Derrick is a corporate IT infrastructure professional, Cyber security hobbyist and motorcycle enthusiast, with more than a decade involved in the fields. When Derrick isn’t consulting for major firms in the San Francisco area, feeding his autodidact addiction, or working on independent projects, he can be briefly seen as a blur passing you on the highway.


@CaptnBanana enjoys reverse engineering and exploit development. He blogs regularly about these topics at his blog bananamafia.dev. Recently he got into the field of game hacking and is here to present his research. Also, @CaptnBanana is a red teamer and penetration tester at @codewhitesec. He likes bananas.

Apurv Singh Gautam (@ASG_Sc0rpi0n)

Apurv Singh Gautam is pursuing his Master's in Cybersecurity from Georgia Tech. He commenced work in Threat Intel/Hunting 2 years ago. Throughout his professional career, he worked on hunting threats from both clear web and dark web and is also involved in performing HUMINT on the d2web. He is very passionate about giving back to the community and has already conducted several talks and seminars in local security meetups, schools, and colleges. He loves volunteering with Cybrary and Station X to help students make their way in cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.

Asif Hameed Khan

Asif Hameed Khan is an independent OT/ICS Cybersecurity Researcher. He has an expertise in OT/ICS Cybersecurity, ISA 62443 Audit and Compliance, Cyber Threat Intelligence, Digital Forensics and Incident Response, Malware Analysis, and Honeypots. He published research papers in the field of Artificial Intelligence and Cryptography. He is currently exploring areas where concepts of Blockchain, Artificial Intelligence and Swarm Intelligence are applicable in Cybersecurity. He runs the platform namely OTISP- OT Threat Information Sharing Platform on LinkedIn, Github, and Twitter.

Bryson Bort

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is an R Street Senior Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. ‍

Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

Boik Su (@boik_su)

Boik Su is currently in CyCraft as a security researcher focusing on web security and threat hunting. He has received some awards from CTFs, been the speaker at various security conferences like [email protected], ROOTCON 13, OWASP Global AppSec - DC, AVTokyo, NanoSec, and others like OSCON and Taiwan Modern Web. He is also the lecturer at HITCON Training and National Center for Cyber Security Technology in Taiwan.

Bourbon Jean-Marie aka "kmkz"- @kmkz_security

Jean-Marie (kmkz) is an experimented Penetration tester and Red/Purple teamer that works now as a team leader in Luxembourg. His favorite part is post-exploitation, physical security and initial accessing in the most realistic condition that he consider as the most useful approach in term of security challenging human, processes, technologies etc.

He was speaker in "Nuit du Hack, Paris in 2011" , and more recently he presented talks in "Security Bsides, Dublin 2019", "Swiss CyberSecurity Day 2020" and other smaller event such as "JS meetup, Luxembourg 2019".

Chloé Messdaghi

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.Twitter: @ChloeMessdaghi

Ian Tabor

Network / security architect that has a passion for car hacking, found vulnerabilities in his own car and private Car bug bounties.

Now runs Car Hacking Village UK and is part of the team behind CHV at defcon.

Has created the nano-can pcb and software, which can allow potential car hackers to build a cheap OBD2 (<£10) car hacking device.

Jeswin Mathai

Jeswin Mathai (@jeswinmathai) is a Researcher at Pentester Academy and Attack Defense. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo labs (DEFCON). He has also been a co-trainer in classroom trainings conducted at HITB, RootCon, OWASP NZ Day. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security, and Web Application Security.

Jorge Orchilles

Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years. ‍

He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administrator’s Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When he’s not hacking, teaching, or writing, you’ll find him watching and playing soccer.

Junwei Song

JunWei is a Security Researcher from Taiwan. A paranoid Pythonista who focuses on cybersecurity, reverse engineering, and malware analysis. And as a PyCon Taiwan Program Committee, presented at DEFCON, HITB, ROOTCON, PyCon Europe/TW/KR/MY. He’s the co-founder of Quark-Engine and a security research group, TWBGC.

Kaustubh Padwad

Kaustubh is a Device security Assurance Manager at Reliance Jio Infocomm limited, his main work include Securing JIO’s Cutting Edge Enterprise, Consumer, and SMB(small,Medium,Big) business products. His main area of interest is Device security,Reverse engineering, discovering RCE,Priv-esc bugs in proprietary or close source devices. He was Null champion, He had deliver more than dozens of talk in null meet and he was champion for 3 years in null community. Also he is a speaker at Owasp SeaSide 2020,Some of his works are published in SecurityWeek, ExploitDB, 0day.today and have more than Dozens of CVE, Recently he was the winner of SCADA CTF @ nullcon 2019.

KunYu Chen

KunYu Chen is a security researcher at Telecom Technology Center, Taiwan. Since 2014, he has been engaged in honeynet system research and the automation of malware analysis. Also, he’s an open source activism who contributes to CPython, viper-framework and the founder of Quark-Engine and a security research group, TWBGC. He presented at HITCON CMT 101, PyCon Korea, PyCon Taiwan and COSCUP.

Mark Ian Secretario

Mark Christian Secretario is a security professional who has 8 years of experience who holds different positions throughout his career like Security Analyst, Incident Responder, and now working as Senior Penetration Tester. He is also the Founder of GuideM, a cybersecurity training provider in The Philippines that conducts real-world cybersecurity training and assessments. He also holds multiple offensive certifications including OSCP, OSCE, CRTP, CRTE, CRTO, CCNP, CFR & CCNA CyberOps. His interest is towards on offensive security, red teaming, exploit development, security architecture & purple teaming and likes to play different CTF such as Netwars.

Phillip Wylie

Phillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Dallas College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Dallas College in Dallas, TX. Phillip is a co-author of the soon to be published book based on his talk "Thee Pentester Blueprint." Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.

Project Nexus

Project Nexus is the Information Security Officer and Architect of Security & IT Compliance at a leading Financial Technology institution. When he isn't busy being a Bugcrowd Ambassador, Project Nexus's interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, automating deceptive incident responses, accelerating stories at conferences, and is the outlier in your risk model.

Renzon Cruz

Renzon Cruz, a Filipino security professional living in Doha who works as Sr. Security Consultant in a government and part of a national cybersecurity operations center. Prior to working to Doha, he works as Sr. Security Analyst & Incident Responder and was also a previous college instructor at New Era University, Philippines. He was also accepted to various international conferences as a speaker such as BSides Vancouver (2019), BSides London (2019) & BSides Doha just this year. He is also a co-founder, course developer and instructor of GuideM, a real-world cybersecurity training provider based in the Philippines. He also holds different certifications such as GCFE, GCIH, eCTHP, eCDFP, eJPT, CFR, ITIL, MCS, MCP. His interest is towards defensive strategy, threat hunting, digital forensics, and incident response, malware analysis and purple teaming.

Shail Patel

I am a security enthusiast, researcher, and an engineer by profession having been involved in the info-sec community since 2+ years now. I hold a master's degree in cybersecurity from the University of North Carolina at Charlotte and two industry certifications (AccessData Certified Examiner, CompTIA Security +). I have worked on numerous security concepts and frameworks, though my research interests include red teaming, malware analysis, digital forensics and automation.


a security engineer, currently a cyber threat analyst and RE in IR field of cyber incident management in Cyber Emergency Center of LAC/LACERT, Tokyo, Japan. For coding, I am a practical UNIX related coder, unixfreaxjp coded in some languages without flavors and he don’t like to do specific indentation. unixfreaxjp code environtment is on the shell, mostly on the VT100-base.

unixfreaxjp do programming in: Perl, Shell scripts, C, Python, Assembler or a bit of Ruby, with some web programming like: PHP, Java(+/-JavaScript), and also some VB/PowerShell etc. Currently unixfreaxjp on LUA, Cython and Go for DFIR/RE purpose.

Nishant Sharma (@wifisecguy)

leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has conducted classroom trainings in Blackhat USA, HITB Amsterdam/Singapore, RootCon, OWASP NZ Day. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village, and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, Linux security.

Vandana Verma Sehgal aka InfosecVandana

Vandana Verma Sehgal is a seasoned security professional with over a decade worth of experience ranging from application security to infrastructure and now dealing with DevSecOps. She is currently working as a Security Architect. Vandana is a global speaker and Women in Cyber Security Advocate. She received Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019. She recently received Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category "Secure Coder." She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe. She works with various communities (InfoSecGirls, OWASP, WoSec and null) and is passionate about increasing female participation in Infosec space. She has trained over 1000 Diversity Participants around the globe on Web Application Security. She was a keynote speaker at Owasp Global AppSec DC, 2019. She has spoken and trained at various conferences AppSec Europe, AppSec USA, NullCon, Security Guild 2019, BSides Delhi, c0c0n (Kerala Police Conference), Global AppSec Tel Aviv, and Black Hat US 2019. She is part of the crew for OWASP Seasides and BSides Delhi conferences. She also does CFP Reviews for AppSec Europe, Global AppSec Tel Aviv, Global AppSec DC and Grace Hopper US 2019 (Security/Privacy Review Track).