Speaker Coaches

Ali Abbasi is a tenure-track faculty at CISPA Helmholtz Center for Information Security at Saarland University, Germany. Previously, he was a postdoc researcher at the Chair of System Security at Ruhr-University Bochum and completed his Ph.D. at the Eindhoven University of Technology. His research interests include embedded systems security, security of mission-critical real-time software, and secure space and automotive systems. He currently leads the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware. His academic research appears usually in conferences such as USENIX Security, NDSS, IEEE Security and Privacy. Besides his academic work, he often presents his research in industrial venues such as Black Hat, RECon, OffensiveCon, CanSecWest, CCC and S4.

Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. He also leads the OWASP No-Code/Low-Code Top 10 project and writes about it on DarkReading. Michael is a regular speaker at Black Hat, DEFCON, OWASP and BSides. You can find his DarkReading column at https://www.darkreading.com/author/michael-bargury and personal blog at https://mbgsec.com/

Daniel Cuthbert loves doing security research. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS) and sits on the UK Government Cybersecurity Advisory Board.

Shanna Daly has over 20 years’ experience across the information security industry. Shanna’s expertise has been called upon during countless data breach investigations, giving her an in-depth understanding of the security implementations that work, and the ones that don’t. Shanna continues to share her knowledge with the industry and has built and managed consulting teams of industry experts responding to all types of intrusions and breaches. Her experience across a wide range of information security domains gives her a unique perspective and a “think outside the box” attitude to securing organisations.

Mika Devonshire advises security go to market strategies for Google. She specialized in response and forensic investigations after spending her first career decade building or implementing controls, IAM apps, offensive capabilities, and loss ratio algorithms for insurance. Prior to Google, Mika served as Director of Strategic Development for the APAC based DFIR firm, Blackpanda, and was the founding responder in Hong Kong.

Mika holds a Masters in Digital Forensics from George Washington University, a Bachelors in Comparative Literature from Princeton University, a CISSP and GCFA among other certifications. She regularly engages with the infosec community as a speaker or speaker coach, and loves working with those seeking to pivot from non-technical fields. She is a guest lecturer at Northwestern Pritzker School of Law and a willing mentor.

John Dickson is CEO of Bytewhisper Security, a company which helps clients address risks associated with AI-generated software and software that uses AI. An internationally recognized cybersecurity consultant, serial entrepreneur, angel investor and civic leader, John has over 25 years hand-on experience advising Fortune 500, public, and military clients on cybersecurity risk. John was a Principal at Denim Group where he and his colleagues grew the company until Denim Group’s successful acquisition by Coalfire in June 2021. A former U.S. Air Force officer, Dickson served in the Air Force Information Warfare Center and was a member of the Air Force Computer Emergency Response Team. Since his transition to the commercial arena, he has played significant client-facing roles with companies such as Trident Data Systems, KPMG, SecureLogix Corporation, and Denim Group. John has been researching and speaking about the convergence of artificial intelligence and cybersecurity and its impact on organizations since 2018. He is a Distinguished Fellow of the International Systems Security Association and has been a Certified Information Systems Security Professional (CISSP) since 1998.

James Forshaw is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities, he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of two security books “Attacking Network Protocols” and "Windows Security Internals", both available from NoStarch Press.

Lidia Giuliano has been involved in the information security field for over 20 years working in the financial, defence, retail and health care sector. Lidia has an extensive background in security with a key focus on defensive and cloud security. She enjoys ensuring security is involved in every stage of an initiative and BAU lifecycle, finding new and repeatable ways of doing things, and solving complex problems. She holds a BAppSci (CS), MAppSci (IT), various security and cloud certifications, has spoken internationally and nationally and been published in various media.

She is involved as an active review board member for various conferences internationally and locally, involved in speaker coaching program for Black Hat USA and BSides Melbourne, AWSN mentoring program and enjoys being part of the InfoSec community to help others.

Lukasz Gogolkiewicz is a seasoned cyber security leader with 20 years of experience in the field. He currently heads Cyber Security at Accent Group Limited, a top retailer and distributor of footwear and apparel in Australia and New Zealand. In this role, he ensures the protection of sensitive information across various business systems, corporate systems, and IT infrastructure.

He has presented and run training at many conferences around the world, including Black Hat, BSides, ChristchurchCon, AusCERT, CrikeyCon and many others. He is one of the organisers of BSides Melbourne and TuskCon and also a director of the Australian Women in Security Network - an organisation aimed inspiring and mentoring women in the security community. He has served as an advisor of CREST and DroneSec, a cybersecurity and threat intelligence company focused on the security of drones and unmanned aerial systems (UAS).

Vitaly Kamluk is a cybersecurity researcher with 20+ years of work experience in the anti-malware industry. Previously he was a Principal Security Researcher and used to lead a cyber threat intelligence team in Asia-Pacific focusing on APT and targeted attack investigations. Vitaly spent 2 years working at INTERPOL Digital Crime Centre as a cybersecurity expert. In 2024, he founded TitanHex, a company focusing on threat intelligence, cybersecurity R&D, and targeted attack investigations. Vitaly participates in infosec mentorship initiatives, volunteers to deliver free talks for the next generation of researchers, and is one of Black Hat's speaker coaches. Over the years, he presented at many international security conferences including Black Hat, Defcon, Hitcon, BSides, Ruxcon, Sincon, FIRST, Botconf, AVTokyo and many others, as well as numerous invite-only events such as BTF, DCC, SAS, UE among others.

He is passionate about a broad set of cybersecurity topics including reverse engineering, malware analysis, cyberthreat intelligence, computer forensics, cryptography, privacy and hardware hacking.

Marina Krotofil is a cyber security professional with over a decade of hands-on experience in securing Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT). She managed and executed diverse technical projects around the world across a variety of industrial domains. She is also an experienced Red/Blue Teamer who researched numerous novel attack vectors, exploitation techniques, designed novel defence methods and led complex incident responses. Marina frequently collaborates with international organizations on the topics of critical infrastructure security, she is also a regular speaker at the leading conference stages worldwide and is a frequent reviewer of academic manuscripts and grant proposals. At Black Hat Marina leads Cyber-Physical Systems track. Marina holds MSc. in Telecommunications, MSc. in Information and Communication Systems and an MBA in Technology Management.

Anthony Cheuk Tung Lai works at VX Research Limited on malware investigation, incident response, and offensive security testing. He began hacking after playing Chroot wargame and Beist CTF, reading 2600, and China hacker magazines. He has spent the last 20 years working in the risk and security areas of MNCs in the financial industry.

Anthony is a hobbyist bug hunter and creator of CTF challenges who hacks for fun and belief. In addition to VXCON, which he founded and chairs, he also spoke at Black Hat, DEFCON, Secuinside, AVTokyo, Hack In the Box, HITCON, and DFRWS.

He earned his doctorate from HKUST, where he also worked in the cybersecurity lab and focused on malware and vulnerability research. His credentials additionally include SANS GREM (Gold), GXPN, GCIH, and Offsec OSEE.

Federico Maggi has more than a decade of research experience in the cybersecurity field and has worked on offensive and defensive projects in web applications, network protocols, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices.

Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review.

Currently employed as a Security Engineer at AWS with focus on server firmware and hardware, Federico has been a Research Expert in the Huawei AI4Sec Research team, and a Senior Researcher with Trend Micro. Previously, Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside from his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students.

Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences.

More info about Federico and his work is available online at maggi.cc

Dr. Pamela O'Shea is the head of Shea Information Security which provides security consulting, training and penetration testing services to some of Australia's most prominent tech companies. Pamela has a Ph.D. in computer science and has presented at security conferences including Black Hat Asia, BSides Canberra and OWASP. She has lectured at the Royal Melbourne Institute of Technology (RMIT) and is the founder of the haXX group which provides technical classroom training and mentorship to women starting out in the security field. Outside of consulting, teaching and research, Pamela enjoys HAM radio and satellite communications and runs the Melbourne CyberSpectrum meetup on Software Defined Radio (SDR).

Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP. social.anantshri.info/@anant

Vandana Verma is a seasoned security professional. She is a seasoned speaker / Trainer and presented at various public events ranging from Global OWASP AppSec events to Black Hat events to regional events like BSides events in India.

She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec and null. Vandana is a member of the Black Hat Asia and Europe Review Boards as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few.

She has been the recipient of multiple prestigious awards like Cyber Security Leader of the Year Award 2023 by BSides, the Resilient CISO award by Dynamic CISO, Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource, Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category "Secure Coder". She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

Phil Young, aka Soldier of FORTRAN, is a leading expert in mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, Black Hat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple open source projects including Nmap, Metasploit, and BREXX. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously. In addition to all this Philip is also the co-chair for a few conferences and currently works on a redteam.

Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and of the Computer Society, which has named him a Distinguished Visitor and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano also co-founded Secure Network, a leading cybersecurity assessment firm, and BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.