Alissa Torres is passionate about security operations and empowering analysts to succeed in blue team ops. Her professional experience in various security roles over her career includes forensic investigations, enterprise incident response and threat hunting, security services consulting, and incident response management. Alissa currently serves as Senior Threat Hunter at Palo Alto Networks. Having taught as principal faculty for several pivotal cybersecurity training institutions over the last decade, Alissa has engaged hundreds of skilled professionals around the world, growing a legion of artifact hunters who share a common affinity for adversary tracking.

Andrew Krug is a Lead Security Advocate at Datadog specializing in Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders.

Anton is a BSides Toronto speaker, C3X volunteer, and an OSCE, OSCP, CISSP, CSSP certificate holder. Anton enjoys the defensive aspects of cybersecurity and loves logs and queries.

Apurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted several talks and seminars at conferences like SANS, Defcon, BSides, local security meetups, schools, and colleges. He loves volunteering with Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.

Ashlee is an astrophysicist turned security researcher whose experience spans across detection and response, threat hunting, outreach, and developing successful threat intelligence programs. In her current role, when she is not protecting Ukrainian infrastructure, she focuses on strategic and cohesive use of threat intelligence both across the Talos organization and within greater Cisco. Outside of the security world, Ashlee is also a nationally competitive Olympic Weightlifter and a current MBA candidate at the University of Maryland.

With an inability to tolerate boredom and background in hunting social engineers, aviditas moved from engineering and corporate training to work in customer facing & traditional blue team environments. As a generalist by nature, the Sisyphusian nature of the industry is the main appeal as breadth of knowledge is rewarded. She is an advocate for demystifying and removing cost barriers for high quality InfoSec training and resources.

Ben (@CptOfEvilMinion) is not new to creating workshops as this is his third time creating a DEFCON workshop, yet he has never actually been to DEFCON in person until this year! Ben crafted his whimsical presenting style from being President of RIT’s security club previously known as RC3.

During the day Ben fights off cyber hooligans as a DART engineer at Dropbox.com. At night Ben is the author of his blog HoldMyBeerSecurity.com where he discusses topics in security that interest him such as incident response, threat hunting, Osquery, and DevSecOps.

Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cybersecurity, IT, and law. He leads Polito Inc.'s commercial cybersecurity services including threat hunting, digital forensics and incident response (DFIR), penetration testing, red teaming, adversary emulation, and training. Prior to Polito, Ben worked on APT hunt teams at federal and commercial clients. He currently holds CISSP, GCFA, GWAPT, and endpoint security vendor certifications.

Carson Zimmerman has been working in cybersecurity for about 20 years. In his current role at Microsoft, he leads an investigations team responsible for defending the M365 platform and ecosystem. Previously at The MITRE Corporation, Carson specialized in cybersecurity operations center architecture, consulting, and engineering. In his early days at MITRE, Carson worked in roles ranging from CSOC tier 1 analysis, to secure systems design consulting, to vulnerability assessment. Carson recently co-wrote 11 Strategies of a World-Class Cybersecurity Operations Center, available at mitre.org/11Strategies.

Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. Additionally, as one of the directors of Blue Team Village, Cassandra works to bring free Blue Team talks, workshops and more to the broader security community.

Senior Manager Cyber Threat Intelligence at a Fortune 100. DSc Cybersecurity, MBA IT Management, 8 x GIAC, and SANS Women’s Academy graduate.

Connor Morley is a senior security researcher at WithSecure. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a researcher and part time threat hunter he is experienced with traditional and ‘in the wild’ malicious actors’ behaviour.

Stuff goes here.

Sai Molige, is a SOC Threat Hunting Lead for Cysiv LLC/ForeScout. Sai received his Master of Science in Information Assurance with Cyber Security as a major. He has 3+ years of experience in information security working in different domains like network, endpoint, and cloud security. Apart from the daily job he performs, he is very keen in constantly improving himself either by attending external classes and/or by attending various conferences. He has SANS GIAC GCDA, GNFA, GNFE, and GCIH . He volunteers at different organizations to give back to the community which is helping him constantly.

DFIR consultant and penetration tester at Polito Inc. I investigated numerous ransomware incidents, hunted for adversaries, and assisted with red teaming.

With 14-years career in the U.S. public sector and 11 years with ICT, Danny now works at SecureWorks in Bucharest as an L3 SOC Analyst. His skillset includes digital forensics, threat intelligence, malware analysis, with small touch of Offensive Security. Outside of the Security field, Danny is working on a passion video game project as the Fearless Leader of the Sacred Star Team and is fond of fantasy tabletop games such as Dungeons and Dragons (D&D).

Meisam is a technical cybersecurity practitioner with solid expertise in providing strategies and technical directions, building new service/business lines, diverse teams, and capabilities. He has over 20 years of experience in information technology, with 16 years dedicated to cybersecurity in leadership and technical roles leading a wide range of services for multi-national clients mainly in Red Teaming, Threat Hunting, DFIR, Cyber Drill, Compromise Assessment, and Penetration Testing. He is also a security researcher [MITRE D3FEND contributor], blogger [cybermeisam.medium.com], mentor, and speaker in many global events and conferences such as Defcon, BSidesSG, and NASSCOM.

To be completed.

Digital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.

I’ve been working as Security Researcher at Saporo, Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Coordinator team from DCG5511(DEFCON Group São Paulo-Brazil), International Speakers in Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, etc, I’ve been served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis-Fundamentals(HackerSec).

Gilmar works with information security2006. He was a Marine in the Brazilian Navy, worked in large telecom and payments companies. He is currently Vice President of Information Security and coordinates some research fronts in addition to the day to day of Cyber.

Nicklas works as a Threat Research Analyst at the company Truesec, based in Stockholm/Sweden. Here he splits his time picking apart malware from threat actors and as a subject matter expert in Industrial Control System. Also a analyst contributor to The DFIR Report.

A Jackie-of-all- trades, master of none, Jackie seems to be physically unable to stop returning to threat detection and response. Her 10 years in the industry have been spent in malware analysis, reverse engineering, and infrastructure and product security. She has been an analyst, engineer, and leader. Currently, she is focused on building out the threat detection and response program at Asana. She aspires to build teams that leave members better than they were found, technically AND mentally. She speaks and sometimes writes about burnout awareness and efforts to dismantle the gatekeeping of technical security roles.

Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Williams is an IANS Faculty Member and also works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).

To be completed.

Joe Schottman has worn most hats in IT and Security, ranging from application development to DevOps to offensive and defensive security. The nexus of this experience is research into Web Shells. He's spoken and given training on topics such as Purple Teams, API security, Web Shells, Web Threat Hunting, and more at AppSec Village at DEF CON, OWASP Global, SANS Summits, various BSides, Circle City Con, and other events.

John Orleans is a group manager for security consulting at Avanade, where he helps heavily-regulated organizations design and implement secure cloud solutions. He has a background in finance, transportation, telecoms, and wireless. Prior to his career in information security, he was a professional chef and bartender. It’s rumored that John can be found traveling the country, riding perfectly reasonable bicycles unreasonably long distances.

Justin is currently serving as CTO/Hacker at TrustedSec and possess a background in red teaming, pentesting, and offensive research.

Kostas is a security researcher with many years of experience in the field. Coming from a technical background in incident response, he specializes in intrusion analysis and threat hunting.

Kostas devotes most of his spare time to supporting the information security community by producing free threat intelligence reports as part of the DFIRReport effort, of which he is a member.

Kristen is a Cyber Threat Intelligence Analyst at SCYTHE. Prior to joining the herd she worked for the United States Department of the Army in various roles ranging from network and system administration to vulnerability management and cyber compliance. She has a penchant for solving technical puzzles, leaping from perfectly good airplanes (or cliffs), and finding the best local hole-in-the-wall restaurants. If you want to talk about foreign travel, sports nutrition, or why Episodes 4-6 are the only Star Wars movies that matter, she's your girl!

l00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.

Lauren is currently the Sr Manager of Global Cyber Defense at Marsh McLennan… which is a wordy way of saying she manages CTI, Threat Hunting, Security Automation, and SOC things. When she isn’t in front of a screen, she is running long distances in the woods, cycling over gravel trails, or acquiring more cats in order to reach crazy cat lady status.

Moose (aka Heather) is a benevolent Principal Incident Response consultant with CrowdStrike. Moose leads cases globally specializing in c-level grief counseling, eCrime stomping, forensic dumpster diving, attacker evictions, and long sessions staring deeply into logs, code, and config files.
Outside of IR, Moose is a mother of cats, fiddler, and lover of potatoes in all forms.

Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was PFE supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He's spoken at various industry events such as Black Hat, Defcon Blue Team Village, Blue Team Con, GrayHat, several BSides, Microsoft Ignite, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor.

Matt Scheurer is a show host for the ThreatReel Podcast, and also works as an Assistant Vice President of Computer Security and Incident Response in a large enterprise environment. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). He volunteers as a "Hacking is NOT a Crime" Advocate and as a technical mentor for the Women's Security Alliance (WomSA). Matt is a 2019 comSpark “Rising Tech Stars Award” winner, and has presented on numerous Information Security topics at many technology meetup groups and prominent Information Security conferences across the country.

Michael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365.

Mick Baccio fell in love with the idea of cybersecurity at nine years old after reading Neuromancer, thinking "I should do that."
After an alphabet soup of federal agencies and a stint as the first CISO of a POTUS campaign, he is currently a Global Security Advisor at SURGe. He is still trying to do 'that'.
Air Jordans, Thrunting, Puns. Not sure the order.

As part of Microsoft's customer facing Detection and Response Team (DART), I work as a cloud hunter and lead investigator, battling alongside our customers on the front lines of incident response. Our work often involves dealing with live incidents involving APT and nation state actors and hunting them is what brings me joy.

Avid learner, passionate about all things detection, malware, DFIR, and threat hunting.

Neumann Lim is a manager at Deloitte where he leads the cyber detection and incident response teams. Prior to this role, Neumann spent years working with large enterprises and governments specializing in incident response.

With 15 years of infosec experience, he enjoys analyzing malware, reverse-engineering and vulnerability research. Neumann has been invited to share his thought leadership at conferences such as Grayhat Conf, Toronto CISO Summit and CCTX.

In his off time, Neumann participates in CTFs and mentors new students interested in infosec while maintaining active membership of various security organizations such as DefCon, HTCIA, ISC2 and EC-Council.

Nick Baker has over 10 years in cybersecurity. Prior to Polito, Nick spent 20 years as a Signal Warrant Officer in the U.S. Army. He performed over 10 years in the cybersecurity field with a heavy focus in computer network defense by providing expertise for the proper employment, support, and defense of strategic and tactical information networks, systems, and services in operations supporting the Army’s cyberspace domain. Nick’s other 10 years was providing IT support, operations, and functions. I hold multiple credentials including SANS, CompTIA and ICS2.

Obsidian Forensics Lead

Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

Ricky Banda is a 28 year old SOC Incident Response Manager for ARM Semiconductors Ltd. He began his career at 16 as an intern with the United States Air Force working in the 33d Network Warfare Squadron at Lackland Airforce Base. He has worked in security operations for 12 years. In education, he is a SANS Graduate student and has 18 certifications, as well as a bachelor's in cybersecurity. His primary focus in SecOps is to reduce SOC burnout and support security operations workers. When not working, he supports metal musicians and is an avid horror fan.

Ronny Thammasathiti (@ronnyt) started out as an aspiring concert pianist but later took a big switch to cyber security with Polito Inc in the past 4 years. His main role at the company is as a detection Engineer using Elasticsearch and developing tools and applications using his knowledge of Python language.

Ryan Kovar joined Splunk in 2014 and currently serves as a Distinguished Security Strategist and leader of SURGe, Splunk’s “Blue-collar for the Blue team” strategic security research arm. With over 20 years of experience as a security analyst, threat hunter, defender, and Unix plumber. Before joining Splunk, he worked at organizations like DARPA, US Navy, UK Home Office, and various public/private companies, always in a security practitioner or leader role. Ryan has an MSc in Cyber Security from the University of Westminster, more certifications than he remembers, and has an abject hatred of printers.

SamunoskeX is an Information Security Professional who works as part of a Security Operations Team and is also an Information Security instructor at a college. He is a Blue Team enthusiast and enjoys sharing all things Blue Team with the world.

SamunoskeX has attended DEFCON Events since DC26.

Sarthak(S4T4N) is a Security Engineer passionate about everything InfoSec. He is always looking for new topics to learn. Suffering from Volunteeristis. You can always find him working with conferences behind the curtains. Right now, He is struggling to write 100 words about himself because he is habitual to writing 50 words bios.

With over 5 years of experience protecting Banks and the financial sector against cyber threats, Saurabh Chaudhary is a renowned Security Researcher and a prominent speaker and trainer.
He is a published researcher with multiple research papers on malware, ransomware, and cyber espionage and has experience and expertise in cyber threat intelligence, Malware, YARA rules, DFIR, etc.

Sean is the CISO and Chief Paranoid of Yahoo. Before joining Yahoo 8 years ago, he spent time at Google and the NASA Office of Inspector General investigating cybercrime, where he focused on botnet, computer intrusion, and child exploitation cases.

Security Operations Leader from the "uber innovative" SF Bay Area (originally from Berlin) with 12y of security and 10y of infra experience. Currently defending a $2B publicly traded pharmaceutical company.
Security at scale is hard! And when everything is cobbled together with off-the-shelf software, it is almost impossible. Security teams always have everyone else's back and are absolutely allowed to fail.

Seongsu Park is a passionate researcher on malware researching, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to nation-state adversary attacks. He's mostly tracking high-skilled Korean-speaking threat actors. Now he is working in the Kaspersky Global Research and Analysis Team(GreAT) as a Lead security researcher and focuses on analyzing and tracking security threats in the APAC region.

Shawn is ex Incident Response consultant, SOC manager, and current Head of Incident Response at Yahoo!, a Paranoid by trade and title he has spent his career trying to find badness and protect users. Shawn has worked in or managed many SOC’s across both the government, private sector, and MSSP space. He loves to teach and talk DFIR/Operations, volunteer at conferences, host podcasts, including Positively Blue Team and The Paranoids Podcast, and help run the DeadPixelSec discord community which is his infosec home.

Sherrod DeGrippo is the Vice President of Threat Research and Detection for Proofpoint, Inc. She leads a worldwide malware research team to advance Proofpoint threat intelligence and keep organizations safe from cyberattacks. With more than 17 years of information security experience.

Stephanie is a security software engineer in the product security space. She is a volunteer on BTV's CTI team for Project Obsidian at DEF CON 30.

Over the last 6 years, Tanisha O’Donoghue has been on an upward climb in the Cyber Security Space. The Guyanese native resides in the Washington, DC area and works on the Information Security Compliance team at Tyler Technologies, assisting with policy management, audits, and risk management. Tanisha’s career experience has included incident response/recovery, vulnerability management, risk management, and compliance. She is the Director of Policy and Procedures at BlackGirlsHack, a nonprofit organization that provides resources, training, mentoring, and opportunities to black women to increase representation and diversity in the cyber security field.

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like phpRADmin, Nagios, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for Packt Publishing.

Tracy Z. Maleeff, aka InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held roles of Information Security Analyst at The New York Times Company and Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library & Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. Tracy publishes a daily InfoSec newsletter and OSINT blog at infosecsherpa.medium.com. Representin’ the Philly jawn.

Mentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant

zr0 is currently a Sr. Consultant on the IBM X-Force IR team leading both reactive and proactive DFIR engagements. In his spare time, z_r0 loves playing competitive tennis, and exploring new things to do in the city with his new wife!