Review Board

Please press or click a member's name for more information.

Jamie Butler

Chief Technology Officer, Chief Scientist

Endgame

Jamie Butler is the Chief Technology Officer and Chief Scientist at Endgame, where he leads Endgame's research on advanced threats, vulnerabilities and attack patterns. He has directed research teams at some of the most prominent and successful security companies of the last decade. Most recently, Butler was Chief Architect at FireEye and Chief Researcher at Mandiant. A recognized leader in attack and detection techniques, he has over 17 years of experience and knowledge in operating system security. Butler was a computer scientist at the National Security Agency and co-authored the bestseller Rootkits: Subverting the Windows Kernel. Butler is also a frequent speaker at the foremost computer security conferences and serves as a Review Board member for Black Hat. He co-developed and instructs the popular security courses "Advanced Memory Forensics in Incident Response," "Advanced 2nd Generation Digital Weaponry," and "Offensive Aspects of Rootkit Technology."


Daniel Cuthbert

Global Head of Security Research

Banco Santander

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).


Dino Dai Zovi

Mobile Security Lead

Square

Dino Dai Zovi is the Mobile Security Lead at Square. He has been working in information security for over 15 years with experience in red teaming, penetration testing, software security, information security management, and cybersecurity R&D. Dino is also a regular speaker at information security conferences having presented his independent research on memory corruption exploitation techniques, 802.11 wireless client attacks, and Intel VT-x virtualization rootkits at conferences around the world including Black Hat, RSA, DEFCON, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker's Handbook" (Wiley, 2009) and "The Art of Software Security Testing" (Addison-Wesley, 2006). In 2008, eWEEK named him one of the 15 Most Influential People in Security. He is best known in the information security and Mac communities for winning the first PWN2OWN contest at CanSecWest 2007.


Matt Devost

CEO and Co-Founder

OODA LLC

Matt Devost is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cybersecurity issues.

Currently, Mattt is CEO and Co-Founder of OODA LLC. Previously Matt was a Managing Director at Accenture where he led the Global Cyber Defense practice. Matt joined Accenture following their 2015 acquisition of the global cybersecurity consultancy FusionX LLC where he had served as President & CEO since 2010.

Matt was an Adjunct Professor at Georgetown University for fourteen years where he taught a graduate course on Information Warfare and security, is a Founding Director of the Cyberconflict Studies Association, and served as a special advisor to the Department of Defense. Matt founded the Terrorism Research Center, Inc. (TRC) in 1996, where he served as President and CEO until November 2008. Previously, Matt has also held leadership positions at iSIGHT Partners, Technical Defense, Security Design International, iDEFENSE and SAIC. Mr. Devost has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.


Mark Dowd

Founder, Director

Azimuth Security

Mark Dowd is an expert in application security, specializing primarily in host and server based Operating Systems. He is currently the director of Azimuth Security, a botique security company he founded that specializes in code review and cutting edge security research. Prior to starting Azimuth, his professional experience includes several years as a senior researcher at a fortune 500 company, where he uncovered a variety of major vulnerabilities in ubiquitous Internet software. He also worked as a Principal Security Architect for McAfee, where he was responsible for internal code audits, secure programming classes, and undertaking new security initiatives. Mark has also co-authored a book on the subject of application security named "The Art of Software Security Assessment," and has spoken at several industry-recognized conferences.


Trey Ford

Head of Trust

Heroku, a division of Salesforce

Trey Ford is the Head of Trust at Heroku, a division of Salesforce. Heroku's Trust organization is responsible for the service reliability engineering and information security of the platform.

Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and provided services ranging from strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.


Nathan Hamiel

Head of Cybersecurity Research

Kudelski Security

Nathan Hamiel is Head of Cybersecurity Research at Kudelski Security, an international security company providing innovative and tailored solutions to enterprises and public-sector clients. Nathan works in the innovation group defining the future of services and products for the company. A security veteran with a strong focus on software security, he has spent his nearly 20-year career helping customers around the world solve complex security challenges.

Nathan is a regular public speaker and has presented his research at global security events including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is a member of the Black Hat review board where he evaluates research for inclusion into the various conferences around the world.


Robert Hansen

CTO

Bit Discovery

Robert Hansen became the CTO of Bit Discovery after his company OutsideIntel was acquired. Mr. Hansen has worked for Digital Island, Exodus Communications and Cable & Wireless beginning as a Sr. Security Architect and eventually leading managed security services product management. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-malware and anti-virus. Later he was the VP of Labs for Whitehat Security. Robert currently sits on the technical advisory board of and contributes to the security strategy of several startup companies as a virtual CISO and Innovation Officer. Mr. Hansen ran the web application security lab at ha.ckers.org, and authored/co-authored several books.


Christofer Hoff

Christofer Hoff has more than 25 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management.

Currently, Hoff is working on getting jacked and tanned. He also enjoys talking about himself in the third person.

Prior to his life of leisure, Hoff was the CISO at Citadel, led the global cyber security defense team at Bank of America after previously leading the cyber security engineering function.

His previous roles included: Vice President and Security CTO, Juniper Development & Innovation, VP of Strategic Planning and Technical Marketing Engineering team and Global Chief Security Architect of the Advanced Technology Team. Prior he was Director of Cloud & Virtualization Solutions at Cisco Systems, was Unisys Corporation's Chief Security Architect, Crossbeam Systems' chief security strategist, CISO/director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.


Jeff Horne

CSO

Ordr

Jeff Horne is CSO at Ordr, a leading enterprise IoT security company, where he is responsible for security direction both within Ordr products and internal security. He is an accomplished security professional with over 20 years' experience and is also a Member of the Review Board at Black Hat. Prior to Ordr, Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups. Before Optiv, he was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy as well as managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Jeff is a proven leader with a strong background in reverse engineering, exploitation, and malware research. He has authored several vulnerability disclosures and patents throughout his career.


Vincenzo Iozzo

Director

CrowdStrike

Vincenzo Iozzo is an entrepreneur and investor. He currently serves as a Director at CrowdStrike following the sale of his company Iperlane in 2017. Vincenzo is also a Network Leader at Village Global, a seed stage VC fund based in Silicon Valley. In addition, Vincenzo is an Associate Researcher at the MIT Media Lab and serves as a committee member on the Black Hat Conference board. Vincenzo co-authored the "iOS Hacker's Handbook" (Wiley, 2012) and the winning attacks against Firefox, iOS and Blackberry OS at Pwn2Own between 2010-2012.


Ping Look

Program Manager, Detection and Reaction Team (DART)

Microsoft, Enterprise Cybersecurity Group

Ping Look has over a decade of experience building, promoting and managing events in the IT space including two of the most iconic and massively influential IT security events: The Black Hat Briefings + Trainings and DEF CON. At Black Hat she managed the growth of brand from obscurity to profitability and grew the event from a three track, two-day event to a six day, 11 track and training intense event that brought together the best and the most relevant (and occasionally the most obscure) speakers and content providers to Black Hat events in Asia, Europe, the Middle East and the US. During her tenure at Black Hat she was often referred to as the Ping of Death aka "The One You Don't Want to Piss Off (or you will die)".

Ping is currently engaged as a program manager on the Detection and Reaction Team (DART) at Microsoft, Enterprise Cybersecurity Group.


Shawn Moyer

Founding Partner

Atredis Partners

Shawn Moyer is a Founding Partner at Atredis Partners, a private security research and software security consultancy created with frequent BlackHat speakers Josh Thomas and Nathan Keltner, performing on-spec vulnerability research and reverse engineering as well as advanced penetration testing for clients all over the world. Shawn has been involved professionally in information security for 20 years, and unprofessionally for longer than he'd care to admit. Shawn's most recent work has focused on mobile and embedded security, as well as continued work with Smart Grid, SCADA, and other industrial technologies.

Previously, Shawn created the Applied Research at Accuvant Labs, helped launch the Penetration Testing practice at FishNet Security, and has written on emerging threats and other topics for Information Security Magazine and ZDNet. Shawn's research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times, as well as countless other industry publications. Shawn has been a ten-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan. Shawn has been a member of the BlackHat Briefings Review Board since 2008.


Kymberlee Price

Security Community and Partner Engagement Programs

Microsoft

Kymberlee Price currently leads the Microsoft Security Response Center's Community & Partner Programs organization, whose mission is to protect customers through collaboration with external industry partners. Programs under her direction include Microsoft’s bug bounty programs and security researcher engagement initiatives, Microsoft Active Protections Program, BlueHat security conferences, and OSS security response strategy.

With 17 years' specialization in application security incident response, Ms. Price got her start by pioneering the first security researcher outreach program in the software industry at Microsoft in 2003, the very team she now leads. She was later a principal investigator in the Zotob criminal investigation and analyzed APT's at Microsoft. Leaving Microsoft in 2009 she spent 4 years investigating open source vulnerabilities in BlackBerry's Security Response Team, followed by three years directing the efforts of crowdsourced security researchers at Bugcrowd. In 2017 she returned to Microsoft and her passion for application security and open source security management.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world including Black Hat, Kaspersky Security Analyst Summit, RSA, Nullcon, and Metricon. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education.


Thomas Ptacek

Principal

Latacora

Thomas Ptacek is a principal at Latacora, which runs security teams for startups.

A software security practitioner since 1995, Thomas worked at Secure Networks, Network Associates, McAfee, and Arbor networks before cofounding Matasano Security, which is now part of NCC Group.


Billy Rios

Founder

Whitescope LLC

Billy Rios is the founder of Whitescope LLC, a startup focused on embedded device security. His interests include: web applications, browser, Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. Billy has worked at Google where he provided security engineering support and led the front line response for externally reported security issues. Prior to Google, Billy was the Security Program Manager for Internet Explorer (Microsoft). Billy is also the 2008 Pwnie award winner for "Best Client Side Bug."


Chris Rohlf

Staff Security Engineer

Square

Chris Rohlf is currently a staff security engineer at Square in New York City where he focuses on developing remote attestation and tamper detection technologies. He specializes in vulnerability discovery, exploitation, and reverse engineering. He has presented new research at Black Hat USA on multiple occasions and taught a popular training course on C/C++ source code analysis. Chris has over fourteen years of experience in various security roles including software engineer, researcher, consultant, and entrepreneur. Prior to Square he led the Red Team at Yahoo, founded Leaf Security Research, a boutique security consulting firm acquired by Yahoo; a Principal Security Consultant at Matasano Security; and previously worked as a Security Researcher for the US Department of Defense.


Jen Savage

Security Researcher

Threatcare

Jen Savage is a security researcher for Threatcare. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Web Application Security and the Internet of Things.


Adam Shostack

Shostack & Associates

Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.


Robert J. Stratton III

General Partner

MACH37

Robert J. Stratton III is a serial entrepreneur, technologist, and researcher specializing in commercial development of early-stage security technologies, multinational network security, technology policy, and innovation management.

Mr. Stratton is a General Partner in MACH37, a Virginia startup accelerator supporting new information security companies. Previously, he was Chief Strategy & Security Officer at WiTopia, and Director of Government Research at Symantec Research Labs. Before joining Symantec, he was co-founder and CTO at StackSafe, a startup focused on self-healing software and automated software assurance. Mr. Stratton was the first Director of Technology Assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community. Mr. Stratton also co-founded and served as Chief Technologist at Security Design International, a services firm specializing in multinational and critical infrastructure network security. Before founding SDI, Mr. Stratton established the Security Posture Assessment™ practice at WheelGroup Corporation and the security organization at UUNET, one of the first tier 1 Internet service providers.


Yuji Ukai

CEO

FFRI, Inc

Yuji Ukai is the chief executive officer of FFRI, Inc, known as a technical opinion leader in Japanese security industry.

After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.

In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.


Alex Wheeler

VP of Research & Chief Scientist

Exodus Intelligence

Alex Wheeler is the VP of Research and Chief Scientist at Exodus Intelligence. Wheeler is an noted expert in software reverse engineering, code auditing, exploit development, and evasion techniques. With over 15 years of applied security research, Alex's pedigree includes security product pioneers such as Internet Security Systems X-Force R&D and TippingPoint DVLabs. His skill is evidenced by world-wide industry recognition. Wheeler's public research received Pwnie awards for both "Best Server Side Bug" and "Best Client Side Bug."


Neil R. Wyler (a.k.a. Grifter)

Threat Hunting & Incident Response Specialist

RSA

Neil R. Wyler (a.k.a. Grifter) is a Threat Hunting and Incident Response Specialist with RSA. He has spent over 20 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 16 years and a member of the Senior Staff at DEF CON for 18 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs.


Chris Wysopal

CTO, Co-Founder

Veracode

Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.


Stefano Zanero

Associate Professor, Dipartimento di Elettronica, Informazione e Bioingegneria

Politecnico di Milano

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on mobile malware, malware analysis, and systems security. Besides teaching "Computer Security" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 50 scientific papers and books. He is an associate editor for the "Journal in computer virology and hacking techniques". He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association), of which he is a senior member. He sits in the International Board of Directors of the same association. A long time op-ed writer for magazines (among which "Computer World"), Stefano is also a co-founder and chairman of Secure Network S.r.l., a leading Italian information security consulting firm, and a co-founder of 18Months, a cloud-based ticketing solutions provider.

Emeritus Review Board

Chris Eagle

Senior Lecturer of Computer Science

Naval Postgraduate School (NPS)

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 28+ years, his research interests include computer network operations, forensics and reverse engineering. He has been a speaker at conferences such as Black Hat, Defcon, Infiltrate, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. A former winner of the Defcon Capture the Flag Competition, he is currently working with DARPA to build their Cyber Grand Challenge competition.


Jeremiah Grossman

Founder

WhiteHat Security

Jeremiah Grossman, Founder of WhiteHat Security. World-Renowned Professional Hacker. Brazilian Jiu-Jitsu Black Belt. Published Author. Influential Blogger. Off-Road Race Driver.

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. Mr. Grossman has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research and privately informing them of weaknesses in their systems. He has written hundreds of articles and white papers. Collectively, it's no surprise Jeremiah has been featured in the Wall Street Journal, Forbes, CNN, NY Times and hundreds of other media outlets around the world who regularly rely upon his expertise. And an highly experienced industry veteran, Jeremiah has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, and many top universities. All of this was after Mr. Grossman served as information security officer at Yahoo!

Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC), a previously named InfoWorld Top 25 CTO, and he serves on the advisory board of three hot start-ups, Risk I/O and SD Elements, and BugCrowd.


Felix 'FX' Lindner

Founder, Technical & Research Lead

Recurity Labs GmbH

Felix 'FX' Lindner is the founder as well as the technical and research lead of Recurity Labs GmbH, a high-end security consulting and research team, specializing in code analysis and design of secure systems and protocols. Well known within the computer security community, he has presented his research for over a decade at conferences worldwide. Felix holds a title as German State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional, is highly specialized in digital attack technologies, but recently changed the direction of his research to defense, since the later seems to be a lot less fun.


Jeff Moss, aka The Dark Tangent

Former Chief Security Officer and VP at ICANN, Founder of Black Hat and DEF CON Conferences

Mr. Moss advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic. He sits on several advisory boards helping enterprises make informed decisions on cyber risks.

In April 2011 Mr. Moss was appointed as the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers as well as maintaining the root zone of the Internet. This position involved managing the IT security of the ICANN networks and information systems, the physical security of ICANN facilities and meetings, and ensuring that ICANN meets its security and resiliency commitments to the multi stake holder community that oversees ICANN. This position involved extensive international travel and coordination with governments, law enforcement, and operational security communities in support of discussions around Internet Governance and security. Mr. Moss left this position at the end of 2013.

Moss is the founder and creator of both the Black Hat Briefings and DEF CON, two of the most influential information security conferences in the world, attracting over ten thousand people from around the world to learn the latest in security technology from those researchers who create it. DEF CON just had its 21st anniversary.

Prior to creating Black Hat Briefings, Jeff was a director at Secure Computing Corporation where he helped establish their Professional Services Department in the United States, Asia, and Australia. His primary work was security assessments of large multi-national corporations. Jeff has also worked for Ernst & Young, LLP in their Information System Security division. Because of this unique background Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and the responsible application of disclosure.

Jeff is currently a member of the U.S. Department of Homeland Security Advisory Council (HSAC), providing advice and recommendations to the Secretary of the Department of Homeland Security on matters related to homeland security. Jeff is a life member of the Council on Foreign Relations, which is an independent, nonpartisan membership organization, think tank, and publisher.

In 2013, Jeff was appointed as a Nonresident Senior Fellow at the Atlantic Council, associated with the Cyber Statecraft Initiative, within the Brent Scowcroft Center on International Security.

In 2014, Jeff joined the Georgetown University School of Law School Cybersecurity Advisory Committee.

Jeff is active in the World Economic Forum, and recently became a member of the Cyber Security Global Agenda Council for 2014-2016.

ICSA President's Award for Public Service, 2011.


Alex Sotirov

Independent Security Researcher

Alex Sotirov is an independent security researcher with more than ten years of experience with vulnerability research, reverse engineering and advanced exploitation techniques. He is well-known for his work on exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the browser exploitation mitigations of Windows Vista and developing the Heap Feng Shui exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. Currently he is working as an independent security consultant in New York. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.


Alex Stamos

Chief Security Officer

Facebook

Alex Stamos is the Chief Security Officer at Facebook, where he leads a team of people around the world focused on ensuring the safety of the billions of people who use Facebook and its family of services. Before joining Facebook, Alex served as the CISO of Yahoo and is widely recognized for revitalizing Yahoo's security program with innovative technology and products. Prior to Yahoo, he was the co-founder of iSEC Partners and founder of Artemis Internet. Alex is a noted expert in global scale infrastructure, designing trustworthy systems, and mobile security. Alex holds a bachelor's degree in Electrical Engineering and Computer Science from the University of California, Berkeley.

Guest Review Board

David Adrian

Co-Founder, Principal Engineer

Censys

David Adrian is a PhD candidate at the University of Michigan, where bhis research centers around computer security and cryptography. He is advised by Professor J. Alex Halderman. David is also a co-founder and principal engineer at Censys. David uses measurement-based approaches to answer computer security research questions, correct security problems, and identify new vulnerabilities. He helped discover the Logjam and DROWN attacks on TLS. He also maintains open-source scanners including ZMap and ZGrab. A long time ago, David interned at Google on the Chrome Security team, and at Duo Security. David has also lectured for the undergraduate computer security course at Michigan.


Justine Bone

CEO

MedSec

Justine Bone is CEO of cyber-security company MedSec, a vulnerability research and security solutions company focused on medical devices and healthcare systems. Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Global Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, Global Head of Information and Physical Security at Bloomberg L.P., CTO of Secured Worldwide, an NYC-based FinTech company, and CEO of security research firm Immunity Inc. Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand's Government Communications Security Bureau. She also has a background in the performing arts as an ex-dancer with the Royal New Zealand Ballet company.


Rodrigo Rubira Branco

Senior Principal Engineer

Amazon Web Services

Rodrigo Rubira Branco (BSDaemon) works as Senior Principal Engineer at Amazon Web Services (AWS). Previously, Rodrigo was the Chief Security Researcher of Intel Corporation where he led the STORM (STrategic Offensive Research & Mitigations) team. At Intel, Rodrigo also led the Core Client and BIOS Teams. He is the Founder of the Dissect || PE Malware Analysis Project. Rodrigo held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors of Adobe. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for the PowerPC Architecture. He is a member of the RISE Security Group and is one of the organizers of Hackers to Hackers Conference (H2HC), the oldest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as Black Hat, Hack in The Box, XCon, OLS, Defcon, Hackito, Zero Nights, PhDays, Troopers, Andsec, Ekoparty and many others. Rodrigo is also part of the committee for many security conferences, such as Black Hat USA/Europe/Asia (invited reviewer), Offensive Con, Langsec and others.


Deirdre Connolly

Cryptographic Engineer

Deirdre Connolly is a cryptographic engineer most recently at the Zcash Foundation, writing production-quality privacy-protecting software. She is fascinated with quantum-resistant cryptography, especially the isogeny-based kind, and will talk your ear off about it. Deirdre has a BS in electrical engineering and computer science from MIT, and over 10 years of experience writing and deploying production-quality distributed systems at scale.


Ellen Cram Kowalczyk

Security Practitioner

Microsoft Azure

Ellen Cram Kowalczyk is a long time security practitioner with a specialization in human factor security including social engineering. She is currently focused on blue team activities for Microsoft Azure. Previously, she has held various roles in large organizations, including leading the AWS EC2 Security team at Amazon, and the AppSec, Usable Security/Fraud and Abuse teams at Microsoft. She most recently spent a year starting her own company focused on programmatic social engineering. She has spoken at many conferences including RSA and multiple B-Sides. Ellen lives in Seattle with her family and two ridiculous French Bulldogs.


Katriel Cohn-Gordon

Research Scientist

Facebook

Katriel Cohn-Gordon is a research scientist at Facebook, with a PhD from the University of Oxford in information security and applied cryptography. His research aims to formalise and prove the security of some of the protocols underlying today's Internet; recent work includes working on the Messaging Layer Security IETF standard for encrypted group messaging and a formal analysis of the Signal messaging protocol used by WhatsApp and many others. He's also been seen writing fuzzers for WebRTC at Google's Stockholm office, holds a master's degree in mathematics and computer science, and has reviewed papers for various top academic conferences.


Bruce Dang

Cofounder

Veramine, Inc.

Bruce Dang is the cofounder of Veramine, Inc. focusing on endpoint security. Previously, he worked as a senior security development engineer lead at Microsoft where his team's focus spanned all things product-security related from hardware, OS, and web services. His experience primarily revolve around reverse engineering and systems security. Previous to Microsoft, he worked as a developer in the financial sector. He was the first person to publicly discuss techniques of analyzing file format based exploits and has patents in the area of generic shell code and exploit detection. His public research includes Office exploit analysis, ROP detection, shell code detection, and kernel driver decompilation techniques; on the malware side, he is known for first analyzing vulnerabilities in the Stuxnet worm. He has spoken at major security conferences worldwide, i.e., REcon, Blackhat, Chaos Computer Club, CARO, etc. In addition to sharing his knowledge at public conferences, he has also provided private training and lectures to government agencies. He is also the co-author of the best-selling reverse engineering textbook, Practical Reverse Engineering: x86, x64, Windows kernel, and obfuscation, published by John Wiley & Sons.


Sherri Davidoff

CEO

LMG Security

Sherri Davidoff is the CEO of LMG Security and the author of the recently released book "Data Breaches." As a recognized expert in cybersecurity and data breach response, Sherri has been called a "security badass" by The New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and an instructor for Black Hat, where she teaches her "Data Breaches" course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), a noted security text in the private sector and a college textbook for many cybersecurity courses. Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. She has also been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien".


Mika Devonshire

Mika Devonshire operates a consulting practice abroad where she has investigated cyber crimes related to fraud and extortion, and has advised private firms on topics of risk and preparedness. Much of her current research revolves around emerging threats in APAC.

Previously, Ms. Devonshire ran SSIC's digital forensics laboratory where she handled Fortune 100 criminal cases, and contributed to a model used to underwrite insurance. She has served as an offensive cyber systems engineer at BAE Systems; a security analyst at Silent Circle; and a technical product manager. Outside the office, Mika teaches CTF skills, and participates at various conferences. Mika earned her master's in digital forensics from The George Washington University, and her bachelor's degree from Princeton University.


Stephanie Domas

Executive Vice President

MedSec

Stephanie Domas is the Executive Vice President of MedSec, a healthcare cybersecurity company. Here, she leads the development and execution of products and services supporting medical device manufacturers in the design of more secure devices. Additionally, she guides health delivery organizations in tackling the unique and complex challenges of security inside of hospital environments.

She is the founder and lead trainer for cybersecurity training company DazzleCatDuo. Her past experience includes 10 years of reverse engineering and vulnerability analysis research as a defense contractor.

Stephanie is a recognized expert on healthcare and medical device security, a seasoned executive, a prominent consultant, a passionate educator, and x86 enthusiast.


Bradley Duncan

Threat Intelligence Analyst

Palo Alto Networks

Bradley Duncan is a Threat Intelligence Analyst at Palo Alto Networks Unit 42. After 21 years of classified intelligence work for the US Air Force, he transitioned to cyber security in 2010. Brad specializes in network traffic analysis and exploit kit detection. He is also a handler for the Internet Storm Center (ISC) and has posted more than 80 diaries at isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net


Chris Eng

Chief Research Officer

Veracode

Chris Eng is Chief Research Officer at Veracode. A founding member of the Veracode team, he is responsible for all research initiatives including applied research, product security, developer research, and Veracode Labs. In addition to research, he consults with customers to advance their application security initiatives. Chris is a frequent speaker at industry conferences, including several Black Hat Briefings, and he serves on the program committee for the Kaspersky Security Analyst Summit. Bloomberg, Fox Business, CBS, and other prominent media outlets have featured Chris in their coverage. Previously, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency.


Eric Evenchick

Senior Research Consultant

Atredis Partners

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks."


Valerie Anne Fenwick

OASIS PKCS#11 (Open Standards Based Crypto API) technical committee

Valerie Anne Fenwick has over two decades of experience in computer security, from coding to leading teams at Sun Microsystems, Oracle and Intel. She helped to design and develop the cryptographic framework for the Oracle Solaris operating system, and previously worked as a developer on the SunScreen Firewall. She the secretary for the OASIS PKCS#11 (Open Standards Based Crypto API) technical committee. Valerie has a B.S. in Computer Science from Purdue University. She is a co-author of the Solaris 10 Security Essentials book and writes a blog on bicycling, beer and security. In her spare time, she enjoys performing at community theaters, riding her bike, and skiing.


Joe FitzPatrick

Trainer and Researcher

SecuringHardware.com

Joe FitzPatrick (@securelyfitz) is a Trainer and Researcher at SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUs, SoCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.


Aanchal Gupta

Vice President

Microsoft

Aanchal Gupta is Vice President for Azure Security at Microsoft. Previously, as CISO for Novi at Facebook, she led a team responsible for assessing and mitigating security risks across Facebook's cryptocurrency initiative. Aanchal joined Facebook in 2016 after serving as Chief Information Security Officer at Microsoft for Skype and Skype for Business. Prior to Microsoft, Aanchal led Yahoo's Global Identity team, contributing to various authentication and authorization open standards such as OpenID and OAuth. Aanchal was named one of Business Insider's “Most powerful female engineers of 2018”. She is a member of the Internet Security Research Group Board of Directors, and a fellow at the RSA (Royal Society for the encouragement of Arts, Manufactures and Commerce). She serves on technical advisory boards for security startup ThreatWatch Inc. Aanchal is passionate about building diverse teams and serves on the review board for the Grace Hopper, Enigma, and Black Hat conferences.


Christopher Hadnagy

Founder and CEO

Social-Engineer, LLC

Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today.

Chris established the world's first social engineering penetration testing framework at www.social- engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books; Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails.

Chris has been invited to the Pentagon to debrief 30+ general officers and government officials on social engineering and its effect on the United States.

Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

Chris is a certified Expert Level graduate of Dr. Paul Ekman's Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties. In addition, he holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).


Jason Healey

Senior Research Scholar

Columbia University's School for International and Public Affairs

Jason Healey is Senior Research Scholar at Columbia University's School for International and Public Affairs, specializing in cyber conflict and risk. He started his career as a US Air Force intelligence officer, before moving to cyber response and policy jobs at the White House and Goldman Sachs. He was founding director for cyber issues at the Atlantic Council where he founded the Cyber 9/12 Strategy Challenge for cyber policy students and is the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He is on the DEF CON review board and served on the Defense Science Board task force on cyber deterrence.


Alex Ionescu

Vice President of EDR Strategy

CrowdStrike, Inc.

Alex Ionescu is the Vice President of EDR Strategy at CrowdStrike, Inc., where he started as its Chief Architect almost six years ago. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is coauthor of the last three editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as over a few dozen non-security bugs.

Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad and AppleTV. Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.


Bill Jaeger

Data Center Group

Lenovo

Bill Jaeger leads Lenovo's Data Center Group (DCG) Product Security Office and works with Lenovo's global product teams and industry partners to enhance and align the security of Lenovo's product offerings with enterprise customer needs. He is a founding member of Lenovo's Corporate and DCG Product Security Offices, and has been instrumental in driving product security strategy and security "firsts" at Lenovo. Bill was awarded Lenovo's top honor in recognition for his transformative achievements.

Prior to joining Lenovo, Bill spent 20+ years solving complex security, operational, and technical challenges for commercial and government customers.

Bill is an author, speaker, and inventor with security-related patents issued and pending. He is also a member of the Astronaut Scholarship Foundation's board of trustees.


Jeff Jarmoc

Senior Manager of Product Security

Salesforce

Jeff Jarmoc is a Senior Manager of Product Security at Salesforce, where he leads efforts to secure cloud-based products and protect customer data. Prior to joining Salesforce, Jeff was a Senior Application Security Consultant with Matasano Security, and NCC Group. He has also held positions at Secureworks, and on security teams within healthcare and financial organizations.

Jeff has presented his research work at several security conferences, including: Black Hat USA & EU, DEF CON, 44Con, Derbycon, and Thotcon.


Monnappa K A

Information Security Investigator

Cisco Systems

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation of advanced cyber-attacks, researching on cyber espionage and targeted attacks. He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the author of the upcoming book "Learning Malware Analysis". He is the co-founder of the cyber-security research community "Cysinfo". His fields of interest include malware analysis, reverse engineering, memory forensics and threat intelligence. He has presented at various security conferences like Black Hat, FIRST, SEC-T, DSCI, National Cyber Defence Summit and Cysinfo on various topics which include memory forensics, malware analysis, reverse engineering and rootkit analysis. He has conducted trainings at Black Hat, FIRST (Forum of Incident Response and Security teams), SEC-T, OPCDE cyber security conferences. He has also authored various articles in eForensics and Hakin9 magazines.

He regularly conducts training titled "A Practical Approach to Malware Analysis and Memory Forensics" around the world including Black Hat USA, Black Hat Asia and Black Hat Europe. You can find some of his contributions to the community in his YouTube channel, and he publishes blog posts at cysinfo.com


Marina Krotofil

Security Researcher

Marina Krotofil is a security researcher with a decade of experiences in advanced methods for securing Industrial Control Systems (ICS). She specializes in the discovery of new attack vectors and exploitation techniques, incident response, forensic investigations, ICS malware analysis and design of novel defense methods. Previously, Marina worked as a Senior Security Engineer at BASF (Germany), Principal Analyst and Subject Matter Expert (SME) in the Cyber-Physical Security Group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 25 academic articles and book chapters on ICS Security and is a regular speaker at the leading conference stages worldwide. Marina holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems.


Zach Lanier

Principal Research Consultant

Atredis Partners

Zach Lanier is a Principal Research Consultant with Atredis Partners, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Atredis Partners, Zach most recently served as Director of Research with Cylance, and prior to that as Senior Research Scientist with Accuvant Labs. He has spoken at a variety of security conferences, such as Black Hat, DEF CON, CanSecWest, INFILTRATE, Countermeasure, and SummerCon, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).


Kelly Lum

Senior Security Engineer

Tumblr

Kelly Lum has "officially" worked in Information Security since 2003, and is currently a Senior Security Engineer at Tumblr where she brings her decades worth of application security experience in the financial and government sectors to the microblogging world. She regularly speaks about reverse engineering at various conferences, including Black Hat, SummerCon, and COUNTERMEASURE. Additionally, she teaches as an adjunct professor of Application Security at NYU.


Maria Markstedter

Security Researcher and Trainer

Maria Markstedter is an independent security researcher and trainer, focusing her research and work on ARM exploitation and reverse engineering of embedded systems. After spending some time as a Penetration Tester, she discovered her passion for processor security and reverse engineering and founded Azeria Labs to fill the gap in educational material on the exploitation of ARM-based devices by offering free hands-on tutorials and workshops. She regularly speaks at various security conferences, including HITBSecConf, Security Analyst Summit, and 44Con. In 2018, Maria was listed as one of the Forbes 30 Under 30 in the technology Europe division.


Marion Marschalek

Security Engineer

Intel's STORM team

Marion Marschalek is a Security Engineer within Intel's STORM team in Portland, Oregon. Prior to that she held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution at the time was her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.


Allison Miller

Information Security

Bank of America

Allison Miller leads the engineering efforts for Bank of America's information security organization. With over 15 years of building teams and technology that protect people and platforms, Allison is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet-scale. Prior to her current role, Miller held technical and leadership roles in security, risk analytics, and payments/commerce at Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk, co-chaired of the O'Reilly Security Conference, is a Trustee for the Center for Cyber Safety and Education, has held board roles with ISC2, SIRA, and Keypoint Credit Union.


Thomas Pornin

Principal Security Consultant

NCC Group

Thomas Pornin is a Principal Security Consultant at NCC Group, specialized in cryptography. His research focuses on the design and implementation of cryptographic algorithms, with an emphasis on defense against timing-based side channel leaks; he is the author of BearSSL, an SSL/TLS library that embodies this approach and is optimized for constrained embedded systems. He is also an active participant to cryptographic competitions (AES, eSTREAM, SHA-3, PHC, and the ongoing Post-Quantum standardization process).


Enno Rey

Founder and Managing Director

ERNW GmbH

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.


Raphaël Rigo

Senior Security Engineer, Red Team Technical Lead

Airbus

Raphaël Rigo is currently a senior security engineer and Red Team technical lead in the Airbus internal security evaluation team. A reverse engineer for more than 18 years, he also worked in vulnerability discovery, black-box security evaluations and incident response. His main interests are low-level and embedded security. He spoke at international conferences including Black Hat, SyScan, REcon, H2HC on various subjects such as Blue Coat proxies, encrypted HDD, or reverse engineering tools. He is part of the organizing and program committee of the French conference SSTIC. In the past, he did embedded security at Orange Labs, pentest on critical systems and incident response at the French National Cybersecurity Agency (ANSSI).


Tom Ritter

Security Engineer

Mozilla

Tom Ritter is a distinguished security engineer and recovering consultant now at Mozilla, working on anti-exploitation, Tor, and other new and evolving security features. Previously, he did all manner of security consulting at NCC Group and iSEC Partners, including managing the Cryptography Services practice and pioneering the production of fully-public audit reports. While consulting, Tom participated in numerous public audit reports including TrueCrypt and Tor Browser; presented talks and trainings at security conferences in Europe, North, and South America; and presented his research NPR, CNN, and other media outlets. He is actively involved in the advancement of secure messaging, IETF & W3C Standards Groups relating to secure protocols, public key infrastructures, metadata protection, and self-hosting data.


Chaitanya Sharma

Apple's Product Security Team

Chaitanya Sharma is a senior member of Apple's Product Security Team, which handles security response by engaging with third party security researchers regarding their findings. Chaitanya focuses his efforts on identifying and responding to security issues.

In his previous roles, Chaitanya lead the Advisories Team at Secunia Research, which analyzes and validates publicly reported vulnerabilities and discovers new vulnerabilities. Prior to that, he worked as a Security Engineer at Scanit ME conducting security audits on client networks in India and UAE.


Natalie Silvanovich

Security Researcher

Google Project Zero

Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, particularly understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.


Ryan Smith

Vice President of Research

Cylance

Ryan Smith is the Vice President of Research at Cylance, where he leads teams performing both internal and external research. He has spent the last decade leading such teams for consulting, product, and fortune 50 organizations. As an individual contributor, Ryan has discovered and exploited highly impactful vulnerabilities in widely deployed client and server software. His interests include reverse engineering, exploitation, vulnerability discovery, analysis algorithms, and magnets. He has spoken at international conferences and is a two-time Pwnie Award winner for best server and client bugs.


Dr. Jason Staggs

Cyber Security Researcher, Adjunct Assistant Professor of Computer Science

The University of Tulsa

Dr. Jason Staggs is a Cyber Security Researcher and Adjunct Assistant Professor of Computer Science at The University of Tulsa. Jason's research interests include critical infrastructure protection, telecommunications security, embedded systems security engineering, penetration testing and digital forensics. Jason has spoken at national and international conferences, authored various peer-reviewed publications and lectured undergraduate and graduate level courses on a variety of cyber security topics. In his spare time, Jason enjoys reverse engineering proprietary network stacks in embedded devices and diving through ancient RFCs to demystify obscure network protocols. Jason attended graduate school at The University of Tulsa where he earned his MS and PhD degrees in Computer Science.


Matt Suiche

Founder

Comae Technologies; Cyber-security conference OPCDE

Matt Suiche is the founder of Comae Technologies and cyber-security conference OPCDE. Prior to founding Comae, he was the co-founder & Chief Scientist of the application virtualization start-up CloudVolumes which was acquired by VMware in 2014. His also previous employers include the Netherlands Forensics Institute and Airbus.

Matt is best known for his memory forensics works. His most notable research contributions include Windows hibernation file analysis and Mac OS X physical memory analysis.


Josh Thomas

Josh Thomas' specialties include advanced hardware and software reverse engineering, malware and rootkit development and discovery, and software development. Josh has extensive experience in developing secure solutions for mobile platforms and a deep understanding of cellular architecture. Josh currently holds a TS clearance, and has worked in many sensitive, cleared environments.

Josh began his career 14 years ago in network administration and software development. Prior to moving his focus primarily to security, Josh wrote Artificial Intelligence and cryptographic solutions for the Department of Defense. Josh has extensive hands on knowledge of mobile devices and cellular infrastructure. He is also dedicated to hardware reverse engineering and embedded device exploitation.

Josh most recently was a Senior Research Scientist with Accuvant's Applied Research team, and has worked as a Senior Research Developer at The MITRE Corporation. At MITRE, Josh performed analyses of the Android, Apple, Symbian and BlackBerry security models as well as other non-mobile embedded platforms and worked closely with the vendors and project sponsors. Josh also developed an open-source mesh networking solution for Smart phone communications that bypasses the need for physical infrastructure, performed advanced spectrum analysis for cleared communications, and designed a secure satellite communications system required to handle the most sensitive communications possible while also being resilient against the highest levels of waveform interference.

Prior to his tenure at The MITRE Corporation, Josh developed Artificial Intelligence and embedded cryptographic solutions for General Dynamics and other organizations. Josh projects including the design and development of robust routing architecture for UAV/UGV autonomous vehicles, battlefield troop movement predictive scenario generation, and creation of mathematical models the controlled de-orbit and reentry of the Mir Space Station.

Josh is the recipient of three DARPA Cyber Fast Track grants for advanced security research, and has presented at multiple security industry conferences, including BlackHat, DefCon, DerbyCon and ToorCon. Josh is the lead developer and maintainer of the open-source SPAN mesh networking project for Android, has published and reviewed papers for IEEE, and holds a pending patent related to NAND flash memory hiding techniques. Josh holds a Bachelor's in Computer Science from Texas A&M University, and has been a frequent presenter at national and international security industry conferences.


Steve Weis

Cryptographer & Entrepreneur

Steve Weis is a cryptographer & entrepreneur who focuses on securing people's data with applied cryptography. Most recently, Steve was a software engineer at Facebook working on privacy and security. Previously, Steve was co-founder & CTO of PrivateCore, a security startup acquired by Facebook in 2014. In the past, Steve was a technical director at AppDirect and a member of the applied security team at Google. Steve received a PhD in cryptography from MIT.


Jos Wetzels

Security Researcher and Consultant

Midnight Blue

Jos Wetzels is a security researcher and consultant at Midnight Blue specializing in embedded systems security. His research and consultancy work has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs, protocol stacks and RTOSes. He has been a speaker at conferences such as Black Hat, Defcon, Infiltrate, OffensiveCon, REcon, TROOPERS and CCC. Previously, he worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) in the Netherlands where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) devices used in critical infrastructure and performed security analyses of state-of-the-art network and host-based intrusion detection systems.


Kyle Wilhoit

Principal Cyber Attack and Exploit Researcher

Palo Alto Network's Global Security Response Team

Kyle Wilhoit is an internationally recognized and award winning security researcher with more than a decade of experience helping research teams deliver timely and organized threat intelligence and research. In his current role as a Principal Cyber Attack and Exploit Researcher on Palo Alto Network's Global Security Response Team, Kyle is responsible for the identification of actively exploited vulnerabilities and post-exploitation methodologies present in hack tools, attack frameworks, targeted attack campaigns, and public POC availability.

Prior to Palo Alto Networks, Kyle was a Senior Security Researcher at DomainTools leading efforts to do research on DNS-related exploits and explore attack origins and threat actors. Before joining DomainTools, Kyle was also a Senior Threat Researcher for Trend Micro, where he was responsible for identifying, vetting, and exposing threat actors, performing research on criminal miscreants and leading forensic investigations into high profile security incidents. Prior to Trend Micro, Kyle spent more than a decade performing threat analysis and security research for Fireeye and additional organizations.

Kyle has presented at cybersecurity conferences around the globe, notably FIRST, Black Hat USA, Blackhat Europe, SecTor, Hack in the Box, Derbycon, and Infosecurity Europe. Kyle has consulted several worldwide governmental bodies, including the International Atomic Energy Agency (IAEA). His research has supported investigative stories in several publications, including ABC, CNN, BBC, CNN, The New York Times, WIRED, MIT Technology, and many additional outlets. Additionally, Kyle served as a guest review board member for Blackhat US 2017. Kyle is a co-author on the book- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.

Sustaining Partners