OrangeCon 2026

Adam Toscher is a New York–based security engineer and red team operator with over two decades of experience in offensive security, adversary simulation, and automation. Born in New York City and raised upstate, Adam built his career as an "IT vagabond," beginning as a freshman IBM intern porting Linux applications to mainframe system. Mainframe work grounded him in large-scale computing, operating systems, and complex enterprise environment, before transitioning into offensive security. He later progressed through senior security roles at Adobe, Optiv, Accenture, IBM X-Force, and NYC Cyber Command, where he focused on realistic adversary emulation and advanced red-team operations. Most recently, Adam has been working with Cobalt Labs, supporting advanced red-teaming and offensive security engagements for private-sector organizations. Prior to this, he led red-team and adversary simulation efforts in support of critical public infrastructure with NYC Cyber Command and the FDNY. His work centers on penetration testing, red teaming, adversary emulation, and practical automation across both private-sector companies and government agencies. Outside of security, Adam values balance and lifelong learning, and is an avid reader, runner, swimmer, and gamer

Ali is a cybersecurity researcher with over a decade of experience in tech fields. He is currently the application and offensive security manager at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as Confidence Conf 2020, Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc.
Moreover, he was a trainer at OWASP Summer of Security 2020 and 2021 July training and a reviewer for Springer Cluster Computing Journal/Elsevier and the 2021 Global AppSec U.S. event. Ali is a Microsoft MVP and has published a book, along with several papers and blog posts.

Aneta Urban is a cybersecurity consultant at TNO, working on projects related to OT/IT security and automated detection and monitoring. She collaborates with both private sector clients and the Dutch government on cybersecurity challenges.

Bert-Jan is a Defensive Security Specialist and Incident Responder. He specializes in threat detection, automation and response in cloud, hybrid and on-premises environments. Besides speaking at public events, Bert-Jan likes to share technical blogs on KQLQuery.com, where he provides in-depth tutorials and insights on using KQL for effective threat detection and automation. Bert-Jan is the author of various security tools Including ALFA, IR PowerShell and KustoHawk, which are available on GitHub (github.com/bert-JanP).

Bob van der Staak is a Ethical hacker and red teamer at the Dutch Railways. Sharing knowledge is his passion, and with his background in software development and technical informatics, he implements code to assist with his daily assessments.
From web penetration testing to malware development and cloud technologies, he is eager to learn and share his expertise.

Cas van Cooten is a long-time offensive security enthusiast based in the Netherlands. He has an extensive background in evading defenses by developing offensive security tooling and malware, with a particular interest in using modern languages such as Go, Rust, and Nim to bypass traditional controls. Cas is a strong advocate for community collaboration and frequently shares his research and open-source tools on GitHub and Twitter to help bridge the gap between red and blue teams. Today, he is a co-founder of the Dutch cybersecurity startup Offensys, where he focuses on translating complex adversarial tradecraft into a platform for continuous purple teaming.

Dima enjoys building things that break things and use them in operations.
At Outflank he is an offensive research & developer for Outflank Security Tooling and a red team operator.

Gavin Reid serves as the CISO for HUMAN Security, a cybersecurity company that specializes in safeguarding enterprises against digital attacks while preserving user experiences. In addition, he oversees HUMAN’s global IT and security operations and leads the Satori Threat Intelligence and Research Team.
Gavin began his cybersecurity career in information security at NASA's Johnson Space Center. He later created Cisco's Security Incident Response Team (CSIRT), Cisco's Threat Research and Communications (TRAC), and Fidelity's Cyber Information Group (CIG). Before joining HUMAN, Gavin served as the CSO for Recorded Future, where he was responsible for ensuring the protection, integrity, confidentiality, and availability of all customer-facing services, internal operational systems, and related information assets. For more than 20 years, Gavin has managed every aspect of security for large enterprises.

Guillaume is a penetration tester and security researcher working at Synacktiv. During his career, he developed a healthy addiction to Windows systems and their internals. He is also passionate about Active Directory security, a topic on which he gathered solid knowledge through several Red Team engagements and internal pentests.

Gus Posey is a lifetime artist and a longtime educator who currently specializes in teaching through paper airplanes. He has experience as a NASA intern focused on robotics, microgravity, and space-farming but turned to aeronautics at Boeing's Future of Flight Aviation Center and Seattle's Museum of Flight. Recently he presented to a group of students in Loja, Ecuador, focusing on a message of science education for everyone.

Jiří is a security consultant with over 20 years of experience in IT, management, and ethical hacking. He specialises in Red Team operations and physical security assessments, simulating real-world attacks to uncover weaknesses in organisational security. He has first-hand experience of successful intrusions into international corporations, banks, and government institutions.

He works as an independent consultant and trainer. Across Europe, he conducts physical penetration tests, provides security consulting services to large organisations, and trains professionals in ethical hacking and Covert Methods of Entry. His work combines deep technical expertise, hands-on experience from real engagements, and the ability to transfer practical knowledge to other security specialists.

Cybersecurity expert with deep experience in red team operations, penetration testing, and security research. I began my research work in 2013 and have been recognized by leading technology companies including Sony, Microsoft, SAP, Facebook, and Yahoo for responsibly identifying and reporting security vulnerabilities. I currently work as a Red Team Specialist at Resillion and actively contribute to open‑source security projects on 0xsp Labs. My research has been referenced by industry publications such as Threatpost and BleepingComputer.

Lisa de Wilde has supported dozens of organisations in navigating and resolving security incidents and full‑blown crises. She has witnessed up close how difficult it can be for organisations to regain control and return to normal operations. Working side by side with technical experts, she has seen their struggle with guilt, pressure, and the uncomfortable shortcuts that sometimes become unavoidable when the clock is ticking.

As the founder of Cyber Radiant, Lisa now helps organisations prepare for the realities of incidents and crises before they strike. Her work focuses on strengthening resilience, improving decision‑making under pressure and ensuring that teams understand not only the technical aspects of a crisis but also the organisational dynamics that shape its outcome. Aligning business and IT remains one of the biggest challenges she encounters.

Maarten de Kruijf received a BSc in Computer and Information System Security at the Fontys University of Applied Science in 2019. Maarten is a cybersecurity researcher working on OT/IT infrastructures, automation of cybersecurity, monitoring & detection and vulnerability research. He is the lead developer of SOARCA, the open-source SOAR developed by TNO, and uses open CACAO playbook standard.

Marcel is a 20 year old software engineering student who has just started doing security research as a hobby. This means he has no expert knowledge about cybersecurity yet, however the vulnerabilities he has managed to find are concerning to say the least.

With a passion for (publicly) breaking open random IOT devices he finds on the internet, he always has some insane story to tell about his findings. From being able to take a selfie on a self checkout scanner from Albert Heijn, finding payment service API keys and order data of 400+ dutch restaurants and video calling 100.000+ smart kid robots, to becoming a super admin of hundreds of thousands of critical point of sale terminals around the world.

Marcel's goal is to responsibly disclose all the issues he finds in these critical fields to let the companies involved fix the issues. After which Marcel aims to make the public aware these issues existed in the first place.

Max Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at the Dutch Police, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as Black Hat (USA, EU, MEA, Asia), DEFCON, Botconf, and other conferences. Additionally, he gave guest lectures and workshops for several universities and private entities.

Meredith L. Patterson is a cybersecurity researcher and software engineer known for her work on the Language-Theoretic Security (LangSec) approach, which applies concepts from linguistics to improve software security. She has presented her research at major conferences such as Black Hat and has contributed to both academic research and real-world software systems. Meredith is known for bringing fresh, interdisciplinary perspectives to cybersecurity and secure software design.

Nicole van der Meulen is an experienced professional and thought leader in the area of cybercrime and cyber security. Currently she serves as Cyber Security Innovation Lead at SURF. Previously she was the Head of Policy & Development at Europol’s European Cybercrime Centre (EC3), where she was responsible, amongst others, for the Internet Organised Crime Threat Assessment (IOCTA). Prior to Europol, she held various positions in the Dutch public sector, academia and for nonprofit organisations all focused on enhancing the fight against cybercrime and improving cyber security. She obtained her PhD in 2010 from Tilburg University on a comparative study focusing on digital identity fraud in the United States and the Netherlands.

Niels is the owner of cryptocurrency recovery firm Lethologica which supports consumers on a no-cure no pay basis, Leader of HashMob's Competitive Password Cracking team, and an experienced ethical hacker and manager at PwC. He works as advisor to multiple public sector- and international clients; simulating threat actors in red teaming assessments and penetration tests.

The OrangeCon orga team is the driving force behind OrangeCon. United by a passion for cybersecurity and a strong sense of community, they aim to foster collaboration, support the ethical hacking community, and build a more secure digital future through shared knowledge.

Rudy Dijkstra is Security Researcher at the DIVD as well as Team Lead Offensive Security at SUPERP, which means he spends a meaningful chunk of his life in meetings... The rest of it he dedicates to diving into vulnerabilities and whatever research topic has caught his attention that week, on a continuous and apparently unstoppable mission to break things professionally.

Peter “blasty” Geissler is an independent security researcher from the Netherlands. He’s well known for facilitating code execution on various platforms, writing exploits for popular software packages, competing in pwn2own and being a founding member of the Eindbazen CTF team.

Rajeck Massa is a Cyber Security scientist at TNO, where he contributes to applied research across system and software security, AI security, and advanced detection and innovation. He holds an MSc in Computer Science from Leiden University and joined TNO after completing an internship there. In his work, Rajeck is involved in research projects that study how complex technical systems can be abused under realistic adversarial conditions, ranging from low‑level software components to modern AI‑enabled applications. His interests include developing and validating practical security testing methodologies, particularly in areas where existing approaches fall short. Through his research, he aims to help bridge the gap between emerging technologies and actionable security practice.

Ray is the Director of Netskope Threat Labs, a globally distributed team that specializes in cloud and network-focused threat research. His research background includes malware detection and classification, cloud app security, web security, sequential detection, and machine learning. Although his current focus is cybersecurity, his research has previously spanned other domains, including software anti-tamper and electronic warfare. In addition to his extensive research experience, Ray also has a background in education, teaching multiple math and programming courses during his academic career. He holds a Ph.D. in Electrical Engineering from Drexel University.

René Bisperink is an Ethical hacker & security specialist at Kiwa, focussing on various types of security assessment / penetration testing and training on Mobile, web, cloud, IoT and OT assessments.

Rutger Flohil began his career as a .NET developer, building a solid base in software development before switching gears to focus on cybersecurity. After gaining valuable experience in the Security Operations Center (SOC) of the Dutch TLD, he moved on to his current role as a Red Teamer at Dutch Railways (NS). Rutger enjoys the creative side of security, especially when it comes to writing offensive scripts in Python. Always curious and eager to learn, he’s passionate about discovering new techniques and fresh perspectives to tackle security challenges.

Sasha Romijn is an independent developer from Amsterdam, specialising in open
source internet infrastructure and internet standards. She maintains essential
internet routing registry software, co-authored several IETF drafts in that
space, maintains internet.nl, and co-chairs a RIPE working group. For fun, Sasha
does cursed things with networks, dabbles in security now and then, and recently
discovered what can happen when you also put marquee tags in everything.

Seasoned trainer, speaker and IT security consultant with over two decades of expertise.
Currently focuses on security research of new technologies (especially Bluetooth Low Energy and NFC/RFID) and delivering trainings on these topics.
Loves sharing his knowledge via trainings, workshops, talks and open source hackme's (https://www.smartlockpicking.com/) – at OrangeCon, BlackHat, HackInTheBox, Hardwear.io, HackInParis, Deepsec, Appsec EU, BruCon, Confidence, and many others, including private on-demand sessions.

Stan Plasmeijer is an ethical hacker at SUPERP and Operational Lead at DIVD-CSIRT, working on large-scale vulnerability discovery and coordinated disclosure. He likes to first understand how systems are supposed to work, and then see what happens when they don’t.

Udbhav Tiwari, Vice President, Strategy and Global Affairs, Signal

I am a Red Team Operator and Physical Penetration Tester with over 20 years experience. I started my career as a Unix DB Admin before lured to world of Enterprise Solutions. I spent many years working for Blue Chip companies in IT before discovering my true passion, security. I continued to work for those Blue Chip companies but also working in Formula 1, Industrial Control Systems, Telcos and Pharmaceutical companies. I now focus on Physical Security!