Talk Schedule - Talk Lineup - Speaker Bios
Evan Anderson
Talk: Beyond The Exploit: Breach From The Attacker’s Point of View
Evan Anderson, founder of Offensive Context, has more than 20 years of experience in offensive security including red teaming, vulnerability research and exploit development. Prior to founding Offensive Context, he was on the founding team at Randori (acquired by IBM), where he built the Attack Surface Management (ASM) and Continuous Automated Red Team (CART) platforms while running the Hacker Operation Center (HOC). Prior to co-founding Randori, he worked at Kyrus Technologies, a boutique security consulting firm supporting commercial and federal projects. With a career focus on offense and sharing knowledge, Evan is also a founding member of the National Collegiate Cyber Defense Competition (NCCDC) Red Team which has been focused on emulating state of the art malicious activities since 2008.
Florian Doumenc
Talk: Rethinking Segmentation: Why VLANs Fail In Critical Infrastructure Networks
Florian Doumenc is the CEO of Trout Software. He holds a cybersecurity degree from Harvard and previously worked as a Security Engineer at Google. He is a Certified CMMC Registered Practitioner with a focus on secure network architectures for industrial and defense systems. His current work involves implementing zero-trust segmentation across multi-vendor OT environments.
Rhys Evans
Talk: Red Team Vs. Sidecar: Threat Modeling The Credential Injection Pipeline
Rhys Evans is Director of Engineering for the Edge team at Aembit, where he leads development of credential injection infrastructure that eliminates static secrets through cryptographic identity verification. His team’s components deploy across Kubernetes, serverless, and traditional environments, and have undergone extensive red team testing by external security vendors and major cloud platforms. Rhys’s career reflects a passion for safety within technology, progressing from privacy to security through roles as founding engineer and Director at TerraTrue’s privacy SaaS platform, Principal Software Engineer at OpenText, and 18 years architecting secure systems. This privacy-first perspective brings unique insight to workload identity management challenges.
Clement Fung
Talk: Adopting AI To Protect Industrial Control Systems: Assessing Challenges and Opportunities From The Operators’ Perspective
Talk: Attributions for ML-Based ICS Anomaly Detection: From Theory To Practice
Hussien AbdelRaouf Khaled
Talk: Empowering AI-Driven Healthcare With Secure, Decentralized, and Privacy-Enhancing Adaptive Intelligence
David Kovar
Talk: Cyber First Aid and Self Healing Systems
David Kovar is the founder and CEO of URSA. David led Ernst and Young’s U.S. digital forensics and cyber security response program from 2012 to 2015. He founded the practice of UAV forensics in 2015 and is a recognized innovator, author, and thought leader in the field. David has a Master’s Degree in International Relations from The Fletcher School at Tufts University. He is a Director for the National Association For Search And Rescue, a CUAS analyst for Delaware Emergency Management Agency, and a private sector partner for New Hampshire’s Information and Analysis Center.
Aayush Kumar
Talk: An Adversarial Loop For Robust Phishing Detection In Critical Infrastructure Email Systems
Aayush Kumar is an M.S. candidate at UIC specializing in adversarial machine learning for cybersecurity. He previously built LLM-based detection pipelines at Zscaler and authored papers on late-exit inference for energy-efficient neural networks. His work bridges academic rigor and operational deployments in enterprise and critical-infrastructure environments.
Andrew McCormick
Talk: Hardware Identity Is Hard: Securing Edge & AI Agents With Open Standards
Andrew McCormick is a principal solutions architect at Aembit. He helps organizations secure non-human identities at scale. Before this, he spent nearly 10 years at Starbucks leading efforts in cybersecurity and infrastructure, including securing 100,000+ devices and building a zero-trust model for retail. He speaks regularly at industry events and contributes to working groups focused on identity and access best practices.
Jordan Moore
Talk: Styx Emulator: Public Release and Future Roadmap
Jordan (lockbox) Moore started his career finding bugs in embedded and DSP targets. After a few back-to-back “tools from scratch” engagements he decided to make a change. He then started the Styx emulator to bring better tools to bug finding against these targets, and now is a full time software engineer helping support the people in the trenches. He enjoys tearing apart complex systems (in minecraft) and recently acquired a BGA rework station.
Pankaj Mouriya
Talk: Securing The Supply Chain With GitHub: Inside Kong’s Public Shared Actions Strategy
Pankaj Mouriya is a Senior Security Engineer at Kong, where he focuses on securing CI/CD pipelines, cloud infrastructure, and software supply chains. He has designed and implemented scalable security automation, enabling secure builds and distribution pipelines across modern DevOps environments.
Before Kong, Pankaj worked with fast-moving startups like DeepSource and InVideo, helping build security programs from the ground up. His technical expertise spans Kubernetes, cloud-native security, and container hardening.
Beyond work, Pankaj is an active contributor to the security community. As a core team member and community manager at null - The open security community, India’s largest security collective, he organizes and delivers technical talks, mentors practitioners, and publishes on topics like application and infrastructure security.
Pouria Rad
Talk: Mapping The Research Landscape - An Exploratory Analysis of AI Applications In Digital Forensics - Springerlink
Talk: From Seaweed To Security: Harnessing Alginate To Challenge IoT Fingerprint Authentication
Joshua Satterfield
Talk: Android Malware Obfuscation
Joshua Satterfield has 5+ years working in technology and has been blessed to have the opportunity to work with a wide variety of technologies including Software-Defined Radio, Windows software development, and now focusing on Mobile Malware Analysis. He has been a software developer for the majority of his career, playing CTFs and reverse engineering software in his free time until 2024 when he started doing reverse engineering full time.
Liliane Scarpari
Talk: Safeguarding Industrial Control In The Era of GenAI and Agentic Intelligence
Liliane Scarpari is a Senior Solution Engineer at Microsoft Security, specializing in enterprise security and compliance solutions. With a strong foundation in critical infrastructure cybersecurity, Liliane now focuses on helping organizations modernize their security posture through Microsoft’s integrated threat protection and data governance platforms. Her work bridges IT and OT environments, applying AI and machine learning to enhance threat detection, automate risk management, and drive secure-by-design principles across hybrid infrastructures. Liliane is recognized for her expertise in ICS-specific threats and her leadership in advancing secure AI adoption. She has presented security innovations at industry conferences, including an ICS/SCADA security event in Chicago in 2025.
Marc Schoenefeld
Talk: When Java Meets IoT: Challenges For Secure Operation
22 year record of CVE-classified bugs
- speaker and trainer at numerous conferences (Blackhat, CanSecWest, JavaOne, HackInTheBox, Xcon)
- published Scanapk and undx, by their release time valuable tools for Android reversing
- Google chrome hall of frame, F-Secure hall of fame
Random past non-security achievements:
- https://www.heise.de/select/ct/2016/3/1454567731519206
- worked on omg.org ““CORBA success story”” in banking, also presented at CSMR 2002 in Budapest
- wrote a S390 assembler exit for extended log analysis for MVS
- wrote a 68000 assembler screen blend library for Atari ST
Emily Soward
Talk: Stop Trading Security For Predictive Power: Retrofitting Diagnostic Capabilities For In-Place AI Systems In Electrical Grid Operational Technology (OT)
Emily is the Founder and Chief AI Officer of Applied Threat Intelligence Group. She has spoken in the U.S. and internationally on lessons from over 15 years in AI research, including at DEFCON and MITRE ATT&CKcon. She is notable for her courses on AI governance, risk management, operations, and security, and authorship on top AI frameworks for Amazon Web Services. Her contributions to HITRUST Alliance’s AI Working Group launched the first cybersecurity certification for AI systems. Emily’s work on AI systems in power and utility operational technology (OT) spans all three interconnects servicing the continental United States.
Alireza Taheritajar
Talk: Acoustic Side Channel Attack On Keyboards Based On Typing Patterns
Ymir Vigfusson
Talk: What Data Tells Us About How APTs Really Attack Critical Infrastructue
Ymir Vigfusson, PhD is the CTO and co-founder of Keystrike, a cybersecurity company born from his research as an Associate Professor of Computer Science at Emory University. A reformed hacker (whose teenage shenanigans included developing some of the first format-string exploits and coining the term “anti-security”) and systems builder (having co-developed the replacement algorithm, SIEVE, now used in modern large-scale caches), Ymir previously co-founded the penetration testing company Syndis (acquired in 2021) and cybersecurity education company Adversary (acquired in 2020). His research has been supported by the NSF (including an NSF CAREER award), the CDC, RANNIS, and others.