AJ King
  • Challenges in Control Validation
Alison N
  • Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells
  • Obsidian REM: Phishing In The Morning: An Abundance of Samples!
Alissa Torres
  • Making Your SOC Suck Less
Andrew Krug

Andrew Krug is a Lead Security Advocate at Datadog specializing in Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders.

  • Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
Anton Ovrutsky

Anton is a BSides Toronto speaker, C3X volunteer, and an OSCE, OSCP, CISSP, CSSP certificate holder. Anton enjoys the defensive aspects of cybersecurity and loves logs and queries.

  • Hunting Malicious Office Macros
Apurv Singh Gautam

Apurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted several talks and seminars at conferences like SANS, Defcon, BSides, local security meetups, schools, and colleges. He loves volunteering with Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.

  • Practical Dark Web Hunting using Automated Scripts
Ashlee Benge
  • Heavyweights: Threat Hunting at Scale
aviditas
  • Obsidian: IR - Mise En Place for Investigations
  • Obsidian Live: Eating the Elephant 1 byte at a Time
  • Obsidian: IR - Final Reporting Made Exciting*
Ben Hughes

Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cybersecurity, IT, and law. He leads Polito Inc.'s commercial cybersecurity services including threat hunting, digital forensics and incident response (DFIR), penetration testing, red teaming, adversary emulation, and training. Prior to Polito, Ben worked on APT hunt teams at federal and commercial clients. He currently holds CISSP, GCFA, GWAPT, and endpoint security vendor certifications.

  • Ransomware ATT&CK and Defense
Carson Zimmerman

Carson Zimmerman has been working in cybersecurity for about 20 years. In his current role at Microsoft, he leads an investigations team responsible for defending the M365 platform and ecosystem. Previously at The MITRE Corporation, Carson specialized in cybersecurity operations center architecture, consulting, and engineering. In his early days at MITRE, Carson worked in roles ranging from CSOC tier 1 analysis, to secure systems design consulting, to vulnerability assessment. Carson recently co-wrote 11 Strategies of a World-Class Cybersecurity Operations Center, available at mitre.org/11Strategies.

  • Making Your SOC Suck Less
Cassandra Young (muteki)

Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. Additionally, as one of the directors of Blue Team Village, Cassandra works to bring free Blue Team talks, workshops and more to the broader security community.

  • Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
CerealKiller
  • Obsidian CTH: Sniffing Compromise: Hunting for Bloodhound
Ch33r10

Cybersecurity Analyst at a Fortune 500. DSc Cybersecurity, MBA IT Management, 8 x GIAC, and SANS Women’s Academy graduate.

  • The DFIR Report Homecoming Parade Panel
ChocolateCoat
  • Obsidian: IR - Mise En Place for Investigations
  • Obsidian Live: Eating the Elephant 1 byte at a Time
  • Obsidian: IR - It all starts here, scoping the incident
Connor Morley

Connor Morley is a senior security researcher at WithSecure. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a researcher and part time threat hunter he is experienced with traditional and ‘in the wild’ malicious actors’ behaviour.

  • Malicious memory techniques on Windows and how to spot them
CountZ3r0

Stuff goes here.

  • Obsidian: IR - Mise En Place for Investigations
  • Obsidian: IR - Final Reporting Made Exciting*
  • Obsidian Live: May We Have the OODA Loops?
Cyb3rHawk
  • Obsidian CTH: Hunting for Adversary's Schedule
Daniel Chen

DFIR consultant and penetration tester at Polito Inc. I investigated numerous ransomware incidents, hunted for adversaries, and assisted with red teaming.

  • Ransomware ATT&CK and Defense
Danny D. Henderson Jr (B4nd1t0)

With 14-years career in the U.S. public sector and 11 years with ICT, Danny now works at SecureWorks in Bucharest as an L3 SOC Analyst. His skillset includes digital forensics, threat intelligence, malware analysis, with small touch of Offensive Security. Outside of the Security field, Danny is working on a passion video game project as the Fearless Leader of the Sacred Star Team and is fond of fantasy tabletop games such as Dungeons and Dragons (D&D).

  • Obsidian Forensics: Using Chainsaw to Identify Malicious Activity
Dr. Meisam Eslahi

Meisam is a technical cybersecurity practitioner with solid expertise in providing strategies and technical directions, building new service/business lines, diverse teams, and capabilities. He has over 20 years of experience in information technology, with 16 years dedicated to cybersecurity in leadership and technical roles leading a wide range of services for multi-national clients mainly in Red Teaming, Threat Hunting, DFIR, Cyber Drill, Compromise Assessment, and Penetration Testing. He is also a security researcher [MITRE D3FEND contributor], blogger [cybermeisam.medium.com], mentor, and speaker in many global events and conferences such as Defcon, BSidesSG, and NASSCOM.

  • Threat Hunt Trilogy: A Beast in the Shadow!
Esther Matut

To be completed.

  • Ransomware ATT&CK and Defense
ExtremePaperClip

Digital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.

  • Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion
  • Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion
  • Obsidian Forensics: The Importance of Sysmon for Investigations
  • Obsidian CTH: The Logs are Gone?
Filipi Pires

I’ve been working as Security Researcher at Saporo, Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Coordinator team from DCG5511(DEFCON Group São Paulo-Brazil), International Speakers in Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, etc, I’ve been served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis-Fundamentals(HackerSec).

  • Malware Hunting - Discovering techniques in PDF malicious
Gilmar Esteves

Gilmar works with information security2006. He was a Marine in the Brazilian Navy, worked in large telecom and payments companies. He is currently Vice President of Information Security and coordinates some research fronts in addition to the day to day of Cyber.

  • Horusec - Brazilian SAST help World
ICSNick - Nicklas Keijser

Nicklas works as a Threat Research Analyst at the company Truesec, based in Stockholm/Sweden. Here he splits his time picking apart malware from threat actors and as a subject matter expert in Industrial Control System. Also a analyst contributor to The DFIR Report.

  • The DFIR Report Homecoming Parade Panel
Jackie Bow

A Jackie-of-all- trades, master of none, Jackie seems to be physically unable to stop returning to threat detection and response. Her 10 years in the industry have been spent in malware analysis, reverse engineering, and infrastructure and product security. She has been an analyst, engineer, and leader. Currently, she is focused on building out the threat detection and response program at Asana. She aspires to build teams that leave members better than they were found, technically AND mentally. She speaks and sometimes writes about burnout awareness and efforts to dismantle the gatekeeping of technical security roles.

  • Making Your SOC Suck Less
Jake Williams

Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Williams is an IANS Faculty Member and also works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

  • Challenges in Control Validation
Jamie Williams

Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).

  • The DFIR Report Homecoming Parade Panel
  • Heavyweights: Threat Hunting at Scale
Jess
  • Latest and Greatest in Incident Response
Joe Schottman

Joe Schottman has worn most hats in IT and Security, ranging from application development to DevOps to offensive and defensive security. The nexus of this experience is research into Web Shells. He's spoken and given training on topics such as Purple Teams, API security, Web Shells, Web Threat Hunting, and more at AppSec Village at DEF CON, OWASP Global, SANS Summits, various BSides, Circle City Con, and other events.

  • Web Shell Hunting
John Orleans

John Orleans is a group manager for security consulting at Avanade, where he helps heavily-regulated organizations design and implement secure cloud solutions. He has a background in finance, transportation, telecoms, and wireless. Prior to his career in information security, he was a professional chef and bartender. It’s rumored that John can be found traveling the country, riding perfectly reasonable bicycles unreasonably long distances.

  • Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
juju43
  • Obsidian: IR - OODA! An hour in incident responder life
  • Obsidian Live: May We Have the OODA Loops?
Justin Elze

Justin is currently serving as CTO/Hacker at TrustedSec and possess a background in red teaming, pentesting, and offensive research.

  • The DFIR Report Homecoming Parade Panel
Kimberly Mentzell
  • Take Your Security Skills From Good to Better to Best!
Kostas

Kostas is a security researcher with many years of experience in the field. Coming from a technical background in incident response, he specializes in intrusion analysis and threat hunting.

Kostas devotes most of his spare time to supporting the information security community by producing free threat intelligence reports as part of the DFIRReport effort, of which he is a member.

  • The DFIR Report Homecoming Parade Panel
Kristen Cotten

Kristen is a Cyber Threat Intelligence Analyst at SCYTHE. Prior to joining the herd she worked for the United States Department of the Army in various roles ranging from network and system administration to vulnerability management and cyber compliance. She has a penchant for solving technical puzzles, leaping from perfectly good airplanes (or cliffs), and finding the best local hole-in-the-wall restaurants. If you want to talk about foreign travel, sports nutrition, or why Episodes 4-6 are the only Star Wars movies that matter, she's your girl!

  • Challenges in Control Validation
l00sid

l00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.

  • Obsidian CTI: Generating Threat Intelligence from an Incident
  • Obsidian CTI: Operationalizing Threat Intelligence
Lauren Proehl

Lauren is currently the Sr Manager of Global Cyber Defense at Marsh McLennan… which is a wordy way of saying she manages CTI, Threat Hunting, Security Automation, and SOC things. When she isn’t in front of a screen, she is running long distances in the woods, cycling over gravel trails, or acquiring more cats in order to reach crazy cat lady status.

  • Latest and Greatest in Incident Response
LitMoose

Moose (aka Heather) is a benevolent Principal Incident Response consultant with CrowdStrike. Moose leads cases globally specializing in c-level grief counseling, eCrime stomping, forensic dumpster diving, attacker evictions, and long sessions staring deeply into logs, code, and config files.
Outside of IR, Moose is a mother of cats, fiddler, and lover of potatoes in all forms.

  • Latest and Greatest in Incident Response
Mark Morowczynski

Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was PFE supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He's spoken at various industry events such as Black Hat, Defcon Blue Team Village, Blue Team Con, GrayHat, several BSides, Microsoft Ignite, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor.

  • Improving security posture of MacOS and Linux with Azure AD
Matt Scheurer

Matt Scheurer is a show host for the ThreatReel Podcast, and also works as an Assistant Vice President of Computer Security and Incident Response in a large enterprise environment. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). He volunteers as a "Hacking is NOT a Crime" Advocate and as a technical mentor for the Women's Security Alliance (WomSA). Matt is a 2019 comSpark “Rising Tech Stars Award” winner, and has presented on numerous Information Security topics at many technology meetup groups and prominent Information Security conferences across the country.

  • Lend me your IR's!
Michael Epping

Michael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365.

  • Improving security posture of MacOS and Linux with Azure AD
Misstech

As part of Microsoft's customer facing Detection and Response Team (DART), I work as a cloud hunter and lead investigator, battling alongside our customers on the front lines of incident response. Our work often involves dealing with live incidents involving APT and nation state actors and hunting them is what brings me joy.

  • Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
nas_bench - Nasreddine Bencherchali

Avid learner, passionate about all things detection, malware, DFIR, and threat hunting.

  • The DFIR Report Homecoming Parade Panel
Neumann Lim (scsideath)

Neumann Lim is a manager at Deloitte where he leads the cyber detection and incident response teams. Prior to this role, Neumann spent years working with large enterprises and governments specializing in incident response.

With 15 years of infosec experience, he enjoys analyzing malware, reverse-engineering and vulnerability research. Neumann has been invited to share his thought leadership at conferences such as Grayhat Conf, Toronto CISO Summit and CCTX.

In his off time, Neumann participates in CTFs and mentors new students interested in infosec while maintaining active membership of various security organizations such as DefCon, HTCIA, ISC2 and EC-Council.

  • Take Your Security Skills From Good to Better to Best!
Nick Baker

Nick Baker has over 10 years in cybersecurity. Prior to Polito, Nick spent 20 years as a Signal Warrant Officer in the U.S. Army. He performed over 10 years in the cybersecurity field with a heavy focus in computer network defense by providing expertise for the proper employment, support, and defense of strategic and tactical information networks, systems, and services in operations supporting the Army’s cyberspace domain. Nick’s other 10 years was providing IT support, operations, and functions. I hold multiple credentials including SANS, CompTIA and ICS2.

  • Ransomware ATT&CK and Defense
nohackme

Mick Baccio fell in love with the idea of cybersecurity at nine years old after reading Neuromancer, thinking "I should do that."
After an alphabet soup of federal agencies and a stint as the first CISO of a POTUS campaign, he is currently a Global Security Advisor at SURGe. He is still trying to do 'that'.
Air Jordans, Thrunting, Puns. Not sure the order.

  • Heavyweights: Threat Hunting at Scale
Omenscan

Obsidian Forensics Lead

  • Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion
  • Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion
  • Obsidian Forensics: Creating a custom Velociraptor collector
  • Obsidian Forensics: Kill Chain 3 Endpoint Forensics Walkthrough
  • Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough
plug
  • Latest and Greatest in Incident Response
Ricky Banda

Ricky Banda is a 28 year old SOC Incident Response Manager for ARM Semiconductors Ltd. He began his career at 16 as an intern with the United States Air Force working in the 33d Network Warfare Squadron at Lackland Airforce Base. He has worked in security operations for 12 years. In education, he is a SANS Graduate student and has 18 certifications, as well as a bachelor's in cybersecurity. His primary focus in SecOps is to reduce SOC burnout and support security operations workers. When not working, he supports metal musicians and is an avid horror fan.

  • Take Your Security Skills From Good to Better to Best!
Ronny Thammasathiti

Ronny Thammasathiti (@ronnyt) started out as an aspiring concert pianist but later took a big switch to cyber security with Polito Inc in the past 4 years. His main role at the company is as a detection Engineer using Elasticsearch and developing tools and applications using his knowledge of Python language.

  • Ransomware ATT&CK and Defense
Ryan Kovar

Ryan Kovar joined Splunk in 2014 and currently serves as a Distinguished Security Strategist and leader of SURGe, Splunk’s “Blue-collar for the Blue team” strategic security research arm. With over 20 years of experience as a security analyst, threat hunter, defender, and Unix plumber. Before joining Splunk, he worked at organizations like DARPA, US Navy, UK Home Office, and various public/private companies, always in a security practitioner or leader role. Ryan has an MSc in Cyber Security from the University of Westminster, more certifications than he remembers, and has an abject hatred of printers.

  • Heavyweights: Threat Hunting at Scale
SamunoskeX
  • Obsidian CTH: Go Phish: Visualizing Basic Malice
Sarthak Taneja

Sarthak(S4T4N) is a Security Engineer passionate about everything InfoSec. He is always looking for new topics to learn. Suffering from Volunteeristis. You can always find him working with conferences behind the curtains. Right now, He is struggling to write 100 words about himself because he is habitual to writing 50 words bios.

  • Even my Dad is a Threat Modeler!
Saurabh Chaudhary

With over 5 years of experience protecting Banks and the financial sector against cyber threats, Saurabh Chaudhary is a renowned Security Researcher and a prominent speaker and trainer.
He is a published researcher with multiple research papers on malware, ransomware, and cyber espionage and has experience and expertise in cyber threat intelligence, Malware, YARA rules, DFIR, etc.

  • YARA Rules to Rule them All
Sean Zadig
  • Heavyweights: Threat Hunting at Scale
Sebastian Stein

Security Operations Leader from the "uber innovative" SF Bay Area (originally from Berlin) with 12y of security and 10y of infra experience. Currently defending a $2B publicly traded pharmaceutical company.
Security at scale is hard! And when everything is cobbled together with off-the-shelf software, it is almost impossible. Security teams always have everyone else's back and are absolutely allowed to fail.

  • Making Your SOC Suck Less
Seongsu Park

Seongsu Park is a passionate researcher on malware researching, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to nation-state adversary attacks. He's mostly tracking high-skilled Korean-speaking threat actors. Now he is working in the Kaspersky Global Research and Analysis Team(GreAT) as a Lead security researcher and focuses on analyzing and tracking security threats in the APAC region.

  • Attribution and Bias: My terrible mistakes in threat intelligence attribution
Shawn Thomas

Shawn is ex Incident Response consultant, SOC manager, and current Head of Incident Response at Yahoo!, a Paranoid by trade and title he has spent his career trying to find badness and protect users. Shawn has worked in or managed many SOC’s across both the government, private sector, and MSSP space. He loves to teach and talk DFIR/Operations, volunteer at conferences, host podcasts, including Positively Blue Team and The Paranoids Podcast, and help run the DeadPixelSec discord community which is his infosec home.

  • Making Your SOC Suck Less
Sherrod DeGrippo

Sherrod DeGrippo is the Vice President of Threat Research and Detection for Proofpoint, Inc. She leads a worldwide malware research team to advance Proofpoint threat intelligence and keep organizations safe from cyberattacks. With more than 17 years of information security experience.

  • Heavyweights: Threat Hunting at Scale
Stephanie G.

Stephanie is a security software engineer in the product security space. She is a volunteer on BTV's CTI team for Project Obsidian at DEF CON 30.

  • Obsidian CTI: Generating Threat Intelligence from an Incident
  • Obsidian CTI: Operationalizing Threat Intelligence
Tanisha O'Donoghue

Over the last 6 years, Tanisha O’Donoghue has been on an upward climb in the Cyber Security Space. The Guyanese native resides in the Washington, DC area and works on the Information Security Compliance team at Tyler Technologies, assisting with policy management, audits, and risk management. Tanisha’s career experience has included incident response/recovery, vulnerability management, risk management, and compliance. She is the Director of Policy and Procedures at BlackGirlsHack, a nonprofit organization that provides resources, training, mentoring, and opportunities to black women to increase representation and diversity in the cyber security field.

  • Take Your Security Skills From Good to Better to Best!
Toni de la Fuente

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like phpRADmin, Nagios, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for Packt Publishing.

  • Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
Tracy Z. Maleeff

Tracy Z. Maleeff, aka InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held roles of Information Security Analyst at The New York Times Company and Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library & Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. Tracy publishes a daily InfoSec newsletter and OSINT blog at infosecsherpa.medium.com. Representin’ the Philly jawn.

  • Take Your Security Skills From Good to Better to Best!
ttheveii0x

Mentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant

  • Obsidian CTI: Generating Threat Intelligence from an Incident
  • Obsidian CTI: Operationalizing Threat Intelligence
Wes Lambert
  • Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion
  • Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion
  • Obsidian Forensics: Creating a custom Velociraptor collector
zr0

zr0 is currently a Sr. Consultant on the IBM X-Force IR team leading both reactive and proactive DFIR engagements. In his spare time, z_r0 loves playing competitive tennis, and exploring new things to do in the city with his new wife!

  • Latest and Greatest in Incident Response