Regional Review Board

Ali Abbasi is a tenure-track faculty at CISPA Helmholtz Center for Information Security at Saarland University, Germany. Previously, he was a postdoc researcher at the Chair of System Security at Ruhr-University Bochum and completed his Ph.D. at the Eindhoven University of Technology. His research interests include embedded systems security, security of mission-critical real-time software, and secure space and automotive systems. He currently leads the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware. His academic research appears usually in conferences such as USENIX Security, NDSS, IEEE Security and Privacy. Besides his academic work, he often presents his research in industrial venues such as Black Hat, RECon, OffensiveCon, CanSecWest, CCC and S4.

Ange Albertini has been a reverse engineer since the 80s, and started his Infosec career as a malware analyst decades ago. His wide knowledge of file formats is available in his hundreds of Corkami posters and visualisations, and is essential for projects like Magika, the AI-powered file type detection at Google. His passion for retrocomputing and funky files makes him explore the darkest corners of the files landscape: bypassing security with ancient techniques, analyzing parsers and breaking them with extreme files, writing tools to evade detections via mock files or polyglots such as PoC||GTFO, exploiting AES-GCM via crypto-polyglots or colliding SHA1 via Shattered.

Antonios Atlasis is a Cyber Security / Systems Security Engineer at the European Space Agency (ESA). With more than 20 years of experience on cyber security in general and network security in particular, he has published and presented his research on network protocols insecurities in various conferences. The last years his interest moved from cyber space to outer space, focusing on promoting research and development on technologies needed to secure space missions and systems.

Tomer Bar is the VP of Security Research at SafeBreach. He has been leading security research groups for the past twenty years.

He is a frequent public speaker and has presented his research at prestigious global cybersecurity conferences, including three Black Hat USA, Black Hat Asia, and four consecutive DEFCON USA (28-31) events, as well as Recon, SecTor, Security Fest, and many others.

Currently, Tomer focuses on vulnerability and APT research, with extensive experience in red-teaming, reverse engineering, and forensic research. He has discovered multiple vulnerabilities in the Windows operating system and was recognized as one of Microsoft’s 2023 Most Valuable Security Researchers. He was also nominated for Best Privilege Escalation Vulnerability at the 2021 Pwnie Awards. Tomer holds a Master's degree from Bar Ilan University.

His work has been featured in major publications such as the Washington Post, Newsweek, BBC, and Wired.

The team he leads is one of the most productive in original research, qualifying to speak at all Black Hat USA and DEFCON USA events for the past five consecutive years, with fifteen talks, in addition to five talks at Black Hat Europe and Asia.

Johan Berggren is a seasoned incident responder and digital forensics expert with over 20 years of experience. He is a member of the Google Security Incident Response Team where he leads the development of digital forensic tools at Google. He actively contributes to the community by creating open source tools. Johan is a recognized expert in the field, serving as Google’s representative at FIRST (Forum of Incident Response and Security Teams) and a frequent speaker at industry conferences.

Jon (Bitquark) has been part of the UK hacking scene for nearly 25 years. His experience spans from managing large networks as a system administrator, to building complex secure systems as a developer, to working as a freelance security consultant. After reaching the top of Bugcrowd's worldwide leaderboard, Jon was hired by Tesla where he worked for over 8 years as a member of the Red Team, breaking, improving, and designing systems from the ground up to protect data and people. Returning to his roots, Jon now pursues his interests as an independent security researcher. You can follow him at mastodon.social/@bitquark

Thomas Brandstetter is a recognized OT cybersecurity expert, with more than 20 years of background in the industry. He is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past career track record includes being the Stuxnet incident handler for Siemens and founding the Siemens ProductCERT. He often is a keynote and invited guest speaker on the topic of OT and critical infrastructure security. He co-founded and still supports many security community events and initiatives such as the ICS Village at DEFCON/BruCON, IT-SECX and ICS-CSR.

Sofía Celi is a cryptography researcher at Brave. She is the co-chair of the human rights and protocols considerations research group at IRTF, of the Post-Quantum Use In Protocols working group at IETF, and of the anti-fraud community group at W3C. She studied classical music and literature, but currently researches about security, cryptography and privacy on the Internet.

Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol.

She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.

Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.

Daniel Cuthbert has been on a relentless quest to build software so secure that even he might struggle to hack it (but don't count on it). Self-diagnosed with an obsession for bugs and offensive operations, he's turned his penchant for poking holes into a crusade for making vendors shape up. By channeling his mischief into the OWASP ASVS and other cunning initiatives, he's been plotting to save the software world—one responsible vendor at a time.

Diane Dubois is a Senior Security Engineer and Tech Lead Manager for the Memory Safety team at Google. After spending several years focusing on Vulnerability Research and large Security Reviews applied to diverse stacks (from hypervisors to BMCs and Kubernetes), she shifted towards Memory Safety to work on protecting Google and its users from memory corruption. Her other core areas of proficiency are systems and virtualization. She presented at different conferences including BlueHat IL.

Diane is also an active contributor to the security community as a member of several conference Review Boards and through her involvement in women's associations.

Meadow Ellis conducts hardware security research and engineering in the fintech world, she also specialises in out-of-bounds data exfiltration, physical security and surveillance technologies encompassing mechanical, electrical and software design. She has extensive experience in cooperating with law enforcement agencies, most recently with regards to financial crime. She lives and breathes in the blueteam camp. Recently she could have been seen with DEF CON 29, BSides Leeds, BSides Wales and BSides London where she also leads the Workshops team.

Meadow strives to approach information security from the people side trying to understand the reasons behind the failures, the human element that caused it and the changes needed to avoid it in the future - changes that need to start with us.

Eric Evenchick is a co-founder and Managing Partner at Tetrel Security, specializing in embedded device security and bespoke tool development. His journey into embedded systems began with the development of research vehicles at the University of Waterloo in collaboration with General Motors and the US Environmental Protection Agency.

This experience propelled him into roles involving the development of automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors. Prior to co-founding Tetrel Security in 2023, Eric served as Technical Director at NCC Group and as Principal Research Consultant at Atredis Partners. In these capacities, he conducted security assessments on diverse hardware and software targets, encompassing automotive systems, medical devices, cloud infrastructure, and mobile devices.

Eric holds a Bachelor of Applied Science in Electrical Engineering from the University of Waterloo. He has been a featured presenter at numerous technology and security conferences, including Black Hat, escar, SecTor, ToorCon, NorthSec, and PyCon USA. His work has garnered recognition in publications such as Wired and Forbes. Since 2019, Eric has been delivering training sessions on reverse engineering embedded systems at Black Hat conferences worldwide.

James Forshaw is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities, he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of two security books “Attacking Network Protocols” and "Windows Security Internals", both available from NoStarch Press.

Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.

Nathan Hamiel is Senior Director of Research at Kudelski Security, where he leads the fundamental and applied research team, part of the Innovation group working to define the future of the company’s products and services. He focuses on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. Nathan is passionate about risks at the intersection of technology and humanity and shares his thoughts on his blog, Perilous.tech. During his nearly 25 years in cybersecurity, he has been a regular public speaker, presenting his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, serving as the AI, ML, and Data Science track lead.

Flora Herzner is a System Security Engineer at the European Space Agency (ESA). With a Master's in Mathematics and Computer Science, she excels in cryptography and key management, with a keen interest in advancing towards the post-quantum era. Previously, she worked at the Federal Office for Information Security (BSI), focusing on security for satellite systems. Flora's expertise supports ESA's critical missions, ensuring the security of advanced space technologies.

Monnappa K A is a Security professional with over 15 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis."He is the review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility plugin contest 2016. He co-founded the cybersecurity research community "Cysinfo". He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel, and you can read his blog posts at cysinfo.com

James 'albinowax' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He's best known for pioneering novel web attack techniques, and publishing them at major conferences like Black Hat USA, at which he's presented for seven consecutive years.

He also loves exploring and advising on innovative tool concepts for security professionals, many of which have since become industry standard. Examples include introducing OAST via Burp Collaborator, bulk parameter discovery via Param Miner, billion-request attacks with Turbo Intruder, and human-style scanning with Backslash Powered Scanner.

His best-known research is HTTP Desync Attacks, which popularised HTTP Request Smuggling. Other popular attack techniques that can be traced back to his research include web cache poisoning, the single-packet attack, server-side template injection, and password reset poisoning. He's also the designer behind many of the topics and labs that make up the Web Security Academy. You can reach him on X, formerly known as Twitter, at @albinowax.

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.

Federico Maggi has more than a decade of research experience in the cybersecurity field and has worked on offensive and defensive projects in web applications, network protocols, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices.

Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review.

Currently employed as a Senior Security Engineer at AWS with focus on server firmware and hardware, Federico has been a Research Expert in the Huawei AI4Sec Research team, and a Senior Researcher with Trend Micro. Previously, Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside from his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students.

Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences.

More info about Federico and his work is available online at maggi.cc

Maria Markstedter is the founder and CEO of Azeria Labs, a company that provides training services to some of the world's top tech companies and law enforcement agencies. In addition, Maria is the author of the book "Arm Assembly Internals and Reverse Engineering - Blue Fox Edition", published in May 2023. With a Bachelor's degree in Corporate Security and a Master's degree in Enterprise Security, Maria has held key positions in various startups, including her role as the Chief Product Officer for Arm virtualization startup Corellium. In 2018, Maria was honored as a Forbes "30 under 30" in technology and has since been featured in Vogue Business Magazine. Her expertise in Arm reverse engineering and binary exploitation earned her the title of Forbes Person of the Year in Cybersecurity 2020. Maria has collaborated with Arm on exploit mitigation research in Cambridge and continues to empower security researchers and developers globally to effectively attack and defend Arm-based software.

Marion Marschalek is a Security Engineer at AWS. Prior to that she worked at Intel and held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution is her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.

Shubham Mittal is the CEO of RedHunt Labs, a leading 360-degree Attack Surface Management platform. Previously, he served as the CTO of Neotas and co-founded Recon Village, an OSINT-focused mini-conference at DEFCON.

As a dedicated Black Hat trainer, Shubham delivers the highly-regarded ‘Tactical OSINT for Pentesters’ course. He has trained and presented to various government organizations, and security firms, and at notable conferences such as Black Hat, DEFCON, HackMiami, and Nullcon.

Shubham has a strong foothold in OSINT, Recon, Cybersecurity, and Product Engineering. His expertise covers Offensive and Defensive security, Open Source Intelligence, and Perimeter Security. Actively involved in the Null-Open Security Community, Shubham prefers working from the command line and using the vi editor.

Dr. Ben Nassi is a cyber security specialist and a frequent conference speaker.

Ben holds more than 10 years of experience in cyber security as an independent consultant, a former Google employee, and a former project manager at the innovation labs of cyber @ BGU. He advised multinational automotive manufacturing corporations, advanced driver assistance systems manufacturers, multinational information and communications corporation and conglomerates, IoT and drones manufacturers, and more.

Ben presented his works at Black Hat (USA 20, Asia 21, Asia 22), DEFCON (18, 21), RSA Conference (20, 21), SecTor (20, 21), CodeBlue (20), AI Week (22), and CyberTech (20).

His works were covered by Forbes, Wall Street Journal, Mirror UK, Wired, ArsTechnica, MIT Technology Review, MotherBoard, Bloomberg, ZDNet, and more.

Angela Nicoara is Professor of Computer Science at Lucerne University of Applied Sciences and Arts (HSLU), Switzerland heading the IoT Innovation Lab and IoT Systems and Software Research Group. She is an impact-driven technical leader, systems researcher, and innovator with over 20 years of experience in industry and research, with a proven track record of building breakthrough technologies, systems, and software architectures in IoT, mobile, and distributed systems from inception to widespread adoption (at Intel USA, Deutsche Telekom USA, Google USA, ETH Zurich, Caatoosee Ltd, WebQuote USA, HSLU Switzerland). She has deep knowledge of technology, software, and business with education at ETH Zurich, Switzerland (PhD in Computer Science). Angela worked intensively and advanced state-of-the-art in these areas and published peer-reviewed articles that have appeared in numerous leading technical conferences, workshops, and symposia proceedings. She holds several patents for mobile systems.

She is a regular speaker and panelist at premium international industry and scientific conferences. She received several prestigious awards and honors for her work and technical contributions, including Intel Division Recognition Award, Women in IT Awards USA - Finalist - "Innovator of the Year" (Top 10 Women Innovators in USA), Best Paper Awards from IEEE RTAS and ACM WWW, Deutsche Telekom Innovation Award. Her work has been quoted by the press and media, as well as co-chaired and serves as review board and TPC member of multiple industry and scientific conferences. She is a member of ACM and IEEE societies.

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.

Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP. social.anantshri.info/@anant

Vandana Verma is a seasoned security professional. She is a seasoned speaker / Trainer and presented at various public events ranging from Global OWASP AppSec events to Black Hat events to regional events like BSides events in India.

She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec and null. Vandana is a member of the Black Hat Asia and Europe Review Boards as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few.

She has been the recipient of multiple prestigious awards like Cyber Security Leader of the Year Award 2023 by BSides, the Resilient CISO award by Dynamic CISO, Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource, Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category "Secure Coder". She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

Gabrielle Viala is currently a security engineer at Quarkslab. After working as a pentester for several years, she shifted in reverse engineering, where she found a great topic of interest - the Windows kernel. She is part of BlackHoodie from the very first edition and belongs to the organization crew. She also contributes as a speaker and trainer during not just BlackHoodie but also other security related events. She spoke at international conferences including Black Hat, Ekoparty and Infiltrate on various topics related to Windows Internals. She is still far from being an expert but enjoys sharing with other people and learning from them.

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.

Neil R. Wyler (a.k.a. Grifter) is the Vice President of Defensive Services for Coalfire. He has spent over 20 years as a security professional, focusing on penetration testing, physical security, incident response, and threat hunting. He has been a staff member of the Black Hat Security Briefings for 22 years and a member of the Senior Staff at DEF CON for 23 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and of the Computer Society, which has named him a Distinguished Visitor and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano also co-founded Secure Network, a leading cybersecurity assessment firm, and BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.