Security BSides Las Vegas 2025

The speaker’s profile picture
Unnamed user
  • The World Famous Hire Ground Panel, Tuesday Edition
The speaker’s profile picture
Aaron Shim

Jen Ozmen is a Software Engineer at Google, where she works on the Information Security Engineering team. She is passionate about building secure and reliable software, and she is always looking for new ways to improve the security of Google's products and services.

Aaron is a software engineer at Google who focuses on web security features and adoption across all Google products. Before working on security, he was on product teams for Google Cloud and Google Workspace. Before Google, he had a brief stint at Microsoft. Prior to big tech, he wrote a lot of Ruby on Rails code.

  • Securing Frontends at Scale: Paving our Way to the Post-XSS World
The speaker’s profile picture
Abhijith "Abx" B R

Abhijith B R, also known by the pseudonym Abx, has over a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive security specialist, red team consultant, researcher, trainer, and public speaker.
He is currently building Breachsimrange.io and working with multiple organizations as a consulting specialist, helping them build offensive security operations, improve their security posture, assess cyber defense systems, and bridge the gap between business leadership and security professionals.

Abhijith previously worked with Envestnet, Nissan Motor Corporation and EY.
As the founder of Adversary Village, Abhijith leads a community initiative focused on adversary simulation, tactics, purple teaming, threat actor and ransomware research-emulation, and offensive cyber security. Adversary Village is part of the DEF CON Villages and hosts hacking villages at major events like DEF CON and RSA Conference.
He also leads the Tactical Adversary project (https://tacticaladversary.io/), a personal initiative focused on offensive cybersecurity, adversary simulation, and red teaming tradecraft.
Abhijith has spoken at conferences including DEF CON, RSA Conference, The Diana Initiative, Opensource India, Security BSides (Las Vegas, SF, Delhi), Hack Space Con, Nullcon, and c0c0n.

  • Threat and adversary emulation operational exercises
The speaker’s profile picture
Alexander Vanino

Alex is an Information Security manager and architect with over 20 years of experience in corporate IT, site reliability, platform development and information security. Alex brings over 10 years of public safety, video SAAS and healthcare industry experience from his prior roles at RapidSOS, Vidyo and AbleTo. Currently, Alex is a Senior Platform Security Engineer at Oscar Health.

At RapidSOS, Alex led the creation of a cross-functional security team, managed a $25 million technology budget, and spearheaded innovative cloud and security solutions. Before joining RapidSOS, Alex helped build, scale and secure Vidyo’s cloud offering, which allowed developers, government, corporations and hobbyists to easily bring Vidyo conferencing into their own applications. Prior to Vidyo, Alex was AbleTo’s principle network architect where he was responsible for designing and building AbleTo’s virtual behavioral healthcare cloud platform.

Alex likes to spend his spare time volunteering as a technical adviser for the Progressive Coders Network; sharing and collaborating on innovative ideas which inspire a means to achieve racial, social, environmental and economic progress. Alex is also a Volunteer EMT, providing pre-hospital health care for the residents of his home town, Dumont, NJ.

  • Cascading Failure, Unified Defense: Defending Water, Power, Healthcare, & EMS
The speaker’s profile picture
Alex Bernier

Principal Red Team Consultant, CrowdStrike
Passionate about AI application security!

  • Don't be LLaMe - The basics of attacking LLMs in your Red Team exercises
The speaker’s profile picture
Alexis Womble

Alexis Womble has been part of Autodesk's Cyber Threat Intelligence team for 5 years. She holds a bachelor's in IT with a minor in Business Administration and is pursuing an MBA. She is also the Global Co-Lead for Autodesks MIND Network, encouraging Mental Inclusion, Neurodiversity, and Disability Awareness. Alexis has spoken at various internal and external events in the past. Passionate about helping others, she offers advice on breaking into I.T., sharing productivity tips, and making Security accessible to everyone. Outside of work, she enjoys cats, coffee, and reading.

  • Cyber Threat Landscaping Workshop
The speaker’s profile picture
Alex Thines

Alex Thines began his journey as a blue team analyst, he dove into the world of programming. As he sharpened his coding skills, he found not only an enhanced ability to hack but also a newfound love for programming itself. The synergy between hacking and coding intrigued him, urging him to merge the two. After giving talks about drones last year, Alex has a renewed love for making small hacking devices similar to the FlipperZero and Wifi Nugget.

  • So... You want to build your own hacking device...
  • (04) Real Life Needs an ESP Overlay — So we Made One!
The speaker’s profile picture
Ali Kabeel

With over a decade of bug hunting experience, Ali Kabeel has uncovered critical vulnerabilities across top tech platforms and ranks second on Snapchat’s Hall of Fame. He’s especially passionate about business logic vulnerabilities—the kinds of flaws rooted in real-world misuse rather than broken code—because they often evade automated scanners yet carry high impact.

Ali is currently a Security and Privacy Engineering Lead at Bending Spoons, where he has led security efforts across major products including Evernote, WeTransfer, and Brightcove. He has published research on microservice security and actively shares his expertise through conference talks, mentoring, and community engagement.

  • Innovative, Shiny, and Vulnerable: Four Ways to Exploit Modern SaaS Data Platforms
  • Breaking the Guest List: Hacking Invitation Systems for Fun and Profit
The speaker’s profile picture
Alina Thai

Alina is an experienced intelligence analyst focusing on cyber threats and emerging technologies. Her research interests include financial cyber crimes, cyber warfare, and protective security. Holding a BS in Computer Science and Master's in Applied Intelligence, Alina advocates for women in cybersecurity while mentoring the next generation of professionals.

  • Thinking Outside the SOC: Structured Analytics for the Overloaded Cyber Analyst
The speaker’s profile picture
Allan Friedman

Allan is probably here in his personal capacity.

  • Malicious Packages - they're gonna get ya!
The speaker’s profile picture
allisonnixon

Allison has labored in obscurity chasing script kiddies since 2011. She is now the Chief Research Officer at Unit 221B, and works on intelligence collection and takedown efforts. She works with a team of amazing investigators who collaborate across industry and governments to create real world impacts and deterrence for threat actors.

  • The Scene is Dead
The speaker’s profile picture
Amit Serper

Amit Serper is a seasoned security researcher with over 20 years of experience spanning vulnerability research, malware analysis, exploitation, and reverse engineering. Known for high-impact discoveries and deep technical insights, Amit has contributed to both defensive and offensive security domains. He currently serves as a Lead Security Researcher at CrowdStrike, where he focuses on uncovering advanced threats and novel attack techniques. His work has been widely cited in industry reports and media, and he frequently presents at leading security conferences worldwide. Before joining Crowdstrike, Amit worked multiple security research roles at companies such as Akamai, Cybereason, and other startups.

  • From interview questions to cluster damage: Adventures in k8s cluster shenanigans
The speaker’s profile picture
AndrewKao

Andrew Kao is a PhD student in economics at Harvard University. His research focuses on the political economy of new technologies, such as AI and the internet. His website is https://andrew-kao.github.io/

  • A Framework for Evaluating the Security of AI Model Infrastructures
The speaker’s profile picture
Andrew Ohrt

Andrew is the Resilience Practice Area Lead for West Yost. Based in Duluth, MN, Andrew support Idaho National Laboratory and the American Water Works Association with the development of CIE and cybersecurity resources to support the water and wastewater sector.

  • Engineering Cyber Resilience for the Water Sector
  • Defending Our Water - Defending Our Lives
The speaker’s profile picture
Andrew Rose

Tk

  • Hackers Kinda Like to Eat
The speaker’s profile picture
Anushka Khare

Anushka is a Security Program Manager at Microsoft, specializing in strengthening encryption for Kerberos and Azure Kubernetes Service. Though early in her career with just 9 months at Microsoft, she has already made notable contributions, including publishing an article on enhancing Kerberos security: https://techcommunity.microsoft.com/blog/windowsservernewsandbestpractices/removal-of-des-in-kerberos-for-windows-server-and-client/4386903

Before joining Microsoft, Anushka gained valuable experience through internships at BlackBerry, Microsoft, Trans Mountain, and Iron Spear, a Canadian cybersecurity advisory firm. During these roles, she focused on developing cybersecurity controls and policies, conducting security and threat risk assessments, and testing data loss prevention solutions. Anushka's diverse background has equipped her with a strong foundation in cybersecurity, and she continues to drive innovation in her current role.

  • Harnessing AI and Post-Quantum Cryptography for Cybersecurity in the Quantum Era
The speaker’s profile picture
Anya

Anya is a security engineer focused on web app and AI red teaming. In her free time she researches applying graph theory and network science to cybersecurity. Her first talk focused on visualizing data poisoning and tampering using network science. In her actual free time she enjoys painting and participating in CTFs.

  • Poison in the Wires: Interactive Network Visualization of Data Attacks
The speaker’s profile picture
Ariana Mirian

Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.

  • Predicting the Lifespans of Internet Services: Falling down the ML Rabbit Hole, and What We Learned From The Thud
The speaker’s profile picture
Ariel Kalman

Ariel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environment.

  • No IP, No Problem: Exfiltrating Data Behind IAP
The speaker’s profile picture
Art Conklin

Dr. Kitty is a Professor Emeritus at the University of Houston, joint appointee at Idaho National Laboratory. An internationally recognized expert in cybersecurity for operational technology (OT) systems and critical infrastructures. He is also recognized as a national leader in the development of educational programs in industrial control systems cybersecurity.
Taught 20 different classes (5 undergraduate, 15 graduate classes) over 19 years.
Published 6 books on cybersecurity.
Speaker at numerous conferences including regional BSides, DefCon ICS Village, Hack the Capital, RSAC (twice).

  • Engineering Cyber Resilience for the Water Sector
The speaker’s profile picture
Ashley Cihak

Ashley Cihak is the youngest President of a non profit club that specializes in providing students linux-based computers over the last 17 years. The Club has taught over 15,000 low-income students and their parents about security, privacy and open-source software. While managing the club takes up a significant amount of her time, Ashley works as the SAP Administrator and Office Manager at a snow grooming company. In her spare time, she enjoys listening to live music and flying hot air balloons.

  • Boost Your Career: Get Practical InfoSec Experience in Your Community!
The speaker’s profile picture
Avinash Nutalapati

I’m a senior security professional with a master’s in cybersecurity from Northeastern University and hands-on experience spanning infrastructure vulnerability management, application security, SOC operations, and IT audit. I’ve worked across diverse environments—financial services, healthcare, startups, and MSSPs—where I’ve helped teams evolve from traditional CVSS-only approaches to more risk-aligned models. My recent focus has been building centralized AppSec vulnerability triage workflows, integrating tools like Nexus, Contrast, and Jira for streamlined remediation. I’ve also worked closely with audit and compliance teams to map technical risks to frameworks like NIST, ISO 27001, and SOC2. Earlier in my career, I led SOC alert tuning, incident response, and detection engineering efforts, which gave me a solid foundation in real-time operations and threat behavior analysis. My work now centers on connecting these domains—bridging AppSec, infrastructure, SOC, and governance—to help orgs prioritize better, reduce noise, and move faster when it matters.

  • Rewriting the Playbook: Smarter Vulnerability Management with EPSSv3, CVSSv4, SSVC & VEX Frameworks
The speaker’s profile picture
Beau Woods

Beau Woods is a leader with the I Am The Cavalry grassroots initiative, Founder/CEO of Stratigos Security, a Cyber Safety Innovation Fellow with the Atlantic Council, leads the public policy space at DEF CON, and helps run the I Am The Cavalry track at BSides Las Vegas. In addition, Beau helped found the ICS Village, Aerospace Village, Hack the Sea, and Biohacking Village: Device Lab. His work bridges the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. He formerly served as Senior Advisor with US CISA, Entrepreneur in Residence with the US FDA, and Managing Principal Consultant at Dell SecureWorks. Over the past several years, Beau has consulted with the energy, healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US and international policy makers, and the White House. Beau is a published author, public speaker, media contributor.

  • Emergency & Urgent Care Remains in Critical Condition
The speaker’s profile picture
Ben Hirschberg

Ben is a cloud security researcher, open-source contributor, and co-founder of ARMO, the creators of Kubescape. With over 15 years of experience in cybersecurity, Ben specializes in Cloud and Kubernetes security, runtime hardening, and cloud-native defense strategies. His work bridges the gap between theory and practical security, helping organizations protect their workloads against real-world threats.
Ben frequently speaks at security and open-source conferences, bringing a hands-on, honest perspective rooted in real operational experience. When he's not building tools to defend containers, he usually tries to break them and then writes about what he learned.

  • Hardening Containers with Seccomp: Hands-On Profiles, Pitfalls, and Real Exploits
The speaker’s profile picture
Ben Kofman

Ben is a Senior Offensive Security Engineer at Praetorian, specializing in advanced product and application penetration testing, network security assessments, and automation. He has a bachelor's degree in Systems Engineering from the University of Illinois at Urbana-Champaign and several industry certifications, including the OSCP, GCIA, GMOB, and AWS Solutions Architect Associate. Ben also serves as a Cyber Warfare Officer in the Army National Guard.

  • Innovative, Shiny, and Vulnerable: Four Ways to Exploit Modern SaaS Data Platforms
The speaker’s profile picture
Blake Hudson

Blake is a seasoned cybersecurity professional, boasting over 6 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and cloud security. Previously a Red Teamer through the Department of Education where he obtained several SANS certifications and is currently serving as an Offensive Security Engineer at PayPal. Blake orchestrates and executes engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Blake demonstrates his ability to identify common vulnerability patterns through continual participation in CTFs and has a passion for continuing education. Additionally, he has refined his skills through constant security research, further enhancing his expertise in cybersecurity.

  • Breaking the Illusion: Bypassing Endpoint Security Controls with Simple Tactics
The speaker’s profile picture
Blake Scott

Blake Scott is the Public Health Emergency Preparedness Senior Planner for a local government. Working for 7 years in disaster related work for a rural community he experienced more than 14 local disaster declarations during his career. He's incredibly passionate about serving the public and improving scientific and operational disaster response and recovery from a sensible place. He serves as a steering committee member for his healthcare coalition and the Healthcare and Public Health Sector Coordinating Council Cyber Working Group as a public health member. He likes hiking, mountain biking, camping, and silly gadgets which have questionable usefulness.

  • Cyber Incident Command System (CICS) A people orchestration layer
The speaker’s profile picture
Brad "Sno0ose" Ammerman

Brad Ammerman, a leading figure in security testing, currently serves as the Senior Director at Prescient Security. His background includes influential roles at companies like Foresite, Optiv Security, Lockheed Martin, DIA, DoD, and Supreme Court of Nevada, where he developed his expertise in offensive security and team management. A skilled hacker himself, Brad is also a recognized speaker, educator, mentor, and disabled veteran, dedicated to teaching and protecting others. He takes great pride in his roles as a devoted husband and father.

  • (04) Real Life Needs an ESP Overlay — So we Made One!
The speaker’s profile picture
Brennan Lodge

Brennan Lodge is the Director of Information Security at the Manhattan Institute and founder of BLodgic Inc., a cybersecurity firm pioneering Retrieval-Augmented Generation (RAG) systems for governance and threat detection. Brennan’s work in AI-driven cyber defense has been featured at Black Hat 2024, KernelCon, AI Summit NY, and Compliance Week 2024. A former data scientist at Goldman Sachs and R&D AI for Cyber Security lead at HSBC, Brennan now teaches AI and cybersecurity at NYU and advises on AI policy, deepfake detection, and regulatory compliance automation.

  • RAG Against the Machine: Using Retrieval-Augmented Generation and MCP to Fortify Cybersecurity Defenses
The speaker’s profile picture
Brent Harrell

Brent took the scenic route to offensive security, beginning in counterintelligence before moving to cyber threat intelligence, security engineering, and finally Red Team - his ultimate goal. He has primarily focused on traditional Red Team engagements against enterprise environments with past roles leading engagements for MITRE Engenuity's ATT&CK Evaluations program and building a Red Team for a Fortune 40 company. He is now is a Principal Consultant at CrowdStrike, and while he still pokes holes in Active Directory environments he is one of the initial members of CrowdStrikes's Professional Services AI Red Team. So now he pokes holes in both technologies wherever possible.

  • Don't be LLaMe - The basics of attacking LLMs in your Red Team exercises
The speaker’s profile picture
Brenton Morris

Brenton leads Incident Response engagements on a daily basis. From cloud sophisticated attackers to ransomware events. Brenton has a unique set of combined security research and DevOps experience allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.

  • (10) From Drone Strike to File Recovery, outsmarting a nation state
The speaker’s profile picture
Brian Baskin

Brian Baskin is a Threat Researcher with a specialty in incident response, threat intel, and malware analysis. Baskin was previously an intrusions analyst for the US Defense Cyber Crime Center and a threat research lead at Carbon Black's Threat Analysis Unit (TAU). He has studied and presented research on cyber threats for over 20 years. He has authored multiple security books and develops open source tools for more efficient IR and malware analysis.

  • Keeping Our History Alive: The Hacker’s Guide to Sticker Preservation
The speaker’s profile picture
Brittney Argirakis

Brittney Argirakis is a cybersecurity professional specializing in digital forensics and incident response. Over the past 8+ years, Brittney has worked in consulting roles in large enterprise, government, healthcare, and non-profit, leading investigations and training sessions on DFIR topics.

  • Casting Light on Shadow Cloud Deployments
The speaker’s profile picture
Caleb

Caleb is a seasoned cybersecurity professional, boasting over 9 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and physical security assessments. Previously a consultant at Optiv where he obtained the OSCP, and currently serving as an Offensive Security Engineer at PayPal, Caleb orchestrates and executes red team engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Caleb demonstrates his ability to identify vulnerabilities and mitigate risks through active participation in bug bounty programs on platforms like HackerOne and PayPal, contributing as both a researcher and in supportive roles. Additionally, he has refined his skills through endpoint detection and response testing, further enhancing his expertise in cybersecurity. Caleb has presented the following talks:

• Blackhat USA 2024: Into the Inbox: Novel Email Spoofing Attak Patterns
• Optiv Team Summit 2018 - OSINT from the Ground Up
• Optiv Team Summit 2019 - Bypassing Windows Defender
• Optiv Team Summit 2020 - Data Security for Consulting
• PayPal ECS Conference 2021 - Anatomy of a Red Team Engagement

  • Breaking the Illusion: Bypassing Endpoint Security Controls with Simple Tactics
The speaker’s profile picture
candid wuest

Candid Wuest is an experienced cybersecurity expert with over 25 years of passion in the field of security. He currently works as a Principal Security Advocate for xorlab a messaging security startup in Switzerland. Previously, he was the VP of Cyber Protection Research at Acronis, where he led the creation of the security department and the development of their EDR product. Before that, he spent more than sixteen years building Symantec's global security response team as the tech lead, analyzing malware and threats – from NetSky to Stuxnet. Wuest has published a book and various whitepapers and has been featured as a security expert in top-tier media outlets. He is a frequent speaker at security-related conferences, including RSAC and BlackHat, and organizer of AREA41. He learned coding and the English language on a Commodore 64. He holds a Master of Computer Science from ETH Zurich and has various patents and useless certifications.

  • Agentic AI Malware: Why the Cybersecurity Battle Isn’t Over
The speaker’s profile picture
Chapin Bryce

Chapin Bryce is a cybersecurity consultant turned software developer. His current focus is on cloud security and threat data, through building tools to support investigations and strengthen organizational security. Chapin is an author of two books on using Python in digital forensics.

  • Casting Light on Shadow Cloud Deployments
The speaker’s profile picture
Chitra Dharmarajan

Chitra Dharmarajan, CISSP, CCSP, NACD.DC is a dynamic cybersecurity executive with expertise in building high-performing global teams and driving enterprise-wide security transformations. She excels in risk management, governance, and strategic decision-making, with a proven track record in M&A, due and secure-by-design strategies. Specializing in Privacy Engineering, Product Security, and AI-driven solutions, she has extensive experience across Network, Cloud, Application, and Container Security. Chitra is passionate about empowering teams and fostering innovation to achieve impactful, scalable results.
In addition to her executive roles, Chitra is a dedicated startup advisor, guiding emerging companies in navigating the complexities of cybersecurity. Her contributions to the field have been recognized through numerous awards and accomplishments, highlighting her leadership and impact in the cybersecurity domain.
A graduate of the Executive Program for CISO at Carnegie Mellon University, she is poised to leverage her industry expertise, strategic vision, and governance experience to shape the future of cybersecurity and drive lasting organizational impact. Chitra has successfully completed National Association of Corporate Directors (NACD) - Directorship Certification demonstrating her commitment to governance leadership, personal development, as well as her commitment to leading oversight of organizations today and in the future.

  • Avoiding Credential Chaos: Authenticating With No Secrets
The speaker’s profile picture
Chloe Potsklan

Chloe Potsklan is a senior cyber security researcher working on the Threat Research team at Reach Security. Previously she had worked on the endpoint security platforms team and security architecture team mainly focusing on securing cloud environments at NBCUniversal. She started her career at Deloitte as a senior cyber risk consultant working in DevSecOps, application security, penetration testing, and vulnerability management. On the side, Chloe teaches intro to cyber security bootcamps through Savvy Coders and spends her free time playing water polo.

  • Vibe Check: The dark side of vibe coding
The speaker’s profile picture
Chris Merkel

Chris leads Northwestern Mutual’s Incident Response, Insider Risk and Detection Engineering functions. Beyond his current role, he has had a distinguished career in cybersecurity, leading global organizations and solving cutting-edge challenges in cloud security, appsec, product security, threat-informed defense strategies and automated assurance methodologies. Chris is passionate about professional development, organizing career villages, performing career counseling, mentoring and being actively involved in helping non-traditional students get their start in cybersecurity.

  • My friend Ben: solid employee, DPRK agent
The speaker’s profile picture
Christian Dameff

Dr. Christian (quaddi) Dameff is an ER doc. He is also an Associate Professor of Emergency Medicine, Biomedical Informatics, and Computer Science at the University of California San Diego. He co-directs the UCSD Center for Healthcare Cybersecurity. He is also a hacker, a former open capture the flag champion, and DEF CON/RSA/Black Hat/BSIDES Speaker.

  • Emergency & Urgent Care Remains in Critical Condition
The speaker’s profile picture
Chris Vines

Chris is the Grassroots Advocacy Organizer for EFF, working with members of the EFA. Chris previously served as a Campaign Manager & Strategist for various political and non-profit campaigns across the country. With over a decade of experience in organizing and having been a part of over 50 successful electoral & non-profit campaigns, Chris has been instrumental in building progressive bases in several states and is passionate about mobilizing people and getting them the tools needed to bring about progressive change

  • (09) Ask EFF
The speaker’s profile picture
Chris Ward

Chris is the CEO of Fire Mountain Labs, leading the company’s mission to advance safe and assured AI. Under his direction, Fire Mountain Labs delivers pioneering AI assurance solutions to enterprise and government clients, ensuring AI systems are deployed with security, integrity, and accountability.

With over a decade of experience in AI and AI Security, Chris has coauthored 23 publications in the field and brings deep technical and operational expertise. A veteran of Active Duty U.S. Navy service, Chris also brings deep expertise from Space and Naval Warfare (SPAWAR) Systems Center Pacific, the Naval Information Warfare Center (NIWC), the MITRE Corporation, and several successful AI startups. His background spans operational technology, national security, and cutting-edge AI innovation.

As a trusted voice in the AI ecosystem, Chris operates as an honest broker, bridging government, industry, academia, and small organizations. He advocates for AI adopters navigating a crowded and hype-driven landscape, championing pragmatic, secure, and trustworthy solutions.

Before founding Fire Mountain Labs, Chris held senior leadership roles in AI security research and red teaming, where he shaped industry standards in AI risk assessment, penetration testing, secure AI governance, and adversarial threat modeling.

  • Hazard Analysis of Military AI Systems Using STPA-Sec: A Systems-Theoretic Approach to Secure and Assured Autonomy
  • AI Governance in Action: Fundamentals & Tabletop Workshop
The speaker’s profile picture
Coby Abrams

Coby Abrams is a Cloud Security Researcher at Varonis, specializing in Azure and IaaS research, including in-depth overviews of various services. With experience in various types of security research, Coby has also led several cybersecurity courses.

  • Rusty pearls: Postgres RCE on cloud databases
The speaker’s profile picture
Cybelle Oliveira

Cybelle is a Cyber Threat Intelligence researcher and a Master’s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker — the first DEF CON village dedicated to the Portuguese and Spanish-speaking community.
Cybelle has spoken at some of the world’s leading security conferences, including DEF CON, BSides, H2HC, 8.8 Chile, Radical Networks, Mozilla Festival. among many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.

  • RAGnarok: Assisting Your Threat Hunting with Local LLM
The speaker’s profile picture
CyberGuy

This speaker believes in giving back to the cybersecurity community, probably because they've seen what happens when we don't during their time as a former fed and military veteran. With over 20 years spent navigating the digital battlefield, their insights into CTI and cybersecurity are battle-tested and forged in real-world scenarios. From the serious business of threat hunting to the lively (and occasionally chaotic) halls of security conferences, they've learned that shared knowledge is our strongest defense. They've likely volunteered at more security events than they've had regulation haircuts (which is saying something, considering they literally sport a mohawk). Their experiences are seasoned with the wisdom of countless late nights, passionate debates, and a healthy dose of non-conformity.

  • (08) Organizing Cyber: Why We Need More IT & Cybersecurity Unions
The speaker’s profile picture
Daemon Tamer

asdf

  • Keynote, Wednesday
The speaker’s profile picture
Daemon Tamer

I am only an egg.

  • Opening Remarks, Tuesday
  • Global BSides Organizers Un-Conference Meet-Up
  • Opening Remarks, Monday
  • Closing Ceremony
The speaker’s profile picture
Daniela Parker

Daniela Parker is a risk and resilience professional with 20+ years of experience in the financial services industry. As the founder of Parker Solutions, she helps organizations navigate uncertainty and build resilience. Daniela brings a unique blend of deep risk management expertise and operational know-how, gained from leadership roles (including CRO and COO) at multiple credit unions.
She holds a Master's in Business Continuity, Risk, and Security from Boston University and is a Certified Business Continuity Professional (DRI). Daniela is passionate about helping organizations identify vulnerabilities, strengthen their response capabilities, and create a culture of preparedness.

  • From Zero Trust to Trusted Advisor: Selling Security to Stakeholders
The speaker’s profile picture
Danny Adamitis

Danny Adamitis is a Distinguished Engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Danny has tracked nation-state adversaries and cybercriminals using both open-source and proprietary datasets in various roles for several years. More recently he has focused on threats to ISPs, including campaigns in which actors targeted networking equipment, Linux servers, and DNS infrastructure. Prior to joining Lumen Technologies, Daniel worked at Cisco Talos. Danny has a bachelor’s degree in Diplomacy and International Relations from Seton Hall University.

  • Russian Nesting Dolls: when Turla got into the ISI who was into an Indian Embassy, and how we found them
The speaker’s profile picture
Darryl G. Baker

Darryl G. Baker, CISSP, CEH is a seasoned cybersecurity professional with extensive experience in securing enterprise environments and conducting in-depth security assessments. With a strong background in both offensive and defensive security, Darryl specializes in identifying and mitigating risks within Active Directory and cloud-based infrastructures.
Over the course of his career, Darryl has led numerous security engagements across a variety of industries, helping organizations improve their security posture through technical assessments, red team operations, and strategic guidance. He holds certifications including the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), reflecting his broad expertise in information security.

                                                                                                                        Darryl is passionate about sharing knowledge and advancing the cybersecurity community. He regularly speaks at industry events, where he delivers practical insights on threat detection, identity security, and real-world attack techniques. His presentations are known for combining deep technical detail with actionable takeaways.
  • Active Directory Attacks and Defense 101
  • .e'X'es and 'O'auths (They Haunt Me): In-Depth Analysis of OAuth/OIDC Misconfigurations and Token Replay Attacks
The speaker’s profile picture
Dave Lewis

Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password. 

He is the founder of the security site Liquidmatrix Security Digest & podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference. 

Dave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory boards for the Black Hat Sector Security Conference in Canada, and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. 

For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.

  • Lessons from Black Swan Events and Building Anti-Fragile Cybersecurity Systems
The speaker’s profile picture
David Batz

Leveraging over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he brings a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS).
David has been with the Edison Electric Institute for over 15 years and more broadly, has been instrumental in the development and expansion of an industry-wide program called Cyber Mutual Assistance.
He is a member of InfraGard and serves on the SANS Institute Advisory Board. He has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems as well as security baseline and standards topics for prominent industry associations including NIST, the National Academies of Sciences, United States Energy Association and the World Economic Forum to name a few.

  • Neighborhood & Household Resilience- A Month Without External Assistance.
The speaker’s profile picture
David McDonald

David McDonald is a researcher and software engineer with 4 years of digital forensics R&D experience. His passion for this field began with his involvement in the University of New Orleans CTF team, as well as through his time as a Systems Programming teaching assistant. After over two years of digital forensics research and development on Cellebrite's computer forensics team, he joined Volexity's Volcano team, where he now works to develop next-generation memory analysis solutions.

He believes deeply in sharing knowledge and helping others discover their abilities and interests through their own journeys in cybersecurity, and strives to pay forward the benefits of the mentorship that has opened so many doors for him.

  • Detecting, Deobfuscating, and Preventing Obfuscated Script Execution with Tree-sitter
The speaker’s profile picture
David Melamed

Currently CTO and Co-Founder of Jit, the Continuous Security platform for Developers. David has a PhD in Bioinformatics and for the past 20 years has been a full-stack developer, CTO & technical evangelist, mostly in the cloud, and specifically in cloud security, working for leading organizations such as MyHeritage, CloudLock (acquired by Cisco) and leading the 'advanced development team' for the CTO of Cisco's cloud security (a $500M ARR BU).

  • New Protocol: Novel Threats--Exploring MCP’s Emerging Security Risks
The speaker’s profile picture
David Shipley

David Shipley is an award-winning entrepreneur who loves working at the intersection of the liberal arts and technology.

In 2016, David co-founded Beauceron Security with an innovative approach to cybersecurity awareness This approach empowers everyone within an organization to know more and care more about their crucial role in protecting against cyber-attacks. Beauceron Security now serves more than 1,200 clients across North America, Europe, and Africa, and over 1 million people have benefited from their work.

Before co-founding Beauceron Security, David was the security lead for the University of New Brunswick and developed its incident response, threat intelligence, and awareness practice.

He is a Certified Information Security Manager (CISM), a former journalist, and a Canadian Forces veteran. He was awarded the Queen's Diamond Jubilee Medal and King Charles III Coronation Medal for his service to Canada and his work in cybersecurity.

David regularly contributes to the Cybersecurity Today podcast and appears frequently in the media to help explain cybersecurity stories.

  • “PEBKAC Rebooted: A Hacker’s Guide to People‑Patching in 90 Days”
The speaker’s profile picture
Dean Ford

Over 25 years of experience in the Automation Systems industry in leadership and management positions; directed sales, operations, and administrative teams in start-up, turnaround, and high-growth environments. Extensive background in automation, information and integration initiatives, identifying critical areas within businesses, manufacturing and other areas for systems implementations. Strong, decisive, and trailblazing leader with excellent planning, analytical, organizational, and team building skills. Grow top line revenues through aligning value propositions and offerings to marketplace. Promoter of the Automation Profession through extensive volunteer work.

  • Defending Our Water - Defending Our Lives
The speaker’s profile picture
Dimitri Fousekis

Dimitri Fousekis / Rurapenthe - has been in the security industry for over 20 years, and is the CTO of Bitcrack Cyber Security. Having enjoyed many years of Passwords, and password-related talks, Dimitri has a passion for deception based cyber security, as well as OSINT and cybersecurity intelligence. He has spoken at many conferences including BSidesLV, BSidesZA, PasswordsCon Cambridge & Vegas, BSides Athens and others.

  • The Rise of Synthetic Passwords in Botnet & Attack Operations
  • Password Expiry is Dead: Real-World Metrics on What Rotation Actually Achieves
The speaker’s profile picture
Donald McFarlane

Donald McFarlane is a principal technical advisor in the Office of the CISO at Microsoft.

With over three decades of cybersecurity experience, Donald has served as a transformational financial services CISO securing a $1/2 trillion asset portfolio across 12,000 users in over 100 countries, and brings operational, risk management and audit expertise gained in the defense, financial and consulting sectors.

Donald is passionate about supporting and defending his communities, helping run Skytalks@BSidesLV and Policy@DEF CON and serving as a state legislator. He lives with his wife, son, and dog in a log cabin that he built himself on the side of a mountain in New Hampshire.

  • (01) Ask the Fed
The speaker’s profile picture
Dr. Mixael S. Laufer

Dr. Mixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.

  • (13) Advanced BioTerrorism Methods for the Discerning Practitioner
The speaker’s profile picture
Dustin Heywood

Dustin Heywood otherwise known as EvilMog® is a hacker, mostly retired member of "Team Hashcat", and Executive Managing Hacker / Senior Technical Staff Member at IBM X-Force. He has been cracking passwords since 2009, and is the developer of the ntlmv1-multi tool. In his spare time he collects life time entry badges to conferences.

  • Reversing F5 Service Password Encryption
The speaker’s profile picture
Dvir Lazar

I am an RL researcher at Alkonos, where I work on training models to find logic-based vulnerabilities that no other tool can detect in blackbox APIs.

  • The Hackbot Builder's Guide to IDOR Detection
The speaker’s profile picture
Dwayne McDaniel

Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to “help people figure stuff out.” He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and crochet.

  • What to Tell Your Developers About NHI Secrets Security and Governance
  • I'm A Machine, And You Should Trust Me: The Future Of Non-Human Identity
The speaker’s profile picture
Edward Farrell

Edward Farrell is a cybersecurity consultant, presenter, and mentor with over 16 years of industry experience. He is the CEO of Mercury Information Security Services and has delivered more than 1200 independent security assessments and incident response engagements. A frequent speaker at conferences, Edward is passionate about building up the next generation of security professionals and has mentored emerging talent through BSides and academia. He holds multiple industry certifications, serves on several advisory boards, and brings a down-to-earth, supportive approach to mentoring new speakers.

  • The Perfect BLEnd: Reverse engineering a bluetooth controlled blender for better smoothies
The speaker’s profile picture
Edward Landers (0xflagplz)

Humana - Senior Offensive Security Engineer

Edward is a red teamer and former offensive security consultant focused on adversary simulation, malware development, and social engineering. He works on bypassing security controls, evading detection, and testing the limits of modern defenses. When he’s not on an engagement, he’s refining techniques, building tools, and keeping up with the ever-changing security landscape.

  • (12) Bridge to Nowhere Good: When Azure Relay becomes a Red Teamer's highway
The speaker’s profile picture
Elizabeth R Rasnick

Dr. Elizabeth Rasnick is an Assistant Professor at the University of West Florida’s Center for Cybersecurity. As a first-generation college student and a woman in STEM, she is driven to recruit and retain underrepresented populations into the cybersecurity talent pipeline. Her goal for students is that they understand cybersecurity is ever-evolving and they need to continuously update their skills. Dr. Rasnick’s research includes investigating recruitment and retention of underrepresented populations in cybersecurity, cybersecurity education, cybersecurity for critical infrastructure, and cybersecurity issues in supply chains. She has presented research and run workshops at regional, national, and international conferences. Dr. Rasnick often speaks to community groups about cyber essentials. She is currently serving as the president for the Florida affiliate of Women in Cyber Security (WiCyS-FL). Dr. Rasnick holds a B.S. in Computer Science from Longwood University and an M.S. in Computer Science and an M.B.A. and a Ph.D. in Information Technology from Old Dominion University. She has taught computer science and mathematics in public high schools and worked in industry as a programmer and on an incident response team.

  • Desktop Applications: Yes, We Still Exist in the Era of AI!!!
The speaker’s profile picture
Emma M Stewart

Dr. Emma M. Stewart, is a respected power systems specialist with expertise in power
distribution, clean energy, modeling, and simulation, as well as operational cybersecurity. She
holds a Ph.D. in Electrical Engineering and an M.Eng. degree in Electrical and Mechanical
Engineering. Emma is Chief Scientist, Power Grid at INL currently and leads activities in supply
chain consequence analysis for digital assurance in particular for clean energy cybersecurity
related programs. Throughout her career, Dr. Stewart has made significant contributions to the
field of power systems, receiving patents for innovations in power distribution systems and
consequence analysis for cyber and physical events. Her responsibilities have also included
providing electric cooperatives with education, training, information sharing, incident support,
technology integration, and R&D services in clean energy integration, resilience and grid
planning and microgrid technologies.

  • Power Play: AI Dominance Depends on Energy Resilience
The speaker’s profile picture
Erich Kron
  • From Command Line to Center Stage: Hack Your Way to Confident Speaking
The speaker’s profile picture
Ezz Tahoun

Ezz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.

  • Root Cause and Attack Flows: Interpretable ML for Alert & Log Correlation
The speaker’s profile picture
Filipi Pires

I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura, Red Team Village Director, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

  • Machine Identity & Attack Path: The Danger of Misconfigurations
The speaker’s profile picture
Fred Heiding

Dr. Fred Heiding is a research fellow at the Harvard Kennedy School’s Belfer Center. His work focuses on computer security at the intersection of technical capabilities, business implications, and policy remediations. Fred is a member of the World Economic Forum's Cybercrime Center, a teaching fellow for the Generative AI course at Harvard Business School, and the National and International Security course at the Harvard Kennedy School. Fred has been invited to brief the US House and Senate staff in DC on the rising dangers of AI-powered cyberattacks, and he leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST). His work has been presented at leading conferences, including Black Hat, Defcon, and BSides, and leading academic journals like IEEE Access and professional journals like Harvard Business Review and Politico Cyber. He has assisted in the discovery of more than 45 critical computer vulnerabilities (CVEs). In early 2022, Fred got media attention for hacking the King of Sweden and the Swedish European Commissioner.

  • Automating Phishing Infrastructure Development Using AI Agents
  • A Framework for Evaluating the Security of AI Model Infrastructures
The speaker’s profile picture
Fredrik Sandström

Fredrik Sandström, M.Sc. is Head of Cyber Security at Basalt, based in Stockholm, Sweden. He has nearly a decade of experience in penetration testing, alongside a background in software development and embedded systems engineering. His early work includes software development for organizations such as the Swedish Defence Research Agency (FOI).

Since 2015, Fredrik has focused on delivering advanced security assessments—including penetration testing, red teaming, and threat emulation—for clients in diverse sectors such as banking, insurance, automotive, energy, communications, and IT services. He holds multiple industry-recognized certifications, including GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GCPN (GIAC Cloud Penetration Tester), GRTP (GIAC Red Team Professional), and HTB Certified Bug Bounty Hunter (CBBH).

Fredrik is also an active contributor to the security community. He has presented at major conferences such as SEC-T—Sweden’s leading offensive security conference—and DevCon in Bucharest, Romania, a key event for developers and IT professionals in Eastern Europe.

  • Take all my money – penetrating ATMs
The speaker’s profile picture
FUMIYA IMAI

Fumiya is a consultant at Secureworks. He leads the physical security domain within the Japanese team. He conducts physical penetration tests for companies in various industries and boasts a 100% success rate. He specialises in social engineering and has identified real threats using these methods.

  • Infiltrating Like a Ninja: Unveiling Detection Gaps in Physical Security Across Japan and the U.S
The speaker’s profile picture
Glen Sorensen

Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.

Glen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.

  • Dungeons & Dragons: The security tool you didn’t know you needed
  • Cybersecurity Roleplaying Training: Design & Implement Engaging Incident Response Exercises
  • From Zero Trust to Trusted Advisor: Selling Security to Stakeholders
The speaker’s profile picture
Grace Menna

Grace Menna is a Public Interest Cybersecurity Fellow at the UC Berkeley Center for Long-Term Cybersecurity (CLTC). In this role, she leads public interest cybersecurity research and oversees the coordination of CLTC and the CyberPeace Institute's newest initiative, the Cyber Resilience Corps, mobilizing cyber volunteering efforts across the US to defend community organizations, including nonprofits, municipalities, rural hospitals and water districts, K-12 schools, and small businesses from cyber threats.

She is an active member of the security research community and helps organize the policy track of DC-based hacker conference, DistrictCon. Previously, Grace supported global cyber capacity-building initiatives at the Atlantic Council's Cyber Statecraft Initiative and, as a consultant, advised U.S. tech companies across policy, intelligence, trust & safety, and other security areas.

  • Nonprofit (In)security: Creative Protections for Service Organizations
The speaker’s profile picture
Guy Barnhart-Magen

With nearly 35 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.

As the Co-Founder and CTO of the Incident Response company Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach.

Most recently, he led Intel’s Predictive Threat Analysis group, which focused on securing machine learning systems and trusted execution environments. At Intel, he defined the global AI security strategy and roadmap. In addition, he spoke at dozens of events on the research he and the group have done on Security for AI systems and published several white papers on the subject.

Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages, to name a few), and the recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cybersecurity advocate rank.

  • (10) From Drone Strike to File Recovery, outsmarting a nation state
The speaker’s profile picture
Gwyndolyn

Gwyndolyn is a former performer and practicing kink educator of over a decade who finds fulfillment in a wide variety of skills. They have taught classes on a variety of kink and mundane topics, including rope safety for models and lighting for fetish photography. They’re also an avid technologist focusing on risk and process management, and firmly believe that tech has a lot to learn from sex work about systemic risk.

  • (07) Sex Work Is Tech Work: What Technologists Should Know From the Sex Industry
The speaker’s profile picture
Haily Beem

Haily Beem is an experienced analyst specializing in incident response, digital forensics, and cyber threat intelligence. Her research explores how global conflicts influence cyber operations and risk exposure. She is passionate about empowering and mentoring early-career professionals interested in cybersecurity.

  • Thinking Outside the SOC: Structured Analytics for the Overloaded Cyber Analyst
The speaker’s profile picture
HD Moore

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.

HD serves as the CEO and co-founder of runZero, a provider of cutting-edge exposure management software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON.

HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. When he’s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.

  • Turbo Tactical Exploitation: 22 Tips for Tricky Targets
  • SIGMA, one rule to find them all
The speaker’s profile picture
Heather Morris

Heather Morris is the Director of Talent Acquisition at Redhorse Corporation, where she spearheads strategic initiatives to attract, recruit, and retain top talent across the organization.
With more than a decade of experience in recruitment, Heather is a seasoned professional known for aligning recruitment strategies with business objectives. She excels in developing innovative talent acquisition processes, optimizing applicant tracking systems and reporting, and fostering a culture of diversity and inclusion. Heather’s leadership in building high-performing teams plays a crucial role in supporting the company’s ongoing growth and success. Her commitment to excellence ensures that the organization consistently attracts the industry’s brightest talent, keeping it at the forefront of its field.
Prior to joining Redhorse, Heather served as the Recruiting Manager of the National Security portfolio at Accenture Federal Services and Novetta. While in that role Heather led improvements to the overall recruitment process, managed the recruitment team, and collaborated with department heads to meet staffing needs efficiently

  • Hack Your Network: Career Connections for Cyber Pros
  • The World Famous Hire Ground Panel, Tuesday Edition
The speaker’s profile picture
Hiroki MATSUKUMA

Hiroki MATSUKUMA (@hhc0null) is a middle manager at Cyber Defense Institute, Inc. in Japan, where he leads reverse engineering section. His main areas of interests involve vulnerability research and exploit development. 'House of Einherjar', a GLibc heap exploitation technique used in CTFs, is one of his works.

  • Unawakened Wakeup: A Novel PHP Object Injection Technique to Bypass __wakeup()
The speaker’s profile picture
Ira Victor
  • (03) The Remote Grift: Cunning Meets Naivete, and the Victims Become the Criminals
The speaker’s profile picture
Jake Bernardes

Experienced cybersecurity leader and CISO with a global career spanning consulting, advisory, and executive roles. I've helped startups scale and enterprises mature their security programs from zero to hero in compliance, incident response, and beyond.

  • Root To CISO or not?
The speaker’s profile picture
Jake Lorz

As Vice President of IT and Chief Information Security Officer (CISO) for Cintas, Jake Lorz spearheads cybersecurity, infrastructure, and employee support services. Leveraging his deep understanding of both business and technology, Jake cultivates a proactive security posture focused on data protection, threat intelligence, and incident response.

Drawing upon over two decades of experience spanning aerospace, defense, manufacturing, and software development, Jake brings significant knowledge to his role. He is a widely respected thought leader in cybersecurity and IT, actively driving industry advancement through his involvement in numerous professional organizations. He co-chairs the Cincinnati Cybersecurity Collaboration Forum’s Leadership Board and serves on the Cincinnati ISSA Advisory Board. Nationally, Jake contributes to cybersecurity strategy as a Board Development Committee Member for the NTSC and offers his expertise to CDO Magazine’s Global Security Board and Verizon’s Cybersecurity Customer Advisory Board.

Jake holds bachelor's and master's degrees in Management Information Systems, Business Administration, and Information Technology (specializing in Data Driven Cybersecurity). His commitment to the field is further demonstrated by his CISSP, CISM, and CRISC certifications.

  • Craps, Clout, and Career Chaos: The Game They Forgot to Explain
The speaker’s profile picture
James Hawk

James Hawk (He/Him) is a Principal Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to numerous assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 15 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything Sci-Fi.

  • Wi-Fi-So-Serious
The speaker’s profile picture
James McQuiggan

James McQuiggan has over 20 years of experience in cybersecurity and is currently Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked at Siemens in the Energy and Wind Divisions. Over the years he has held various cybersecurity roles, including consulting on cybersecurity standards, information security awareness, incident response and securing industrial control system networks.
McQuiggan is a part-time faculty professor at Full Sail University, teaching Cyber Threat Intelligence. He also volunteers with ISC2, including member of the North American Region Advisory Council and past president of the ISC2 Central Florida Chapter.

  • From Command Line to Center Stage: Hack Your Way to Confident Speaking
The speaker’s profile picture
Jason Ford

Jason is a Principal Research Engineer at Proofpoint. He is interested in building security tools and has experience writing Java, PowerShell, and Python. Jason has been working in a variety of roles in InfoSec for over 20 years, and has recently found his calling doing research on topics related to security and machine learning. When he's not tinkering with stuff in his home lab, you'll find him listening to EDM and enjoying the outdoors camping, running, hiking, and skiing.

LinkedIn: https://www.linkedin.com/in/jasonsford/
ResearchGate: https://www.researchgate.net/profile/Jason-Ford-6
My GitHub: https://github.com/jasonsford

  • Advancing Network Threat Detection Through Standardized Feature Extraction and Dynamic Ensemble Learning
The speaker’s profile picture
Javan Rasokat

Javan works as Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games creating bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, DEFCON, and HITB.

  • XSS is dead - Browser Security Features that Eliminate Bug Classes
  • Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense
The speaker’s profile picture
Jayati Dev

Jayati Dev is a Public Policy Researcher in the Comcast Cybersecurity research team, helping develop policy and processes for cybersecurity issues in emerging technologies. She holds a PhD in Security Informatics from Indiana University Bloomington where she worked on privacy-preserving technologies in conversational platforms. She has several publications in cybersecurity and is a board member for Society for Cable Telecommunications Engineers New England.

  • Workshop on Cybersecurity Policy in Practice
The speaker’s profile picture
jeff deifik

Jeff Deifik has a MS in Cybersecurity and a CISSP and C|CISO credentials. His
interest in the intersection of cybersecurity and software development began
with white hat password cracking over 30 years ago. Career projects included
ten years at the first e-commerce system (from 1985-1995), the first orbiting
radio telescope satellite, the worlds most advanced pulse oxineter, and most
recently cybersecurity for government satellite ground control, balancing
sound cybersecurity with cost and schedule. He is currently employed at The
Aerospace Corp.

  • Cracking 936 Million Passwords
The speaker’s profile picture
Jerry Gamblin

Jerry Gamblin is a Principal Engineer in the Threat Detection & Response business group at Cisco Security, where he leads research and data science initiatives to enhance Cisco Security products. He is actively involved in the CVE community, participating in various working groups and serving as a member of the EPPS SIG. He regularly speaks on vulnerabilities and vulnerability management at international conferences and manages a CVE data collection site at CVE.ICU.

  • The Art of Concealment: CVE's Challenge with Transparency
The speaker’s profile picture
Jimmy Shah

Jimmy Shah specializes in analysis of mobile/embedded threats on existing platforms, threat modeling and threat intelligence. He has been involved with mobile threat research for over a decade. Shah brings a wide breadth of experience in security research on a variety of mobile and embedded/IoT platforms. If it's lighter than a car, has a microprocessor, and is likely to be a target it's probably his problem.

  • Detect and Respond? Cool Story — or Just Don’t Let the Bad Stuff Start.
The speaker’s profile picture
Joel Max

Joel Max leads the Product Security Incident Response Team (PSIRT) at Rockwell Automation.

  • (01) Ask the Fed
The speaker’s profile picture
Joe Slowik

Joe Slowik has over 15 years of experience across multiple domains in information security. Starting with the US Navy where he performed multiple offensive and defensive roles, Joe has continued his threat-informed and threat-centric career in cyber across multiple public and private organizations. Joe currently conducts in-depth research into critical infrastructure cyber threats and their potential impacts while engaging in extensive teaching through his company Paralus LLC.

  • Ransomware As Canary For Societal Disruption
The speaker’s profile picture
John-André Bjørkhaug

John-André Bjørkhaug has worked as a penetration tester for over 16 years. He has a degree in electrical engineering but prefer to break things instead of building things. This led him to become a hacker/penetration tester. John's main focus is penetration testing of internal infrastructure and physical security system together with social engineering and full scale Red Team tests. John picked his first lock when he was 10, and still loving it!

  • Taking down the power grid!
The speaker’s profile picture
John Stoner

John Stoner is a US Army veteran and highly accomplished cybersecurity leader, threat analyst and consultant, bringing over 25 years of experience with 15+ focused in cybersecurity. He is CISSP and PMP certified, with deep competency across the US Intelligence Community (USIC), SLED and commercial verticals. His strengths include Cyber Threat Intelligence (CTI), program management, cross-functional cybersecurity consulting, course development and instruction. He gives back to the cybersecurity community volunteering with The Diana Initiative and BSides events. John is also a volunteer DEFCON G00N. He is the Vice Chair of VetSec.

  • Interview Like a Legend: No Slides, Just Vibes
The speaker’s profile picture
Jonathan Fischer

Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than eight years at Fortune 500 companies. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GXPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as ShmooCon, Black Hat Arsenal, DEF CON Demo Labs, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.

  • Take all my money – penetrating ATMs
The speaker’s profile picture
Josh Corman

Joshua Corman is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.

  • Setting the Table - WarGames 2027 & Maslow's Hierarchy of Needs as Hybrid Warfare Nears
  • Time is Running Out - Tying it All Together - What Will You Do in the Near Term?
The speaker’s profile picture
Josh Harguess

Dr. Josh Harguess is the Chief Technology Officer of Fire Mountain Labs, where he drives the company’s technical vision and leads advancements in AI security and assurance. Prior to joining Fire Mountain Labs, Josh was the first Chief of AI Security at Cranium AI, a global leader in AI Security products, where he led AI and AI strategy, and the R&D, Engineering, and AI Security departments. Previous to Cranium, Josh was a Senior Principal AI Scientist and department manager at MITRE, shaping national AI security strategies and developing cutting-edge adversarial machine learning defenses. His research has focused on ensuring the reliability, safety, and resilience of AI systems deployed in mission-critical environments. Josh has authored numerous publications on AI risk, trust, and adversarial robustness, contributing to industry frameworks such as MITRE ATLAS and NIST AI RMF. Throughout his career, he has led high-impact AI security programs funded by the Department of Defense, Department of Homeland Security, and major private sector stakeholders. With a strong foundation in AI risk assessment and safe AI deployment, Josh ensures Fire Mountain Labs remains at the forefront of AI security innovation, delivering solutions that enable organizations to deploy AI with confidence.

  • Hazard Analysis of Military AI Systems Using STPA-Sec: A Systems-Theoretic Approach to Secure and Assured Autonomy
  • AI Governance in Action: Fundamentals & Tabletop Workshop
The speaker’s profile picture
Josh Huff

Senior Red Team Operator @Fortune 50 Company
Josh

Josh is an offensive security professional with more than 10 years in Information Security. He has an Associate's Degree in Computer Forensics and Security, as well as several certifications. He began his professional career in IT as a contractor for the US Army Corps of Engineers before moving to his current company where he has held roles both on the defensive and offensive sides of security.

When not in the office Josh satisfies his curiosity exploring Red Team Infrastructure and Open Source Intelligence. He is a husband, father of two, and enjoys playing multiple instruments. Want an OSINT challenge - see if you can find his account for live streaming music.

Currently Josh is Senior Red Team Operator at a fortune 50 insurance company.

  • (12) Bridge to Nowhere Good: When Azure Relay becomes a Red Teamer's highway
The speaker’s profile picture
juanma

Juanma is a security researcher and developer focused on threat intel tooling and dark web data analysis. He builds open-source tools that turn leaked chaos into structured awareness, with a strong focus on privacy, legality, and responsible disclosure. His current project, Have I Been Ransomed?, is part of a broader mission to make ransomware leak awareness accessible and useful—without exposing the data that bad actors already dumped.

  • (06) Indexing the Chaos: Extracting PII from Ransomware Leaks
  • Indexing the Chaos: Extract PII from Ransomware Leaks
The speaker’s profile picture
Junki Yuasa

Junki Yuasa (@melonattacker) is a security engineer at Cybozu, Inc., specializing in vulnerability assessment and threat analysis. In recent years, he has focused on AI security, developing security tools and conducting bug hunting for LLM applications. He is also a member of the SECCON Beginners organizing team.

  • Prompt Hardener - Automatically Evaluating and Securing LLM System Prompts
The speaker’s profile picture
Jun Miura

Jun Miura is a security researcher with Fujitsu Defense & National Security LTD (FDNS). After working as a security engineer at a financial company in Japan, he had experienced vulnerability assessment, penetration testing, and red teaming at Secureworks since 2022. From November 2023, he joined the current department at FDNS, and he is mainly focused on Offensive Security, especially Active Directory / Entra ID attacks and EDR / Anti Virus Bypass techniques. In addition, he has been involved in Threat Hunting research from an attacker's perspective using his knowledge and experience as a red teamer.
Currently, he is also focused on local LLM, especially its usage in cyber security and the attack against it. He is also a Ph.D student at Okayama University in Japan.

  • RAGnarok: Assisting Your Threat Hunting with Local LLM
The speaker’s profile picture
Justin Varner

Justin Varner is a seasoned and passionate security professional with 19 years of experience dating back to his work with NASA on the ISS in 2006 to his current physical security shenanigans and work on quantum cryptology

His last talk called “Honeypot Boo Boo” debuted at RVASec 2022 and has since then been presented at 11 international security conferences including HackerHalted 2024 and BSides Munich 2023.

Justin’s latest talk “Oh Hotel No!” debuted at BSides Prague 2025 and is the story of a hooligan and his fascination with exploiting physical and digital vulnerabilities in hotels for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.

  • (05) Oh Hotel No!: How A Hopeless Hooligan Helped A Homie From Homeless To Homeowner In 9 Months
The speaker’s profile picture
Kalani Helekunihi

The partially blind Hawaiian priest. Builds accessibility tools for self reliance.

  • Hands on DuckyScript: Introduction to HID Attacks with O.MG Devices
The speaker’s profile picture
Kasimir Schulz

Kasimir Schulz, Director of Security Research at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in Forbes, BleepingComputer, and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.

  • LLM Mayhem: Hands-On Red Teaming for LLM Applications
The speaker’s profile picture
Kat Traxler

Kat Traxler is the Principal Security Researcher at Vectra AI, focusing on abuse techniques and vulnerabilities in the public cloud. Before her current role, she worked at various stages in the SDLC, performing web application penetration testing and security architecture.

Kat’s research philosophy directs her work to where design flaws and misconfigurations are most probable. This guiding principle leads her research to the intersection of technologies, particularly the convergence of cloud security and application security, and where the OS layer interfaces with higher-level abstractions.
Kat has presented at conferences worldwide on topics such as privilege escalation in GCP and bug-hunting in the cloud. She can be found on the internet as @nightmareJS.

  • The Not So Boring Threat Model of CSP-Managed NHI’s
The speaker’s profile picture
Keya Arestad

Keya Arestad works as a security architect and has been doing various types of defending (and hacking) of endpoints and networks for over 10 years. She likes to balance time between computer screens and being outside.

  • The Unbearable Weight of Commercial Licensing. Combining Closed Systems with Open Source Defense
The speaker’s profile picture
Kirsten Renner
  • The World Famous Hire Ground Panel, Tuesday Edition
The speaker’s profile picture
Kirsten Renner
  • Hire Ground Resume Reviews, Tuesday Evening
  • Hire Ground Resume Reviews, Monday Evening
  • Hire Ground Resume Reviews, Wednesday Morning
The speaker’s profile picture
Klaus Agnoletti

Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides København in 2019.

Currently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games and other fun assignments and ideas coming his way.

Lately he has also become a neurodiversity advocate speaking about ADHD to educate and break down taboos in an industry with a vast overrepresentation of neurodiversity and not very many talking about it.

  • Dungeons & Dragons: The security tool you didn’t know you needed
  • Cybersecurity Roleplaying Training: Design & Implement Engaging Incident Response Exercises
The speaker’s profile picture
Kris Rides

Kris Rides is the CEO and Founder of Tiro Security - a Cybersecurity professional services and staffing firm. He is one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, the previous President, and an honorary board member. He chairs the industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpline, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).

Kris is committed to using his expertise to make a difference in the cybersecurity Industry.

  • Root To CISO or not?
  • The World Famous Hire Ground Panel, Tuesday Edition
The speaker’s profile picture
Krity Kharbanda

Empty Bio

  • Prompt Hardener - Automatically Evaluating and Securing LLM System Prompts
The speaker’s profile picture
Larry Trowell

Goes by PATCH

Larry is a Director at NetSPI responsible for leading and executing IOT/Embedded Penetration Testing and researching new security techniques to ensure the safety of embedded systems. Larry has a master's degree in mathematics with emphases on Computer Science and Artificial Intelligence from Georgia Southern University. He has worked with several Fortune 250 companies both as an embedded systems engineer and security expert focused on medical devices. He has aided in the design and security of multiple devices in the Automotive, Financial, Medical, Wireless, and Multimedia spectrums, has been published in medical journals, and has spoken at conferences all over the globe. Larry has extensive knowledge of the design of various bare metal and low-level embedded devices.

  • Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling
The speaker’s profile picture
Lenin Alevski

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.

  • I Didn’t Register for This: What’s Really in Google’s Artifact Registry?
The speaker’s profile picture
Leo Pate

Leo Pate III is an accomplished security leader and military veteran with over 13 years of experience in proactive security, cybersecurity operations, and technical leadership. Currently serving as Regional Consulting Lead at NetSPI, Leo oversees the Central Region Consulting team, driving operational excellence and fostering a culture of growth and innovation. His leadership spans talent management, team development, and process optimization, ensuring exceptional service delivery for clients across various industries. Leo’s strategic initiatives have consistently improved consultant utilization, organizational efficiency, and revenue performance, solidifying his reputation for delivering results in dynamic, client-focused environments.

Prior to his current role, Leo served as a Senior Managing Consultant and held key leadership positions within the United States Army. His military background includes leading cyber operations teams, developing capabilities for mission-critical objectives, and contributing to national security efforts. A trusted advisor and problem solver, Leo combines technical expertise, operational acumen, and a commitment to excellence to address complex challenges and drive organizational success.

  • Beyond the Command Line: Transitioning from Individual Contributor to Leader
The speaker’s profile picture
lidia.giuliano@gmail.com

crazy lady!

  • Community Defense in Depth: Teaching digital security and privacy practices for the public good
The speaker’s profile picture
Logan Arkema

Logan is a Sr. Cybersecurity Specialist at a government agency and the Union Rep for its IT & Cybersecurity Team, but is speaking in a purely personal and union capacity. Professionally, he has worked across technical topics, including incident response, privacy, and cloud engineering. He has been a union rep for five years; serves on his union's bargaining, dispute resolution, and legislative committees; provides informal tech policy advice to the International Federation of Professional and Technical Engineers; and is a member of the Tech Workers Coalition and the Federal Unionist Network. He has a Master's Degree in Tech Law and Policy, but is not a lawyer and certainly not your lawyer.

In his spare time, he built and sells a """badge""" of a live LED display of the DC Metro System and developed ResidueFree, a privacy-enhancing tool for personal computers, as part of an academic paper and presented as a DEF CON 30 demo lab. He has volunteered with BSides NoVA, the DEF CON Policy Village, and Hackers on the Hill. Outside of tech and labor, he can be found doing Typical Nerd Things (playing D&D).

  • UNION SELECT * FROM hackers: Why We Should Be Building InfoSec Worker Power Through the Labor Movement
The speaker’s profile picture
Lucas Carmo

Lucas Carmo is a seasoned offensive security researcher and co-founder of Hakai Security, a Brazilian consultancy focused on red teaming, vulnerability research, and exploit development. With over eight years of experience in cybersecurity, Lucas holds respected certifications including OSWE (Offensive Security Web Expert), Offensive Security Wireless Professional (OSWP), and GMOB (GIAC Mobile Device Security Analyst). He has discovered multiple CVEs in widely used platforms such as Trend Micro Mobile Security, Nagios, PRTG, 3CX, and Centreon.

Lucas leads Delta7, Hakai’s advanced research division, where he guides a team of specialists in dissecting complex security flaws across web and Android environments. He has contributed to open-source projects like the ReconFTW web interface and frequently shares insights through blog posts, technical write-ups, and conference presentations.

Beyond the code, Lucas is passionate about tattoos and art. He sees hacking as a creative discipline that requires abstract thinking, intuition, and an artistic mindset. To him, connecting pieces of a system to uncover a vulnerability is like crafting a powerful visual composition: messy in the process, but beautiful in its outcome.

  • Who Scans the Scanner? Exploiting Trend Micro Mobile Security
The speaker’s profile picture
Mackenzie Jackson

Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like Dark Reading, Financial Times, and Security Boulevard and was featured as an expert in the documentary “Logins aus dem Darknet” (EN: Logins from the Darknet).

  • From Code to Cloud: Securing Your Stack with Open-Source Tools
  • Inside the Open-Source Kill Chain: How LLMs Helped Catch Lazarus and Stop a Crypto Backdoor
The speaker’s profile picture
Madison Rocha

Madison Rocha is a Sr. Cybersecurity Consultant with a background in developing robust security frameworks and implementing cutting-edge protective measures. With a strategic approach to IT governance with hands-on technical acumen as a Sr. Consultant, she brings a blend of theoretical knowledge and practical expertise to the forefront of cybersecurity challenges. Her technical prowess extends to evaluating and securing environments, working with critical infrastructure, participating in red, blue, and purple teams, facilitating TableTop (TTX) exercises, and creating robust Identity Access Management (IAM) solutions. As she continues to contribute to the field of cybersecurity, she remains committed to expanding her knowledge and skill set, ensuring that she is at the cutting edge of cybersecurity defenses and strategies.

  • Beyond the Breach: Why Your Tabletop Exercise Should be Your Worst Nightmare
The speaker’s profile picture
Makoto SUGITA

A former penetration tester turned independent security researcher, I specialize in developing unconventional security tools and offensive/defensive techniques. My work often centers on tactical deception and delay strategies in cyber operations, which I regularly present at cybersecurity conferences across Japan.

Off the clock, I have an incurable vulnerability to good drinks—an "alcohol injection" bug that's still wide open.

  • Azazel System: Tactical Delaying Action via the Cyber-Scapegoat Gateway
The speaker’s profile picture
Manish Gupta
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, PM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, AM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, AM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, PM
The speaker’s profile picture
Mark Hahn
  • Building your own CA infrastructure on cheap HSMs
The speaker’s profile picture
Mark Hoopes

Mark Hoopes has been an Application Pentester for more than 10 years and has worked in enterprise IT for more than 20. He has presented at multiple conferences as a speaker and instructor. He was sucked into the security industry by a CTF and continues to be a strong proponent of hands-on training. He is currently a chapter leader of OWASP Boulder and the managing principal at a consultancy that specializes in... pentesting and training.

  • We Fight for the User's... Session
The speaker’s profile picture
Marluan Cleary (Izzny)

Marluan Cleary is a Penetration Tester and cybersecurity student passionate about breaking, building, and securing systems. She researches and documents real-world vulnerabilities through technical blogs at Hexxed BitHeadz, offering hands-on insights into tools, techniques, and emerging threats. Focused on cryptography, exploit development, and offensive security,

  • The HMAC Trap: Security or Illusion?
The speaker’s profile picture
MasterChen

Master Chen.

  • Shorts Begone: Modding YouTube on iOS (without jailbreaking)
The speaker’s profile picture
Mat Saulnier

With a passion for Offensive Security, he automates OffSec Tools to improve the security posture of organizations around the world. Building on his strong technical background he now focuses on Threat Research, Threat Hunting, Detection Engineering and Incident Response.

Mat (better known as Scoubi in this community) is a recognized security professional and Core Mentor for Defcon’s Blue Team Village that has over 2 decades of experience in security. He shared his passion for IT Security and captivated audiences at Derbycon, SANS Summits and RSAC, amongst others.

  • Password ~Audit~ Cracking in AD: The Fun Part of Compliance
  • Unawakened Wakeup: A Novel PHP Object Injection Technique to Bypass __wakeup()
The speaker’s profile picture
Matt

Former Air Force officer, counterterrorism practitioner, Pentagon policy wonk, and threat hunting nerd.

  • (01) Ask the Fed
The speaker’s profile picture
Matt Cheung

Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.

  • Introduction to Cryptographic Attacks
The speaker’s profile picture
Matthew Brown

Matt Brown is a solutions architect at Sysdig, with a background spanning AppSec, IAM, and cloud runtime security. He’s currently focused on securing Kubernetes environments using open source tools that favor prevention over post-incident analysis. A lover of all things open source — from dev to cloud — he’s passionate about making security approachable and effective, especially for teams without enterprise budgets or armies of engineers.

  • Detect and Respond? Cool Story — or Just Don’t Let the Bad Stuff Start.
The speaker’s profile picture
Matthew Canham

Dr. Matthew Canham is the Executive Director of the Cognitive Security Institute and a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting research in cognitive security and human-technology integration. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on the cognitive factors in synthetic media social engineering and online influence campaigns. He was previously a research professor with the University of Central Florida, School of Modeling, Simulation, and Training’s Behavioral Cybersecurity program. His work has been funded by NIST (National Institute of Standards and Technology), DARPA (Defense Advanced Research Projects Agency), and the US Army Research Institute. He has provided cognitive security awareness training to the NASA Kennedy Space Center, DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the Voting and Misinformation Villages at DefCon, and the Black Hat USA security conference. He holds a PhD in Cognition, Perception, and Cognitive Neuroscience from the University of California, Santa Barbara, and SANS certifications in mobile device analysis (GMOB), security auditing of wireless networks (GAWN), digital forensic examination (GCFE), and GIAC Security Essentials (GSEC).

  • Human Attack Surfaces in Agentic Web: How I Learned to Stop Worrying and Love the AI Apocalypse
The speaker’s profile picture
Matt Torbin

Matt Torbin has been a driving force in secure software development for over 20 years, influencing all aspects of the software development lifecycle. He began his career as a full-stack engineer with a focus on UI/UX, creating user experiences for renowned brands including the Philadelphia Inquirer, Anthropologie, and VEVO, engaging millions of users.

In the last several years, Matt has shifted his focus to information security. In his current role as the Manager of Application Security at Quanata, he collaborates closely with product and engineering teams to advance product security best practices and deliver comprehensive security training. His industry contributions span public speaking, authorship, and community involvement. He has presented at conferences such as DEF CON and Day of Shecurity (DoS), authored privacy articles for 2600 Magazine: The Hacker Quarterly, and held key volunteer roles in initiatives including the Packet Hacking Village, Day of Shecurity, and BSidesSF. Among his achievements, he co-founded the DoS conference, realizing his vision for a more inclusive event.

Outside of work, Matt mentors emerging professionals in the DoS community. A passionate skateboarder and longboarder, he often spends time with his son at skate parks throughout the San Francisco Bay Area.

  • Your Interview Game is Weak: Gamifying Technical Interviews through Role-Playing
The speaker’s profile picture
Mauro Eldritch

Mauro Eldritch is an Argentine hacker, founder of BCA LTD and DC5411 (Argentina/Uruguay). He has spoken at various events, including DEF CON (12 times). He is passionate about Threat Intelligence and Biohacking.

Currently, he represents Bitso’s Quetzal Team, the first in Latin America dedicated to Web3 Threat Research.

  • Locking Hands: Ransomware Meets Bioimplants
The speaker’s profile picture
Mea Clift

Mea Clift is a seasoned cybersecurity leader with a multi-decade career marked by excellence, innovation, and mission-driven practices. As Principal Executive Advisor for Cyber Risk Engineering, she guides underwriters on cyber risks and educates insureds on trends and maturity. Previously, she focused on cybersecurity in Critical Infrastructure. A mentor and advocate for diversity, Mea actively participates in Cyversity and ISACA programs, teaching Fundamentals of GRC twice yearly. Known for her credibility with executives, clients, and peers, she is also a dedicated quilter and quilt historian living in St. Paul, Minnesota.

  • Boost Your Career: Get Practical InfoSec Experience in Your Community!
The speaker’s profile picture
Mea Clift

Mea Clift is a distinguished cybersecurity leader with a multi-decade career marked by excellence, innovation, and mission-driven practices. As Principal Executive Advisor at Liberty Mutual, she leverages her deep expertise to guide commercial underwriters on cyber risk and advise insureds on emerging trends and maturity opportunities.

Prior to this, Mea spearheaded cyber efforts at a leading water and wastewater consultancy, addressing critical infrastructure security. A respected mentor and advocate for diversity and inclusion, she received the 2024 Cyversity Educator of the Year Award and actively participates in mentorship programs with Cyversity and ISACA. Mea also shares her knowledge by teaching a Fundamentals of GRC class for Cyversity members.

  • When the Breach Hits the Fan: Understanding Cyber Insurance
The speaker’s profile picture
Megg Sage
  • Malicious Packages - they're gonna get ya!
The speaker’s profile picture
Meghan Jacquot

Meghan Jacquot is a Cybersecurity Engineer at Carnegie Mellon University’s Software Engineering Institute and focuses on offensive security and maturity models. Meghan shares her research and learnings via conferences and publications. She has been published in US Cybersecurity Magazine and Sources2Create. Throughout the year, she helps a variety of organizations and people including DEF CON as a SOC GOON, Diana Initiative, OWASP, and WiCyS. She firmly believes in breaking barriers for others to enter cybersecurity and also helping others to upskill. To relax she also spends time with her partner visiting national parks, gardening, and hanging with her chinchilla.

  • Let's Go Shopping: Third-Party Vendors and CyberRisk
The speaker’s profile picture
Mehmet Sencan

Mehmet is taking a hardware backstop approach to security and governance of AI compute. Since finishing his BS at Caltech in Applied Physics, he has been pushing chip and manufacturing technology capabilities for over a decade, previously as a full-stack hardware developer, running biosensor manufacturing processes all the way from sensor design to medical device implantation (while ensuring functionality,cost-efficacy, and manufacturability).

  • Thwarting Key Extraction and Supply Chain attacks by Detonating GPUs
The speaker’s profile picture
Melanie Gonzalez

Melanie Gonzalez is a journalist turned ethical hacker, who has covered reproductive justice in Latin America and the United States. Melanie became interested in cybersecurity after producing a story on violence against journalists and taking a digital security for journalists training. In the past three years, she's taken a deep dive into black hat Python scripts, secure coding vulnerabilities, OSINT, digital forensics and improving her CTF personal record. This past year, Melanie began volunteering as a digital security trainer for journalists and human rights activists. In her spare time, Melanie enjoys horror and needlework.

  • Community Defense in Depth: Teaching digital security and privacy practices for the public good
The speaker’s profile picture
Mia Kralowetz

Mia Kralowetz is a security leader at Upside, where she rebuilding a security program from the ground up—with empathy, AI, and just enough chaos. A career changer who once managed retail stores, ran finance and compliance teams, and worked as a life coach, she found their way into security through a love of tinkering and a desire to understand how things work.

Her first security project was featured in a coworker's talk in Proving Ground talk six years ago, and since then, she's focused on DevSecOps and pentesting. Today, she's passionate about using security to build trust, not fear, and about enabling teams instead of blocking them—especially in environments marked by distrust, resource constraints, and rapid change.

This is her first time at BSidesLV as a speaker—and it feels like a full-circle moment.

  • Security Theater, Now Playing: When Security Is a Sideshow Instead of a Strategy
The speaker’s profile picture
Ming Chow

Ming Chow is a Teaching Professor at the Tufts University Department of Computer Science. His areas of interest are web and mobile security, and Computer Science education. Ming has spoken at numerous organizations and conferences including the HTCIA, OWASP, InfoSec World, Design Automation Conference (DAC), DEF CON, Intel, SOURCE, HOPE, BSides, and ACM SIGCSE.

  • Broke but Breached: Secret Scanning at Scale on a Student Budget
The speaker’s profile picture
Moshe Bernstein

Moshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.

  • I Didn’t Register for This: What’s Really in Google’s Artifact Registry?
The speaker’s profile picture
Munish Walther-Puri

Munish Walther-Puri is a seasoned risk advisor and security strategist with two decades of experience translating complex cybersecurity and geopolitical realities into actionable frameworks. His expertise lies in identifying critical blind spots for decision-makers and developing innovative risk assessment methodologies. Currently, he serves as Interim Deputy CISO for a major manufacturer, building enterprise IT GRC programs and uplifting cybersecurity maturity. Munish's career spans diverse roles, including VP of Cyber Risk at Exiger, first Director of Cyber Risk at NYC Cyber Command, and Chief Research Officer at a dark web monitoring startup. His academic engagements include adjunct faculty positions at NYU, Columbia, and IANS Research, as well as a focus on the nexus of cyber, tech, national security, and industrial policy. He is a Life Member of the Council on Foreign Relations and a Senior Fellow at the Institute for Security and Technology. With a keen interest in the intersection of cyber, geopolitical, and supply chain risks, Munish is committed to bridging theory and practice, contributing to academic discourse, and advancing cutting-edge research in interconnected risk.

  • Power Play: AI Dominance Depends on Energy Resilience
  • Manufacturing Breakthroughs: How Conflict Leads to Innovation
The speaker’s profile picture
Natalia Semenova

Natalia is a cybersecurity professional with 15+ years of international experience in the industry. She started her career in the academic environment after achieving PhD degree in mathematical statistics and cryptography, but later transitioned into the corporate sector where she progressed from identity and access management developer to senior security architect at leading companies like Microsoft and Google. Currently Natalia is an independent security researcher and SSDLC expert working with leading automotive companies across the world to ensure highest level of trust for serial production road vehicles.

  • Harnessing AI and Post-Quantum Cryptography for Cybersecurity in the Quantum Era
The speaker’s profile picture
Navan

Navan is a person of far too many varied interests. He likes to say that, at the end of the day, what matters most to him is how fun and challenging the problem is—not whether he has any prior experience—because you can always learn more (that’s the engineering god complex in him speaking). He has wasted an impressive amount of time working with Python, Swift, shell scripts, and OpenWRT. When not attempting to watch the entirety of Doctor Who in one sitting, Navan can be found in the great outdoors in his crocs, trying to come up with imaginative ways to get injured.

  • Shorts Begone: Modding YouTube on iOS (without jailbreaking)
The speaker’s profile picture
Nicholas Carroll

Nicholas Carroll is a seasoned cybersecurity professional with a career spanning over two decades. He currently serves as a Manager of Cyber Incident Response with Nightwing, leading a team of cyber threat intelligence and DFIR professionals defending Fortune 500 organizations and government agencies. Prior to this, he held the position of CISO for a state government agency, overseeing election cyber projects. His journey in IT and cybersecurity began at the help desk, providing him with a broad perspective on the field. But his skills earned in jobs outside of IT and cyber helped craft the success he has today. He is also a certified cybersecurity instructor, demonstrating his commitment to continuous learning and knowledge sharing to help grow the field.

  • From Help Desk to CISO
  • Gremlin Hunting with SIGMA rules
The speaker’s profile picture
Nicole Beckwith

Nicole Beckwith is the Sr. Manager of Kroger Corporate Information Security's Threat Operations team, where she drives strategic initiatives across threat intelligence, threat hunting, detection engineering, insider risk, fraud, and forensics. With a strong foundation in computer programming and web development, she transitioned into law enforcement, first as a state police officer and later as a federally sworn U.S. Marshal assigned to the United States Secret Service, where she worked as a task force officer. Throughout her career, Nicole has demonstrated exceptional leadership managing complex teams, strategic projects, and overseeing critical operations.

Nicole is an active member of the Cincinnati community where she serves on the Advisory Boards for Miami University’s Center for Cybersecurity, Warren County Career Center’s Cybersecurity Program, and the Cincinnati chapter of the ISSA. She is also a trusted advisor on Googles Technical Advisory Council, IBM’s Strategic Advisory Board, and the ZeroFox Customer Advisory Council.

  • Craps, Clout, and Career Chaos: The Game They Forgot to Explain
The speaker’s profile picture
Noah Grosh

Noah Grosh is a recent UNCC graduate and former Dropbox employee working on AI/ML red team tools to increase velocity of testing while keeping testing relevant to modern threats. In his spare time he enjoys torturing LLMs, and drinking tea.

  • Creating the Torment Nexus: Using Machine Learning to Defeat Machine Learning
The speaker’s profile picture
Noah K

Noah K has worked in the national security arena for over 20 years. He currently works at a Federally Funded Research and Development Center where he focuses on the intersection of national security and artificial intelligence. For the 14 years prior to his current position, he worked at DoD where he was involved in strategy, war planning, special operations, and cyber operations.

  • (01) Ask the Fed
The speaker’s profile picture
Ochaun Marshall

Ochaun Marshall is a Product Security Engineer at Google Cloud. His focus is on Rapid Risk Assessments on Google Cloud products. In his day-to-day, he collaborates with engineers, security operators, and leadership to enable Google Cloud to grow securely. This involves rapidly switching gears from pentesting, vulnerability management, threat modeling, and other security assessments. Everything he does is summed up in I code. I teach. I hack. His previous talks include, “Flex Seal your CI/CD pipeline”, “The OPSEC of Protesting”, and "The last log4j talk you ever need". He has spoken at numerous Bsides and DEF CON. He’ll be presenting for Bsides LV for the first time in 2025.

  • Product Security: The Googley Way
The speaker’s profile picture
Or Eshed

Or Eshed is co-founder and CEO of LayerX Security. Or has over 15 years of cybersecurity experience sa an ML developer, security and intelligence researcher, and cybersecurity analyst. Prior to founding LayerX, Or worked as a cyber threat intelligence analyst at Check Point, Otorio, and ABN AMRO Bank. His work has led to the arrest of at least 15 threat actors and the exposure of the largest browser hijacking operation in history with over 50M browsers compromised. He has also written and spoken on topics of cybersecurity extensively. In addition, Or holds an MSc in Applied Economics from the Hebrew University of Jerusalem.

  • Extending Password (in)Security to the Browser: How Malicious Browser Extensions Are Used to Steal User Passwords
  • Cracking Hidden Identities: Understanding the Threat Surface of Hidden Identities and Protecting them Against Password Exposure
The speaker’s profile picture
Or Sahar

Or Sahar is a security researcher and the co-founder of Secure From
Scratch. With two decades of experience in software development and
security, she specialises in penetration testing, application security, and
instructing on secure coding practices in the private, governmental sector and several collages.

  • Hacking Secure Coding Into Education
The speaker’s profile picture
Oudy Even Haim

Oudy is a senior cybersecurity research program manager at Microsoft, where he leads the content quality and next-generation LLM-based detection framework strategy for Microsoft XDR and SIEM. With over 15 years of experience, Oudy brings a unique blend of hands-on expertise, offensive mindset and deep knowledge of SOC operations, purple teaming, and AI-driven detection. Prior to Microsoft, he led offensive security and research programs at EY and critical infrastructure practice at PwC, including national-scale initiatives such as Israel’s ICS National Cybersecurity Lab (ICNL) design and program management. Oudy has also served in key cybersecurity and leadership roles within the Israeli Prime Minister’s Office, focusing on OT security, cyber resilience, and secure architecture for classified environments. His current research program focuses on evolving SOCs from reactive data analysis to wisdom-driven detection pipelines using cognitive AI agents. Oudy holds an M.Sc. in Nuclear Engineering, a B.Sc. in Electrical Engineering, multiple GIAC certifications, and regularly instructs advanced cybersecurity courses.

  • SOC Like a Genius: Cognitive Agents Delivering Wisdom at Scale
The speaker’s profile picture
Paul Miller

Paul is an Infosec leader who started in systems hardening and laying traps for attackers nearly 30 yrs. ago. He is now a Defense Lead at Broadcom as part of the Carbon Black and Symantec teams. His areas of focus are Threat Research, Response, and personal privacy.

  • (11) Stopping the Nuclear Apocalypse with Threat Intel
The speaker’s profile picture
Paul Roberts

Paul is a respected cybersecurity journalist and Editor in Chief at The Security Ledger. Since 2018 he has spearheaded efforts to organize the information security community to support a right to repair as founder of the group Secure Repairs.

  • End of Life (EOL) Equipment should not mean End of Life (Your Life)
The speaker’s profile picture
Pavel Yosifovich

Pavel Yosifovich is a renowned author, developer, and expert in Windows Internals, system programming, and software development. He also co-founded Trainsec Academy (trainsec.net). With extensive experience in low-level programming, he has authored several books, including Windows Internals, Part 1 (7th Edition), Windows Kernel Programming, Windows Native API Programming, and Windows 10 System Programming. His works provide deep insights into Windows architecture, kernel-mode development, and debugging techniques, making them essential resources for developers, security researchers, and IT professionals.

  • Writing Windows Kernel Drivers for Power and Visibility, PM
  • Writing Windows Kernel Drivers for Power and Visibility, AM
The speaker’s profile picture
Phil Young aka Soldier of FORTRAN

Philip Young, aka Soldier of FORTRAN, currently serves on the BSidesLV review board and is the Chair of the Proving Ground track. He's been attending BsidesLV since 2012 where he gave his first talk ever in the mentor track. Since then he's helped countless others submit talks and, as a mentor for BSidesLV and as a speaking coach for BlackHat, helps first time and seasoned speakers give the best talk they can give. In his professional life Philip is the director of mainframe penetration testing at NetSPI. With over 15 years of experience building mainframe penetration testing programs at Fortune 500 companies, Philip's expertise covers z/OS, z/TPF, RACF, TSO, VTAM, CICS, TopSecret, and IMS.

  • So You Want to Give A Talk: How to Write a CFP
The speaker’s profile picture
QuietRoar

Specializes in safeguarding essential infrastructure against emerging digital and geopolitical threats. Focuses on risk mitigation in high-stakes sectors including energy networks and advanced manufacturing. Expertise spans protective frameworks for technology supply chains, crisis response modeling, and analysis of global trade impacts on cyber-physical systems. Recent initiatives include securing AI development pipelines and decentralized software ecosystems. Advises organizations on operational resilience, threat intelligence integration, and policy-driven security strategies. Collaborates across sectors to address vulnerabilities in interconnected technological networks while balancing innovation with systemic risk management. Key interest include economic implications of converging digital-industrial ecosystems.

  • (08) Mapping the Gaps: How Disconnects in Critical Infrastructure Leave Cities Vulnerable
The speaker’s profile picture
Rafael Ayala

Rafael works in Third-Party Risk Management. His career path spans non-profit work, to education and most recently to third-party risk management and cybersecurity. He has a passion for learning and is always seeking ideas that will expand his horizons.

Outside of work, catch me playing MTG, coaching sports, or reading.

  • Let's Go Shopping: Third-Party Vendors and CyberRisk
The speaker’s profile picture
Rain Baker

Gremlin hunter, kitten and puppy wrangler, snickers fan.
Came into the field of cybersecurity a bit later in life after shifting into the field from a background in philosophy, psychology, and conflict resolution, which have given me a unique perspective.
I enjoy solving puzzles and scavenger hunts, so this kinda work suits me well.
I started in cyber in late 2016 and have been working in the field ever since. I have worked for a few state government agencies doing a bit of everything, security administration, awareness training, vulnerability testing, and incident response. I moved to the private sector and I am now working for a company that supports both public and private sector customers.
My roles have included SOC analyst tier I and II, and now I work with my company's Cyber Threat Intelligence team as a cyber threat analyst and cybersecurity content engineer.

  • SIGMA, one rule to find them all
  • Gremlin Hunting with SIGMA rules
The speaker’s profile picture
Raviteja
  • Broke but Breached: Secret Scanning at Scale on a Student Budget
The speaker’s profile picture
Ray Espinoza
  • Root To CISO or not?
The speaker’s profile picture
Reanna Schultz

Reanna Schultz, from Kansas City, MO, holds both a Bachelor’s and Master’s degree in Cybersecurity. With over six years of professional experience, Reanna has contributed to various corporate environments, leveraging her expertise to strengthen cybersecurity practices.

Throughout her career, Reanna has worn many hats, including roles in Endpoint Security Engineering, Detection Engineering, and leading a Security Operations Center (SOC) team. In addition to her primary responsibilities, Reanna serves as an adjunct professor at the University of Central Missouri (UCM) and is also an entrepreneur.

Reanna is the founder of CyberSpeak Labs, a platform dedicated to fostering community engagement through collaboration. She hosts the podcast Defenders in Lab Coats, where she delves into cyber threats and occasionally invites passionate guests to share their insights.
Driven by her passion for cybersecurity, Reanna frequently travels to speak at events, sharing her industry knowledge and empowering others to improve their organizations' cybersecurity practices.

  • WhoAmI.exe - Can You Find The Threat?
The speaker’s profile picture
Ricki Burke

Ricki Burke is a passionate contributor to the infosec community. He co-organizes BSides Gold Coast and SecTalks Gold Coast, and has delivered sessions at Black Hat USA, Black Hat Asia, BSidesLV, AISA CyberCon, AusCERT, BSides Canberra, BSides Melbourne, BSides Perth, and CHCon. He has also run career villages, hosted interactive workshops, and volunteered for Resume Review at BSidesLV. Ricki is the founder of CyberSec People and CyberSec.Careers, where he helps companies build stronger teams and cybersecurity professionals grow their careers.

  • Where’s Waldo? Why Recruiters Can’t Find You (and What To Do About It)
The speaker’s profile picture
Robert Pimentel

Robert is a seasoned offensive security professional with more than a decade of experience in Information Security.
He started his career in the U.S. Marine Corps, working on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University.

Robert is committed to sharing his knowledge and experiences for the benefit of others. He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure.

Robert is the Red Team Lead @ Humana, Inc.

  • Bridge to Nowhere Good: When `Azure Relay` becomes a Red Teamer's highway
  • (12) Bridge to Nowhere Good: When Azure Relay becomes a Red Teamer's highway
The speaker’s profile picture
Ruslan Karimov
  • Cascading Failure, Unified Defense: Defending Water, Power, Healthcare, & EMS
The speaker’s profile picture
Ryan English

Ryan English is a researcher at Lumen Technologies’ Black Lotus Labs, where the team chases threats across the backbone of the internet. He began his career in cybersecurity over 13 years ago after spending most of his life in the military and as a private security specialist, because breaking things is a universal skill. He has spoken at BsidesLV, Bsides Harrisburg and BsidesNYC among other places

  • (02) The Botnet Strikes Back: how we assembled a coalition to take down a criminal network & their all-out response
The speaker’s profile picture
Ryan Mast

Ryan is a software engineer working on open source projects to make the electric grid more reliable. His interests include software security, niche video games, poking at random "smart" devices, and reverse engineering audio/video hardware used in live productions.

  • The Perfect BLEnd: Reverse engineering a bluetooth controlled blender for better smoothies
The speaker’s profile picture
Sam. "PANTH13R" Beaumont

As the Director of Transportation, Mobility, and Cyber-Physical Systems at NetSPI, Sam. "PANTH13R" Beaumont is at the forefront of developing and delivering technical strategies and solutions for Hardware and Integrated Systems at NetSPI. With a career spanning 10+ years in cybersecurity, Sam has established a formidable reputation for hacking anything from hardware and embedded systems to all things that “fly, sail, or drive”. Her extensive expertise provides NetSPI customers with unmatched technical leadership, depth, and delivery excellence in advisory and cybersecurity services, ensuring assets existing in physical spaces are fortified against evolving threats.

In previous roles, Sam has served in a technical capacity as an offensive security Principal Consultant, Red Teamer, Exploit Developer, Vulnerability Researcher, and more. She has continually demonstrated a unique ability to bridge the gap between business, regulatory needs, and the most prevalent theoretical vulnerabilities.

Sam’s commitment to the cybersecurity community and approach to tackling cyberphysical systems has cemented her status as a practical thought leader in the field. Through continued research, speaking engagements, and mentorship, Sam is dedicated to pushing the boundaries of what’s possible for women in cybersecurity, ensuring a safer, more diverse future for those who wish to secure technologies.

  • Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling
The speaker’s profile picture
Sarah Young

Once described on Reddit as “technically challenged”, Sarah is a Principal Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home.

Sarah has been working in cyber security since before it was cool, has previously spoken at many security conferences including Black Hat and has co-authored a few Microsoft Press technical books. She is an active supporter of security communities across the globe and a co-host of the Microsoft Azure Security Podcast.

Sarah spends most of her spare time gaming, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs.

  • SOC Like a Genius: Cognitive Agents Delivering Wisdom at Scale
The speaker’s profile picture
Scott Fraser

Scott has over a decade of experience in information security in offensive and defensive security teams. A majority of his experience comes from thinking like an adversary trying to infiltrate hospitals, warehouses, office buildings, and colleges. Scott has spent a considerable amount of effort developing exploits and thinking of ways to make devices do things they weren’t designed to do. He has also spent time building and maintaining defenses for hospitals, K-12, secondary education, and corporate networks.
Scott is an active volunteer at denhac, The Denver Hackerspace. He helps manage the local network and occasionally instructs classes on various information security topics and software defined radios. When he’s not sitting in front of a computer, he can commonly be found riding his adventure motorcycle in the mountains of Colorado, Utah and Arizona.

  • Cyber Incident Command System (CICS) A people orchestration layer
The speaker’s profile picture
Silas Cutler

Silas Cutler is an experienced security researcher and malware analyst. His focus has been researching organized cyber-crime groups and state-sponsored attacks.

  • End of Life (EOL) Equipment should not mean End of Life (Your Life)
The speaker’s profile picture
Simon Lermen

Simon is a AI security researcher who has worked on AI-powered phishing and removing safety guardrails from AI-models. He is interested in researching how AI agents could pose global catastrophic risk through cyberattacks.

  • Automating Phishing Infrastructure Development Using AI Agents
The speaker’s profile picture
Slava Maslennikov

Slava is an experienced engineering leader with roots in SRE, DevOps, and Software Engineering.

  • Can You Hear Me Now? A Survey of Communications Platforms During Emergencies
The speaker’s profile picture
Sounil Yu

Sounil Yu is the author and creator of the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He's a Board Member of the FAIR Institute; senior fellow at GMU Scalia Law School's National Security Institute; guest lecturer at Carnegie Mellon; and advisor to many startups. Sounil is the co-founder and Chief AI Safety Officer at Knostic and previously served as the CISO at JupiterOne, CISO-in-Residence at YL Ventures, and Chief Security Scientist at Bank of America. Before BofA, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security by Security Magazine and Influencer of the Year by SC Awards. He is a recipient of the SANS Lifetime Achievement Award and was inducted into the Cybersecurity Hall of Fame. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.

  • Mental Models to Anticipate the Next Stages of the AI and Cybersecurity Revolution
The speaker’s profile picture
Soya Aoyama

Soya Aoyama is a cybersecurity researcher and Global Fujitsu Distinguished Engineer. Soya worked as a Windows software developer at Fujitsu for over 20 years, developing NDIS drivers, Bluetooth profiles, WinSock applications, and more.

Soya started working in security research in 2015, mainly researching attacks using Windows DLLs, and has spoken at a number of international hacker conferences, including Black Hat, BSidesLV, GrrCON, DerbyCon and LeHack, and was also a mentor at BSidesLV 2023, 2024 and BSides London 2024.

Soya is one of the founders of BSides Tokyo, and has been involved with the organization since its first edition in 2018.

  • Azazel System: Tactical Delaying Action via the Cyber-Scapegoat Gateway
The speaker’s profile picture
Srajan Gupta

Srajan is a security engineer and builder focused on uncovering how systems fail — not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.

Their research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls — and how defenders can close those gaps without slowing down delivery.

Srajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.

  • The Protocol Behind the Curtain: What MCP Really Exposes
The speaker’s profile picture
Stacey Higginbotham

Stacey Higginbotham has been covering technology for major publications for two decades. She is an expert when it comes to the internet of things and technology in general. Her work has appeared in Fortune (where she was Senior Editor), PCMag, MIT Technology Review, Gigaom and Worth magazine. She is also a co-host on This Week in Google.

  • End of Life (EOL) Equipment should not mean End of Life (Your Life)
The speaker’s profile picture
Stacey Schreft

Stacey Schreft is an accomplished macroeconomist with extensive experience in the public and private sectors. She currently serves as Senior Research Scholar at the University of Maryland’s Robert H. Smith School of Business’ Center for Financial Policy, advising on financial system and cybersecurity risk, operational resilience, digital assets, and monetary policy. Previously, Stacey served as Deputy Director for Research and Analysis at the U.S. Treasury Department’s Office of Financial Research. In this role, she led initiatives that significantly enhanced the data and analytics used to assess risks to the financial system. As a member of the Financial Stability Oversight Council’s Deputies Committee, she played a key role in cross-agency risk identification and policymaking. While on detail to the Federal Reserve Board of Governors, she led an effort to strengthen the financial system’s cybersecurity and operational resilience. Prior to the OFR, Stacey held senior leadership positions in the financial sector, first as Director of Investment Strategy at a national registered investment advisor, and later as Chief Economist at an institutional investment management firm. Earlier in her career, she was an officer and economist at the Federal Reserve Banks of Kansas City and Richmond.

  • Vulnerabilities Beyond CVE: Cyber Resilience and the Next Financial Crisis
The speaker’s profile picture
Steve Jarvis

Steve Jarvis's journey in tech spans about 14 years, from his early work building key management software to developing services in networking, IAM, and infrastructure management. That background in creating security-related software naturally led him to his current focus as a security engineer. Still a programmer at heart, he tackles security challenges with that developer's mindset. Outside of work, he's kept busy by an adorable 3-year-old daughter and the ongoing pursuit of being a pretty okay bike racer.

  • Avoiding Credential Chaos: Authenticating With No Secrets
The speaker’s profile picture
Stryker

Stryker is a cyber threat analyst at a US insurance company, where she translates technical research and qualitative intelligence into the "so what?" and "what now?" solutions that keep more people safe and secure. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in Baltimore, growing parsley for butterflies and algae for shrimp.

  • Career Campaigns: A Tabletop RPG Workshop for Your Next Infosec Role
The speaker’s profile picture
Taha Biyikli

Taha Biyikli is Co-Founder & CEO of Alkonos, developing AI solutions for complex vulnerability detection. Previously, Taha led cybersecurity assessment teams and has been acknowledged by major organizations including Apple and the U.S. Department of Defense for discovering critical vulnerabilities. A member of Carnegie Mellon's Plaid Parliament of Pwning (PPP), Taha won the MITRE Embedded CTF 2025 with his team and specializes in application security and reverse engineering.

  • The Hackbot Builder's Guide to IDOR Detection
The speaker’s profile picture
Tal Peleg

Tal Peleg, also known as TLP, is a senior security researcher and cloud security team lead at Varonis. He is a full-stack hacker with experience in malware analysis, Windows domains, SaaS applications, and cloud infrastructure. His research is currently focused on cloud applications and APIs.

  • Rusty pearls: Postgres RCE on cloud databases
The speaker’s profile picture
Ted Hahn

Ted Hahn is an experienced Site Reliability engineer who previously worked at Google, Facebook, and Houseparty. He currently works as an independent consultant helping startups do cloud.

  • Building your own CA infrastructure on cheap HSMs
The speaker’s profile picture
Terada Yu

Terada Yu is a researcher with Fujitsu Defense & National Security Limited. He worked as a SOC Analyst for over five years. In 2021, he joined his current company as a Security Researcher. He is primarily involved in developing new attack methods and tools. He also participates in internal red team activities and cyber exercises.
He has spoken at Black Hat USA/Europe, Code Blue, and several conferences in Japan. He holds a Master's degree in Computer Science, as well as certifications including OSEP, OSCP, CRTL, CISSP, GIAC, and CKS.

  • Shedding Light on Web Isolation Technologies and Their Bypass Techniques: C2 Communication via Outlook Using SMTP and IMAP
The speaker’s profile picture
TerryBibbles

TerryBibbles has been hacking since high school, and has been a software engineer, red teamer, independent AI consultant, and pen tester. Most of all, TerryBibbles is thrilled to return to the SkyTalks stage!

  • (07) HR Hates My Mugs: Evading AI Censorship
The speaker’s profile picture
Tim Weston

With over a decade of experience in cybersecurity and corporate investigations, my journey has led me to serve as the Global Lead for the Defense Industrial Base, Energy, and Transportation at Microsoft. Previously, as the Director for Strategy and Risk and the Sr. Cybersecurity Policy Advisor at the TSA, I developed the agency's first Cybersecurity Roadmap and shaped national security policies. My core competencies lie in fusing industry standards with cybersecurity law to fortify public sector resilience. At Microsoft, my mission is to drive innovation in cybersecurity, ensuring compliance and safeguarding our national critical infrastructure. I am committed to contributing to Microsoft's culture of security and excellence, leveraging my skills in cybersecurity and strengthening our critical infrastructure sectors to enhance our collective security posture.

  • (01) Ask the Fed
The speaker’s profile picture
Travis Lowe

Travis spends most of his days working in the cloud/container/Kubernetes security space. He has worked in security for ~15 years. Most importantly, he is one of the select few individuals to be recognized with an official certification from Microsoft as a Microsoft Office User Specialist in Microsoft Access 2000.

  • From interview questions to cluster damage: Adventures in k8s cluster shenanigans
The speaker’s profile picture
Travis Smith

Travis Smith is the Vice President of ML Threat Operations at HiddenLayer where he is responsible for the services offered by the organization, including red-teaming machine learning systems and teaching adversarial machine learning courses. He has spent the last 20 years building enterprise security products and leading world class security research teams. Travis has presented his original research at information security conferences around the world including Black Hat, RSA Conference, SecTor, and DEF CON Villages.

  • LLM Mayhem: Hands-On Red Teaming for LLM Applications
The speaker’s profile picture
Tricta
  • 19 Years
  • Pentester at https://hakaisecurity.io
  • Programmer
  • Gamer
  • Cat lover
  • Compulsive pizza eater
  • Passionate about sysInternals, binary exploitation, offensive development and mobile
  • The Age of Zygote Injection
The speaker’s profile picture
Uday Bhaskar Seelamantula

Uday Bhaskar Seelamantula is a security professional at Autodesk with a focus on innovative approaches to application security. With extensive experience in both offensive security and secure development practices, Uday is passionate about bridging the gap between traditional security concerns and the emerging risks presented by AI technologies. Currently working on novel fuzzing techniques and static analysis, Uday has a deep interest in how security can evolve to address the unique challenges posed by AI integrations in desktop applications.

Having collaborated with teams on projects that span across security incident response, threat modeling, and secure software development lifecycle practices, Uday brings a well-rounded perspective to the conversation on how organizations can better secure the applications we rely on. When not researching the latest vulnerabilities or AI threats, Uday enjoys mentoring colleagues and sharing knowledge to help shape the next generation of security professionals.

Outside of work, Uday keeps sharp by playing CTF challenges and running fuzz farms, while unwinding with snowboarding as a favorite way to relax.

  • Desktop Applications: Yes, We Still Exist in the Era of AI!!!
The speaker’s profile picture
Vaibhav Garg

Vaibhav Garg is the Executive Director of Cybersecurity & Privacy Research and Public Policy Research at Comcast Cable. He has a PhD in Security Informatics from Indiana University and a M.S. in Information Security from Purdue University. His research investigates the intersection of cybersecurity, economics, and public policy. He has co-authored over thirty peer reviewed publications and received the best paper award at the 2011 eCrime Researcher's Summit for his work on the economics of cybercrime. He previously served as the Editor in Chief of ACM Computers & Society, where he received the ACM SIGCAS Outstanding Service Award.

  • Workshop on Cybersecurity Policy in Practice
The speaker’s profile picture
Vanessa Redman

I am a seasoned Cybersecurity professional with 15+ years of leadership and technical experience, currently working as the Vice President of Information Assurance. I have lead teams in Cyber Strategy, Cyber Risk Policy development, Threat Assessments /Analysis, Cyber Vulnerability Prioritization & Validation, and Cyber Controls Testing. I have 10+ years of DoD and Military Cybersecurity experience with the U.S. Air Force, including working as a Cyber warfare operator and instructor with in-depth, hands-on experience in analyzing and defending against nation-state and organized crime adversaries. Other experience includes using MITRE ATT&CK matrix for analysis, control testing, and planning. I also love talking about Algorithmic Game Theory and have spoken at several conferences on the subject.

  • Security Theater, Now Playing: When Security Is a Sideshow Instead of a Strategy
The speaker’s profile picture
Viet Luu

With a passion for offensive security and a knack for creative problem-solving, I lead and execute red team assessments that span physical security, social engineering, and wireless testing. My work involves conducting thorough internal and external network penetration tests and vulnerability assessments to identify and remediate security gaps.

I specialize in developing custom exploit tools to replicate real-world attacks, providing actionable insights and practical solutions to both common and unconventional security challenges. From start to finish, I manage project lifecycles with a focus on measurable impact and continuous improvement.

I’m dedicated to helping organizations strengthen their security postures and adapt to an ever-changing threat landscape — and I’m excited to share some of those insights with the BSides community!

  • Infiltrating Like a Ninja: Unveiling Detection Gaps in Physical Security Across Japan and the U.S
The speaker’s profile picture
Virginia “Ginger” Wright

Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.

  • Engineering Cyber Resilience for the Water Sector
  • Defending Our Water - Defending Our Lives
The speaker’s profile picture
wasabi

Educator, hands-on hacker, and Blue Team strategist exploring the frontiers of embedded systems, AI, academic research, and competitive challenges. Previously spoken a number of conferences including DefCon, SCALE, BSides LA, and ShellCon to name a few.

  • Hands on DuckyScript: Introduction to HID Attacks with O.MG Devices
  • A Winning Competition
The speaker’s profile picture
Wendy Hou-Neely

Wendy is from Marsh McLennan Cyber Risk Intelligence Center. She specializes in data, data analytics, risk quantification models for all aspects of cyber. She designed and created the various cyber risk models for MMC as well as consulting on cyber risk quantification for clients from various industries since 2017.

Wendy has over 30 years’ experience in the information technology industry, analytics, both in enterprise software, hardware and security. Like many others in the space, she began working in the area of cyber security more than 10 years ago to understand the financial impact of cyber breaches on businesses. Her skills in analytics and data science, combined with her understanding finance, technology and the nature of cyber breaches uniquely afford her the ability to quantify cyber risks.

  • Increasing Complexity and Frequency of Cyber Events: Trends, Costs, and Risk Mitigation Strategies
The speaker’s profile picture
Wendy Knox Everette

Wendy is a software developer & hacker lawyer who is currently the CISO at a healthcare data analytics firm. She has co-authored a peer reviewed article on FedRAMP in IEEE Security & Privacy, as well as another reviewing other security issues caused by control frameworks published at NDSS. She is a also hacker lawyer who began her career as a software developer at Amazon.com and Google, before going to law school, where she focused on national security law and computer security issues. She interned with the FTC, FCC, and several other three letter agencies, and completed a fellowship with ZwillGen in Washington, D.C.

  • (11) Crossing the Border Again with a Burner Phone
The speaker’s profile picture
Whitney Bowman-Zatzkin

Whitney Bowman-Zatzkin, MPA, MSR, is a passionate community architect obsessed with connecting the dots to provoke change for the greater good.

Whitney started in healthcare 20 years ago as the manager of a clinical practice, launching its EHR, redesigning the patient record, and engaging in advocacy efforts around maternal-infant health and malpractice reform. Moving to DC, she collaborated with policy leaders on research and policy changes around health professions education and workforce design.

In the past, she has served as the Managing Director of Flip the Clinic, a project of the Robert Wood Johnson Foundation and Co-PI for Scouting Health, an investigative horizon-hunting effort with Westat. She also led the Great Challenges at TEDMED, producing 50+ broadcasts on the toughest conversations in health care.

Additional projects featuring her work include Digital Therapeutics Alliance, Adoption-Share, VitalCrowd, CPESN, Access our Medicine - a project of Mindset Foundation, and Script your Future, a grassroots adherence project, where she was commended by the U.S. Surgeon General and multiple Members of Congress.

Whitney has a Master of Public Administration and a Master of Survey Research from the University of Connecticut, her research on health insurance models was awarded Best Capstone.

  • Hackers Kinda Like to Eat
The speaker’s profile picture
Yariv Tal

Senior developer turned security researcher.
A summa cum laude graduate from the Technion, leveraging four decades of programming expertise and years of experience in university lecturing and bootcamp mentoring, he brings a fresh outsider's perspective to the field of security.
Currently, he lectures on secure coding at several colleges and the private sector and he is also the leader of the owasp-untrust project.

  • Hacking Secure Coding Into Education
The speaker’s profile picture
Yash Bharadwaj

Yash Bharadwaj, doing Security R&D & Technical Director at CyberWarFare Labs with over 7.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, simulation based teachings, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat (USA, EU, Asia), Microsoft BlueHat, Nullcon India, c0c0n India ,X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc. You can reach out to him on Twitter @flopyash

  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, PM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, AM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, AM
  • Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, PM
The speaker’s profile picture
Yoshiki Kitamura

Yoshiki Kitamura is a security engineer at Cybozu, Inc., where he focuses on web security and designing optimal security frameworks for the organization. He is also a member of the internal PSIRT (Product Security Incident Response Team), conducting vulnerability testings and handling security issues to ensure the safety and reliability of Cybozu’s services.

  • Prompt Hardener - Automatically Evaluating and Securing LLM System Prompts
The speaker’s profile picture
You Nakatsuru

With a background in security incident response support and malware analysis and countermeasure research, he joined Secureworks in March 2016. Currently, as a researcher on the Counter Threat Unit team, he focuses on investigating the latest cyber attacks, particularly those targeting Japanese enterprises. He is also actively involved in incident response and red team testing. Additionally, he has presented his findings at prestigious conferences such as the FIRST Annual Conference and CODE BLUE.

  • Infiltrating Like a Ninja: Unveiling Detection Gaps in Physical Security Across Japan and the U.S
The speaker’s profile picture
Yuval Gordon

Yuval Gordon is a Security Researcher at Akamai Technologies, specializing in Active Directory security, identity-based attacks, and protocol research.
Yuval started his career in security operations, incident response, and detection engineering before moving into security research with a focus on AD internals, OT environments and offensive security. His recent work includes uncovering design flaws and logic abuses.
Yuval occasionally dabbles in malware analysis and reverse engineering, and enjoys sharing insights from both attacker and defender perspectives.

  • The (Un)Rightful Heir: My dMSA Is Your New Domain Admin