Program Committee

Ran JANET-CERT from 1999-2004; since then, regulatory issues affecting online services, including incident response; PC Chair 2019. Visited Montreal 1965 (see profile pic)

Baiba Kaškina is the general manager of CERT.LV, she has been leading the CSIRT team in Latvia since 2006. Before that Baiba was working for TERENA in the Netherlands and was TF-CSIRT Secretary from 2003- 2006. Since 2013 Baiba is the member of TF-CSIRT Steering Committee and since 2014 – the Chair of TF-CSIRT. Baiba has been a member of the TNC and FIRST conference programme committees as well as has participated in various working groups nationally and internationally.

Carlos was born in Lisbon (Portugal), and graduated in Computer Science at the University of Lisbon in 1999. He was a Systems Engineer at University of Lisbon from 1996 to 2000 -- with a short spell at FCCN, working for the Portuguese Schools' Network Team and ccTLD .PT.

Back to FCCN during 2000, he managed the Portuguese Internet Exchange (Gigapix) for 15 years, participating at Euro-IX (euro-ix.net), while also contributing to the Networking Team, responsible for AS1930's backbone.

Over the years Carlos has delivered IPv6 courses (around Europe and Portuguese speaking countries in Africa) and also some talks at TERENA Networking Conferences and RIPE meetings. He is also a co-author of several policy proposals.

Since late 2015 he moved into CyberSecurity, taking a leadership role at RCTS CERT, the Portuguese R&E Network's Computer Emergency Response Team.

From 2016 to 2018 he was the Chairman of the Portuguese CSIRT Network's General Assembly (redecsirt.pt). He was also LinhaAlerta's manager between 2016 and 2018, and represented the portuguese Hotline at the INHOPE Association (inhope.org).

He now usually attends FIRST, TF-CSIRT and RIPE meetings, mostly focusing on incident response and anti-abuse issues.

Mr. Christopher Butera serves as an Associate Director at the United States Cybersecurity and Infrastructure Agency (CISA). He leads the Threat Hunting subdivision which includes many of CISA's cyber defense operations including threat analysis, federal network detection, incident handling and response, and hunt teams. His previous role was the Deputy Director of the National Cybersecurity and Communications Integration Center (NCCIC), Head of Cyber Threat Detection Analysis. Mr. Butera brings a wealth of experience to his role with over 15 years in various cybersecurity and IT leadership positions. Among other prior roles he served as Director of the NCCIC’s Hunt and Incident Response Team. As Division Director, he led the federal government’s efforts to provide technical assistance to significant cyber incidents, including many large-scale data breaches in both the private sector and federal government. His team focused on discovering and analyzing new forensic artifacts, finding new security controls to prevent and detect APT intrusions, and creating or enhancing opportunities for early detection and containment. Mr. Butera holds a Bachelor of Science degree in Computer Science from the University of Notre Dame and earned his Master of Science in Computer Science from the University of Chicago.

Cristine Hoepers is the General Manager of CERT.br, the Brazilian National CERT, maintained by NIC.br, from the Brazilian Internet Steering Committee. She has a degree in Computer Science and a PhD in Applied Computing. She has been working with Incident Management at CERT.br since 1999, where she helps the stablishment of new CSIRTs in the Country, provides training in information security and incident handling, and develops best practices to reduce abuse and increase Internet resilience. She is also involved since 2001 with research on the use of honeypot technology to understand attackers' tools and behaviour, as well as how to measure Internet abuse and the impact of policies on the improvement of the Internet health.

In the past she served as a member of the FIRST Board of Directors, as a Lead Experts of the UN IGF Best Practice Forum on CERTs, and as a member of the ITU HLEG (High Level Experts Group). She has been a speaker and moderator at several forums such as ITU, OAS, ICANN, APWG, IGF, MAAWG, LACNIC and FIRST Conferences, on the topics of incident handling, Internet fraud and spam, CSIRTs development and use of honeypots to identify and measure Internet infrastructure abuse.

Denise Anderson, MBA, is President of the National Health Information Sharing and Analysis Center (NH-ISAC), a non-profit organization dedicated to protecting the health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.

Denise currently serves as Chair of the National Council of ISACs and participates in a number of industry groups and initiatives. In addition, she has served on the Board and as Officer and President of an international credit association, and has spoken at events all over the globe.

Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for ten years.

She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.

Dennis Dayman has more than 25 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. Previously he was Return Path’s Chief Privacy and Security Officer, at that time Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He was also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet related policy issues.

Previously to Return Path, he was Eloqua’s Chief Privacy and Security Officer. Eloqua was acquired by Oracle for $871 Million dollars in 2012 and is now the centerpiece of Oracle's marketing cloud. He was appointed by Department of Homeland Security (DHS) Secretary Nielsen to the Data Privacy and Integrity Advisory Committee (DPIAC) that provides input to DHS on programmatic, policy, operational, administrative and technical issues that relate to personal identifiable information, as well as data integrity and other privacy-related matters. Also appointed as a U.S. Delegate for the U.S. Technical Advisory Group (TAG) within International Organization for Standardization (ISO) and American National Standards Institute (ANSI) supporting work on ISO/PC 317: Consumer protection: privacy by design for consumer goods and services. He is a longstanding member of several boards and advisory committees within the advertising and messaging industry and also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups.

Dr. Dhia Mahjoub is the Head of Security Research at Cisco Umbrella. He works with his team on building large scale threat detection and threat intelligence systems, driving new product features and supporting major business deals in the US, Europe, and APAC. Dhia has 15+ years experience in network security and holds a PhD in graph data analysis. He’s been supporting Law Enforcement through his investigation of cybercrime and speaking about the subject at the Europol-INTERPOL Cybercrime Conference, the Dutch NCSC One Conference, the SANS CTI Summit and RIPE meetings. Dhia’s innovation in the space has led him to be awarded several patents on scalable threat detection and he is a frequent speaker at major conferences including Black Hat, Defcon, Flocon, FIRST, Virus Bulletin, and FS-ISAC. He has also given keynotes at KPMG and Orange security events and is on the program committee of Botconf and the ACM DTRAP journal.

CSIRT CEDIA's Coordinator since Aug 2013. Working with (and a big fan of) Linux since 1995.

Graciela Martínez currently is the Head of the WARP (Warning Advice and Reporting Point) of LACNIC. WARP provides the services needed to reinforce computer security incident response capabilities in case of incidents involving Latin American and Caribbean Internet addresses. In addition to this, Graciela also is the head of the AMPARO trainings. These trainings goal is to build capacity for the creation and operation of Computer Emergency Response Teams (CSIRTs), spreading know-how and reaching out to the LAC community. With over 20 years of experience in IT, she has more than 10 years professionally dedicated to computer security and outreach activities to bring LAC CSIRTs community together with other international security communities.

Hendrik Adrian was a bachelor of Electrical Engineering when received Master of Science in Computer & Information Sciences & Support Services.

Hendrik was working straight in the IT Security field with the UNIX skills in security hardening on various systems, he is known as implementing integration of open source solutions to filter malicious contents on various protocol for data transmission in the internet, his noted achievement was as co-founder and CEO of Kaspersky Labs regional office in Japan which acted as technical leader & business executive, his retirement to establish his own security protocol filtration product security entity, KLJTech (kljtech.com), was a well-noted appliance security product maker “K-Prox and K-Shield” in Japan Hendrik joined the CERT works afterwards and as an active speaker in the reversing & security conference like R2CON, BotConf, AV Tokyo, Brucon, DefCon Japan and he'll talk in Hack.Lu in 2019. His keen in deep technical presentation exposing many local threat via 0day.jp like the detection of first android malware made in Japan. Since 2016 through LACERT (previously JSOC) he is active until in Japan government support for various educational security lecturing activities in IPA(NFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN).

Aside of his daily work, in August 28th 2012 he gathered security researchers all over the world to form a malware analysis group known as MalwareMustDie.org, an NPO formed to suppress the growth of malware distribution in internet. Under his leadership MalwareMustDie (MMD) is known with achievement in deep analysis and disclosure of new threats, some achievements i.e. the first disclosure of Mirai IOT malware, Darkleech Rogue Apache Modules, detection of CookieBomb threat, and Rogue 302-Redirection & Cushion attack, 300+ botnet source codes, full disclosure of Kelihos botnet actors, and stopping the PowerLocker ransomware. More achievement can be seen in https://en.wikipedia.org/wiki/MalwareMustDie The team is also dedicated for its malicious sites takedown achievement which shutting down of more than 36,000 malware domains, and assisting arrest to some alleged cyber crime adversaries.

References :

Several speakers notes:

https://rada.re/con/2018/schedule.html https://www.botconf.eu/author/hendrik-adrian/ http://2014.brucon.org/index.php/Hendrik_Adrian.html https://www.ipa.go.jp/jinzai/camp/2017/zenkoku2017_koushi.html https://www.ipa.go.jp/jinzai/camp/2018/zenkoku2018_program_profile.html#profile_z-04 https://www.ipa.go.jp/jinzai/camp/2019/zenkoku2019_program_profile.html#profile_z-02 https://2018.seccon.jp/seccon/2018akihabara/#cb-08 https://2018.seccon.jp/seccon/2018akihabara/#cb-07 http://en.avtokyo.org/avtokyo2013/speakers#hendrik

Interviews:

"Strudels" threat: https://resources.infosecinstitute.com/exclusive-close-look-largest-credential-harvesting-campaign-via-iot-botnet/ About Linux malware research: https://linux-audit.com/interview-malwaremustdie-linux-malware-research/ About FHAPPI APT: https://securityaffairs.co/wordpress/57309/apt/fhappi-campaign.html

Jacomo, who is based in Brazil, joined Team Cymru in 2012 as part of the Outreach Team and have previously worked at the Brazilian Research and Academic Network. Jacomo is known globally due to his active involvement in FIRST (Forum for Incident Response and Security Teams) and for his work at several Security Communities and Trusted Groups. Jacomo is responsible for Team Cymru's Community Services, including the CSIRT Assistance Program - CAP. When possible also teaches Forensic and CSIRT security classes at post-graduation classes and work on his photography hobby.

Konrads is an experienced, fast thinking and performing IT consultant with 20 years of IT experience. Konrads is currently focusing on high-end security assessments, red-teaming and incident response. His role is a technical team leader and subject matter expert in the Cyber Defence Services team. Konrads’ key strengths are strong IT skills across entire internet technology stack coupled with creativity and business drive. Thanks to Konrads’ understanding of how cyber security works from top to bottom, he can use the technical details to identify systemic problems, find root causes and deliver recommendations for multiple audiences – from technical staff, developers to senior management.

Krassimir Tzvetanov is a security architect at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and investigations, threat intelligence and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations and is currently a graduate student at Purdue University.

Lionel has been involved in the CSIRTs world since 2004, when he set up the CSIRT for the Belgian NREN. He later evolved that team into the first iteration of CERT.be, the Belgian National CERT. He worked for ENISA, then came back to help set up the second iteration of CERT.be, where he is currently working.

Team leader for KraftCERT, the Norwegian CERT (cyber security response team) for energy (oil&gas&electric), water&waste water and Industrial control system industry. Background from IC design, computer networking, and information security. Worked on information security since 1998: for the ISP community, in academia for a number of years, as well the Norwegian Security Authority/National CERT (NSM/NorCERT) and at the grid- and transmission system operator. On the board of directors of FIRST for 8 years, serving as chairman for 2 years.

Michael Hausding works as Competence Lead DNS & Domain Abuse for SWITCH, the ccTLD registry for .ch and .li. His main job is to prevent internet crime on and with .ch & .li domains. He is a incident handler for more than 20 year and a member of SWITCH-CERT. Michael holds a Master in computer science from the University of Darmstadt, a MAS in management, technology and economics from ETH Zürich. He is a board member of the ISOC Switzerland chapter and the Swiss Internet Security Alliance.

Michael Murray serves as a Senior Manager for the Secureworks Security and Risk Consulting - Incident Response (SRC-IR) team, focused on delivering proactive incident response services that prepare our clients to act when an incident strikes by ensuring that they have defined, implemented, and exercised the necessary plans and processes, and by augmenting client incident management capabilities during an incident response event. Prior to joining the Secureworks team, Michael was a member of the technical staff at the CERT Coordination Center (CERT/CC), and previously served on the Board of Directors of the Forum of Incident Response and Security Teams (FIRST).

https://linkedin.com/in/caleff

• SANOFI since 2018
• ANSSI / CERT-FR 2013 to 2018, in charge of International relationships
• 1992 to 2013, APOGEE Communications then DEVOTEAM Group, security consultant, then CSIRT manager

Computer Systems Engineer with a Master Degree in Communications Networks. Specialist with about 20 years of experience in OSS technologies. Researcher and producer of scientific articles in the IT area. Founding Partner and General Manager of NawesCorp Cía. Ltda., Commercially known as EcuaLinux.com. Wide experience as a teacher and instructor in Universities, Institutes and Continuing Education Centers. Has held executive and management positions in the academic and business area, both public and private sectors. Currently works at the CSIRT of CEDIA and manages part of the advanced services infrastructure, and participates as an instructor in its Continuing Education School.

Rastislav Janota has over 20 years of experience in IT and telecommunication sectors. Over his career, Mr. Janota holds successfully various expert, managerial, and supervision positions in the field of information and communication services and cyber/information security in private and governmental sectors both at home and abroad. Currently he serves as Chairman of the Cyber Security Committee of the Security Council of the Slovak republic as well as Director of SK-CERT – Slovak National CERT under National Security Authority of Slovak republic. From these positions, he bear responsibility for cyber security governance of the Slovak Republic.

Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories LTD (FSI), working on Cyber Security. Over 30 years, he has conducted research in neural networks, simulated annealing, agent system, pervasive/ubiquitous computing, Semantic Web, bioinformatics, Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things, Cyber Security Policy, and Cyber Security. He also led numerous standardization activities and collaborations with universities, national and private research institutes, and startups. He is an ACM senior member and an IEEE senior member.

Dr Hashem is the Principal Cybersecurity Advisor at the Egyptian National Telecommunication Authority (NTRA). Dr. Hashem is also theChair Professor of Engineering Mathematics and Computer Science at the Faculty of Engineering, Cairo University, Egypt.Dr Hashem is a Senior IEEE member and an ISACA Certified Information Security Manager. Over the last decade, Dr. Hashem has led several key cybersecurity efforts at the national level, and setting up the framework for further developing the Egyptian Computer Emergency Readiness Team (EG-CERT) at the National Telecom Regulatory Authority (NTRA). More recently, in 2015, Dr Hashem became a member of Egypt’s Supreme Cybersecurity Council (ESCC), which is affiliated with the Cabinet of Ministers. As the Chairman of the Executive Bureau of the ESCC, Dr Hashem led the team that drafted Egypt’s first National Cybersecurity Strategy (2017-2021). Successful cybersecurity initiatives and activities led by Dr Hashem have contributed to Egypt’s advanced cybersecurity rank: 14th among 194 countries,as reported by the International Telecommunications Union (ITU)/ABI Global Cybersecurity Index in July 2017. (https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf ). Since 1999, Dr Hashem has worked as an ICT strategist and policy advisor at the Egyptian Ministry of Communications and Information Technology (MCIT) and its affiliates: The Information Technology Development Agency (ITIDA Executive VP for E-Business and E-Signature) and the National Telecom Regulatory Authority (NTRA VP for Cybersecurity). Dr Hashem has participated in formulating and executing national Information and Communication Technology (ICT) policies, especially in cybersecurity and e-signature, and developing new models for empowering collaboration between the ICT industry and the academic/research community in order to enhance the competitiveness of Egyptian ICT companies. Dr. Hashem received a B.Sc. in Communication & Electronic Engineering anda M.Sc. in Engineering Mathematics from Cairo University-Egypt, and a Ph.D. in Industrial Engineering from Purdue University-USA. He also completed the Senior Executive Program at Harvard Business School-USA. Dr. Hashem authored and co-authored more than sixty articles and book chapters in the areas of artificial intelligence, cybersecurity, information technology, e-commerce, and operations research, with applications in engineering, energy, environment, and computer sciences, with over 1600 international citations (http://scholar.google.com.eg/citations?user=KKIju5kAAAAJ&hl=en). Dr. Hashem received several awards and recognition including: the Global Bangemann Challenge Award (from the King of Sweden: Stockholm – 1999).

Internet Protocol (IP) based Information systems design and security for over a quarter century- yes, even before the Internet became commercialized and common-, including carrier grade backbone networks.

Information Security Specialist, with 10 years of experience in Information Technology with multinational companies. Posses a Bachelor's degree on Computer Science and Master’s degree in Information Technology Project Management.

Senior Manager, Global Cyber Compliance Services. Leads a team of cyber professionals managing cyber security compliance activities at Raytheon both in the US and at their Global locations. Holds the CISSP, ISSMP, and CCSP certifications. Wayne's initial FIRST Conference was the 6th Annual Conference in Boston.