Arnold Holzel
  • Use DNS to detect your domains are abused for phishing
Bailey Bercik

Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's previously spoken about Azure AD customer stories and security recommendations at Microsoft Ready & Ignite, Blue Team Con, The Diana Initiative, and BSides Portland. Prior to this role, Bailey worked on Microsoft's incubation team for Decentralized Identity and volunteered as a computer science teacher at Warden High School.

  • Modern Authentication for the Security Admin
Bassem Helmy

"Cyber Security Professional with over eleven (11) years of experience with corporates and multinational organizations throughout the Middle East.
Awarded Penetration Tester of the Year 2016 from EC-Council Foundation InfoSec Tech & Exec.

Area of Expertise:

• Penetration Testing, Red Teaming, and Covert Operations
• ICS / SCADA Security Assessment
• Threat Hunting Operations
• Incident Response
• Vulnerability Management and Security Assessment"

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
Ben (Innismir)

Ben is a security practitioner with over 15 years of hands on cyber security experience. Since 2011, Ben has been a CSIRT lead for a Fortune 500 company. In his spare time, he enjoys being a husband and dad, messing around with computers, VoIP, analog telephones, amateur radio, and generally pressing anything with a button on it. Ben was the lead author for Asterisk Hacking from Syngress Publishing, has spoken at various industry conferences, and has been featured on the BBC, New York Times, and CNET. Ben also strongly dislikes writing about himself in the third person.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
Ben Bornholm

Ben (@CptOfEvilMinion) is not new to creating workshops as this is his second time creating a DEFCON workshop, yet he has never actually been to DEFCON in person! Ben crafted his whimsical presenting style from being President of RIT’s security club previously known as RC3.

During the day Ben fights off cyber criminals as a DART engineer at At night Ben is the author of his blog where he discusses topics in security that interest him such as incident response, threat hunting, Osquery, and DevSecOps.

  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part2
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1
Ben Hughes

Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including Digital Forensics & Incident Response (DFIR), threat hunting, pen testing, and risk assessment. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, and GWAPT certifications.

  • Ransomware ATT&CK and Defense with the Elastic Stack
Blind Hacker JoeB

The Blind Hacker is an InfoSec enthusiast, mentor, coach, pentester, hacker, and more. He regularly mentors online through streams and online communities. He frequently volunteers time on workplace development for others, gives resume reviews, job advice, and coaches people into the roles they want with mock interviews. As a person with a disability, or who is differently-abled, he has never let it slow him down.

  • BTV Presents: Threat Report Roulette
Cat Self

Cat Self is a Lead Cyber Adversarial Engineer working on the MITRE ATT&CK® and ATT&CK Evaluations teams at MITRE. Cat previously worked at Target as a red team operator, threat hunter, and developer. Cat is an Army Military Intelligence veteran with a passion for mentorship, hiking in foreign lands, and finding opportunities to give back.

  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part2
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1

Xena Olsen, @ch33r10, is a Senior Cybersecurity Analyst at a Fortune 500 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and a doctoral student in cybersecurity at Marymount University.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
  • BTV Presents: Threat Report Roulette
Charles Rumford

Charles is currently a network engineer with Deft. He has a background in network engineering, programming, information security, usability, and linux systems administration. He likes to ensure things are secure, usable, and users are informed.

  • Uncomfortable Networking
Chen Cao

A security engineer at Cloudflare focuses on Detection and Response. Chen holds a Master of Science degree in Security Informatics from Johns Hopkins University and has been in the security industry for about 4 years now. He enjoys sharing & learning good practices in the industry and currently working on finding a reliable, scalable and cheap way for log collection and alerting.

Chester Hosmer

Chet serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching Python and Machine Learning. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. He has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, and Wired Magazine. He has published 7 books with Elsevier and Apress.

  • Uncovering covert network behaviors within critical infrastructure environments
Chris Russell

Christopher Russell is the Head of Information Security for tZERO Group Inc. He has a Masters Degree in Cybersecurity and numerous certifications and experience in cloud security, endpoint detection and response, SIEM and blockchain. He is a combat Veteran of the US Army, where he was a human intelligence (HUMINT) collector who graduated from the Defense Language Institute, for Arabic.

  • BTV Presents: Threat Report Roulette
Clay (ttheveii0x)

Clay is a cyber threat intelligence and malware analysis manager at a consulting company.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
Dan Borges

A core member of the National CCDC red team and a director for the Global CPTC. Recently wrote a book on deception applied to infosec and attack-defense competitions:

  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part2
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1
Daniel Chen
  • Ransomware ATT&CK and Defense with the Elastic Stack
Danny D. Henderson Jr (B4nd1t0)

Danny Henderson Jr. is a USAF veteran who is now an expat working as a Senior Cybersecurity Analyst at SecureWorks in Romania. He is a graduate of Capitol Technology University with MSc in Cyber and Information Security, six GIAC certifications in DFIR and Offensive Security.

  • BTV Presents: Threat Report Roulette
Dr. Meisam Eslahi

Meisam is a technical cybersecurity practitioner with solid expertise in providing strategies and technical directions, building new service/business lines, diverse teams, and capabilities. He has over 19 years of experience in information technology, with 15 years dedicated to cybersecurity in leadership and technical roles leading, managing, and delivering a wide range of cybersecurity services to multi-national clients - mainly in the banking, financial, healthcare, and telecom sectors.

  • Scope X: Hunt in the Ocean!

Drimacus is a veteran in the security focusing around Network Security, Emerging Threats, and Innovation.

  • Leveraging NGFWs for Threat Hunting
Dylan Barker

Dylan Barker is a technology professional with 10 years' experience in the information security space, in industries ranging from K12 and telecom to financial services. He has held many distinct roles, from security infrastructure engineering to vulnerability management. In the past, he has spoken at BSides events and has written articles for CrowdStrike, where he is currently employed as a senior analyst.

  • Tricks for the Triage of Adversarial Software
Felipe Duarte

Malware researcher, CEH, GREM, electronics geek, IoT enthusiast, programmer, drone lover and machine learning fan. Just hunting malware for fun!

  • Watch Out! And just skip the packer
Fred Mastrippolito

Pentester, and incdent response engineer with a passion for technology. Founded @politoinc and focuses on assisting customers operate securely.

  • Ransomware ATT&CK and Defense with the Elastic Stack
Gert-Jan Bruggink

Gert-Jan (GJ) Bruggink is a cyber threat intelligence leader, specialized in understanding adversary tradecraft and thereby helping leaders make more informed decisions. GJ has extensive experience at the crossing of offense, defence & strategic risk management and spend the last 10+ years specializing on providing leaders actionable threat intelligence products and building secure organizations. GJ previously co-founded and delivered defensive services at FalconForce, led the Dutch cyber threat intelligence team at a Big Four accounting firm and delived security services at a security integrator.

  • This is what we thought would happen in 2021

As a security {engineer | data scientist}, Henry operates as an information/data security architect, previously as a security consultant and developer in the industry. In his current role, he interfaces with internal business partners in providing architectural guidance and aligning the business with best practices and building countless tools and automation for the benefit of IT and security personnel alike. He has learned the hard and fun way that learning itself shouldn’t be considered a chore or a negative, but an opportunity to be able to be more effective and adaptive with the ever-changing needs of the business.

  • How do you ALL THE CLOUDS?
Igal Flegmann

Igal started his career in Microsoft’s Azure Security team creating and managing identity services for Azure’s secure production tenants. After a successful career in Azure Security, Igal transferred teams to work in Azure’s ASCII (Azure Special Capabilities, Infrastructure, and Innovation) team, where he used his identity and security expertise to design and create security services to protect the critical infrastructure devices of the world.

To follow passion for identity and security, Igal decided to leave Microsoft and Co-found, Keytos a security company with the mission of eliminating passwords by creating easy to use PKI offerings.

  • I know who has access to my cloud, do you?
John Bambenek

John Bambenek is President of Bambenek Labs, a threat intelligence firm, and a PhD student studying cyber security machine learning at the University of Illinois at Urbana-Champaign. He has 20 years experience investigating cyber crime and has participated in large investigations in ransomware, the 2016 election-related hacking, and extremist fundraising in cryptocurrency.

  • Adventures in Pro Bono Digital Forensics Work
Jorge Orchilles

Jorge Orchilles is the Chief Technology Officer of SCYTHE, co-creator of the C2 Matrix project, and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation.

  • BTV Presents: Threat Report Roulette
Karan Aditya Ghoshal

Karan Aditya Ghoshal is a CTI Analyst at a Big Four cybersecurity firm. He is currently pursuing his Bachelors in Computer Science Engineering at Manav Rachna University.

  • BTV Presents: Threat Report Roulette
Karl Lovink a.k.a. Cyb0rg42

arl is the Technical Lead of the Security Operations Center of the Dutch Tax and Customs Administration. He must ensure that the security analysts of the SOC can do their job well in the technical field. Besides, he is responsible, among other things, for strengthening the network of
governments and companies, so that the right information is quickly available in the event of threats and incidents. Karl obtained the title Master of Security in Information Technology (MSIT) at Eindhoven University of Technology. He loves biohacking technology and has seven RFID / NFC chips implanted in his body, including a
credit card.

  • Use DNS to detect your domains are abused for phishing
Mark Morowczynski

Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. He's spoken at various industry events such as Black Hat 2019, Defcon Blue Team Village, GrayHat, several BSides, Microsoft Ignite, Microsoft Inspire, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.

  • Modern Authentication for the Security Admin
Michael Wylie

Michael Wylie, MBA, CISSP is the Sr. Manager of a 24/7/365 global managed threat hunting team. Prior to his current role, he was the Director of Cybersecurity at a top 100 CPA firm where he built out the offensive/defensive security service practice. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Colleges, and for clients around the world. Michael is the winner of numerous SANS challenge coin and holds the following credentials: CISSP, CCNA R&S, GPEN, GMON, GCFE, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, CNVP, Microsoft Azure, and more.

  • Wireshark for Incident Response & Threat Hunting
Mike Cohen

Dr. Mike Cohen has over 20 years of experience in applying and developing novel incident response and digital forensics tools and techniques. He has previously worked in the Australian Department of Defence as an information security specialist, at the Australian Federal Police specialising in digital forensics, network and memory forensics, and spent 8 years in Google developing tools such as GRR and Rekall. In 2018, Mike founded the Velociraptor project, an advanced open source DFIR framework. Mike has recently joined Rapid7 to promote and further develop Velociraptor into a fully featured enterprise DFIR toolkit.

  • Velociraptor - Dig Deeper
Mike Raggo

Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding for Syngress Books co-authored with Chet Hosmer. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

  • Uncovering covert network behaviors within critical infrastructure environments

muteki is the Meet-a-Mentor Lead as well as a director of Blue Team Village, a not-for-profit organization bringing free Blue Team talks, workshops and more to the broader InfoSec community.

  • Year of Mentoring: BTV’s Meet-a-Mentor Turns One
Neumann Lim (scsideath)

Neumann Lim is a senior manager at Deloitte where he leads the development of the services, strategies and methodologies on cyber detection and incident response. With more than 14 years of infosec experience, he has coordinated national incident responses across multiple industries. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in incident response.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
O'Shea (sirmudbl00d)

"O'Shea Bowens is a cyber security enthusiast with 12years of
experience. He is the founder and CEO of Null Hat Security
which offers consulting services and addresses the cyber
workforce shortage with skills and gap assessments in a custom
built cyber arena. He is knowledgeable in the areas of digital
forensics & incident response, threat hunting, cloud security,
security analytics, security program management and

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel

I do stuff. Sometimes it works.

  • BTV Presents: Forensics Station - Workshop 1

Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part2
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1
Quinten Bowen

Quinten Bowen is an Information Security Professional who works as a Senior Analyst at CrowdStrike. Additionally, Quinten has expertise in malware analysis, penetration testing, threat hunting, and incident response in enterprise environments, holding relevant certifications such as GREM, OSCP, eCPPT, and eCMAP. Quinten spends his off-time volunteering for the Collegiate Cyber Defense Competition (CCDC), mentoring, and can be found around a table playing D&D.

  • Tricks for the Triage of Adversarial Software

Rabbit is an information security engineer and lagomorph enthusiast with a background in medical device security and biometric access system assessment who now manages the secure development and testing of IoT smart home and smart lock devices.

  • Structured Analytical Techniques for Improving Information Security Analyses
Renzon Cruz

Renzon Cruz, a Filipino security professional living in Dubai who works as Digital Forensics & Incident Response in a company based in UK. He previously worked as Sr. Security Consultant as part of a National Cyber Security Agency in Qatar. He was also accepted to various international conferences as a speaker such as BSides Vancouver (2019), BSides London (2019), BSides Doha (2020), and ROOTCON Hacking Conference (2020). He is also co-founder and instructor of GuideM, a real-world cybersecurity training center based in the Philippines. He's mainly interested in defensive strategy, threat hunting, DFIR, malware analysis, & adversary simulation.

  • Forensicating Endpoint Artifacts in the World of Cloud Storage Services
Ricky Banda

Ricky Banda is a Incident Commander for the Amazon Security Incident Response Team. He is a SANS MSISE Graduate Student, with over a dozen industry certifications and featured author in Tribe of Hackers: Blue Team Edition. He has over a decade of experience in Security Operations and Incident Response working in both Public and Private sectors.

  • BTV Presents: Threat Report Roulette
Sebastiaan Provost

Sebastiaan is the Lead Security Engineer at Beacon and has worked in information security for across both offensive and defensive domains. He specializes in protecting business critical assets by applying technology in creative ways and is particularly interested in Threat Hunting in Zero Trust Environments. In his free time, he enjoys the gym, he tries to hone his infosec knives, and tries to visit as many countries as possible. He has previously given talks at SHA2017 and BsidesNCL 2019.

  • Yeet the leet with Osquery (Effective Threathunting Without Breaking Bank )
Surya Teja Masanam

Surya found his passion for cybersecurity during his college days where out of curiosity he figured out how a malware was spreading actively in the college computers and found a remediation technique. From then onwards his cybersecurity journey started. Digital Forensics and Malware Analysis are his all-time favorites. Surya is a Security Engineer with 5+ years of experience in performing both offensive and defensive activities. Engaging, understanding, and knowledgeable technical trainer, having expertise in training small and large groups across diverse industries. LinkedIn:

  • (Beginner) Windows Forensics 101
Tilottama Sanyal

Tilottama Sanyal (wildphish) has a degree in Information technology from India and has almost 8 years of combined experience across DevOps and Cybersecurity. She holds certifications like the GCIH and currently works as an Incident Response Team member at Verizon Media (previously Yahoo!). Her areas of expertise include risk assessments, vulnerability analysis, and incident response. Her current interests include threat hunting and this is her first-ever workshop.

  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part2
  • MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1
Tino aka Paladin316

Tino has over 25 years experience in Cyber Security. His work experience spans diverse industries, a world-renowned children's hospital, a world leading Energy Company, an enterprise application service provider, a fortune 100 global manufacturing company, and a Global Financial Services Institution. His primary experience involves developing and implementing processes for Cyber Threat Hunting, Malware Analysis/Reverse Engineering, Digital Forensics/Incident Response (DFIR), and Purple Teaming. In addition, his favorite hobby is doing Cyber Security Research. He says he would do this job for free, but don't tell anyone.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel

blah blah blah

  • BTV Presents: Malware Station - Maldoc Workshop

Wayland is a cyber security practitioner with more than a decade of experience performing incident response in a variety of organizational environments. He has contributed to response efforts for multiple significant matters over the years and of late is focused on mentoring and leading the next wave of incident response professionals.

  • BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
Wendy Edwards

Wendy is a software developer interested in the intersection of cybersecurity and data science. She’s involved in the NASA Datanauts program and participated in the SANS Women’s Academy, earning GIAC GSEC, GCIH, and GCIA certifications. She has masters degrees in computer science and library and information science from the University of Illinois.

  • What Machine Learning Can and Can't Do for Security
Wes Lambert

Wes Lambert is the Director of Support and Professional Services at Security Onion Solutions, where he helps customers to implement enterprise security monitoring solutions and understand their computer networks. A huge fan of OSS projects, Wes loves to solve problems and enhance security using completely free and easily deployable tools.

  • Attack and Detect with Prelude Operator and Security Onion
Will Thomas

Will Thomas is a security researcher at Cyjax, a UK-based Cyber Threat Intelligence vendor. In his spare time, he offers his OSINT skills to work missing persons cases with the NCPTF and is a board member of the Curated Intelligence trust group. Will graduated with a BSc (Hons) in Computer and Information Security from the University of Plymouth.

  • BTV Presents: Threat Report Roulette