Meet the Speakers

Bettina Haas

After studying computer science and engaging in IT, Bettina has continued to develop in the direction of cybersecurity for several years.

She has coordinated cybersecurity assessments and cybersecurity projects in a global organization, driving red teaming, penetration testing and process assessments at strategic and operational levels.

Bettina shows passion for breaking down gender barriers, promoting diversity, and serving as a coach for young professionals in the digital realm.

 

Desiree Sacher-Boldewin

Desiree Sacher-Boldewin is the Head of Operational IT Security at Finanz Informatik GmbH & Co. KG. She has been working in the cyber security industry for 20 years and spend the past years as a Manager at NVISO and Cyber Security Architect at Finanz Informatik before that. She focused her work on creating intelligent processes and workflows for IT security operations and she did this by utilizing all of her experience from various engineering and analyst positions held and publishing papers with her suggestions. From June 2022 to June 2024 she also was an elected board member of FIRST (the Forum of Incident Response and Security Teams) and she still is the liaison chair for the Special Interest Groups. These days she unifies all of her experience to be a manager. Desiree is also a certified GCIA Forensic Analyst, Network Forensic Analyst, Cyber Threat Intelligence Analyst and GIAC Penetration Tester. References to her work can be found on her GitHub on https://github.com/d3sre/ and she posts on Twitter as @d3sre, when she feels like she has something important to share.

 

Aled Jackson

 

Alexander

Alexander is a Principal Forensic Consultant at Truesec where he focuses on incident response, threat intelligence, and security research. Alexander spends most of his time providing incident response to companies that have suffered from a cyber attack. He has responded to several hundred complex incidents, including nation state-backed attacks and ransomware against global organizations. Alexander also performs offensive and forensic research, and is responsible for developing Truesec’s forensic tooling.

 

Alvaro Martinez

Alvaro Martinez holds a Bachelor of Engineering in Telecommunications and a Master’s degree in Information Security, graduated in 2018. After several years working as web developer, he decided to switch to his preferred area, cybersecurity, where he currently works at conducting vulnerability assessments and web penetration tests, integrating security tools into corporate environments and helping development teams to better understand and mitigate vulnerabilities in their applications.

 

Andrzej Olchawa

Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development. Holds a number of OffSec certifications, and has been credited with several CVEs.

https://x.com/0x4ndy https://linkedin.com/in/andrzejolchawa

 

Asger Strunk

Asger Strunk is a highly skilled IT security professional with a wealth of experience spanning over a decade. Throughout his career, Asger has been involved in both offensive and defensive security operations, working tirelessly to protect individuals and organizations from cyber threats. His expertise in incident response is second to none, and he has an unwavering commitment to ensuring his clients are protected at all times. Currently, Asger is employed full-time by a leading Swiss cyber security company, where he specializes in incident response and brings a level of expertise that is unmatched in the industry.

 

Benjamin Altmiks

Initially specializing in cyber security, I have devoted myself more and more to the field of machine learning in recent years. Last year, I combined the two for the first time and conducted research in the field of penetration testing using reinforcement learning. Now I am looking for new ways to integrate machine learning in the most diverse areas of cyber security.

 

Björn Trappe

Björn Trappe is one of the founders and managing directors of Laokoon Security, a company formed by a team of former offensive cybersecurity experts from the German armed forces and other security agencies. With a deep specialization in orchestrating and executing Red Team engagements, Björn leads his teams in comprehensive attack strategies that extend beyond IT-perimeter defenses to include physical security breaches. His work is driven by a commitment to exposing and addressing the full spectrum of organizational vulnerabilities.

 

Christian Bauer

Software engineer turned security expert with over 10 years of experience. Extensive expertise in cloud-native security, with hands-on experience across a wide range of security topics. From implementing security infrastructure and tooling all the way to security consulting.

 

Christian Kollee

Christian currently works as a Network Detection Engineer in the German finance sector. Previously, he worked as a forensic analyst and incident handler in international organizations and medium-sized German businesses. With more than ten years of experience in IT security, Christian knows the problems of all IT security types, from medium-sized companies to DAX30 corporations. Shortly, he will join a company doing Incident Response and Managed Detection & Response. Besides learning about new attacker tools and techniques, he tries desperately to reduce his ever-growing stack of articles and books in his spare time.

 

Daniel Feichter

Daniel Feichter is 38 years old, from Austria, and goes by the pseudonym VirtualAllocEx on Twitter and elsewhere. He originally comes from a background in electronics and communications engineering, and started as a junior penetration tester in 2018. He found his purpose in ethical hacking and can’t imagine doing anything else since. At the end of 2021, he decided to start his own company called RedOps to live out his research spirit and focus even more on his main area of interest.

His focus is on continuing to learn about Windows Internals, endpoint security, malware development, and reverse engineering. He regularly shares his research in the form of blog posts, conference talks, and workshops. He has spoken and taught at conferences such as DEFCON 30 (Adversary Village), DEFCON 31 (Red Team Village), SANS Hackfest, BSides Munich, etc. When not in front of the computer, he enjoys spending time with his family and friends and has been practicing taekwondo regularly for more than ten years.

 

Daniel Schwendner

Daniel Schwendner is a DevOps Engineer with a strong passion for Cyber Security. With a background in mobile application security and hardware security, he participates in bug bounty hunting and shares his security knowledge online.

 

David Gstir

David Gstir is an accomplished security researcher and software engineer with 15+ years of hands-on experience. He obtained a master’s degree in computer sciences from the University of Technology Graz, Austria where he specialized in IT security and cryptography. In his master’s thesis, he focused on analyzing attacks on AES, showcasing his expertise in this domain.

Throughout his career, David has been actively involved in security-related projects, successfully identifying vulnerabilities in various consumer and enterprise software. His extensive investigations encompass diverse areas such as password managers, Web3 solutions, embedded devices, and network security solutions.

In addition to his security expertise, David has a strong background in software engineering. He developed production-level software in a wide range of programming languages, and his contributions continue to be utilized today. He has particularly made contributions to open source software, playing a key role in introducing filesystem encryption and authentication to Linux’ UBIFS subsystem.

 

David Szili

David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture design, incident response, digital forensics, and software development. David has two master’s degrees, one in computer engineering and one in networks and telecommunication, and he has a bachelor’s degree in electrical engineering. He holds several IT security certifications, such as GSE, GSEC, GCFE, GCED, GCIA, GCIH, GCFR, GMON, GCTD, GCDA, GPEN, GNFA, GPYC, GMOB, GMLE, GAWN, CCSK, OSCP, OSWP, CAWASP, CRTP, BTL1, and CEH. He is also a certified instructor at SANS Institute, teaching FOR572: Advanced Network Forensics and FOR509: Enterprise Cloud Forensics and Incident Response, and he is the lead author of SANS DFIR NetWars. David regularly speaks at international conferences like BruCON, Hack.lu, Hacktivity, x33fcon, Nuit du Hack, BSides London, BSides Munich, BSides Stuttgart, BSidesLjubljana, BSidesBUD, BSides Luxembourg, Pass the SALT, Black Alps, Security Session, Future Soldier, SANS @Night Talks, Meetups, and he is a former member of the organizer team of the Security BSides Luxembourg conference.

 

Denes Fodor

With over ten years of experience in cybersecurity and systems engineering, I work as a CSIRT Manager and IT Security Researcher at White Hat IT Security. In my free time, I always try to learn something new, fight with RE/PWN CTF challenges, and keep up with the latest cyber threats. In addition to this, I also write insightful posts about Cyber Threat Intelligence (CTI) and Digital Forensics and Incident Response (DFIR) topics, sharing my knowledge and experiences.

 

Firat Acar

Firat is a senior red teamer within NVISO. His specialties include the whole red team attack cycle, mainly the internal network and Active Directory part, as well as physically breaching company defenses.

 

Hagen Paul Pfeifer

Hagen Paul Pfeifer serves as the Chief Software Strategist at Rohde & Schwarz, where he plays a pivotal role in shaping the software strategy and driving technological innovation. With extensive experience in low-level programming, system architecture, embedded systems and cybersecurity, Hagen specializes in leveraging advanced tools and techniques to dissect and understand complex software behaviors.

Throughout his career, Hagen has made contributions to both the Linux kernel and the Internet Engineering Task Force (IETF). He has worked on multiple Linux subsystems, including networking and performance analysis, and has authored several Internet-Drafts within the IETF, focusing on routing and TCP performance enhancements.

Hagen holds a degree in Computer Science and continuously engages in research to stay at the forefront of technology. He can be reached at hagen@jauu.net for inquiries and collaborations.

For more details, you can refer to his GitHub profile.

 

Hans-Martin Muench

CEO of MOGWAI LABS, a small cyber security boutique.

 

Janosch Braukmann

Janosch Braukmann, ne Maier is a passionated entrepreneur, DevOps engineer and speaker. After his studies in Informatics and Educational Science he founded the start-up Crashtest Security. Janosch published his research on the border between computer science and psychology. He has been educating others on DevSecOps as a speaker on IT security and related topices for the last several years. Currently, Janosch is working as Team Lead System Engineering & Information Security Officer at ottonova.

 

Jonathan Prince

Jonathan is a senior consultant at NVISO GmbH, he has a wide range of interests within the information technology field including two areas at opposing ends of the (de)centralization scale - blockchain based distributed technologies and mainframe computing.

 

Klaus-E. Klingner

Klaus-E. Klingner is an accomplished information technology professional with expertise in web application development, IT security, and project leadership. With a career spanning over two decades, Klaus-E. Klingner has made significant contributions to renowned organizations such as Allianz and Brenntag.

Starting his journey in 1999 at Dresdner Bank, he quickly established himself as a pioneering web application developer. Following the acquisition of Dresdner Bank by Allianz in 2004, Klaus-E. Klingner seamlessly transitioned into his role within the organization. He played a key role in introducing UC4 and contributed to the success of the Lotus Notes Team. He later assumed the position of Divisional Security Officer for Digital Interaction, showcasing his passion for IT security.

Klaus-E. Klingner is a certified Web Application Penetration Tester, ISO27001 Implementer, and Data Privacy Specialist. In 2022, he built the threat prevention and management team at Brenntag, further solidifying his expertise in the field. Currently, he serves as the Information Security Officer at M.Asam GmbH.

 

Konstantin Weddige

Konstantin Weddige is a penetration tester and co-founder of Lutra Security. His focus is on application security, while his interests cover a wide range of topics in information security in general. He is motivated by the desire to help people understand cybersecurity risks and to make the Internet a safer place, one vulnerability at a time.

 

Lisi Hocke

Lisi found tech as her place to be in 2009 and has grown as a specialized generalist ever since. She’s passionate about the whole-team approach to holistic testing and quality and enjoys experimenting and learning continuously. Building great products that deliver value together with great people motivates her and lets her thrive. Security is a big part of this, and she’s enthusiastic about all things AppSec to help build more secure solutions. Having received a lot from communities, she’s paying it forward by sharing her stories and learning in public. She posts on Mastodon as @lisihocke@mastodon.social and blogs at www.lisihocke.com. In her free time, she plays indoor volleyball or delves into computer games and stories of all kinds.

 

Massimo Morello

Massimo is a passionate Cyber Security Analyst, currently collaborating with Kemetmueller Information Security on vulnerabilities research, their trends, and how to efficiently face the storm. Formerly employed at the European Central Bank, where he took care of vulnerability management as well, his approach in such a dynamic realm is complemented by a keen interest in GRC, to try to see the problems from a broader perspective. His paper “Regulatory Compliance Verification: A Privacy Preserving Approach” was presented last year at the CSNet 2023 (IEEE ComSoc) conference in Montreal. Two master’s degrees in Cyber Security (ouch!) with minor in Digital Innovation & Entrepreneurship, and a lot of thirst for knowledge, desire to share, and make together the Internet a safer place!

 

Michael Helwig

Michael is a cybersecurity strategist and expert working on a wide range of product and cybersecurity topics with a background in secure software development. He is the co-founder of a security consulting firm that helps clients across industries implement product security programs, adopt DevSecOps, and achieve compliance with various standards. He believes that people and communication are at least as important and effective in moving organizations forward as tools and technology.

 

Moritz Thomas

Moritz developed an interest in hacking computer programs & video games during his Bachelor’s computer science studies and soon acquired a distinguished set of skills in binary reverse-engineering. A few years later, he wrote his Master’s thesis about conceptualizing and implementing a modular proxy for IoT appliances at NVISO. Right after his studies, he decided to join NVISO and embark on a journey into (mostly) offensive IT security.

Today, he is a senior IT security consultant and red teamer at NVISO ARES (Adversarial Risk Emulation & Simulation) where he coordinates and participates in research & development efforts. When he isn’t infiltrating networks or exfiltrating data, he is typically knees deep in research and development, working on new techniques and tools in red teaming.

With more than 15 years of experience in programming, 5 years in binary reverse-engineering and three years in professional offensive IT security assessments, he feels like he is just getting started!

 

Richard Weinberger

Richard is co-founder of sigma star gmbh where he offers consulting services around Linux and IT security. Upstream he maintains various subsystems of the Linux kernel such as UserModeLinux and UBIFS. Beside of low level and security aspects of computers he enjoys growing lithops.

 

Stephan Berger

Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.

 

Stuart McMurray

Stuart is a Lead Engineer on the Offensive Security team at Klarna, where he focuses on Red Teaming, Unix, and general Swiss Army knifery. He’s been on the offensive side of public and private sector security for upwards of a decade, during which time he’s been an operator and trainer and developed a small arsenal of public and private offensive tools.

 

Tomer Doitshman

Tomer is a security research team lead in Cato Research Labs at Cato Networks, with a keen interest in various aspects of cybersecurity, including reverse engineering, network protocol analysis, and detecting malicious traffic. Additionally, Tomer is enthusiastic about machine learning and thrives on tackling intricate challenges within this field. Presently, his main area of focus is network-based security research, where he endeavors to devise innovative approaches for detecting threats in corporate network settings.

 

stulle123

Hey. I’m Dawin, yet another security researcher.