Gain Top-Notch Cyber Skills. Register for SANS Chicago 2017. Save $400 thru June 28.

Summit Speakers


Our Summit Speakers help drive our summit events by presenting cutting edge information. We carefully select the most highly acclaimed experts in each field. Please read below for more information about each of our speakers.

Speaker Biographies


Heather Adkins, Manager of Information Security, Google
Heather Adkins is a founding member of the Google Security Team. As Manager of Information Security, she has built a global team responsible for maintaining the security of Google's networks, systems and applications. The Google Security Team is involved in every facet of the business, including building security infrastructure, responding to security threats, and evangelism. @argvee


Mike Ahmadi, Global Director, Critical Systems Security
Mike Ahmadi is the Global Director of Critical Systems Security for Synopsys Software Integrity Group. Mike is well known in the field of critical infrastructure security, including industrial control systems and health care systems. He currently serves on the technical steering committee for the ISA Security Compliance Institute (ISCI) who manages and maintains the ISASecure certification program, and is also serving as Chairman of the TEVEES18A1 Cybersecurity Assurance Testing Task Force under the Society for Automotive Engineering (SAE). He also serves as a US Expert for IEC TC65 Working Group 10 in developing the IEC 62443 series of Industrial Process Control cybersecurity standards. He served on the California Office of Health Information Integrity Security Steering Committee in drafting the state level policies on HIPAA HITECH, and is an active member of the Medical Device Innovation Safety and Security Consortium (MDISS), where he introduced the Vendor Security Practices project, and is also an active member of the Association for the Advancement of Medical Instrumentation (AAMI) Medical Device Security Working Group, where he has contributed to technical industry reports. Mike has also worked closely with the U.S. Food and Drug Administration in assisting them with developing their cybersecurity testing capabilities. Mike also currently serves as an active member of the US Department of Homeland Security Industrial Control Systems Joint Working Group, and as part of the advisory board for the US Secret Service Electronic Crimes Task Force. Mike has been a co\0x2010author in several publications, including the American Bar Association Security and Privacy guide, AAMI Journals, and also serves on the editorial board of ISSA Journal. He regularly makes appearances as a subject matter expert and speaker in various cybersecurity events internationally. Mike's interests are critical infrastructure security, including industrial control systems and medical devices and networks.@argvee


David Atch, VP of Research, CyberX
David is a world-class cybersecurity expert with vast real-world experience in malware analysis, threat hunting and incident response. He has contributed multiple submissions to ICS-CERT including zero-day vulnerabilities for commercial ICS devices. Prior to CyberX, David had a military career in the IDF where he led a team of programmers and reverse engineers who continuously hunted and mitigated complex cyber-intrusions targeting the country's critical national infrastructure. He has also received multiple awards for technological innovation. CyberX is a Boston-based industrial cybersecurity company founded in 2013 by IDF cyber experts, and the only OT cybersecurity firm selected for the SINET16 Innovator Award sponsored by the US DHS and DoD.


Jared Atkinson, Hunt Capability Lead, Veris Group's Adaptive Threat Division
Jared Atkinson is Defensive Services Technical Lead with Veris Group's ATD. Previously, Jared led IR missions for the U.S. Air Force Hunt Team. Jared is lead developer of PowerForensics and maintains a DFIR focused blog. In addition to being awarded Microsoft MVP for his work in PowerShell, Jared has spoken at numerous industry conferences including Derbycon, 44CON, SANS DFIR, and BSidesDC.@jaredcatkinson


Mike Assante, Industrials & Infrastructure Practice, ICS/SCADA Lead, SANS Institute
Michael Assante is currently the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security and co-founder of NexDefense, an Atlanta-based ICS security company. He served as Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent. Prior to joining NERC, Mr. Assante held a number of high-level positions at Idaho National Labs and served as Vice President and Chief Security Officer for American Electric Power. Mr. Assante's work in ICS security has been widely recognized and he was selected by his peers as the winner of Information Security Magazine's security leadership award for his efforts as a strategic thinker. The RSA 2005 Conference awarded him its outstanding achievement award in the practice of security within an organization.

He has testified before the US Senate and House and was an initial member of the Commission on Cyber Security for the 44th Presidency. Before his career in security, Mr. Assante served in various naval intelligence and information warfare roles. He developed and gave presentations on the latest technology and security threats to the Chairman of the Joint Chiefs of Staff, Director of the National Security Agency, and other leading government officials. In 1997, he was honored as a Naval Intelligence Officer of the Year.


Brian Bartholomew, Senior Security Researcher, Kaspersky Lab - GreAT
Brian has 15 years of experience in cyber espionage operations, reverse engineering, penetration testing, and incident response. Before joining GReAT, he worked at iSIGHT Partners, the US Department of State, and also spent 3 years in the United Arab Emirates. @Mao_Ware


William Ballenthin, Reverse Engineer, FireEye
William Ballenthin is also a reverse engineer on the FLARE team that enjoys tackling malware and developing forensic analysis techniques. Willi's favorite beer is La Chouffe.@williballenthin


Adrien de Beaupre, Certified Instructor, SANS Institute
Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). He is actively involved with the information security community, and has been working with SANS since 2000. Adrien holds a variety of certifications including the GXPN, GPEN, GWAPT, GCIH, GCIA, GSEC, CISSP, OPST, and OPSA. When not geeking out he can be found with his family, or at the dojo. @adriendb


Matias Bevilacqua, Senior Incident Response Consultant, Mandiant
Mr. Bevilacqua is a Senior Incident Response Consultant in Mandiant's London office. As part of the Incident Response Team, he provides emergency services to clients when an elevated security breach occurs. He also helps clients create Incident Response management programs, analyzes and tests existing Incident Response plans, conducts forensic investigations, and provides IR and forensics training.


David J. Bianco, Principal Engineer, Cyber Security, Target
David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco


Andrew Blaich, Ph.D, Lead Security Analyst, Bluebox Security
Andrew Blaich is the Lead Security analyst at Bluebox Security where he is focused on all things mobile. He holds a Ph.D. in Computer Science and Engineering from the University of Notre Dame in enterprise security and wireless network performance. Blaich has worked at both Samsung and Qualcomm Research on next generation access control, kernel security, and indoor location systems for mobile devices.@ablaich


Jacquelyn Blanchard, Computer Forensic Examiner (CFE)
From a teenage hacker to an accomplished information security professional hunting bad guys over a 15 year span, Jacquelyn Blanchard focuses on discovering and thwarting bad guys. Although she'd never say it herself, Jacque has done some seriously spooky stuff that helps keep your family safe at night. Once she discovers an intrusion, she clicks all the links, opens all the files, and conducts analysis on all the malware, making the world a little bit better of a place. She believes that, in order to be a good forensicator, one should learn pen testing skills, and visa versa. By watching what real-world attackers do, Jacque has gained keen insights into how penetration testers can better model their nefarious activities with the goal of helping improve security big time. In her spare time, Jacquelyn enjoys running up and down very steep hills.


Evan Booth, Maker
Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity's sake. Throughout 2013 and into 2014, in an effort to highlight hypocrisy and "security theater" brought about by the TSA, through a research project called "Terminal Cornucopia," Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-trigger incendiary suitcases--all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint. Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named "Steve" who live in the future. @evanbooth


Matt Bromiley, Senior Consultant, Kroll
Matt Bromiley is a Senior Managing Consultant at Kroll, a major incident response and forensic analysis firm where he assists clients with incident response, digital forensics, and litigation support. He also serves as a SANS FOR508 Instructor, GIAC Advisory Board member, a subject-matter expert for the SANS Securing The Human Program, and a technical writer for the SANS Analyst Program. Outside of work and teaching, Matt loves spending time with his family, cooking Texas BBQ, and making his house as automated as possible in hopes that it will one day do work for him.


Rebekah Brown, Threat Intelligence Lead, Rapid7
Rebekah Brown is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels as well as in the private sector at a Fortune 500 company. Rebekah currently leads threat intelligence at Rapid7. She has an Associates in Mandarin, a B.A. in International Relations and is wrapping up a M.A in Homeland Security with a Cybersecurity focus.@PDXbek


Josh Bryant, Cybersecurity Architect, Microsoft
Josh Bryant is a Cybersecurity Architect (Senior Consultant Cyber II) at Microsoft where he is currently focused on delivering Cybersecurity services ranging from Tactical and Strategic Recovery to Advanced Threat Analytics implementations, Risk Assessments, and more, to customers in a variety of industries around the world.@FixTheExchange


Jamie Buening, Information Security Analyst, Midcontinent Independent System Operator (MISO)
Jamie Buening is a graduate of Purdue University with sixteen years of work experience in UNIX systems, networking, and information security. He is an Information Security Analyst for the Midcontinent Independent System Operator (MISO). Responsibilities include Threat Intelligence and Incident Response. Jamie is a Certified Information Systems Security Professional (CISSP).


Sergio Caltagirone, Director - Threat Intelligence Analysis, Microsoft
Sergio Caltagirone is has hunted the most sophisticated threats in both government and industry for the last 15 years - currently the Director of Threat Intelligence Analysis at Microsoft. He is the creator of the Diamond Model of Intrusion Analysis and also the technical director at the Global Emancipation Network, an NGO leveraging data science to combat and eradicate human trafficking. @cnoanalysis


Lesley Carhart, Incident Response Team Lead, Motorola Solutions
Lesley Carhart has over 8 years' experience in post-intrusion network, malware, and system forensics. Her colorful IT career has ranged from starting out as a SQL developer as a teenager, to serving as a network infrastructure systems technician in the U.S. Air Force. Lesley has made it her mission to better educate others on security concepts and information security career paths. She does this through educational blogging and media contributions, a prolific social media presence, and security talks at a wide range of conferences. Lesley obtained her Bachelor's Degree in Network Technologies from DePaul University, and holds GCFA, GCIH, GREM, GCFE, and GPEN certifications. @hacks4pancakes


Matthew Carpenter
Matthew Carpenter is a Principal Security Researcher with Grimm (SMFS) performing deep security research for .com, .gov, and .mil. Matthew's expertise is in reverse-engineering, vulnerability research, exploit weaponization, hardware/software/firmware/Automotive/IoT/ICS/AMI/Radio, Symbolic analysis, generalized hacker techniques, and teaching. He has a detailed background in Risk analysis/mitigation, Penetration Testing at all levels (hw/sw/net/web/physical). Matthew is former vice-chair of UCAIUG AMI-SEC Task Force and SG Security, and lead the Vulnerabilities team for NIST Cyber Security Coordination Task Force developing NISTIR-7628. He is a former member of the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), and was the Red-team lead for Advanced Security Acceleration Project (AMI-SEC/ASAP). Matthew is an entertaining and informative speaker, and is a repeat speaker at many Hacker/ICS/SCADA conferences, domestic and abroad.


Dr. Brian Carrier, VP - Digital Forensics, Basis Technology
Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chair person for the Open Source Digital Forensics Conference (OSDFCon) and on the committees of many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.@carrier4n6


Jessica Chang, Program Manager, Trust & Security - Dropbox
Jessica Chang is the Program Manager of Trust & Security at Dropbox, where she manages the security culture program and key team initiatives in trust, security, and privacy. She built and launched Dropbox's security awareness program in conjunction with National Cyber Security Awareness Month. She began her career as a professional musician and is passionate about building communities through her work.


R. Matthew Chevraux, Assistant Special Agent in Charge, U.S. Secret Service, Office of Investigations, Cyber Strategy and Outreach
R. Matthew Chevraux is the Assistant Special Agent in Charge of the Cyber Strategy and Outreach Section within the Office of Investigations. His work in this assignment is to enhance the public/private partnerships within the Service's network of Electronic Crimes Task Forces, information sharing initiatives, and by regularly respresenting the USSS' cyber interests at both governmental working groups and private industry events. He has been an agent with the United States Secret Service for over 18 years; previous assignments include in the Los Angeles Field Office, the Presidential Protective Division, the Criminal Investigative Division at Secret Service Headquarters, and at the Department of Homeland Security's National Cybersecurity and Communication Integration Center (NCCIC), the Federal Government's 24/7 cyber and communication situational awareness, incident response and management center. During ASAIC Chevraux's career with the Secret Service, he has investigated counterfeit, financial, and cyber crimes, been a computer forensics examiner, and his presidential protective assignment was with both President George.W. Bush and President Barack Obama. Matt holds a bachelor's degree in business administrative studies from the University of California, Riverside.


Jacob Christie, Consultant, Mandiant
Jacob Christie has two years' experience in digital forensics and incident response and a lifetime of involvement in IT. From humble desktop support roots, he has risen to perform roles such as a data analyst, network security monitoring analyst, and forensic analyst - sometimes all within the same day. After working in the Big 4 for a spell, Jacob recently joined Mandiant, a FireEye Company, where he is afforded the opportunity to focus exclusively on incident response at scale. His real passion is herding bits from Point A to Point B using anything within his grasp to help accomplish this task (Python, Ruby, BASH, Visual Basic, etc.) regardless of the source or destination (SQL, NoSQL, flat text, or a forensic image). Jacob has presented at numerous internal trainings, teaching colleagues about various DFIR topics including forensic timelining, data breach identification, and open source forensic tools.


Jason Christopher, CTO, Axio
Jason Christopher is Axio's Chief Technology Officer. His responsibilities include providing leadership on security issues relevant to Axio, its partners, and clients. Jason previously led cybersecurity research efforts across private sector and the federal government. He has worked in several critical infrastructure sectors, including power, energy, communications, and water.


Cassie Clark, Security Community Senior Representative - Salesforce
Cassie Clark is a security community manager for developers within Salesforce. She encourages secure coding at Salesforce by engaging developers through training, initiatives, and incentives. She focuses on building community and infusing culture through her work. She is particularly proud of her use of outdated, nerdy pop culture references.


Cathy Click, Security Awareness Project/Process Advisor - FedEx
Cathy Click, Security Awareness Project Manager, has more than 18 years of experience at FedEx with 16 years spent in IT and the last 10 years focused on Security Awareness for the corporation. Cathy was named in 2016 as "One to Watch in Cyber Security" by the SANS Institute, for her leadership in the security awareness community.


Mike Cloppert, CIRT Chief Research Analyst, Lockheed Martin
Michael is the lead analyst for Lockheed Martin CIRT's Intel Fusion team, charged with collecting and managing intelligence on adversaries intent on stealing the organization's intellectual property, and development of new detection and analysis techniques. Michael has worked as a security analyst in various sectors including the Financial, Federal Government, and Defense industries. He has an undergraduate degree in Computer Engineering from the University of Dayton, an MS in Computer Science from The George Washington University, has received a variety of industry certifications including SANS GCIA, GREM, and GCFA, and is a SANS Forensics and IR blog contributor. Michael's past speaking engagements include the DC3 Cybercrime Conference, IEEE, and SANS amongst various others.@mikecloppert


Michel Coene, Senior Information Security Consultant, NVISO
Michel is a technical security consultant working for the Belgian security startup NVISO. At NVISO Michel focusses on incident response and assists clients with their threat hunting efforts. @coenemichel


Joao Collier de Mendonca, GIAC GCFA, GIAC GNFA, MSc. Digital Media, BSc. Computer Sciences, CISSP, CISA, Cyber Defense Center, Deutsche Telekom AG, Germany
Joao is a senior Incident Responder at the Cyber Defense Center of Deutsche Telekom Group, where he investigates security breaches for companies of various sizes. His work is focused on network-based incident detection and on the setup and improvement of Incident Detection and Response Capabilities across the Deutsche Telekom Group. @sec_joao


Cheryl Conley, Security Education and Awareness - Lockheed Martin
Cheryl Conley has led the Security Education & Awareness Team in the Corporate Information Security organization where she has managed the development of an ad hoc initial user awareness capability to a world class testing service with limited budget consideration in times of competing re-appropriations of cybersecurity program funding. She has managed numerous teams to include LM's awareness program trademarked The I Campaign(R), a cyber security training curriculum to educate and develop LM's cyber workforce, and Cybersecurity Awareness Month Promotions. Cheryl's accomplishments demonstrates her passion for the Security Awareness arena which has translated to the invaluable change in users' cybersecurity perceptions. She is CISSP certified and holds a Masters' degree in Information Technology. The SANS Institute named Cheryl among its 2014 Difference Makers which complemented her Lockheed Martin Excellence in Leadership Award.


Tim Conway, Technical Director - ICS & SCADA Programs, SANS Institute
Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.


Phillip Copeland, Director, Critical Infrastructure Cyber Security, US Army Corps of Engineers
Phil Copeland is the Civil Works National Information Assurance Manager (N-IAM) and Director, Critical Infrastructure Cybersecurity Center of Expertise (CICSCX). With 32 years of experience with control systems and cybersecurity, Mr. Copeland is responsible for the security of all control systems across all business lines of Civil Works, USACE, and leads a team of CICSCX professionals in completing that mission.


Eric Cornelius, Managing Director, Cylance
Eric Cornelius is the Director of Critical Infrastructure and Industrial Control Systems (ICS) at Cylance, Inc. where he is responsible for thought leadership, architecture, and consulting implementations. Eric brings a wealth of ICS knowledge and his leadership keeps organizations safe, secure, and resilient against advanced attackers.

Previously, Eric served as the Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the US Department of Homeland Security.

Eric earned a bachelor's degree from the New Mexico Institute of Mining and Technology where he was the recipient of many scholarships and awards including the National Science Foundation's Scholarship for Service.

Eric went on to work at the Army Research Laboratory's Survivability/Lethality Analysis Directorate where he worked to secure field deployable combat technologies. It was at ARL that Cornelius became interested in non-traditional computing systems, an interest which ultimately led him to the Idaho National Laboratory where he participated in deep-dive vulnerability assessments of a wide range of ICS systems.

Eric is the co-author of "Recommended Practice: Creating Cyber Forensics Plans for Control Systems" as part of the DHS National Cyber Security Division, Control Systems Security Program, 2008 and is also a frequent speaker and instructor at ICS events across the globe.


Jack Crook, Principal Incident Responder, General Electric
Jack Crook has worked in the information security field for the past 14 years and is currently the Principal Incident Responder for General Electric. When not responding to incidents, his primary focus is finding bad guys and developing new ways to find bad guys. Prior to his current quest of hunting down evil on networks, he spent 10 years as an Infantryman in the US Army. @jackcr


Chris Crowley, Certified Instructor, SANS Institute
Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."@CCrowMontance


Rob Dartnall, Director of Cyber Intelligence, Security Alliance Ltd.
From a diverse intelligence background, Rob brings together both cyber sand traditional intelligence experience. Rob is an ex-British Army Military Intelligence Operator specialising in Intelligence fusion, exploitation and strategic analysis. After leaving the Military he entered the Cyber security industry where he specialises in bringing traditional methodologies into CTI and Insider Threat.


David Derigiotis, Director, Professional Liability, Corporate Vice President, Burns & Wilcox
David Derigiotis is corporate Vice President and Director of Cyber & Professional lines with international wholesale insurance broker Burns & Wilcox. David has participated in cyber discussions with US Treasury Department in Washington D.C. and has appeared on networks such as Fox Business and CNBC discussing cyber risks and coverage solutions.


Maxim Deweerdt, Senior Information Security Consultant, NVISO
Max is a senior incident response and digital forensics analyst at NVISO. He is actively engaged in several APT investigations and is always searching for new tools and sources for active intelligence. @AlfaSec


Mari DeGrazia, Director, Kroll Cyber Security
Mari DeGrazia is a Director at Kroll Cyber Security, which provides Incident Response services on a global scale. Throughout her career in DFIR, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. Mari has a Bachelor's of Science in Computer Science from Hawaii Pacific University as well as various certificates related to Digital Forensics. She is currently pursuing her Masters of Science in Digital Forensics.@maridegrazia


Dr. Ali Dehghantanha, Marie-Curie International Incoming Fellow in Cyber Forensics, University of Salford
Dr. Ali Dehghantanha is a Marie-Curie International Incoming Fellow in Cyber Forensics and has served for many years in a variety of research and industrial positions. Other than Ph.D in Cyber Security he holds many professional certificates such as GXPN, GREM, CISM, CISSP, and CCFP. He has served as an expert witness, cyber forensics analysts and malware researcher with leading players in Cyber-Security and E-Commerce. Additional information can be found at http://alid.info @alidehghantanha


Tonia Dudley, Director, Security Awareness - Financial Services
What do you get when you mix 14 years of several Finance roles, transitioning into IT roles for 10 years and making my way into a few Security roles? A very passionate and diverse Security Awareness professional that can mix business, technology & security into a common language. Award: Challenger Award 2015 - building a robust Anti-Phishing solution to reduce risk to the business Award: PhishMe Excellence Award 2016 - PhishMe Community Trailblazer of the Year


Sarah Edwards, Mac Nerd, Parsons Corporation; Author & Instructor, FOR518, SANS Institute
Sarah is a senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter-intelligence, counter-narcotic, and counter-terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at many industry conferences including; Shmoocon, CEIC, Bsides*, Defcon and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College. Sarah is the author of the SANS Mac Forensic Analysis Course - FOR518. @iamevltwin


Monta Elkins, Security Architect for FoxGuard Solutions. CISSP, GICSP
Monta Elkins is currently "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch provider. A security researcher and consultant; he was formerly Security Architect for Rackspace, and the first ISO for Radford University. He has been a speaker at DEFCON , Homeland Security's ICSJWG (Industrial Control Systems Joint Working Group), EnergySec's Security Summit, VASCAN, GE Digital Energy's Annual Software Summit, Educause Security Professionals Conference, Toshiba's Industrial Control Systems Conference, NERC's GridSecCon and other security conferences. Monta is the author and instructor of the "Defense against the Dark Arts" hands-on, hacker tools and techniques classes. He is also a guest lecturer for Virginia Tech and teaches rapid prototyping and Arduino classes with Let's Code Blacksburg.


Mattia Epifani, Digital Forensics Specialist, REALITY NET Snc
Mattia Epifani is partner and founder at REALITY NET - System Solutions, where he works as a senior consultant in Digital Forensics, Forensic Readiness, Mobile Security and Incident Response. He obtained a University Degree in computer science in Genoa (Italy) and a post-graduate course in Computer Forensics and Digital Investigations in Milan. He works as a digital forensics analyst for judges, prosecutors, lawyers and private companies, both as Court Witness Expert and Digital Forensics Expert. He has obtained several certifications in Digital Forensics and Ethical Hacking (GCFA, GREM, GNFA, GMOB, GCWN, CIFI, CEH, CHFI, CCE, ACE, AME, MPSC, ECCE) and he is a regular speaker on Digital Forensics matters in different Italian and European universities (Genova, Milano, Bolzano, Pescara, Salerno, Campobasso, Roma, Camerino, Pavia, Savona, Catania, Lugano, Como, Modena e Reggio Emilia) and events (SANS European Digital Forensics Summit, Security Summit, IISFA Forum, DFA Open Day, DEFT Conference). He is a member of DFA, IISFA, ONIF and T&L Center. Co-author of the book "Learning iOS Forensics" edited by PacktPub in March 2015. @mattiaep


Bobby Filar, is a Senior Data Scientist in the Threat Research & Adversary Prevention Unit, working on intelligent assistants and malware classification at Endgame. Prior to joining Endgame, Bobby worked on various natural language understanding problems, including inference, conversational understanding and topic modeling at a research nonprofit. Bobby has given talks at AISec on Adversarial Machine Learning and PyData on conversational interfaces. @filar


Thomas V. Fischer, Global Security Advocate & Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management, secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organizations. Thomas currently plays a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. Thomas is also an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member. @FVT


David Foose, Manager of Ovation Security Products, Emerson
David has over 2 decades of IT experience administrating systems of various sizes and industries. He has a Masters' Degree in IT Security and holds various certifications including the GICSP. His primary role the last 8 years has been development and ongoing maintenance of the Ovation Security Center (a suite of security products customized and integrated into Emerson's Ovation DCS). Recently he has been promoted to Ovation Product Security Manager to continue advancing security efforts in the Ovation development process and product. @davefoose


Kevvie Fowler, National Leader, Cyber Response Services, KPMG Canada
Kevvie is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. Kevvie assists clients in identifying and protecting critical data and proactively preparing for, responding to and recovering from incidents in a manner that minimizes impact and interruption to their business.@kevviefowler


Shelly Giesbrecht, Manager - Technology, Deloitte
Shelly Giesbrecht is living the dream as an incident responder for Deloitte in Calgary, Alberta. In her "spare" time, Shelly is also a SANS Technology Institute MSISE student, and is currently GREM, GCFA, GFCE, GCIA, GCIH and GSEC certified. Shelly has been working in security operations since 2006 but learned her craft from the ground up as a helpdesk analyst over 15 years ago. She enjoys imaging servers in candlelight, writing regex to relax, and her favorite registry key is AppCompatCache. @nerdiosity


David Gray, Consultant, RSA Advanced Cyber Defense Practice
David is a Consultant for RSA ACD Practice engaged in Global Incident Response/discovery services, breach readiness, remediation, SOC/CIRC redesign and computer network defense. @D4VID_GRAY


Kristine Green, Chief Division Counsel, FBI Atlanta
Kristine Green has been a Special Agent attorney with the FBI for over 20 years. She has served as the Chief Division Counsel in Atlanta since 2014, and as the Chief Division Counsel in New Orleans from 2010-2014. She served as the Associate Division Counsel in New Orleans from 2009-2010. From 2006-2010, she was the Cyber Supervisory Special Agent and Cyber Program Coordinator overseeing National Security and Criminal Computer Intrusions, Child Exploitation, Theft of Intellectual Property and Internet Fraud violations. From 2000-2006, she was an agent assigned to Counterterrorism and Counterintelligence Cyber matters, and worked public corruption from 1996-2000.


Juan Andres Guerrero-Saade , Senior Security Researcher, Kaspersky Lab - GreAT
Juan Andres joined GReAT in 2014 to focus on targeted attacks. Before joining Kaspersky, he worked as Senior Cybersecurity and National Security Advisor to the President of Ecuador. Juan Andres comes from a background of specialized research in Philosophical Logic. His last publication was titled The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage. @juanandres_gs


J.J. Guy , Carbon Black
J.J. Guy was part of the founding team of Carbon Black in Nov 2012. Before Cb, he spent 12 years with various federal offensive network operations teams. He's been preaching about the inevitability of compromise (and thus the need for threat hunting and continuous incident response) since 2003. He's excited the rest of the world final recognizes the problem so he's no longer "that crazy government guy."


Arlin Halstead, Strategic HR Business Partner, NTT Security

Arlin Halstead, Strategic HR Business Partner, US, leads the NTT Security US Human Resources team. In this role, Arlin partners with the business leaders to develop and implement effective Human Resources solutions required to deliver overall organizational goals. Arlin is responsible for supporting Talent Acquisition, Talent Management, Organizational and Employee Development, Employee Relations, Employee Engagement, Compensation and Benefits, and Workplace Safety and Health. With over 20 years of experience in Human Resources, Halstead brings a wealth of knowledge in compliance to federal and multi-state employment laws and regulations, as well as applying strategic employment policies and procedures into effective Human Capital management.

Prior to NTT Security, he was a Principal Consultant for HCA Group, a Human Capital Advisory consultancy, and Vice President of Human Resources for Financial Brokerage, Inc. and Producers America, Inc. Halstead holds the SPHR (Senior Professional in Human Resources) and SHRM-SCP (Society for Human Resource Management - Senior Certified Professional) certifications and received his bachelors in Business Management and Human Resources Management from the University of Nebraska Omaha.


Kevin Harnett, Program Manager, US Department of Transportation at the Volpe National Transportation Systems Center
Program Manager for the United States Department of Transportation at the Volpe National Transportation Systems Center located in Cambridge, Massachusetts. Mr. Harnett has over Thirty-Three years of combined project management, technical consulting, and implementation skills. Kevin is a Cyber Security Program Manager (PM) with experience providing technical leadership in planning, implementing and managing high priority programs involving Cyber Security and risk management for the Department of Transportation (DOT), Federal Aviation Administration (FAA), DOD/USAF, Defense Information Systems Agency (DISA), United Kingdom’s Communications Electronic Security Group (CESG), NASA, Department of Homeland Security, Transportation Security Administration, Coast Guard, and other agencies, with special emphasis on security risk management, security policy, security training, certification/accreditation, penetration testing, security awareness, security testing/evaluation, incident response capability and remediation.


Meredith Harper, Chief Information Privacy & Security Officer, Henry Ford Health System
Meredith joined Henry Ford Health System in 2003 as their first Chief Privacy Officer after completing a consulting engagement with Health Alliance Plan where she served as a HIPAA Project Manager beginning in late 2002. Over her 23 year career, she has emerged as a strategic leader who is not just interested in processes, goals and objectives but most of all she is passionate about her greatest assets...her human capital. Her success has been attributed to her ability to manage large-scale complex projects that cross-functional areas within integrated delivery systems and health plans while advancing the skill sets of her team members. As the industry has evolved, so has her areas of responsibilities and in 2012 her role was expanded to include leadership responsibilities for Information & Network Security, Privacy & Security Risk Management as well as Identity & Access Management. As Chief Information Privacy & Security Officer, she has responsibility for the protection of Henry Ford's provider, insurance, retail and research businesses. Her sensitivity to the operational needs of these various businesses helps her guide the objectives of her team to ensure that the operations are successfully married with the technology or regulatory requirements. Meredith is an active member of the Health Care Compliance Association and the International Association of Privacy Professionals since 2004 where she has demonstrated her commitment to compliance by holding dual certifications in healthcare compliance and privacy. She is also certified as a HealthCare Information Security & Privacy Practitioner through the International Information System Security Certification Consortium, Inc. Meredith is a member of HIMSS, Inforum, the PHI Protection Network, the Michigan Council of Women in Technology, Information Technology Senior Management Forum, Association for Executives in Healthcare Information Security, America's Health Insurance Plans, InfraGard and the Information Systems Audit and Control Association. She serves as a Governing Body Co-Chair for the Detroit CISO Executive Summit, the Chair of the Michigan Healthcare Cybersecurity Council and the President of the Medical ID Fraud Alliance. Meredith is passionate about empowering women and minorities to embark upon careers in technology especially in information security where those populations are not very well represented. She serves on several advisory boards, one being Step IT Up America, in support of that passion and she has a unique perspective she enjoys sharing with others. Meredith is a proud alumna of the University of Detroit Mercy where she received her Master's in Health Services Administration and her Bachelor of Science in Computer Information Systems. She is an avid supporter of her alma mater's mission and serves on the advisory boards for the Center for Cyber Security & Intelligence Studies and the Health Information Management program.


Andrew Hay, CISO, Data Gravity
Andrew Hay is the CISO at DataGravity where he advocates for the company's total information security needs and is responsible for the development and delivery of the company's comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.@andrewsmhay


Dave Herrald , Security Architect, Splunk
Dave Herrald is a veteran security technologist. He holds a gaggle of security certs including the GIAC GSE #79. Dave works on Splunk's Security Practice team and he rides bikes and skis for sanity. @daveherrald


Jason Hoenich, Manager, Information Security Awareness & Training - Sony Pictures Entertainment
Jason brings over 10 years of expertise, having built awareness programs for companies like Disney, Activision, and Sony Pictures Entertainment. His experience producing engaging awareness videos for the entertainment industry is unparalleled.@jasonhoenich


Rick Holland, Vice President of Strategy, Digital Shadows
Rick Holland is the Vice President of Strategy for Digital Shadows where he guides the strategic direction for the company. Prior to joining Digital Shadows he was a vice president and principal analyst at Forrester Research, where he established Forrester's threat intelligence research. Rick also served as an intelligence analyst in the U.S. Army. Rick holds a B.S. in business administration with an MIS concentration from the University of Texas at Dallas.@rickhholland


Andrew Hoog, CEO & Co-Founder, NowSecure
Andrew Hoog is a mobile security researcher, expert witness and the CEO and co-founder of NowSecure, a enterprise mobile security company. Hoog has one patent issued with two more pending and has authored two books on mobile forensics and security. When not breaking (or fixing) things, he enjoys great wine, running and science fiction.@ahoog42


Mike Hracs, Senior Consultant, Deloitte
is currently working as a member of the Deloitte "Purple" team in Calgary, Alberta. He is a senior security operations analyst by day, and aids in Pen Testing or Incident Response when help is needed. Mike is currently GREM and GCFA certified, and has held many industry certifications throughout his career. Mike began his career in 2005 as a network engineer eventually making the shift to security, and it's been sunshine and lolly pops since then. Mike enjoys sweet talking pcaps by moonlight and listening to dial-up modems to relax. His favorite routing protocol is BGP.@bumjubeo


Dave Hull, Product Engineer, Tanium
is currently working as a member of the Deloitte "Purple" team in Calgary, Alberta. He is a senior security operations analyst by day, and aids in Pen Testing or Incident Response when help is needed. Mike is currently GREM and GCFA certified, and has held many industry certifications throughout his career. Mike began his career in 2005 as a network engineer eventually making the shift to security, and it's been sunshine and lolly pops since then. Mike enjoys sweet talking pcaps by moonlight and listening to dial-up modems to relax. His favorite routing protocol is BGP.@davehull


Ben Johnson , Co-Founder/Chief Security Strategist, Carbon Black
Ben Johnson is cofounder and chief security strategist for Carbon Black. In that role, he spends a lot of time strategizing with customers to improve cyber defenses across the stack. Ben worked in cyber at NSA and at a defense contractor and has two computer science degrees. @chicagoben


Jeremy Johnson , Cyber Threat Intelligence Analyst, Ford Motor Company
Jeremy comes from a background in software engineering, but got his start in Cyber Security when he joined Ford's CIRT. Since then, he has helped build up, and work in, Ford's SOC. He moved to the CTI team performing a variety of duties. @agnu


Lincoln Kaffenberger, Information Technology Officer, IMF
Lincoln has over a decade of experience helping organizations understand the threats they face and make informed, risk based decisions. John helps clients understand how to align their cyber agenda with dynamic business and compliance priorities. @LincolnKberger


Rick Kam, President/Co-Founder, ID Experts
Rick Kam, CIPP/US, is president and co-founder of ID Experts. ID Experts delivers data breach response services, manages cyber risks, and is trusted by thousands of organizations. ID Experts is the largest provider of identity protection products to the federal government. Rick has extensive experience leading organizations in the development of policies and solutions to address the growing problem of protecting protected health information (PHI) and personally identifiable information (PII), and remediating privacy and security incidents, identity theft, and medical identity theft. Rick leads and participates in several cross-industry data privacy groups, including PHI Protection Network (PPN) and Medical Identity Fraud Alliance.


Fred Kaplan, National Security Columnist, Slate & Author, Dark Territory: The History of Cyber War
Fred Kaplan is the national security columnist for Slate and the author of five books--Dark Territory: The History of Cyber War (Simon & Schuster, 2016), as well as The Insurgents: David Petraeus and the Plot to Change the American Way of War (Simon & Schuster, 2013, which was a Pulitzer Prize Finalist and a New York Times Best-Seller), 1959: The Year Everything Changed (Wiley, 2009), Daydream Believers: How a Few Grand Ideas Wrecked American Power (Wiley, 2008), and The Wizards of Armageddon (Simon & Schuster, 1983, which, in its reissue by Stanford Univ. Press, is still in print and taught in several universities and academies). He has also written for many other publications, including the New York Times, Washington Post, The New Yorker, The Atlantic, Foreign Affairs, MIT Technology Review, and others. For 20 years, he was a staff reporter for the Boston Globe, working as the paper's military correspondent (1982-91, during which time he was a lead member of the team that won a Pulitzer Prize for a special series on the nuclear arms race), Moscow bureau chief (1992-95), and New York bureau chief (1995-2002). He has a Ph.D. in political science from M.I.T. For more information, feel free to browse his website, linked below. http://fredkaplan.info @fmkaplan


Christine Keung, Chief of Staff to the General Counsel - Dropbox
Christine Keung is Chief of Staff to the General Counsel at Dropbox, overseeing cross-functional workstreams between trust, legal, security, and privacy. She started her career in Security Operations, where she built and scaled internal security training and awareness functions, including Dropbox's inaugural Capture the Flag competition, and security culture program.


Julia Knecht, Security and Privacy Engineering - Adobe
Julia Knecht manages Product Security and Privacy Engineering at Adobe. She created and is responsible for the Secure Product Lifecycle of Adobe's Digital Marketing Business. An integral and invaluable piece of the Secure Product Lifecycle is her Security Champions program, which has been running successfully for three years.


Jesse Kornblum, Network Security Engineer - Threat Infrastructure, Facebook
Jesse Kornblum is a network security engineer on the Threat Infrastructure team at Facebook. He currently works on the ThreatExchange platform which enables organizations to share threat information with trusted partners within a vetted community. Previously, Kornblum was a computer forensics researcher and practitioner, writing tools such as ssdeep and md5deep. He is also a former Special Agent for the Air Force Office of Special Investigations. @jessekornblum


Martin Korman, Incident Responder & Forensic Investigator, Team8
Martin Korman currently works as an incident responder and forensic investigator at Team8, previously to his work at Team8, Martin worked at IBM Trusteer as part of the research team to investigate and reverse engineer new threats. He is a talented young developer who enjoys creating research tools and contributing to the information security community by sharing his methods and findings. Prior to joining IBM Trusteer, Korman spent five years of service in the IDF, for most of which he served as a NOC manager. He also worked as an incident response officer for the Israeli Air Force's SOC, focusing on malware and forensic analysis. In his free time, you will find Martin reading technical information security literature or playing electric guitar. Martin speaks Spanish, English and Hebrew.


David Kovar, Senior Manager - Cybersecurity Practice, EY
David Kovar is a senior manager in EY's Cybersecurity practice. He's also been an entrepreneur, ediscovery consultant, software engineer, SAR incident commander, executive protection agent, and lethal forensicator. He has collected images in China, rescued wayward Americans in Australia, and conducted disaster preparedness assessments in Tajikistan. Oh, and he flies sailplanes, fixed wings, helicopters, and drones...@dckovar


Ryan Kovar, Staff Security Strategist, Splunk
Ryan Kovar worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Ryan moved onto Splunk as a Staff Security Strategist where he helps out with IR, hunting, and solving fun problems. Ryan despises printers.@meansec


Marcus LaFerrera, Director of Development, PUNCH Cyber Analytics Group
Marcus LaFerrera worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Marcus now works at PUNCH Cyber as the Director of Development and builds tools to simplify a security analyst's life.@mlaferrera


Rob Lee, DFIR Lead, SANS Institute
Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Rob has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.@robtlee


Robert M. Lee, Author & Instructor, SANS Institute
Robert M. Lee is a SANS Certified Instructor and the course author of SANS ICS515 - "Active Defense and Incident Response" and the co-author of SANS FOR578 - "Cyber Threat Intelligence." Robert is also CEO of Dragos Security, a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure, and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year. Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.@robertmlee


Adrian Leong, Research and Development Specialist, Blogger
Adrian regularly enjoys the forensic analysis/research of computers, mobile devices and other electronic evidence responsibly. He has several years of commercial software development experience and has also completed post graduate training in the identification, preservation, analysis and presentation of electronic evidence. He has completed several US based computer forensic internships in both the private and law enforcement sectors. These provided practical analysis experience and improved his research, reverse engineering, forensic programming and report writing skills. His personal blog "Cheeky4n6monkey - Learning About Digital Forensics" (cheeky4n6monkey.blogspot.com) details his various forensic research projects and scripts in a light hearted manner (typically accompanied by poorly drawn attempts at cartoon humour).
In 2014, as part of an international group of current and ex law enforcement forensic investigators (including SANS Instructor Cindy Murphy), Adrian developed software tools to extract SMS, Call History and Contact data for a Windows Phone 8 device that was previously unsupported by existing forensic tools. Subsequently, he co-authored a SANS Whitepaper on "Windows Phone 8 Forensic Artifacts" with the group. Thus smitten with mobile forensics, he has been diving down an increasing number of forensic rabbit holes ever since.@Cheeky4n6Monkey


Matt Linton, Chaos Examiner, Google
Matt is an incident responder with experience throughout the security process, from architecture through penetration. He is formally trained in disaster management and specializes in rapid response, remediation and hardening of compromised environments.


Tom Liston, Consultant - Cyber Network Defense, DarkMatter
Tom Liston is member of the Cyber Network Defense team at Dark Matter, a security consulting firm in the UAE. He is also a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Since it began publishing its "Sexiest Man Alive" issue, People Magazine has consistently overlooked Mr. Liston with what can only be described as a blatantly good taste. @tliston


Taylor Lobb, Manager, Security and Privacy Engineering -
Taylor Lobb is a Manager of Security at Privacy at Adobe where he leads a team of penetration testers and develops programs and training to raise security awareness. Previous to Adobe Taylor worked as information security manager for Clearwater Analytics where he created several security training and awareness programs.


James Lyne, Director of Technology Strategy, Sophos; Director - EMEA, SANS Institute
Director, EMEA at SANS and Director of Technology Strategy at security firm Sophos. James comes from a background in cryptography but over the years has worked in a wide variety of security problem domains including anti-malware and hacking. James spent many years as a hands-on analyst dealing with deep technical issues and is a self-professed "massive geek". Eventually James escaped dark rooms and learned some social skills, and today is a keen presenter at conferences and industry events. With a wide range of experience working in a technical and a strategic capacity from incident response to forensics with some of the world's largest and most paranoid organisations James participates in industry panels, policy groups, and is a frequently-called-upon expert advisor all over the world. James is a frequent guest lecturer and often appears in the media including national TV. As a young spokesperson for the industry James is extremely passionate about talent development and participates in initiatives to identify new talent for the industry and to develop it. Ask James to show you his best geek party trick. @jameslyne


Alex Maestretti, Engineering Manager, Netflix
Alex Maestretti leads the Security Intelligence and Response Team at Netflix, with previous gigs at Apple and the US Government. We are a small team focused on high ROI activities leveraging an agile tech stack. Overall our goal is to understand threats to Netflix equities, and buy down a broad range of risks through Incident Response.@maestretti


Kevin Magee, Member Board of Directors - Brant Community Healthcare System
Kevin Magee is one of Canada's leading authorities on cyber security cyber risk governance and security awareness. He is a cyber security executive with Gigamon Canada, Board Member at the Brant Community Healthcare System and guest lectures and advises on curriculum development for several Canadian Colleges Universities and Industry Associations.


Heather Mahalik, Forensics Lead and PM, Oceans Edge, Inc & SANS Certified Instructor, Author, Course Lead - FOR585
Heather Mahalik is leading the forensic effort as a Principal Forensic Scientist and Team Lead for Oceans Edge, Inc. Heather's extensive experience in digital forensics began in 2003. She is currently a senior instructor for the SANS Institute and is the course lead for FOR585: Advanced Smartphone Forensics.@HeatherMahalik


Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI)
Erick Mandt is a 25-year intelligence professional with broad experience in cyber counterintelligence, signals intelligence, intelligence analysis, and language analysis. He currently works as an analyst for the Air Force Office of Special Investigations (AFOSI) open source intelligence team where he supports a full range of law enforcement and counterintelligence investigations and operations. Erick's research and analytical interests focus on integrating critical thinking and structured analysis processes into active cyber defense operations. Prior to joining AFOSI, Erick served 20 years as a cryptologic linguist for the U.S. Navy. He is proficient in Russian, Bulgarian, Serbian- Croatian, and Macedonian. Erick has an undergraduate degree in Russian Area Studies from Excelsior College and an MS in Cybersecurity from Utica College.


Renato Marinho, MSc, Morphus Labs (Brazil)
Renato Marinho is Director of Research at Morphus Labs. His journey in the area began in 2001, when he created Nettion, one of the first firewalls to use the contemporary UTM (Unified Threat Management) concept. Experienced in cyber security, Marinho was internationally recognized in 2016 by his research that unveiled Mamba, the first full disk encryption ransomware. At Morphus Labs, he oversees research, innovation and development of new products. Master and Doctorate in Applied Informatics, he is also professor at University of Fortaleza teaching Computer Forensics in the post-graduate course. He is also a speaker having presented at BSides Delaware, BSides Vienna, WSKS Portugal and Brazilian CSIRTs Forum. Certified ISC2 CISSP and ISACA CRISC professional, his research interests include malware and new threats analysis, OSINT, Honeypot, machine learning and automation of IR cycle.


Brian Marks, Senior Associate, KPMG
Brian is a Senior Associate with KPMG's Forensic Technology Practice in Chicago, IL. Brian has over 5 years of experience in the information security industry having worked for a Department of Defense contractor before joining KPMG. There he gained experience in intrusion detection, incident response, log analysis, firewall administration, and operating system auditing and hardening. At KPMG, he specializes in providing digital response services including incident response, digital forensics, reverse engineering, and threat intelligence. He has provided these services for clients in many various industries including multinational businesses and Fortune Global 100 organizations. @brianDFIR


Kyle Maxwell, Senior Researcher, Verisign iDefense
Kyle Maxwell is a threat intelligence analyst and malware researcher, currently focused on covering DDoS and Latin America. He has contributed to several public reports on data breach analysis and frequently speaks & writes at conferences around the United States and Latin America. Previously, he led the incident response team at a large payment processor and performed digital forensics for clients across the United States at several private investigation firms. Mr. Maxwell holds a degree in Mathematics from the University of Texas at Dallas. @kylemaxwell


Keith McCammon, Co-Founder & VP of Detection Operations, Red Canary
Keith runs Red Canary's Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in Red Canary's customers' environments. Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech. Keith has taught and spoke extensively during his time as an information operations practitioner and technology executive within the Intelligence Community and Defense Industrial Base. @kwm


Chris McCann, Senior Security Engineer, Uber
Chris McCann is a Senior Security Engineer & Incident Response Lead at Uber Technologies. Prior to Uber, Chris worked at Facebook where he led various initiatives spanning incident response, intrusion detection, forensic investigations and red team. Chris is a current holder of several SANS certifications and a volunteer with the Mid-Atlantic & National CCDC Red Teams.


Jeff McJunkin, Senior Staff, CounterHack Challenges
Jeff McJunkin is a senior staff member at CounterHack Challenges with more than nine years of experience in systems and network administration and network security. His greatest strength is his breadth of experience - from network and web application penetration testing to digital/mobile forensics, and from technical training to systems architecture. Jeff is a computer security / information assurance graduate of Southern Oregon University and holds many professional certifications. He has also competed in many security competitions, including taking first place at a regional NetWars competition and a US Cyber Challenge capture-the-flag competition, as well as joining the Red Team for the Pacific Rim Collegiate Cyber Defense Competition. His personal blog can be found at http://jeffmcjunkin.com/.


Tim Medin, Senior Technical Analyst, Counter Hack; Certified Instructor, SANS Institute
Tim Medin is a senior technical analyst at Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. Prior to Counter Hack, Tim was a Senior Security Consultant for FishNet Security where the majority of his focus was on penetration testing. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim regularly contributes to the SANS Penetration Testing Blog (pen-testing.sans.org/blog/) and the Command Line Kung Fu Blog (blog.commandlinekungfu.com). He is also project lead for the Laudanum Project, a collection of injectable scripts designed to be used in penetration testing. Currently Tim is a certified instructor for the SANS Institute. @timmedin


Ben Miller, Director of Threat Operations, Dragos Inc.
Ben Miller is Director, Threat Operations Center at the critical infrastructure cyber security company Dragos, Inc. where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity he is responsible for performing a threat hunting, incident response, and malware analysis mission for the industrial community.


Rodrigo Ribeiro Montoro, Security Researcher, Clavis Security Brazil
Rodrigo "Sp0oKeR" Montoro has 15 years experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently he is Security Researcher / SOC at Clavis. Before it he worked as Senior Security Administrator at Sucuri , Spiderlabs Researcher where he focuses on IDS/IPS Signatures, Modsecurity rules, and new detection researches. Author of 2 patented technologies involving discovery of malicious digital documents and analyzing malicious HTTP traffic. He is currently coordinator and Snort evangelist for the Brazilian Snort Community. Rodrigo has spoken at a number of open source and security conferences (OWASP AppSec, Toorcon (USA), H2HC (Sa\0x0303o Paulo and Mexico), SecTor (Canada) , CNASI, SOURCE Boston & Seatle, ZonCon (Amazon Internal Conference), BSides (Las Vegas e Sa\0x0303o Paulo), Blackhat Brazil) and serves as a coordinator for the creation of new Snort rules, specifically for Brazilian malware. @spookerlabs


Brian Moran, Digital Strategy Consultant, BriMor Labs
Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6 month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this DFIR field is that it is always changing and evolving; and every case has unique problems, questions, and solutions. @brianjmoran


Raphael Mudge, Founder & Principal, Strategic Cyber LLC
Raphael Mudge is a programmer based in Washington, DC. @armitagehacker


Austin Murphy, Director of Incident Response, CrowdStrike Services
Austin Murphy has over 10 years of Computer Network Security experience in both private sector professional services as well as service in the US Department of Defense. As the Director of Incident Response, Austin leads a team of consultants responsible for delivering trusted advisory services to customers in need of assistance with critical security breaches. Prior to his career in consulting, Austin was a US Air Force Cyberspace Operations Officer where his primary focus was on developing tactics for the deployment of advanced computer network attack and defense capabilities.@austinjmurphy


Cindy Murphy, Madison (WI) Police Department
Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of many hundreds of hard drives, cell phones, and other items of digital evidence pursuant to criminal investigations including financial crimes, homicides, missing persons, computer intrusions, sexual assaults, child pornography, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She also helped to develop the digital forensics certificate program at Madison Area Technical College. She is a certified SANS instructor and co-authored and teaches the Advanced Mobile Device Forensics (FOR585) course for the SANS Institute. She has presented internationally on various digital forensics topics and frequently writes articles and whitepapers for the community on various forensics-related topics. She earned her MSc in Forensic Computing and Cyber Crime Investigation through University College, Dublin where she completed her dissertation on the subject of victim age estimation from child exploitation images. She is also involved with the Wisconsin Association of Computer Crimes Investigators (WACCI) where she serves as Past President for the WACCI West Chapter, Chicago Electronic Crimes Task Force, High Tech Crime Consortium (HTCC), High Tech Crime Network (HTCN), and the International Guild of Knot Tyers (IGKT). @cindymurph


Lee Neely, CISSP, CISA, CISM, CRISC, GMOB, GPEN, CCUV , Cyber Security Program, OMBUDS , Lawrence Livermore National Lab
Lee Neely is a Senior Cyber Analyst at LLNL, SANS Mentor and Analyst paper author. He is also the IT Director for the ISC2 East Bay Chapter and Board Treasurer for the Uncle Credit Union. His areas of expertise include mobile device and new technology security. @lelandneely


Ryan Nolette, Security Operations Lead, Carbon Black
Ryan Nolette, now the Security Operations Lead, was a Senior Threat Researcher and Senior Incident Response Consultant at Bit9 + Carbon Black and draws from more than decade of intense and active Incident Response (IR), Threat Research, and IT experience to add a unique perspective of technical expertise and strategic vision to Bit9 + Carbon Black. Prior to joining Bit9 Nolette was a Technology Risk Analyst for Fidelity Investments, where he was the malware subject matter expert for their Cyber Security Group and focused on signature verification and placement for all IPS across the world, and provided non-signature based malware detection and prevention through manual auditing and automated tools he wrote. Ryan earned a bachelor's degree in Information Security and Forensics from the Rochester Institute of Technology and is constantly looking to learn new skills and technologies.


Deviant Ollam, Security Auditor & Pen Test Consultant, The CORE Group
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon, Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.


Justin Opatrny, IT Security Infrastructure, General Mills
Justin Opatrny is a Cyber Security Consultant at General Mills and a leader in the organization's ICS/OT security program. He has over 15 years of experience in IT and cyber security and 6 years of experience teaching cybersecurity courses. Justin's certifications include GICSP, GPEN, GSNA, CISSP, and CASP.


David Pany, Consultant, FireEye
David Pany is a Consultant in Mandiant's Alexandria, Virginia office. His primary responsibilities include delivering incident response, digital forensic, compromise assessment, and product implementation engagements. Mr. Pany has experience performing forensics analysis using tools such as EnCase and FTK, along with open source and mobile device forensics tools. He also develops python-based tools that process forensic artifacts and automate repetitive tasks. His scripts and tools have been integrated into the standard investigative methodologies for payment card breaches and Citrix environments. In addition to providing forensic consulting services, Mr. Pany also assisted in the development of FireEye's product implementation and integration services and methodologies. @DavidPany


Christian Paredes, Threat Intelligence Analyst, Booz Allen Hamilton
Christian Paredes is a threat intelligence (TI) analyst at Booz Allen Hamilton. Promoting a tradecraft-first approach, he partners with clients to design, build, and help operate their TI programs. For Christian, there is no greater reward than using TI to help teams better understand and prepare for threats. He holds a B.A. in political science and an M.S. in international affairs. @cyint_dude


Kevin Perlow, Senior Consultant, Booz Allen Hamilton
Kevin Perlow is an incident responder and forensic analyst at Booz Allen Hamilton. He is a Senior Consultant on Booz Allen's Strategic Innovation Group Predictive Intelligence team where he investigates network intrusions, performs static and dynamic malware analysis, and assists in corporate security policy development for commercial organizations. He has over 5 years of experience in fields ranging from digital forensics and incident response to system administration. Mr. Perlow holds a Bachelor's of Science in Business Administration from Georgetown University.


Angelo Perniola, Senior Consultant, RSA Advanced Cyber Defense Practice EMEA
Angelo is a Senior Consultant for RSA ACD practice contributing in engagements of SOC design and implementation, Incident Handling and Threat intelligence program development, breach readiness assessments. @AngeloPerniola


Alex Pinto, Chief Data Scientist, Niddel
Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and the making threat intelligence "actionable" (I know, I know). If you care about certifications at all, Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. @alexcpsec


Larry Pesce, Director of Research, InGuardians
Larry Pesce's history with hardware hacking began with the family TV when he was a kid, rebuilding it after it caught on fire. Both times. His core specialties include hardware and wireless hacking, often in the financial, energy and healthcare sectors. Larry leads research efforts at InGuardians, concentrating on IoT. @haxorthematrix


Lisa Plaggemier, Security Awareness and Client Advocacy - CDK Global
Lisa has spent her career branding and marketing cars and trucks, software and data, and now security. She's combined her passion for the automotive industry with a fervor for security awareness to help CDK, OEMs, and dealers manage their risk and grow their businesses securely. Lisa worked for marketing for Ford Motor Company in the US, Europe, Africa and the Middle East. She is currently the Director of the Client Security Advocacy Office for CDK's Global Security Organization. Lisa graduated from the University of Michigan and currently lives in Austin, TX.


Hal Pomeranz, Principal, Deer Run Associates; Fellow, SANS Institute
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations. While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide. Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog. @hal_pomeranz


Moritz Raabe, Reverse Engineer, FireEye
Moritz Raabe is a reverse engineer on the FireEye Labs Advanced Reverse Engineering (FLARE) team. He currently focuses on automating and simplifying malware analysis.


JJ Rivera, VP, Cybersecurity Phishing Program- JPMorgan Chase
JJ Rivera is a Vice President and the lead for the Cybersecurity Phishing and Operational Drill Programs at JPMorgan Chase. He joined JPMC after eight years in the United States Air Force as an Information Security Manager. He received his Bachelor of Arts in History from Columbia University. He currently resides in New Jersey.


Andy Robbins, Red Team Lead - Adaptive Threat Division, Veris Group
Andrew Robbins is a red team lead for Veris Group's Adaptive Threat Division. Andy has performed penetration testing of banks, credit unions, and healthcare providers across the United States. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at Derbycon. He also developed internal toolsets in Python for efficiently analyzing massive amounts of web interfaces and for covertly enumerating open outbound TCP ports on client networks. Finally, Andy developed and taught penetration testing courses designed for full-time system and network administrators.


Scott J. Roberts, Bad Guy Catcher, GitHub
Scott J Roberts works for GitHub and makes up his title every time he's asked, so we'll say he's the Director of Bad Guy Catching. He has worked for 900lbs security gorillas, government security giants & boutiques, and financial services security firms and done his best to track down bad guys at all these places. He's released and contributed to multiple tools for threat intelligence and malware analysis. Scott is also really good at speaking in the 3rd person.


Derek Rook, Security Infrastructure Engineer, Gaikai, Inc.
Derek is a 15 year IT veteran specializing in Linux administration and system engineering. Making the shift to security 5 years ago his focus is now on raising security awareness and growing in the field of penetration testing. Derek holds GCIA, GNFA, and GCIH from GIAC, and Offensive Security's OSCP. @_r00k_


Drew Rose, Information Security Manager - American Campus Communities
Drew Rose earned a BS in Cybersecurity from the University of Maryland and holds the following certifications, CISSP, CEH, GCIA, and CCNA-Security. At his current position Drew handles everything from security architecture and operations to policy building and enforcement. His true passion lies in building progressive security awareness programs.


Chris Sanders, Senior Analyst, FireEye
Chris Sanders is an information security author and researcher who leads a research team at FireEye. He is the author of the best-selling security books Applied Network Security Monitoring and Practical Packet Analysis, and founded the Rural Technology Fund, a nonprofit devoted to providing technical education resources to rural and high poverty schools. His blog is http://www.chrissanders.org. @chrissanders88


Aaron Shelmire, Principal Threat Researcher, Anomali
Aaron began his career in security in 2004 during the Stakkato intrusions. After building a security practice at the PSC and finishing grad school at Carnegie Mellon, he joined CERT/CC and took an adjunct position at CMU. He joined the SecureWorks CTU to build and operate an end point detection platform for Targeted Incident Response. He now leads threat analysis at Anomali. @ashelmire


Andrea Sancho Silgado, Associate, KPMG
Andrea is an Associate in the Chicago, IL office of KPMG U.S. Andrea has been a member of the Forensic Technology Team since 2014, focusing on providing Forensic Services, Threat Intelligence, and Incident Response to clients, including Fortune 500 organizations. She also assists developers in the Forensic Technology Team with coding between projects. Andrea is constantly aspiring to study and learn more in the DFIR field. In her first year as a professional, Andrea completed the certifications for GCFA and EnCase Certified Examiner. Prior to joining KPMG she studied Telecommunications Engineering at Universidad Politecnica de Madrid, Spain. In the fifth year of her studies she enrolled in a double degree program with Illinois Institute of Technology completing a Master of Science in Electrical Engineering in one year.


Jamie Singer, Vice President, Edelman
A senior account supervisor with Edelman's Corporate Reputation & Risk Management practice, Jamie Singer provides issue management, crisis preparedness and crisis communications counsel to clients across an array of industries, including food & beverage, health care and higher education. She provides strategic counsel and support to companies and non-profit organizations facing reputational risks such as data security & privacy vulnerabilities, product quality issues, and human safety and health concerns. Jamie's expertise includes leading risk and vulnerability assessments, crisis plan and playbook development, as well as crisis trainings and simulations. As part of Edelman's Data Security & Privacy Team, Jamie has led breach response efforts for one of the largest insurers in the U.S. as well as other companies in the health care, retail, higher education and technology industries. She also works with clients to enhance their data security & privacy crisis preparedness through plan and process development. Prior to joining Edelman, Jamie served as the Assistant Director of Internal Communications at the Kellogg School of Management at Northwestern University. At Kellogg, Jamie led development and execution of the school's internal communications program as well as the school's crisis communications planning efforts. Prior to Kellogg, Jamie worked in Cone Communications' Crisis Prevention and Management Group. At Cone, she supported risk analysis and mitigation, communications strategy, message and materials development, as well as media relations for clients including Nestle Waters North America, Green Mountain Coffee Roasters and General Mills. Prior to Cone, Jamie worked at FTI Consulting, performing crisis and issues management work for clients in industries ranging from entertainment/gaming to health care IT to professional services. Jamie has authored several published bylines on crisis and reputation management topics, including for NCAA Champion Magazine and The Detroit News. EDUCATION: University of Michigan, BA, graduated Phi Beta Kappa and with Highest Distinction.


Mary Singh, Senior Consultant, FireEye
Mary Singh is a Senior Consultant with Mandiant with 14 years of experience in the information security field. Mary specializes in forensic analysis, location of information exposure, and EnCase forensic software. She has experience in information operations, intrusion detection and incident response. While at Mandiant, Mary has investigated over 60 computer intrusions involving the federal government, defense industrial base, and Fortune 500 companies. Prior to joining Mandiant, Ms. Singh conducted attack prevention, detection, and vulnerability assessment in the U.S. Air Force and as a consultant with Booz Allen Hamilton. She shares her experience and knowledge by teaching and presenting at conferences. In 2015, she taught at Black Hat USA and conducted a webinar to share the latest methods to "find evil" with law enforcement, federal government, and industry. @marycheese


Ed Skoudis, Fellow, SANS Institute
Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing. @edskoudis


Yolonda Smith, Director of Product Manager, Pwnie Express
Yolonda Smith is the Director of Product Management at Pwnie Express, responsible for product strategy and roadmap, and ensuring Pwnie provides security professionals with the visibility they need to identify, characterize and neutralize threats to their wired and wireless assets. A security professional herself, she spent 8 years in the United States Air Force as a Cyberspace Operations Officer with duties and responsibilities varying from Mission Commander, Advanced Network Operations where her team developed & orchestrated the first DoD Cyber Hunting missions to Flight Commander, Cyber Defense Capabilities Development where her team developed the first and only malware neutralization tool for Predator Drones.


Pasquale Stirparo, Cyber Threat Intelligence Analysist & Incident Responder, UBS
Pasquale Stirparo is currently working as Cyber Threat Intelligence Analyst and Incident Response Engineer at a Fortune 500 company. Since 2016 he has also been appointed at the Advisory Group on Internet Security at the European Cyber Crime Center (EC3) of Europol and is serving as Incident Handler with the SANS Internet Storm Center (ISC). Pasquale has also been involved in the standardization of Digital Forensics by contributing to the development of the standard ISO/IEC 27037.

Author of many scientific publications and co-author of the book "Learning iOS Forensics" (2015), he has also been invited as speaker to several national and international conferences and seminars on Digital Forensics and lecturer on the same subject for Polytechnic of Milano (CEFRIEL) and United Nations (UNICRI). Pasquale holds a Ph.D. in Computer Security from the Royal Institute of Technology (KTH) of Stockholm and a M.Sc. in Computer Engineering from Polytechnic of Torino, and is certified GCFA, GREM, OPST, OWSE, ECCE. @pstirparo


David E. Stone, Colonel, United States Air Force, Air Force Cyber College
Colonel David E. Stone is a member of the Air Force Cyber College's faculty at Air University. He develops and instructs classes, performs outreach, and conducts research to satisfy Air Force demands for advanced cyber thinking and strategy in current and future operations. Colonel Stone is a career cyber warfare operator and a former Air Force Fellow at the Idaho National Laboratory.


John Strand, Senior Security Analyst, Black Hills Information Security
John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services. He is the also the CTO of Offensive Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network. John is an experienced speaker, having done presentations to the FBI, NASA, the NSA and at various industry conferences. @strandjs


Allen Swackhamer, Reverse Engineer, Target
Allen Swackhamer is a malware reverse engineer at Target Corporation. He is a member of the Cyber Fusion Center's Threat Defense Operations team where he reverse engineers malicious binaries to identify functionality, track crimeware and APT campaigns, as well as aid incident responders in intrusion investigations. He has over 7 years of experience in network security, intrusion detection, digital forensics, and incident response. Mr. Swackhamer holds two Bachelor's of Business Administration in Infrastructure Assurance and Information Systems from the University of Texas at San Antonio.


Gene Stevens, Chief Technology Officer, ProtectWise
Gene drives the technology vision and architecture for ProtectWise. He has more than 20 years experience in software development, cloud computing, security-as-a-service, and distributed systems. Prior to founding ProtectWise, Gene was the Founder and CTO at TagLabs, a mobile tagging company. He was a Principal Software Engineer at McAfee, Cloud & Content Security and has also held engineering roles at MX Logic and GDX. Early in his career, Gene developed financial forecasting, market analysis and service capacity planning software for Hewitt Associates (Aon).@genestevens


@sudosev
Network security analyst intern, malware hunter/analyst hobbyist, still at University studying Computer & Network Security.@sudosev


Mariangela Taylor, Principal Investigator/ Cyber All-Source Analyst, Noblis-NSP
Mariangela Taylor is the Principal Investigator for the Noblis CTI R&D program. She has served for U.S. Cyber Command as a Cyber All-Source Analyst and now works for DHS in a Cyber All-Source Analysis R&D role. In 2014, she received an M.A. in Security Studies from the Georgetown School of Foreign Service. Her expertise is in China area studies, research and analysis, and cyber security. @DaLastCenturion


Joseph Ten Eyck, Lead Information Security Analyst, Target Corporation
Joseph Ten Eyck spent 15 years in the military prior to leaving to pursue a career in Infosec in the outside world. He has worked on both the offensive and defensive sides of the problem. He currently is a Lead Information Security Analyst with Target and spearheads their efforts to incorporate Threat Hunting as an addition to the overall CSIRT efforts. OSCP GPEN GWAPT GCIH CISSP.@joseph_teneyck


Kevin Thompson, Senior Incident Responder, Heroku
Kevin Thompson is a senior incident responder and Chief Snarkitecht at Heroku. He specializes in detecting and responding to security incidents by hunting for anomalies in an environment with tens of thousands of servers. Previously, Kevin was a security researcher and co-author of the Verizon Data Breach Investigations Report and is a core developer of several open source software projects. @bfist


Kai Thomsen, IT Security Architect, Audi AG
Kai is the Incident Response team lead at AUDI AG and currently working on creating a modern CSIRT at Audi. Before that he established an IT Service Continuity organization at Audi and developed and executed crisis management training exercises for top management. Prior to Audi, he worked at SMS group, an engineering company for steel manufacturing plants. There he was responsible for network security architecture, NSM, and forensics. Kai holds an M.A. in computer science and English and American Literature. He is also currently a SANS Instructor in Development.@kaithomsen


Tom Van Norman, Senior Technical Staff, CounterHack Challenges
Tom has been working in the Instrument and Controls field for the past 20 years. He is currently a Senior Technical Analyst for Counter Hack and recently retired from the Air National Guard where he worked in a Cyber Operations Squadron. Tom focus area has been working on securing Industrial Control Systems and the networking of such systems. Tom currently holds a Global Industrial Cyber Security Professional certification through GIAC and is a Certified Information Systems Security Professional (CISSP) through ISC(2).


Ronnie Tokazowski, Senior Researcher, PhishMe
Ronnie Tokazowski is a senior malware analyst with Flashpoint. Ronnie specializes in APT, crimeware, and cryptanalysis. @iHeartMalware


Dr. James Treinen, VP of Security Research, ProtectWise, Inc.
A security industry veteran of 17 years, Dr. James Treinen is the VP of Security Research at ProtectWise. He is an expert on data analysis as it pertains to enterprise security, holds multiple patents and has authored numerous publications related to data analytics for large security-related data sets. As the Chief Technology Officer at Laconic Security, he designed and built a platform for truly private data exchange. Previously, James led the security analytics mission for IBM Security Intelligence, where he led the development of numerous security-related software products. He holds a Ph.D. and M.S. in Computer Science from the University of Denver, specializing in machine learning and graph algorithms, and received a B.S. in Computer Science and Mathematics from Regis University. @jamestr


Rohan Vazarkar, Penentration Tester & Red Teamer - Adaptive Threat Division, Veris Group
Rohan Vazarkar is a penetration tester and red teamer for Veris Group's Adaptive Threat Division, where he helps assess fortune 500 companies and a variety of government agencies. Rohan has a passion for offensive development and tradecraft, and contributed heavily to EyeWitness and the EmPyre projects. He has presented at BSides DC, BSides Las Vegas, BlackHat Las Vegas, DefCon, and helps develop and teach the 'Adaptive Penetration Testing' course at BlackHat USA. @CptJesus


Melissa Ventrone, CIPP/US, Thompson Coburn LLP
When a cybersecurity incident strikes, affected parties need a swift and strong response to manage their situation and minimize damage. As chair of Thompson Coburn's cybersecurity practice, Melissa Ventrone leads teams of first responders, including lawyers and forensic investigators, in jumping head-on into a crisis. Melissa and her team work around the clock to control a breach situation and manage any public or regulatory fallout. When not in urgent response mode, Melissa represents her clients in cybersecurity litigation and proactively managing data privacy and security risks. Melissa has led cybersecurity incident response teams in connection with small breaches impacting a few hundred people to larger breaches impacting millions on behalf of merchants, financial institutions, medical providers and educational institutions. Melissa and her team work with clients to preserve evidence, determine a breach's scope, document the response and craft communications that both meet legal requirements and protect a company's brand. She also advises on establishing incident call centers and staff training, in addition to formulating other methods to protect impacted individuals from potentially negative outcomes. Melissa has attained considerable success in defending companies facing data security and privacy litigation, including class actions. She represents numerous clients in litigation and arbitration, including disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims and other matters. She has litigated cases of first impression establishing favorable law, including obtaining summary judgment in a class action case alleging damages from the theft of a hard drive. Melissa advises clients on compliance with state, federal and international laws and regulations. Education: Chicago-Kent College of Law-J.D. (2003); Northern Illinois University-B.S. (2000)


Bamm Visscher, CIRT Manager, General Motors
Bamm Visscher is the CIRT Manager at General Motors where his teams are responsible for detecting and responding to threats targeting the company's information assets. He has been performing CIRT functions since 1997 with experience in the USAF, Fortune 500, and Fortune 10 companies. Bamm contributes to the infosec community as the author of Sguil, an open source tool for performing network security monitoring. @bammv


Dr. Paul Vixie, CEO, Farsight Security
Dr. Paul Vixie is the CEO of Farsight Security, Inc. In 2014, he was inducted into the Internet Hall of Fame for his work related to DNS. Previously, he served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Dr. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC. @paulvixie


Dr. André Weimerskirch, VP Cyber Security, Lear Corporation
André Weimerskirch is VP Cyber Security at Lear Corporation. Before that, AndrĂ© established the transportation cyber security group at the University of Michigan Transportation Research Institute (UMTRI), and co-founded the embedded systems security company ESCRYPT which was sold to Bosch in 2012.
André is active in all areas of automotive and transportation cyber security and privacy, published numerous articles in the area of automotive and embedded cyber security, and is co-founder of the American workshop on embedded security in cars (escar USA). André is vice chair of the SAE Vehicle Electrical System Security Committee, co-chairs the Michigan Mobility Transformation Center (MTC) cyber security working group, co-organizes the SAE ComVEC cybersecurity session, and is a member of the joint SAE/ISO Cybersecurity Working Group.


Jake Williams, Principal Consultant, Rendition Infosec

Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles. Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client. Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges. @MalwareJake


Austin Whisnant, Member of the Technical Staff, Software Engineering Institute

Austin Whisnant has a degree in Computer Science and Mathematics from Furman University, and a Master of Science in Telecommunications from the University of Pittsburgh. She has worked with the CERT division of the Software Engineering institute since 2011 in various areas such as network traffic analysis, exercise development, cyber intelligence, training, and operations center development.


Lee Whitfield, Director of Forensics, Digital Discovery
Lee is director of forensics at Dallas-based Digital Discovery. He has several years' experience conducting digital forensic investigations for a variety of cases including child abuse, murder, burglary, drug trafficking, and so on. Lee also has experience as a testifying expert for prosecution, defense, and private clients.@lee_whitfield


Christopher Witter, Manger Falcon OverWatch, CrowdStrike
Chris manages a team of intrusion analysts at CrowdStrike where they are responsible for investigating some of the most notorious cyber threats to the US economy. Previously, he held senior roles on the Computer Security and Incident Response Teams at both a top five global bank and at a top ten defense contractor. @mr_cwitter


Benjamin Wright, Esq., Senior Instructor & Summit Co-Chair, SANS Institute
Benjamin Wright is a practicing attorney based in Dallas, Texas, focusing on technology law. He serves as a senior instructor at the SANS Institute, teaching its 5-day course titled 'Law of Data Security and Investigations.' Through that course Mr. Wright has taught thousands of students from throughout the world. He chairs SANS Institute's annual Data Breach Summit. Mr. Wright advises diverse clients, both in the US and outside the US, on privacy, electronic commerce and data security law. @benjaminwright


Josh Wright, Senior Technical Analyst, Counter Hack; Senior Instructor, SANS Institute
Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open-source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions cyber warriors in the US military, government agencies, and critical infrastructure providers. @joswr1ght


Eric Zimmerman, Sr. Director, Kroll Cyber Security
Eric Zimmerman is a Senior Director at Kroll Cyber Security responsible for research and development as well as developing internal and external training for forensic examiners, law enforcement, and private industry. Prior to joining Kroll, Eric was a Special Agent with the FBI assigned to the cyber squad of the Salt Lake City field office. Eric has a degree in computer science and has developed many digital forensics related programs related to on scene triage, ShellBags, and online investigations. Eric was the first to be recognized as an X-Ways X-PERT and also holds EnCE, GCFW, GCFE, and GSEC certifications.@EricRZimmerman