Black Hat USA

Review Board

Please press or click a member's name for more information.

David Adrian

Google

David Adrian works on the Chrome Security team at Google. Previously, he cofounded Censys, a security data startup. David has a PhD from the University of Michigan, and is a maintainer of ZMap and its associated open-source Internet-measurement projects.


Sheila A. Berta

Head of Research

Dreamlab Technologies

Sheila A. Berta is an offensive security specialist who started at 12 years-old by learning on her own. At the age of 15, she wrote her first book about Web Hacking, published in several countries. Over the years, Sheila has discovered vulnerabilities in popular web applications and software, as well as given courses at universities and private institutes in Argentina. She specializes in offensive techniques, reverse engineering, and exploit writing and is also a developer in ASM (MCU and MPU x86/x64), C/C++, Python and Golang. As an international speaker, she has spoken at important security conferences such as Black Hat Briefings, DEF CON, HITB, Ekoparty, IEEE ArgenCon and others. Sheila currently works as Head of Research at Dreamlab Technologies.


Justine Bone

CEO

MedSec

Justine Bone is CEO of cyber-security company MedSec, a vulnerability research and security solutions company focused on medical devices and healthcare systems. Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Global Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, Global Head of Information and Physical Security at Bloomberg L.P., CTO of Secured Worldwide, an NYC-based FinTech company, and CEO of security research firm Immunity Inc. Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand's Government Communications Security Bureau. She also has a background in the performing arts as an ex-dancer with the Royal New Zealand Ballet company.


Thomas Brandstetter

Professor, Co-Founder and Managing Director

Limes Security

Thomas Brandstetter is a recognized OT cybersecurity expert, with more than 20 years of background in technical and technical management roles.

He is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past noteworthy achievements include being the Stuxnet incident handler for Siemens, founding the Siemens ProductCERT and teaching as SANS instructor. He often is a keynote and invited guest speaker and presented at professional cybersecurity or industrial conferences like Black Hat, SANS ICS, ICS-CSR and CIRED.


Jamie Butler

Jamie Butler has been in computer security for over 25 years. Most recently, he was a distinguished engineer at Elastic focused on its XDR platform. Prior to Elastic, Jamie was the Chief Technology Officer of Endgame, leading engineering, product, and research focused on the convergence of the EPP and EDR. He has directed research teams at some of the most prominent and successful security companies of the past two decades including as Chief Architect/Fellow at FireEye and Chief Researcher at Mandiant. His focus areas include operating system security, forensics, reverse engineering, malware, virtual machine introspection, threat intelligence, and enterprise security. Jamie started his career as a computer scientist at the National Security Agency and co-authored the bestseller Rootkits: Subverting the Windows Kernel. Jamie has been a frequent speaker and trainer at the foremost computer security conferences and serves as a Review Board member for Black Hat.


Katriel Cohn-Gordon

Research Scientist

Facebook

Katriel Cohn-Gordon is a research scientist at Facebook, with a PhD from the University of Oxford in information security and applied cryptography. His research aims to formalise and prove the security of some of the protocols underlying today's Internet; recent work includes working on the Messaging Layer Security IETF standard for encrypted group messaging and a formal analysis of the Signal messaging protocol used by WhatsApp and many others. He's also been seen writing fuzzers for WebRTC at Google's Stockholm office, holds a master's degree in mathematics and computer science, and has reviewed papers for various top academic conferences.


Deirdre Connolly

Cryptographic Engineer

Deirdre Connolly is a cryptographic engineer most recently at the Zcash Foundation, writing production-quality privacy-protecting software. She is fascinated with quantum-resistant cryptography, especially the isogeny-based kind, and will talk your ear off about it. Deirdre has a BS in electrical engineering and computer science from MIT, and over 10 years of experience writing and deploying production-quality distributed systems at scale.


Daniel Cuthbert

Global Head of Security Research

Daniel Cuthbert loves doing security research. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS) and sits on the UK Government Cybersecurity Advisory Board.


Dino Dai Zovi

Mobile Security Lead

Square

Dino Dai Zovi is the Mobile Security Lead at Square. He has been working in information security for over 15 years with experience in red teaming, penetration testing, software security, information security management, and cybersecurity R&D. Dino is also a regular speaker at information security conferences having presented his independent research on memory corruption exploitation techniques, 802.11 wireless client attacks, and Intel VT-x virtualization rootkits at conferences around the world including Black Hat, RSA, DEFCON, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker's Handbook" (Wiley, 2009) and "The Art of Software Security Testing" (Addison-Wesley, 2006). In 2008, eWEEK named him one of the 15 Most Influential People in Security. He is best known in the information security and Mac communities for winning the first PWN2OWN contest at CanSecWest 2007.


Bruce Dang

Cofounder

Veramine, Inc.

Bruce Dang is the cofounder of Veramine, Inc. focusing on endpoint security. Previously, he worked as a senior security development engineer lead at Microsoft where his team's focus spanned all things product-security related from hardware, OS, and web services. His experience primarily revolve around reverse engineering and systems security. Previous to Microsoft, he worked as a developer in the financial sector. He was the first person to publicly discuss techniques of analyzing file format based exploits and has patents in the area of generic shell code and exploit detection. His public research includes Office exploit analysis, ROP detection, shell code detection, and kernel driver decompilation techniques; on the malware side, he is known for first analyzing vulnerabilities in the Stuxnet worm. He has spoken at major security conferences worldwide, i.e., REcon, Blackhat, Chaos Computer Club, CARO, etc. In addition to sharing his knowledge at public conferences, he has also provided private training and lectures to government agencies. He is also the co-author of the best-selling reverse engineering textbook, Practical Reverse Engineering: x86, x64, Windows kernel, and obfuscation, published by John Wiley & Sons.


Sherri Davidoff

CEO

LMG Security

Sherri Davidoff is the CEO of LMG Security and the author of the recently released book "Data Breaches." As a recognized expert in cybersecurity and data breach response, Sherri has been called a "security badass" by The New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and an instructor for Black Hat, where she teaches her "Data Breaches" course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), a noted security text in the private sector and a college textbook for many cybersecurity courses. Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. She has also been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien".


Mika Devonshire

Founder, Cybermeeks LLC

Director of Strategic Development, Blackpanda

Mika Devonshire specializes in digital forensics investigations after spending the past decade building security products that solve problems at each stage of the cyber-attack lifecycle from IAM and secure communications to offensive capabilities and insurance. She currently serves as Director of Strategic Development for the APAC based DFIR firm, Blackpanda, and consults for companies under her LLC, Cybermeeks.

Mika holds a Masters in Digital Forensics from George Washington University, a Bachelors in Comparative Literature from Princeton University, a CISSP and GCFA among other certifications. She regularly engages with the community as a speaker and panelist, and loves working with those seeking to pivot from non-technical professions as an instructor and mentor.


Matt Devost

CEO and Co-Founder

OODA LLC

Matt Devost is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cybersecurity issues.

Currently, Mattt is CEO and Co-Founder of OODA LLC. Previously Matt was a Managing Director at Accenture where he led the Global Cyber Defense practice. Matt joined Accenture following their 2015 acquisition of the global cybersecurity consultancy FusionX LLC where he had served as President & CEO since 2010.

Matt was an Adjunct Professor at Georgetown University for fourteen years where he taught a graduate course on Information Warfare and security, is a Founding Director of the Cyberconflict Studies Association, and served as a special advisor to the Department of Defense. Matt founded the Terrorism Research Center, Inc. (TRC) in 1996, where he served as President and CEO until November 2008. Previously, Matt has also held leadership positions at iSIGHT Partners, Technical Defense, Security Design International, iDEFENSE and SAIC. Mr. Devost has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.


Christopher Domas

Security Researcher

Intel

Christopher Domas (@xoreaxeaxeax) is a security researcher primarily focused on firmware, hardware, and low level processor exploitation. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing-machines in the vi text editor. His more relevant work includes the sandsifter processor fuzzer, rosenbridge backdoor, the binary visualization tool ..cantor.dust.., and the memory sinkhole privilege escalation exploit.


Stephanie Domas

Chief Security Technology Strategist

Intel

Stephanie Domas is the Chief Security Technology Strategist at Intel. Here, she defines and oversees execution of security technology strategies that address the critical role that hardware and firmware security technology play in the digital ecosystem. Prior to Intel, Stephanie spent 8 years focused on medical device cybersecurity, consulting with a broad range of manufacturers and healthcare providers, from the newest startups to the industry giants.

She is the founder and lead trainer for cybersecurity training company DazzleCatDuo. Her past experience includes 10 years of reverse engineering and vulnerability analysis research as a defense contractor.

Stephanie is a recognized expert on embedded systems, healthcare and medical device security, a seasoned executive, a prominent consultant, a passionate educator, and x86 enthusiast.


Mark Dowd

Founder, Director

Azimuth Security

Mark Dowd is an expert in application security, specializing primarily in host and server based Operating Systems. He is currently the director of Azimuth Security, a botique security company he founded that specializes in code review and cutting edge security research. Prior to starting Azimuth, his professional experience includes several years as a senior researcher at a fortune 500 company, where he uncovered a variety of major vulnerabilities in ubiquitous Internet software. He also worked as a Principal Security Architect for McAfee, where he was responsible for internal code audits, secure programming classes, and undertaking new security initiatives. Mark has also co-authored a book on the subject of application security named "The Art of Software Security Assessment," and has spoken at several industry-recognized conferences.


Chris Eng

Chief Research Officer

Veracode

Chris Eng is Chief Research Officer at Veracode. A founding member of the Veracode team, he is responsible for all research initiatives including applied research, product security, and incubation research. Chris is a frequent speaker at industry conferences and serves on review boards for Black Hat USA and the Kaspersky Security Analyst Summit. He is also a charter member of MITRE's CWE/CAPEC Board. Bloomberg, Fox Business, CBS, and other prominent media outlets have featured Chris in their coverage. Previously, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency. Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California.


Eric Evenchick

Senior Research Consultant

Atredis Partners

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks."


Valerie Anne Fenwick

OASIS PKCS#11 (Open Standards Based Crypto API) technical committee

Valerie Anne Fenwick has over two decades of experience in computer security, from coding to leading teams at Sun Microsystems, Oracle and Intel. She helped to design and develop the cryptographic framework for the Oracle Solaris operating system, and previously worked as a developer on the SunScreen Firewall. She the secretary for the OASIS PKCS#11 (Open Standards Based Crypto API) technical committee. Valerie has a B.S. in Computer Science from Purdue University. She is a co-author of the Solaris 10 Security Essentials book and writes a blog on bicycling, beer and security. In her spare time, she enjoys performing at community theaters, riding her bike, and skiing.


Joe FitzPatrick

Trainer and Researcher

SecuringHardware.com

Joe FitzPatrick (@securelyfitz) is a Trainer and Researcher at SecuringHardware.com (@securinghw). Joe has spent most of his career working on low-level silicon debug, security validation, and penetration testing of CPUs, SoCs, and microcontrollers. He has spent the past decade developing and delivering hardware security related tools and training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.


Trey Ford

Deputy CISO

Vista Consulting Group

Trey Ford is a strategic advisor to enterprise leaders and corporate directors. Today Trey serves as Executive Director of Cyber Security in Vista Equity Partners’ Consulting Group. With twenty years focused on the offensive, defensive, and programmatic leadership aspects of security, he is well grounded in public cloud, abuse, application, network, and platform security.

Previously Trey was CISO of the Heroku platform at Salesforce, General Manager of Black Hat, held strategic advisory and global consulting roles, and still apologizes for time served as an auditor.


Aanchal Gupta

Vice President

Microsoft

Aanchal Gupta is Vice President for Azure Security at Microsoft. Previously, as CISO for Novi at Facebook, she led a team responsible for assessing and mitigating security risks across Facebook's cryptocurrency initiative. Aanchal joined Facebook in 2016 after serving as Chief Information Security Officer at Microsoft for Skype and Skype for Business. Prior to Microsoft, Aanchal led Yahoo's Global Identity team, contributing to various authentication and authorization open standards such as OpenID and OAuth. Aanchal was named one of Business Insider's “Most powerful female engineers of 2018”. She is a member of the Internet Security Research Group Board of Directors, and a fellow at the RSA (Royal Society for the encouragement of Arts, Manufactures and Commerce). She serves on technical advisory boards for security startup ThreatWatch Inc. Aanchal is passionate about building diverse teams and serves on the review board for the Grace Hopper, Enigma, and Black Hat conferences.


Nathan Hamiel

Senior Director of Research

Kudelski Security

Nathan Hamiel is Senior Director of Research at Kudelski Security where he leads the fundamental and applied research team. Part of the Innovation group working to define the future of products and services for the company, his team focuses on privacy, advanced cryptography, emerging technologies, and special projects. He is also responsible for the research function at the company, connecting the dots between the various business units and focusing on collaboration both internal and external to the company. For over 20 years, he has helped customers worldwide solve complex security challenges and accelerate innovation.

Nathan spends his time focusing on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.


Jason Healey

Senior Research Scholar

Columbia University's School for International and Public Affairs

Jason Healey is Senior Research Scholar at Columbia University's School for International and Public Affairs, specializing in cyber conflict and risk. He started his career as a US Air Force intelligence officer, before moving to cyber response and policy jobs at the White House and Goldman Sachs. He was founding director for cyber issues at the Atlantic Council where he founded the Cyber 9/12 Strategy Challenge for cyber policy students and is the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He is on the DEF CON review board and served on the Defense Science Board task force on cyber deterrence.


Charles Henderson

Head of X-Force

IBM

Charles Henderson is located in Austin, Texas. He is the Global Head of IBM's X-Force. Throughout his career, Charles and the teams he has managed have specialized in incident response, penetration testing, adversary simulation, vulnerability management, and vulnerability research. Charles has spoken at numerous security conferences, including Black Hat and RSA Conference. He has also appeared in various television and print media coverage.


Christofer Hoff

Christofer Hoff has more than 25 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management.

Currently, Hoff is working on getting jacked and tanned. He also enjoys talking about himself in the third person.

Prior to his life of leisure, Hoff was the CISO at Citadel, led the global cyber security defense team at Bank of America after previously leading the cyber security engineering function.

His previous roles included: Vice President and Security CTO, Juniper Development & Innovation, VP of Strategic Planning and Technical Marketing Engineering team and Global Chief Security Architect of the Advanced Technology Team. Prior he was Director of Cloud & Virtualization Solutions at Cisco Systems, was Unisys Corporation's Chief Security Architect, Crossbeam Systems' chief security strategist, CISO/director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.


Jeff Horne

Head of Security

Skydio

Jeff Horne is the Head of Security at Skydio, a leading drone company specializing in autonomous vehicles. Jeff is responsible for security direction both within Skydio products and internal security. Prior to Skydio Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, and Physical Security. Before Optiv, he was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy as well as managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Jeff is an accomplished security professional with over 20 years of experience and a strong background in reverse engineering, exploitation, and malware research. He has authored several vulnerability disclosures and patents throughout his career.


Alex Ionescu

Technical Director, Platform Operations & Research

CSE

Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is coauthor of the last three editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as over a few dozen non-security bugs.

Previously, Alex Ionescu was the Vice President of Endpoint Engineering at CrowdStrike, Inc., where he started as its Chief Architect when the company was founded in 2011. Prior to that, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad and AppleTV.

Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.


Vincenzo Iozzo

Director

CrowdStrike

Vincenzo Iozzo is an entrepreneur and investor. He currently serves as a Director at CrowdStrike following the sale of his company Iperlane in 2017. Vincenzo is also a Network Leader at Village Global, a seed stage VC fund based in Silicon Valley. In addition, Vincenzo is an Associate Researcher at the MIT Media Lab and serves as a committee member on the Black Hat Conference board. Vincenzo co-authored the "iOS Hacker's Handbook" (Wiley, 2012) and the winning attacks against Firefox, iOS and Blackberry OS at Pwn2Own between 2010-2012.


Bill Jaeger

Executive Director, ISG Product Security Office

Lenovo

Bill Jaeger leads Lenovo's Infrastructure Solutions Group (ISG) Product Security Office and works with Lenovo's global product teams and industry partners to enhance and align the security of Lenovo's product offerings with enterprise customer needs. He is a founding member of Lenovo's Corporate and ISG Product Security Offices and has been instrumental in driving product security strategy and security "firsts" at Lenovo. Bill was awarded Lenovo's top honor in recognition for his transformative achievements.

Prior to joining Lenovo, Bill spent 20+ years solving complex security, operational, and technical challenges for commercial and government customers.

Bill is an author, speaker, and inventor with security-related patents issued and pending. He is also a member of the Astronaut Scholarship Foundation's board of trustees.


Jeff Jarmoc

Staff Product Security Engineer

GitHub

Jeff Jarmoc is a Staff Product Security Engineer at GitHub. Prior to joining GitHub, in his past, Jeff has held various roles at Salesforce, Matasano Security, NCC Group, and SecureWorks. He's also worked in security teams within healthcare and financial organizations. Jeff has presented his research work at several security conferences, including: Black Hat USA & EU, DEF CON, 44Con, Derbycon, and Thotcon.


Maggie Jauregui

Offensive Security Researcher

Intel Corporation

Maggie Jauregui (@_m46s) is a firmware and hardware FPGA offensive security researcher for Intel's Programmable Solutions Group with over 10 years of experience focused mainly on low level platform security. Maggie is also President of Security BSides Portland, the non-profit organization that puts together BSidesPDX. Throughout her career, Maggie has presented her research and delivered technical training on firmware and physical attack security topics at conferences around the world including DEFCON, Black Hat, CanSecWest, and DerbyCon among others.


Monnappa K A

Information Security Investigator

Cisco Systems

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation of advanced cyber-attacks, researching on cyber espionage and targeted attacks. He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the author of the upcoming book "Learning Malware Analysis". He is the co-founder of the cyber-security research community "Cysinfo". His fields of interest include malware analysis, reverse engineering, memory forensics and threat intelligence. He has presented at various security conferences like Black Hat, FIRST, SEC-T, DSCI, National Cyber Defence Summit and Cysinfo on various topics which include memory forensics, malware analysis, reverse engineering and rootkit analysis. He has conducted trainings at Black Hat, FIRST (Forum of Incident Response and Security teams), SEC-T, OPCDE cyber security conferences. He has also authored various articles in eForensics and Hakin9 magazines.

He regularly conducts training titled "A Practical Approach to Malware Analysis and Memory Forensics" around the world including Black Hat USA, Black Hat Asia and Black Hat Europe. You can find some of his contributions to the community in his YouTube channel, and he publishes blog posts at cysinfo.com


Ellen Cram Kowalczyk

Security Engineering Manager

Google

Ellen Cram Kowalczyk is a long time security practitioner with a specialization in human factor security including social engineering. She is currently focused on securing Google's use of GCP. Previously, she has held various roles in large organizations, including leading the AWS EC2 Security team at Amazon, and the AppSec, SRE Security, Usable Security/Fraud and Abuse teams at Microsoft. She has spoken at many conferences including RSA and multiple B-Sides. Ellen lives in Seattle with her family and two ridiculous French Bulldogs.


Marina Krotofil

Security Researcher

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.


Zach Lanier

Zach Lanier is a security researcher, specializing in various bits of network, application, mobile, and embedded security. Most recently, Zach was a Managing Principal Research Consultant and Embedded:IoT Practice Lead with Atredis Partners, and previously served as Director of Research with Cylance. He has spoken at a variety of security conferences, such as Black Hat, DEF CON, CanSecWest, INFILTRATE, Countermeasure, and SummerCon, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).


Kelly Lum

Director of Information Security

Kelly Lum has "officially" worked in Information Security since 2003. She brings her application security, reverse engineering, and DevSecOps experience from working in financial and government sectors to her present role as the Director of Information Security at a very cool company. She has spoken at various conferences including Black Hat, SummerCon, Roadsec, and COUNTERMEASURE. She also occasionally teaches as an adjunct professor of Application Security at NYU.


Maria Markstedter

Founder and CEO, Azeria Labs

Maria is the founder and CEO of Azeria Labs, offering services and training courses to large tech companies and law enforcement agencies. She holds a Bachelor’s degree in Corporate Security and a Master’s degree in Enterprise Security, and served as the Chief Product Officer for the Arm virtualization startup Corellium. In 2018, Maria became a Forbes “30 under 30” list member for technology, has been featured in Vogue Business Magazine, and was named the Forbes Person of the Year in Cybersecurity 2020. She is recognized for her expertise in Arm reverse engineering and binary exploitation, and worked on exploit mitigation research alongside Arm in Cambridge. She continues to educate security researchers and developers around the world on attacking and defending Arm binary applications and is the author of the book Arm Assembly Internals and Reverse Engineering (TBP 2022, Wiley). Maria is a member of both the Black Hat® EU and US Trainings and Briefings Review Board.


Marion Marschalek

Security Engineer

AWS

Marion Marschalek is a Security Engineer at AWS. Prior to that she worked at Intel and held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution is her analysis work on the malware ‘Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.


Allison Miller

CISO and VP of Trust

Reddit

Allison Miller is the CISO (Chief Information Security Officer) and VP of Trust at Reddit, where she leads teams tasked with protecting Reddit's customers and systems. Miller is an industry expert and innovator, having spent the past 20 years scaling teams and technology that protect people and platforms, and pioneering the development of real-time risk prevention and detection systems running at internet-scale. She has also led major initiatives to engineer the defenses for core payment and e-commerce systems and technologies that protect consumers from online threats, having held technical and leadership roles at Bank of America, Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk and has held board roles with the Center for Cyber Safety and Education, ISC2, SIRA, and Keypoint Credit Union.


Asuka Nakajima

Researcher

NTT R&D

Asuka Nakajima is a security researcher at NTT R&D. Her research interests include reverse engineering, vulnerability discovery, and IoT security. Since 2014, she has been a member of the executive committee of SECCON, the largest CTF organizer in Japan. She is also a founder and leader of CTF for GIRLS, which is the first female infosec community in Japan. She has presented at various security conferences and events including BlackHat Asia 2020 LockNote, Black Hat USA 2019 Briefings, Black Hat EU 2019 Briefings, Asia CCS 2019, ROOTCON 2019, AIS3 2018/2016, and PHDays IV. Asuka also serves as a Review Board member for Black Hat USA and Asia. She is also an author of the best seller book called "Cyber Attack" in Japan. (Bluebacks, 2018)


Lucas Nelson

Founding Partner

Lytical Ventures

Lucas Nelson is a Partner at Lytical Ventures and member of its investment committee where he oversees day-to-day fund operations. This includes deal sourcing, technical diligence and deal structuring. Lucas is also responsible for working with the companies in the investment portfolio (including any board responsibilities), as well as managing relationships with limited partners, the venture ecosystem and the back office.

Prior to joining Lytical Ventures, Lucas was a Principal at Evolution Equity and a Principal at Gotham Ventures. Lucas was also a Venture Partner at Antecedent Ventures, a Sr. Manager of Secure Software Engineering at Adobe and a pen tester at @Stake. Lucas holds an MBA from Dartmouth and a BS in computer science from Purdue University. He is also a Kauffman Fellow.


Kymberlee Price

Engineering Response

Security Response + Outreach

With 18 years' experience in the information security industry specializing in application security incident response, community engagement and Open Source Security response strategy, Kymberlee Price is globally recognized as an industry leader in Security Response + Outreach.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education.


Thomas Ptacek

Principal

Latacora

Thomas Ptacek is a principal at Latacora, which runs security teams for startups.

A software security practitioner since 1995, Thomas worked at Secure Networks, Network Associates, McAfee, and Arbor networks before cofounding Matasano Security, which is now part of NCC Group.


Enno Rey

Founder

ERNW GmbH

Enno Rey is a long-term network security enthusiast with lots of practical experience in the space, both from an offense and a defense perspective.


Billy Rios

Founder

QED Secure Solutions

Billy Rios is the founder of QED Secure Solutions, a startup focused on embedded device security. His interests include: web applications, browser, Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. Billy has worked at Google where he provided security engineering support and led the front line response for externally reported security issues. Prior to Google, Billy was the Security Program Manager for Internet Explorer (Microsoft). Billy is also the 2008 Pwnie award winner for "Best Client Side Bug."


Tom Ritter

Security Engineer

Mozilla

Tom Ritter is a distinguished security engineer and recovering consultant now at Mozilla, working on anti-exploitation, Tor, and other new and evolving security features. Previously, he did all manner of security consulting at NCC Group and iSEC Partners, including managing the Cryptography Services practice and pioneering the production of fully-public audit reports. While consulting, Tom participated in numerous public audit reports including TrueCrypt and Tor Browser; presented talks and trainings at security conferences in Europe, North, and South America; and presented his research NPR, CNN, and other media outlets. He is actively involved in the advancement of secure messaging, IETF & W3C Standards Groups relating to secure protocols, public key infrastructures, metadata protection, and self-hosting data.


Jen Savage

Offensive Security Consultant

ACTIVECYBER, LLC

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.


Chaitanya Sharma

Apple's Product Security Team

Chaitanya Sharma is a senior member of Apple's Product Security Team, which handles security response by engaging with third party security researchers regarding their findings. Chaitanya focuses his efforts on identifying and responding to security issues.

In his previous roles, Chaitanya lead the Advisories Team at Secunia Research, which analyzes and validates publicly reported vulnerabilities and discovers new vulnerabilities. Prior to that, he worked as a Security Engineer at Scanit ME conducting security audits on client networks in India and UAE.


Adam Shostack

Shostack & Associates

Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.


Natalie Silvanovich

Team Lead & Security Engineer

Google Project Zero

Natalie Silvanovich leads Google Project Zero's North American team. Her current research focus is messaging applications and video conferencing. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.


Ryan Smith

Vice President of Research

Cylance

Ryan Smith is the Vice President of Research at Cylance, where he leads teams performing both internal and external research. He has spent the last decade leading such teams for consulting, product, and fortune 50 organizations. As an individual contributor, Ryan has discovered and exploited highly impactful vulnerabilities in widely deployed client and server software. His interests include reverse engineering, exploitation, vulnerability discovery, analysis algorithms, and magnets. He has spoken at international conferences and is a two-time Pwnie Award winner for best server and client bugs.


Dr. Jason Staggs

Cyber Security Researcher, Adjunct Assistant Professor of Computer Science

The University of Tulsa

Dr. Jason Staggs is a Cyber Security Researcher and Adjunct Assistant Professor of Computer Science at The University of Tulsa. Jason's research interests include critical infrastructure protection, telecommunications security, embedded systems security engineering, penetration testing and digital forensics. Jason has spoken at national and international conferences, authored various peer-reviewed publications and lectured undergraduate and graduate level courses on a variety of cyber security topics. In his spare time, Jason enjoys reverse engineering proprietary network stacks in embedded devices and diving through ancient RFCs to demystify obscure network protocols. Jason attended graduate school at The University of Tulsa where he earned his MS and PhD degrees in Computer Science.


Robert J. Stratton III

Principal & Strategist, Polymathics LLC

Venture Partner, NextGen Venture Partners

Robert Stratton is a security strategist, technologist, venture capitalist and business advisor. He has had a hand in bringing some of the earliest security products to market in several categories including VPNs and network intrusion detection, and established one of the first dedicated security organizations within a tier-1 Internet service provider at UUNET.

He was a founding General Partner of the Mach37 Cyber Accelerator, and the first Director of Technology assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community.

Robert served as Chief Strategy & Security Officer at Witopia, and Director of Government Research at Symantec Research Labs. As a co-founder and Chief Technologist of Security Design International, he was doing multinational and critical infrastructure security architectures, penetration testing, digital forensics, and incident response before they were cool.

Robert is a Member of the IEEE, the ISSA, the IEEE Computer Society, and IEEE Working Group P7014, developing a Standard for Ethical Considerations in Emulated Empathy in Autonomous and Intelligent Systems.


Matt Suiche

Director for Memory & Incident Response R&D

Magnet Forensics

Matt Suiche joined Magnet Forensics as Director for Memory & Incident Response R&D with the acquisition Comae Technologies, a cyber-security start-up he founded.

In addition to Comae Technologies’ acquisition by Magnet Forensics in 2022, Matt also co-founded application virtualization start-up CloudVolumes which was acquired by VMware in 2014.

Matt frequently appears as a technology subject matter expert on TV in Bloomberg, Associated Press, and digital medias like Cyberscoop, Haaretz, WIRED, WashingtonPost, Motherboard, Techcrunch, The New York Times.


Yuji Ukai

CEO

FFRI, Inc

Yuji Ukai is the chief executive officer of FFRI, Inc, known as a technical opinion leader in Japanese security industry.

After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.

In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.


Steve Weis

Senior Staff Security Engineer

Databricks

Steve Weis is a security engineer at Databricks working on data security and privacy. Previously, Steve was co-founder & CTO of PrivateCore, a security startup acquired by Facebook in 2014. In the past, Steve was a technical director at AppDirect and a member of the applied security team at Google. Steve received a PhD in cryptography from MIT.


Kenn White

Security Principal

MongoDB

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.


Kyle Wilhoit

Principal Cyber Attack and Exploit Researcher

Palo Alto Network's Global Security Response Team

Kyle Wilhoit is an internationally recognized and award winning security researcher with more than a decade of experience helping research teams deliver timely and organized threat intelligence and research. In his current role as a Principal Cyber Attack and Exploit Researcher on Palo Alto Network's Global Security Response Team, Kyle is responsible for the identification of actively exploited vulnerabilities and post-exploitation methodologies present in hack tools, attack frameworks, targeted attack campaigns, and public POC availability.

Prior to Palo Alto Networks, Kyle was a Senior Security Researcher at DomainTools leading efforts to do research on DNS-related exploits and explore attack origins and threat actors. Before joining DomainTools, Kyle was also a Senior Threat Researcher for Trend Micro, where he was responsible for identifying, vetting, and exposing threat actors, performing research on criminal miscreants and leading forensic investigations into high profile security incidents. Prior to Trend Micro, Kyle spent more than a decade performing threat analysis and security research for Fireeye and additional organizations.

Kyle has presented at cybersecurity conferences around the globe, notably FIRST, Black Hat USA, Blackhat Europe, SecTor, Hack in the Box, Derbycon, and Infosecurity Europe. Kyle has consulted several worldwide governmental bodies, including the International Atomic Energy Agency (IAEA). His research has supported investigative stories in several publications, including ABC, CNN, BBC, CNN, The New York Times, WIRED, MIT Technology, and many additional outlets. Additionally, Kyle served as a guest review board member for Blackhat US 2017. Kyle is a co-author on the book- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.


Neil R. Wyler (a.k.a. Grifter)

Global Lead of Active Threat Assessments

IBM-X Force

Neil R. Wyler (a.k.a. Grifter) is an Information Security Engineer and Researcher located in Salt Lake City, Utah. Neil is currently with IBM-X Force as Global Lead of Active Threat Assessments. He has spent over 15 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 15 years and is a member of the Senior Staff at DEF CON. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is a member of the DEF CON CFP Review Board and Black Hat Training Review Board.


Stefano Zanero

Associate Professor, Dipartimento di Elettronica, Informazione e Bioingegneria

Politecnico di Milano

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 90 scientific papers and books. He is a Senior Member of the IEEE and sits in the Board of Governors of the IEEE Computer Society; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano is also a co-founder and chairman of Secure Network, a leading cybersecurity assessment firm, and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Sustaining Partners