Abhay Bhargav , we45
Abhay Bhargav is the CTO of we45, an Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, including OWASP AppSecUSA 2016, OWASP AppSec EU 2017 and OWASP AppSec USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.
Eldar Marcussen , HackLabs
Eldar is a penetration tester and security researcher with HackLabs where he performs red teaming, and other pentests. He is also an assessor for CREST Australia. He has worked closely with bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers. In addition to finding vulnerabilities he contributes to and maintain several open source projects in his spare time aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.
Ken Johnson , Github
Ken Johnson, has been hacking web applications professionally for 10 years and given security training for 7 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.
Seth Law , Security Consultant
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth currently hosts the Absolute AppSec podcast with Ken Johnson and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.
Max Feldman , Slack
Max Feldman is a member of the Product Security team at Slack, where he works on the bug bounty program and performs security assessments of Slack features, as well as the development of security tools and automation. He was previously a member of the Product Security team at Salesforce.
Keith Hoodlet , Thermo Fisher Scientific
Keith Hoodlet is the Manager of Development Security Operations at Thermo Fisher Scientific, a global enterprise providing all-things-science-related to the world. In his free time, Keith hosts the Application Security Weekly podcast - while also hacking "all the things" as a a Top 100 Security Researcher on Bugcrowd, and building new web applications as a self-identified "Full-Stack Developer". Keith has spoken internationally on topics related to learning and development in the field of Application Security, and has trained others in the subject at well-regarded industry conferences.
Pieter Danhieux , Secure Code Warrior
Pieter Danhieux is the CEO of Secure Code Warrior. He is a globally recognised security expert, with over 12 years’ experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. In 2016, he was recognised as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
Scott Coulton , Puppet
Scott Coulton is a Principal Software Engineer and Docker captain with 10 years of experience in the managed services and hosting space. He has extensive experience in systems architecture and rolling out systems and network solutions for national and multinational companies with a wide variety of technologies, including AWS, Puppet, Docker, Cisco, VMware, Microsoft, and Linux. His design strengths are in cloud computing, automation and the security space.
Michael Gianarakis , Assetnote
Michael Gianarakis is the co-founder and CEO of Assetnote, a platform for continuous monitoring of your external attack surface. Michael has presented his mobile security research at various industry events and meetups including, DEF CON, BSides Las Vegas, Black Hat Asia, Thotcon, Rootcon, and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.
Lidia Giuliano , Real Estate Australia
Lidia Giuliano has 15 years’ experience in information security. Her professional and personal interests span multiple areas including SecOps, vulnerability management, malware defense, other defensive and open-source projects. She has presented internationally on many areas of information security, enjoys mentoring for FiTT and AWSN and is activity involved in the InfoSec community.
Jeff Thomas , Hivint
Jeff is a Security Specialist with over a decade of experience in IT and information security. He leverages his web application and development expertise to identify new and exciting ways to exploit application and logic flaws. Past security research includes remote hacking of drones. He holds multiple information security certifications including OSCE, OSCP, OSWP, and CISSP.
Vasant Kumar Chinnipilli , Shelde
Vasant works at Shelde as a security consultant and devsecops practitioner working towards securing code in a continuous deployment world. He has interests in penetration testing, vulnerability assessment, vulnerability management, securing cloud service. He also provides consulting services for companies ranging from startups to Fortune 100.
David Black , Atlassian
David is a security engineer at Atlassian where he breaks and fixes things. In his spare time he likes to *redacted* and *redacted*.
Rebecca Trapani , Assurance
Rebecca is a "white rabbit" hacker by day and a Python developer by night. She loves good looking code, poisonous plants and spending time dreaming up new security tools that eventually (someday) might get published. She also suffers from a chronic case of refactoring syndrome and checklist-itis. In Rebecca's post-hacker life she worked for SaaS providers trying to make information security and policy more accessible and fun, giving workshops on lock-picking and vulnerability management. If left unattended too long she will resume her Pavlovian-style training to get people to improve security practices.
Osama Elnaggar ,
Osama is an independent security consultant who works in areas of infrastructure security, application security, cloud security and general information security. Previously, he led information security and application security teams at a major telco. He is also a key contributor in a number of OWASP projects including the OWASP Top 10 2017 project, the OWASP Proactive Controls project and the OWASP ASVS project.
Brendan Seerup ,
Brendan is an Application Security Specialist in New Zealand. He loves helping teams with appsec, threat modeling and getting the most from penetration testing. He also leads a threat hunting group which discloses findings to New Zealand's CERT helping to make the internet in New Zealand a safer place. Outside of security, Brendan is studying fine wine, enjoys lock sport and is a fanatical comic & toy collector.
Topy A , Loop Secure
Hacker. Breaker. Lock Picker. Physical Security Enthusiast. HackHouse. @OzSecCon. Curious. IBM Z9 Owner. Topy has run Lockpicking events at several Australian conferences. Living in a warehouse dubbed "the Hack House" he disappears for days at a time lost amongst piles of computers cables and locks. Topy has lived and breathed the security industry for the past 15 years and loved it all.