Regional Review Board

Ali Abbasi is a tenure-track faculty at CISPA Helmholtz Center for Information Security at Saarland University, Germany. Previously, he was a post-Doc researcher at the Chair of System Security at Ruhr-University Bochum and completed his Ph.D. at the Eindhoven University of Technology. His research interests include embedded systems security, security of mission-critical real-time software, and secure space and automotive systems. He currently leads the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware. His academic research appears usually in conferences such as USENiX Security, CCS, IEEE Security and privacy. Besides his academic work, he often presents his research in industrial venues such as Black Hat, RECon, OffensiveCon, CanSecWest, CC and S4.

Antonios Atlasis (PhD) is a Senior Cyber Security Professional and Researcher currently working for the European Space Agency (ESA). Dr. Atlasis, with over 18 years of hands-on experience in the field and frequent presenter at security conferences, has a special interest in the security analysis of modern network protocols in particular and new security technologies in general.

Jon (Bitquark) has been part of the UK hacking scene for nearly 25 years. His experience spans from managing large networks as a system administrator, to building complex secure systems as a developer, to working as a freelance security consultant. After reaching the top of Bugcrowd's worldwide leaderboard, Jon was hired by Tesla where he worked for over 8 years as a member of the Red Team, breaking, improving, and designing systems from the ground up to protect data and people. Returning to his roots, Jon now pursues his interests as an independent security researcher. You can follow him at mastodon.social/@bitquark

Thomas Brandstetter is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past noteworthy achievements include being the Stuxnet incident handler for Siemens, founding the Siemens ProductCERT and teaching as SANS instructor. He often is a keynote and invited guest speaker and presented at professional cybersecurity or industrial conferences like Black Hat, SANS ICS, ICS-CSR and CIRED.

Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol.

She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.

Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.

Daniel Cuthbert loves doing security research. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS) and sits on the UK Government Cybersecurity Advisory Board.

Meadow Ellis conducts hardware security research and engineering in the fintech world, she also specialises in out-of-bounds data exfiltration, physical security and surveillance technologies encompassing mechanical, electrical and software design. She has extensive experience in cooperating with law enforcement agencies, most recently with regards to financial crime. She lives and breathes in the blueteam camp. Recently she could have been seen with DEF CON 29, BSides Leeds, BSides Wales and BSides London where she also leads the Workshops team.

Meadow strives to approach information security from the people side trying to understand the reasons behind the failures, the human element that caused it and the changes needed to avoid it in the future - changes that need to start with us.

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks".

Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.

Nathan Hamiel is Senior Director of Research at Kudelski Security where he leads the fundamental and applied research team. Part of the Innovation group working to define the future of products and services for the company, his team focuses on privacy, advanced cryptography, emerging technologies, and special projects. He is also responsible for the research function at the company, connecting the dots between the various business units and focusing on collaboration both internal and external to the company. For over 20 years, he has helped customers worldwide solve complex security challenges and accelerate innovation.

Nathan spends his time focusing on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.

Monnappa K A is a Security professional with over 15 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis."He is the review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility plugin contest 2016. He co-founded the cybersecurity research community "Cysinfo". He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel, and you can read his blog posts at cysinfo.com

James 'albinowax' Kettle is the Director of Research at PortSwigger. His latest work includes HTTP/2 desync attacks and web cache poisoning. James has extensive experience cultivating novel attack techniques, including RCE via Server-Side Template Injection, and abusing the HTTP Host header to poison password reset emails and server-side caches. James is also the author of various popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEFCON.

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.

Federico Maggi has more than a decade of research experience in the cybersecurity field. Federico has done offensive and defensive research on web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices. Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review. Currently employed as a Research Expert at the AI4Sec Research Team (ai4sec.net) in Huawei, Federico was a Senior Researcher with security giant Trend Micro (trendmicro.com), and previously an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students. Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences. More info about Federico and his work is available online at maggi.cc

Maria Markstedter is the founder and CEO of Azeria Labs, a company that provides training services to some of the world's top tech companies and law enforcement agencies. In addition, Maria is the author of the book "Arm Assembly Internals and Reverse Engineering - Blue Fox Edition", published in May 2023. With a Bachelor's degree in Corporate Security and a Master's degree in Enterprise Security, Maria has held key positions in various startups, including her role as the Chief Product Officer for Arm virtualization startup Corellium. In 2018, Maria was honored as a Forbes "30 under 30" in technology and has since been featured in Vogue Business Magazine. Her expertise in Arm reverse engineering and binary exploitation earned her the title of Forbes Person of the Year in Cybersecurity 2020. Maria has collaborated with Arm on exploit mitigation research in Cambridge and continues to empower security researchers and developers globally to effectively attack and defend Arm-based software.

Marion Marschalek is a Security Engineer at AWS. Prior to that she worked at Intel and held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution is her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.

Dr. Ben Nassi is a cyber security specialist and a frequent conference speaker.

Ben holds more than 10 years of experience in cyber security as an independent consultant, a former Google employee, and a former project manager at the innovation labs of cyber @ BGU. He advised multinational automotive manufacturing corporations, advanced driver assistance systems manufacturers, multinational information and communications corporation and conglomerates, IoT and drones manufacturers, and more.

Ben presented his works at Black Hat (USA 20, Asia 21, Asia 22), DEFCON (18, 21), RSA Conference (20, 21), SecTor (20, 21), CodeBlue (20), AI Week (22), and CyberTech (20).

His works were covered by Forbes, Wall Street Journal, Mirror UK, Wired, ArsTechnica, MIT Technology Review, MotherBoard, Bloomberg, ZDNet, and more.

Angela Nicoara is Professor of Computer Science at Lucerne University of Applied Sciences and Arts (HSLU), Switzerland heading the IoT Innovation Lab and IoT Systems and Software Research Group. She is an impact-driven technical leader, systems researcher, and innovator with over 20 years of experience in industry and research, with a proven track record of building breakthrough technologies, systems, and software architectures in IoT, mobile, and distributed systems from inception to widespread adoption (at Intel USA, Deutsche Telekom USA, Google USA, ETH Zurich, Caatoosee Ltd, WebQuote USA, HSLU Switzerland). She has deep knowledge of technology, software, and business with education at ETH Zurich, Switzerland (PhD in Computer Science). Angela worked intensively and advanced state-of-the-art in these areas and published peer-reviewed articles that have appeared in numerous leading technical conferences, workshops, and symposia proceedings. She holds several patents for mobile systems.

She is a regular speaker and panelist at premium international industry and scientific conferences. She received several prestigious awards and honors for her work and technical contributions, including Intel Division Recognition Award, Women in IT Awards USA - Finalist - "Innovator of the Year" (Top 10 Women Innovators in USA), Best Paper Awards from IEEE RTAS and ACM WWW, Deutsche Telekom Innovation Award. Her work has been quoted by the press and media, as well as co-chaired and serves as review board and TPC member of multiple industry and scientific conferences. She is a member of ACM and IEEE societies.

With 18 years' experience in the information security industry specializing in application security incident response, community engagement and Open Source Security response strategy, Kymberlee Price is globally recognized as an industry leader in Security Response + Outreach.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.

Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP.

Matt Suiche joined Magnet Forensics as Director for Memory & Incident Response R&D with the acquisition Comae Technologies, a cyber-security start-up he founded.

In addition to Comae Technologies’ acquisition by Magnet Forensics in 2022, Matt also co-founded application virtualization start-up CloudVolumes which was acquired by VMware in 2014.

Matt frequently appears as a technology subject matter expert on TV in Bloomberg, Associated Press, and digital medias like Cyberscoop, Haaretz, WIRED, WashingtonPost, Motherboard, Techcrunch, The New York Times.

Vandana Verma is a seasoned security professional. She is a seasoned speaker / Trainer and presented at various public events ranging from Global OWASP AppSec events to Black Hat events to regional events like BSides events in India.

She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec and null. Vandana is a member of the Black Hat Asia and Europe Review Boards as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few.

She has been the recipient of multiple prestigious awards like Cyber Security Leader of the Year Award 2023 by BSides, the Resilient CISO award by Dynamic CISO, Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource, Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category "Secure Coder". She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

Gabrielle Viala is currently a security engineer at Quarkslab. After working as a pentester for several years, she shifted in reverse engineering, where she found a great topic of interest - the Windows kernel. She is part of BlackHoodie from the very first edition and belongs to the organization crew. She also contributes as a speaker and trainer during not just BlackHoodie but also other security related events. She spoke at international conferences including Black Hat, Ekoparty and Infiltrate on various topics related to Windows Internals. She is still far from being an expert but enjoys sharing with other people and learning from them.

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.

Neil R. Wyler (a.k.a. Grifter) is an Information Security Engineer and Researcher located in Salt Lake City, Utah. Neil is currently with IBM-X Force as Global Lead of Active Threat Assessments. He has spent over 15 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 15 years and is a member of the Senior Staff at DEF CON. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is a member of the DEF CON CFP Review Board and Black Hat Training Review Board.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and of the Computer Society, which has named him a Distinguished Visitor and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano also co-founded Secure Network, a leading cybersecurity assessment firm, and BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Saša Zdjelar is a Partner at Crosspoint Capital with ~20 years of Fortune 10 global executive leadership experience. Prior to Crosspoint Capital, Saša served as the Senior Vice President of Security at Salesforce, where he led a global organization encompassing enterprise security, product security, offensive security, security engineering/automation, bug bounty programs, technical product/program/project management, and mergers & acquisitions. He also played a crucial role as the executive sponsor for strategic corporate security initiatives, such as Zero Trust.

Prior to his tenure at Salesforce, Saša spent nearly two decades at ExxonMobil, holding various positions focusing on strategy, enterprise security & architecture, software engineering, ERP systems design/integration, program and product management, planning & stewardship, compute and hosting platforms, and digital/cyber resilience.

Saša is an active participant and founding member of several CISO leadership communities. He is also a member of the Forbes Technology Council, a Fellow at the Cyber Readiness Institute (CRI), a member of the Black Hat CISO Summit Advisory Board and Black Hat Content Review Board, and engages in organizations such as Infragard, ISACA, and ISSA. His insights have been published in various industry publications, and he has spoken at numerous industry conferences and universities.

Saša holds a Bachelor's degree in Management and a Master's degree in Decision Science from the University of Florida.