Program Committee

FIRST Cyber Threat Intelligence Webinar Series

  • Katie Nickels



    Katie Nickels is a Principal Intelligence Analyst with Red Canary as well as a SANS Instructor for FOR578: Cyber Threat Intelligence. She has worked in network defense, incident response and cyber threat intelligence for over a decade, including in her prior role as the Threat Intelligence Lead for the MITRE ATT&CK team. Nickels has shared her expertise with presentations at Black Hat, the FIRST CTI Symposium, SANS Summits and other events. She is also a Co-Chair of the SANS CTI Summit and the FIRST CTI Symposium. Nickels serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM.

  • Trey Darley

    Vice Chair

    Trey Darley is part of the team, where he serves as CTI Strategist. Trey also serves alongside Richard Struse as co-chair of the OASIS Cyber Threat Intelligence (CTI) Technical Committee responsible for STIX/TAXII. He's been working in infosec for years, including stints at NATO and Splunk's Security Practice, and more recently as Director of Standards Development at New Context. Trey's articles have been featured in publications such as IEEE Security and Privacy and USENIX ;login:. He has presented at a number of security conferences, including O'Reilly Security, BruCON, USENIX LISA, RSAC, and various FIRST events. Trey is the official liaison between OASIS and FIRST, a long-time member of the BruCON organizing committee, a member of the OASIS Technical Advisory Board, and a CISSP.

  • Thomas Schreck

    Munich University of Applied Sciences

    Board Liaison

    Thomas Schreck is a Professor for IT-Security at the Munich University of Applied Sciences. Prior he was a Principal Engineer for IT-Security at Siemens and the Head of Siemens CERT. He serves on the Board of Directors of Forum of Incident Response and Security Teams since 2015 and between 2017 and 2019 he was the Chairman of FIRST.

    He holds a PhD in Computer Engineering from the Friedrich Alexander University Erlangen-Nuremberg and a Diploma in Computer Science from the University of Applied Sciences Landshut.

  • Alex Pinto


    Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services. He is responsible for data science, analytics and machine learning capabilities of the Verizon Autonomous Threat Hunting product. He joined Verizon through the acquisition of Niddel, where Alex was Co-Founder and Chief Data Scientist. Alex has over 20 years of experience in build security solutions and products and the last 5 of those years have been solely dedicated to the application of machine learning in cybersecurity detection and threat hunting activities. He also holds multiple cybersecurity certifications, such as CISSP-ISSAP, CISA, CISM, and was previously PMP and PCI-QSA certified.

    He is an accomplished international speaker and thought leader, has presented various times at conferences such as Black Hat, DEFCON, RSA Conference and FIRST. His usual research subjects are machine learning applied to security, threat intelligence evaluation and metrics, and threat hunting automation.

    Before founding Niddel, Alex was a founder of Cipher Security, a global full-solution provider of Brazilian origin. He was born in Rio de Janeiro, but for a twist of fate can't play any soccer.

  • Alexandre Dulaunoy


    Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team.

  • Allison Wikoff

    Secureworks Counter Threat Unit (CTU)

    Allison Wikoff is a senior intelligence analyst and security researcher for the Secureworks Counter Threat Unit (CTU) research team with over 15 years of experience in incident response and threat intelligence. Allison performs focused research with the goal of creating countermeasures and strategic intelligence products for Secureworks clients. Specifically, Allison leads Secureworks research efforts around the cyber threat as it stems from Iran and is widely considered an industry expert on this topic, regularly representing Secureworks’ view of Iranian cyber activity in the media. She holds numerous industry certifications frequently guest lectures for several information security-focused graduate courses.

  • Andreas Sfakianakis

    Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional. Andreas is currently a CTI Analyst of Royal Dutch Shell based in Netherlands. He is also a member of European Network and Information Security Agency’s Threat Landscape Stakeholders’ Group and an external expert for ENISA and European Commission. He is a former CTI Analyst at Lloyds Banking Group and Network Information Security Expert at ENISA. He has more than 5 years of experience on Cyber Threat Intelligence field working and engaging with organizations from the banking and Oil & Gas sectors, European agencies, CERTs/CSIRTs, law-enforcement, intelligence professionals and researchers.

    Andreas has been the co-author of a number of reports, namely: WEF's Global Risks 2013: "Digital Wildfires in a Hyperconnected World", ENISA's Threat Landscape 2012, ENISA's report on "Exploring the opportunities and limitations of current Threat Intelligence Platforms". He has also participated in the reviewing of ENISA CERT exercises as well as in various research and innovation proposals for European Commission. Finally, Andreas has been the Editor-in-chief of the "Threat Intel Weekend Reads" newsletter for 3 years.

    Andreas' Twitter handle is @asfakian !

  • Denise Anderson


    Denise Anderson, MBA, is President of the National Health Information Sharing and Analysis Center (NH-ISAC), a non-profit organization dedicated to protecting the health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.

    Denise currently serves as Chair of the National Council of ISACs and participates in a number of industry groups and initiatives. In addition, she has served on the Board and as Officer and President of an international credit association, and has spoken at events all over the globe.

    Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for ten years.

    She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.

  • Éireann Leverett

    Concinnity Risks

    Éireann Leverett once found 10,000 vulnerable industrial systems on the internet.

    He then worked with Computer Emergency Response Teams around the world for cyber risk reduction.

    He likes teaching the basics, and learning the obscure.

    He continually studies computer science, cryptography, networks, information theory, economics, and magic history.

    He is also fascinated by zero knowledge proofs, firmware and malware reverse engineering, and complicated network effects such as Braess' and Jevon's Paradoxes. He has worked in quality assurance on software that runs the electric grid, penetration testing, and academia. He likes long binwalks by the hexdumps with his friends.

    Éireann Leverett is a regular speaker at computer security conferences such as FIRST, BlackHat, Defcon, Brucon,, RSA, and CCC; and also a regular speaker at insurance and risk conferences such as Society of Information Risk Analysts, Onshore Energy Conference, International Association of Engineering Insurers, International Risk Governance Council, and the Reinsurance Association of America. He has been featured by the BBC, The Washington Post, The Chicago Tribune, The Register, The Christian Science Monitor, Popular Mechanics, and Wired magazine.

    He was part of a multidisciplinary team that built the first cyber risk models for insurance with Cambridge University Centre for Risk Studies and RMS.

  • Francesco Bigarella

    ING Bank

    Francesco is a threat intelligence analyst at ING Bank. He started as forensic analyst and soon transitioned to the intelligence world. While learning the craft, he has been looking into way to support the bank intelligence program and ended up being a firm promoter of the STIX framework. He holds a masters degree in computer science from Leiden university.

  • James Chappell

    Digital Shadows

    James is the Co-Founder and Chief Innovation Officer at Digital Shadows. He has led teams in InfoSec and Cybersecurity since 1997, working across the private sector and government organizations helping them to understand the technical aspects of information security.

    James spent over ten years of his career as a security architect and deputy head of the Information Security profession at BAE Systems Detica; he previously worked at Nortel Networks in the United States. James has always been fascinated by innovative ways of counteracting the growth of crime and fraud in computer networks and developing effective ways of measuring and managing the security big picture. In 2011 this journey led to an exploration of digital footprints, and their impact on the security of the modern business. James is a regular speaker at technology events and cybersecurity conferences across the globe and is regularly quoted in the press.

  • Jesse Bowling

    Duke University

    Jesse Bowling is a security professional with 10 years in focused security roles, and another 8 years of systems administration and desktop support. He was worked his entire career in higher education, advancing the mission of a variety of schools including public, private, large and medium schools. With a couple stints in management over his career, he always finds his way back to direct technology work. Jesse is currently the Security Architect and CSIRT program manager at Duke University, which combines his love of creating new solutions and the thrill of incident response.

  • Krassimir Tzvetanov


    Krassimir Tzvetanov is a security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks.

    In the past he worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two missing critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications.

    Krassimir has established a couple of Threat Intelligence programs at past employers in the past and has been actively involved in the security community facilitating information exchange in large groups.

    Currently Krassimir is a co-chair and co-founder of the FIRST CTI SIG.

    Before retiring, he was a department lead for DefCon, and an organizer of the premier Bay Area security event BayThreat. In the past he was also an organizer of DC650 - a local Bay Area security meetup.

    Krassimir holds a Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.

  • Michael Schwartz


    Michael has nearly 20 years of experience in nearly all aspects of IT and then some. He began his career working Help Desk through High School and College and eventually turned that knowledge into his first full-time position with McKinley Associates in Ann Arbor, MI as a Support Specialist. Later he worked as a Systems Engineer and Field Support Engineer for government contractors. Michael eventually landed his dream job with the FBI as an Intelligence Analyst where he was involved in Counterterrorism and Cybersecurity matters. Michael returned to the public sector with Lookout as an Android malware reverse engineer and figures he has finally settled down in Minneapolis with Target as the Director of Threat Intelligence & Detection Engineering.

    Michael holds a BA in Political Science from the University of Michigan, an MS in Defense and Strategic Studies from Missouri State, and an MS in Computer Science of the University of Illinois – Springfield.

  • Ryusuke Masuoka


    Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories Limited in Toranomon, Tokyo, Japan, working on Cyber Security. He is also a part-time lecturer of Graduate School of Mathematical Sciences, the University of Tokyo in Japan. Since joining Fujitsu Laboratories Ltd. in 1988, he conducted research into neural networks, simulated annealing, and agent systems. Results from all of those research areas have led to products from Fujitsu. After moving to Fujitsu Laboratories of America, Inc. in March of 2001, he engaged in researches on pervasive/ubiquitous computing, Semantic Web, and bioinformatics, from which Task Computing resulted. Then he extended his research into Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things and Cyber Security, when he led a group of 15 PhDs (, contractors and interns) with annual budget of more than 6 Million USD. He also led numerous standard activities and collaborations with universities, national and private research institutes and startups. From the beginning of 2012, he started working on Anti Cyber Attack Solutions at Fujitsu Laboratories Limited. He joined the Center for International Public Policy Studies in July 2012 and studied Cyber Security Policy for two year. He is now with Fujitsu System Integration Laboratories Limited, working on Cyber Security. A top 1% and the #10 in Setagaya TripAdvisor reviewer.

  • Toni Gidwani


    Toni Gidwani leads analysts in Google's Threat Analysis Group, which combines threat intelligence, malware analysis and engineering of large-scale systems to protect against targeted threats. Prior to joining Google, Toni was the Director of Research at ThreatConnect, led analytic teams in the U.S. Department of Defense, and taught a graduate course on the private sector and cybersecurity at Georgetown University. You can follow her on Twitter @t_gidwani where she tweets about bad puns and information security.