Chcon2025

“Alex” (mangopdf) has hacked their employer an unspecified number of times Red Teaming, committing metaphorical crimes and writing really really detailed confession letters. Once they found former Australian Prime Minister Tony Abbott’s passport number using Google Chrome, talked to him on the phone about it, and did not get arrested.

They just started mangopdf Communication, a legitimate business in which they teach security people how to present and write in a way that non-security people understand. You too can engage in this Business Venture at mangopdfcommunication.com.

On the side, they organise purplecon, a gentle, pastel, inclusive security conference, but it’s unclear whether the whole thing is like a joke, or what.
Follow them on SoundCloud at https://mango.pdf.zone.

Anna Lezhikova is a cyber security consultant based in Wellington, New Zealand. She combines her experience in sociology, business management, communications, and IT to help companies to run and grow their business securely in the digital age. Armed with a Master's degree in Sociology, an MBA, and a Diploma in Machine Learning and Artificial Intelligence, Anna's expertise is fortified by practical know-how as a full-stack and DevSecOps engineer. This unique blend equips her with the capability to see problems from different perspectives and come up with holistic solutions.

Antoinette has a Masters degree in Relationship Psychology and a background working in New Zealand’s Intelligence Community.
She is passionate about empowering organisations and their people to make more informed security decisions by ensuring security is relatable and understandable to everyone. Often this comes down to being able to persuade, influence, and manipulate motivate non-technical people.

ZANTE is a Senior Security Consultant at Pulse Security, and occasional drum & bass DJ.

Hi, I'm Bernie - you might know me from the AUT cybersecurity club or AKL ISIG. I'm quite new to the industry, having only graduated in August 2024. I'm a cybersecurity consultant by day and a roast kumara vendor by night :) A few years back, I was cyberstalked, and I became somewhat obsessed with stalking myself to ensure I understood my digital footprint.

DoI is a creature of meat and bone. Security consultant bio-automata at Pulse Security, DoI's day job involves offensive security testing and research. Effectively, figuring out how systems can be compromised, and how to best defend them.

Dimitri is the Co-founder and Director of Consulting at Coresilium Ltd. He provides expert guidance in navigating the complex and uncertain landscape of cyber risks. His strength lies in deciphering threats and vulnerabilities, translating them into tangible risks and actionable plans tailored to each organisation. Based in Christchurch, Ōtautahi, Dimitri serves clients across Europe, America, and the Pacific. In addition, he dedicates one afternoon each week to running free coding and STEM sessions for kids through Code Club Aotearoa.

Gavin has had a varied career within the Operational Technology (OT) space, spanning over 19 years, he has been an Operator, Control System Engineer, Managing Consultant, Senior Professional Service Engineer and Principal ICS / OT Cyber Security Engineer. Has worked in many industries within critical infrastructure and obtained many of the cyber security qualifications and certifications required to protect and secure the OT and Industrial Control System (ICS) environments.

Security Operations Engineer by day, nerd and nature advocate also by day, they sleep at night. They specialise in teaching through story and drawing PowerPoint slides.

Jacob is the Head of Labs at Thinkst Applied Research. Prior to that he managed the HW/FW/VMM security team at AWS, and was a Program Manager at DARPA's Information Innovation Office (I2O). At DARPA he managed a cyber security R&D portfolio including the Configuration Security, Transparent Computing, and Cyber Fault-tolerant Attack Recovery programs. Jacob has been a speaker and keynote at conferences around the world, from BlackHat, to SysCan, to TROOPERS and many more.

Jess has been working as a professional pentester for 13 years, and is one of the co-founders of Pākiki Security. She grew up in Christchurch but now lives in Wellington.

In her spare time, she enjoys reading, dancing, going for bush walks, or just hopping in the car and driving wherever the dopamine takes her.

Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs.

Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialized in developing discrete-event simulations of large distributed systems.

Kade Morton (he/him or they/them) is the co-founder of Arachne Digital, a cyber threat intelligence company dedicated to providing actionable intelligence to security teams worldwide. With a background spanning security operations, open-source intelligence, and critical infrastructure protection, Kade has worked across government, finance, and managed service providers, helping organizations anticipate and defend against cyber threats.

Its a super duo on stage get ready.

Liv Rowley is a Research Manager at Open Measures. Much of her current research focuses on threats and digital harms originating from fringe tech platforms. In previous roles, Liv has worked as a threat intelligence analyst in both the US and Europe, specializing in understanding threats from the cybercriminal underground as well as the Latin American cybercriminal space.

Lukasz is a seasoned cyber security leader with 20 years of experience in the field. He is currently the Head of Cyber Security at Accent Group Limited, a leading retailer and distributor of footwear and apparel in Australia and New Zealand. He is responsible for ensuring the protection of sensitive information across a multitude of business systems, corporate systems, and IT infrastructure.

He is one of the organisers of the most disorganised conference on the Sunshine coast, TuskCon and a slightly better organised conference BSides Melbourne.

My name is Paul, however for my cybersecurity projects I go by the pseudonym "MrBruh"

• I am a aspiring cyber security professional
• I am a final year university student aiming to graduate with a bacholers degree
• I am proficient in C, C++, Go and Python
• I specialize in Penetration Testing of Mobile & Web Apps and Reverse Engineering of Malware
• I run a blog with all my write-ups at https://mrbruh.com

Red Team @ GitLab. Loves finding intersections between interesting, and seemingly unrelated, topics. Usually found either making, growing or deconstructing something.

Previous talks include "Beyond 'delete my browser history': infosec after death", "My kids hack me and it's awesome", "An approximate history of accuracy", and an absolutely absurd maths lecture delivered via aerial silks performance called "Floating points".

Petra is a security specialist on a mission to make good information security accessible to everyone. She has a point and she’s getting to it.

Sam has always been interested in the intersections of security and the physical world. In the past this has led to projects on backdooring RFID readers, 3D printing keys, and attacking payWave credit cards. As a day job Sam is a Director at Bastion Security Group.

Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.

I'm an old school hacker (less old and even less school) with the attention span of a fish.
My passion is reverse engineering with a little bit of app development thrown in.
Best known amongst my friends for the phases, "Ouch, don't touch that", "do you smell burning" and "It's only funny until someone gets hurt, then its hilarious"

I'm Will, I'm 22 years old, and I'm a pentester based in Wellington. I run a project called restealer (restealer.com), which offers credentials from infostealer logs back to businesses.