Ben Cain

Ben Cain is a Senior Security consultant at Quantum Security. He is interested in Cloud Security, Red Teaming and cyber security communication.

  • Everyone Under the Sun: Breaking down the SolarWinds Orion Attack
Ben Creet

Ben Creet, aka Creeture, is a reforming policy wonk turned cyber security advisor. Ben is the Vice Chair and Treasurer of the NZ Internet Task Force, an iSANZ board member, and is a member of InternetNZ. Ben works at the National Cyber Security Centre as a principal advisor in what he describes as the NCSC’s ‘GRC shop’.

  • Cyber security alchemy: forging a framework
Ben Loula

Ben is a web application penetration tester who has been living in Aotearoa for a couple years now. When he’s not hacking he’s probably running tabletop RPGs, getting motion sick in VR, walking his cat, or tramping through the Waitakeres.

  • LOLWAP: Living Off the Land for Web App Pentesters
CHCon Crüe

People from the local ISIG and Women in Tech groups.

  • Opening Day 2
  • Closing
  • Closing Day 1
  • Openning
  • Registration Open
Clancy Rye

Clancy, a senior red team engineer at Atlassian, began his journey as a detection engineer before transitioning to offensive security. Throughout his tenure, he has orchestrated numerous successful operations aimed at simulating adversarial behaviour and enhancing Atlassian's overall security posture.

  • One Trust, Zero Trust, Red Trust, Blue Trust
David Jennings

DJ (a.k.a. Moss) remains optimistic that he can make organisations great again (read: more
secure), however has seen his fair share of horror stories over his career. With risks being
blindly accepted and added to ever expanding registers, it wasn't long before he was in the
ambulance at the bottom of the cliff. Let his dulcet tones soothe you as you come for a ride
and learn how to be useful instead of just making nee-naw sounds when the worst occurs.

  • Building a Security Team and then an Army
Denis Andzakovic

DoI is a creature of meat and bone. Security consultant bio-automata at Pulse Security, DoI's day job involves hacking everything and anything to make things a little bit safer for everyone.

  • OMGCICD - From Intern to Production
Glenn Sparrow

Glenn is a 25+ year veteran of the IT Industry in Aotearoa. For the last five years he has worked as the South Island Account Manager for Lateral Security (now Tesserent). He doesnt like long walks on the beach but does enjoy a good coffee.

  • Your biggest Security Risk might not be what you think it is
Jack Moran

Jack Moran is a Security Consultant working for ZX Security in Wellington. His work involves breaking web applications, APIs, cracking them hashes, and pondering why we do things the way we do it. Beyond that, Jack is an avid gamer, home lab enthusiast, and Raspberry Pi hoarder!

  • A Race to Auth - How I stumbled onto a race condition
James Cooper

James Cooper holds a Ph.D. in Computer Science and works as a Security Developer at Cosive New Zealand. There, he spends most of his time working on Web applications such as Phishfeeder, with occasional side-lines in other tasks like developing third-party MISP integrations with customers' products or debating the merits of various programming languages and paradigms. He also spends too much time in the InfoSecNZ Discord and making Simpsons references.

  • Securing REST API Endpoints (or, How to avoid another Optus)
James Hitchiner

Lead Security Consultant within the Quantum Security Services Governance Risk and Compliance team. In my role, I've provided security consultancy to some of New Zealand’s largest private and public sector organisations. In my own time, I'm an avid gamer (Counter Strike, Civilisation VI and Chess being top 3) and enjoy hanging out with friends and family.

  • Assurance is easy, I assure you
Jed Laundry

For someone who often claims to not be a developer, Jed has reeeeeaaallly spent a lot of time learning how to Go.

  • Go by Example: Creating a C2 framework (while trolling Microsoft)
Jeremy McMullan

Security Consultant, and small security company director. After a good tenure with ACC as a C&A specialist, and my most recent role in the Ministry of Health and it's successor Health NZ, I've reached the point where my experience as the Security Lead on the Covid-19 programme has given me some great stories to relay.

  • Levelling Up - Adapting Security to Deliver Covid-19 National Systems
Kane Narraway

Kane is a technical engineering manager with an unwavering passion for all things zero trust. With over a decade of experience in building (and breaking) corporate networks. Kane dabbled in the realms of IT and DFIR before going on to lead the enterprise security teams at companies like Atlassian, Shopify, and now Canva.

  • One Trust, Zero Trust, Red Trust, Blue Trust
Karan Sharma

Karan Sharma has been in this field for over 12 years. He has worked as a Pentester for NZ telcos, banks, health sectors and manufacturing companies. He now runs his own security consulting company called Wise Fox Security, that offers services in Offensive Security and DevSecOps space. He has also completed a few of the 'customary' certifications, including OSWE, OSCP, eWPTX and Certified DevSecOps Professional (CDP). Karan has spoken at a number of other security conferences. He has a YouTube channel you can subscribe to (Wise Fox Security). Other than InfoSec, Karan loves watching and playing football, loves evening runs with his dog and going to the gym.

  • From DevOps to DevSecOps
Kay Ward

Kay Ward is a Computer Science student at UC, an embedded systems aficionado, and occasionally a game developer. They're also a solidly okay fighting game player.

  • GGs, shake my hand: Hacking game console peripherals
Kento Stewart

“Wait, Spongebob, we’re not cavemen. We have technology.” – Patrick

  • Beyond The Buzz: Practical Integrations of AI, Automation and Cybersecurity
Laura Bell Main

With over twenty years of experience in software development and application security, Laura Bell Main specializes in bringing Application Security and Secure Development practices into organizations worldwide.

She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building application security skills, practices, and culture across the entire engineering team.

Laura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as BlackHat USA, NDC, RenderATL, and OSCON on application security, DevSecOps, secure development, and security mindset. 

She is also the co-author of "Agile Application Security" and "Security for Everyone."

  • OneHourAppSec - Changing the world one sprint at a time
Nick Baty

Nick joined ZX Security in December 2021 and is based in Dunedin. However, he has over 18 years’ security experience in both private and public sector organisations prior to joining ZX Security. His area of expertise are in: cyber security ‘thought-leadership’; cyber security governance; virtual CISO engagements; undertaking cyber security risk and maturity assessments; cyber strategy development; cyber security supply chain management; cyber security in the health sector; cyber security in the financial services sector; and
cyber risk management across the lifecycle of digitally-enabled medical devices.
Key cyber security roles he held prior to joining were: Principal Cyber Security Consultant: Computer Concepts Limited; Chief Cyber Security Adviser: Ministry of Health (MoH); and Team Leader - Outreach & Engagement: National Cyber Security Centre.

  • Supply chain security in the health sector: SBOMs and digitally-enabled medical devices:
notnotcharlie

Charlie is a software developer with an interest in security. When not at work, or doing the mum thing, she's usually either making or deconstructing something.

  • My kids hack me and it's awesome
Paul Craig

Paul Craig is a kiwi hacker who has a passion for playing-with and breaking things over the last 20 years . Paul was called a malicious hacker by Heather du Plessis on TV national television (still grateful) and once had his own security report read-aloud in a NZ parliament session. You might remember me from kiwicon too.

  • Impossible is nothing: The quest for private keys
Redshark (Rory Shillington)

"Professionally, I'm an electrical engineer and have had the privilege of working in renewable energy throughout my career. I currently lead hardware engineering at a company that develops safety-critical products. At both of the companies I’ve worked at, the products connect both to the power grid and the internet, so security considerations have always been a key part of what we do.

In my spare time, I pursue far too many hobby projects (when I'm not baking or playing with our cat). Many of these projects involve hardware and sometimes building my own IoT devices (and we all know the S in IoT stands for Security). This talk is about something I stumbled across in my personal / hobby capacity."

  • Artistic Walrus
Roger Dunham

"I'm truly ancient (compared to most hackers) which means that I've had time to work in a range of industries. While there I have picked up a thing or two about many subjects.
I've worked as a researcher, web designer, coder, tester, documenter and customer advocate.
For a number of years I worked in the field of PDF reconstruction, but I've also worked in Māori language development, job-management for plumbers and the logging of oil wells.
But prior to that, in the 20th Century I wrote Javascript backed websites about forest research. And some of those are still online.
I also drink beer, play music and dance."

  • Use of GFlags for identifying Access Violations
Sam Shute

Sam is the Head of Technology at Quantum Security. His day-to-day work revolves mostly around running Quantum’s technical consulting team, but occasionally he gets out of the office to compromise networks all around New Zealand.
In his personal time Sam is into 3D printing, development of retro game consoles, and hydroponics.

  • Responder: Going Beyond Just Listening
Sarah Young

"Sarah is a Senior Cloud Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home.

Sarah has been working in cyber security since before it was cool, holds numerous industry qualifications and has co-authored a few Microsoft Press technical books. In 2019, Sarah won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud native communities and a co-host of the Microsoft Azure Security Podcast.

Sarah spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs."

  • Hackers on a plane: what we can learn from the aviation industry
Thomas Hobson

I'm a first-year software engineering student at the University of Canterbury with an interest in cyber security.

  • Honey the kids tried crypto