Abhay Bhargav


Abhay Bhargav is the CTO of we45, an Application Security focused company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of Orchestron at a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automating security. This passion prompted him to author a now world renown DevSecOps training course that has been delivered in multiple locations, recently at OWASP AppSec USA 2016, OWASP AppSec EU and USA 2017. Abhay has also delivered a workshop on DevSecOps at DEFCON 25 and speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others. He will also be showcasing Threat-Modeling-as-Code and AppSec Automation Framework "ThreatPlaybook" at BlackHat USA 2018 as well as delivering a workshop at DEFCON 26 (2018).

Eldar Marcussen


Eldar is a penetration tester and security researcher with HackLabs where he performs red teaming, and other pentests. He is also an assessor for CREST Australia. He has worked closely with bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers. In addition to finding vulnerabilities he contributes to and maintain several open source projects in his spare time aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.

Ken Johnson


Ken Johnson, has been hacking web applications professionally for 10 years and given security training for 7 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.

Seth Law

Security Consultant

Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth currently hosts the Absolute AppSec podcast with Ken Johnson and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.