Black Hat Europe

Regional Review Board

Please press or click a member's name for more information.

Antonios Atlasis

Senior Cyber Security Professional and Researcher

European Space Agency

Antonios Atlasis (PhD) is a Senior Cyber Security Professional and Researcher currently working for the European Space Agency (ESA). Dr. Atlasis, with over 18 years of hands-on experience in the field and frequent presenter at security conferences, has a special interest in the security analysis of modern network protocols in particular and new security technologies in general.


Jon (Bitquark)

Security Researcher

Tesla

Jon (@bitquark) has been part of the UK hacking scene for over 20 years. Leaving his life as a senior developer to become a security researcher, Jon reached the #1 spot on Bugcrowd before being hired by Tesla to work on its infamous Red Team, where he proactively protects the company from internal and external threats. Jon's current Interests include automation, artificial intelligence, and getting into places he shouldn't.


Thomas Brandstetter

Professor, Co-founder and Managing Editor

Limes Security

Thomas Brandstetter is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past noteworthy achievements include being the Stuxnet incident handler for Siemens, founding the Siemens ProductCERT and teaching as SANS instructor. He often is a keynote and invited guest speaker and presented at professional cybersecurity or industrial conferences like Black Hat, SANS ICS, ICS-CSR and CIRED.


John Carroll

Independent Security Contractor

John Carroll is an independent Information Security advisor and 'anti-stupid' gun-for-hire operating out of ctus.io, usually residing in financial, fin-tech and fashion spaces. A former penetration tester and security researcher, his interests span operational risk, attack simulations, the 'hacker MO', bug-hunting and all-things-tech. John is a prolific community contributor, having run workshops for: B-Sides, Steelcon and a range of industry groups.


Sharon Conheady

Director

First Defence Information Security

Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.


Daniel Cuthbert

Global Head of Security Research

Banco Santander

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).


Meadow Ellis

Lead Hardware Security Engineer

Meadow Ellis conducts hardware security research and engineering in the fintech world, she also specialises in out-of-bounds data exfiltration, physical security and surveillance technologies encompassing mechanical, electrical and software design. She has extensive experience in cooperating with law enforcement agencies, most recently with regards to financial crime. She lives and breathes in the blueteam camp. Recently she could have been seen with DEF CON 29, BSides Leeds, BSides Wales and BSides London where she also leads the Workshops team.

Meadow strives to approach information security from the people side trying to understand the reasons behind the failures, the human element that caused it and the changes needed to avoid it in the future - changes that need to start with us.


Eric Evenchick

Senior Research Consultant

Atredis Partners

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks".


Leigh-Anne Galloway

Security Researcher

Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.


Nathan Hamiel

Senior Director of Research

Kudelski Security

Nathan Hamiel is Senior Director of Research at Kudelski Security where he leads the fundamental and applied research team. Part of the Innovation group working to define the future of products and services for the company, his team focuses on privacy, advanced cryptography, emerging technologies, and special projects. He is also responsible for the research function at the company, connecting the dots between the various business units and focusing on collaboration both internal and external to the company. For over 20 years, he has helped customers worldwide solve complex security challenges and accelerate innovation.

Nathan spends his time focusing on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.


Jeff Horne

Head of Security

Skydio

Jeff Horne is the Head of Security at Skydio, a leading drone company specializing in autonomous vehicles. Jeff is responsible for security direction both within Skydio products and internal security. Prior to Skydio Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, and Physical Security. Before Optiv, he was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy as well as managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Jeff is an accomplished security professional with over 20 years of experience and a strong background in reverse engineering, exploitation, and malware research. He has authored several vulnerability disclosures and patents throughout his career.


Vincenzo Iozzo

Director

CrowdStrike

Vincenzo Iozzo is an entrepreneur and investor. He currently serves as a Director at CrowdStrike following the sale of his company Iperlane in 2017. Vincenzo is also a Network Leader at Village Global, a seed stage VC fund based in Silicon Valley. In addition, Vincenzo is an Associate Researcher at the MIT Media Lab and serves as a committee member on the Black Hat Conference board. Vincenzo co-authored the "iOS Hacker's Handbook" (Wiley, 2012) and the winning attacks against Firefox, iOS and Blackberry OS at Pwn2Own between 2010-2012.


Monnappa K A

Information Security Investigator

Cisco Systems

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation of advanced cyber-attacks, researching on cyber espionage and targeted attacks. He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the author of the upcoming book "Learning Malware Analysis". He is the co-founder of the cyber-security research community "Cysinfo". His fields of interest include malware analysis, reverse engineering, memory forensics and threat intelligence. He has presented at various security conferences like Black Hat, FIRST, SEC-T, DSCI, National Cyber Defence Summit and Cysinfo on various topics which include memory forensics, malware analysis, reverse engineering and rootkit analysis. He has conducted trainings at Black Hat, FIRST (Forum of Incident Response and Security teams), SEC-T, OPCDE cyber security conferences. He has also authored various articles in eForensics and Hakin9 magazines.

He regularly conducts training titled "A Practical Approach to Malware Analysis and Memory Forensics" around the world including Black Hat USA, Black Hat Asia and Black Hat Europe. You can find some of his contributions to the community in his YouTube channel, and he publishes blog posts at cysinfo.com


James Kettle

Head of Research

PortSwigger Web Security

James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on using web cache poisoning to turn caches into exploit delivery systems. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both Black Hat USA and EU, and OWASP AppSec USA and EU.


Marina Krotofil

Security Researcher

Marina Krotofil is a security researcher with a decade of experiences in advanced methods for securing Industrial Control Systems (ICS). She specializes in the discovery of new attack vectors and exploitation techniques, incident response, forensic investigations, ICS malware analysis and design of novel defense methods. Previously, Marina worked as a Senior Security Engineer at BASF (Germany), Principal Analyst and Subject Matter Expert (SME) in the Cyber-Physical Security Group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 25 academic articles and book chapters on ICS Security and is a regular speaker at the leading conference stages worldwide. Marina holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems.


Ping Look

Program Manager, Detection and Reaction Team (DART)

Microsoft, Enterprise Cybersecurity Group

Ping Look has over a decade of experience building, promoting and managing events in the IT space including two of the most iconic and massively influential IT security events: The Black Hat Briefings+Training and DEF CON. At Black Hat she managed the growth of brand from obscurity to profitability and grew the event from a three track, two day event to a six day, 11 track and training intense event that brought together the best and the most relevant (and occasionally the most obscure) speakers and content providers to Black Hat events in Asia, Europe, the Middle East and the US. During her tenure at Black Hat she was often referred to as the "The One You Don't Want to Piss Off (or you will die)".

Prior to entering the information security and events space, she worked in brand development and management in publishing, textiles and consumer products. She has extensive experience in design and marketing as well as product development.

Ping is currently engaged at Accuvant LABS working with one of the most technically proficient pentest and research teams in the world.


Federico Maggi

Research Expert at the AI4Sec Research Team

Huawei Technologies

Federico Maggi has more than a decade of research experience in the cybersecurity field. Federico has done offensive and defensive research on web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices. Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review. Currently employed as a Research Expert at the AI4Sec Research Team (ai4sec.net) in Huawei, Federico was a Senior Researcher with security giant Trend Micro (trendmicro.com), and previously an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students. Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences. More info about Federico and his work is available online at maggi.cc


Maria Markstedter

Security Researcher and Trainer

Maria Markstedter is an independent security researcher and trainer, focusing her research and work on ARM exploitation and reverse engineering of embedded systems. After spending some time as a Penetration Tester, she discovered her passion for processor security and reverse engineering and founded Azeria Labs to fill the gap in educational material on the exploitation of ARM-based devices by offering free hands-on tutorials and workshops. She regularly speaks at various security conferences, including HITBSecConf, Security Analyst Summit, and 44Con. In 2018, Maria was listed as one of the Forbes 30 Under 30 in the technology Europe division.


Marion Marschalek

Security Engineer

AWS

Marion Marschalek is a Security Engineer at AWS. Prior to that she worked at Intel and held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution is her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.


Haroon Meer

Founder

Thinkst

Haroon Meer is the founder of Thinkst, the company behind the well-loved Thinkst Canary (canary.tools). Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past two decades, he has delivered research, talks, and keynotes at conferences around the world.


Elisabeth Oswald

Professor, Cybersecurity Research

AAU in Klagenfurt

Elisabeth Oswald works as an academic researcher in the area of applied crypto, in particular leakage-based attacks. She has a particular interest in the intersection of statistics, machine/deep learning and side channels, and tries to develop tools and techniques to make sophisticated leakage analysis techniques accessible in the context of securing crypto implementations against side channel attacks. She has been an active member in the crypto community for many years: she has chaired the biggest events (CHES, Eurocrypt) and is associate editor of the Journal of Cryptology and the Journal of Cryptographic Engineering. She currently holds a professorship at AAU in Klagenfurt (Austria) where she is leading the Cybersecurity research.


Kymberlee Price

Engineering Response

Security Response + Outreach

With 18 years' experience in the information security industry specializing in application security incident response, community engagement and Open Source Security response strategy, Kymberlee Price is globally recognized as an industry leader in Security Response + Outreach.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education


Enno Rey

Founder and Managing Director

ERNW GmbH

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.


Runa A. Sandvik

Privacy and Security Researcher

Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She regularly teaches digital security to journalists and helps media organizations improve their security posture. She is also a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project.


Jen Savage

Offensive Security Consultant

ACTIVECYBER, LLC

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.


Anant Shrivastava

Founder

Cyfinoid Research

Anant Shrivastava is the founder of Cyfinoid Research which specializes in cyber security research. Previously he was a Technical Director at NotSoSecure Global Services, a boutique cyber security consultancy firm. He has been a trainer & a speaker at various international conferences (BlackHat-USA/ASIA/EU, Nullcon, c0c0n & many more). Anant also leads Open Source projects, Android Tamer & CodeVigilant. He also maintains the archive portal named Hacking Archives of India. In his free time, he likes to take part in open communities targeted towards spreading information security knowledge such as the null community, Garage4Hackers, hasgeek & OWASP.


Gabrielle Viala

Security Engineer

Quarkslab

Gabrielle Viala is currently a security engineer at Quarkslab. After working as a pentester for several years, she shifted in reverse engineering, where she found a great topic of interest - the Windows kernel. She is part of BlackHoodie from the very first edition and belongs to the organization crew. She also contributes as a speaker and trainer during not just BlackHoodie but also other security related events. She spoke at international conferences including Black Hat, Ekoparty and Infiltrate on various topics related to Windows Internals. She is still far from being an expert but enjoys sharing with other people and learning from them.


Kenn White

Security Principal

MongoDB

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.


Neil R. Wyler (a.k.a. Grifter)

Global Lead of Active Threat Assessments

IBM-X Force

Neil R. Wyler (a.k.a. Grifter) is an Information Security Engineer and Researcher located in Salt Lake City, Utah. Neil is currently with IBM-X Force as Global Lead of Active Threat Assessments. He has spent over 15 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 15 years and is a member of the Senior Staff at DEF CON. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is a member of the DEF CON CFP Review Board and Black Hat Training Review Board.


Stefano Zanero

Associate Professor, Dipartimento di Elettronica, Informazione e Bioingegneria

Politecnico di Milano

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 90 scientific papers and books. He is a Senior Member of the IEEE and sits in the Board of Governors of the IEEE Computer Society; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano is also a co-founder and chairman of Secure Network, a leading cybersecurity assessment firm, and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.


Saša Zdjelar

Senior Vice President, Enterprise Security

Salesforce

Saša Zdjelar is the SVP of Enterprise Security at Salesforce where he leads a global organization and is the executive sponsor for strategic corporate security initiatives such as Zero Trust. Prior to Salesforce, Saša spent nearly two decades working in the Energy sector in various security and non-security roles working on strategy, enterprise security & architecture, software engineering, ERP systems designs/integration, program and product management, planning & stewardship, etc.

He is a member of the Forbes Technology Council, a Fellow at the Cyber Readiness Institute (CRI), a member of the Black Hat CISO Summit Advisory Board, an active member in organizations such as Infragard, ISACA and ISSA, has been published in various industry publications, and has spoken at a number of industry conferences and universities. Saša holds a Bachelor's degree in Management and Master's degree in Decision Science from the University of Florida.