44CON 2016 Speakers

Robert SchifreenRobert Schifreen

Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.


Daniel ComptonDaniel Compton Speaker Photo

Daniel Compton works as a principal security consultant at Info-Assure Ltd. He is a certified CREST/CHECK team leader in both Infrastructure and Applications. Daniel has a keen interest in testing networking devices and has released a number of popular pentesting scripts to assist and automate testing in this area. Daniel is the head of security research at Info-Assure and has discovered over 70 security advisories in applications and network security appliances to date.

Saumil Shahsaumil_headshot_soft

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

Will Schroeder Will Schroeder Speaker Photo

Will Schroeder  is a security researcher and red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more.

Steve Armstrong Steve-green-small

Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialised in the technical aspects of IT security from 1997 onward, and before retiring from active duty, he lead the RAF’s penetration and TEMPEST testing teams. He founded Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and both music and film labels worldwide.

When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in the high street, online gaming and music media. To relax Steve enjoys playing Battlefield and FPS games to loud music.

Graham Sutherland Graham Sutherland Speaker Photo

Graham is a pentester, electronics tinkerer, ex-developer, security researcher, reverse engineer, crypto enthusiast, promulgator of useless facts, vehement drunkard, and bacon aficionado. Can often be found scurrying towards a bar. One of his shoes is probably sentient.

Graham McKay

Graham leverages his 15 years of information security leadership experience to advise on appropriate security postures and resilience capabilities in line with risk appetite, focusing on business value.

GMcKay2With a blend of technical skills and business acumen, a deep knowledge of information law including privacy, data protection and information rights, Graham holds the certifications CIPP/E, CISM, CRISC, MBCI and PCIP in addition to being a qualified accountant. He has recently graduated from Northumbria University with an LLM in Information Rights Law and Practice where his dissertation on the application of data protection regulations in the cloud computing landscape including cross jurisdictional boundary challenges received a distinction.

Philippe Arteau 20150611_175309 (1)

Philippe is a security researcher working for GoSecure. He is the author of the Java static analysis tool Find Security Bugs. He is actively doing research to find new attack vectors and develop new tools. His experiences are both in the offensive and the defensive side, having the chance to do countless pentests and code reviews.

He has also built many plugins for Burp and ZAP proxy tools (Reissue Request Scripter, Retire.JS, PDF Viewer, CSP Auditor, etc.). He has discovered many vulnerabilities in popular software including Google Chrome, Dropbox, Paypal, RunKeeper and Jira.

Haroon Meer

Haroon Meer PicHaroon Meer is the founder of Thinkst, the company behind Canary. Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past decade (and a half) he has delivered research, talks, and keynotes at conferences around the world.

Rogan Dawes

Rogan is a senior researcher at SensePost and has been hacking since 1998, which,coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague’s frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years Rogan Dawes Speaker Photobuilding web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies; WebScarab.

In recent years, Rogan has turned his attentions towards hardware hacking; and these days many suspect him to be at least part cyborg. A good conversation starter is to ask him where he keeps his JTAG header.

Dominic White D.White speaker pic

Dominic works at SensePost and tweets as @singe.


Jacob Torrey Jacob Torrey Speaker Photo

Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.

Corsaire PortraitsKevin O’Reilly

Kevin O’Reilly is a Principal Consultant and Head of Threat at Context Information Security. He is responsible for leading threat research and malware analysis within Context’s Response department. He has been working in information security for over 12 years. Prior to joining Context, he was previously Research Developer at Corsaire, after beginning his career as Virus Researcher at Anti-Virus firm Sophos.


Olivier Bilodeau

Olivier Bilodeau is the head of Cybersecurity Research at GoSecure a consultancy firm specializing in cybersecurity services for the public and private sector.Olivier Bilodeau

With more than 10 years of infosec experience, Olivier worked on Unix servers, managed enterprise networks, wrote open source network access control software and recently worked as a Malware Researcher at ESET. He likes to reverse engineer everything that crosses his path, participate in information security capture-the-flag competitions, hack open source code and brew beer. He has spoken at various conferences (Defcon, Botconf, VirusBulletin, Derbycon, … ), used to lecture on information security at ETS University in Montreal, drives the NorthSec Hacker Jeopardy and co-organizes the MontreHack capture-the-flag training initiative. His primary research interests include reverse-engineering tools, Linux and/or embedded malware and honeypots.

You can  follow Olivier on twitter @obilodeau

Marc-Etienne M.LéveilléMarc-Etienne M Leveille

Marc-Étienne has been a malware researcher at ESET since 2012. He specializes in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. Lately, Marc-Étienne was mostly reverse engineering server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014.

Outside his day job, Marc-Étienne enjoys designing challenges for the NorthSec CTF competition. He is also a co-organiser of the MontréHack monthly event. He presented at multiple conferences including CSAW:Threads, CARO Workshop and
Linuxcon Europe. When he’s not one of the organizers, he loves participating in CTF competitions like a partying gentleman. Outside the cyberspace, Marc-Étienne plays the clarinet and reads comics. He tweets sporadically at @marc_etienne_.

Saumil Shah

saumil_headshot_softSaumil Shah, is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

Joe FitzPatrick

Joe-FitzPatrick-HeadshotJoe FitzPatrick has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences.

You can follow Joe on Twitter too @securelyfitz

Emil Tan

Emil started his career in infosec as a researcher at Singapore’s Defence Science National Laboratories, focusing primarily in the area of intrusion detection and deception. He was later appointed security administrator at a Security Ops Centre in the Ministry of Defence, Singapore. Emil then pursued his BSc Computer Science and MSc Information Security at Royal Holloway, University of London.Emil Tan

Emil is an active advocate in the infosec community. He founded Edgis, a special interest group, and is also a Chapter Member with The Honeynet Project. Apart from these commitments, he also actively gets himself involved in infosec groups and events such as BSides London, Null Singapore, etc.

Emil’s infosec foundation is highly technical, however he was also involved in other interdisciplinary studies during his university years, e.g. Political Science, Communication Science, Geospatial Theory, Psychology, etc. Emil now enjoys viewing the infosec world through this multi-disciplinary lens.

Rebekah Brown

Rebekah is the threat intelligence lead for Rapid7 where her responsibilities include program architecture, management, R.Brownanalysis and operations. Rebekah has spent over a decade in the intelligence community; her previous roles include NSA network warfare analyst, Operations chief of a United State Marine Corps cyber unit, and a Cyber Command training and exercise lead. She has helped develop threat intelligence programs at the federal, state, and local level as well as in the private sector and is a co-author for the SANS Cyber Threat Intelligence course.

Juan Perez-Etchegoyen

Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical applicationJuan Perez-Etchegoyen Speaker Photo security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host training at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.

Nahuel D. Sanchez

Nahuel D. Sanchez is a  security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack Nahuel Sanchez Speaker Photovectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporters of vulnerabilities in SAP products and is a frequent author of the publication “SAP Security In-Depth”. He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.

Azhar DesaiAzhar Desai Speaker Photo

Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).

Nicholas Rohrbeck

Nicholas Rohrbeck Speaker PhotoNick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.



Ian Trump

Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical security resource as required. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers.Ian Trump 2

From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. His previous contract was managing all IT projects for the Canadian Museum of Human Rights (CMHR). CMHR is the first museum solely dedicated to the evolution, celebration and future of human rights – it is the first national museum to be built in nearly half a century, and the first outside the National Capital Region.

Currently, Ian is the Global Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world wide.

Evan Booth 

Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity’s sake.evan_booth

Throughout 2013 and into 2014, in an effort to highlight hypocrisy and “security theater” brought about by the TSA, through a research project called “Terminal Cornucopia,” Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-triggered incendiary suitcases—all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint.

Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named “Steve” who live in the future.

Jerry Gamblin

Jerry Gamblin’s passion for security was ignited in 1989 when he hacked Oregon Trail to give himself the highest score in history in the world on his 3rd grade teacher’s Apple IIe.Jerry Gamblin pic

As a (mostly) grown up security evangelist and analyst, he has been featured on numerous blogs, podcasts and has spoken at security conferences around the world on keeping companies secure.

When he’s not helping companies be more secure, you can find him taking his son to swim lessons or learning how to solder.

You can read his latest thoughts at jerrygamblin.com.

Guanxing Wen

Guanxing Wen is a member of Pangu Team. His focus includes performing root-cause analysis, g-wengfuzzing and exploit development. Prior to joining Pangu, Wen worked as a security researcher of Venustech ADlab. He is actively involved in Bug Bounty Program, such as ZDI, Chrome VRP and is currently the top one bug contributor of IBB-Flash Bounty (@hhj4ck).