Appsec Experts

Parisa Tabriz

Parisa Tabriz

Director of Engineering, Google

Parisa Tabriz is a computer security expert who works for Google as a Director of Engineering. She has been called Google’s “Security Princess” due to her experience in hacking and internet security. She heads a team of 30 experts responsible for the security of Google Chrome.She is also responsible for training Google staff interested in moving into the internet security field. Tabriz co-founded the Our Security Advocates conference.

Dan Goodin

Dan Goodin

Security Editor, Ars Technica

Dan Goodin is Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. A journalist with more than 15 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelor’s Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley.

Mohit Kumar

Mohit Kumar

Founder & CEO, HackerNews

Entrepreneur, Cyber Security Researcher, Trainer, Infosec Journalist, Speaker, Traveller & Part-time Hacker. Mohit started THN as a dedicated Cybersecurity and Hacking News platform to educate people on how to use the Internet in the safest way. Founder & CEO — Attracting over 10 million monthly readers, ‘The Hacker News,’ has internationally been recognized as the leading, most trusted news source of hacking, cyber security & technology for the technologists & nerds.Co-Founder & Director — ‘The Hackers Conference,’ India’s first unique cyber security and hacking conference.

Mark Dowd

Mark Dowd

Co-founder & Director, Azimuth Security

Mark is a director and founder of Azimuth Security. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM’s Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark’s previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.

Pierluigi Paganini

Pierluigi Paganini

Chief Security Officer, CSE- CybeSec Enterprise SpA

Pierluigi Paganini is Chief Technology Officer at CSE – CybSec Enterprise SpA. He is a member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing, and a strong belief that security is founded on the information sharing lead Pierluigi to launch the security blog “Security Affairs” recently awarded as the Best European Personal Security Blog. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin.”

Michael Zalewski

Michael Zalewski

White-hat Hacker/ Former Google employee

Michał Zalewski, also known by the user name lcamtuf is a “white hat” hacker, computer security expert from Poland and a former Google Inc. employee. He has been a prolific vulnerability researcher and a frequent Bugtraq poster and has authored a number of programs for Unix-like operating systems.In 2005, Zalewski authored Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, a computer security book published by No Starch Press and subsequently translated into a number of languages. In 2011, Zalewski authored The Tangled Web: A Guide to Securing Modern Web Applications, also published by No Starch Press.For his continued research on browser security, he was named one of the 15 most influential people in security and among the 100 most influential people in IT. Zalewski was one of the original creators of Argante, a virtual open source operating system. Among other projects, he also created p0f and American fuzzy lop.

Aloria

Aloria

Security Engineer, Tumblr

Aloria is the Tumblr security engineer. She provides her followers all the tips of how to be secure on the internet. Previously she worked as Security engineer at Spotify and also APPSEC professor ay New York University.

Robin Wood

Robin Wood

Freelance security consultant and researcher, co-founder of SteelCon

A freelance security consultant specialising in web app testing. Having a background as a developer helped him see inside the apps during testing and explain problems to the development team afterwards. The author of a large number of open source tools and a regular contributor to various mailing lists and forums. His popular tools include the Wifi Pineapple, Pipal and CeWL. He is an Associate Lecturer at Sheffield Hallam University

Avram Marius Gabriel

Avram Marius Gabriel

Web App Penetration testing, Freelance security consultant

Avram Marius Gabriel, has gained the top spot on PayPal’s Wall of Fame as well as being recognised for responsibly disclosing security bugs in the websites of Facebook, Google, Evernote, eBay Inc., and Twitter. All of these discoveries have been made outside of working hours.

Wendy Nather

Wendy Nather

Director, Advisory CISOs, Duo security

Wendy Nather is Director of Advisory CISOs at Duo Security. She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Nather led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Nather is Co-Author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014.

Rich Mogull

Rich Mogull

Founder & VP of Products, DisruptOPS

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. Prior to founding DisruptOPS and Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator

Ashar Javed

Ashar Javed

pentester, Hyundai Autoever Europe Gmbh

Ashar Javed currently works on penetration testing, source code review, and mobile application vulnerability assessments at Hyundai AutoEver Europe GmbH (an IT service company for Hyundai & KIA Motors). He works alongside developers and external third-party application vendors in order to eliminate web vulnerabilities. He has spent three years as a security researcher for Ruhr-Universität Bochum, Germany.Ashar delivered talks at the main security events like Black Hat Europe 2014, Hack in the Box Kuala Lumpur 2013, OWASP Spain (2014, 2015), SAP product security conference 2015, International PHP Conference 2015, ISACA Ireland 2014, RSA Europe (OWASP Seminar) 2013 and DeepSec Austria (2013, 2014 & 2015).

Malik Mesellem

Malik Mesellem

CEO, IT Security Auditor & Penetration Tester, MME BVBAtw

Malik Mesellem is an IT security professional with over 15 years of experience. Malik has always had a passion for Ethical Hacking and Penetration Testing… obsessed with Windows and Web Application (in)Security. In 2010, he started his own company, MME BVBA. MME is specialized in IT Security Audits, User Awareness Campaigns, Vulnerability Assessments, Penetration Testing and Security Training. Malik gives master classes, lectures and workshops on conferences and for several institutions. Malik is an OWASP ZAP evangelist and used to be a mentor for the SANS Institute, mentoring the SANS ‘SEC560 – Network Penetration Testing and Ethical Hacking’ course. Malik is also the founder and developer of bWAPP. bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. It has 100.000+ downloads worldwide.

Dan Cornell

Dan Cornell

CTO, Denim Group Lts

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. Cornell is an active member of the development community and a sought-after Speaker on topics of web application security, speaking at international conferences including TEDx, RSA Security Conference, OWASP AppSec USA and EU and Black Hat Arsenal.

Marc Goodwin

Marc Goodwin

Staff Security Engineer, Mozilla

Marc Goodman is a New York Times best-selling author, global strategist and consultant focused on the profound change technology is having on security, business and international affairs. He is the Founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. He has built his expertise in international cybercrime and terrorism, working with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO and the U.S. Government. His professional experiences include working as a police officer, undercover investigator and counterterrorism strategist. Goodman’s best-selling book, Future Crimes, was selected as Amazon’s Best Business Book of 2015 and has been named one of the Washington Post’s Top Ten Best Books of 2015.