Training Review Board

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).

Jonathan Squire is a Principal Security Engineer working on infrastructure security for a well-known cloud computing company. Previously Jonathan has held similar roles in publishing and media as well as telecommunications. With over 25 years in the security industry, Jonathan's expertise covers a wide range of skills including security architecture, incident response, attack and defense techniques, reverse engineering, and extreme curiosity in how everything works. While working at his day job, Jonathan is credited with accomplishments that include developing an Information Security model for the enterprise, designing and implementing a system for automated network micro segmentation, architecting a secure, centralized credit card processing solution, and guiding the design of the security infrastructure deployed throughout many customer facing properties. Mr. Squire is also responsible for providing direction in governance and industry best practices. In his spare time, Jonathan is known to enjoy disassembling, abusing, and reassembling any piece of technology to understand all of its capabilities. Jonathan has presented on many of these creations and the flaws that allowed the security to be bypassed at conferences including Black Hat.

Andrew MacPherson has been working in infosec for over a decade, most predominately at Paterva where he worked on building Maltego for 10+ years. He holds a bachelors in Information Science and hails from sunny South Africa. He has spoken at many different conferences including Blackhat, DEF CON and ZaCon as well as having taught more than 16 different Black Hat courses. He enjoys cat memes and punk rock.

Rich Mogull has been in the security industry for over 25 years and describes himself as a rogue disaster response paramedic. A former Gartner analyst, he reformed himself and founded Securosis in 2007 and has published entirely too much free, practitioner-focused research there or via the Cloud Security Alliance. He also founded a cloud security startup that was acquired by FireMon. He’s a licensed paramedic and private pilot, a sandtrooper in the 501st legion, a lapsed black belt, and serial hobbyist.

Maria Markstedter is the founder and CEO of Azeria Labs, a company that provides training services to some of the world's top tech companies and law enforcement agencies. In addition, Maria is the author of the book "Arm Assembly Internals and Reverse Engineering - Blue Fox Edition", published in May 2023. With a Bachelor's degree in Corporate Security and a Master's degree in Enterprise Security, Maria has held key positions in various startups, including her role as the Chief Product Officer for Arm virtualization startup Corellium. In 2018, Maria was honored as a Forbes "30 under 30" in technology and has since been featured in Vogue Business Magazine. Her expertise in Arm reverse engineering and binary exploitation earned her the title of Forbes Person of the Year in Cybersecurity 2020. Maria has collaborated with Arm on exploit mitigation research in Cambridge and continues to empower security researchers and developers globally to effectively attack and defend Arm-based software.

Matteo Memelli (a.k.a. ryujin) is an information security professional with over 15 years of experience in researching and exploiting vulnerabilities. Matteo is currently with Amazon Web Services as a Senior Security Engineer, where he spends his days fuzzing network protocols, firmwares and application software that make up the AWS network infrastructure.

Specialized in binary exploitation and reverse engineering, Matteo has spent more than a decade of his career also developing cutting edge infosec educational content for Offensive Security. He has delivered courses for not only BlackHat, but for private clients as well. While working with Offensive Security, Matteo was the original architect of the "Advanced Windows Exploitation" course, as well as the "Offensive Security Certified Expert" and "Offensive Security Exploitation Expert" certifications. He also conducted a number of security assessments against mature and hardened targets; developing 0-day exploits and logical attack chains against metropolitan law enforcement departments, foreign central banks, and other non-traditional commercial clients.

Gabrielle Hempel is renowned for her expertise in Cloud Engineering, Vulnerability Management, Critical Infrastructure Security, and Network Detection and Response (NDR). With an MS in Cybersecurity and Global Affairs from NYU, she has contributed significantly to the field, including a distinguished thesis on Critical Infrastructure Security. Named an 'Emerging Leader' by the National Security Innovation Network in 2022, Gabrielle is also a prominent speaker at industry-leading conferences like BlackHat and DefCon. Her thought leadership is published in numerous peer-reviewed journals and media outlets. This fall, Gabrielle will be embarking on a new journey as a 1L at Purdue University Law School focusing on technology law, aiming to bridge her technical expertise with legal acumen. Committed to service, she volunteers with the Marine Corp Cyber Auxiliary and serves in crucial roles within the cybersecurity community, including the NOC at global BlackHat conferences and as a Briefings Review Board member for Black Hat MEA, continually fostering advancements in cybersecurity.

Sam Davison is a Security, Privacy, and Trust & Safety leader. She is currently the Head of Security and Privacy Engineering at Etsy, helping keep commerce human, secure, and privacy preserving. Davison has held leadership roles at the Krebs Stamos Group, Robinhood, Lyft, Snap Inc., and Uber where she led efforts with a particular emphasis on behavioral engineering, offensive security, and trust & safety. Before working in Silicon Valley, she conducted extensive research on the efficacy of security engagement and co-led a consulting firm that built behavioral-based programs for 15+ Fortune 500 companies. Davison has volunteered throughout her career, lending her expertise to victims of online harassment and election protection efforts.

Security executive with 25+ years across military, government, consulting, big tech, aviation, and healthcare. I build security programs that protect people; not programs that punish them for not being security experts. It's not a forklift driver's job to spot a phishing email. It's our job to make sure they never have to. My career arc, Marine Corps Combat Engineer to Pentagon Red Teamer to Fortune 7 VP of Information Security, gave me technical credibility I never outgrew and strategic range that scales across industries. I've built and led multiple security organizations (largest: 25+ across Red Team, Vuln Mgmt, EDR, and Endpoint Strategy), directed a $25M IAM program protecting global aviation, and served on an AI Security Review Board before most enterprises had the conversation. I still hold OSCP, CRTO, and GCIH because CISOs who lose touch with the craft lose the trust of their teams. I pair that depth with an MBA, Carnegie Mellon CISO Program, and Boardroom QTE certification to translate technical risk into board-level language that drives investment decisions. As organizations race toward AI, I bring hands-on fluency, from building with LLMs and agentic tools to establishing enterprise AI governance. I've published 25+ open source security tools, instructed at Black Hat USA for 14 consecutive years, and served as Senior Technical Advisor for HBO's Silicon Valley. Founder, Verified Security LLC (corporate security training). Chairman, VMRG. Co-Founder, NoVA Hackers. Creator, restincode.com.

Anant Shrivastava is the founder of Cyfinoid Research, where he publishes much of his research as open-source tools. He has experience across security, both offensive and defensive, as well as development and operations. He has a long history of engagement with leading security conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant has built multiple open-source projects and curates the Hacking Archives of India. When not engaged in official work, he contributes to open communities with the shared goal of spreading practical information security knowledge. linkedin.com/in/anantshri and anantshri.info