We have some great talks coming to BSides Melbourne in 2019. Take a look around and meet these awesome individuals.
2019 Lightning (15 mins) Talks
Rami TawilRami is a recent Cyber Security graduate from Edith Cowan University (ECU). He is currently conducting research on behalf of the Cyber Security CRC regarding multi-factor authentication. Rami takes a particular interest in digital forensics, social engineering, and penetration testing.
Presenting:
I Swiped Right on Your Metadata |
Asmaa MannasahebAsmaa is a 3rd year student at Monash University studying Bachelor of Information Technology. She has recently completed a placement in the cyber team at PwC. Her security journey has only started last year, so she's still learning a lot. She loves and enjoy doing a lot of things, such as reading, swimming, photography & more!
Presenting:
Are You Ready To Be Attacked? |
Bleep (Jo)Jo is new to industry and is a recent associate in the Offensive Security Services division of Loop Secure. When not struggling to write biographies (or getting her co-workers to write it for her), she spends her time learning the dark arts of the infosec realm, developing a range of red teaming skills and %FILLER_MATERIAL_HERE%. Hobbies include a keen interest in bilingual puns and SCADA/ICS environments.
Presenting:
Why Our Train System Sucks |
Aaron RobertsonAaron is a recently rehabilitated Uni student and a graduate un-hacker.
Presenting:
Why Blue Team is Best Team |
Cathy WengCathy is an aspiring cyber security professional.
|
Steph JensenSteph is a (relatively new) security consultant currently specialising in threat intelligence and threat hunting, with experience also in digital forensics and pentesting.
Obsessed with tinkering with and breaking all the things, Steph loves coming up with and learning about new ways to circumvent security controls and avoid detection. Presenting:
Making it Rain Android Shells - How 30,000 + Android devices are exposed to the internet and waiting to be compromised |
Matt DunwoodieWhen Matt isn't leaping over rainbows and saving injured pandas, he spends his time in front of computer screens. He is relatively new to the infosec industry, however has more than a foot in the door.
Matt takes a particular interest in low level development, reverse engineering and binary exploitation. |
2019 General Track Speakers
Kat FitzgeraldBased in Chicago and a natural creature of winter, you can typically find me sipping Casa Noble Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos against a barrage of attackers.
|
Osama ElnaggarOsama is an independent security consultant who works in areas of infrastructure security, application security, cloud security and general information security. Previously, he led information security and application security teams at a major telco. He is also a key contributor in a number of OWASP projects including the OWASP Top 10 2017 project, the OWASP Proactive Controls project and the OWASP ASVS project.
|
Patrick RobinsonPatrick has worked as a Systems Administrator/Engineer for 9 years, been attending Security Conferences for 13 and using Linux for 16. During this time he's worked for organisations large and small, worked with "Enterprise" and "Web Scale" deployments and knows it's just Turtles all the way down.
Presenting:
There Is No Security Team |
Ory SegalCTO & Co-Founder of PureSec, Ory is a world-renowned expert and veteran in application security with 20 years of experience. Prior to founding PureSec, Ory was Senior Director of Threat Research at Akamai. Together with his team he has dealt with security big-data covering more than 30% of all internet traffic, and gained expertise in big data analytics, machine learning, behavioral analysis and device fingerprinting.
Prior to Akamai, Ory worked at IBM as the Security Products Architect for the market leading solution IBM AppScan. Ory holds 20 patents, serves as an officer of the Web Application Security Consortium (WASC). He participated in many working groups such as SANS Top25, MITRE CWE & W3C WebAppSec Working Group. Ory published dozens of articles and his work was featured in the Wall Street Journal, Wired Magazine and Dark-Reading among others. Ory is a regular speaker at many events such as: Cybertech, RSAC, OWASP, Gartner Security Summit, Code-Blue, etc. Ory Holds a BA in CS. from the Open University of Israel. Presenting:
Serverless Security: Attackers & Defenders |
DushanDushan is an Australian based Security Engineer with a strong background in Linux, cloud computing, defensive security and low level systems.
He currently focuses on producing infrastructure patterns to empower teams to deliver more robust and secure software to the cloud, he's worked with (and found vulnerabilities in) major vendor tools and is often called upon to conduct vulnerability response and research. His additional interests include virtualisation, cryptography, networking, reverse engineering and motorcycles. Dushan has a strong passion for teaching and knowledge sharing, he has taught in the school of Computer Science at a large Australian University, actively mentors several junior engineers and runs a comprehensive training on Amazon Web Services that will soon be open sourced. |
Wei Chong TanWei Chong Tan is a security consultant.
Outside of his day job, he likes to spend time in researching security and system internals. His area of interest includes binary analysis and exploitation, reverse engineering, anti-malware evasion and machine learning. Presenting:
Wolf in Sheep Clothing |
David ClarkeDavid is the ISO Compliance & Security Officer for PageUp.
With over 13 years experience in IT, the last 5 in Cyber Security. He has worked in the Education, Financial and Software sectors across in-house, data center, SaaS and Cloud based environments. He is responsible for overall Information Security Management System implementation and it's continual uplift. He has a demonstrated history of continuous improvement across the people, process and technology domains of security. He was responsible for the development, eventual enactment and execution of PageUp's Security Incident Response plan during their 2018 Security Incident and hopes to share leanings, educate and inspire improvement across the wider Melbourne Security Community via the number of lessons learnt. |
Tennessee LeeuwenburgTennessee Leeuwenburg is Head of Secure Coding at the Australian Bureau of Meteorology. He has been involved in helping teams adopt static analysis and other continuous integration tools and processes, while maintaining efficient project delivery.
He has a keen interest in software quality, automation and good code. He has worked on a variety of projects including supercomputing applications and natural language generation. He has an interest in machine learning and loves learning new things. His dream job would be to win a lottery and then spend his time on moon-shot projects, going to conferences and supporting the community. |
Brendan SeerupBrendan is an Application Security Specialist who loves helping teams with secure development, threat modelling and being involved with the penetration testing of their applications.
Outside of Application Security Brendan leads a threat hunting group dedicated to finding and disclosing threats to NZ’s internet space to our CERT. Brendan spends his spare time slowly studying towards a masters of wine and reading comics in his blanket fort. Presenting:
What are we worried about? |
David GriceDavid is an information security practitioner, with a strong background in highly regulated financial institutions. He is actively working in cloud & DevOps environments; passionate about growing InfoSec talent.
|
CISO Panel
Samantha MacLeod (CISO AGL)Samantha is the CISO at AGL. She is an accomplished professional with more than 20 years’ experience supporting business strategies through technology enablement, risk management, security & governance.
Samantha is accountable for ensuring that Security practices are integrated into the organisation’s strategic and operational planning processes; she is responsible for Cybersecurity strategy at AGL. Samantha was previously the General Manager Cyber Security at ME, ensuring that the organisations digital assets, and customers’ information, are secure through appropriate technology use within the changing threat landscape. As an advocate of Women in IT and Women in Leadership, Samantha encourages others to develop their careers in technology and in Cyber security; Samantha is passionate about people, leadership and building security teams aligned to digital and innovative culture. |
Craig Templeton (CISO REA Group)Craig Templeton brings over 23 years’ experience in the security field, having worked for a variety of blue-chip organisations globally. With his no-nonsense approach, Craig is known for not conforming to traditional approaches to solving security problems.
A former winner of AISA’s Security Professional of the Year, Craig is a co-founder of the Security, Influence & Trust Group - an Australian Industry community committed to providing strategies for every-day people to protect themselves online. Craig sits on a number of advisory bodies and has association with research institutes in London, Canberra, Sydney and Melbourne and also participates in several cyber security start-up mentoring programmes including CyRise. Craig assumed the role of CISO at digital property marketing company, REA Group, in Feb 2017. |
Liam Connolly (CISO Seek)Liam Connolly is the CISO for SEEK ANZ and APAC regions, where he is responsible for all aspects of global cyber security. He has over 20 years of progressive information security experience in a wide range of disciplines, including strategic program development, incident response and forensic investigations, security operations, application security, threat intelligence, penetration testing, building multi-disciplinary teams, security training, and risk management.
Prior to coming to SEEK, Liam was the CISO at Zynga in San Francisco and has held additional security leadership roles that spanned multiple business sectors including HSBC, University of California, Berkeley, AT&T as well as teaching for the SANS Institute. Liam's expertise is in working with organisations to assess their information security risk posture to better understand their security-related risks and then designing, implementing and managing a security program, often from the ground-up, that is aligned to the organisations culture, vision and strategic business initiatives. What drives him most is a strong passion for helping others evaluate their current skills/interests across a wide variety of technical and real-world skills and then define approaches for achieving their professional development goals. He currently holds several industry related certifications including GCFA, GCIH, GSEC, GCIA, GREM, GCCC, GLEG, GNFA, GISP, CISSP, and CRISC among others. |
Catherine Buhler (Head of Security Alinta)Catherine Buhler is Alinta’s Head of Security and Risk and is responsible for ensuring appropriate cyber resilience programs are in place across critical infrastructure and sensitive information to counter cyber threats.
Prior to Alinta Catherine was the CISO at BlueScope and has held a variety of senior cybersecurity roles at Telstra, ANZ, CGU and GE delivering across the full spectrum of cyber including vulnerability services, secure coding, PCI DSS and ISO/IEC 27001 compliance and the implementation of security governance and program execution. Catherine is an accomplished cyber security and risk professional skilled in leading Board, executive and operational teams through their security and risk challenges. |
Julian Berton (Panel Moderator)Julian is an Application Security Engineer at SEEK, organiser of appsecday.io and a chapter lead of the OWASP Melbourne chapter. He also regularly gives talks aimed to educate security and technology professionals. A few recent presentations have been at NDC Sydney, TConf, DDD Melbourne, CrikeyCon, OWASP AppSec Day, OWASP Melbourne and Node.js meetups.
|