Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.
Daniel Cuthbert is the Chief Operating Officer at SensePost. With a career spanning 20+ years in penetration testing, red teaming and secure software design. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).
Dino Dai Zovi is the Mobile Security Lead at Square. He has been working in information security for over 15 years with experience in red teaming, penetration testing, software security, information security management, and cybersecurity R&D. Dino is also a regular speaker at information security conferences having presented his independent research on memory corruption exploitation techniques, 802.11 wireless client attacks, and Intel VT-x virtualization rootkits at conferences around the world including Black Hat, RSA, DEFCON, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker's Handbook" (Wiley, 2009) and "The Art of Software Security Testing" (Addison-Wesley, 2006). In 2008, eWEEK named him one of the 15 Most Influential People in Security. He is best known in the information security and Mac communities for winning the first PWN2OWN contest at CanSecWest 2007.
Matt Devost is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cybersecurity issues.
Currently, Mr. Devost is President & CEO of FusionX, LLC, a cybersecurity consultancy that helps international corporations identify and manage dynamic threats in complex operational environments. Additionally, Mr. Devost has been an Adjunct Professor at Georgetown University since 2002 where he teaches a graduate course on Information Warfare and security, and is a Founding Director of the Cyberconflict Studies Association. Mr. Devost founded the Terrorism Research Center, Inc. (TRC) in 1996, where he served as President and CEO until November 2008. As founder and President, Mr. Devost oversaw all research, analysis, intelligence, assessment, and training programs. Previously, Mr. Devost held leadership positions at iSIGHT Partners, Technical Defense, Security Design International, iDEFENSE and SAIC. Mr. Devost has been a speaker at hundreds of international conferences and a contributor/author to several books on terrorism and information security.
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 28+ years, his research interests include computer network operations, forensics and reverse engineering. He has been a speaker at conferences such as Black Hat, Defcon, Infiltrate, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. A former winner of the Defcon Capture the Flag Competition, he is currently working with DARPA to build their Cyber Grand Challenge competition.
Thomas Dullien / Halvar Flake started work in reverse engineering and digital rights management in the mid-90s, and began to apply reverse engineering to vulnerability research shortly thereafter. He pioneered early windows heap exploitation, patch diffing / bindiffing and various other reverse engineering techniques. In 2004, he started zynamics, a company focused on reverse engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering. In 2011, zynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then hot buzzwords "big data" and "machine learning". In summer 2015, Halvar received the lifetime achievement Pwnie, and decided to take a year off to travel, read, and surf. Since November 2016, he is back at Google.
Trey Ford is the Head of Trust at Heroku, a division of Salesforce. Heroku's Trust organization is responsible for the service reliability engineering and information security of the platform.
Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and provided services ranging from strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.
Nathan Hamiel is a Managing Consultant for FishNet Security's Application Security Practice. He is also an Associate Professor of Software Engineering at the University of Advancing Technology. He spends most of his time focusing in the areas of application, Web 2.0, and enterprise security. Nathan has been a speaker at security events around the world including: Black Hat, DefCon, ShmooCon, ToorCon, SecTor, OWASP and many others. He is also a developer of several open source security projects including the pywebfuzz and RAFT. Twitter: @nathanhamiel.
Robert Hansen is the Vice President of WhiteHat Labs at WhiteHat Security. He's the former Chief Executive of SecTheory and Falling Rock Networks which focused on building a hardened OS. Mr. Hansen began his career in banner click fraud detection at ValueClick. Mr. Hansen has worked for Cable & Wireless doing managed security services, and eBay as a Sr. Global Product Manager of Trust and Safety. Mr. Hansen contributes to and sits on the board of several startup companies. Mr. Hansen has co-authored "XSS Exploits" by Syngress publishing and wrote the eBook, "Detecting Malice." Robert is a member of WASC, APWG, IACSP, ISSA, APWG and contributed to several OWASP projects, including originating the XSS Cheat Sheet. He is also a mentor at TechStars. His passion is breaking web technologies to make them better.
Jeff Horne is currently the Senior Director of Information Security at SpaceX. Jeff is an accomplished security professional with over 16 years in reverse engineering, vulnerability assessment, antivirus engine creation, incident response, and malware research experience. Prior to SpaceX Jeff was the Vice President of R+D and Chief Architect with Accuvant LABS where he oversaw teams of researchers specializing in malicious code, incident response, breach analysis, and vulnerability assessment. Prior to Accuvant LABS, Jeff pursued a variety of roles in research and software engineering at other major security companies. Jeff worked as a Vulnerability Researcher at Internet Security Systems, where he was responsible for vulnerability discovery, exploit creation, IDS evasion research, and behavioral detection of malware. At Webroot Software, Jeff was the Director of Threat Research where he led several teams of malware researchers, reverse engineers, and a development organization specializing in creating anti malware functionality and signatures for all Webroot products. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.
Vincenzo Iozzo is an Entrepreneur in Residence at Rakoku Holdings where he focuses on Information Security. In addition to his work at Rakoku Holdings, Vincenzo is a Partner at the Italian business incubator iStarter SpA. Prior to that, Vincenzo was the Chief of Staff and Principal Security Engineer at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. His specialized research in Mac OS X security, smartphone exploitation, and exploit payloads has been presented at information security conferences around the world including Black Hat, CanSecWest and Microsoft BlueHat. In 2008, he was selected to participate in the Google Summer of Code and developed a testing infrastructure for TrustedBSD, the Mandatory Access Control system that became the foundation for sandboxing technologies included in Mac OS X. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012. Twitter: @_snagg.
Andreas Lindh is a vulnerability researcher and consultant, currently working for Recurity Labs GmbH. He has over a decade of applied security experience, spanning areas such as application security, vulnerability research, network intrusion detection, incident response, and malware analysis. Andreas helped co-found Security Without Borders, a collective of hackers, developers, and security professionals, working pro bono to offer security assistance to organizations and people fighting for human rights. He has presented his work at conferences such as, among others, Black Hat USA, Troopers, and Security Fest.
Ping Look has over a decade of experience building, promoting and managing events in the IT space including two of the most iconic and massively influential IT security events: The Black Hat Briefings + Trainings and DEF CON. At Black Hat she managed the growth of brand from obscurity to profitability and grew the event from a three track, two-day event to a six day, 11 track and training intense event that brought together the best and the most relevant (and occasionally the most obscure) speakers and content providers to Black Hat events in Asia, Europe, the Middle East and the US. During her tenure at Black Hat she was often referred to as the Ping of Death aka "The One You Don't Want to Piss Off (or you will die)".
Ping is currently engaged as a program manager on the Detection and Reaction Team (DART) at Microsoft, Enterprise Cybersecurity Group.
Marion Marschalek is a malware reverse engineer on duty for Cyphort, Inc., focusing on the analysis of emerging threats and exploring novel methods of threat detection. She teaches malware analysis at University of Applied Sciences St. Pölten and frequently appears as speaker at international conferences. Two years ago Marion won Halvar Flake's reverse engineering challenge for females, since then she set out to threaten cyber criminals. She practices martial arts and has a vivid passion for taking things apart. Preferably, other people's things.
Former Chief Security Officer and VP at ICANN, Founder of Black Hat and DEF CON Conferences
Mr. Moss advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic. He sits on several advisory boards helping enterprises make informed decisions on cyber risks.
In April 2011 Mr. Moss was appointed as the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers as well as maintaining the root zone of the Internet. This position involved managing the IT security of the ICANN networks and information systems, the physical security of ICANN facilities and meetings, and ensuring that ICANN meets its security and resiliency commitments to the multi stake holder community that oversees ICANN. This position involved extensive international travel and coordination with governments, law enforcement, and operational security communities in support of discussions around Internet Governance and security. Mr. Moss left this position at the end of 2013.
Moss is the founder and creator of both the Black Hat Briefings and DEF CON, two of the most influential information security conferences in the world, attracting over ten thousand people from around the world to learn the latest in security technology from those researchers who create it. DEF CON just had its 21st anniversary.
Prior to creating Black Hat Briefings, Jeff was a director at Secure Computing Corporation where he helped establish their Professional Services Department in the United States, Asia, and Australia. His primary work was security assessments of large multi-national corporations. Jeff has also worked for Ernst & Young, LLP in their Information System Security division. Because of this unique background Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and the responsible application of disclosure.
Jeff is currently a member of the U.S. Department of Homeland Security Advisory Council (HSAC), providing advice and recommendations to the Secretary of the Department of Homeland Security on matters related to homeland security. Jeff is a life member of the Council on Foreign Relations, which is an independent, nonpartisan membership organization, think tank, and publisher.
In 2013, Jeff was appointed as a Nonresident Senior Fellow at the Atlantic Council, associated with the Cyber Statecraft Initiative, within the Brent Scowcroft Center on International Security.
In 2014, Jeff joined the Georgetown University School of Law School Cybersecurity Advisory Committee.
Jeff is active in the World Economic Forum, and recently became a member of the Cyber Security Global Agenda Council for 2014-2016.
ICSA President's Award for Public Service, 2011.
Shawn Moyer is a Founding Partner at Atredis Partners, a private security research and software security consultancy created with frequent Black Hat speakers Josh Thomas and Nathan Keltner, performing on-spec vulnerability research and reverse engineering as well as advanced penetration testing for clients all over the world. Shawn has been involved professionally in information security for 20 years, and unprofessionally for longer than he'd care to admit. Shawn's most recent work has focused on mobile and embedded security, as well as continued work with Smart Grid, SCADA, and other industrial technologies.
Previously, Shawn created the Applied Research at Accuvant Labs, helped launch the Penetration Testing practice at FishNet Security, and has written on emerging threats and other topics for Information Security Magazine and ZDNet. Shawn's research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times, as well as countless other industry publications. Shawn has been a ten-time speaker at the Black Hat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan. Shawn has been a member of the Black Hat Briefings Review Board since 2008.
With over 13 years' experience in the information security industry specializing in application security incident response and investigations, Kymberlee Price got her start by pioneering the first security researcher outreach program in the software industry at Microsoft. Kymberlee was later a principal investigator in the Zotob criminal investigation, and analyzed APT's at Microsoft. She then spent 4 years investigating product vulnerabilities in BlackBerry's Security Response Team. Today at Bugcrowd, she is responsible for directing the efforts of Bugcrowd's more than 29,000 Crowd members in web application, mobile application, IoT and host infrastructure penetration testing as well as optimizing vulnerability reporting performance for customers and researchers.
Kymberlee co-chairs the Department of Commerce NTIA Working Group on Multi-Party Vulnerability Disclosure and speaks regularly on vulnerability management and product incident response best practices at conferences around the world including Black Hat, RSA, Kaspersky Security Analyst Summit, Nullcon, and Metricon.
Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.
Chris Rohlf is currently a staff security engineer at Square in New York City where he focuses on developing remote attestation and tamper detection technologies. He specializes in vulnerability discovery, exploitation, and reverse engineering. He has presented new research at Black Hat USA on multiple occasions and taught a popular training course on C/C++ source code analysis. Chris has over fourteen years of experience in various security roles including software engineer, researcher, consultant, and entrepreneur. Prior to Square he led the Red Team at Yahoo, founded Leaf Security Research, a boutique security consulting firm acquired by Yahoo; a Principal Security Consultant at Matasano Security; and previously worked as a Security Researcher for the US Department of Defense.
Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation in the Security Center of Excellence where he leads the Core Client, BIOS and IoT SoC Teams. Rodrigo released dozens of vulnerabilities in many important software in the past. In 2011 he was honored as one of the top contributors of Adobe. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as Black Hat, Hack in The Box, XCon, OLS, Defcon, Hackito, Zero Nights, Troopers and many others.
Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She regularly teaches digital security to journalists and helps media organizations improve their security posture. She is also a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project. She tweets as @runasand.
Jen Savage is a security researcher for Threatcare. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Web Application Security and the Internet of Things.
Robert J. Stratton III is a serial entrepreneur, technologist, and researcher specializing in commercial development of early-stage security technologies, multinational network security, technology policy, and innovation management.
Mr. Stratton is a General Partner in MACH37, a Virginia startup accelerator supporting new information security companies. Previously, he was Chief Strategy & Security Officer at WiTopia, and Director of Government Research at Symantec Research Labs. Before joining Symantec, he was co-founder and CTO at StackSafe, a startup focused on self-healing software and automated software assurance. Mr. Stratton was the first Director of Technology Assessment at In-Q-Tel, a private venture capital firm investing for the benefit of the U.S. Intelligence Community. Mr. Stratton also co-founded and served as Chief Technologist at Security Design International, a services firm specializing in multinational and critical infrastructure network security. Before founding SDI, Mr. Stratton established the Security Posture Assessment™ practice at WheelGroup Corporation and the security organization at UUNET, one of the first tier 1 Internet service providers. Twitter: twitter.com/strat.
Josh Thomas' specialties include advanced hardware and software reverse engineering, malware and rootkit development and discovery, and software development. Josh has extensive experience in developing secure solutions for mobile platforms and a deep understanding of cellular architecture. Josh currently holds a TS clearance, and has worked in many sensitive, cleared environments.
Josh began his career 14 years ago in network administration and software development. Prior to moving his focus primarily to security, Josh wrote Artificial Intelligence and cryptographic solutions for the Department of Defense. Josh has extensive hands on knowledge of mobile devices and cellular infrastructure. He is also dedicated to hardware reverse engineering and embedded device exploitation.
Josh most recently was a Senior Research Scientist with Accuvant's Applied Research team, and has worked as a Senior Research Developer at The MITRE Corporation. At MITRE, Josh performed analyses of the Android, Apple, Symbian and BlackBerry security models as well as other non-mobile embedded platforms and worked closely with the vendors and project sponsors. Josh also developed an open-source mesh networking solution for Smart phone communications that bypasses the need for physical infrastructure, performed advanced spectrum analysis for cleared communications, and designed a secure satellite communications system required to handle the most sensitive communications possible while also being resilient against the highest levels of waveform interference.
Prior to his tenure at The MITRE Corporation, Josh developed Artificial Intelligence and embedded cryptographic solutions for General Dynamics and other organizations. Josh projects including the design and development of robust routing architecture for UAV/UGV autonomous vehicles, battlefield troop movement predictive scenario generation, and creation of mathematical models the controlled de-orbit and reentry of the Mir Space Station.
Josh is the recipient of three DARPA Cyber Fast Track grants for advanced security research, and has presented at multiple security industry conferences, including Black Hat, DEF CON, DerbyCon and ToorCon. Josh is the lead developer and maintainer of the open-source SPAN mesh networking project for Android, has published and reviewed papers for IEEE, and holds a pending patent related to NAND flash memory hiding techniques. Josh holds a Bachelor's in Computer Science from Texas A&M University, and has been a frequent presenter at national and international security industry conferences.
Veronica Valeros is a hacker, researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and Bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research at international conferences such as Black Hat, EkoParty, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina and core member of Security Without Borders.
Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems. She specializes in malware network traffic analysis, network behavioral patterns and threats categorization. She is currently leading a team of threat researchers who collaborate in the development of top notch machine learning solutions to better detect cyber threats.
Neil R. Wyler (a.k.a. Grifter) is an Information Security Engineer and Researcher located in Salt Lake City, Utah. Neil is currently with RSA Security as an Advanced Security Operations Specialist. He has spent over 15 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 13 years and is a member of the Senior Staff at DEF CON. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is a member of the DEF CON CFP Review Board and Black Hat Training Review Board. Follow him on Twitter at @Grifter801.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on mobile malware, malware analysis, and systems security. Besides teaching "Computer Security" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 50 scientific papers and books. He is an associate editor for the "Journal in computer virology and hacking techniques". He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association), of which he is a senior member. He sits in the International Board of Directors of the same association. A long time op-ed writer for magazines (among which "Computer World"), Stefano is also a co-founder and chairman of Secure Network S.r.l., a leading Italian information security consulting firm, and a co-founder of 18Months, a cloud-based ticketing solutions provider.
