Charles Givre recently joined JP Morgan Chase works as a data scientist and technical product manager in the cybersecurity and technology controls group. Prior to joining JP Morgan, Mr. Givre worked as a lead data scientist for Deutsche Bank. Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for seven years where he worked in the intersection of cyber security and data science. At Booz Allen, Mr. Givre worked on one of Booz Allen's largest analytic programs where he led data science efforts and worked to expand the role of data science in the program. Mr. Givre is passionate about teaching others data science and analytic skills and has taught data science classes all over the world at conferences, universities and for clients. Mr. Givre taught data science classes at BlackHat, the O'Reilly Security Conference, the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University. He is a sought-after speaker and has delivered presentations at major industry conferences such as Strata-Hadoop World, Open Data Science Conference and others. One of Mr. Givre's research interests is increasing the productivity of data science and analytic teams, and towards that end, he has been working extensively to promote the use of Apache Drill in security applications and is a committer and PMC Member for the Drill project. Mr. Givre teaches online classes for O'Reilly about Drill and Security Data Science and is a coauthor for the O'Reilly book Learning Apache Drill. Prior to joining Booz Allen, Mr. Givre, worked as a counterterrorism analyst at the Central Intelligence Agency for five years. Mr. Givre holds a Masters Degree in Middle Eastern Studies from Brandeis University, as well as a Bachelors of Science in Computer Science and a Bachelor's of Music both from the University of Arizona. He speaks French reasonably well, plays trombone, lives in Baltimore with his family and in his non-existant spare time, is restoring a classic British sports car. Mr. Givre blogs at thedataist.com and tweets @cgivre.
Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook. Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training. Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.
CTO and Co-Founder , Bridgecrew A tech-leader and open-source enthusiast based in Tel Aviv, Barak’s passion for software began at the age of 14. Starting with a BSc in Computer Science and MBA in IT, he went on to serve as tech lead of big data engineering at the IDF C4I & Cyber Security Directorate before making his mark and continued as data scientist and software architect at Fortscale and RSA Security. In 2019 Barak left RSA and joined the founding team of Bridgecrew, an innovative cloud security company as VP Engineering and CTO.
Matt Tesauro is currently rolling out AppSec automation at a major financial institution and is a founder of 10Security. He has over 20 years of Linux experience and 7 years of using Linux containers, primarily Docker. Prior work included the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 63 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.
Chetan Karande is a project leader for the OWASP Node.js Goat project and contributor to multiple open-source projects including Node.js core. He is the author of 'Securing Node Applications' (O’Reilly). He is a trainer on the O'Reilly Learning platform and has offered training at OWASP AppSec USA and Global OWASP AppSec conferences.
Rohit is an Associate Director with NotSoSecure, a Claranet Group company. He is a technology enthusiast with over 9+ years of experience in hacking anything that runs on binaries and is on the ground. He also delivers one of the bestselling classes by NotSoSecure titled 'Application Security for Developers' and ‘DevSecOps’. He has also trained and spoken at premier security conferences like Blackhat,OWASP AppSec and Nullcon. He is humbled to be part of the list of '50 Influential DevSecOps Professional - Peerlyst 2019'. He also loves to reverse engineer binaries and mobile applications and find and exploit vulnerabilities in them. He spends his free time learning new technologies,programming languages or maybe even tinkering with open source tools.
Morgan Roman works on the application security team at CoinBase. He started his career writing integration tests for web applications and APIs as a software development engineer in test. He is passionate about finding ways to automate security development and testing and make it part of the deployment process.
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
Anthony Webb is proud to have been a committed tech geek ever since first learning to code on a BBC Micro at around 6 years old. He has worked in Information Security specifically for the past 6 years and specialises in Cloud Security, Infrastructure Security, Penetration Testing and Red Teaming. Anthony works as an Associate Director with NotSoSecure and holds industry recognised accreditations including OSCP, QSTM/CTM, CREST CRT as well as a number of Cloud certifications including AWS Security – Specialty, Solutions Architect and Developer Associate. He is a trainer for a number of NotSoSecure’s hacking courses ranging from introductory through to advanced and specialist, and is a lead trainer for both the Advanced Infrastructure Hacking (AIH) and Hacking and Defending Cloud courses. Anthony has delivered training to large and small audiences at a number of conferences including Black Hat conferences globally, CPX360, BruCON, OWASP AppSec Day, as well as many smaller classroom and in-house groups and live web-based training delivery.
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. For more than 20 years, he has been involved in various projects as an architect, coach, and developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID Foundation, he is also enthusiastic to deal with all aspects of application security.
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. In his recent roles, he has been responsible for managing enterprises software assurance programs, with emphasis on governance, secure development practices, and security training. Before specializing in application security, John was active as a Java enterprise architect and Web application developer. In an earlier life, John had specialized in developing discrete-event simulations of large distributed systems, in a variety of languages - including the Java-based language (FreeSML) he developed as part of his doctoral research. John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, and is Co-Leader of the OWASP Application Security Curriculum Project.