Speakers – IT-DEFENSE 2019
Prof. Dr. Bernd Ankenbrand
Dr. Bernd Ankenbrand is professor at the University of Applied Sciences Wuerzburg-Schweinfurt, Germany. His international teaching- and research experiences include visiting research- und teaching positions at Witten/Herdecke University, Karlshochschule International University, the Sino German School of Governance in Nanjing, China, at the Northern Institute of Technology in Hamburg, Germany, at the Mads Clausen Institute, University of Southern Denmark and at the Social Cognition and Social Neuroscience Lab, Princeton University, USA.
In the private enterprise sector Arthur Andersen, PricewaterhouseCoopers und gexid are parts of his professional career. He is frequently invited as keynote speaker by corporations, associations and political institutions, including Deutsche Bank, Carmignac Gestion, C-Quadrat, Universal Investment, Private Banking Congress, Standard Life, AXA Group, Donner & Reuschel, etc.
Karla Burnett
Karla likes pulling systems apart and learning their ins and outs, before using that knowledge to her advantage. She got started in security when she reverse engineered a train ticketing system, moved on to competing in the Defcon CTF, and now works on defense at Stripe. Her day job is protecting users from themselves, so she's especially interested in security primitives that aren't vulnerable to human error. In her spare time she tinkers with networking, flies planes, and practices Australian Sign Language.
Clarence Chio
Clarence Chio is an engineer and entrepreneur who has given talks, workshops, and trainings on machine learning and security at DEF CON, BLACK HAT, RSA, and other security/software engineering conferences/meetups across more than a dozen countries. He is a co-author of the O'Reilly Book "Machine Learning & Security". He was previously a member of the security research team at Shape Security, a community speaker with Intel, and a security consultant for Oracle. Clarence advises a handful of startups on security data science, and is the founder and organizer of the “Data Mining for Cyber Security” meetup group, the largest gathering of security data scientists in the San Francisco Bay Area. He holds a B.S. and M.S. in Computer Science from Stanford University, specializing in data mining and artificial intelligence.
Roger Dingledine
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online.
Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS). Among his achievements,
Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.
Paula Januszkiewicz
Paula Januszkiewicz is a CEO and Founder of CQURE Inc. and CQURE Academy. She is also Enterprise Security MVP and a world class cybersecurity expert, consulting Customers all around the world. In 2017, she graduated from Harvard Business School. She has her heart and soul in the company, having deep belief that positive thinking is the key to success. Her quality-driven approach, extreme attention to details and conference speaking publicity have brought CQURE, at its early stage, to the never-ending world of hacks, forensics, data theft and other security challenges. Paula established CQURE in 2007 and since then she has continued to build the team’s professional image and cybersecurity skills, currently owning and managing CQURE departments in New York (US), Dubai (UAE) and Zug (Switzerland), additionally to headquarters in Warsaw (Poland). Since 2007 of CQURE Team’s exceptional quality and unique cybersecurity knowledge, experience and skills is in high demand on enterprise market.
Paula has 14 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences, including Microsoft Ignite (rated No 1 Speaker among 1100 speakers at a conference with 26000 attendees), RSA (in 2017 in San Francisco her session was one of the 5 hottest sessions), Black Hat, TechEd North America, TechEd Europe, TechEd Middle East, CyberCrime etc., where she is often rated as No 1 speaker. Her presentations gather thousands of people.
She also creates security awareness programs for various organizations, including awareness sessions for top management (telecoms, banks, government etc.). She is passionate about sharing her knowledge with others. In private, she enjoys working with her research team, converting the results of her findings to authored leading-edge trainings and tools used in practice in projects. She wrote a book about Threat Management Gateway and she’s currently working on the next one… so stay tuned for more. Recently, Paula has become a member of the Technical Advisory Board at Royal Bank of Scotland - helping to keep its security at the highest level possible!
She has access to a source code of Windows, an honor granted to just few people around the world! Paula is a type that suffers, when doing nothing – every year she takes over 215 flights to provide security services to international organizations.
Benjamin Kollenda
Benjamin Kollenda co-founded emproof in 2017 and has been the CTO since then, heading the development of innovative technologies to protect intellectual property in micro-controller software from industrial espionage and product piracy. Before that, he has been doing a doctorate at the Chair for Systems Security with Prof. Dr. Holz at Ruhr-University Bochum for three years.
His research focuses mainly on software attacks and how to defend them using different defense concepts on the application and operating system level. Benjamin’s interests are on low-level details of operating systems and processors; however, JavaScript-based attacks have already been part of his research as well. During his doctoral candidacy, his research focus was the analysis of CPU microcode of commercial processors, with the aim of improving existing defense mechanisms in the software field, identifying undocumented CPU features and developing new methods.
Philipp Koppe
Since 2017, Philipp Koppe has been the CEO of emproof, a startup he co-founded that provides innovative technologies to protect intellectual property in micro-controller software from industrial espionage and product piracy. Before that, he has been a doctoral candidate at the Chair for Systems Security with Prof. Dr. Holz at Ruhr-University Bochum for three years. His field of research involves code-reuse attacks as well as defense mechanisms on the application and operating system level. The focus is mostly on commercial-off-the-shelf binaries, so methods such as static and dynamic program analysis as well as reverse engineering are used. What is more, Philipp assesses the security of CPU firmware updates, analyzes x86-processor microcode encoding and implements applications in microcode.
Volker Kozok
Lieutenant Colonel Volker Kozok works as a technical officer in the legal department of the German Federal Ministry of Defence and is a proven cyber security expert. For more than 20 years, he has been working in various positions in the IT security of the German Armed Forces. In 2002, he planned and trained the Computer Emergency Response Team of the German Armed Forces.
He is a trained IT forensics expert and conducted the first training courses for computer forensics and incident management in the German Armed Forces.
He is a speaker at both national and international events, lecturing on cyber security and data protection topics, and he focuses on the “dark side of the Internet”, which includes the analysis of hacker attacks, cybercrime and social media attacks.
Since 2002, he has been leading the annual US study tour, where cyber security experts of the German Armed Forces and of the industry exchange views on cyber security with US offices and organizations in a 14-day trip in the United States.
At his annual confidential security conference, the international “Bulletproofhosting & Botnetkonferenz”, national and international representatives of the German Armed Forces, authorities, intelligence services, industry and the hacker scene exchange views on example cases, attacks and ways to react.
Marina Krotofil
Marina Krotofil is an Industrial Control Systems (ICS) Senior Security Engineer at a large chemical company. Marina spent almost a decade on offensive ICS security such as discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. Offensive security skills serve Marina well during incident responses and forensic investigations, ICS malware analysis and for engineering defenses. She previously worked as a Principal Analyst and Subject Matter Expert (SME) in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 20 academic papers and book chapters on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems. She can be found on Twitter under @marmusha.
Sean Metcalf
Sean Metcalf is founder of Trimarc (www.TrimarcSecurity.com) a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.
Jens Müller
Jens Müller is a doctoral candidate at the Chair for Network and Data Security at Ruhr-University Bochum. His research focus is in the fields of the Internet of Things (IoT) and applied IT security – he was recently involved in the “EFAIL” attack against S/MIME and OpenPGP. Jens is an experienced speaker at international IT security conferences (IEEE S&P, Black Hat USA) and freelance penetration tester. In his spare time, he develops open source software and hunts bug bounties.
Prof. Dr. Peter Nieschmidt
Professor Peter Nieschmidt studied Philosophy, Education and History in Tübingen and Munich. Following his doctorate, he worked, amongst other things, as an expert on fundamental issues regarding personnel policy at the central personnel department of Siemens AG, he was the Scientific Director at the Bundeswehr Institute of Social Sciences and headed the planning group at Universität der Bundeswehr in Munich. In 1976, he followed the call to Munich University of Applied Sciences and became Professor of Political Science. Since then he has been giving presentations and holding management workshops in numerous companies, institutions and universities and is today a recognized expert on work and leadership issues.
Marcus J. Ranum
Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is a pioneer in security technology who was one of the early innovators in firewall, VPN, and intrusion detection systems. Ranum has been involved in every level of operations of a security product business, from developer to founder and CEO of NFR. He holds numerous industry awards.
Dr. Jason Staggs
Dr. Jason Staggs is a Cyber Security Research Engineer and Adjunct Assistant Professor of Computer Science at The University of Tulsa. Best known for his hacking of exotic industrial control systems, Jason's research interests run the gamut and include critical infrastructure protection, telecommunications, penetration testing, network security, and digital forensics. Jason has spoken at national and international conferences, authored various peer-reviewed publications and lectured undergraduate and graduate level courses on a variety of cybersecurity topics. His expertise in digital forensics has enabled him to provide invaluable assistance to law enforcement agencies at the local, state and federal levels in order to solve high-profile cybercrimes. In his spare time, Jason enjoys reverse engineering proprietary network stacks in embedded devices and diving through ancient RFCs to demystify obscure network protocols. Jason attended graduate school at The University of Tulsa where he earned his MS and PhD degrees in Computer Science.
Starbug
Starbug studied microsystems technology and computer engineering in Berlin. Since receiving his degree in engineering, he has worked at different Fraunhofer Society institutes, for security companies and as a freelance consultant. He is currently involved in the Security in Telecommunications (SECT) working group, a cooperation between Telekom Innovation Laboratories and the TU-Berlin. Starbug has been dealing with overcoming biometric systems for more than 15 years now, recently demonstrated when hacking the iPhone fingerprint sensor. He also inspects the security of microchips, e.g. the access system based on MIFARE Classic or the LEGIC prime chip installed in the immobilizer.
Jayson E. Street
Jayson E. Street is an author of Dissecting the hack: series. Jayson is also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, UCON and at several other CONs and colleges on a variety of information security subjects. He is a highly carbonated speaker, who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are, please note he was chosen as one of Time’s persons of the year for 2006.
Stefan Strobel
CEO and Founder of cirosec GmbH
Stefan Strobel studied Medical Informatics at Heidelberg University and Intelligence Artificielle at LIA of the University of Savoie in Chambery, France.
Before and during his studies, he had already worked freelance for several IT companies. In 1995, he was one of the founders of Centaur Communication GmbH in Heilbronn, which was sold to the UK company Integralis in 1998, then became Articon-Integralis AG and later NTT Com Security.
At Centaur Communication GmbH, Stefan Strobel was responsible for successfully reorganizing the company to focus solely on IT security. He was the Head of Technology at IntegralisCentaur GmbH, and he designed and implemented some of the first and largest firewall environments used by multinational companies.
When the company was sold, he became Technical Development Director at IntegralisCentaur GmbH, and he was responsible for the selection and evaluation of new technologies and trends at Articon-Integralis AG.
Early in 2002, Stefan Strobel founded cirosec GmbH with some of his former colleagues, and he has been the company’s CEO ever since.
In addition to his regular work, he gives lectures at conferences on current IT security topics, trends, new technologies and security strategies, and he is responsible for the program of the IT-Defense Security Conference. Moreover, he has worked as a lecturer on IT security at different universities.
Stefan Strobel has more than 20 years of experience in consulting major companies with very high security requirements and in developing concepts and policies.
Moreover, he is the author of several technical books, which have been published in different languages, and he frequently publishes articles on IT security in specialist magazines.
Carsten Strotmann
Carsten Strotmann has been supporting customers with Unix and PC/Windows networks in Germany and abroad for more than 27 years. His specialties are Unix systems, DNS, DNSSEC and IPv6 security. He is a trainer in the field of DNS/DHCP/IPv6/Linux/Unix security for Internet Systems Consortium (ISC), Linuxhotel and Men & Mice. Carsten Strotmann supports customers in operating DNS/DNSSEC/DANE infrastructures at Sys4 AG in Munich, Germany. He also is the author of various articles on IT security topics in specialist magazines.
Mathy Vanhoef
Mathy Vanhoef is a postdoctoral researcher at the New York University campus in Abu Dhabi. He is most well-known for his KRACK attack against WPA2, and the RC4 NOMORE attack against RC4. His research interest is in wireless security, network protocols, applied cryptography, and software security in general. Currently his main research is about automatically discovering (logical) vulnerabilities in network protocol implementations.
Martin Vigo
Martin Vigo is a Product Security Lead and Researcher responsible for Mobile security, Identity and Authentication. He helps design secure systems and applications, conducts security reviews, penetration testing and generally helps keep "the cloud" secure. Martin is also involved in educating developers on security essentials and best practices.
Martin has presented several topics including breaking password managers, exploiting Apple's Facetime to create a spy program and mobile app development best practices. These were given at conferences such as DEF CON, Blackhat EU, Ekoparty, BSides Las Vegas, Kaspersky Security Analyst Summit and Shakacon.
Outside the office, Martin enjoys research, bug bounties and scuba diving.