I’m Agnel Amodia, a Senior Technical Lead at Vanguard Group, specializing in Identity and Access Management. With over 15 years of experience, including 7 years in cloud security, I design enterprise-grade security systems for AWS cloud databases. Previously, I worked as a system programmer and researcher in India, building Neural Network Machine Learning-based software for the National Crime Records Bureau. I’m also a passionate security researcher who loves finding loopholes and crafting solutions. For me, security isn’t just work — it’s a passion I truly enjoy.

AJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and compliance (GRC) engineering, with nearly 15 years of experience. AJ currently serves as Director of GRC Engineering at Aquia, leading innovative approaches to compliance automation and cloud security. He previously founded ByteChek, a compliance automation startup focused on SOC 2 and HIPAA, achieving over $1M in annual recurring revenue. AJ also served as a partner at Armanino LLP, a top 20 CPA Firm, spearheading product innovation in compliance and audit automation.

As a dedicated educator, AJ instructs courses on cloud compliance and security automation for the SANS Institute and LinkedIn Learning, where he has educated over 125,000 professionals worldwide. AJ began his career as a U.S. Army Officer in the Signal Corps, earning the rank of Captain, and later grew the cloud compliance practice at Coalfire from a small team into a thriving practice. His professional mission remains focused on transforming compliance into an accessible, automated, and value-driven discipline.

Alessandro is a senior Threat Research Engineer at Sysdig, working on cloud security. His research mainly focuses on cloud threats and supply chain attacks. In addition to research, he’s keen on bug bounty programs and has received rewards from several large companies. Alessandro is also a contributor to Stratus Red Team, a tool to emulate offensive attack techniques in the cloud, and Falco, a graduated CNCF project.

Amiran is a passionate product security professional with over 20 years of experience spanning systems engineering, security operations, GRC, and product and application security. As a security engineering leader, he champions a pragmatic, scalable approach to security - where collaboration between security, developer, and platform teams turns security into a business enabler rather than a bottleneck.

With a deep understanding of evolving cloud architectures and modern development practices, Amiran focuses on helping organizations align security with velocity, ensuring defenses scale effectively in dynamic environments.

An avid supporter of the local security community, he is actively involved with the OWASP Vancouver chapter and DC604 DEFCON group.

Andres is an application and cloud security expert with deep expertise in offensive security and Internet-scale vulnerability research. He has worked extensively as an application security consultant, founded a security consultancy firm, and led web security initiatives as Director at Rapid7, where he contributed to advancing vulnerability scanning capabilities.

Over the years, he has authored multiple open-source tools focused on web and cloud security, which have been widely adopted by the security community and featured in international security conferences.

Currently, Andres is part of the Vulnerability Research team at Wiz, specializing in cloud security and large-scale vulnerability discovery.

Anthony Randazzo leads the detection engineering function at Datadog on their cloud security platform. He has nearly 20 years of experience in security operations roles across SecOps management, detection engineering, incident response, and threat intelligence. He’s been particularly focused on cloud-native threat management across these newer attack surfaces the past 6 years.

Ariel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environment

I’m Ben Joyce, IAM Cloud Leader at Vanguard Group, with about 20 years' experience in platform engineering, operations and cloud security. My focus is building secure, scalable cloud environments that enable innovation while ensuring compliance in highly regulated industries. I work with engineering teams to design IAM strategies that balance security and usability. I’m passionate about solving real-world IT and FinTech challenges — from securing multi-cloud setups to streamlining security processes. Cloud security should enable the business, not block it, and I love building solutions that make security seamless for developers

Chris is a principal security consultant and leads the specialist services within Reversec. As part of his day to day he leads the global team that deals with various different types of engagements of both a transactional and more bespoke nature. Chris specialises in Microsoft Azure predominantly with GCP and AWS as an additional background.

Dan Abramov is a security researcher at Token, specializing in Non-Human Identity (NHI) security. With a rich background in both offensive and defensive cybersecurity, Dan spent five years in Unit 8200. Following his service, he worked for two years at Mitiga as an incident responder, focusing on Cloud native attacks and defense mechanisms. Dan plays the piano and Saxophone, is a great dancer and loves any kind of sports.

Dani Kaganovitch is a Product Manager at RockSteady, a stealth cloud security startup. Before that, Dani worked at Google Cloud and Oracle Cloud, helping customers navigate various cloud use cases at scale in areas of core infrastructure workloads, FinOps, and observability. Through working with hundreds of organizations of different sizes, Dani organized and presented technical workshops at conferences, which led to becoming an advocate for effectively and efficiently solving real-world multi-cloud security challenges. Now, Dani focuses on ensuring customers’ environments are secure by design through the application of security policies that are practical, enforceable, and don’t break production.

Dave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up infrastructure in repeatable but constantly evolving architectures, taking into account usability, security, and scalability. He is the world's biggest fan of Infrastructure-as-Code. By day you'll find him enabling developers to do their best work and by night you'll find him hanging with his kid, whose hobbies are now Dave's hobbies.

Dave is an engineer and longtime AWS practitioner with a focus on IAM and AWS security tooling. He’s led product and engineering teams at startups and billion-dollar companies, raised millions from VCs, built two CSPMs, and now consults on AWS security for Fortune 500 companies. He maintains open-source projects in the AWS IAM space and is currently obsessed with perfecting his focaccia.

Dhruv is a former SRE and founded Chaser Systems in 2020. He's mostly Wiresharking, tinkering with PKI or tuning stacks as he once did in the low-latency world of financial data, only this time for network security. He is also a Rust programmer, cares deeply about developer experience, dabbles in cryptography and holds a master's degree in Advanced Software Engineering from King's College London. He's always 5 years of practice away from being able to play Chopin on the piano – an accomplishment that will surely coincide with IPv6 overtaking IPv4.

Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.

Emily has spent her whole career building and securing services on AWS (using Cloudformation, CDK, and Terraform). She started at Amazon Alexa, led data security & privacy at Moveworks, and is now the CEO & co-founder of Clearly AI, a YC-backed startup automating security and privacy reviews.

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.

Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Gavriel Fried is a Principal Security Researcher at Mitiga. Prior to working at Mitiga, Gavriel's history in the cyber security field includes various research positions such as UEBA, Deception, Network and DPI, Red Teaming, Digital Forensics and some Malware Analysis. Gavriel researches potential attacks and abuses on cloud services and SaaS

Greg holds a degree in Electrical and Computer Systems Engineering from Monash University, Australia. He has a diverse background spanning telecommunications, software engineering, infrastructure, and cloud security. Over the past decade, he has focused exclusively on AWS, with the last seven years dedicated to cloud security. Greg is currently employed at Block.

Greg Foss is a seasoned cybersecurity leader with over 15 years of experience spanning threat research, security operations, and offensive security. As the Engineering Manager of Threat Detection Engineering at Datadog, he leads a team of elite threat hunters and detection engineers, developing cutting-edge defenses against sophisticated cloud-native intrusions by nation-state and criminally motivated adversaries. His team transforms deep research and intelligence into actionable security insights, strengthening Datadog’s security platform.

Hagai Kestenberg is a Security Researcher at Microsoft Defender for Cloud. His work focuses on AI and Kubernetes research in cloud-native environments.

Hillai Ben-Sasson (@hillai) is a Security Researcher based in Israel. As part of the Wiz Research Team, Hillai specializes in research and exploitation of web applications, application security, and finding vulnerabilities in complex high-level systems. Hillai is a frequent speaker in security conferences and has been recognized in MSRC's Most Valuable Researchers leaderboard.

Isaac is a security engineer with a background in a variety of areas of security, including cloud security, automation, threat intelligence, and anti-phishing. He has worked for Proofpoint and Capital One in various security roles.

Jake is a Principal Architect heading Snowflake's Cybersecurity Data Cloud. At Snowflake, Jake's mission is to evangelize and enable the implementation of modern security analytics and engineering. Prior to joining Snowflake, Jake has had a diverse background of technical and leadership roles having most recently served as Co-Founder and CTO of a Cloud Consulting and Data Intelligence company. He regularly maintains his experience and interests in the areas of cloud, devops and development and is an active outdoorsman and nature enthusiast.

Jason Kao is the founder of Fog Security and is passionate about cloud identity and access management and cloud data security.

His previous experience in cloud ranges from offensive cloud consulting at Praetorian, building cloud security out at a large financial firm, and running security research and solutions at CloudQuery. He's the author on multiple security patents. Jason has previously given talks at AWS Re:Invent, AWS Re:Inforce, SANS CloudSecNext, Mandiant mWise, and more.

In his spare time, he likes to swim, test out new recipes in the kitchen, and dabbles in photography.

Jay Chen is a Security Researcher at Palo Alto Networks, specializing in cloud and AI security. His work involves identifying vulnerabilities, design flaws, and adversarial tactics in cloud-native technologies. Recently, he has shifted focus to GenAI security, researching threats to AI systems and adversarial uses of AI. Previously, Jay researched mobile cloud security and distributed storage security. He has published over 30 academic and industrial papers.

Jeremy is the founder and CEO of FireTail.io, an end-to-end API security startup. Prior to FireTail, Jeremy worked in M&A at Rapid7, a global cyber leader, where he worked on the acquisitions of 3 companies during the pandemic. Jeremy previously led sales at DivvyCloud, one of the earliest cloud security posture management companies, and also led AWS sales in southeast Asia. Jeremy started his career with 13 years in cyber and IT operations. Jeremy has an MBA from Mason, a BA in computational linguistics from UNC, and has completed additional studies in Finland at Aalto University. Jeremy speaks 5 languages and has lived in 5 countries.

Katie Knowles is a Security Researcher at Datadog, focused on Azure research. Through her past roles, Katie has had the chance to approach security as both an attacker and defender, from incident response and detection engineering to penetration testing. She holds Azure (AZ-104, AZ-500) and offensive security (OSCP, GPEN) certifications.

Kyler grew up in rural Western Nebraska, fixing neighboring farmers’ computers in exchange for brownies and Rice Krispies. Then she was going to be a librarian to help people find the information they need. Then she discovered computers were a real job, and more than just a fix for her munchies, and she's now been a systems, network, call center, and security engineer, and is now a DevOps lead, and software engineer. She speaks at any conference that will have her, hosts Day Two DevOps podcast from Packet Pushers, and writes up cool projects with approachable language and pictures as part of her Lets Do DevOps site, with the intention to upskill anyone of any skill level. I have an insatiable curiosity and desire to help the folks around me succeed and grow. So - Lets Do DevOps.

Liv is a Senior Security Researcher at Tenable, specializing in cloud, application and web security. As a bug bounty hunter, Liv has found vulnerabilities in popular software platforms, including Azure, Google Cloud, AWS, Facebook and GitLab. Liv was recognized by Microsoft as a Most Valuable Security Researcher and ranked among the top eight Google Vulnerability Researchers for 2024. He has also presented at conferences including Black Hat USA, DEF CON Cloud Village, SecTor, Bsides LV, fwd:cloudsec and INTENT.
You can follow Liv on X @terminatorLM.

Matt is a threat researcher focused on detecting Microsoft cloud and identity threats. Coining the term and establishing the strategy of "living off the land" in 2013 along with Chris Campbell, he has an extensive history of identifying ways to abuse native functionality in Microsoft products. Matt is dedicated to helping make defense accessible to all.

Matthew Braun has over 20 years of experience operating and testing secure system across government, defense, and private industry sectors. In his current role as Director of Security at Fly.io, a public cloud provider, Matt's responsibilities cover the entirety of Fly.io's security program. Matt has been privileged to work with and learn from Very Smart People at Fly.io as well as in his previous role as a penetration tester at Matasano Security/NCC group. Matt has a Bachelors and a Masters in Computer Science, is a proud father of twins, attempts woodworking, is a runner and occasional sailor, and serves on the boards of two arts non-profits.

Meg does cloud security for Alloy, a fintech in NYC. Previous to Alloy she worked at Marcus by Goldman Sachs, but that was way less fun. At Alloy, Meg does IAM, networking, data, and kubernetes security (and everything else related or tangentially-related to AWS & security). When detached from her computer, Meg dances and is part of a ballet performance group.

Michael Katchinskiy is a Security Researcher at Microsoft Defender for Cloud. His work focuses on researching and analyzing new attack vectors in cloud-native environments, specializing in Kubernetes and integrating CNAPP data to detect and prevent attacks.

Mohit is a Principal Security Consultant at Reversec, where he specialises in AWS, Kubernetes, CI/CD amongst other things. He has been working in security for around 10 years, helping a variety of clients across most sectors in that time. He has previously spoken at a variety of conferences such as fwd:CloudSec, DefCon Cloud Village, SteelCon, etc.

Moshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.

Naor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of experience in vulnerability research, exploit development, and system internals. He holds a degree in Computer Science and previously served as an officer in the IDF Intelligence Corps, leading a team focused on Windows and Linux security. At Sweet Security, he develops the company’s security sensor, designing and implementing high-performance detection capabilities for cloud environments. His work combines low-level development and cloud security research to improve monitoring, threat detection, and defense mechanisms, ensuring robust protection for modern cloud infrastructures against evolving security threats.

I bring a decade of diverse experience in the IT industry. My career has included roles in software development, with the majority focused on cybersecurity encompassing threat detection, threat research, data loss prevention, endpoint security, networking, access controls, and more. For the past seven years, my primary focus has been the proactive identification of potential threats. I have honed my skills in developing sophisticated methods for detecting these threats, ensuring that defense mechanisms stay one step ahead of malicious actors. Today, that includes thoughtfully integrating AI to enhance and simplify intelligence and detection pipelines. I hold a B.S. in Computer Information Systems and an M.S. in Information Security from Robert Morris University.

My name is Nathan Kirk, and I’m a Director at NR Labs (https://nrlabs.com/), a cybersecurity consulting startup. I have over a decade of experience with penetration testing, mostly focused on hardware and web applications. Before NR Labs, I was a Senior Consultant at Mandiant working with their Offensive Services division, and a Director at Hilton, where I helped build their penetration testing and Bug Bounty programs.

Nick is the Global Head of Research at Reversec, where he focuses on AWS security and attack detection in advanced, cloud-native organisations. He has been delivering offensive security testing, consultancy and support to a world-wide client base (including some of the world's largest financial organisations) for over a decade, and led WithSecure Consulting's cloud security team for half of that time. Outside of work, Nick is on the organising committee for fwd:cloudsec Europe and also serves on the fwd:cloudsec Technical Oversight Committee and North America review board. He is also an AWS Community Builder, and has previously spoken at fwd:cloudsec, DEF CON Cloud Village, Disobey, T2, and several AWS User Groups and Community Days.

Nick is a security professional who loves an engineering-first approach to all things cloudsec. He has experience ranging from wrangling the worlds largest cloud deployments to securing a single EC2 at nonprofits, and most things in between. He is currently a security software engineer at Netflix

Ofir Balassiano leads AI and Cloud security posture research at Palo Alto Networks, uncovering critical vulnerabilities in GCP and Azure. With over a decade of experience in security, he has a proven track record of impactful research and innovative solutions. Prior to Palo Alto Networks, Ofir served as head of security at Dig Security, driving key security initiatives, and as a senior researcher at XM Cyber, where he specialized in Windows internals and EDR strategies. His career began in the IDF, where he led a team focused on advanced security technologies. His expertise spans cloud security, OS hardening, and penetration testing, with a unique ability to analyze and secure systems from both offensive and defensive angles. His work continually influences best practices in cloud security, keeping organizations ahead of emerging threats.

Ofir Shaty, a seasoned Senior Security Researcher at Palo Alto Networks, boasts an impressive 8-year track record in the realms of Data Security, Web Application and Cloud Security. With a specialized focus on researching cloud and database attacks, he has contributed groundbreaking research to the field, exploring both offensive and defensive strategies and attack techniques. Notably, Shaty demonstrated his expertise by disclosing vulnerability in multiple GCP services.

Rami is an opinionated security wonk. He has helped build and scale security programs at companies like Figma and Cedar. Now, he strives to work on Security, for the Internet, at Wiz. His personal thoughts about security are over at ramimac.me.

Royce Lu is a security researcher at Palo Alto Networks. He has published research at top international security conferences, including BlackHat and Virus Bulletin. Currently, his interest is in LLM safety, covering areas such as LLM agent security, jailbreak automation, and handling LLM I/O security. Before GenAI security, Royce conducted research in network security. At the start of his career, he focused on malware and computer security.

Sagi Tzadik is a security researcher on the Wiz Research team. His expertise lies in identifying and exploiting vulnerabilities in web applications, as well as in network security and protocols. He has been recognized for his work and was featured on the MSRC Top Security Researcher Leaderboard.

Sai Gunaranjan is an Enterprise Architect with hands-on experience in strategizing and designing technology systems and applications for cloud platforms. Passionate about leveraging technology to solve complex business problems, Gunaranjan is accountable for overall platform security and availability as a senior member of the cloud platform team at Veradigm. Gunaranjan resolves the complex security challenges of cloud services adoption by partnering across the business units to migrate applications to the cloud while ensuring security and availability are sustained

Sebastian Walla is an expert for Cloud Threat Intelligence. He is the deputy manager of the Emerging Threats team (focusing on Cloud) and built the Cloud Threat Intelligence mission at CrowdStrike. Since 5 years Sebastian worked as a reverse engineer and has been focusing on cloud intrusions for 3 years.
Sebastian studied Cybersecurity, has a Masters in Computer Science, and published a paper on automatically identifying and exploiting tarpit vulnerabilities to fight malware. He further holds the GREM and GCLD certification and presented at Euro S&P 2019, Fal.Con 2023, fwd:cloudsec EU 2024, and BSides Bern 2024.

Seth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.

Shahar is a threat hunting researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses.

Stefano Chierici is a Threat Research Manager at Sysdig, where his research focuses on defending containerized and cloud environments from attacks ranging from web to kernel. Stefano is one of the Falco contributors to a graduated CNCF project. He studied cyber security in Italy, and before joining Sysdig, he was a pentester. He obtained the OSCP Certification in 2019. He was a security engineer and a red team member.

Thomas is a security consultant at Reversec. He has experience in a range of areas including application, network and cloud security. He focuses his time mainly on Azure, DevOps and researching cloud specific vulnerabilities outside of work.

Yigael Berger is a tech entrepreneur innovating in Cybersecurity and AI.
Yigael is a veteran of 8200, the Israeli Cybersecurity and SigInt Agency.
Yigael has co-founded VisibleRisk, a cybersecurity risk quantification startup funded by Moody's, acquired by BitSight in 2021.
Yigael holds a BSc and MSc in Computer Science from the Technion and Tel Aviv University.
Paper published in ACM: Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13th ACM conference on Computer and communications security.
2024 Patent-pending invention with the title "CONTEXTUAL ANOMALY DETECTION IN CLOUD ACTIVITY LOGS".