Black Hat Europe 2012

Black Hat Europe 2012 //Speaker Bios

Grand Krasnapolsky Hotel
mar 14 - 16

Axelle Apvrille

Axelle Apvrille's initial field of expertise is cryptology, security protocols and OS.

She is currently a senior antivirus analyst and researcher at Fortinet, where she more specifically looks into mobile malware, and exercises her security blogger talents.

Axelle presented at various conferences, including VB 2011, EICAR 2010 (best paper award) and RSA 2011.

Known in the community by her more or less mysterious handle "Crypto Girl", she changes from office worker during the day into mighty hacker at night. Like Neo, but with a superhero costume.

Mike Arpaia
iSEC Partners, Inc.

Mike Arpaia is a security consultant and researcher at iSEC Partners, an information security firm specializing in application, network, and mobile security. Mike's current research interests include mobile device security, cloud infrastructure security and secure protocols.

Before working at iSEC Partners, Mike co-founded the Stevens Cyber Defense Team at Stevens Institute of Technology and he remains an advisor to the group. Mike has previously presented at conferences such as DEFCON and Derbycon on developing effective university information security education programs.

Jerome Athias

French coder and hacker enthusiast for more than 10 years. Information security professional and researcher with experience in penetration testing, and software security assessments. Active in various security mailing-lists and forums. Early contributor to projects like the Metasploit Framework and Rainbow Tables projects. VP, Director of Software Engineering for NETpeas. Technical leader of a CSIRT for a CERT. Speaker and trainer at ToorCon (USA), VNSecon (Vietnam), HSF (Paris). Organizer of the FRHACK IT Security Conference.

Antonios Atlasis
Centre for Strategic Cyberspace + Security Science

Antonios Atlasis, MPhil, PhD, is an independent IT Security analyst with a passion for information security research. He has over 20 years of diverse Information Technology experience. Antonios is also an accomplished instructor and software developer with research interests in the areas of penetration testing, incident handling, intrusion analysis and bug-finding. Antonios recently joined the Centre for Strategic Cyberspace + Security Science non-profit organisation.

Don A. Bailey
iSEC Partners, Inc.

Don A. Bailey is a Security Consultant with iSEC Partners, Inc. Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software.

While Don's primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences.

For the past six years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, telephony security, and most recently, machine to machine security. In the past year, Don has given lectures at Black Hat Barcelona 2011, Black Hat Las Vegas 2011, SyScan Singapore 2011, and Hack In The Box KL 2011, regarding vulnerabilities in embedded architectures and wide spread machine to machine vulnerabilities.

Michael Baker

Michael Baker is a technologist focused on information security and pushing the boundaries of software. Recently he has been using Big Data and NoSQL tools to pioneer new ways to collect, analyse and make security decisions on network data. A devotee of Network Security Monitoring (NSM) he looks to deliver on real potential of NSM using parallel processing, map/reduce and alternative databases.

Michael is a noted expert in Perimeter Security Architecture and Implementation having spent the majority of his 15 year security career designing and implementing Banking perimeters in Australia and Asia.

Michael has built and sold a security consulting company and designed and built a Managed Security Provider and Private Cloud platform. As the leader of an application development team he also built a construction collaboration platform that manages around $40 Billion AUD of construction projects.

Michael has presented at RemixAU annual developer conference as well as Security Bsides #bsidesau in Australia.

Michael is currently CTO of Packetloop, a cloud-based security analytics and analysis platform and leading the security consulting firm, Black Foundry.

Ken Baylor
Gladius Consulting

Dr. Ken Baylor heads up Emerging Threats at a major financial institution. Previously he served as Symantec's Vice President of IT and Chief Information Security Officer (CISO). Prior to Symantec, Ken worked at McAfee where he wrote the seminal 2006 paper "Killing Botnets:A view from the trenches". Dr. Baylor is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM).

Tal Be'ery

Mr. Be’ery has a decade of experience in the IS domain. Tal leads the efforts to capture and analyze hacking activities. The insights obtained in this process are incorporated into the design of new security mechanisms by the web research team he leads. Tal holds a B.Sc and an M.Sc degree in Electrical Engineering and Computer Science. He was granted a number of awards both for his academic work and his professional achievements

Andrey Belenko
ElcomSoft Co. Ltd.

Chief security researched and software developer at Elcomsoft. Co-invented ThunderTables (which are improved RainbowTables) and was first to bring GPU acceleration to password recovery. M. Sc. IT and CISSP. LinkedIn:

Andy Davis

Andy has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NGS Secure, Andy held the positions of Head of Security Research at KPMG UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for black-box software vulnerability discovery.

Stephen de Vries

Stephen de Vries is a principal consultant for Corsaire’s Security Assessment team. His focus is on application security and on improving the security practices in software development.

Stephen has worked in the security field since 1998 and has spent the last 12 years focused on Security Assessment and Penetration Testing at Corsaire, KPMG and Internet Security Systems. He was a founding leader of the OWASP Java project and regularly presents talks on secure programming and security testing.

Tyrone Erasmus
MWR InfoSecurity

Tyrone Erasmus is an Information Security Consultant at MWR InfoSecurity with a degree in Computer Engineering. He enjoys delving into many different areas of penetration testing and security research, with the majority of his research efforts being poured into Android. Tyrone has a great interest in creating tools and frameworks that can be used in easing the process of exploitation on various systems.

He has a passion for making and breaking things, which lead him to his strange pastime of reading new publicly available exploit code and snickering to himself.

Tom Forbes

Tom Forbes is a 1st year undergraduate studying Software Engineering at the University of Hull, as well as working for 7safe as a research assistant. He has a keen interest in IT security and loves to program, contributing to open source projects such as Twisted and Django. He also co-runs his own small business renting virtual servers.

James Forshaw
Context Information Security

James is a principal consultant at Context Information Security Limited; a UK based security consultancy firm with a presence in Australia through our Melbourne office. He has been involved with computer hardware and software security for almost 10 years with a skill set which covers the bread and butter of the security industry such as application testing, through to more bespoke product assessment, vulnerability analysis and exploitation. He is also the developer of the CANAPE tool being presented at Blackhat.

He has presented at a number of conferences included Chaos Computer Congress and Ruxcon.

Eric Fulton
LMG Security

Eric Fulton is a specialist in network penetration testing and web application assessments. His clients have included Fortune 500 companies, international financial institutions, global insurance firms, government entities, telecommunications companies, as well as world-renowned academic and cultural institutions. In his spare time, Eric works with local students to provide hands-on security training, and conducts independent security research on a number of topics. He publishes network forensics contests on

Dan Guido

Dan Guido is a Hacker in Residence at NYU:Poly where he advises academic research and teaches two graduate courses: a purely offense-focused course in vulnerability development and a purely defense-focused course in application security. He has been known to take a consulting gig or two when he's not professionally taking vacations.

Takahiro Haruyama
Internet Initiative Japan Inc.

Takahiro Haruyama, EnCE, is a forensic professional with over six years of extensive research experience and knowledge in intrusion detection, authentication, VPN, digital forensics and malware analysis. He is the author of memory forensic EnScript such as Raw Image Analyzer (previously called Memory Forensic Toolkit) and Crash Dump Analyzer. He also has spoken at several conferences about digital forensics and computer security including The Computer Enterprise and Investigations Conference (CEIC) 2011 and RSA Conference Japan 2010.

Marcia Hofmann
Electronic Frontier Foundation

Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, and free expression. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. She is also a non-residential fellow at Stanford Law School's Center for Internet and Society.

Vincenzo Iozzo
Tiqad S.R.L.

Vincenzo Iozzo is a security researcher at Tiqad srl. He is a regular speaker at various information security conferences including Black Hat, CanSecWest and DeepSec. He is perhaps best known in the information security industry for co-writing the exploits for BlackBerryOS and iPhoneOS to win Pwn2own 2010 and Pwn2own 2011. He tweets at @_snagg.

Jeff Jarmoc
Dell SecureWorks

Jeff Jarmoc is a Senior Security Researcher with the Dell SecureWorks Counter Threat Unit (CTU) working with a broad range of security related topics. Throughout his career, he's been responsible for securing the information systems of small businesses and large enterprises alike. In 2010 he discovered vulnerabilities in Cisco's ASA firewall, and in 2011 demonstrated weaknesses in Amazon EC2 AMI sharing. All too often, he's seen the results of security control mis-configurations and vulnerabilities which cause defense in depth strategies to yield defects in depth. Jeff has previously presented at other security conferences such as Black Hat USA, DEF CON, DerbyCon, and others.

Michael Jordon
Context Information Security

Michael Jordon is a Principal Consultant at Context Information Security and has 11 years experience within the IT security and software development industry. Michael developed the Context App Tool (CAT) which is a web application security tool for performing manual application assessments. He has presented at various conferences including InfoSec, OWASP and RuxCon. He has also released advisories in software products including Sophos, Citrix and Outlook web access and released a whitepaper on ‘Assessing Cloud Node Security’.

Ling Chuan Lee
F-13 Labs

Ling Chuan Lee (a.k.a lclee_vx) currently works as a Malware Researcher in CyberSecurity Malaysia. He has over 10 years of experience in reverse engineering and penetration testing. He also founded a personal research blog, F-13 Lab. He is now further the study in National University of Malaysia (UKM) as Ph.D (Doctor of Philosophy) student, majoring Antivirus Core Engine Design. lclee_vx has presented his security research in DEFCON16, SYSCAN'10 HangZhou, IEEE MICC2009, IEEE ICACT 2011, CCC SIGINT 2010, Swiss CyberStorm 2011 and numerous other events. His research topics included in-depth malware or vulnerability analysis on decryption, penetration testing, kernel driver, rootkit and hooking.

Felix 'FX' Lindner
Recurity Labs GmbH

Felix 'FX' Lindner is the founder as well as the technical and research lead of Recurity Labs GmbH, a high-end security consulting and research team, specializing in code analysis and design of secure systems and protocols. Well known within the computer security community, he has presented his research for over a decade at conferences worldwide. Felix 'FX' holds a title as German State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional, is highly specialized in digital attack technologies, but recently changed the direction of his research to defense, since the latter seems to be a lot less fun.

David Litchfield

David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of "Oracle Forensics", the "Oracle Hacker's Handbook", the "Database Hacker's Handbook and SQL Server Security" and is the co-author of the "Shellcoder's Handbook"and "Special Ops". He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany.

Zhenhua Liu

Zhenhua Liu is a Vulnerability Researcher at Fortinet (Canada) Inc. He mainly focuses on researching new technologies for vulnerability exploitation and discovery

Steve Lord

Steve is a penetration tester and malware analyst based in the UK. As well as being a Check Team Leader at Mandalorian, Steve also sits on the Tiger Scheme Technical Panel where he advises the scheme on certification relating to penetration testing and malware analysis.

Rafal Los

Rafal Los, Enterprise and Cloud Security Strategist for Hewlett-Packard Software, combines over a decade of deep technical expertise in information security and risk management with a critical business perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a sought after speaker at both public and private information security and quality conferences, and has presented at events produced by OWASP, ISSA, SecTor, Black Hat, Defcon, and SANS and many others. Staying active and contributing to the community - he participates in OWASP, is a key liaison to the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on enterprise security and cloud has amassed a following from his industry peers, business professionals, and even the media and can be found at

Prior to joining HP, Los defined what became the software security program and served as a security lead at a Global Fortune 100. Los also contributed to the global organization's security and risk-management strategy internally and with their customers. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.

Guillaume Lovet

Guillaume Lovet is currently the Sr Manager of Fortinet's EMEA Threat Research and Response Center, based in Sophia Antipolis, France. Involved in research activities and member of anti-virus, threats, and incidents information exchange networks ([da], [ii], [mwp], AVGURUS, 1st...), he is a recognized expert on Cybercrime and the technical editor of Fortinet's research blog.

At the international AVAR 2005, EICAR 2006, VB 2006, VB 2007, HackCon 2008, VB 2009 and BlackHat 2010 conferences, he presented white papers on various topics, including Cybercrime business models, ethical challenges in fighting Cybercrime, and Botnet-powered SQL injections. In 2010, he was nominated for the "Most innovative research" Pwnie award, for his work on Adobe Reader's custom heap management system, conducted jointly with Haifei Li.

Activities conducted prior to joining Fortinet in March 2004 highlight Lovet's strong security background:After graduating from Georgia Tech (USA) with a master's degree in Electrical and Computer Engineering, Lovet joined the Swiss company Visiowave (digital video applications) as a C++ developer in the security team; he then led a study on data security and cryptography applied to Digital TV, for the major French firm TPS.

A snowboarder since the age of 15, Guillaume has ridden most French and Swiss Alps renowned spots, as well as Whistler/Blackcomb, BC, Canada.

Shane MacDougall
Tactical Intelligence Inc.

Shane MacDougall is a principal partner at Tactical Intelligence, an information gathering and InfoSec consulting firm. He started in the industry in 1989 as a penetration tester for KPMG, and was head of security at ID Analytics, the world's largest identity theft detection company for 8 years until he left in 2011 to start his own firm. His current areas of interest include the weaponizing of OSINT and realtime generation of pretexting for social engineering attacks. Mr. MacDougall is a Defcon Black Badge holder for winning the DC19 social engineering CTF event.

Matias Madou

Matias Madou is Principal Security Researcher at Fortify/HP's Security Research Group where he’s working on mainly technical projects, ranging from kicking off the insider threat rulepack in the static analyzer, to spearheading anomaly detection in the runtime tool. Matias headed the initial rules for Hybrid 2.0, where SAST-DAST issue correlation is performed based on monitoring the application under attack. He also crafted the initial runtime rules to let HP WebInspect collaborate with Fortify SecurityScope. And when he’s away from his desk, he’s instructing the training course "SCA custom rules training" or helping out the field at short notice or presenting at DEF CON, RSA, BruCon, OWASP.

He holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application. During his Ph.D., he collaborated with top research and industry players in the field of program obfuscation.

Daniel Mende

Daniel Mende is a long time network geek who loves to explore network devices & protocols and to break flawed ones.

Nikhil Mittal

Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has over 3 years experience in Penetration Testing of many Government Organizations of India and other global corporate giants at his current job position.

He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He is creator of Kautilya and Mareech. In his free time, Nikhil likes to scan full IP ranges of countries for specific vulnerabilities, writes some silly Metasploit scripts and does some vulnerability research. He has spoken at Clubhack'10, Hackfest'11, Clubhack'11 and Blackhat Abu Dhabi'11

Mariano Nunez Di Croce

Mariano Nunez Di Croce is the CEO at Onapsis. Mariano is a renowned researcher in the ERP & SAP Security field, being the first to present on real-world security attacks to SAP platforms. Since then, he has been invited to lecture in some of the most important security conferences in the world, such as BlackHat DC/USA/EU, RSA, SAP, HITB Dubai/EU, Troopers, Ekoparty, HackerHalted, DeepSec, Sec-T, and, as well as in Fortune-100 companies and military organizations.

Mariano has discovered more than 50 vulnerabilities in SAP, Microsoft, Oracle and IBM applications and has several years of experience performing SAP Penetration Tests. He leads the strategic development of Onapsis X1, has been the developer of the first open-source SAP & ERP Penetration Testing Frameworks (sapyto/bizploit) and leads the "SAP Security In-Depth" publication. Mariano is also a founding member of, the Business Security Community. Because of his research work, he has been interviewed and featured in mainstream media such as CNN, Reuters, IDG, New York Times, eWeek, PCWorld, Darkreading and others.

Phil Polstra
University of Dubuque

He cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since.

Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics. His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual certs one might expect for someone in his position.

Phil is also an accomplished aviator with several thousand hours of flight time. He holds 12 ratings including instructor, commerical pilot, mechanic, inspector, and avionics tech. When not working, he likes to spend time with his family, fly, hack electronics, and has been known to build airplanes.

Jerome Radcliffe

Jay Radcliffe has been working in the computer security field for over twelve years and is currently a Senior Threat Intelligence Analyst for a major computer security organization. He has an extensive public speaking background, going back to middle school, and has spoken on a variety of security and legal topics at major conferences, universities, and other community events. He holds a Masters degree in Information Security Engineering form SANS Technology Institute as well as a bachelor’s degree in Criminal Justice/Pre-Law from Wayne State University. His experience with radios and hardware goes back to when he was 12 and earned his Ham Radio license, now with the callsign N8OS.

Damir Rajnovic

Damir is part of Cisco PSIRT (Product Security Incident Response Team). The only group in Cisco that publishes Cisco Security Advisories and we are the focal point for product security within Cisco. In the current role Damir's responsibilities are to do whatever it takes to remove security vulnerabilities from all Cisco's products. Apart from the reactive work (responding to customer's incidents and managing vulnerabilities) Damir works on several proactive efforts to help building more secure products. These efforts are concentrated on educating developers to write more secure code and working with product designers during the design stage.

Part of the daily job is to liaise and maintain relationships with relevant external organisation. Some of the entities Damir is connected to are: law enforcement, coordinating centres (CERT/CC, JPCERT, NISCC) and other appropriate entities (Internet Crime Forum, GCHQ).

Damir is actively involved in computer security arena since 1993. It started with Ministry of Foreign Affairs of Republic of Croatia, continued in Ministry of Science and Technology of Republic of Croatia, moved to EuroCERT to end in Cisco's PSIRT where he still is. EuroCERT (now defunct) was project with the aim to coordinate CERTs within European region. During that period he established CarnetCERT, was instrumental in creation of EuroCERT and constantly involved in CERT forums -both FIRST (internationally) and TF-CSIRT (European region). Non-security related work includes working on a Radio 101 as a sound engineer and a theatrical group.

Among other FIRST-related activities, Damir is the main driver behind Vendor SIG (, a special interest groups under FIRST umbrella. The purpose of that forum is to facilitate dialog among product security groups from different vendors.

Damir is FIRST liaison officer to ISO and ITU. Apart from coordinating FIRST acitvites in both standardisation organisations Damir is actively contributing to multiple standards (e.g., ISO 29147 "Vulnerability Disclosure" and ITU-T Cybex framework).

Damir was an invited lecturer for MSc Information Technology Security course at Westminster University.

Vivek Ramachandran

Vivek Ramachandran is the Founder and Chief Trainer at He discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at Defcon and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book "Backtrack 5 Wireless Penetration Testing".

Vivek currently runs the SecurityTube Wi-Fi Security Expert (SWSE) online course and certification which is currently being taken by students from over 35+ countries around the world.

In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants.

Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Blackhat USA and Abu Dhabi, Defcon, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, C0C0n etc.

Enno Rey

Enno is a long time network geek who loves to explore network devices & protocols and to break flawed ones.

Tom Ritter
iSEC Partners

Tom Ritter is a Security Consultant at iSEC Partners, a frequenter of @nysecsec, and has far more ideas than time. He is interested in nearly all aspects of cryptography, privacy, anonymity, and pseudonymity; the interesting areas of security; and traveling. He is located corporeally in New York City, virtually at, and meta-physically has been lost for quite some time.

Simon Roses Femerling

Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid).

Currently works as an independent security researcher, driving security innovation. Former Microsoft, PriceWaterhouseCoopers and @Stake.

Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products.

Frequent speaker at security industry events including RSA, OWASP, SOURCE. DeepSec and Microsoft Security Technets. CISSP, CEH & CSSLP

Paul Royal
Georgia Tech Information Security Center

Paul Royal is a Research Scientist at the Georgia Institute of Technology, where he engages in collaborative research on various facets of the online criminal ecosystem. Prior to Georgia Tech, Royal served as Principal Researcher at Purewire, Inc, where he worked with other researchers to identify threats and design methods that enhanced the company's web security service. Royal often focuses on research topics interesting to both academics and industry practitioners, with previous work presented at Black Hat USA that subsequently appeared in ACM CCS.

Rahul Sasi
iSIGHT Partners

Rahul is working as an Info Security Researcher for iSIGHT partners. He has responsibly disclosed vulnerabilities/Bugs to Google, Apache, Banking sectors and many IT giants. Rahul has topped many CTF contests conducted by Verisign, HITB, NUll, OWASP, and has authored articles and spoken at Cocon,Nullcon Sans,Clubhack. His work could be found at and

Seth Schoen
Electronic Frontier Foundation

Seth Schoen is a Senior Staff Technologist at the Electronic Frontier Foundation. He has worked at EFF for ten years, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF's legal work, and the public understand what the technology products they use really do. He helped create the LNX-BBC live CD and has researched phenomena including laser printer forensic tracking codes, ISP packet spoofing, and key recovery from computer RAM after a computer has been turned off.

Justin Searle

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).

Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute.

In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Shreeraj Shah
Blueinfy Solutions

Shreeraj Shah, B.E., MSCS, MBA, CSSLP is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking:Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

Sumit Siddharth

Sumit Siddharth (sid) works as a Head of Penetration Testing for 7safe in the UK. He specializes in Web application and database security and has over 7 years of experience with IT security. Sid has been a speaker at many international conferences such as Black Hat, Defcon, Owasp, Troopers, Sec-T etc. He has been an author of several white-papers, tools and security advisories. Sid holds the prestigious CREST certification and also runs the popular IT security blog He is also a contributing author to the book SQL Injection:Attacks and Defense (2nd Edition)

Alexey Sintsov

Graduated from Saint-Petersburg State Politechnic University, Information Security of Computer Systems department. Since 2001 has been working on practical questions in the field of security analysis, searching for vulnerabilities and exploits’ developing. Has experience in participating in such western and national security conferences as CONFidence, Hack In the Box, ZeroNights, Сhaos Constructions and others.

Dmitry Sklyarov
ElcomSoft Co. Ltd.

Dmitry Sklyarov is a Security Researcher at ElcomSoft and a lecturer at Moscow State Technical University. He did research on the security of eBooks and on the authentication of digital photos. Recent research projects involved mobile phone and smartphone forensics. Dmitry is also a co-developer of the ElcomSoft iOS Forensic Toolkit.

Didier Stevens
Contraste Europe NV

Didier Stevens (Microsoft MVP Consumer Security, CISSP, GSSP-C, MCSD .NET, MCITP, MCSE/Security, RHCT, CCNA Security, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation.

He is employed by Contraste Europe NV, an IT Consulting Services company ( You can find his open source security tools on his IT security related blog at

Hiroshi Suzuki
Internet Initiative Japan Inc

Hiroshi Suzuki is a malware analyst, working for a Japanese ISP company, Internet Initiative Japan Inc. His main job is to analyze malware and vulnerabilities, to observe malware activity, and digital forensics.

Ben Williams


Ben is currently a Penetration Tester for NGS-Secure, and has been in the IT Security industry for around 15 years.

He previously worked for a company which makes IT Security Gateways for around 10 years, hence his particular interest in this area.

Even though he is relatively new to penetration testing and exploit-development he has reported 30+ PoC exploits (over the past 4 months) to various software companies who produce some of the most popular Security Gateways.

Chris Wysopal

Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.

Kyle Yang
Fortinet Inc

Kyle Yang, CCIE#19065, Manager of AV Engine Dev team and Malware Research team at Fortinet (Canada) Inc. He's currently focused on malware custom packer researching and botnet researching.

Chan Lee Yee
F-13 Labs

Chan Lee Yee (a.k.a lychan25) founded F-13 Security Lab, a personal research blog. lychan25 has been working in cyber security industry for the recent 6 years, previously lychan25 worked as security consultant and also lecturer in University Tun Abdul Razak (UNITAR). Now further the study in University of Malaysia (UKM) as Ph.D (Doctor of Philosophy) student, majoring in the art of packing/unpacking and dynamic execution tracing.