Steven Wierckx is a software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design, Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He is the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. Last year, he spoke at Hack in the Box Amsterdam, hosted a workshop at BruCON and delivered threat modeling trainings at OWASP AppSec USA and O’Reilly Security New York.
Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, and Red Teaming. In addition, he has been tapped as a resource speaker for numerous security conferences around the globe. He is the JampaSec Security Conference and the OWASP Paraiba Chapter founder, and a member of the CNCF Security TAG team.
Nick Nikiforakis is an Associate Professor at Stony Brook University working on web security and privacy. He leads the PragSec Lab, where his students conduct research in cyber security, with a focus on web security, web privacy, DNS security, attack-surface reduction, and deception-based security. He is the author of more than 70 peer-reviewed academic publications and his work is cited over 4,000 times. He is one of the pioneers in the space of browser fingerprinting, with more than 10 years of experience in detecting and defending against unwanted fingerprinting. His seminal work titled 'Cookieless monster - Exploring the ecosystem of web-based device fingerprinting' was the first study of the adoption of fingerprinting the wild and has been cited more than 500 times. All his work can be found on his [website](https://securitee.org)
Anirudh Anand is a security engineer with a primary focus on Web and Mobile Application Security. He is currently working as a Lead Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 8 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard. Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2021, 44con London, Appsec NZ, Hackfest Canada, c0c0n, Nullcon, Offzone Moscow, HITB etc.
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the 'Elevation of Privilege' game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Ben is the Head of Hacker Education at HackerOne by day, and a hacker and content creator by night. He has helped identify over 700 security vulnerabilities across hundreds of web and mobile applications for companies such as Verizon Media, Red Bull, Apple, Airbnb, Snapchat, The US Department of Defense, Lyft, and more. One of the world’s top ethical hackers, he has invested time back into the security community by creating a community of 1000+ active hackers and hosting international conferences dedicated to hacker education and collaboration. He has also held free workshops and trainings to teach others about security and web application hacking.
Nithin Jois dons two hats - Apart from being one of the lead trainers at AppSecEngineer, he is also a Senior Solutions Architect at We45 where he has helped build multiple solutions ranging from Vulnerability management to scalable scanner orchestrating systems that leveraged container technology to the hilt! Nithin also managed DevOps and deployments for some of these solutions, and for multiple clients, which gave him a lot of exposure to the cloud and helped understand multiple issues that are often faced in production and was involved in fixing some of those issues as well. Since 2018, Nithin has mostly been involved with research, development and building solutions around the training offerings and consults with organizations to help them implement DevSecOps successfully. Nithin has been a trainer and speaker at multiple industry-leading events including and not limited to OWASP Global AppSecUS, OWASP AppSecCali, CodeBlue Japan, SHACK aka. WhiskyCon and BlackHat-US/EU to name a few.
Ruben Ventura got involved in the fields of hacking and information security over 18 years ago. He has worked performing diverse security information services internationally for governments, law-enforcement agencies , many firms and a financial institution. He has been invited to speak at many international conferences such as Hack in Paris, Hackfest Quebec, BSides Philly, DragonJar Colombia, GreHack among many others. His interests include reverse engineering, music production, theoretical physics, molecular biology, psychology, meditation, lifting weights and coffee.
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the 'Elevation of Privilege' game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. He's currently leading the Software Assurance advisory practice at Datacom New Zealand, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. Before moving to application security, John was active as a Java enterprise architect and Web application developer. In an earlier life, John developed discrete-event simulations of large distributed systems, in a variety of languages - including the Java-based language (FreeSML) he developed as part of his doctoral research. John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, and is active on the OWASP Education and Training Committee.