Heather Adkins has over 25 years of security experience, currently serving as head of Google’s Office of Cybersecurity Resilience and deputy chair of CISA’s Cyber Safety Review Board. She is co-author of Building Secure and Reliable Systems (O’Reilly, 2020). Heather has a passion for maintaining an open and interoperable internet, and finding new ways to solve classes of vulnerabilities in order to make technology fundamentally more secure for everyone.

David Adrian works on the Chrome Security team at Google. Previously, he cofounded Censys, a security data startup. David has a PhD from the University of Michigan, and is a maintainer of ZMap and its associated open-source Internet-measurement projects.

Sheila Berta is a cybersecurity expert with over 20 years of experience in information security, with a strong focus on hacking and offensive security. Self-taught from a young age, she has built deep expertise across multiple areas, including hardware hacking, reverse engineering, exploit development, network and cloud security. In addition to her security background, she is a software architect specialized in big data and distributed systems, and works hands-on with backend technologies including ASM, C/C++, Go, and Python. Sheila has taught cybersecurity at universities in Argentina and has spoken at major international conferences such as Black Hat USA (Briefings), DEF CON (Mainstage), HITB, Ekoparty, HackInParis, among many others. Sheila is currently the CTO of Atomiq Lab.

Justine is the Executive Director of the Crypto ISAC. She has served as CISO at Bloomberg LP, where she founded the information security group, as CEO of offensive security company Immunity, and as CEO of medical security research firm MedSec, where her and her team's work led to FDA recalls of implantable medical devices. She has served for years as a member of the Blackhat Review Board and Blackhat’s CISO Summit Advisory Board, and as Head of Infrastructure and Information Security at Dow Jones, where Justine led cloud transformation and information security. She has advised several Fortune 50 companies and continues to serve on the Advisory Board of HP. Other companies Justine has advised include Redjack, Decentraweb, Emergent Security, and Drawbridge Networks. In her early career, Justine served as a security researcher at New Zealand's GCSB, trained by the NSA, and then joined the ISS X-Force as a security researcher.

Ruben Boonen has over a decade of industry experience in Europe and the USA. He has a broad background in Security Consulting, Research & Development, Vulnerability Research and Defence. He previously achieved a number of industry recognized certifications like CREST CCT and OSEE. Additionally, he has presented or delivered training at many international conferences, including, Black Hat, DefCon, BlueHat IL, HackInParis, and DerbyCon.

Currently Ruben works on bespoke mobile research to empower defence, law enforcement, and trusted reputable partners with tailored, cutting-edge research solutions, enabling them to protect, innovate, and stay ahead in the critical cyber domain.

Thomas Brandstetter is a recognized OT cybersecurity expert, with more than 20 years of background in the industry. He is currently active as co-founder and managing director of Limes Security, a major European OT cyber security company. He also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. His past career track record includes being the Stuxnet incident handler for Siemens and founding the Siemens ProductCERT. He often is a keynote and invited guest speaker on the topic of OT and critical infrastructure security. He co-founded and still supports many security community events and initiatives such as the ICS Village at DEFCON/BruCON, IT-SECX and ICS-CSR.

Jamie Butler, with more than 25 years of experience in computer security, is currently a Fellow Architect at Arctic Wolf Networks where he focuses on operating system security, detection engineering, and attacker tradecraft. Previously, he was the Head of Runtime Protection and Response Strategy at Sysidg. Before joining Sysdig, Jamie was at Elastic where he was a Distinguished Engineer and Tech Lead focused on detection and its efficacy. Prior to Elastic, he was the Chief Technology Officer of Endgame, leading engineering, product, and research focused on the convergence of the EPP and EDR. Jamie has directed research teams at some of the most prominent security companies of the past two decades including as Chief Architect and Fellow at FireEye and Chief Researcher at Mandiant. He began his career as a computer scientist at the National Security Agency.

A writer, Jamie co-authored the bestseller Rootkits: Subverting the Windows Kernel. He was also a regular speaker and trainer at major industry security conferences, and he serves as a Review Board member for Black Hat. Jamie’s focus areas include operating system security, cloud and container runtime security, forensics, reverse engineering, malware, threat intelligence, and enterprise security.

Mr. Butler lives with his wife, Amy, in the outer banks of North Carolina and is a nonvoting advisor to the Board of Trustees at the Cystic Fibrosis Foundation, a charity close to his family.

Katriel Cohn-Gordon is a research scientist at Facebook, with a PhD from the University of Oxford in applied cryptography. His current work is on privacy engineering for data access and deletion infrastructure, and he wrote the public paper on how Meta ensures deletion correctness. Previous research formalised the security of some of the protocols underlying today's Internet; including the Messaging Layer Security IETF standard for encrypted group messaging and a formal analysis of the Signal messaging protocol used by WhatsApp and many others. He's also been seen writing fuzzers for WebRTC at Google's Stockholm office, holds a master's degree in mathematics and computer science, and has reviewed papers for various top academic conferences.

Deirdre Connolly is a cryptographic engineer most recently at the Zcash Foundation, writing production-quality privacy-protecting software. She is fascinated with quantum-resistant cryptography, especially the isogeny-based kind, and will talk your ear off about it. Deirdre has a BS in electrical engineering and computer science from MIT, and over 10 years of experience writing and deploying production-quality distributed systems at scale.

Daniel Cuthbert has been on a relentless quest to build software so secure that even he might struggle to hack it (but don't count on it). Self-diagnosed with an obsession for bugs and offensive operations, he's turned his penchant for poking holes into a crusade for making vendors shape up. By channeling his mischief into the OWASP ASVS and other cunning initiatives, he's been plotting to save the software world—one responsible vendor at a time.

Sherri Davidoff is the CEO of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.

Mika Devonshire is a cloud security SME for Google. She specialized in response and forensic investigations after spending her first career decade building or implementing controls, IAM apps, offensive capabilities, and loss ratio algorithms for insurance. Prior to Google, Mika served as Director of Strategic Development for the APAC based DFIR firm, Blackpanda, and was the founding responder in Hong Kong.

Mika holds a Masters in Digital Forensics from George Washington University, a Bachelors in Comparative Literature from Princeton University, a CISSP and GCFA among other certifications. She regularly engages with the infosec community as a speaker or speaker coach, and loves working with those seeking to pivot from non-technical fields. She is a guest lecturer at Northwestern Pritzker School of Law and a willing mentor.

Matt Devost is a technologist, hacker, and entrepreneur specializing in cybersecurity, disruptive technology innovation, national security, intelligence, and risk management issues. Matt is an active investor, advisor, and board director and operates the Hack Factory start-up studio. Through his holding company DEV Group, Matt operates several companies focused on the nexus of technology, security, and investing. Matt splits his time as CEO of OODA, Managing Director at DevSec, and managing start-up and other investments at DEV Capital.

Matt is on the Board of Trustees for the University of Vermont, and is also an Adjunct Professor at Columbia University teaching cybersecurity and business risk for the School of International and Public Affairs. He is also on the Board of Directors for MissionLink, a non-profit trade association and exclusive network that includes decision makers, government leaders, top founders and over 800 CEOs from across the US who are using and building the most cutting-edge mission-critical capabilities.

Previously Matt co-founded the cybersecurity consultancy FusionX LLC which was acquired by Accenture in August 2015 and later led Accenture's Global Cyber Defense practice. Matt also founded the Terrorism Research Center in 1996 where he served as President and CEO until November 2008 and held founding or leadership roles at iDefense, iSIGHT Partners, Total Intel, SDI, Tulco Holdings, and Technical Defense. Matt has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.

Christopher Domas (@xoreaxeaxeax) is a security researcher primarily focused on firmware, hardware, and low level processor exploitation. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing-machines in the vi text editor. His more relevant work includes the sandsifter processor fuzzer, rosenbridge backdoor, the binary visualization tool ..cantor.dust.., and the memory sinkhole privilege escalation exploit.

Stephanie Domas is the Vice President of Security at Mozilla, where she leads the global security strategy spanning product security, infrastructure protection, and governance risk and compliance. Her focus is on protecting the business and its users to empower Mozilla's mission for a healthier internet.

Casey Ellis is a serial entrepreneur and executive, best known as the founder of Bugcrowd and co-founder of The disclose.io Project. With over 25 years in information security, he has built a reputation for innovation, pioneering the crowdsourced security-as-a-service model by launching the first bug bounty programs on Bugcrowd’s platform in 2012. Casey also co-founded disclose.io, an initiative aimed at standardizing vulnerability disclosure, initially conceived in 2014 and officially launched in 2018.

In addition to his own ventures, Casey actively advises multiple cybersecurity startups, accelerators, and incubators, guiding emerging technology companies to scale and succeed in the cybersecurity landscape.

Casey participates in numerous influential policy and threat intelligence groups, including the Cyber Threat Intelligence League, w00w00, Hacking Policy Council, and Election Security Research Forum. His advisory roles have extended to providing expert guidance to entities such as the US White House, Department of Defense, Department of Justice, Department of Homeland Security/CISA, and intelligence agencies in Australia and the UK. He has also contributed extensively to legislative cybersecurity initiatives within the US House and Senate, addressing critical areas such as election cybersecurity, national cyber strategies, security research policy, anti-hacking legislation, and artificial intelligence governance.

Originally from Sydney, Australia, Casey is currently based in the San Francisco Bay Area.

Chris Eng is a seasoned technology executive, mentor, and advisor with over 25 years of experience in cybersecurity. As Chief Research Officer and a founding team member at Veracode, he spearheaded all research efforts, including applied research and product security, while providing strategic guidance on product direction and M&A. During his 18-year tenure, Veracode grew from a seed-stage startup to a thriving business, culminating in multiple acquisitions between 2017 and 2022, most recently at a $2.5B valuation.

Chris has been a key figure in shaping the software security market and driving advancements in security practices, methodologies, and industry standards. His insights and expertise have been featured in major media outlets such as Bloomberg, Fox Business, and CBS.

Eric Evenchick is a co-founder and Managing Partner at Tetrel Security, specializing in embedded device security and bespoke tool development. His journey into embedded systems began with the development of research vehicles at the University of Waterloo in collaboration with General Motors and the US Environmental Protection Agency.

This experience propelled him into roles involving the development of automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors. Prior to co-founding Tetrel Security in 2023, Eric served as Technical Director at NCC Group and as Principal Research Consultant at Atredis Partners. In these capacities, he conducted security assessments on diverse hardware and software targets, encompassing automotive systems, medical devices, cloud infrastructure, and mobile devices.

Eric holds a Bachelor of Applied Science in Electrical Engineering from the University of Waterloo. He has been a featured presenter at numerous technology and security conferences, including Black Hat, escar, SecTor, ToorCon, NorthSec, and PyCon USA. His work has garnered recognition in publications such as Wired and Forbes. Since 2019, Eric has been delivering training sessions on reverse engineering embedded systems at Black Hat conferences worldwide.

Valerie Anne Fenwick has over two decades of experience in computer security, from coding to leading teams at Sun Microsystems, Oracle and Intel. She helped to design and develop the cryptographic framework for the Oracle Solaris operating system, and previously worked as a developer on the SunScreen Firewall. She is the co-chair for the OASIS PKCS#11 (Open Standards Based Crypto API) technical committee. Valerie has a B.S. in Computer Science from Purdue University. She is a co-author of the Solaris 10 Security Essentials book and writes a blog on bicycling, beer and security. In her spare time, she enjoys performing at community theaters, riding her bike, and skiing.

Joe FitzPatrick (@securelyfitz) is a trainer and researcher at SecuringHardware.com with a personal mission to make all hardware devices at least a bit more secure. He builds tools like Tigard and Erebus, and teaches Applied Hardware Attacks trainings to help people break - and secure - their hardware devices. His actual superpower is the ability to instantly end awkward conversational pauses if you ask him about BSides Portland, the CTRL-H Hackerspace, or drone taco delivery at ToorCamp.

Trey Ford is a seasoned strategic advisor and security thought leader with over 25 years of experience in offensive and defensive disciplines (incident response, application, network, cloud, and platform security). Trey has held key leadership roles at Deepwatch, Vista Equity Partners, Salesforce, Black Hat, and more. He has also been a valued member of Bugcrowd's advisory board for over a decade.

Trey is passionate about working with enterprise leaders, corporate directors, and investors to help teams strengthen their technology and execution strategy. He believes in a hands-on approach to building, breaking, and deconstructing security problems.

Trey has a Master of Science from the University of Texas at Austin and executive education at Harvard Business School. Hailing from Austin, he is a husband, father, and shares his passion for aviation as an instrument rated private pilot.

Lidia Giuliano has been involved in the information security field for over 20 years working in the financial, defence, retail and health care sector. Lidia has an extensive background in security with a key focus on defensive and cloud security. She enjoys ensuring security is involved in every stage of an initiative and BAU lifecycle, finding new and repeatable ways of doing things, and solving complex problems. She holds a BAppSci (CS), MAppSci (IT), various security and cloud certifications, has spoken internationally and nationally and been published in various media.

She is involved as an active review board member for various conferences internationally and locally, involved in speaker coaching program for Black Hat USA and BSides Melbourne, AWSN mentoring program and enjoys being part of the InfoSec community to help others.

Aanchal Gupta is Chief Security Officer at Adobe. Prior to this role, she served as Corporate Vice President at Microsoft, leading the development of core features for the Microsoft 365 product. She has over 30 years of experience leading global security and product teams, including overseeing Microsoft’s Security Response Center, serving as CISO at Meta and Skype, and building identity standards at Yahoo. She holds a master’s degree in Software Engineering from San José State University and a bachelor’s degree in Computer Engineering from the National Institute of Technology, Kurukshetra. Aanchal serves on the boards of the Internet Security Research Group and Silicon Valley CISO Investments, is a Fellow of the RSA, and actively supports cybersecurity innovation through Grace Hopper, Enigma, and Black Hat.

Jason Haddix, also known as jhaddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is also the Field CISO for Flare.io. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards. A prolific speaker, Jason has delivered numerous talks on offensive security methodologies at major conferences including DEFCON, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, and Toorcon, among others.

Nathan Hamiel is Senior Director of Research at Kudelski Security, where he leads the fundamental and applied research team, part of the Innovation group working to define the future of the company’s products and services. He focuses on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. Nathan is passionate about risks at the intersection of technology and humanity and shares his thoughts on his blog, Perilous.tech. During his nearly 25 years in cybersecurity, he has been a regular public speaker, presenting his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, serving as the AI, ML, and Data Science track lead.

Rich Harang is a Distinguished Security Architect at NVIDIA, specializing in ML/AI systems, with over a decade of experience at the intersection of computer security, machine learning, and privacy. He received his PhD in Statistics from the University of California Santa Barbara in 2010. Prior to joining NVIDIA, he led the Algorithms Research team at Duo, led research on using machine learning models to detect malicious software, scripts, and web content at Sophos AI, and worked as a Team Lead at the US Army Research Laboratory. His research interests include adversarial machine learning, addressing bias and uncertainty in machine learning, and ways to use machine learning to support human analysis. Richard's work has been presented at USENIX, Black Hat, IEEE S&P workshops, and DEF CON AI Village, among others, and has also been featured in The Register and KrebsOnSecurity.

Jason Healey is Senior Research Scholar at Columbia University's School for International and Public Affairs. He helped create the world’s first cyber command, in 1998, where he was a pioneer of cyber threat intelligence. He stood up the first cyber response and CTI capability at Goldman Sachs and twice worked cyber-policy issues at the White House, including as a founding member of the Office of the National Cyber Director, helping to draft the National Cybersecurity Strategy. He founded the Cyber 9/12 Strategy Challenge and is the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He is also on the DEF CON review board.

Charles Henderson is located in Austin, Texas. He is the Executive Vice President of Cyber Security Services at Coalfire. Throughout his career, Charles and the teams he has managed have specialized in threat intelligence, incident response, penetration testing, adversary simulation, vulnerability management, and vulnerability research. Formerly leading IBM X-Force and Trustwave SpiderLabs, Charles has spoken at numerous security conferences, including Black Hat and RSA Conference. He has also appeared in various television and print media coverage.

Jeff Horne is the Head of Security at Skydio, a leading drone company specializing in autonomous vehicles. Jeff is responsible for security direction both within Skydio products and internal security. Prior to Skydio Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, and Physical Security. Before Optiv, he was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy as well as managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Jeff is an accomplished security professional with over 20 years of experience and a strong background in reverse engineering, exploitation, and malware research. He has authored several vulnerability disclosures and patents throughout his career.

Bill Jaeger leads Lenovo's Infrastructure Solutions Group (ISG) Product Security Office and works with Lenovo's global product teams and industry partners to enhance and align the security of Lenovo's product offerings with enterprise customer needs. He is a founding member of Lenovo's Corporate and ISG Product Security Offices and has been instrumental in driving product security strategy and security "firsts" at Lenovo. Bill was awarded Lenovo's top honor in recognition for his transformative achievements.

Prior to joining Lenovo, Bill spent 20+ years solving complex security, operational, and technical challenges for commercial and government customers.

Bill is an author, speaker, and inventor with security-related patents issued and pending. He is also a member of the Astronaut Scholarship Foundation's board of trustees.

Jeff Jarmoc is a Staff Product Security Engineer at GitHub. Prior to joining GitHub, in his past, Jeff has held various roles at Salesforce, Matasano Security, NCC Group, and SecureWorks. He's also worked in security teams within healthcare and financial organizations. Jeff has presented his research work at several security conferences, including: Black Hat USA & EU, DEF CON, 44Con, Derbycon, and Thotcon.

Maggie Jauregui (@_m46s) is an offensive security researcher with a focus on low level platform security and over 15 years of industry experience. Maggie is also President of Security BSides Portland, the non-profit organization that puts together BSidesPDX. Throughout her career, Maggie has presented her research and delivered technical training on firmware and physical attack security topics at conferences around the world including DEFCON, Black Hat, and CanSecWest among others.

Monnappa K A is a Security professional with over 15 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis."He is the review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility plugin contest 2016. He co-founded the cybersecurity research community "Cysinfo". He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel, and you can read his blog posts at cysinfo.com

Ellen Cram Kowalczyk is a seasoned security expert specializing in human factor security, including social engineering. She is currently focused on securing Amazon Devices and Services. Ellen has held various roles in large organizations, such as leading the AWS EC2 Security team at Amazon and overseeing the AppSec, SRE Security, Usable Security/Fraud, and Abuse teams at Microsoft. Most recently, she collaborated with teams across Alphabet to strengthen their cloud security. Ellen has spoken at numerous conferences, including RSA and multiple B-Sides. She resides in Seattle with her family and two playful French Bulldogs.

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.

Anthony Cheuk Tung Lai works at VX Research Limited on malware investigation, incident response, and offensive security testing. He began hacking after playing Chroot wargame and Beist CTF, reading 2600, and China hacker magazines. He has spent the last 20 years working in the risk and security areas of MNCs in the financial industry.

Anthony is a hobbyist bug hunter and creator of CTF challenges who hacks for fun and belief. In addition to VXCON, which he founded and chairs, he also spoke at Black Hat, DEFCON, Secuinside, AVTokyo, Hack In the Box, HITCON, and DFRWS.

He earned his doctorate from HKUST, where he also worked in the cybersecurity lab and focused on malware and vulnerability research. His credentials additionally include SANS GREM (Gold), GXPN, GCIH, and Offsec OSEE.

Federico Maggi has more than a decade of research experience in the cybersecurity field and has worked on offensive and defensive projects in web applications, network protocols, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices.

Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review.

Currently employed as a Security Engineering Manager at AWS with focus on server firmware and hardware, Federico has been a Research Expert in the Huawei AI4Sec Research team, and a Senior Researcher with Trend Micro. Previously, Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside from his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students.

Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences.

More info about Federico and his work is available online at maggi.cc

Maria Markstedter is the CEO and founder of Azeria Labs. She has spent her career focused on all things Arm, from reverse engineering to exploit development, sharing her passion for the architecture by teaching thousands of people around the world, both for free and through her highly specialized and popular courses. She is the author of the book Blue Fox: Arm Assembly Internals & Reverse Engineering (Wiley, 2023).

She has delivered keynote speeches at various conferences, including the Arm Research Summit and Black Hat USA 2023. Her work has earned her recognition as a Forbes "30 Under 30" honoree (2018) and Forbes Person of the Year in Cybersecurity (2020). Beyond her technical research, she serves on the Cybersecurity Advisory Committee Board at Inditex and is an Adjunct Professor at Johns Hopkins SAIS. You can find her on X at @fox0x01.

Marion Marschalek is an independent security consultant and trainer with her consulting company Hack & Cheese. Prior to that she held senior positions at AWS and Intel, and different roles in the threat detection industry, as a malware reverse engineer and incident responder. Marschalek is a frequent speaker at major security conferences, including Black Hat, Defcon, HITB, RSA, and SyScan, among others. She used to teach reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry. In her spare time she enjoys long distance running.

Allison Miller is the Founder and CEO of Cartomancy Labs, an advisory firm that guides teams in innovating and solving problems anywhere that people, money, and technology connect. Prior to establishing Cartomancy Labs, Allison was the CISO and VP of Trust at Reddit where she led the cybersecurity, privacy, risk, and safety teams.

With decades of experience at the intersection of cybersecurity, fraud, and abuse, Allison is known for implementing real-time risk prevention and detection systems running at internet-scale, with a proven track record of building and protecting customer-facing platforms and services (both B2C and B2B). She has also led major initiatives to engineer the defenses for core payment and e-commerce systems and technologies, having held technical and leadership roles at Bank of America, Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk, sits on the Faculty at IANS, and has been recognized by SC Media as a Power Player in IT Security.

Shubham Mittal is the CEO of RedHunt Labs, a leading 360-degree Attack Surface Management platform. Previously, he served as the CTO of Neotas and co-founded Recon Village, an OSINT-focused mini-conference at DEFCON.

As a dedicated Black Hat trainer, Shubham delivers the highly-regarded ‘Tactical OSINT for Pentesters’ course. He has trained and presented to various government organizations, and security firms, and at notable conferences such as Black Hat, DEFCON, HackMiami, and Nullcon.

Shubham has a strong foothold in OSINT, Recon, Cybersecurity, and Product Engineering. His expertise covers Offensive and Defensive security, Open Source Intelligence, and Perimeter Security. Actively involved in the Null-Open Security Community, Shubham prefers working from the command line and using the vi editor.

Asuka Nakajima is a cybersecurity researcher and engineer based in Tokyo, Japan. With over a decade of experience in computer security, her expertise spans software and endpoint security, reverse engineering, and cybersecurity research and development. She has presented at numerous international conferences, including Black Hat Briefings (USA, Europe, and Asia), ACM AsiaCCS, CODE BLUE, Nullcon, PHDays, ROOTCON, and BSides Singapore, and currently serves on the Review Boards for Black Hat USA and Asia as well as CODE BLUE. In addition to her research and conference activities, Asuka is the founder of CTF for GIRLS, Japan’s first information security community for women.

She has received several prestigious awards, including Forbes JAPAN’s Women in Tech 30 (2026), Cybersecurity Women Supporter of Japan (2025), the 15th Information Security Culture Award, the Cybersecurity Encouragement Prize from Japan’s Minister for Internal Affairs and Communications, and the Rakuten Technology Excellence Award. She is also the author of two books: Cyber Attack (Kodansha Bluebacks, 2018; over 20,000 copies sold) and Introduction to Security Contests (Gijutsu-Hyoronsha, 2022).

She currently works at Elastic as a Senior Security Research Engineer, focusing on endpoint security product R&D.

Lucas Nelson is a Partner at Lytical Ventures and member of its investment committee where he oversees day-to-day fund operations. This includes deal sourcing, technical diligence and deal structuring. Lucas is also responsible for working with the companies in the investment portfolio (including any board responsibilities), as well as managing relationships with limited partners, the venture ecosystem and the back office.

Prior to joining Lytical Ventures, Lucas was a Principal at Evolution Equity and a Principal at Gotham Ventures. Lucas was also a Venture Partner at Antecedent Ventures, a Sr. Manager of Secure Software Engineering at Adobe and a pen tester at @Stake. Lucas holds an MBA from Dartmouth and a BS in computer science from Purdue University. He is also a Kauffman Fellow.

Mariano Nunez is a technology entrepreneur and cybersecurity researcher. In 2007, he became the first to expose the cybersecurity risks affecting ERP systems and business-critical applications. Since then, he has been invited as a speaker and trainer at leading security conferences, including Black Hat, RSA, and SANS, as well as at Fortune 100 companies and defense organizations. Under his leadership, Onapsis became the leader in protecting business applications and one of the fastest growing cybersecurity companies. His contributions to the security community include developing the first open-source SAP and ERP penetration testing frameworks (sapyto/bizploit) and discovering hundreds of zero-day vulnerabilities and novel attack/defense techniques in enterprise applications from SAP, Oracle, IBM, and Microsoft.

Dr. Pamela O'Shea is the head of Shea Information Security which provides security consulting, training and penetration testing services to some of Australia's most prominent tech companies. Pamela has a Ph.D. in computer science and has presented at security conferences including Black Hat Asia, BSides Canberra and OWASP. She has lectured at the Royal Melbourne Institute of Technology (RMIT) and is the founder of the haXX group which provides technical classroom training and mentorship to women starting out in the security field. Outside of consulting, teaching and research, Pamela enjoys HAM radio and satellite communications and runs the Melbourne CyberSpectrum meetup on Software Defined Radio (SDR).

Kymberlee Price is a dynamic engineering leader known for developing high-performing multidisciplinary teams responsible for the security and integrity of software products, services, and infrastructure. A recognized expert in the information security industry, she has over 20 years experience in product and application security, incident response and investigations, coordinated vulnerability disclosure and bug bounties, Secure Development Lifecycle (SDL), Threat Modeling, Open Source Security strategy, and Security Community, Culture and Gamification models.

Ms. Price speaks regularly at conferences around the world and is currently on the content review boards for Black Hat USA and LocoMocoSec.

Thomas Ptacek is a principal at Latacora, which runs security teams for startups.

A software security practitioner since 1995, Thomas worked at Secure Networks, Network Associates, McAfee, and Arbor networks before cofounding Matasano Security, which is now part of NCC Group.

Enno Rey is a long-term network security enthusiast with lots of practical experience in the space, both from an offense and a defense perspective.

Tom Ritter is a Principal Security Engineer and recovering consultant at Mozilla, working on anti-exploitation, privacy, and other new and evolving security features. He participates in standards bodies, in-the-wild exploit response, and is a Tor Project Core Contributor. Previously, he did all manner of security consulting at NCC Group and iSEC Partners, including managing the Cryptography Services practice and pioneering the production of fully-public audit reports. While consulting, Tom participated in numerous public audit reports including TrueCrypt and Tor Browser; presented talks and trainings at security conferences in Europe, North, and South America; and presented his research on NPR, CNN, and other media outlets.

Jen Savage is an Offensive Security Consultant for ACTIVECYBER, LLC. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Application Security and the Internet of Things.

Chi-en “Ashley” Shen is a Security Research Engineering Technical Leader at Cisco Talos, specializing in emerging threat research—ranging from nation-state attacks to financially motivated crimes and spyware campaigns. Before joining Cisco, she worked at Google’s Threat Analysis Group, where she hunted zero-day exploits and tracked botnets. Prior to that, she was part of Mandiant’s Global Research Team, where she co-authored the APT41 report and published research on ICEFOG campaigns. In Taiwan, Ashley co-founded Team T5 and served as a senior threat analyst with a focus on targeted attacks in APAC. A passionate advocate for women in cybersecurity, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan, and she currently organizes Rhacklette, a security community for FINTA in Switzerland. She has presented her research at a range of conferences, including Black Hat, HITB, HITCON, FIRST, Pivotcon and CODE BLUE. In her free time, she supports the community by offering training sessions and serving on the review boards for Black Hat, HITCON, and HITB.

Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He helped create the CVE and many other things. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft. While there, he fixed Autorun for hundreds of millions of systems. Beyond consulting and training, Adam is the author of Threat Modeling: Designing for Security, Threats: What Every Engineer Should Learn from Star Wars, and the co-author of The New School of Information Security. He's also an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Anant Shrivastava is the founder of Cyfinoid Research, where he publishes much of his research as open-source tools. He has experience across security, both offensive and defensive, as well as development and operations. He has a long history of engagement with leading security conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant has built multiple open-source projects and curates the Hacking Archives of India. When not engaged in official work, he contributes to open communities with the shared goal of spreading practical information security knowledge. linkedin.com/in/anantshri and anantshri.info

Natalie Silvanovich leads Google Project Zero. Her current research focus is 0-click vulnerabilities. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

Window Snyder is a security industry veteran and former Chief Security Officer at Square, Fastly and Mozilla. She previously spent five years at Apple responsible for security and privacy strategy and features for OS X and iOS. Other roles include Chief Software Security Officer at Intel, Chief Security Something-or-Other at Mozilla and a founder at Matasano, a security services and product company based in New York City, acquired by NCC Group in 2012.

As a senior security strategist at Microsoft in the Security Engineering and Communications organization, she managed the relationships between security consulting companies and the Microsoft product teams and the outreach strategy for security vendors and security researchers. Previously she was responsible for security sign-off for Windows XP SP2 and Windows Server 2003.

Ms. Snyder was Director of Security Architecture at @stake. She developed application security analysis methodologies and led the Application Security Center of Excellence. She was a software engineer for 5 years focused primarily on security applications, most recently at Axent Technologies, now Symantec.

Ms. Snyder is co-author of Threat Modeling, a manual for security architecture analysis in software.

Dr. Jason Staggs is a Cyber Security Researcher and Adjunct Assistant Professor of Computer Science at The University of Tulsa. Jason's research interests include critical infrastructure protection, telecommunications security, embedded systems security engineering, penetration testing and digital forensics. Jason has spoken at national and international conferences, authored various peer-reviewed publications and lectured undergraduate and graduate level courses on a variety of cyber security topics. In his spare time, Jason enjoys reverse engineering proprietary network stacks in embedded devices and diving through ancient RFCs to demystify obscure network protocols. Jason attended graduate school at The University of Tulsa where he earned his MS and PhD degrees in Computer Science.

Maddie Stone is a Security Researcher who has spent the last 5 years specializing in 0-days actively exploited in-the-wild. Previously, she worked on Google's Project Zero and Threat Analysis Group (TAG). Maddie has found vulnerabilities in many major platforms including Safari, Chrome, Android, and Windows. She also previously worked as a reverse engineer and team lead on the Android Security team. In 2020, Maddie was named to the "Wired25: People Who Are Making Things Better".

Robert Stratton is a security strategist, technologist, venture capitalist and business advisor. He has had a hand in bringing some of the earliest security products to market in several categories including VPNs and network intrusion detection, and established one of the first dedicated security organizations within a tier-1 Internet service provider at UUNET.

He was a founding General Partner of the Mach37 Cyber Accelerator, and the first Director of Technology assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community.

Robert served as Chief Strategy & Security Officer at Witopia, and Director of Government Research at Symantec Research Labs. As a co-founder and Chief Technologist of Security Design International, he was doing multinational and critical infrastructure security architectures, penetration testing, digital forensics, and incident response before they were cool.

Robert is a Member of the IEEE, the ISSA, the IEEE Computer Society, and IEEE Working Group P7014, developing a Standard for Ethical Considerations in Emulated Empathy in Autonomous and Intelligent Systems.

Chris Thompson (aka retBandit) is the founder and co-organizer of Offensive AI Con and the head of IBM's Adversary Services team. Chris has extensive experience performing red teaming operations against defense contractors, nuclear power plants, critical industries, and many of the world's largest banks and financial services firms. His background includes working as a contract Computer Network Exploitation (CNE) operator providing training, and capability development for various government defense partners and lawful intercept/foreign intel programs. He founded the X-Force Adversary Services team in 2018, responsible for simulating real-world attacks by sophisticated threat actors. Chris has presented his research at many conferences such as DEF CON, Black Hat, ToorCon, SecTor, BSides, SANS, Shmoocon and Wild West Hackin' Fest.

Yuji Ukai is the chief executive officer of FFRI, Inc, known as a technical opinion leader in Japanese security industry.

After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.

In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.

Vandana Verma is a seasoned security professional. She is a seasoned speaker / Trainer and presented at various public events ranging from Global OWASP AppSec events to Black Hat events to regional events like BSides events in India.

She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec and null. Vandana is a member of the Black Hat Asia and Europe Review Boards as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few.

She has been the recipient of multiple prestigious awards like Cyber Security Leader of the Year Award 2023 by BSides, the Resilient CISO award by Dynamic CISO, Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource, Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category "Secure Coder". She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

Nico Waisman is a leader and innovator in the field of cybersecurity. With a passion for addressing complex security challenges, Nico has dedicated his career to advancing the protection of digital assets and systems. Prior to his current role at <Stealth Company>, Nico was the CISO at Lyft overseeing security and privacy for millions of customers. With over two decades of experience in the security industry, Nico has held esteemed security leadership positions at renowned organizations such as GitHub, Semmle, Cyxtera, and Immunity. He is widely recognized as a security expert and has imparted his knowledge to government and commercial sector students worldwide through private and public classroom settings. His expertise has been showcased at prestigious conferences, including Black Hat, Pacsec, Syscan, Ekoparty, among others.

Nico enjoys engaging with the community, sharing insights and best practices to empower individuals and organizations to safeguard their digital assets.

Steve Weis is a Member of the Technical Staff at Anthropic working on data security and privacy. Previously, Steve has worked for security teams at Databricks, Facebook, Google, and founded a security startup named PrivateCore. Steve received a PhD in cryptography from MIT.

Jos Wetzels is a co-founding partner at Midnight Blue. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He has discovered zero-day vulnerabilities across tech stacks ranging from bootloaders and RTOSes to proprietary protocol implementations.

At Midnight Blue, he has consulted to government agencies, grid operators, and Fortune 500 companies worldwide and has been involved in the first ever public analysis of the TETRA radio standard used by police and critical infrastructure globally - uncovering several critical vulnerabilities.

Prior to founding Midnight Blue, he worked as a security researcher and reverse engineer at Forescout where he developed state-of-the-art intrusion detection capabilities for Operational Technology (OT) environments. Jos is a regular conference speaker and has presented at events such as Black Hat, DEF CON, CCC, Usenix, HITB, OffensiveCon, ReCon, EkoParty, and others.

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.

Kyle Wilhoit is an internationally recognized security researcher and threat intelligence leader with more than a decade of experience helping research teams deliver original and organized threat intelligence and research. In his current role as Director, Threat Research on Palo Alto Networks Unit 42, Kyle is responsible for leading teams of world renowned threat researchers that identify, track and unearth technical intelligence related to threat actor groups, attack frameworks, targeted attack campaigns, and malware.

At his previous role at Palo Alto Networks, Kyle was a Principal Threat Researcher, focusing on nation state actors and their related tactics, techniques, and procedures. Prior to Palo Alto Networks, Kyle performed a litany of roles focusing specifically on threat hunting, malware analysis and research at companies such as Domaintools, Trend Micro, Fireeye and others.

Kyle has presented at over 50 cybersecurity conferences around the globe, with Kyle actively serving on the Review Board for Black Hat US since 2017, where he’s responsible for assisting in the selection of several conference tracks. Kyle has consulted several worldwide governmental bodies, including the International Atomic Energy Agency (IAEA), US Congress, the US Department of Commerce and others. His research has supported investigative stories in several publications, including ABC, CNN, BBC, CNN, The New York Times, WIRED, MIT Technology, and many additional outlets. Additionally, Kyle is a co-author on two books- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions in addition to the book Operationalizing Threat Intelligence.

Neil R. Wyler (a.k.a. Grifter) is the Vice President of Defensive Services for Coalfire. He has spent over 20 years as a security professional, focusing on penetration testing, physical security, incident response, and threat hunting. He has been a staff member of the Black Hat Security Briefings for 22 years and a member of the Senior Staff at DEF CON for 23 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs.

Chris Wysopal is the co-founder and Chief Security Evangelist at Veracode. Prior to joining Veracode, Chris worked as a software developer before diving into security research and security consulting. He had security research roles at several companies, including Symantec, @stake and the hacker think tank, L0pht where he was one of the original vulnerability researchers in the 1990s. He has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and of the Computer Society, which has named him a Distinguished Visitor and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano also co-founded Secure Network, a leading cybersecurity assessment firm, and BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Steve Adegbite is the Chief Technology Officer(CTO) and Co Finder of CyBase Risk Management, where he helps organizations prepare for high-stakes cyber and business disruptions. As the CTO managing the evolution of CyFireAI—an AI-powered crisis simulation platform, that challenges leadership teams with a new question: Can you defend your decisions?

As a 25+ year Cybersecurity and Technology expert who has worked in senior and executive positions in the United States military, US Intelligence Community, US Defense Industrial Base, as well as Financial and Technology sectors. Mr. Adegbite has provided cybersecurity expertise as a member of the US Department of Homeland Security Advisory Council for over 10+ years. He has also served as the Chairperson and Board member for the International Cybersecurity forum (Forum of Incident Response and Security Team-FIRST). He presently serves as a board member of the Georgia Technology Authority for the state of Georgia.

Michael Bargury is a hacker, builder, and cybersecurity founder. He demonstrated the first tangible attack on an enterprise AI system. His research revealed novel attack vectors on AI systems and cloud applications, and established countermeasures through open source tooling and security standards. He is the Co-founder and CTO of Zenity, where he helps enterprises secure AI agents. He co-leads OWASP AIVSS and LCNC Top 10, and is a core contributor to MITRE Atlas and OWASP GenAI. He regularly delivers research and talks at top conferences including DEFCON and Black Hat.

Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol.

She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.

Sherrod DeGrippo is General Manager of Global Threat Intelligence and host of the Microsoft Threat Intelligence Podcast. She has been recognized as Cybersecurity Woman of the Year (2022) and Cybersecurity PR Spokesperson of the Year (2021).

Before her current role, Sherrod served as Director of Threat Intelligence Strategy at Microsoft. Her background also includes serving as Vice President of Threat Research and Detection at Proofpoint, where she led a global team focused on threat research, malware analysis, and intelligence operations. With more than two decades of cybersecurity experience, she has held senior roles at Nexum, Symantec, Secureworks, and the National Nuclear Security Administration.

Sherrod is a frequently cited expert across major media outlets and a regular speaker at global security conferences.

Alex Pinto is a director of threat intelligence at Verizon. He has been responsible for publishing the Verizon Data Breach Investigations Report since the 2020 edition, among a myriad of other research, product management and engineering roles in the company. Prior to his work at Verizon, Alex was a successful startup founder at two different companies: Niddel, an AI-based network detection company acquired by Verizon in 2018 and Cipher Security, one of the first cybersecurity consulting firms in Brazil, where he is originally from.

He has more than a couple decades of experience in cybersecurity, and more than half of those were dedicated to the intersection between cybersecurity, good old machine learning and data science. He is a frequent public speaker at security conferences, including Black Hat, DEF CON and RSAC Conference, and he has collected many of those fancy cyber-certifications along the years. His hobbies include creating corny footnote jokes for the DBIR and playing video games.

Carl Smith is interested in Fuzzing, Vulnerability Research and Exploit Development with a focus on Browser Security, he is a part of Google's V8 Security Team. He was previously interning at Exodus Intelligence as part of their Browser Exploit Development team and also at Google Project Zero. Carl started his journey into the security field as a part of the FluxFingers, Ruhr-University Bochum's CTF team, with whom he participated in various CTFs around the world.