Chcon

Alyssa Miller is a hacker who, in her pre-teens, bought her first computer and hacked into a paid dial-up community platform. She grew up in hacker culture, finding her hacker family in IRC channels in adolescence. While IT was not her original plan, she ended up working as a developer and later a penetration tester in the financial services industry. Moving into consulting, her focus on defending technology systems grew to the point where she was advising fortune 100 companies on building comprehensive security programs.

Alyssa is now in an executive role as the CISO of Epiq Global. Still very much a hacker, she’s built on that identity to grow her career. She is an internationally recognized public speaker and author of “Cybersecurity Career Guide”. She advocates for helping others make a career out of their passion for security. She’s also a proponent for the open sharing of ideas and perspectives on securing our connected world.

Ben Creet, aka Creeture, is a reforming policy wonk turned cyber security leader. Ben is the Treasurer of the NZ Internet Task Force, an iSANZ board member, and is a member of InternetNZ. Ben works at the National Cyber Security Centre as a unit manager, leading three teams of cyber security professionals in what he describes as the NCSC’s ‘GRC shop’.

Ben is a web application penetration tester who has been living in Aotearoa for a few years now. When he’s not hacking he’s probably running tabletop RPGs, getting motion sick in VR, walking his cat, or tramping through the Waitakeres.

Chathura is a Director at KPMG Australia, spearheading the Cyber Attack and Response services. With over 20 years in offensive cybersecurity, he is recognised as a top technical cybersecurity expert. He holds fellowships with both AISA and CREST International and is currently pursuing a doctoral degree in Space Domain Intelligence.

Claudio is a Red Teamer / Penetration tester / Security enthusiast / Former Developer with more than twenty years experience with web technologies.
Claudio presented at several international security conferences: Defcon (Demo Labs), Black Hat (Arsenal), Kiwicon, Bsides San Francisco, OWASP.
Currently Claudio works as principal consultant at Tier Zero Security.

I come from a background in criminology and admittedly, cybersecurity never crossed my mind as a potential career path. It wasn't until my final year of post grad study that I delved into the world of scams and thankfully after, Helix Security took a chance on me as an Associate Security Consultant. Here I am two years later at Bastion Security, still passionate about the world of scams, how technology can be used to manipulate and exploit others, and used for a purpose other than it was originally intended for.
In my spare time, I enjoy cooking, playing squash, and reading.

Dave/Karit in his time working in various parts of the IT industry has developed a skillset that encompasses various disciplines in the information security domain. Dave currently works as a Penetration Tester in Wellington and runs Kākācon.

Dave has presented at a range of conferences such as DefCon, Kiwicon, Aerospace Village @ DefCon, BSidesCBR, CHCon, Unrestcon and at numerous local meetups; along with running training at Kiwicon, Syscan, CrikeyCon, CHCon and TuskCon. He also has a keen interest in aerospace, lock-picking and all things wireless.

DJ (a.k.a. Moss) remains optimistic that he can make organisations great again (read: more secure), however has seen his fair share of horror stories over his career. With risks being blindly accepted and added to ever expanding registers, it wasn't long before he was in the ambulance at the bottom of the cliff. Let his dulcet tones soothe you as you come for a ride and learn how to be useful instead of just making nee-naw sounds when the worst occurs.

Elle (not Ellie) is a security consultant based in Wellington who enjoys talking about sex and technology, and how this affects women. Outside of work she enjoys video games and is currently learning about malware analysis.

Ethan McKee-Harris, aka Skelmis, is a security consultant by trade. He spends his days hacking web applications and bypassing voice authentication systems. Beyond that, Ethan is an avid open source developer with experience on both sides of the metaphorical 'security fence'.

Gavin has had a varied career within the Operational Technology (OT) space, spanning over 17 years, he has been an Operator, Control System Engineer, Managing Consultant, Senior Professional Service Engineer and Principal ICS / OT Cyber Security Engineer. Has worked in many industries within critical infrastructure and obtained many of the cyber security qualifications and certifications required to protect and secure the OT and Industrial Control System (ICS) environments.

I am just a friendly local cyber security sherpa. Helping people verifiably build a safer, secure, and more resilient world by sharing knowledge, experience and exploring perspectives. This includes the privilege of presenting here at ChCon NZ previously, multiple BSides Melbourne, and DefCon Groups VR DefCon Villages, amongst many other conferences. I am grounded by the many years of experience spent security advising and assessing critical infrastructure in Australia, and governments, to small startups. That said, I’m just another nerd of figuring out how things work, tinkering, and challenging assumptions; sharing a story so that we can all make better informed decisions through broader perspectives.

Izzi Lithgow is an award winning speaker and one of Aotearoa's leading security communicators. She's worked on some of New Zealand's largest incidents, from natural disasters to cyber attacks. With almost 20 years experience in communications and PR, and seven in cyber security, she's obsessed with the life changing magic of talking about security with everyone from the CISO to the postie

Jacob has a background in IT infrastructure that began with maintaining on-premise environments, eventually evolving into “the cloud”... With a passion for IT security he moved into blue team roles specialising in cloud security. Jacob now works as an offensive security consultant in Wellington, specialising in devops and cloud security.

When not wrangling security he has a keen interest for tinkering with hardware, 3D printing, self-hosting, gaming and recently navigating (for him) the uncharted waters of parenthood.

Jay
Senior Pentester | Quantum Security Enthusiast

I’m Jay (full name Jagan Boda), a seasoned IT security professional with over 10 years of experience in penetration testing and vulnerability management. Currently working as a Senior Pentester at Spark NZ, I specialize in securing web, API, network, cloud, and IoT environments. I hold certifications in OSCP, AWS Security, and CyberArk.

Outside of work, I enjoy archery and indulging in sci-fi movies and series.

Jed Laundry is a Senior Manager at CyberCX, based in Christchurch. His background includes working as a software developer, IT ops lead, and security do-it-all-person, as well as all round geek who geeks call geeky. His family is very forgiving of all the over-the-top projects he has around his house.

jim:
I'm a former software developer who has somehow ended up hacking things for a living, which is infinitely more fun as most of you know. I'm an active security researcher with several CVEs, including Blackboard, Moodle, Nuget, MS-Office and Kramer products.

tomais:
I'm an enthusiastic hacker who enjoys CTFs and have competed at an international level in the ICC CTF as well as being part of the CursedCTF 2024 winning team. I'm also an active security researcher with a bunch of CVEs and countless other bugs for a bunch of 'solved problems' in security.

Justina is a penetration tester at Bastion Security Group. She has just over 3 years experience working in Cybersecurity and has a passion for OSINT and Social Engineering. Justina is active in the NZ Cybersecurity space, having run OSINT training at ChCon 2023.

Karl is a principal consultant and co-founder of Pākiki Security (Christchurch / Wellington). He has been a professional breaker of things for 10 years, with many more unlicensed years before that.

I am someone who found themselves in security through a lot of good luck.

After studying linguistics and French at university I somehow made it into an IT graduate programme and haven't looked back.

I have experienced the highs and lows of both public and private sector, and now currently work at Bastion Security Group within GRC. At Bastion I am a vCISO for several organisations, and enjoy the challenge that is getting buy-in for security from across the business - luckily for me this is where my expensive piece of paper (degree) comes in handy.

Louis Nyffenegger is a seasoned security engineer and the founder of PentesterLab, a platform dedicated to teaching web penetration testing. With over a decade of experience in cybersecurity, Louis has focused on penetration testing, architecture analysis, and code reviews. He also launched a YouTube channel, AppSecSchool, further extending his passion for education in application security.

Hi, I'm Luke Pearson, and I work in CyberSecurity, with a focus on digital forensics and incident response (DFIR). I've helped companies of all shapes and sizes handle incidents and tighten up their security; from those in the Fortune 100, through various military and police organisations, to healthcare and smaller businesses.

I LOVE investigations and incident response, both as an investigator or as an incident lead. Analysing artifacts, pulling indicators out of evidence sets, or leveraging the expertise of others to track attackers through digital landscapes gets me out of bed in the morning. Surround me with intelligent people, put a problem in front of us, and I'm living the dream.

Apart from the hands-on stuff, I also enjoy teaching. I share what I know at events public events (previously in Black Hat Asia, B-Sides and AvengerCon, among others) or in private sessions. I consistently try to tailor my speaking and teaching to my audience, and the feedback I've received indicates I'm fairly successful.

But it's not just about the technical side for me. I also enjoy helping companies do well overall. I dig in to business process, going beyond the tech to help the entire business succeed. My primary goal is to support and teach my community, whether it's creating challenges for colleagues, taking part in online discussion, or giving talks at conferences. I'm always part of educational projects, committed to sharing what I know.

I am a Software Engineer from Endace Technology and a member of Tech Women New Zealand. I am passionate in providing solutions from my humble abode in Hamilton and in doing so, doing my bit to make the network space a safer place. I am a music aficionado and spend my weekends on the great outdoors with my hubby.

Hi I'm MewSec. I'm from Australia. I like coffee, bushwalks and synths. I am a security researcher and InfoSec professional. All views are my own and do not reflect the views of my employer.

Nick joined the Bastion Security Group in December 2021 and is based in Dunedin.
However, he has over 18 years’ security experience in both private and public sector organisations.

Nick’s area of expertise are in:
• cyber security ‘thought-leadership’,
• cyber security governance,
• virtual Chief Information Security Officer engagements,
• undertaking cyber security risk and maturity assessments,
• cyber strategy and policy development,
• cyber security work-program development,
• cyber security supply chain management,
• executive cyber security support,
• cyber security user awareness training delivery,
• cyber security in the health sector,
• cyber risk management across the lifecycle of digitally-enabled medical devices, and
• cyber security in the financial services sector.

Key cyber security leadership roles Nick held prior to joining Bastion Security were:
• Chief Cyber Security Adviser: Ministry of Health (MoH); and
• Team Leader - Outreach & Engagement: National Cyber Security Centre.

From a health sector context, Nick’s role at MoH was responsible for driving an increase in the cyber security maturity of the whole of the New Zealand health and disability sector (public and private).

Nick also has many other achievements he is proud of, which can be seen below:
• Navigator Professional Leadership Programme: Outward Bound (2016),
• New Leaders Development Programme: Melbourne Business School (2018),
• NZITF conference speaker (2022),
• Institute of Directors Company Director’s Course (2023), and
• Christchurch Hacker’s Conference speaker (2023).

charlie is a red teamer at GitLab and loves finding intersections between interesting topics. When not at work, or doing the mum thing, she's usually either making, growing or deconstructing something.

Peter is an expert ICS/OT cyber security practitioner. He leads the SGS ECL team of industrial cyber specialists (OT security engineers/consultants). His background includes control/safety systems experience, as a TÜV-certified Functional Safety Engineer. When he’s not leading the SGS ECL OT Cyber team, Peter is an instructor for SANS ICS515 (ICS Visibility, Detection, and Response) and runs the NZ ICS Cyber Technical Network.

His experience is informed not only though work in the sector (NZ and internationally) but supported by several years as an intentionally recognised award-winning OT cyber security expert and international conference presenter. His work supporting the ICS/OT cyber security community extends to ~dozens of presentations across NZ, running the NZ ICS/OT Cyber Technical Network (established 2019), facilitating NZ ICS/OT seminars/conferences (since 2017), and supporting the 62443 series as a member of ISA-99.

Petra has a point and she's getting to it. A reformed consultant, Petra now helps small businesses to transform their information security programmes. She keeps talking about writing a book about NZ safecrackers one day but probably won't get round to it.

After years of dabbling in a wide range of subjects, I've been working with PDFs for the last seven years. I've written code, created bugs, and probably a few vulnerabilities. These days I'm paid to be a technical writer, and find other people's bugs, but I hide things in PDFs just for fun.
I also play button accordion, Morris dance and often wear a pirate hat.

Erica Anderson, aka sput, is a security nerd through and through. While her most recently formal titles have included founder and manager, she finds the most joy in building (and helping others build) things securely. She also manifests chaos with the Kawaiicon crüe and Digital Future Aotearoa.

Computer engineering student, and amateur hardware hacker.

Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.

Tomais is a Welly hacker that loves making computers do the wrong things. He is a part of the FrenchRoomba and Team Oceania CTF teams, and has been in the security industry since escaping university.

I’ve been an embedded developer for 20 years. I haven’t bothered learning web development because I still think the internet is a passing fad, but I’ve been forced to think about security after we added networking to our products