. He also gave a presentation at JSAC2024.

  • Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
The speaker’s profile picture
Karl Holmqvist

Karl's security journey began with early Bulletin Board (BBS) payment systems and continued through to the modern internet age with the creation of Canada's first high-speed mobile network using licensed PCS spectrum. These efforts sparked Karl’s interest in telecommunications, internet engineering and cybersecurity solutions more broadly, which formed the foundation for Karl’s nearly three decade career building security systems and critical infrastructure.

Karl Holmqvist is the CEO of Lastwall, a trusted Identity Platform company used by the U.S. Department of Defense and a growing number of civilian Government agencies and critical infrastructure entities. Karl is an outspoken advocate for quantum resilient systems to mitigate threats posed by the advent of a Quantum computer.

  • Wars and Rumors of Wars - What are the implications for Domestic Critical Infrastructure?
The speaker’s profile picture
Kathy Zhu

Having worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.

  • Detecting Credential Abuse
The speaker’s profile picture
Kenton McDonough

I got my MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. I currently do security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems.

  • Zero downtime credential rotation
The speaker’s profile picture
Kerry Hazelton

Kerry Hazelton - better known as "Professor Kilroy" - has been involved in the technology and security industry for twenty-five years crafting his own version of "Protection Against the Dark Arts" with an extensive knowledge of information systems, data center operations, Cloud computing, digital forensics, and incident response. Ever the security enthusiast and a sucker for movie references, combined with a deep passion for teaching and mentoring; Kerry created the Cloud Forensics Workshop and CTF Challenge in 2017, which is a technical workshop that focuses on learning about the science of Cloud forensics and its real-world applications, followed by a Capture-the-Flag competition to gauge his students’ comprehension and critical-thinking skills by solving multiple forensic puzzles in a race against each other within the allotted amount of time.

He can be found posting his random thoughts on gaming, hacking, or life in general via X under the handle of @ProfKilroy.

  • Cloud Forensics Workshop - AI Edition - Day 1
  • “Cloud Forensics Workshop - AI Edition - Day 2"
The speaker’s profile picture
Kindness is Punk

Kindness is an act of rebellion.

  • Microsoft fucked it up - Session 2
The speaker’s profile picture
Kirill Efimov

As a seasoned security researcher, I've led teams at Snyk and now helm security research at Mobb. With a wealth of publications and speaking engagements, I've delved deep into the intricacies of cybersecurity, unraveling vulnerabilities and crafting solutions. From pioneering research to impactful talks, my journey is fueled by a passion for safeguarding digital landscapes. Join me as I share insights, strategies, and innovations in the ever-evolving realm of cybersecurity.

  • Don’t Make This Mistake: Painful Learnings of Applying AI in Security
The speaker’s profile picture
Kirsten Renner

After a brief run in IT and SWE, Kirsten has been in recruiting for over 20 years. She is the VP of Talent at SilverEdge and specializes in and has a passion for connecting talent to the right opportunities. She is a frequent presenter in the community on a variety of career development related topics. A known serial volunteer for decades, co-founder and previous board member of Car Hacking Village, currently a member at ICS Village and in addition to co-directing BSLV HireGround this year, and also runs the Hiring Village at BSidesCharm.

  • What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
The speaker’s profile picture
Klaus Schmeh
  • Breaking Historical Ciphertexts with Modern Means
The speaker’s profile picture
Kris Rides

Kris Rides is the CEO and Founder of Tiro Security - a Cybersecurity professional services and staffing firm. He is one of the original founding Board Members of the SoCal CSA Chapter, the previous President, and an honorary board member. He chairs the industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpline, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).

  • Root To CISO
  • What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
The speaker’s profile picture
Krity Kharbanda

I am working as an Application Security Engineer, after graduating with a Master's in Science Information Science, and a diverse skillset and experience in data management, qualitative and quantitative analysis of data, troubleshooting, posture management, security scanning, cloud security, and container security, in a cross-functional collaborative work environment.

I appreciate new perspectives, love talking to people, and am on the lookout to learn and grow more.

  • Demystifying SBOMs: Strengthening cybersecurity defenses
The speaker’s profile picture
Kyle Shockley

Kyle Shockley is one of the founding members of SolaSec. He received a B.S. in Finance and International Business, as well as an M.S. in Information Systems from Indiana University. Kyle has delivered high-value information technology solutions for over 12 years to clients in multiple industries. With experience in a variety of projects, Kyle has developed vulnerability management programs, executed advanced adversarial attack simulations, and built IT strategic roadmaps for clients around the world.

  • How We Accidentally Became Hardware Hackers
The speaker’s profile picture
Larissa Fonseca

According to the World Economics Forum annual report “Approximately half of executives say that advances in adversarial capabilities (phishing, malware, deep fakes) present the most concerning impact of generative AI on cyber”. It is already a fact that the world is already entering, if not inside, the AI bubble and facing this reality as soon as possible will help companies be better prepared for the future. However, with the velocity required to implement AI and surf into this new technology the risks involved may be put behind to give place to velocity. Based on this scenario this talk is designed to explore the adversarial attacks applied to ML systems and present the results of research made observing cybersecurity communities focused on sharing AI Jailbreaks and how those behave when applied to the most used AIs in the market.

  • And what if it was hacked? Tactics and Impacts of Adversarial Machine Learning
The speaker’s profile picture
Laura Johnson

Laura Johnson is a Security Manager, who started her career by joining the military unaware of how much she would fall in love with "security and things". Earlier in her career, Laura held roles such as Maintenance/Integrator, Network Engineer, Consultant, and Managing Security Engineer. Laura has first-hand experience in regards to cyber harassment and would like to share her knowledge to assist individuals in options.

  • Cyber Harassment: Stop the silence, save lives
The speaker’s profile picture
Leif Dreizler

Leif Dreizler is an information security professional with over a decade of experience. He is currently leading an engineering team that builds features of Semgrep’s product. Previously, Leif was a Senior Engineering Manager at Twilio Segment where his team was focused on building customer-facing security features and internal security tools.

Leif is a conference organizer and active member of the security community, and is passionate about helping folks on his team and within the broader security community develop in their careers.

  • Tracking and hacking your career
The speaker’s profile picture
Lenin Alevski

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog.

https://www.alevsk.com

  • Kubernetes Security: Hands-On Attack and Defense
  • A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations
The speaker’s profile picture
Liv Matan

Liv Matan (@terminatorLM) is a Senior Security Researcher at Tenable, where he specializes in application and web security. He previously worked as a Security Researcher at Ermetic and served in the Israeli Intelligence Corps as a Software Developer.

As a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure, Google Cloud, AWS, Facebook and Gitlab, was recognized by Microsoft as a Most Valuable Researcher, and has presented at conferences such as DEF CON Cloud Village and fwd:cloudsec.

Liv studied computer science at the Weizmann Institute of Science, in Israel. In his free time, he boxes, lifts weights and plays Capture the Flag (CTF).

  • My Terrible Roommates: Discovering the FlowFixation Vulnerability & the Risks of Sharing a Cloud Domain
The speaker’s profile picture
Mário Leitão-Teixeira

I work in AppSec at Checkmarx. I hear 'vulnerability' daily, and I'm never sick of it. I dub myself a 'self-certified idiot' because I love learning and hatching ideas. So much I've made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. That results in learning about critical vulnerabilities before they become widely exploited, and we knew about CVSSv4 before it was cool.
Well, the version 4 isn't cool yet, but in the meantime, I've researched and come up with this talk. Why? It's cool, CVSS is still widely adopted and has many limitations. If you give me a chance, I would like to bring it forward as 'food for thought'.
I wasn't given the chance to win a 'Best Speaker' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I'm also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.

Full bio: https://bit.ly/3SShO1C

  • CVSS v4 – A Better Version of an Imperfect Solution
The speaker’s profile picture
Matt Cheung

Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.

  • Introduction to Cryptographic Attacks
The speaker’s profile picture
Matthew Canham

Dr. Matthew Canham is a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting human-technology and security research. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on threats posed by maliciously produced AI generated content and synthetic media social engineering. Dr. Canham recently founded the Cognitive Security Institute, a non-profit organization dedicated to understanding the key components of cognitive attacks and discovering the best ways to defend against these.
Dr. Canham has provided synthetic media threat awareness training to NASA (Kennedy Space Center), DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the BSides Las Vegas security conference, the Misinformation Village at DefCon, and the Black Hat USA security conference. He has appeared on multiple podcasts including BarCode Security, Weapons of Mass Disruption, 8th Layer Insights, The Cognitive Crucible Podcast, the ITSP Podcast, and he has appeared as a deepfake subject matter expert on several news outlets.

  • Hacking Things That Think
The speaker’s profile picture
Matthew Sullivan

Matthew Sullivan leads the infrastructure and identity security functions at Instacart, where he manages a talented team of individual contributors responsible for all cloud platform security controls across all three major cloud providers. Prior to joining Instacart, Matthew spent ten years at Workiva, where he helped establish and mature the company’s security program as a security engineer, infrastructure architect, and then finally as the lead product manager for IAM and security features. He is also the founder of BugAlert.org, a non-profit service that alerts the security community about time-sensitive, high-impact vulnerabilities.

  • JIT Happens: How Instacart Uses AI to Keep Doors Open and Risks Closed
The speaker’s profile picture
Mauro Eldritch
  • The B-side that no one sees: the ransomware that never reached mainstream popularity
The speaker’s profile picture
Max Arnold

Max is a security engineer at Security Innovation, where he performs security assessments for web and mobile applications, backend services, and hardware. In his free time, Max enjoys solving cryptography problems, designing electronics projects, and lockpicking.

  • PCR 9: How a simple misconfiguration can break TPM full disk encryption
The speaker’s profile picture
Mea Clift

Mea Clift is a distinguished cybersecurity leader with a remarkable multi-decade career defined by her commitment, innovation, and mission-driven cybersecurity practices. She represents the excellence in cybersecurity leadership, demonstrated through her professional accomplishments, contributions to thought leadership, and investment in developing the next generation of Cybersecurity practitioners. With Liberty Mutual as Principal Advisor, Cyber Risk Engineering she provides guidance to commercial underwriters evaluating the cyber risks of organizations, and advisory services to insureds, educating on trends and opportunities for maturity. In previous roles, Mea led cyber efforts at a top water and wastewater consultancy firm, highlighting the increased risk of cyber threats in this Critical Infrastructure arena. She is also a respected mentor and advocate for belonging in the cybersecurity field, having built a stellar reputation for credibility with executive management, key clients, and employees. Notably, Mea was the recipient of the Cyversity Mentor of the Year Award in 2023, a testament to her outstanding contributions to the field. As an educator, Mea participates mentorship programs with Cyversity and ISACA and teaches a Fundamentals of GRC class regularly for Cyversity members. She lives in St. Paul, Minnesota with 4 greyhounds and is a quilter and living historian.

  • How Living and Quilting History made me a better Cybersecurity Professional
The speaker’s profile picture
Michelle Eggers

Security Consultant, NetSPI
As a Security Consultant, Michelle Eggers executes penetration testing for a variety of client environments. After making a strong pivot from operations into proactive security, Michelle focuses on web application, mainframe, and network pentesting.

Michelle has contributed to the security community by speaking about mainframe and web application security at various cybersecurity conferences, volunteering with Black Girls Hack during Hacker Summer Camp, and driving forward interest in securing mission critical systems and critical infrastructure through authoring blog posts and social media content on the subjects.

Credentials and certifications earned include CompTIA Security+ and ISC2 Certified in Cybersecurity. She also holds a Bachelor of Science degree in Accounting, a Project Management Certificate from Cornell University, and an Evolve Security Certified Professional credential.

  • The Immortal Retrofuturism of Mainframe Computers and How to Keep Them Safe
The speaker’s profile picture
Mike Larkin

Mike Larkin is CTO and co-founder of Deepfactor, Inc. Mike is also a contributor to OpenBSD, working on hypervisors, low-level platform code, and security. Mike is also an adjunct faculty member at San Jose State University, where he teaches application security technologies and virtualization.

  • Workshop: Vulnerability Reachability Analysis Using OSS Tools
  • 101 Things Your Application is Doing Without Your Knowledge
The speaker’s profile picture
Misha Yalavarthy

Misha Yalavarthy is currently an Security Engineering Manager of a research team at Semgrep that is building rules to find vulnerabilities in our customers code. Before Semgrep, she was the Security Engineering Manager for the Detection and Response team at Sentry and was responsible for building the program from the ground up. Prior to that, she was a Senior Security Engineer at Cloudflare focused on internal security and building detections to secure the global network and infrastructure.

  • Tracking and hacking your career
The speaker’s profile picture
Mohnish Dhage
  • LOLS: LO Level Shells
The speaker’s profile picture
Munish Walther-Puri

Munish Walther-Puri (he/him) is the VP of Cyber Risk at Exiger, where he focuses on supply chain and cyber risk in the tech, media, and telecom sectors. He is the former Director of Cyber Risk for New York City Cyber Command. He also teaches on cyber resiliency and cybersecurity at NYU Center for Global Affairs and Columbia SIPA.

Prior to working for the City of New York, he led analysis and intelligence for a dark web monitoring company, advised startups in corporate investigations, encrypted communications, and political risk, and consulted independently on applying technology and analytics to geopolitical analysis, forecasting, and open-source intelligence analysis. He also spent time at a large American bank, working on the intersection of fraud, cyber investigations, and terrorism, and at a leading think tank, focused on nuclear policy and international security.

Munish is a Life member of the Council on Foreign Relations and co-founder and advisor to the Fletcher Political Risk Group. He is an ally for the #ShareTheMicInCyber campaign and an Eagle Scout.

  • Cultivating Resilience: How to Succeed in a Role that Didn’t Exist
  • How to Stop Looking for a Job, and Start Looking for Culture
The speaker’s profile picture
Nick Frost

Nick is an engineer on Figma's Security Team. He's been working on security teams at SaaS companies since the first season of Succession came out. He spends his time helping engineers write more secure Electron apps, OAuth flows, and login code.

  • Chrome Cookie Theft on macOS, and How To Prevent It
The speaker’s profile picture
Norihide Saito

Norihide Saito has been involved in development and security-related work since he was a student, and joined Flatt Security in 2020. He is currently a security engineer in charge of security diagnostics mainly for web applications and public clouds, and is active in external organizations such as ISOG-J WG1.

  • Are you content with our current attacks on Content-Type?
The speaker’s profile picture
Oreen Livni Shein

Hi, I'm Oreen, a cybersecurity expert from Tel Aviv. I specialize in supply chain security, with a background in Kerberos, domains, and networking. Outside work, I enjoy surfing, climbing, reading, and gardening. I'm always up to connect and collaborate to make our digital world more secure and resilient

  • Redis or Not: Argo CD & GitOps from an Attacker's Perspective
The speaker’s profile picture
Patrick Kiley

Principal Consultant at Mandiant/Google Cloud has over 20 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick is a skilled embedded security consultant and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.

  • Introducing Serberus - a multi headed serial hardware hacking tool
The speaker’s profile picture
Paul McCarty

Paul is a DevSecOps OG and a spends most of his time red teaming the software supply chain for GitLab. He was also the founder of SecureStack, a cloud-native software supply chain security startup. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, and Australian government amongst others. More recently Paul started SourceCodeRED.com as a way to facilitate his commercial and free training products.  Paul is a frequent contributor to open source and is the author of the DevSecOps Playbook, Visualizing Software Supply Chain, TVPO threat modelling framework and several other open-source projects. He’s also a pretty good snowboarder and most importantly a husband and father to 3 amazing kids.

  • Red Teaming the Software Supply Chain
The speaker’s profile picture
Paul Wortman

Wortman is a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.

  • Taking D-Bus to Explore the Bluetooth Landscape
The speaker’s profile picture
Per Thorsheim

Founder & organizer of PasswordsCon. I know your next password. Linkedin.com/in/thorsheim for all the corporate details.

  • Combating phone spoofing with STIR/SHAKEN - a BSidesLV crowd-sourced status quo, demo & explanation
  • Standardizing Password Surveys
The speaker’s profile picture
Phillip Wylie

Phillip is a passionate offensive security professional with over twenty six years of information technology and cybersecurity experience. His experience includes penetration, red teaming, and application security.

When Phillip is not hacking, he educates others about pentesting and web application pentesting during workshops at conferences and other events. Phillip is the concept creator and coauthor of the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker,” based on his conference talk on starting a career as a pentester.

Phillip’s uncommon journey into cybersecurity is preceded by his colorful past as a pro wrestler, where he once wrestled a bear.

  • Penetration Testing Experience and How to Get It
The speaker’s profile picture
Phil Young
  • 14 Years Later, Proving Ground is Proving Out
The speaker’s profile picture
Preeti Ravindra

Preeti solves security problems with data driven methods and software as appropriate. Her research interest spans forward looking AI for security as well as security for AI.

She has experience developing and operationalizing machine learning differentiator solutions in security operations and attack surface management. Her value proposition is working cross-functionally and integrating security, data and services functions in adopting data driven practices to deliver business value. She gives back to the cybersecurity community by sharing her work at conferences and supporting women in cybersecurity through mentoring.

She is currently a Principal Research Engineer and holds a Masters Degree with a cybersecurity specialization from Carnegie Mellon University.

  • AI in the human loop: GenAI in security service delivery
The speaker’s profile picture
Randall Wyatt

Randall Wyatt is currently an Application Security engineer on the Product Security Team at CoverMyMeds (CMM). He participates in active development on an in-house vulnerability management solution, HIPAA technical risk assessments, and various other security related tasks. Randall spent the first part of his career in Automated QA testing for a couple of companies. He then moved into Application Development with auticon (a leading neurodivergent consulting company) as a contractor at CMM. Once at CMM, he made the connections necessary to pivot into Application Security. Randall is passionate about championing neurodivergence in the workplace and developing the active defender mindset and a security first culture. In his free time, Randall enjoys video games, reading, and spending time with his partner.

  • You can be neurodivergent and succeed in InfoSec
The speaker’s profile picture
Ravid Mazon

Ravid is a Senior Security Researcher with more than 6 years of hands-on experience in the Application & API Security field. As a Bachelor of Information Systems with a specialization in Cyber, Ravid brings an innovative attitude to the table, while researching different aspects in the AppSec world. He’s eager to experience, experiment, and learn something new every day. In his free time, Ravid likes to travel, exercise, and have a good time with friends and family.

Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.

In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.

  • BOLABuster: Harnessing LLMs for Automating BOLA Detection
The speaker’s profile picture
Raymond Sheh

Dr. Raymond Sheh is a researcher with a focus on Trusted Robots and Autonomous Systems, particularly in the areas of Cybersecurity and Artificial Intelligence (AI) Risk Management, Standard Test Methods and Performance Measurement, Explainable AI, and fostering the development of technically and operationally meaningful policy and regulation for robotic and cyberphysical systems. He has a particular interest in working with public safety, academia, and industry, to develop research competitions for intelligent response robots that advance state-of-the-science capabilities while also educating competitors about the need to manage and address cybersecurity and AI risks. He previously taught undergraduate and graduate subjects in Computer Science, Software Engineering, AI, and Cyber Security. Ask him about his experience with robotic lion cubs and his superhero alter-ego's efforts to avert the next AI winter.

  • Cybersecurity and Artificial Intelligence Risk Management Challenges for the Next Generation of Public Safety Systems
The speaker’s profile picture
Ricki Burke

A passionate contributor to the infosec community, Ricki is a co-organizer of BSides Gold Coast (2024) and SecTalks Gold Coast. He has also organized career villages, hosted workshops, and presented at AISA CyberCon, AusCERT, BSides Canberra, BSides Melbourne, BSides Perth, and CHCon. Ricki is also a former Resume Review volunteer at BSides LV.

  • Brute Force Your Job Application
  • Trick or Treat: The Tricks and Treats of Job Search
  • What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
The speaker’s profile picture
Rizwan Merchant

Rizwan Merchant is VP of Engineering at Deepfactor. A seasoned engineering leader at the intersection of DevOps and security, Rizwan has also played key roles at companies like Qualys and FireEye.

  • Workshop: Vulnerability Reachability Analysis Using OSS Tools
The speaker’s profile picture
Rohit Bansal

Rohit has extensive security expertise and over sixteen years of practical experience. Throughout his career, he has collaborated with prominent organizations such as PayPal and Robinhood, where he successfully tackled intricate security challenges. Now, he's on a mission to share his expertise and empower startups to do the same. Rohit has donned multiple hats as a manager, architect, and engineer. His active volunteering for BSidesSF for the past four years is a testament to his commitment to the security community. By fostering a proactive security culture, Rohit is dedicated to helping young companies steer clear of critical mistakes and grow securely.

  • Practical Perimeter-less authentication solutions for Startups using AWS native solutions
The speaker’s profile picture
Ron Nissim

Ron Nissim is the CEO and Co-founder of Entitle. Prior to founding Entitle, Nissim served in 8200, the elite intelligence unit of the Israeli Defense Forces. Ron is an entrepreneur in spirit with a passion for identity security and software engineering.

  • Is PAM Dead?! Long live Just-in-time Access!
The speaker’s profile picture
Rory Mir

As Associate Director of Community Organizing, Rory (they/them) coordinates EFF's support of local advocacy groups through the grassroots information-sharing network, Electronic Frontier Alliance (EFA). They also lead on EFF's policy responses to emerging areas of technology such as decentralization, virtual/extended reality, and artificial intelligence.

Prior to joining the EFF, Rory studied impact of technology as a doctoral student of psychology. During their stint in academia they advocated for student and worker privacy, open science, and open education on campus. They also offered cybersecurity trainings for workers, activists, and the general public.

  • Ask the EFF - Session 12
The speaker’s profile picture
Ryan English
  • How to lose 600,000 routers in 3 days (and almost get away with it) - Session 5
The speaker’s profile picture
Ryan O'Donnell

Ryan O'Donnell is a Red Team Operator at Altus Consulting. Over the last 12+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted workshops at Hack Space Con and Bsides Nova. Ryan has a Masters in Computer Forensics from GMU and the following Certifications: OSCP, OSEP, CRTO, GREM, GCFE, GCIH, CRTO.

  • Modifying Impacket for Better OpSec
The speaker’s profile picture
Ryo Minakawa

Ryo Minakawa is a malware and intelligence analyst at NFLaboratories. His works include analyzing malware used in APT attacks targeting East Asia and generating threat intelligence. He also works with NTT Communications’ NA4Sec project and monitors the infrastructure used by various attackers. He is also a developer and contributes to OSS intelligence platforms such as OpenCTI. Some of his research has been presented at JSAC2023 and JSAC2024. I hold GREM, GCTI, OSCP, OSEP and CISSSP certification.

  • Operation So-seki: You Are a Threat Actor. As Yet You Have No Name.
The speaker’s profile picture
Sherman

Roei Sherman, Field CTO at Mitiga, is a seasoned expert in Cloud Incident Response and adversarial cybersecurity. His career, spanning over ten years in cybersecurity roles, showcases a specialization in Red Team operations. Roei's approach is marked by an adversarial mindset and guerrilla tactics, aiming for a proactive defense in a variety of security engagements that encompass training, lectures, and consulting. His expertise is rooted in a distinguished background, including roles in a Field Intelligence unit of the IDF, where he continues to serve in the Reserve. Roei has also played key roles at AB InBev as Global Director of Offensive Services and led significant projects as an information security consultant and Red Team leader for EY Israel. His technical breadth covers a wide range of areas including Red Team engagements, social engineering, physical security, and incident response across diverse platforms. Roei's academic foundation enhances his professional endeavors, holding a B.A. degree in Business Administration with a major in Cyber Security and an M.A. in Criminology. Beyond his primary role, he contributes as a co-organizer of BSidesTLV and serves on the CFP team for Diana's Initiative, demonstrating his commitment to advancing the cybersecurity community.

  • Adversaries Also Lift & Shift: Cloud Threats Through the Eyes of an Adversary
The speaker’s profile picture
Shota Shinogi

Shota Shinogi is a security researcher at Macnica, pentest tools author and CTF organizer. He is an expert in writting tools for Red Team to evade the detection from EDR, sandbox, IPS, antivirus and other security solutions. His malware simulator "ShinoBOT" and "ShinoLocker" contributes to the cybersecurity industry to help the people who want to test malwares safely. He has more than 15 years experience on the Cyber security industries, starting his carrier with HDD Encryption, NAC, IPS, WAF, Sandbox, EDR, and penetration testing.
He has spoken in several security/hacking conferences; Black Hat, DEF CON, BSides. He is also contributing for the education for the next generation security engineer through the Security Camp from 2015 consecutively in Japan.

  • How (not) to Build a Vulnerable LLM App: Developing, Attacking, and Securing Applications
The speaker’s profile picture
Sick.Codes

Sick Codes is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 22k+ stars, 250k+ downloads. I’ve spoken 2x at DEF CON, published 20+ CVEs, competed in CTFs, and I’m here to stay.

  • Hungry, Hungry Hackers
The speaker’s profile picture
Simon Lermen

I am currently an independent AI researcher. I look into the misuse risks of AI agents for things like spear phishing or automated forensics.

  • Devising and detecting spear phishing using data scraping, large language models, and personalized spam filters
The speaker’s profile picture
Sing Ambikapathi

Sing is a software engineer specialized in security and compliance. Primarily design, build and support software products to keep the customer's application, data and infrastructure secure. Lead, mentor and learn along the way.

  • The road to developers' hearts
The speaker’s profile picture
Stryker

Ashley Stryker (“Stryker”) specializes in translating technical security findings and qualitative cyber intelligence into potential organizational impact for the security teams who want to prove the why – not just the what – behind their strategic plans. Stryker’s 2023 original cybersecurity research series “Press Reset” has won multiple industry awards, including best use of original research and best data insights.

You can find her on LinkedIn or in the Lonely Hackers Club (LHC) Telegram chat, ranting about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in the Baltimore-DC area, renovating a townhouse with her ancient beagle-hound mix and growing parsley for swallowtail butterfly caterpillars.

  • Career Campaigns: Re-Specing Your Professional Class for an InfoSec Role [Tabletop RPG Workshop]
  • Career Campaigns: Re-Specing Your Professional Class for an InfoSec Role [Tabletop RPG Workshop] Session 2
The speaker’s profile picture
Suha Sabi Hussain

Suha Sabi Hussain is a security engineer on the machine learning assurance team at Trail of Bits. She has worked on projects such as the Hugging Face Safetensors security audit and Fickling. She received her BS in Computer Science from Georgia Tech where she also conducted research at the Institute for Information Security and Privacy. She previously worked at the NYU Center for Cybersecurity and Vengo Labs. She’s also a member of the Hack Manhattan makerspace, a practitioner of Brazilian Jiu-Jitsu, and an appreciator of NYC restaurants.

  • Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
The speaker’s profile picture
Sven Cattell
  • Keynote, Day 1: "Secure AI" is 20 years old
The speaker’s profile picture
Sylvia Lemos

Over 8 yrs of recruiting experience covering corporate, start-up and staffing, specializing in process and training as well as leading teams.
Speaks fluently in English, Spanish and Portuguese!

  • What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things
The speaker’s profile picture
Tal Folkman

Tal Folkman is a seasoned senior malware researcher and accomplished expert in cybersecurity with over 8 years of experience in the field. Tal possesses exceptional skills in detecting and analyzing malicious code present in open-source software supply chains.

In 2021, Tal joined Dustico, a software supply chain security startup that was later acquired by Checkmarx. Prior to this, she served for 5 years as both member and leader of IDF's Cybersecurity Red Team. Currently, Tal and her team are dedicated to identifying and combating software supply chain attackers, thereby ensuring the safety and security of the ecosystem.

  • Trust or Bust: Unveiling Vulnerabilities in Developer Trust
The speaker’s profile picture
Tessa Mishoe
  • Disinform your Surroundings: AI and disinformation campaigns
The speaker’s profile picture
Travis Smith

Travis Smith is the Vice President of ML Threat Operations at HiddenLayer where he is responsible for the services offered by the organization, including red-teaming machine learning systems and teaching adversarial machine learning courses. He has spent the last 20 years building enterprise security products and leading world class security research teams. Travis has presented his original research at information security conferences around the world including Black Hat, RSA Conference, SecTor, and DEF CON Villages.

  • AI Insecurity - An introduction to attacking AI and machine learning models.
The speaker’s profile picture
Troy Bowman

Troy has spent the last 4 years working alongside a group of highly talented Information security professionals at a fortune 15 company. Prior to trekking through the trenches of threat modeling and application security, he spent 6 years enlisted in the United States Navy as a Fire Controlman, operating, repairing and maintaining some of the most valuable IT assets found on a Naval Warship. While he may not be 100% sure on a few things in life, (What to have for lunch? Should I really have that extra Cinnabon?) He is absolutely certain that threat modeling is not something to “shrug off” or avoid and it can be done at scale!
Troy enjoys spending time with his wife and two kids and is an avid video gamer, dog lover, beer drinker, and man of science. He is passionate about his future in InfoSec and is ready to keep his love for this industry going by bringing his knowledge, passion, and expertise to a new level with his upcoming company Threat Archer - Cyber Security Solutions LLC.

  • Threat Modeling at Scale: More than shifting left
The speaker’s profile picture
Troy Defty

Following over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at Google. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.

  • Linux Privilege Escalation
  • Detecting Credential Abuse
The speaker’s profile picture
Urban
  • Security Data Science Meet-Up, Pool at the Tuscany Hotel
The speaker’s profile picture
Wendy Hou-Neely

Wendy is from Marsh McLennan Cyber Risk Intelligence Center. She specializes in data, data analytics, risk quantification models for all aspects of cyber. She designed and created the various cyber risk models for MMC as well as consulting on cyber risk quantification for clients from various industries since 2017.

Wendy has over 30 years’ experience in the information technology industry, analytics, both in enterprise software, hardware and security. Like many others in the space, she began working in the area of cyber security more than 10 years ago to understand the financial impact of cyber breaches on businesses. Her skills in analytics and data science, combined with her understanding finance, technology and the nature of cyber breaches uniquely afford her the ability to quantify cyber risks.

  • Navigating the Changing Cyber Landscape: Trends, Costs, and Risk Mitigation Strategies
The speaker’s profile picture
William Reyor

William F. Reyor III is a seasoned cybersecurity professional and the Director of Security at Modus Create, where he leads the security consulting practice. With a passion for solving complex puzzles, William's journey into cybersecurity was inspired by curiosity and his love for solving puzzles. His role at Modus Create involves overseeing a talented team of DevSecOps, AppSec, and Security Architects, all dedicated to enhancing the security posture of their clients. As a core organizer and co-founder of BSidesCT since 2011, William has been instrumental in fostering a collaborative and educational environment for security enthusiasts and professionals. In addition to his professional achievements, William is also a ham radio operator, known by his call sign KB1HAX, and a co-author of the Defensive Security Handbook, Second Edition a great resource for the infosec neophyte.

  • DevSecOps and Securing your SDLC
The speaker’s profile picture
Will Vandevanter

With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP, HackMiami and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses.
He currently works as Senior Staff Security Researcher at Sprocket Security hacking hard things at scale.

  • WHOIS the boss? Building Your Own WHOIS Dataset for Reconnaissance
The speaker’s profile picture
Yaron Avital

Yaron Avital is a seasoned professional with a diverse background in the technology and cybersecurity fields. Yaron's career has spanned over 15 years in the private sector as a software engineer and team lead at global companies and startups.
Driven by a passion for cybersecurity, Yaron now focuses on security research, With expertise in application security, software supply chain security, web security research, and 3rd party protocols reversing.

  • Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories
The speaker’s profile picture
Yotam Perkal

Yotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation.
Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam is also a member of the PyCon Israel organization committee, a member of the EPSS SIG, takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX.
He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications.

  • Beyond Whack-a-Mole: Scaling Vulnerability Management by Embracing Automation
The speaker’s profile picture
Zitterbewegung
  • Psychic Paper: Cloning RFID badges and the Photo ID on them. - Session 1