Elbsides 2025

Andrea is a passionate Digital Security Specialist currently working at the European Central Bank.
Navigating the challenging waters of cybersecurity, Andrea focuses on Identity and Access Management, security engineering, and security operations. During his academic journey, he developed a strong interest in network protocol security, secure coding practices, malware reverse engineering, and operational security (OpSec).

Beyond his professional life, Andrea is an enthusiastic fan of The Legend of Zelda series, a saxophone player, and an avid home cook. He’s driven by a deep desire to keep learning, to share knowledge, and to help make the digital world a little bit more secure for everyone.

Andrey Voitenko is Senior Product Manager at VMRay, where he focuses on advanced threat detection and analysis technologies. With over 20 years of experience in cybersecurity, he has held leadership roles in both product development and product management at major international security vendors. Andrey holds a CISSP certification and a Master’s degree in Applied Mathematics and Information Security Technologies. He is a frequent speaker at industry conferences and technical community events.

Asan Stefanski is Director of Digital Transformation at ADVISORI FTC GmbH and a recognized expert in Artificial Intelligence. With more than 12 years of experience in complex IT projects, he has successfully taken on key roles including Project Manager, Senior Software Architect, and Senior Software Engineer.
Attached you will find the photo of Asan.

Axelle Apvrille is a Principal Security Researcher at Fortinet, Fortiguard Labs. Her research interests are mobile and IoT malware that she reverses every day. In addition, she is the lead organizer of Ph0wn CTF, an on-site competition which focuses on ethical hacking of smart objects. In a prior life, Axelle used to implement cryptographic algorithms and security protocols.

Axelle has spoken at many conferences such as Black Hat Europe, Confidence, Hack.Lu, Hacktivity, Insomni'hack, ShmooCon, Troopers, Virus Bulletin... NorthSec 2021 ;-) She has also published in academic journals such as IEEE Security & Privacy, or Journal in Computer Virology. She regularly writes in the French magazine MISC and Hackable, and has recently published in Phrack #71.

Christian has more than 13 years of experience in IT security (primarily CSIRT and SOC) and 8+ years in digital forensics and incident response.
He has led the handling of numerous incidents involving small and medium-sized businesses, large corporations, hospitals, and universities.

Since October 2024, Christian has been the Principal Expert at Eye Security GmbH and is responsible for helping (primarily) German companies and organizations recover from incidents quickly and securely.

Chris is a Pentester at Black Hills Information Security (BHIS), where he is responsible for Pen Testing web apps, mobile app, APIs, and networks. He is also the owner of Ridgeback InfoSec (ridgebackinfosec.com) and has authored two cybersecurity classes (Offensive Tooling Foundations and Offensive Tooling for Operators) which he teaches via Antisyphon Training. Chris has nearly two decades of experience in Web/Mobile development, QA automation, and Penetration Testing.

Certifications:
GSEC: GIAC Security Essentials
GCIH: GIAC Certified Incident Handler
GWAPT: GIAC Web Application Pen Tester
GPEN: GIAC Penetration Tester

I'm Igor Stepansky, a Product Security Engineer at Axonius for more than 3 years with a background as a cybersecurity analyst. My expertise includes integrating security solutions such as SAST, IaC, SCA, secrets detection, malicious package identification, and more. I'm also responsible for penetration testing, securing cloud and Docker environments, GitHub hardening, and building cool tools to enhance security workflows. I'm passionate about sharing practical knowledge and insights gained from working with diverse security solutions in a modern enterprise environment like Axonius.

Jasmin Mair works as a Global Product Security Manager at Leica Microsystems. She brings a wealth of experience in application and product security. In her previous role as a security consultant at IBM, she helped clients across various industries implement security programs, establish DevSecOps practices, and generally secure the software development lifecycle (SDLC). However, her true passion lies in building bridges between interdisciplinary teams and finding new ways to improve collaboration between security, development, and product management.

https://informatik.hs-bremerhaven.de/lafischer
(more coming on acceptance of the talk)

Malte Wessels has been a PhD student at the Institute for Application Security at TU Braunschweig since summer '22, where he researches web security and privacy.

Max Maaß works at the security team at iteratec. He spends his time with architecture reviews, threat modeling and pentesting for software development projects, and has contributed to the OWASP secureCodeBox. Previously, he conducted research into security and privacy issues at the Secure Mobile Networking Lab at TU Darmstadt.

Michael Goberman is the Director of Product Security at Axonius, where he leads the Application Security department. He brings extensive industry experience across a diverse range of cybersecurity roles, demonstrating strong leadership in securing modern enterprise applications and infrastructure.

https://www.linkedin.com/in/michael-goberman/

Mikko Hyppönen is a global security expert, speaker and author. He works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure.

Mr. Hyppönen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge.

He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list.

Mr. Hyppönen sits in the advisory boards of t2 and Safeguard Cyber.

Former Police Officer from Argentina, now a Cloud Incident Responder and Security Engineer with over 10 years of IT experience. A Digital Nomad an international speaker, I've presented on Cloud Security and Incident Response at Ekoparty, FIRST, Virus Bulletin (three times), Hack.Lu, and various BSides events worldwide. I hold a Bachelor's degree in Information Security and an MBA (Master in Business Administration).

Hi, I´m Sarah!
I have been working over years in the business as a disciplinary and temporary leader in Customer Services, Supply Chain Management and IT. Whilst a Transformation Program, I found my passion for Informationsecurity and the Psychology behind. Some Years later, I am a future Cyberpsychologist, focusing on the human machine interaction. My aim is to give a better understanding what happens with us in the digital world and how we can gain the right benefit and limits for our digital future.

Sewar Khalifeh is a cybersecurity consultant specializing in Secure by Design principles, with over three years of experience in the banking and telecommunications industries. She currently works as a Secure by Design consultant for CLOUDYRION, conducting security assessments for cloud/hybrid solutions, and leading security initiatives that pushes digital transformation journeys.

Holding multiple certifications, including ECIH, CEH, and OCI Security Professional, she is passionate about advocating for security best practices and sharing insights through workshops and community engagements.

From a young age Yasin had an affinity with Computers and Technology, and has been with Eye Security B.V. for the past 3 years improving his knowledge and skills in Digital Forensics and Incident Response.