Bettina Haas
After studying computer science and engaging in IT, Bettina has continued to develop in the direction of cybersecurity for several years.
She has coordinated cybersecurity assessments and cybersecurity projects in a global organization, driving red teaming, penetration testing and process assessments at strategic and operational levels.
Bettina shows passion for breaking down gender barriers, promoting diversity, and serving as a coach for young professionals in the digital realm.
Desiree Sacher-Boldewin
Desiree Sacher-Boldewin is the Head of Operational IT Security at Finanz Informatik GmbH & Co. KG. She has been working in the cyber security industry for 20 years and spend the past years as a Manager at NVISO and Cyber Security Architect at Finanz Informatik before that. She focused her work on creating intelligent processes and workflows for IT security operations and she did this by utilizing all of her experience from various engineering and analyst positions held and publishing papers with her suggestions. From June 2022 to June 2024 she also was an elected board member of FIRST (the Forum of Incident Response and Security Teams) and she still is the liaison chair for the Special Interest Groups. These days she unifies all of her experience to be a manager. Desiree is also a certified GCIA Forensic Analyst, Network Forensic Analyst, Cyber Threat Intelligence Analyst and GIAC Penetration Tester. References to her work can be found on her GitHub on https://github.com/d3sre/ and she posts on Twitter as @d3sre, when she feels like she has something important to share.
Aled Jackson
Alexander
Alexander is a Principal Forensic Consultant at Truesec where he focuses on incident response, threat intelligence, and security research. Alexander spends most of his time providing incident response to companies that have suffered from a cyber attack. He has responded to several hundred complex incidents, including nation state-backed attacks and ransomware against global organizations. Alexander also performs offensive and forensic research, and is responsible for developing Truesec’s forensic tooling.
Alvaro Martinez
Alvaro Martinez holds a Bachelor of Engineering in Telecommunications and a Master’s degree in Information Security, graduated in 2018. After several years working as web developer, he decided to switch to his preferred area, cybersecurity, where he currently works at conducting vulnerability assessments and web penetration tests, integrating security tools into corporate environments and helping development teams to better understand and mitigate vulnerabilities in their applications.
Andrzej Olchawa
Offensive Security Engineer with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development. Holds a number of OffSec certifications, and has been credited with several CVEs.
https://x.com/0x4ndy https://linkedin.com/in/andrzejolchawa
Asger Strunk
Asger Strunk is a highly skilled IT security professional with a wealth of experience spanning over a decade. Throughout his career, Asger has been involved in both offensive and defensive security operations, working tirelessly to protect individuals and organizations from cyber threats. His expertise in incident response is second to none, and he has an unwavering commitment to ensuring his clients are protected at all times. Currently, Asger is employed full-time by a leading Swiss cyber security company, where he specializes in incident response and brings a level of expertise that is unmatched in the industry.
Benjamin Altmiks
Initially specializing in cyber security, I have devoted myself more and more to the field of machine learning in recent years. Last year, I combined the two for the first time and conducted research in the field of penetration testing using reinforcement learning. Now I am looking for new ways to integrate machine learning in the most diverse areas of cyber security.
Bjoern Trappe
Bjoern Trappe is one of the founders and managing directors of Laokoon Security, a company formed by a team of former offensive cybersecurity experts from the German armed forces and other security agencies. With a deep specialization in orchestrating and executing Red Team engagements, Bjoern leads his teams in comprehensive attack strategies that extend beyond IT-perimeter defenses to include physical security breaches. His work is driven by a commitment to exposing and addressing the full spectrum of organizational vulnerabilities.
Christian Bauer
Software engineer turned security engineer. Extensive expertise in cloud-native security, with hands-on experience across a wide range of security topics. From implementing security infrastructure and tooling all the way to security consulting.
Christian Kollee
Christian currently works as a Network Detection Engineer in the German finance sector. Previously, he worked as a forensic analyst and incident handler in international organizations and medium-sized German businesses. With more than ten years of experience in IT security, Christian knows the problems of all IT security types, from medium-sized companies to DAX30 corporations. Shortly, he will join a company doing Incident Response and Managed Detection & Response. Besides learning about new attacker tools and techniques, he tries desperately to reduce his ever-growing stack of articles and books in his spare time.
Daniel Feichter
Daniel Feichter, 38, is from Austria and goes by VirtualAllocEx on Twitter and other platforms. With a background in electronics and communications engineering, he began his career as a junior penetration tester in 2018. After discovering a passion for ethical hacking, he has remained dedicated to the field. In late 2021, he founded his own company, RedOps, to pursue a research-driven focus, particularly on EDRs. Since October 2024, Daniel has also been a member of the ARES Red Team at NVISO, working as a Red Team Operator.
He focuses on learning and researching in the area of Windows Internals, endpoint security, malware development, and reverse engineering. He enjoys sharing his findings through blog posts, conference talks, and workshops, contributing to the community at conferences such as DEFCON 30 (Adversary Village), DEFCON 31 (Red Team Village), SANS Hackfest, BSides Munich, MCTTP etc.
Outside of work, Daniel values spending time with family and friends, playing tennis and has practiced taekwondo consistently for over a decade.
Daniel Schwendner
Daniel Schwendner is a DevOps Engineer with a strong passion for Cyber Security. With a background in mobile application security and hardware security, he participates in bug bounty hunting and shares his security knowledge online.
David Gstir
David Gstir is an accomplished security researcher and software engineer with 15+ years of hands-on experience. He obtained a master’s degree in computer sciences from the University of Technology Graz, Austria where he specialized in IT security and cryptography. In his master’s thesis, he focused on analyzing attacks on AES, showcasing his expertise in this domain.
Throughout his career, David has been actively involved in security-related projects, successfully identifying vulnerabilities in various consumer and enterprise software. His extensive investigations encompass diverse areas such as password managers, Web3 solutions, embedded devices, and network security solutions.
In addition to his security expertise, David has a strong background in software engineering. He developed production-level software in a wide range of programming languages, and his contributions continue to be utilized today. He has particularly made contributions to open source software, playing a key role in introducing filesystem encryption and authentication to Linux’ UBIFS subsystem.
David Szili
David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture design, incident response, digital forensics, and software development. David has two master’s degrees, one in computer engineering and one in networks and telecommunication, and he has a bachelor’s degree in electrical engineering. He holds several IT security certifications, such as GSE, GSEC, GCFE, GCED, GCIA, GCIH, GCFR, GMON, GCTD, GCDA, GPEN, GNFA, GPYC, GMOB, GMLE, GAWN, CCSK, OSCP, OSWP, CAWASP, CRTP, BTL1, and CEH. He is also a certified instructor at SANS Institute, teaching FOR572: Advanced Network Forensics and FOR509: Enterprise Cloud Forensics and Incident Response, and he is the lead author of SANS DFIR NetWars. David regularly speaks at international conferences like BruCON, Hack.lu, Hacktivity, x33fcon, Nuit du Hack, BSides London, BSides Munich, BSides Stuttgart, BSidesLjubljana, BSidesBUD, BSides Luxembourg, Pass the SALT, Black Alps, Security Session, Future Soldier, SANS @Night Talks, Meetups, and he is a former member of the organizer team of the Security BSides Luxembourg conference.
Dawin Schmidt
Hey. I’m Dawin, yet another independent security researcher based in Munich. I’m interested in Android security, rock climbing and Drum and Bass music.
Firat Acar
Firat is a senior red teamer within NVISO. His specialties include the whole red team attack cycle, mainly the internal network and Active Directory part, as well as physically breaching company defenses.
Hagen Paul Pfeifer
Hagen Paul Pfeifer serves as the Chief Software Strategist at Rohde & Schwarz, where he plays a pivotal role in shaping the software strategy and driving technological innovation. With extensive experience in low-level programming, system architecture, embedded systems and cybersecurity, Hagen specializes in leveraging advanced tools and techniques to dissect and understand complex software behaviors.
Throughout his career, Hagen has made contributions to both the Linux kernel and the Internet Engineering Task Force (IETF). He has worked on multiple Linux subsystems, including networking and performance analysis, and has authored several Internet-Drafts within the IETF, focusing on routing and TCP performance enhancements.
Hagen holds a degree in Computer Science and continuously engages in research to stay at the forefront of technology. He can be reached at hagen@jauu.net for inquiries and collaborations.
For more details, you can refer to his GitHub profile.
Hans-Martin Muench
CEO of MOGWAI LABS, a small cyber security boutique.
Janosch Braukmann
Janosch Braukmann, ne Maier is a passionated entrepreneur, DevOps engineer and speaker. After his studies in Informatics and Educational Science he founded the start-up Crashtest Security. Janosch published his research on the border between computer science and psychology. He has been educating others on DevSecOps as a speaker on IT security and related topices for the last several years. Currently, Janosch is working as Team Lead System Engineering & Information Security Officer at ottonova.
Jennifer Janesko
Suffering from persistent earworms, Jenn works as an earthling cyber security and privacy governance manager by day. Her nights and weekends are littered with jogging, 3d printing, video-editing, music-making, hiking, AI exploring and TV-binging. She prefers to undertake difficult tasks with epic background music and perpetually seeks early-evening karaoke and jeans made for short-legged tall people.
Jonathan Prince
Jonathan is a senior consultant at NVISO GmbH, he has a wide range of interests within the information technology field including two areas at opposing ends of the (de)centralization scale - blockchain based distributed technologies and mainframe computing.
Klaus-E. Klingner
Klaus-E. Klingner is an accomplished information technology professional with expertise in web application development, IT security, and project leadership. With a career spanning over two decades, Klaus-E. Klingner has made significant contributions to renowned organizations such as Allianz and Brenntag.
Starting his journey in 1999 at Dresdner Bank, he quickly established himself as a pioneering web application developer. Following the acquisition of Dresdner Bank by Allianz in 2004, Klaus-E. Klingner seamlessly transitioned into his role within the organization. He played a key role in introducing UC4 and contributed to the success of the Lotus Notes Team. He later assumed the position of Divisional Security Officer for Digital Interaction, showcasing his passion for IT security.
Klaus-E. Klingner is a certified Web Application Penetration Tester, ISO27001 Implementer, and Data Privacy Specialist. In 2022, he built the threat prevention and management team at Brenntag, further solidifying his expertise in the field. Currently, he serves as the Information Security Officer at M.Asam GmbH.
Konstantin Weddige
Konstantin Weddige is a penetration tester and co-founder of Lutra Security. His focus is on application security, while his interests cover a wide range of topics in information security in general. He is motivated by the desire to help people understand cybersecurity risks and to make the Internet a safer place, one vulnerability at a time.
Lisi Hocke
Lisi found tech as her place to be in 2009 and has grown as a specialized generalist ever since. She’s passionate about the whole-team approach to holistic testing and quality and enjoys experimenting and learning continuously. Building great products that deliver value together with great people motivates her and lets her thrive. Security is a big part of this, and she’s enthusiastic about all things AppSec to help build more secure solutions. Having received a lot from communities, she’s paying it forward by sharing her stories and learning in public. She posts on Mastodon as @lisihocke@mastodon.social and blogs at www.lisihocke.com. In her free time, she plays indoor volleyball or delves into computer games and stories of all kinds.
Massimo Morello
Massimo is a passionate Cyber Security Analyst, currently working in the Deutsche Boerse Group (Eurex Clearing) as an Associate Information Security Specialist. Previously collaborating with Kemetmueller Information Security on vulnerabilities research, their trends, and how to efficiently face the storm. In addition, he was formerly employed at the European Central Bank as an IT Security Trainee, where he took care of Vulnerability Management as well. His approach in such a dynamic realm is complemented by a keen interest in Security Governance, IT Risk Management, and IT Compliance (especially with DORA and ISO 27001) in order to try to see the problems from a broader perspective. His paper “Regulatory Compliance Verification: A Privacy Preserving Approach” was presented last year at the CSNet 2023 (IEEE ComSoc) conference in Montreal. Two master’s degrees in Cyber Security (ouch!) with minor in Digital Innovation & Entrepreneurship, and a lot of thirst for knowledge, desire to share, and make together the Internet a safer place!
Michael Helwig
Michael is a cybersecurity strategist and expert working on a wide range of product and cybersecurity topics with a background in secure software development. He is the co-founder of a security consulting firm that helps clients across industries implement product security programs, adopt DevSecOps, and achieve compliance with various standards. He believes that people and communication are at least as important and effective in moving organizations forward as tools and technology.
Moritz Thomas
Moritz developed an interest in hacking computer programs & video games during his Bachelor’s computer science studies and soon acquired a distinguished set of skills in binary reverse-engineering. A few years later, he wrote his Master’s thesis about conceptualizing and implementing a modular proxy for IoT appliances at NVISO. Right after his studies, he decided to join NVISO and embark on a journey into (mostly) offensive IT security.
Today, he is a senior IT security consultant and red teamer at NVISO ARES (Adversarial Risk Emulation & Simulation) where he coordinates and participates in research & development efforts. When he isn’t infiltrating networks or exfiltrating data, he is typically knees deep in research and development, working on new techniques and tools in red teaming.
With more than 15 years of experience in programming, 5 years in binary reverse-engineering and three years in professional offensive IT security assessments, he feels like he is just getting started!
Richard Weinberger
Richard is co-founder of sigma star gmbh where he offers consulting services around Linux and IT security. Upstream he maintains various subsystems of the Linux kernel such as UserModeLinux and UBIFS. Beside of low level and security aspects of computers he enjoys growing lithops.
Sneha Rajguru
Sneha has been working in the field of information security for over a decade now, she has spoken and provided training at various international security conferences. Outside work, she likes to take small hikes in the alps, spends her time building the 75192 Millennium Falcon and is obsessed with Darth Vader.
Stephan Berger
Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.
Stuart McMurray
Stuart is a Lead Engineer on the Offensive Security team at Klarna, where he focuses on Red Teaming, Unix, and general Swiss Army knifery. He’s been on the offensive side of public and private sector security for upwards of a decade, during which time he’s been an operator and trainer and developed a small arsenal of public and private offensive tools.
Tomer Doitshman
Tomer is a security research team lead in Cato Research Labs at Cato Networks, with a keen interest in various aspects of cybersecurity, including reverse engineering, network protocol analysis, and detecting malicious traffic. Additionally, Tomer is enthusiastic about machine learning and thrives on tackling intricate challenges within this field. Presently, his main area of focus is network-based security research, where he endeavors to devise innovative approaches for detecting threats in corporate network settings.