fwd:cloudsec Europe 2025

Amir Zak is the Security Research Lead at Brava Security, where he drives cutting-edge research focused on advancing cloud security.
A veteran of the IDF elite intelligence corps, Amir brings over a decade of hands-on security research experience spanning IoT security, network security, operating systems, and large-scale cloud environments.
With a career rooted in tackling complex security challenges across diverse technological domains, Amir has developed a deep expertise in analyzing threats, designing robust defense strategies, and uncovering vulnerabilities in modern infrastructures. His work has consistently contributed to strengthening organizational security posture and shaping industry best practices.
In addition to his role as Security Research Lead, Amir also serves as Brava Security’s AI Lead. In this capacity, he focuses on integrating advanced AI and LLM techniques into security research and product innovation, pushing the boundaries of automated detection and intelligent defense mechanisms.
Amir's unique combination of military intelligence training, broad technical expertise, and visionary leadership in both security and AI positions him at the forefront of modern cybersecurity research.

Ariel Septon is a Software Engineer at Native (formerly RockSteady), a cloud security startup focusing on optimizing the use of powerful built in security capabilities. Coming from a backend engineering background, Ariel has developed a strong interest in how cloud structure and identity systems impact security. She's contributed to open-source infrastructure projects and is passionate about making complex systems more understandable and secure. Her current focus is exploring multi-cloud patterns and how thoughtful architecture and policy design can prevent security drift before it begins.

Ariel Simon is a seasoned cybersecurity researcher with extensive expertise in cloud security, vulnerability research, and identity security. Currently, he works as a Security Researcher at Token Security. Ariel mainly works on uncovering critical vulnerabilities in cloud environments. Before joining Token Security, Ariel served in the IDF as a Senior Security Researcher in Unit 81. There, he led large-scale cyber projects. His hands-on experience includes whitebox and blackbox application research, advanced penetration testing, and malware analysis.

Hi! I am a red teamer, and I love it. I especially enjoy dealing with cloud, identity providers, and CI/CD pipelines. I have been using "the cloud" since 2015 as a data engineer and later team lead for a data team. In 2023 I switched sides and became a penetration tester and trainer for offensive and defensive cloud security. Now, I work in an internal red team focussing on cloud, CI/CD, and the related processes. Next to security stuff I love long runs and more security stuff.

Curtis Hanson is a seasoned cybersecurity leader with a strong background in Cyber Threat Intelligence (CTI), incident response, and strategic advisory. He has held key roles in PwC’s Global Threat Intelligence team and later at Palo Alto Networks’ Unit 42, where he worked on high-impact threat research and response efforts.

Now, in his role as Managing Partner at Invictus Incident Response US, Curtis helps organizations build cloud-focused, intelligence-driven security strategies while supporting incident response efforts to contain and recover from threats.

Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.

Itay Gabbay is the CTO and co-founder of Brava Security, where he leads the company vision around cloud-scale telemetry, SIEM efficiency, and security signal architecture. Before Brava, he served as VP of R&D at several companies, focusing on building intelligent systems and AI agents capable of reasoning and operating autonomously in complex environments. Earlier in his career, he led cloud security efforts for the IDF, overseeing the protection and monitoring of mission-critical workloads in its private cloud.

James is a Cyber security consultant based in the UK, who enjoys tinkering with digital systems, accidentally breaking them, but learning something new in the process.

Joel previously worked for 16 years at a financial services company, performing many different technology roles. He has worked closely with AWS since 2013, working to both manage the company's overall footprint as well as deliver software to internal business users running inside of AWS. He is passionate about security, operational resiliency, and just getting things done. In addition, Joel is one of the co-founders of fwd:cloudsec and is an organizer for fwd:cloudsec North America.

Lead Technical Architect @ The National Archives, UK

Liad Eliyahu is the Head of Research at Miggo Security. With over eight years of experience in vulnerability research across diverse platforms and technologies, he has a proven track record of identifying and mitigating security risks. Liad’s passion for both offensive and defensive perspectives fuels his ability to uncover vulnerabilities and craft innovative solutions that significantly enhance application security

I’m a cloud-threat researcher at Wiz, where I design and test advanced detections that protect companies across AWS, GCP, and Azure and more. Before Wiz, I worked as a cloud-threat researcher at Gem Security, which was later acquired by Wiz. Earlier in my career, I spent several years as a network-security researcher, honing my skills in traffic analysis and threat hunting.

I specialize in AWS and GCP, diving deep into data-access logs, AWS S3 Data Events, GCP Storage Data logs, CloudTrail, GCP Audit Logs, Azure Resource and Activity Logs, and more, to surface attacker tradecraft and subtle anomalies. By correlating signals across these diverse sources, I hunt sophisticated adversaries and build resilient, data-layer detections for all three major clouds.

Cloud security is my passion, and I thrive on turning complex technical challenges into practical, high-impact defenses that keep organizations safe at scale.

Miguel Hernández, Sr. Threat Research Engineer at Sysdig, is a lifelong learner passionate about innovation. Over the past decade, Miguel has honed his expertise in security research, leaving his mark at prominent tech companies and fostering a spirit of collaboration through personal open-source initiatives. Miguel has been a featured speaker at cybersecurity conferences across Europe, such as HITB, HIP, CCN-CERT, RootedCon, TheStandoff, and DeepSec.

Nandini Singhal is a Principal Software Engineer at Oracle Cloud, where she leads initiatives in distributed systems and cloud infrastructure. With over 7 years of industry experience, she has worked extensively on scalable storage systems, durability guarantees, and secure object lifecycle management at hyperscale.

Her academic background includes a master’s degree focused on concurrency, programming languages, and verification, with research published in top-tier A* conferences.

Nelson William Gamazo Sanchez worked in the computer security field since 2000 in multiple security-oriented companies, including anti-malware and computer forensics companies. Professional developed in multiple areas as reversing engineer, vulnerability analyst and vulnerability researcher, threat researcher, and computer forensics. He is an engineering graduate and has a Master's degree in Teleinformatics.

Nelson William Gamazo Sanchez is currently as Sr. Cloud Security/Threat Research at Trend Micro. Previously worked as Principal Security Researcher at Palo Alto Networks, on Cloud Security, finding and publishing unique discoveries as Elektra-Leak, P2PInfect. Prior to joining Palo Alto Networks he was a Threat Security Researcher at ZDI Trend Micro, in the Threat Hunting Team, leading the ITW hunting initiative where he published and presented multiple and unique findings.

Speaker at Conferences, BSides, VirusBulletin, RSAC, Texas Cyber Summit, fw:cloudsec.
CVEs discovered and Patent submissions.

Nick Frichette is a Staff Security Researcher at Datadog, where he specializes in offensive AWS security. He is known for finding multiple zero-day vulnerabilities in AWS services and regularly publishing on new attack techniques. In addition to his research, Nick is the creator and primary contributor to Hacking the Cloud, an open source encyclopedia of offensive security capabilities for cloud environments. He is also a part of the AWS Community Builder Program, where he develops content on AWS security.

Nishaanth is a Senior Security Consultant at MDSec, specializing in cloud and mobile application security. He has extensive experience testing a wide range of cloud and K8s environments. His work includes cloud-native security audits, application assessments, product reviews, wireless and physical security testing, and Active Directory reviews. Beyond application security, he is passionate about infrastructure, cloud vulnerability research. He has presented at conferences such as BSides, Steelcon, PHDays, InCTF, and BlueJeans Con. Nishaanth has reported vulnerabilities to Apple, AT&T, Microsoft, and NCSC UK, and holds CKA and CRTO certifications.

Nitesh Surana is a Senior Threat Researcher with Trend Micro. He focuses on software supply chain attacks, cloud vulnerabilities, threats, misconfigurations and the jazz that comes along. Primarily for his submissions affecting 10+ Azure services, he's been in the top 100 Microsoft Security Researchers for 2023, 2024 by working with the Trend Zero Day Initiative. He has presented in conferences such as Black Hat USA, Black Hat Asia, Blue Hat USA, FIRSTCON, HackInTheBox, HackInParis, Virus Bulletin, Nullcon, c0c0n and many more. Other than computers, Nitesh is often found listening to metal music in the Himalayas.

Paul Schwarzenberger is a cloud security architect and engineer, leading security engagements and cloud migration projects for customers across sectors including financial services and Government. He has in-depth enterprise experience and certifications across all three major cloud platforms – AWS, Azure and GCP.

He created OWASP Domain Protect, widely used amongst organizations as an open-source platform to prevent subdomain takeover, and the open-source Serverless CA.

Paul is a cloud security trainer and regular speaker at security and cloud conferences, including OWASP Global AppSec, SANS CloudSec Next, Security BSides and the first fwd:cloudsec.

Rami is an opinionated security wonk. He has helped build and scale security programs at companies like Figma and Cedar. Now, he strives to work on Security, for the Internet, at Wiz. His personal thoughts about security are over at ramimac.me.

Rich has been doing cloud security since the dark ages. He's the CEO of Securosis and the Chief Analyst at the Cloud Security Alliance. He also founded a cloud security startup which was acquired by FireMon where he went to help manage cloud products as SVP of Cloud Security. He has many emotional scars from cloud, and not all of them from Azure.

Sharan is a Security Consultant at Reversec with a specialty in infrastructure Security. Anything netsec gets him excited, but for a change, he is currently focusing on cloud and enterprise software research

Tomer Nahum is a Security Researcher at Semperis, where he works to find new attacks, and how to defend against them, in on-prem identity stacks such as Active Directory, as well as cloud identity systems. Tomer was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC).

I'm a cybersecurity researcher at Wiz, currently working on the threat hunting CDR team.
My role involves proactively identifying malicious activity and analyzing data anomalies across the three major cloud providers - AWS, Azure and GCP. I come from a background in penetration testing, which gives me a strong understanding of attacker techniques and tactics. This offensive experience helps me interpret anomalous data through an adversarial lens, allowing me to build more precise and resilient detections that reflect real-world threats.