Regional Review Board

Antonios Atlasis (PhD) is a Senior Cyber Security Professional and Researcher currently working for the European Space Agency (ESA). Dr. Atlasis, with over 18 years of hands-on experience in the field and frequent presenter at security conferences, has a special interest in the security analysis of modern network protocols in particular and new security technologies in general.

Jon (@bitquark) has been part of the UK hacking scene for over 20 years. Leaving his life as a senior developer to become a security researcher, Jon reached the #1 spot on Bugcrowd before being hired by Tesla to work on its infamous Red Team, where he proactively protects the company from internal and external threats. Jon's current Interests include automation, artificial intelligence, and getting into places he shouldn't.

Thomas Brandstetter is a widely recognized OT cybersecurity expert, with more than 20 years of diverse experience in multiple technical and management roles. He is known for being an enthusiastic and forward-looking character, trying to do the right thing and building things that last.

Thomas currently has multiple active roles: He is co-founder and managing director of Limes Security, a major European OT cyber security company, he also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. On top of that, he is instructor for the SANS institute, teaching their control system security classes. His past noteworthy achievements include having been incident handler for the Stuxnet malware at Siemens, as well as the founder of the Siemens ProductCERT.

John Carroll is an independent Information Security advisor and 'anti-stupid' gun-for-hire operating out of ctus.io, usually residing in financial, fin-tech and fashion spaces. A former penetration tester and security researcher, his interests span operational risk, attack simulations, the 'hacker MO', bug-hunting and all-things-tech. John is a prolific community contributor, having run workshops for: B-Sides, Steelcon and a range of industry groups.

Katriel Cohn-Gordon is a research scientist at Facebook, with a PhD from the University of Oxford in information security and applied cryptography. His research aims to formalise and prove the security of some of the protocols underlying today's Internet; recent work includes working on the Messaging Layer Security IETF standard for encrypted group messaging and a formal analysis of the Signal messaging protocol used by WhatsApp and many others. He's also been seen writing fuzzers for WebRTC at Google's Stockholm office, holds a master's degree in mathematics and computer science, and has reviewed papers for various top academic conferences.

Sharon Conheady is the director of First Defence Information Security and a founding member of The Risk Avengers. She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon has presented at security conferences including DEF CON social engineering village, Deepsec, Recon, CONFidence and InfoSec. She is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill.

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).

Eric Evenchick has worked in development and reverse engineering roles for hardware and software companies for the past eight years. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners.

Eric's work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future.

In 2014, Eric founded Linklayer Labs, which provided consulting services and developed open source hardware tools for the information security community. Since 2012, he has been a contributor to Hackaday, a blog covering hardware and software "hacks".

Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.

Nathan Hamiel is Head of Cybersecurity Research at Kudelski Security, an international security company providing innovative and tailored solutions to enterprises and public-sector clients. He works in the Applied Security group defining the future of products and services for the company. A security veteran with a strong focus on software security, he has spent his nearly 20-year career helping customers worldwide solve complex security challenges. Nathan and his team focus heavily on the areas of product security, communication security, and privacy.

Nathan spends his time researching emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.

Jeff Horne is CSO at Ordr, a leading enterprise IoT security company, where he is responsible for security direction both within Ordr products and internal security. He is an accomplished security professional with over 20 years' experience and is also a Member of the Review Board at Black Hat. Prior to Ordr, Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups. Before Optiv, he was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy as well as managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Jeff is a proven leader with a strong background in reverse engineering, exploitation, and malware research. He has authored several vulnerability disclosures and patents throughout his career.

Vincenzo Iozzo is an entrepreneur and investor. He currently serves as a Director at CrowdStrike following the sale of his company Iperlane in 2017. Vincenzo is also a Network Leader at Village Global, a seed stage VC fund based in Silicon Valley. In addition, Vincenzo is an Associate Researcher at the MIT Media Lab and serves as a committee member on the Black Hat Conference board. Vincenzo co-authored the "iOS Hacker's Handbook" (Wiley, 2012) and the winning attacks against Firefox, iOS and Blackberry OS at Pwn2Own between 2010-2012.

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation of advanced cyber-attacks, researching on cyber espionage and targeted attacks. He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the author of the upcoming book "Learning Malware Analysis". He is the co-founder of the cyber-security research community "Cysinfo". His fields of interest include malware analysis, reverse engineering, memory forensics and threat intelligence. He has presented at various security conferences like Black Hat, FIRST, SEC-T, DSCI, National Cyber Defence Summit and Cysinfo on various topics which include memory forensics, malware analysis, reverse engineering and rootkit analysis. He has conducted trainings at Black Hat, FIRST (Forum of Incident Response and Security teams), SEC-T, OPCDE cyber security conferences. He has also authored various articles in eForensics and Hakin9 magazines.

He regularly conducts training titled "A Practical Approach to Malware Analysis and Memory Forensics" around the world including Black Hat USA, Black Hat Asia and Black Hat Europe. You can find some of his contributions to the community in his YouTube channel, and he publishes blog posts at cysinfo.com

James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on using web cache poisoning to turn caches into exploit delivery systems. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both Black Hat USA and EU, and OWASP AppSec USA and EU.

Marina Krotofil is a security researcher with a decade of experiences in advanced methods for securing Industrial Control Systems (ICS). She specializes in the discovery of new attack vectors and exploitation techniques, incident response, forensic investigations, ICS malware analysis and design of novel defense methods. Previously, Marina worked as a Senior Security Engineer at BASF (Germany), Principal Analyst and Subject Matter Expert (SME) in the Cyber-Physical Security Group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 25 academic articles and book chapters on ICS Security and is a regular speaker at the leading conference stages worldwide. Marina holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems.

Ping Look has over a decade of experience building, promoting and managing events in the IT space including two of the most iconic and massively influential IT security events: The Black Hat Briefings+Training and DEF CON. At Black Hat she managed the growth of brand from obscurity to profitability and grew the event from a three track, two day event to a six day, 11 track and training intense event that brought together the best and the most relevant (and occasionally the most obscure) speakers and content providers to Black Hat events in Asia, Europe, the Middle East and the US. During her tenure at Black Hat she was often referred to as the "The One You Don't Want to Piss Off (or you will die)".

Prior to entering the information security and events space, she worked in brand development and management in publishing, textiles and consumer products. She has extensive experience in design and marketing as well as product development.

Ping is currently engaged at Accuvant LABS working with one of the most technically proficient pentest and research teams in the world.

With more than a decade of research experience in the cybersecurity field, Federico Maggi is specialized in doing threat and security analysis on virtually any system. Federico has analyzed web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices. Federico has experience on defensive technology and research, through building machine learning-based tools for intrusion and fraud detection. He's applied data visualization techniques for analyzing botnets and has gained basic malware analysis and reverse-engineering on Android-based platforms. Currently employed as a Senior Researcher with security giant Trend Micro, Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students. Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known conferences.

Maria Markstedter is an independent security researcher and trainer, focusing her research and work on ARM exploitation and reverse engineering of embedded systems. After spending some time as a Penetration Tester, she discovered her passion for processor security and reverse engineering and founded Azeria Labs to fill the gap in educational material on the exploitation of ARM-based devices by offering free hands-on tutorials and workshops. She regularly speaks at various security conferences, including HITBSecConf, Security Analyst Summit, and 44Con. In 2018, Maria was listed as one of the Forbes 30 Under 30 in the technology Europe division.

Marion Marschalek is a Security Engineer within Intel's STORM team in Portland, Oregon. Prior to that she held different positions in the threat detection industry, as a malware reverse engineer and incident responder. Her most noteworthy contribution at the time was her analysis work on the malware 'Babar' and other representatives of a collection of French nation state malware, which was cited by a number of international news outlets and also got her listed as one of Forbes' "30under30” talents in the Technology Europe division in 2016. Marschalek is a frequent speaker at major security conferences, including Black Hat, DEF CON, HITB, RSA, and SyScan, among others. Until recently she was teaching reverse engineering classes at University of Applied Sciences, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry.

Elisabeth Oswald works as an academic researcher in the area of applied crypto, in particular leakage-based attacks. She has a particular interest in the intersection of statistics, machine/deep learning and side channels, and tries to develop tools and techniques to make sophisticated leakage analysis techniques accessible in the context of securing crypto implementations against side channel attacks. She has been an active member in the crypto community for many years: she has chaired the biggest events (CHES, Eurocrypt) and is associate editor of the Journal of Cryptology and the Journal of Cryptographic Engineering. She currently holds a professorship at AAU in Klagenfurt (Austria) where she is leading the Cybersecurity research.

With 18 years' experience in the information security industry specializing in application security incident response, community engagement and Open Source Security response strategy, Kymberlee Price is globally recognized as an industry leader in Security Response + Outreach.

Kymberlee speaks regularly on vulnerability management and product incident response best practices at conferences around the world. She holds dual Bachelor of Science degrees in Behavioral Psychology and Public Health Education

Enno Rey is the founder and Managing Director of ERNW GmbH, where he and his crew focus on consulting and testing in all areas of IT security. With 20+ years of experience in network security, Enno has also published books and white papers (in the recent years mainly on IPv6), with an ongoing interest in the ethical parameters of those in and around the IT Security world (meaning everyone). Enno's passion for sharing knowledge manifests every year when he hosts the IT Security Conference "TROOPERS" in Heidelberg, Germany.

Maria Rigaki (@mrigaki) is a PhD student in the department of Computer Science at Czech Technical University in Prague. As a member of Stratosphere Lab, she is working on security and privacy of machine learning as well as applications of AI in malware detection. Before that she spent many years working as a software developer and systems architect. Her work spanned several domains including designing and developing solutions for telecommunications, emergency response systems and physical security.

Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She regularly teaches digital security to journalists and helps media organizations improve their security posture. She is also a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project.

Jen Savage is a security researcher for Threatcare. She has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. Her primary research interests are in Web Application Security and the Internet of Things.

Gabrielle Viala is currently a security engineer at Quarkslab. After working as a pentester for several years, she shifted in reverse engineering, where she found a great topic of interest - the Windows kernel. She is part of BlackHoodie from the very first edition and belongs to the organization crew. She also contributes as a speaker and trainer during not just BlackHoodie but also other security related events. She spoke at international conferences including Black Hat, Ekoparty and Infiltrate on various topics related to Windows Internals. She is still far from being an expert but enjoys sharing with other people and learning from them.

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.

Neil R. Wyler (a.k.a. Grifter) is a Threat Hunting and Incident Response Specialist with RSA. He has spent over 20 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 16 years and a member of the Senior Staff at DEF CON for 18 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on mobile malware, malware analysis, and systems security. Besides teaching "Computer Security" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 50 scientific papers and books. He is an associate editor for the "Journal in computer virology and hacking techniques". He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association), of which he is a senior member. He sits in the International Board of Directors of the same association. A long time op-ed writer for magazines (among which "Computer World"), Stefano is also a co-founder and chairman of Secure Network S.r.l., a leading Italian information security consulting firm, and a co-founder of 18Months, a cloud-based ticketing solutions provider.