Regional Review Board

Antonios Atlasis (PhD) is a Senior Cyber Security Professional and Researcher currently working for the European Space Agency (ESA). Dr. Atlasis, with over 18 years of hands-on experience in the field and frequent presenter at security conferences, has a special interest in the security analysis of modern network protocols in particular and new security technologies in general.

Jon (@bitquark) has been part of the UK hacking scene for over 20 years. Leaving his life as a senior developer to become a security researcher, Jon reached the #1 spot on Bugcrowd before being hired by Tesla to work on its infamous Red Team, where he proactively protects the company from internal and external threats. Jon's current Interests include automation, artificial intelligence, and getting into places he shouldn't.

Thomas Brandstetter is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past noteworthy achievements include being the Stuxnet incident handler for Siemens, founding the Siemens ProductCERT and teaching as SANS instructor. He often is a keynote and invited guest speaker and presented at professional cybersecurity or industrial conferences like Black Hat, SANS ICS, ICS-CSR and CIRED.

Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol.

She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.

Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.

Daniel Cuthbert loves doing security research. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS) and sits on the UK Government Cybersecurity Advisory Board.

Meadow Ellis conducts hardware security research and engineering in the fintech world, she also specialises in out-of-bounds data exfiltration, physical security and surveillance technologies encompassing mechanical, electrical and software design. She has extensive experience in cooperating with law enforcement agencies, most recently with regards to financial crime. She lives and breathes in the blueteam camp. Recently she could have been seen with DEF CON 29, BSides Leeds, BSides Wales and BSides London where she also leads the Workshops team.

Meadow strives to approach information security from the people side trying to understand the reasons behind the failures, the human element that caused it and the changes needed to avoid it in the future - changes that need to start with us.

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks".

Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.

Nathan Hamiel is Senior Director of Research at Kudelski Security where he leads the fundamental and applied research team. Part of the Innovation group working to define the future of products and services for the company, his team focuses on privacy, advanced cryptography, emerging technologies, and special projects. He is also responsible for the research function at the company, connecting the dots between the various business units and focusing on collaboration both internal and external to the company. For over 20 years, he has helped customers worldwide solve complex security challenges and accelerate innovation.

Nathan spends his time focusing on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation of advanced cyber-attacks, researching on cyber espionage and targeted attacks. He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the author of the upcoming book "Learning Malware Analysis". He is the co-founder of the cyber-security research community "Cysinfo". His fields of interest include malware analysis, reverse engineering, memory forensics and threat intelligence. He has presented at various security conferences like Black Hat, FIRST, SEC-T, DSCI, National Cyber Defence Summit and Cysinfo on various topics which include memory forensics, malware analysis, reverse engineering and rootkit analysis. He has conducted trainings at Black Hat, FIRST (Forum of Incident Response and Security teams), SEC-T, OPCDE cyber security conferences. He has also authored various articles in eForensics and Hakin9 magazines.

He regularly conducts training titled "A Practical Approach to Malware Analysis and Memory Forensics" around the world including Black Hat USA, Black Hat Asia and Black Hat Europe. You can find some of his contributions to the community in his YouTube channel, and he publishes blog posts at cysinfo.com

James 'albinowax' Kettle is the Director of Research at PortSwigger. His latest work includes HTTP/2 desync attacks and web cache poisoning. James has extensive experience cultivating novel attack techniques, including RCE via Server-Side Template Injection, and abusing the HTTP Host header to poison password reset emails and server-side caches. James is also the author of various popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEFCON.

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.

Federico Maggi has more than a decade of research experience in the cybersecurity field. Federico has done offensive and defensive research on web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices. Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review. Currently employed as a Research Expert at the AI4Sec Research Team (ai4sec.net) in Huawei, Federico was a Senior Researcher with security giant Trend Micro (trendmicro.com), and previously an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students. Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences. More info about Federico and his work is available online at maggi.cc

Maria Markstedter is the founder and CEO of Azeria Labs, a company that provides training services to some of the world's top tech companies and law enforcement agencies. In addition, Maria is the author of the book "Arm Assembly Internals and Reverse Engineering - Blue Fox Edition", published in May 2023. With a Bachelor's degree in Corporate Security and a Master's degree in Enterprise Security, Maria has held key positions in various startups, including her role as the Chief Product Officer for Arm virtualization startup Corellium. In 2018, Maria was honored as a Forbes "30 under 30" in technology and has since been featured in Vogue Business Magazine. Her expertise in Arm reverse engineering and binary exploitation earned her the title of Forbes Person of the Year in Cybersecurity 2020. Maria has collaborated with Arm on exploit mitigation research in Cambridge and continues to empower security researchers and developers globally to effectively attack and defend Arm-based software.

Marion Marschalek is a Security Engineer at AWS. Prior to that she worked at Intel and held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution is her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.

Haroon Meer is the founder of Thinkst, the company behind the well-loved Thinkst Canary (canary.tools). Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past two decades, he has delivered research, talks, and keynotes at conferences around the world.

Dr. Ben Nassi is a cyber security specialist and a frequent conference speaker.

Ben holds more than 10 years of experience in cyber security as an independent consultant, a former Google employee, and a former project manager at the innovation labs of cyber @ BGU. He advised multinational automotive manufacturing corporations, advanced driver assistance systems manufacturers, multinational information and communications corporation and conglomerates, IoT and drones manufacturers, and more.

Ben presented his works at Black Hat (USA 20, Asia 21, Asia 22), DEFCON (18, 21), RSA Conference (20, 21), SecTor (20, 21), CodeBlue (20), AI Week (22), and CyberTech (20).

His works were covered by Forbes, Wall Street Journal, Mirror UK, Wired, ArsTechnica, MIT Technology Review, MotherBoard, Bloomberg, ZDNet, and more.

Angela Nicoara is Professor of Computer Science at Lucerne University of Applied Sciences and Arts (HSLU), Switzerland heading the IoT Innovation Lab and IoT Systems and Software Research Group. She is an impact-driven technical leader, systems researcher, and innovator with over 19 years of experience in industry and research, with a proven track record of building breakthrough technologies, systems, and software architectures in IoT, mobile, and distributed systems from inception to widespread adoption (at Intel USA, Deutsche Telekom USA, Google USA, ETH Zürich, Caatoosee Ltd, WebQuote USA, HSLU Switzerland). She has deep knowledge of technology, software, and business with education at ETH Zürich, Switzerland (PhD in Computer Science). Angela worked intensively and advanced state-of-the-art in these areas and published peer-reviewed articles that have appeared in numerous leading technical conferences, workshops, and symposia proceedings.

She is a regular speaker and panelist at premium international industry and scientific conferences. She received several prestigious awards and honors for her work and technical contributions, including Intel Division Recognition Award, Women in IT Awards USA - Finalist - "Innovator of the Year" (Top 10 Women Innovators in USA), Best Paper Awards from IEEE RTAS and ACM WWW, Deutsche Telekom Innovation Award. Her work has been quoted by the press and media, as well as chaired and served as TPC member of multiple industry and scientific conferences. She is a member of ACM and IEEE societies.

Elisabeth Oswald works as an academic researcher in the area of applied crypto, in particular leakage-based attacks. She has a particular interest in the intersection of statistics, machine/deep learning and side channels, and tries to develop tools and techniques to make sophisticated leakage analysis techniques accessible in the context of securing crypto implementations against side channel attacks. She has been an active member in the crypto community for many years: she has chaired the biggest events (CHES, Eurocrypt) and is associate editor of the Journal of Cryptology and the Journal of Cryptographic Engineering. She currently holds a professorship at AAU in Klagenfurt (Austria) where she is leading the Cybersecurity research.

With 18 years' experience in the information security industry specializing in application security incident response, community engagement and Open Source Security response strategy, Kymberlee Price is globally recognized as an industry leader in Security Response + Outreach.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.

Anant Shrivastava is the founder of Cyfinoid Research which specializes in cyber security research. Previously he was a Technical Director at NotSoSecure Global Services, a boutique cyber security consultancy firm. He has been a trainer & a speaker at various international conferences (BlackHat-USA/ASIA/EU, Nullcon, c0c0n & many more). Anant also leads Open Source projects, Android Tamer & CodeVigilant. He also maintains the archive portal named Hacking Archives of India. In his free time, he likes to take part in open communities targeted towards spreading information security knowledge such as the null community, Garage4Hackers, hasgeek & OWASP.

Matt Suiche joined Magnet Forensics as Director for Memory & Incident Response R&D with the acquisition Comae Technologies, a cyber-security start-up he founded.

In addition to Comae Technologies’ acquisition by Magnet Forensics in 2022, Matt also co-founded application virtualization start-up CloudVolumes which was acquired by VMware in 2014.

Matt frequently appears as a technology subject matter expert on TV in Bloomberg, Associated Press, and digital medias like Cyberscoop, Haaretz, WIRED, WashingtonPost, Motherboard, Techcrunch, The New York Times.

Gabrielle Viala is currently a security engineer at Quarkslab. After working as a pentester for several years, she shifted in reverse engineering, where she found a great topic of interest - the Windows kernel. She is part of BlackHoodie from the very first edition and belongs to the organization crew. She also contributes as a speaker and trainer during not just BlackHoodie but also other security related events. She spoke at international conferences including Black Hat, Ekoparty and Infiltrate on various topics related to Windows Internals. She is still far from being an expert but enjoys sharing with other people and learning from them.

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.

Neil R. Wyler (a.k.a. Grifter) is an Information Security Engineer and Researcher located in Salt Lake City, Utah. Neil is currently with IBM-X Force as Global Lead of Active Threat Assessments. He has spent over 15 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 15 years and is a member of the Senior Staff at DEF CON. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is a member of the DEF CON CFP Review Board and Black Hat Training Review Board.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and of the Computer Society, which has named him a Distinguished Visitor and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano also co-founded Secure Network, a leading cybersecurity assessment firm, and BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Saša Zdjelar is the SVP of Enterprise Security at Salesforce where he leads a global organization and is the executive sponsor for strategic corporate security initiatives such as Zero Trust. Prior to Salesforce, Saša spent nearly two decades working in the Energy sector in various security and non-security roles working on strategy, enterprise security & architecture, software engineering, ERP systems designs/integration, program and product management, planning & stewardship, etc.

He is a member of the Forbes Technology Council, a Fellow at the Cyber Readiness Institute (CRI), a member of the Black Hat CISO Summit Advisory Board, an active member in organizations such as Infragard, ISACA and ISSA, has been published in various industry publications, and has spoken at a number of industry conferences and universities. Saša holds a Bachelor's degree in Management and Master's degree in Decision Science from the University of Florida.