Our Summit Speakers help drive our summit events by presenting cutting edge information. We carefully select the most highly acclaimed experts in each field. Please read below for more information about each of our speakers.
- Heather Adkins
- Mike Ahmadi
- Jared Atkinson
- Mike Assante
- William Ballenthin
- Brian Bartholomew
- Adrien de Beaupre
- Matias Bevilacqua
- David J. Bianco
- Andrew Blaich
- Jacquelyn Blanchard
- Evan Booth
- Matt Bromiley
- Rebekah Brown
- Josh Bryant
- Jamie Buening
- Sergio Caltagirone
- Lesley Carhart
- Matthew Carpenter
- Dr. Brian Carrier
- Jacob Christie
- Jason Christopher
- Mike Cloppert
- Michel Coene
- Joao Collier de Mendonca
- Tim Conway
- Phillip Copeland
- Eric Cornelius
- Jack Crook
- Chris Crowley
- Rob Dartnall
- Maxim Deweerdt
- Mari DeGrazia
- Dr. Ali Dehghantanha
- Sarah Edwards
- Monta Elkins
- Mattia Epifani
- Thomas V. Fischer
- David Foose
- Kevvie Fowler
- Shelly Giesbrecht
- David Gray
- Juan Andres Guerrero-Saade
- J.J. Guy
- Kevin Harnett
- Andrew Hay
- Dave Herrald
- Rick Holland
- Andrew Hoog
- Mike Hracs
- Dave Hull
- Ben Johnson
- Jeremy Johnson
- Lincoln Kaffenberger
- Jesse Kornblum
- Martin Korman
- David Kovar
- Ryan Kovar
- Marcus LaFerrera
- Rob Lee
- Robert M. Lee
- Adrian Leong
- Matt Linton
- Tom Liston
- James Lyne
- Alex Maestretti
- Heather Mahalik
- Erick Mandt
- Brian Marks
- Kyle Maxwell
- Keith McCammon
- Chris McCann
- Jeff McJunkin
- Tim Medin
- Ben Miller
- Raphael Mudge
- Rodrigo Ribeiro Montoro
- Brian Moran
- Austin Murphy
- Cindy Murphy
- Lee Neely
- Ryan Nolette
- Deviant Ollam
- Justin Opatrny
- David Pany
- Christian Paredes
- Kevin Perlow
- Angelo Perniola
- Alex Pinto
- Larry Pesce
- Hal Pomeranz
- Moritz Raabe
- Scott J. Roberts
- Andy Robbins
- Derek Rook
- Chris Sanders
- Aaron Shelmire
- Andrea Sancho Silgado
- Mary Singh
- Ed Skoudis
- Yolonda Smith
- Pasquale Stirparo
- David E. Stone
- John Strand
- Allen Swackhamer
- Gene Stevens
- Mariangela Taylor
- Joseph Ten Eyck
- Kevin Thompson
- Kai Thomsen
- Dr. James Treinen
- Ronnie Tokazowski
- Tom Van Norman
- Rohan Vazarkar
- Bamm Visscher
- Dr. Paul Vixie
- Dr. André Weimerskirch
- Austin Whisnant
- Lee Whitfield
- Jake Williams
- Christopher Witter
- Josh Wright
- Eric Zimmerman
Heather Adkins, Manager of Information Security, Google Heather Adkins is a founding member of the Google Security Team. As Manager of Information Security, she has built a global team responsible for maintaining the security of Google's networks, systems and applications. The Google Security Team is involved in every facet of the business, including building security infrastructure, responding to security threats, and evangelism. @argvee
Mike Ahmadi, Global Director, Critical Systems Security Mike Ahmadi is the Global Director of Critical Systems Security for Synopsys Software Integrity Group. Mike is well known in the field of critical infrastructure security, including industrial control systems and health care systems. He currently serves on the technical steering committee for the ISA Security Compliance Institute (ISCI) who manages and maintains the ISASecure certification program, and is also serving as Chairman of the TEVEES18A1 Cybersecurity Assurance Testing Task Force under the Society for Automotive Engineering (SAE). He also serves as a US Expert for IEC TC65 Working Group 10 in developing the IEC 62443 series of Industrial Process Control cybersecurity standards. He served on the California Office of Health Information Integrity Security Steering Committee in drafting the state level policies on HIPAA HITECH, and is an active member of the Medical Device Innovation Safety and Security Consortium (MDISS), where he introduced the Vendor Security Practices project, and is also an active member of the Association for the Advancement of Medical Instrumentation (AAMI) Medical Device Security Working Group, where he has contributed to technical industry reports. Mike has also worked closely with the U.S. Food and Drug Administration in assisting them with developing their cybersecurity testing capabilities. Mike also currently serves as an active member of the US Department of Homeland Security Industrial Control Systems Joint Working Group, and as part of the advisory board for the US Secret Service Electronic Crimes Task Force. Mike has been a co\0x2010author in several publications, including the American Bar Association Security and Privacy guide, AAMI Journals, and also serves on the editorial board of ISSA Journal. He regularly makes appearances as a subject matter expert and speaker in various cybersecurity events internationally. Mike's interests are critical infrastructure security, including industrial control systems and medical devices and networks.@argvee
Jared Atkinson, Hunt Capability Lead, Veris Group's Adaptive Threat Division Jared Atkinson is Defensive Services Technical Lead with Veris Group's ATD. Previously, Jared led IR missions for the U.S. Air Force Hunt Team. Jared is lead developer of PowerForensics and maintains a DFIR focused blog. In addition to being awarded Microsoft MVP for his work in PowerShell, Jared has spoken at numerous industry conferences including Derbycon, 44CON, SANS DFIR, and BSidesDC.@jaredcatkinson
Mike Assante, Industrials & Infrastructure Practice, ICS/SCADA Lead, SANS Institute Michael Assante is currently the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security and co-founder of NexDefense, an Atlanta-based ICS security company. He served as Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent. Prior to joining NERC, Mr. Assante held a number of high-level positions at Idaho National Labs and served as Vice President and Chief Security Officer for American Electric Power. Mr. Assante's work in ICS security has been widely recognized and he was selected by his peers as the winner of Information Security Magazine's security leadership award for his efforts as a strategic thinker. The RSA 2005 Conference awarded him its outstanding achievement award in the practice of security within an organization.
He has testified before the US Senate and House and was an initial member of the Commission on Cyber Security for the 44th Presidency. Before his career in security, Mr. Assante served in various naval intelligence and information warfare roles. He developed and gave presentations on the latest technology and security threats to the Chairman of the Joint Chiefs of Staff, Director of the National Security Agency, and other leading government officials. In 1997, he was honored as a Naval Intelligence Officer of the Year.
Brian Bartholomew, Senior Security Researcher, Kaspersky Lab - GreAT Brian has 15 years of experience in cyber espionage operations, reverse engineering, penetration testing, and incident response. Before joining GReAT, he worked at iSIGHT Partners, the US Department of State, and also spent 3 years in the United Arab Emirates. @Mao_Ware
William Ballenthin, Reverse Engineer, FireEye William Ballenthin is also a reverse engineer on the FLARE team that enjoys tackling malware and developing forensic analysis techniques. Willi's favorite beer is La Chouffe.@williballenthin
Adrien de Beaupre, Certified Instructor, SANS Institute Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). He is actively involved with the information security community, and has been working with SANS since 2000. Adrien holds a variety of certifications including the GXPN, GPEN, GWAPT, GCIH, GCIA, GSEC, CISSP, OPST, and OPSA. When not geeking out he can be found with his family, or at the dojo. @adriendb
Matias Bevilacqua, Senior Incident Response Consultant, Mandiant Mr. Bevilacqua is a Senior Incident Response Consultant in Mandiant's London office. As part of the Incident Response Team, he provides emergency services to clients when an elevated security breach occurs. He also helps clients create Incident Response management programs, analyzes and tests existing Incident Response plans, conducts forensic investigations, and provides IR and forensics training.
David J. Bianco, Principal Engineer, Cyber Security, Target David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco
Andrew Blaich, Ph.D, Lead Security Analyst, Bluebox Security Andrew Blaich is the Lead Security analyst at Bluebox Security where he is focused on all things mobile. He holds a Ph.D. in Computer Science and Engineering from the University of Notre Dame in enterprise security and wireless network performance. Blaich has worked at both Samsung and Qualcomm Research on next generation access control, kernel security, and indoor location systems for mobile devices.@ablaich
Jacquelyn Blanchard, Computer Forensic Examiner (CFE) From a teenage hacker to an accomplished information security professional hunting bad guys over a 15 year span, Jacquelyn Blanchard focuses on discovering and thwarting bad guys. Although she'd never say it herself, Jacque has done some seriously spooky stuff that helps keep your family safe at night. Once she discovers an intrusion, she clicks all the links, opens all the files, and conducts analysis on all the malware, making the world a little bit better of a place. She believes that, in order to be a good forensicator, one should learn pen testing skills, and visa versa. By watching what real-world attackers do, Jacque has gained keen insights into how penetration testers can better model their nefarious activities with the goal of helping improve security big time. In her spare time, Jacquelyn enjoys running up and down very steep hills.
Evan Booth, Maker Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity's sake. Throughout 2013 and into 2014, in an effort to highlight hypocrisy and "security theater" brought about by the TSA, through a research project called "Terminal Cornucopia," Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-trigger incendiary suitcases--all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint. Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named "Steve" who live in the future. @evanbooth
Matt Bromiley, Senior Consultant, Kroll Matt Bromiley is a Senior Managing Consultant at Kroll, a major incident response and forensic analysis firm where he assists clients with incident response, digital forensics, and litigation support. He also serves as a SANS FOR508 Instructor, GIAC Advisory Board member, a subject-matter expert for the SANS Securing The Human Program, and a technical writer for the SANS Analyst Program. Outside of work and teaching, Matt loves spending time with his family, cooking Texas BBQ, and making his house as automated as possible in hopes that it will one day do work for him.
Rebekah Brown, Threat Intelligence Lead, Rapid7 Rebekah Brown is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels as well as in the private sector at a Fortune 500 company. Rebekah currently leads threat intelligence at Rapid7. She has an Associates in Mandarin, a B.A. in International Relations and is wrapping up a M.A in Homeland Security with a Cybersecurity focus.@PDXbek
Josh Bryant, Cybersecurity Architect, Microsoft Josh Bryant is a Cybersecurity Architect (Senior Consultant Cyber II) at Microsoft where he is currently focused on delivering Cybersecurity services ranging from Tactical and Strategic Recovery to Advanced Threat Analytics implementations, Risk Assessments, and more, to customers in a variety of industries around the world.@FixTheExchange
Jamie Buening, Information Security Analyst, Midcontinent Independent System Operator (MISO) Jamie Buening is a graduate of Purdue University with sixteen years of work experience in UNIX systems, networking, and information security. He is an Information Security Analyst for the Midcontinent Independent System Operator (MISO). Responsibilities include Threat Intelligence and Incident Response. Jamie is a Certified Information Systems Security Professional (CISSP).
Sergio Caltagirone, Director - Threat Intelligence Analysis, Microsoft Sergio Caltagirone is has hunted the most sophisticated threats in both government and industry for the last 15 years - currently the Director of Threat Intelligence Analysis at Microsoft. He is the creator of the Diamond Model of Intrusion Analysis and also the technical director at the Global Emancipation Network, an NGO leveraging data science to combat and eradicate human trafficking. @cnoanalysis
Lesley Carhart, Incident Response Team Lead, Motorola Solutions Lesley Carhart has over 8 years' experience in post-intrusion network, malware, and system forensics. Her colorful IT career has ranged from starting out as a SQL developer as a teenager, to serving as a network infrastructure systems technician in the U.S. Air Force. Lesley has made it her mission to better educate others on security concepts and information security career paths. She does this through educational blogging and media contributions, a prolific social media presence, and security talks at a wide range of conferences. Lesley obtained her Bachelor's Degree in Network Technologies from DePaul University, and holds GCFA, GCIH, GREM, GCFE, and GPEN certifications. @hacks4pancakes
Matthew Carpenter Matthew Carpenter is a Principal Security Researcher with Grimm (SMFS) performing deep security research for .com, .gov, and .mil. Matthew's expertise is in reverse-engineering, vulnerability research, exploit weaponization, hardware/software/firmware/Automotive/IoT/ICS/AMI/Radio, Symbolic analysis, generalized hacker techniques, and teaching. He has a detailed background in Risk analysis/mitigation, Penetration Testing at all levels (hw/sw/net/web/physical). Matthew is former vice-chair of UCAIUG AMI-SEC Task Force and SG Security, and lead the Vulnerabilities team for NIST Cyber Security Coordination Task Force developing NISTIR-7628. He is a former member of the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), and was the Red-team lead for Advanced Security Acceleration Project (AMI-SEC/ASAP). Matthew is an entertaining and informative speaker, and is a repeat speaker at many Hacker/ICS/SCADA conferences, domestic and abroad.
Dr. Brian Carrier, VP - Digital Forensics, Basis Technology Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chair person for the Open Source Digital Forensics Conference (OSDFCon) and on the committees of many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.@carrier4n6
Jacob Christie, Consultant, Mandiant Jacob Christie has two years' experience in digital forensics and incident response and a lifetime of involvement in IT. From humble desktop support roots, he has risen to perform roles such as a data analyst, network security monitoring analyst, and forensic analyst - sometimes all within the same day. After working in the Big 4 for a spell, Jacob recently joined Mandiant, a FireEye Company, where he is afforded the opportunity to focus exclusively on incident response at scale. His real passion is herding bits from Point A to Point B using anything within his grasp to help accomplish this task (Python, Ruby, BASH, Visual Basic, etc.) regardless of the source or destination (SQL, NoSQL, flat text, or a forensic image). Jacob has presented at numerous internal trainings, teaching colleagues about various DFIR topics including forensic timelining, data breach identification, and open source forensic tools.
Jason Christopher, CTO, Axio Jason Christopher is Axio's Chief Technology Officer. His responsibilities include providing leadership on security issues relevant to Axio, its partners, and clients. Jason previously led cybersecurity research efforts across private sector and the federal government. He has worked in several critical infrastructure sectors, including power, energy, communications, and water.
Mike Cloppert, CIRT Chief Research Analyst, Lockheed Martin Michael is the lead analyst for Lockheed Martin CIRT's Intel Fusion team, charged with collecting and managing intelligence on adversaries intent on stealing the organization's intellectual property, and development of new detection and analysis techniques. Michael has worked as a security analyst in various sectors including the Financial, Federal Government, and Defense industries. He has an undergraduate degree in Computer Engineering from the University of Dayton, an MS in Computer Science from The George Washington University, has received a variety of industry certifications including SANS GCIA, GREM, and GCFA, and is a SANS Forensics and IR blog contributor. Michael's past speaking engagements include the DC3 Cybercrime Conference, IEEE, and SANS amongst various others.@mikecloppert
Michel Coene, Senior Information Security Consultant, NVISO Michel is a technical security consultant working for the Belgian security startup NVISO. At NVISO Michel focusses on incident response and assists clients with their threat hunting efforts. @coenemichel
Joao Collier de Mendonca, GIAC GCFA, GIAC GNFA, MSc. Digital Media, BSc. Computer Sciences, CISSP, CISA, Cyber Defense Center, Deutsche Telekom AG, Germany Joao is a senior Incident Responder at the Cyber Defense Center of Deutsche Telekom Group, where he investigates security breaches for companies of various sizes. His work is focused on network-based incident detection and on the setup and improvement of Incident Detection and Response Capabilities across the Deutsche Telekom Group. @sec_joao
Tim Conway, Technical Director - ICS & SCADA Programs, SANS Institute Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.
Phillip Copeland, Director, Critical Infrastructure Cyber Security, US Army Corps of Engineers Phil Copeland is the Civil Works National Information Assurance Manager (N-IAM) and Director, Critical Infrastructure Cybersecurity Center of Expertise (CICSCX). With 32 years of experience with control systems and cybersecurity, Mr. Copeland is responsible for the security of all control systems across all business lines of Civil Works, USACE, and leads a team of CICSCX professionals in completing that mission.
Eric Cornelius, Managing Director, Cylance Eric Cornelius is the Director of Critical Infrastructure and Industrial Control Systems (ICS) at Cylance, Inc. where he is responsible for thought leadership, architecture, and consulting implementations. Eric brings a wealth of ICS knowledge and his leadership keeps organizations safe, secure, and resilient against advanced attackers. Previously, Eric served as the Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the US Department of Homeland Security. Eric earned a bachelor's degree from the New Mexico Institute of Mining and Technology where he was the recipient of many scholarships and awards including the National Science Foundation's Scholarship for Service. Eric went on to work at the Army Research Laboratory's Survivability/Lethality Analysis Directorate where he worked to secure field deployable combat technologies. It was at ARL that Cornelius became interested in non-traditional computing systems, an interest which ultimately led him to the Idaho National Laboratory where he participated in deep-dive vulnerability assessments of a wide range of ICS systems. Eric is the co-author of "Recommended Practice: Creating Cyber Forensics Plans for Control Systems" as part of the DHS National Cyber Security Division, Control Systems Security Program, 2008 and is also a frequent speaker and instructor at ICS events across the globe.
Jack Crook, Principal Incident Responder, General Electric Jack Crook has worked in the information security field for the past 14 years and is currently the Principal Incident Responder for General Electric. When not responding to incidents, his primary focus is finding bad guys and developing new ways to find bad guys. Prior to his current quest of hunting down evil on networks, he spent 10 years as an Infantryman in the US Army. @jackcr
Chris Crowley, Certified Instructor, SANS Institute Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis. Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."@CCrowMontance
Rob Dartnall, Director of Cyber Intelligence, Security Alliance Ltd. From a diverse intelligence background, Rob brings together both cyber sand traditional intelligence experience. Rob is an ex-British Army Military Intelligence Operator specialising in Intelligence fusion, exploitation and strategic analysis. After leaving the Military he entered the Cyber security industry where he specialises in bringing traditional methodologies into CTI and Insider Threat.
Maxim Deweerdt, Senior Information Security Consultant, NVISO Max is a senior incident response and digital forensics analyst at NVISO. He is actively engaged in several APT investigations and is always searching for new tools and sources for active intelligence. @AlfaSec
Mari DeGrazia, Director, Kroll Cyber Security Mari DeGrazia is a Director at Kroll Cyber Security, which provides Incident Response services on a global scale. Throughout her career in DFIR, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. Mari has a Bachelor's of Science in Computer Science from Hawaii Pacific University as well as various certificates related to Digital Forensics. She is currently pursuing her Masters of Science in Digital Forensics.@maridegrazia
Dr. Ali Dehghantanha, Marie-Curie International Incoming Fellow in Cyber Forensics, University of Salford Dr. Ali Dehghantanha is a Marie-Curie International Incoming Fellow in Cyber Forensics and has served for many years in a variety of research and industrial positions. Other than Ph.D in Cyber Security he holds many professional certificates such as GXPN, GREM, CISM, CISSP, and CCFP. He has served as an expert witness, cyber forensics analysts and malware researcher with leading players in Cyber-Security and E-Commerce. Additional information can be found at http://alid.info @alidehghantanha
Sarah Edwards, Mac Nerd, Parsons Corporation; Author & Instructor, FOR518, SANS Institute Sarah is a senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter-intelligence, counter-narcotic, and counter-terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at many industry conferences including; Shmoocon, CEIC, Bsides*, Defcon and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College. Sarah is the author of the SANS Mac Forensic Analysis Course - FOR518. @iamevltwin
Monta Elkins, Security Architect for FoxGuard Solutions. CISSP, GICSP Monta Elkins is currently "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch provider. A security researcher and consultant; he was formerly Security Architect for Rackspace, and the first ISO for Radford University. He has been a speaker at DEFCON , Homeland Security's ICSJWG (Industrial Control Systems Joint Working Group), EnergySec's Security Summit, VASCAN, GE Digital Energy's Annual Software Summit, Educause Security Professionals Conference, Toshiba's Industrial Control Systems Conference, NERC's GridSecCon and other security conferences. Monta is the author and instructor of the "Defense against the Dark Arts" hands-on, hacker tools and techniques classes. He is also a guest lecturer for Virginia Tech and teaches rapid prototyping and Arduino classes with Let's Code Blacksburg.
Mattia Epifani, Digital Forensics Specialist, REALITY NET Snc Mattia Epifani is partner and founder at REALITY NET - System Solutions, where he works as a senior consultant in Digital Forensics, Forensic Readiness, Mobile Security and Incident Response. He obtained a University Degree in computer science in Genoa (Italy) and a post-graduate course in Computer Forensics and Digital Investigations in Milan. He works as a digital forensics analyst for judges, prosecutors, lawyers and private companies, both as Court Witness Expert and Digital Forensics Expert. He has obtained several certifications in Digital Forensics and Ethical Hacking (GCFA, GREM, GNFA, GMOB, GCWN, CIFI, CEH, CHFI, CCE, ACE, AME, MPSC, ECCE) and he is a regular speaker on Digital Forensics matters in different Italian and European universities (Genova, Milano, Bolzano, Pescara, Salerno, Campobasso, Roma, Camerino, Pavia, Savona, Catania, Lugano, Como, Modena e Reggio Emilia) and events (SANS European Digital Forensics Summit, Security Summit, IISFA Forum, DFA Open Day, DEFT Conference). He is a member of DFA, IISFA, ONIF and T&L Center. Co-author of the book "Learning iOS Forensics" edited by PacktPub in March 2015. @mattiaep
Thomas V. Fischer, Global Security Advocate & Threat Researcher, Digital Guardian With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management, secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organizations. Thomas currently plays a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. Thomas is also an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member. @FVT
David Foose, Manager of Ovation Security Products, Emerson David has over 2 decades of IT experience administrating systems of various sizes and industries. He has a Masters' Degree in IT Security and holds various certifications including the GICSP. His primary role the last 8 years has been development and ongoing maintenance of the Ovation Security Center (a suite of security products customized and integrated into Emerson's Ovation DCS). Recently he has been promoted to Ovation Product Security Manager to continue advancing security efforts in the Ovation development process and product. @davefoose
Kevvie Fowler, National Leader, Cyber Response Services, KPMG Canada Kevvie is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. Kevvie assists clients in identifying and protecting critical data and proactively preparing for, responding to and recovering from incidents in a manner that minimizes impact and interruption to their business.@kevviefowler
Shelly Giesbrecht, Manager - Technology, Deloitte Shelly Giesbrecht is living the dream as an incident responder for Deloitte in Calgary, Alberta. In her "spare" time, Shelly is also a SANS Technology Institute MSISE student, and is currently GREM, GCFA, GFCE, GCIA, GCIH and GSEC certified. Shelly has been working in security operations since 2006 but learned her craft from the ground up as a helpdesk analyst over 15 years ago. She enjoys imaging servers in candlelight, writing regex to relax, and her favorite registry key is AppCompatCache. @nerdiosity
David Gray, Consultant, RSA Advanced Cyber Defense Practice David is a Consultant for RSA ACD Practice engaged in Global Incident Response/discovery services, breach readiness, remediation, SOC/CIRC redesign and computer network defense. @D4VID_GRAY
Juan Andres Guerrero-Saade , Senior Security Researcher, Kaspersky Lab - GreAT Juan Andres joined GReAT in 2014 to focus on targeted attacks. Before joining Kaspersky, he worked as Senior Cybersecurity and National Security Advisor to the President of Ecuador. Juan Andres comes from a background of specialized research in Philosophical Logic. His last publication was titled The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage. @juanandres_gs
J.J. Guy , Carbon Black J.J. Guy was part of the founding team of Carbon Black in Nov 2012. Before Cb, he spent 12 years with various federal offensive network operations teams. He's been preaching about the inevitability of compromise (and thus the need for threat hunting and continuous incident response) since 2003. He's excited the rest of the world final recognizes the problem so he's no longer "that crazy government guy."
Kevin Harnett, Program Manager, US Department of Transportation at the Volpe National Transportation Systems Center Program Manager for the United States Department of Transportation at the Volpe National Transportation Systems Center located in Cambridge, Massachusetts. Mr. Harnett has over Thirty-Three years of combined project management, technical consulting, and implementation skills. Kevin is a Cyber Security Program Manager (PM) with experience providing technical leadership in planning, implementing and managing high priority programs involving Cyber Security and risk management for the Department of Transportation (DOT), Federal Aviation Administration (FAA), DOD/USAF, Defense Information Systems Agency (DISA), United Kingdomâ€™s Communications Electronic Security Group (CESG), NASA, Department of Homeland Security, Transportation Security Administration, Coast Guard, and other agencies, with special emphasis on security risk management, security policy, security training, certification/accreditation, penetration testing, security awareness, security testing/evaluation, incident response capability and remediation. @andrewsmhay
Andrew Hay, CISO, Data Gravity Andrew Hay is the CISO at DataGravity where he advocates for the company's total information security needs and is responsible for the development and delivery of the company's comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.@andrewsmhay
Dave Herrald , Security Architect, Splunk Dave Herrald is a veteran security technologist. He holds a gaggle of security certs including the GIAC GSE #79. Dave works on Splunk's Security Practice team and he rides bikes and skis for sanity. @daveherrald
Rick Holland, Vice President of Strategy, Digital Shadows Rick Holland is the Vice President of Strategy for Digital Shadows where he guides the strategic direction for the company. Prior to joining Digital Shadows he was a vice president and principal analyst at Forrester Research, where he established Forrester's threat intelligence research. Rick also served as an intelligence analyst in the U.S. Army. Rick holds a B.S. in business administration with an MIS concentration from the University of Texas at Dallas.@rickhholland
Andrew Hoog, CEO & Co-Founder, NowSecure Andrew Hoog is a mobile security researcher, expert witness and the CEO and co-founder of NowSecure, a enterprise mobile security company. Hoog has one patent issued with two more pending and has authored two books on mobile forensics and security. When not breaking (or fixing) things, he enjoys great wine, running and science fiction.@ahoog42
Mike Hracs, Senior Consultant, Deloitte is currently working as a member of the Deloitte "Purple" team in Calgary, Alberta. He is a senior security operations analyst by day, and aids in Pen Testing or Incident Response when help is needed. Mike is currently GREM and GCFA certified, and has held many industry certifications throughout his career. Mike began his career in 2005 as a network engineer eventually making the shift to security, and it's been sunshine and lolly pops since then. Mike enjoys sweet talking pcaps by moonlight and listening to dial-up modems to relax. His favorite routing protocol is BGP.@bumjubeo
Dave Hull, Product Engineer, Tanium is currently working as a member of the Deloitte "Purple" team in Calgary, Alberta. He is a senior security operations analyst by day, and aids in Pen Testing or Incident Response when help is needed. Mike is currently GREM and GCFA certified, and has held many industry certifications throughout his career. Mike began his career in 2005 as a network engineer eventually making the shift to security, and it's been sunshine and lolly pops since then. Mike enjoys sweet talking pcaps by moonlight and listening to dial-up modems to relax. His favorite routing protocol is BGP.@davehull
Ben Johnson , Co-Founder/Chief Security Strategist, Carbon Black Ben Johnson is cofounder and chief security strategist for Carbon Black. In that role, he spends a lot of time strategizing with customers to improve cyber defenses across the stack. Ben worked in cyber at NSA and at a defense contractor and has two computer science degrees. @chicagoben
Jeremy Johnson , Cyber Threat Intelligence Analyst, Ford Motor Company Jeremy comes from a background in software engineering, but got his start in Cyber Security when he joined Ford's CIRT. Since then, he has helped build up, and work in, Ford's SOC. He moved to the CTI team performing a variety of duties. @agnu
Lincoln Kaffenberger, Information Technology Officer, IMF Lincoln has over a decade of experience helping organizations understand the threats they face and make informed, risk based decisions. John helps clients understand how to align their cyber agenda with dynamic business and compliance priorities. @LincolnKberger
Jesse Kornblum, Network Security Engineer - Threat Infrastructure, Facebook Jesse Kornblum is a network security engineer on the Threat Infrastructure team at Facebook. He currently works on the ThreatExchange platform which enables organizations to share threat information with trusted partners within a vetted community. Previously, Kornblum was a computer forensics researcher and practitioner, writing tools such as ssdeep and md5deep. He is also a former Special Agent for the Air Force Office of Special Investigations. @jessekornblum
Martin Korman, Incident Responder & Forensic Investigator, Team8 Martin Korman currently works as an incident responder and forensic investigator at Team8, previously to his work at Team8, Martin worked at IBM Trusteer as part of the research team to investigate and reverse engineer new threats. He is a talented young developer who enjoys creating research tools and contributing to the information security community by sharing his methods and findings. Prior to joining IBM Trusteer, Korman spent five years of service in the IDF, for most of which he served as a NOC manager. He also worked as an incident response officer for the Israeli Air Force's SOC, focusing on malware and forensic analysis. In his free time, you will find Martin reading technical information security literature or playing electric guitar. Martin speaks Spanish, English and Hebrew.
David Kovar, Senior Manager - Cybersecurity Practice, EY David Kovar is a senior manager in EY's Cybersecurity practice. He's also been an entrepreneur, ediscovery consultant, software engineer, SAR incident commander, executive protection agent, and lethal forensicator. He has collected images in China, rescued wayward Americans in Australia, and conducted disaster preparedness assessments in Tajikistan. Oh, and he flies sailplanes, fixed wings, helicopters, and drones...@dckovar
Ryan Kovar, Staff Security Strategist, Splunk Ryan Kovar worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Ryan moved onto Splunk as a Staff Security Strategist where he helps out with IR, hunting, and solving fun problems. Ryan despises printers.@meansec
Marcus LaFerrera, Director of Development, PUNCH Cyber Analytics Group Marcus LaFerrera worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Marcus now works at PUNCH Cyber as the Director of Development and builds tools to simplify a security analyst's life.@mlaferrera
Rob Lee, DFIR Lead, SANS Institute Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Rob has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.@robtlee
Robert M. Lee, Author & Instructor, SANS Institute Robert M. Lee is a SANS Certified Instructor and the course author of SANS ICS515 - "Active Defense and Incident Response" and the co-author of SANS FOR578 - "Cyber Threat Intelligence." Robert is also CEO of Dragos Security, a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure, and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year. Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.@robertmlee
Adrian Leong, Research and Development Specialist, Blogger Adrian regularly enjoys the forensic analysis/research of computers, mobile devices and other electronic evidence responsibly. He has several years of commercial software development experience and has also completed post graduate training in the identification, preservation, analysis and presentation of electronic evidence. He has completed several US based computer forensic internships in both the private and law enforcement sectors. These provided practical analysis experience and improved his research, reverse engineering, forensic programming and report writing skills. His personal blog "Cheeky4n6monkey - Learning About Digital Forensics" (cheeky4n6monkey.blogspot.com) details his various forensic research projects and scripts in a light hearted manner (typically accompanied by poorly drawn attempts at cartoon humour). In 2014, as part of an international group of current and ex law enforcement forensic investigators (including SANS Instructor Cindy Murphy), Adrian developed software tools to extract SMS, Call History and Contact data for a Windows Phone 8 device that was previously unsupported by existing forensic tools. Subsequently, he co-authored a SANS Whitepaper on "Windows Phone 8 Forensic Artifacts" with the group. Thus smitten with mobile forensics, he has been diving down an increasing number of forensic rabbit holes ever since.@Cheeky4n6Monkey
Matt Linton, Chaos Examiner, Google Matt is an incident responder with experience throughout the security process, from architecture through penetration. He is formally trained in disaster management and specializes in rapid response, remediation and hardening of compromised environments.
Tom Liston, Consultant - Cyber Network Defense, DarkMatter Tom Liston is member of the Cyber Network Defense team at Dark Matter, a security consulting firm in the UAE. He is also a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Since it began publishing its "Sexiest Man Alive" issue, People Magazine has consistently overlooked Mr. Liston with what can only be described as a blatantly good taste. @tliston
James Lyne, Director of Technology Strategy, Sophos; Director - EMEA, SANS Institute Director, EMEA at SANS and Director of Technology Strategy at security firm Sophos. James comes from a background in cryptography but over the years has worked in a wide variety of security problem domains including anti-malware and hacking. James spent many years as a hands-on analyst dealing with deep technical issues and is a self-professed "massive geek". Eventually James escaped dark rooms and learned some social skills, and today is a keen presenter at conferences and industry events. With a wide range of experience working in a technical and a strategic capacity from incident response to forensics with some of the world's largest and most paranoid organisations James participates in industry panels, policy groups, and is a frequently-called-upon expert advisor all over the world. James is a frequent guest lecturer and often appears in the media including national TV. As a young spokesperson for the industry James is extremely passionate about talent development and participates in initiatives to identify new talent for the industry and to develop it. Ask James to show you his best geek party trick. @jameslyne
Alex Maestretti, Engineering Manager, Netflix Alex Maestretti leads the Security Intelligence and Response Team at Netflix, with previous gigs at Apple and the US Government. We are a small team focused on high ROI activities leveraging an agile tech stack. Overall our goal is to understand threats to Netflix equities, and buy down a broad range of risks through Incident Response.@maestretti
Heather Mahalik, Forensics Lead and PM, Oceans Edge, Inc & SANS Certified Instructor, Author, Course Lead - FOR585 Heather Mahalik is leading the forensic effort as a Principal Forensic Scientist and Team Lead for Oceans Edge, Inc. Heather's extensive experience in digital forensics began in 2003. She is currently a senior instructor for the SANS Institute and is the course lead for FOR585: Advanced Smartphone Forensics.@HeatherMahalik
Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI) Erick Mandt is a 25-year intelligence professional with broad experience in cyber counterintelligence, signals intelligence, intelligence analysis, and language analysis. He currently works as an analyst for the Air Force Office of Special Investigations (AFOSI) open source intelligence team where he supports a full range of law enforcement and counterintelligence investigations and operations. Erick's research and analytical interests focus on integrating critical thinking and structured analysis processes into active cyber defense operations. Prior to joining AFOSI, Erick served 20 years as a cryptologic linguist for the U.S. Navy. He is proficient in Russian, Bulgarian, Serbian- Croatian, and Macedonian. Erick has an undergraduate degree in Russian Area Studies from Excelsior College and an MS in Cybersecurity from Utica College.
Brian Marks, Senior Associate, KPMG Brian is a Senior Associate with KPMG's Forensic Technology Practice in Chicago, IL. Brian has over 5 years of experience in the information security industry having worked for a Department of Defense contractor before joining KPMG. There he gained experience in intrusion detection, incident response, log analysis, firewall administration, and operating system auditing and hardening. At KPMG, he specializes in providing digital response services including incident response, digital forensics, reverse engineering, and threat intelligence. He has provided these services for clients in many various industries including multinational businesses and Fortune Global 100 organizations. @brianDFIR
Kyle Maxwell, Senior Researcher, Verisign iDefense Kyle Maxwell is a threat intelligence analyst and malware researcher, currently focused on covering DDoS and Latin America. He has contributed to several public reports on data breach analysis and frequently speaks & writes at conferences around the United States and Latin America. Previously, he led the incident response team at a large payment processor and performed digital forensics for clients across the United States at several private investigation firms. Mr. Maxwell holds a degree in Mathematics from the University of Texas at Dallas. @kylemaxwell
Keith McCammon, Co-Founder & VP of Detection Operations, Red Canary Keith runs Red Canary's Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in Red Canary's customers' environments. Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech. Keith has taught and spoke extensively during his time as an information operations practitioner and technology executive within the Intelligence Community and Defense Industrial Base. @kwm
Chris McCann, Senior Security Engineer, Uber Chris McCann is a Senior Security Engineer & Incident Response Lead at Uber Technologies. Prior to Uber, Chris worked at Facebook where he led various initiatives spanning incident response, intrusion detection, forensic investigations and red team. Chris is a current holder of several SANS certifications and a volunteer with the Mid-Atlantic & National CCDC Red Teams.
Jeff McJunkin, Senior Staff, CounterHack Challenges Jeff McJunkin is a senior staff member at CounterHack Challenges with more than nine years of experience in systems and network administration and network security. His greatest strength is his breadth of experience - from network and web application penetration testing to digital/mobile forensics, and from technical training to systems architecture. Jeff is a computer security / information assurance graduate of Southern Oregon University and holds many professional certifications. He has also competed in many security competitions, including taking first place at a regional NetWars competition and a US Cyber Challenge capture-the-flag competition, as well as joining the Red Team for the Pacific Rim Collegiate Cyber Defense Competition. His personal blog can be found at http://jeffmcjunkin.com/.
Tim Medin, Senior Technical Analyst, Counter Hack; Certified Instructor, SANS Institute Tim Medin is a senior technical analyst at Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. Prior to Counter Hack, Tim was a Senior Security Consultant for FishNet Security where the majority of his focus was on penetration testing. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim regularly contributes to the SANS Penetration Testing Blog (pen-testing.sans.org/blog/) and the Command Line Kung Fu Blog (blog.commandlinekungfu.com). He is also project lead for the Laudanum Project, a collection of injectable scripts designed to be used in penetration testing. Currently Tim is a certified instructor for the SANS Institute. @timmedin
Ben Miller, Director of Threat Operations, Dragos Inc. Ben Miller is Director, Threat Operations Center at the critical infrastructure cyber security company Dragos, Inc. where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity he is responsible for performing a threat hunting, incident response, and malware analysis mission for the industrial community.
Rodrigo Ribeiro Montoro, Security Researcher, Clavis Security Brazil Rodrigo "Sp0oKeR" Montoro has 15 years experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently he is Security Researcher / SOC at Clavis. Before it he worked as Senior Security Administrator at Sucuri , Spiderlabs Researcher where he focuses on IDS/IPS Signatures, Modsecurity rules, and new detection researches. Author of 2 patented technologies involving discovery of malicious digital documents and analyzing malicious HTTP traffic. He is currently coordinator and Snort evangelist for the Brazilian Snort Community. Rodrigo has spoken at a number of open source and security conferences (OWASP AppSec, Toorcon (USA), H2HC (Sa\0x0303o Paulo and Mexico), SecTor (Canada) , CNASI, SOURCE Boston & Seatle, ZonCon (Amazon Internal Conference), BSides (Las Vegas e Sa\0x0303o Paulo), Blackhat Brazil) and serves as a coordinator for the creation of new Snort rules, specifically for Brazilian malware. @spookerlabs
Brian Moran, Digital Strategy Consultant, BriMor Labs Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6 month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this DFIR field is that it is always changing and evolving; and every case has unique problems, questions, and solutions. @brianjmoran
Austin Murphy, Director of Incident Response, CrowdStrike Services Austin Murphy has over 10 years of Computer Network Security experience in both private sector professional services as well as service in the US Department of Defense. As the Director of Incident Response, Austin leads a team of consultants responsible for delivering trusted advisory services to customers in need of assistance with critical security breaches. Prior to his career in consulting, Austin was a US Air Force Cyberspace Operations Officer where his primary focus was on developing tactics for the deployment of advanced computer network attack and defense capabilities.@austinjmurphy
Cindy Murphy, Madison (WI) Police Department Cindy Murphy is a Detective with the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner and has been involved in computer forensics since 1999. Det. Murphy has directly participated in the examination of many hundreds of hard drives, cell phones, and other items of digital evidence pursuant to criminal investigations including financial crimes, homicides, missing persons, computer intrusions, sexual assaults, child pornography, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She also helped to develop the digital forensics certificate program at Madison Area Technical College. She is a certified SANS instructor and co-authored and teaches the Advanced Mobile Device Forensics (FOR585) course for the SANS Institute. She has presented internationally on various digital forensics topics and frequently writes articles and whitepapers for the community on various forensics-related topics. She earned her MSc in Forensic Computing and Cyber Crime Investigation through University College, Dublin where she completed her dissertation on the subject of victim age estimation from child exploitation images. She is also involved with the Wisconsin Association of Computer Crimes Investigators (WACCI) where she serves as Past President for the WACCI West Chapter, Chicago Electronic Crimes Task Force, High Tech Crime Consortium (HTCC), High Tech Crime Network (HTCN), and the International Guild of Knot Tyers (IGKT). @cindymurph
Lee Neely, CISSP, CISA, CISM, CRISC, GMOB, GPEN, CCUV , Cyber Security Program, OMBUDS , Lawrence Livermore National Lab Lee Neely is a Senior Cyber Analyst at LLNL, SANS Mentor and Analyst paper author. He is also the IT Director for the ISC2 East Bay Chapter and Board Treasurer for the Uncle Credit Union. His areas of expertise include mobile device and new technology security. @lelandneely
Ryan Nolette, Security Operations Lead, Carbon Black Ryan Nolette, now the Security Operations Lead, was a Senior Threat Researcher and Senior Incident Response Consultant at Bit9 + Carbon Black and draws from more than decade of intense and active Incident Response (IR), Threat Research, and IT experience to add a unique perspective of technical expertise and strategic vision to Bit9 + Carbon Black. Prior to joining Bit9 Nolette was a Technology Risk Analyst for Fidelity Investments, where he was the malware subject matter expert for their Cyber Security Group and focused on signature verification and placement for all IPS across the world, and provided non-signature based malware detection and prevention through manual auditing and automated tools he wrote. Ryan earned a bachelor's degree in Information Security and Forensics from the Rochester Institute of Technology and is constantly looking to learn new skills and technologies.
Deviant Ollam, Security Auditor & Pen Test Consultant, The CORE Group While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon, Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
Justin Opatrny, IT Security Infrastructure, General Mills Justin Opatrny is a Cyber Security Consultant at General Mills and a leader in the organization's ICS/OT security program. He has over 15 years of experience in IT and cyber security and 6 years of experience teaching cybersecurity courses. Justin's certifications include GICSP, GPEN, GSNA, CISSP, and CASP.
David Pany, Consultant, FireEye David Pany is a Consultant in Mandiant's Alexandria, Virginia office. His primary responsibilities include delivering incident response, digital forensic, compromise assessment, and product implementation engagements. Mr. Pany has experience performing forensics analysis using tools such as EnCase and FTK, along with open source and mobile device forensics tools. He also develops python-based tools that process forensic artifacts and automate repetitive tasks. His scripts and tools have been integrated into the standard investigative methodologies for payment card breaches and Citrix environments. In addition to providing forensic consulting services, Mr. Pany also assisted in the development of FireEye's product implementation and integration services and methodologies. @DavidPany
Christian Paredes, Threat Intelligence Analyst, Booz Allen Hamilton Christian Paredes is a threat intelligence (TI) analyst at Booz Allen Hamilton. Promoting a tradecraft-first approach, he partners with clients to design, build, and help operate their TI programs. For Christian, there is no greater reward than using TI to help teams better understand and prepare for threats. He holds a B.A. in political science and an M.S. in international affairs. @cyint_dude
Kevin Perlow, Senior Consultant, Booz Allen Hamilton Kevin Perlow is an incident responder and forensic analyst at Booz Allen Hamilton. He is a Senior Consultant on Booz Allen's Strategic Innovation Group Predictive Intelligence team where he investigates network intrusions, performs static and dynamic malware analysis, and assists in corporate security policy development for commercial organizations. He has over 5 years of experience in fields ranging from digital forensics and incident response to system administration. Mr. Perlow holds a Bachelor's of Science in Business Administration from Georgetown University.
Angelo Perniola, Senior Consultant, RSA Advanced Cyber Defense Practice EMEA Angelo is a Senior Consultant for RSA ACD practice contributing in engagements of SOC design and implementation, Incident Handling and Threat intelligence program development, breach readiness assessments. @AngeloPerniola
Alex Pinto, Chief Data Scientist, Niddel Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and the making threat intelligence "actionable" (I know, I know). If you care about certifications at all, Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. @alexcpsec
Larry Pesce, Director of Research, InGuardians Larry Pesce's history with hardware hacking began with the family TV when he was a kid, rebuilding it after it caught on fire. Both times. His core specialties include hardware and wireless hacking, often in the financial, energy and healthcare sectors. Larry leads research efforts at InGuardians, concentrating on IoT. @haxorthematrix
Hal Pomeranz, Principal, Deer Run Associates; Fellow, SANS Institute Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations. While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide. Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog. @hal_pomeranz
Moritz Raabe, Reverse Engineer, FireEye Moritz Raabe is a reverse engineer on the FireEye Labs Advanced Reverse Engineering (FLARE) team. He currently focuses on automating and simplifying malware analysis.
Andy Robbins, Red Team Lead - Adaptive Threat Division, Veris Group Andrew Robbins is a red team lead for Veris Group's Adaptive Threat Division. Andy has performed penetration testing of banks, credit unions, and healthcare providers across the United States. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at Derbycon. He also developed internal toolsets in Python for efficiently analyzing massive amounts of web interfaces and for covertly enumerating open outbound TCP ports on client networks. Finally, Andy developed and taught penetration testing courses designed for full-time system and network administrators.
Scott J. Roberts, Bad Guy Catcher, GitHub Scott J Roberts works for GitHub and makes up his title every time he's asked, so we'll say he's the Director of Bad Guy Catching. He has worked for 900lbs security gorillas, government security giants & boutiques, and financial services security firms and done his best to track down bad guys at all these places. He's released and contributed to multiple tools for threat intelligence and malware analysis. Scott is also really good at speaking in the 3rd person.
Derek Rook, Security Infrastructure Engineer, Gaikai, Inc. Derek is a 15 year IT veteran specializing in Linux administration and system engineering. Making the shift to security 5 years ago his focus is now on raising security awareness and growing in the field of penetration testing. Derek holds GCIA, GNFA, and GCIH from GIAC, and Offensive Security's OSCP. @_r00k_
Chris Sanders, Senior Analyst, FireEye Chris Sanders is an information security author and researcher who leads a research team at FireEye. He is the author of the best-selling security books Applied Network Security Monitoring and Practical Packet Analysis, and founded the Rural Technology Fund, a nonprofit devoted to providing technical education resources to rural and high poverty schools. His blog is http://www.chrissanders.org. @chrissanders88
Aaron Shelmire, Principal Threat Researcher, Anomali Aaron began his career in security in 2004 during the Stakkato intrusions. After building a security practice at the PSC and finishing grad school at Carnegie Mellon, he joined CERT/CC and took an adjunct position at CMU. He joined the SecureWorks CTU to build and operate an end point detection platform for Targeted Incident Response. He now leads threat analysis at Anomali. @ashelmire
Andrea Sancho Silgado, Associate, KPMG Andrea is an Associate in the Chicago, IL office of KPMG U.S. Andrea has been a member of the Forensic Technology Team since 2014, focusing on providing Forensic Services, Threat Intelligence, and Incident Response to clients, including Fortune 500 organizations. She also assists developers in the Forensic Technology Team with coding between projects. Andrea is constantly aspiring to study and learn more in the DFIR field. In her first year as a professional, Andrea completed the certifications for GCFA and EnCase Certified Examiner. Prior to joining KPMG she studied Telecommunications Engineering at Universidad Politecnica de Madrid, Spain. In the fifth year of her studies she enrolled in a double degree program with Illinois Institute of Technology completing a Master of Science in Electrical Engineering in one year.
Mary Singh, Senior Consultant, FireEye Mary Singh is a Senior Consultant with Mandiant with 14 years of experience in the information security field. Mary specializes in forensic analysis, location of information exposure, and EnCase forensic software. She has experience in information operations, intrusion detection and incident response. While at Mandiant, Mary has investigated over 60 computer intrusions involving the federal government, defense industrial base, and Fortune 500 companies. Prior to joining Mandiant, Ms. Singh conducted attack prevention, detection, and vulnerability assessment in the U.S. Air Force and as a consultant with Booz Allen Hamilton. She shares her experience and knowledge by teaching and presenting at conferences. In 2015, she taught at Black Hat USA and conducted a webinar to share the latest methods to "find evil" with law enforcement, federal government, and industry. @marycheese
Ed Skoudis, Fellow, SANS Institute Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing. @edskoudis
Yolonda Smith, Director of Product Manager, Pwnie Express Yolonda Smith is the Director of Product Management at Pwnie Express, responsible for product strategy and roadmap, and ensuring Pwnie provides security professionals with the visibility they need to identify, characterize and neutralize threats to their wired and wireless assets. A security professional herself, she spent 8 years in the United States Air Force as a Cyberspace Operations Officer with duties and responsibilities varying from Mission Commander, Advanced Network Operations where her team developed & orchestrated the first DoD Cyber Hunting missions to Flight Commander, Cyber Defense Capabilities Development where her team developed the first and only malware neutralization tool for Predator Drones.
Pasquale Stirparo, Cyber Threat Intelligence Analysist & Incident Responder, UBS Pasquale Stirparo is currently working as Cyber Threat Intelligence Analyst and Incident Response Engineer at a Fortune 500 company. Since 2016 he has also been appointed at the Advisory Group on Internet Security at the European Cyber Crime Center (EC3) of Europol and is serving as Incident Handler with the SANS Internet Storm Center (ISC). Pasquale has also been involved in the standardization of Digital Forensics by contributing to the development of the standard ISO/IEC 27037. Author of many scientific publications and co-author of the book "Learning iOS Forensics" (2015), he has also been invited as speaker to several national and international conferences and seminars on Digital Forensics and lecturer on the same subject for Polytechnic of Milano (CEFRIEL) and United Nations (UNICRI). Pasquale holds a Ph.D. in Computer Security from the Royal Institute of Technology (KTH) of Stockholm and a M.Sc. in Computer Engineering from Polytechnic of Torino, and is certified GCFA, GREM, OPST, OWSE, ECCE. @pstirparo
David E. Stone, Colonel, United States Air Force, Air Force Cyber College Colonel David E. Stone is a member of the Air Force Cyber College's faculty at Air University. He develops and instructs classes, performs outreach, and conducts research to satisfy Air Force demands for advanced cyber thinking and strategy in current and future operations. Colonel Stone is a career cyber warfare operator and a former Air Force Fellow at the Idaho National Laboratory.
John Strand, Senior Security Analyst, Black Hills Information Security John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services. He is the also the CTO of Offensive Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network. John is an experienced speaker, having done presentations to the FBI, NASA, the NSA and at various industry conferences. @strandjs
Allen Swackhamer, Reverse Engineer, Target Allen Swackhamer is a malware reverse engineer at Target Corporation. He is a member of the Cyber Fusion Center's Threat Defense Operations team where he reverse engineers malicious binaries to identify functionality, track crimeware and APT campaigns, as well as aid incident responders in intrusion investigations. He has over 7 years of experience in network security, intrusion detection, digital forensics, and incident response. Mr. Swackhamer holds two Bachelor's of Business Administration in Infrastructure Assurance and Information Systems from the University of Texas at San Antonio.
Gene Stevens, Chief Technology Officer, ProtectWise Gene drives the technology vision and architecture for ProtectWise. He has more than 20 years experience in software development, cloud computing, security-as-a-service, and distributed systems. Prior to founding ProtectWise, Gene was the Founder and CTO at TagLabs, a mobile tagging company. He was a Principal Software Engineer at McAfee, Cloud & Content Security and has also held engineering roles at MX Logic and GDX. Early in his career, Gene developed financial forecasting, market analysis and service capacity planning software for Hewitt Associates (Aon).@genestevens
Mariangela Taylor, Principal Investigator/ Cyber All-Source Analyst, Noblis-NSP Mariangela Taylor is the Principal Investigator for the Noblis CTI R&D program. She has served for U.S. Cyber Command as a Cyber All-Source Analyst and now works for DHS in a Cyber All-Source Analysis R&D role. In 2014, she received an M.A. in Security Studies from the Georgetown School of Foreign Service. Her expertise is in China area studies, research and analysis, and cyber security. @DaLastCenturion
Joseph Ten Eyck, Lead Information Security Analyst, Target Corporation Joseph Ten Eyck spent 15 years in the military prior to leaving to pursue a career in Infosec in the outside world. He has worked on both the offensive and defensive sides of the problem. He currently is a Lead Information Security Analyst with Target and spearheads their efforts to incorporate Threat Hunting as an addition to the overall CSIRT efforts. OSCP GPEN GWAPT GCIH CISSP.@joseph_teneyck
Kevin Thompson, Senior Incident Responder, Heroku Kevin Thompson is a senior incident responder and Chief Snarkitecht at Heroku. He specializes in detecting and responding to security incidents by hunting for anomalies in an environment with tens of thousands of servers. Previously, Kevin was a security researcher and co-author of the Verizon Data Breach Investigations Report and is a core developer of several open source software projects. @bfist
Kai Thomsen, IT Security Architect, Audi AG Kai is the Incident Response team lead at AUDI AG and currently working on creating a modern CSIRT at Audi. Before that he established an IT Service Continuity organization at Audi and developed and executed crisis management training exercises for top management. Prior to Audi, he worked at SMS group, an engineering company for steel manufacturing plants. There he was responsible for network security architecture, NSM, and forensics. Kai holds an M.A. in computer science and English and American Literature. He is also currently a SANS Instructor in Development.@kaithomsen
Tom Van Norman, Senior Technical Staff, CounterHack Challenges Tom has been working in the Instrument and Controls field for the past 20 years. He is currently a Senior Technical Analyst for Counter Hack and recently retired from the Air National Guard where he worked in a Cyber Operations Squadron. Tom focus area has been working on securing Industrial Control Systems and the networking of such systems. Tom currently holds a Global Industrial Cyber Security Professional certification through GIAC and is a Certified Information Systems Security Professional (CISSP) through ISC(2).
Dr. James Treinen, VP of Security Research, ProtectWise, Inc. A security industry veteran of 17 years, Dr. James Treinen is the VP of Security Research at ProtectWise. He is an expert on data analysis as it pertains to enterprise security, holds multiple patents and has authored numerous publications related to data analytics for large security-related data sets. As the Chief Technology Officer at Laconic Security, he designed and built a platform for truly private data exchange. Previously, James led the security analytics mission for IBM Security Intelligence, where he led the development of numerous security-related software products. He holds a Ph.D. and M.S. in Computer Science from the University of Denver, specializing in machine learning and graph algorithms, and received a B.S. in Computer Science and Mathematics from Regis University. @jamestr
Rohan Vazarkar, Penentration Tester & Red Teamer - Adaptive Threat Division, Veris Group Rohan Vazarkar is a penetration tester and red teamer for Veris Group's Adaptive Threat Division, where he helps assess fortune 500 companies and a variety of government agencies. Rohan has a passion for offensive development and tradecraft, and contributed heavily to EyeWitness and the EmPyre projects. He has presented at BSides DC, BSides Las Vegas, BlackHat Las Vegas, DefCon, and helps develop and teach the 'Adaptive Penetration Testing' course at BlackHat USA. @CptJesus
Bamm Visscher, CIRT Manager, General Motors Bamm Visscher is the CIRT Manager at General Motors where his teams are responsible for detecting and responding to threats targeting the company's information assets. He has been performing CIRT functions since 1997 with experience in the USAF, Fortune 500, and Fortune 10 companies. Bamm contributes to the infosec community as the author of Sguil, an open source tool for performing network security monitoring. @bammv
Dr. Paul Vixie, CEO, Farsight Security Dr. Paul Vixie is the CEO of Farsight Security, Inc. In 2014, he was inducted into the Internet Hall of Fame for his work related to DNS. Previously, he served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Dr. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC. @paulvixie
Dr. André Weimerskirch, VP Cyber Security, Lear Corporation André Weimerskirch is VP Cyber Security at Lear Corporation. Before that, AndrĂ© established the transportation cyber security group at the University of Michigan Transportation Research Institute (UMTRI), and co-founded the embedded systems security company ESCRYPT which was sold to Bosch in 2012. André is active in all areas of automotive and transportation cyber security and privacy, published numerous articles in the area of automotive and embedded cyber security, and is co-founder of the American workshop on embedded security in cars (escar USA). André is vice chair of the SAE Vehicle Electrical System Security Committee, co-chairs the Michigan Mobility Transformation Center (MTC) cyber security working group, co-organizes the SAE ComVEC cybersecurity session, and is a member of the joint SAE/ISO Cybersecurity Working Group.
Jake Williams, Principal Consultant, Rendition Infosec
Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles. Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client. Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges. @MalwareJake
Austin Whisnant, Member of the Technical Staff, Software Engineering Institute
Austin Whisnant has a degree in Computer Science and Mathematics from Furman University, and a Master of Science in Telecommunications from the University of Pittsburgh. She has worked with the CERT division of the Software Engineering institute since 2011 in various areas such as network traffic analysis, exercise development, cyber intelligence, training, and operations center development.
Lee Whitfield, Director of Forensics, Digital Discovery Lee is director of forensics at Dallas-based Digital Discovery. He has several years' experience conducting digital forensic investigations for a variety of cases including child abuse, murder, burglary, drug trafficking, and so on. Lee also has experience as a testifying expert for prosecution, defense, and private clients.@lee_whitfield
Christopher Witter, Manger Falcon OverWatch, CrowdStrike Chris manages a team of intrusion analysts at CrowdStrike where they are responsible for investigating some of the most notorious cyber threats to the US economy. Previously, he held senior roles on the Computer Security and Incident Response Teams at both a top five global bank and at a top ten defense contractor. @mr_cwitter
Josh Wright, Senior Technical Analyst, Counter Hack; Senior Instructor, SANS Institute Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open-source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions cyber warriors in the US military, government agencies, and critical infrastructure providers. @joswr1ght
Eric Zimmerman, Sr. Director, Kroll Cyber Security Eric Zimmerman is a Senior Director at Kroll Cyber Security responsible for research and development as well as developing internal and external training for forensic examiners, law enforcement, and private industry. Prior to joining Kroll, Eric was a Special Agent with the FBI assigned to the cyber squad of the Salt Lake City field office. Eric has a degree in computer science and has developed many digital forensics related programs related to on scene triage, ShellBags, and online investigations. Eric was the first to be recognized as an X-Ways X-PERT and also holds EnCE, GCFW, GCFE, and GSEC certifications.@EricRZimmerman