Program Committee

Alex Pinto is an associate director at Verizon and leads the Verizon Data Breach Investigations Report (DBIR) team. Alex has almost 25 years of experience in building security solutions, focused on the application of data science on cybersecurity. He is a frequent speaker in cybersecurity conferences, such as Black Hat and RSA Conference, and holds multiple industry certifications.

Alexander Jäger is a Senior Security Engineer working in the Incident Management and Digital Forensics team at Google. He is active in various open source projects. He studied technical computer science at the University of applied sciences in Mannheim and holds a Dipl.-Ing (FH). Alexander is the former Chair of the board of directors and CFO of FIRST (Forum for Incident Response and Security Teams). If not in front of a computer you might find him doing a swim bike run.

Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team. Besides his activities in cyber-security, he's also fond of generally fixing anything that's broken around the office.

Andreas is a seasoned Cyber Threat Intelligence (CTI) analyst and Threat Hunter (TH) with over 15 years in cybersecurity. He currently specializes in the analysis of adversary tradecraft, providing actionable intelligence for strategic and tactical use, and leading and supporting hunting programs and various intelligence initiatives for mission success.

Throughout his career, Andreas has led multiple teams in threat intelligence, detection engineering, and incident investigation. He strongly advocates for intelligence-driven defense to mitigate complex cyber threats and collaborates with other CTI researchers for investigation, profiling and tracking. He is dedicated to improving detection- and hunting capabilities by deeply understanding adversary tactics and techniques, as well as refining methods for operationalizing intelligence.

Andreas Muehlemann has been working over 15 years in IT security. He has worked for different industries like Finance, Industry, Logicstic, Electricity, Research and has a broad background in Cyber Security, Network Security and Linux Security. His current role in the CTI Team of Swisscom includes Cyber Threat Intelligence, IOC sharing, malware analysis and network security. He's actively contributing in FIRST SIGs and passionate about open source software.

Andreas is a Cyber Threat Intelligence professional and SANS Instructor with over fifteen years of experience in cyber security. He focuses on applying threat intelligence and helping organizations manage threats mostly within the Energy, Technology, and Financial sectors as well as in European Union’s Agencies and Institutions. Andreas has been contributing to the CTI community since 2012 via public reports and presentations, his blog, newsletter, and instructing. His utmost goals are the maturing of threat management programs within organizations as well as the embedding CTI in policy making. Andreas Twitter handle is @asfakian and his website is threatintel.eu

Bartosz Jerzman is currently working as Head of Cyber Intelligence Centre at Standard Chartered Bank. Prior to this role, Bartosz was Head of Cyber Threat Intelligence department at Polish National Cyber Security Centre where he focused on hunting cyberespionage threats. He started his career in the Polish Navy but instead of commanding the ships, he took various positions in cybersecurity for the Navy: sysadmin, pentester, security architect and monitoring, incident responder. Bartek is also a lecturer at Polish Naval Academy and Lazarski University where he teaches his students how to analyse intrusions and respond to cyberthreats. Fan of gliding sailplanes, sailing yachts and kendo fencing.

Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 in the dual role of Incident Handler and Cyber Threat Intelligence Team Lead. In 2022 he moved to Siemens Technology as Principal Key Expert, supervising the research in technologies and innovations for cybersecurity services.

Erick Thek is a Consulting Director in Unit 42 Security Consulting team in EMEA. Erick leads the Governance, Risk, and Compliance services and delivery on providing threat intelligence led GRC discussions, assessments, and table top exercises for clients in EMEA. Erick excels at effectively communicating complex cybersecurity concepts to diverse audiences, utilizing his skills in public speaking and digital intelligence.

Erick is a highly experienced and accomplished professional with over 25 years of experience in both public and private sectors focusing on intelligence and investigations in global organisations. Erick has developed expertise in leading proactive services and cyber threat intelligence engagements focusing on intelligence, investigations, and cybersecurity.

Erick also brings a wealth of experience from his time within the US Military, both as a soldier and government civilian, where he served for over 20 years. As a Cyber Threat Intelligence Manager and then as a Digital Forensic Laboratory Manager, he developed and led cyber intelligence fusion.

Hendrik Adrian is the representative of FIRST Team LACERT and FIRST CTI SIG co-chair, he is working as cyber threat intrusion senior analyst at Cyber Emergency Center. Hendrik works as Japan government support for various educational security lecture activities in IPA i.e. Security Camp, CyberCREST, and he is putting more efforts in international security communities as an active lecturer and speaker in various conferences. His contributed malware analysis to the security community is listed in the Wikipedia at https://en.wikipedia.org/wiki/MalwareMustDie

Jeroen Vanderauwera is an experienced cybersecurity professional with a broad background in Threat Intelligence, Incident Response, Digital Forensics, Detection Engineering, Malware Analysis, and Infrastructure Tracking. He currently serves as a Principal Cyber Threat Analyst at Google’s Threat Intelligence Group. Jeroen's cybersecurity career began over 13 years ago at a national and governmental CERT, where he gained expertise in Security Engineering and Incident Response. Later, he contributed to Verizon's Cyber Intelligence Center as a Security Analytics Researcher. Subsequently, he joined NATO, where he held multiple roles, spearheading Threat Research efforts and overseeing the Digital Forensics Lab at the NATO Headquarters.

Joe Slowik has over 15 years of experience across multiple cyber domains. Joe currently manages the CTI and ICS portions of the MITRE ATT&CK framework, while also performing critical infrastructure threat research. Previously, Joe has led cyber threat intelligence, detection engineering, and threat hunting functions and teams at organizations including Dragos, DomainTools, and Huntress. Joe started his security journey in the US Navy and Los Alamos National Laboratory.

Lincoln works as the CTI lead for Deloitte Global. He formerly led the CTI team at the International Monetary Fund and spent a decade in the US Army as a Military Intelligence officer. He has over a decade of experience helping organizations understand the threats they face and make informed, risk based decisions.

Lisa Lobmeyer works in Incident Response at HiSolutions as Team Lead, helping organizations affected by IT security incidents. She is responsible for managing HiSolutions daily IR business as well as advancing HiSolutions' participation in various communities. She enjoys helping people discover hidden talents during crisis.

Melanie is a cyber threat intelligence (CTI) analyst and responsible for the development of the CTI function at Bosch. Due to previous roles at the Bosch Group, she has experience in Incident Response and Industrial Security Research. She holds a Master of Science degree in Computer and Information Science from the University of Konstanz.

Nick Attfield is a threat researcher at Proofpoint, currently responsible for tracking a raft of APT actors. He has extensive experience in helping build nascent threat intelligence functions. With previous roles in financial services, SentinelOne and F-Secure, he has a breadth of expertise across multiple domains and operating environments.

Nicol Dankova is currently Head of Security Operations Center in Henkel, where she also leads the Incident Response and Threat Intelligence capabilities of the Cyber Defense team. Her specialization is Windows and network forensic. Beside that she is PhD. candidate at Tomas Bata University in Zlin, where she focuses on the research of threat exploitations in the IPv6 address space.

Ondra Rojčík is a Principal Cyber Threat Intelligence Analyst at Red Hat CTI team. He is providing intelligence analysis and strategic perspective to the Red Hat’s CTI program and its analytical production. He also lectures and consults on intelligence analysis tradecraft. Previously, he worked for the Czech National Cyber Security Agency (NUKIB), where he co-founded and led the Strategic Threat Intelligence function for over five years.

Rainer has been involved in cyber threat intelligence at BASF since 2016. In 2022, he took over the leadership role of a newly established cyber threat intelligence team. Prior to that, he held various manager and individual contributor positions in cyber security, including in incident response, security engineering, vulnerability management, and firewall administration.

Silvia Passoni is a Cyber Threat Intelligence Analyst with an interdisciplinary background. She is a member of LDO-CERT, the internal CERT of Leonardo, Italy's leading Aerospace & Defence company. She is responsible for Strategic Cyber Threat Intelligence, providing contextual analysis to support and facilitate executive decision-making. Her expertise lies in strategic analysis and geopolitical research; specifically, she conducts independent research to identify national and international events that could impact the Aerospace & Defence sector, monitoring trends relevant to Leonardo and its stakeholders. She is also dedicated to educating Leonardo’s employees on cybersecurity awareness.

Terry MacDonald has been involved in information security for over 25 years. He currently is co-owner of Cosive, a CTI and SOC improvement specialist consultancy based in Australasia. He has been a major contributor to the OASIS STIX, TAXII and CybOX threat intelligence sharing standards, and has provided advisory services to major vendors such as Microsoft, Soltra and EclecticIQ. Terry is the co-chair of the FIRST IEP-SIG and is also Chairperson of the New Zealand Internet Task Force in his spare time.

Tobias Mainka serves as the Technical Lead for Cyber Threat Intelligence at Infineon AG, actively involved in building and coordinating the Cyber Threat Intelligence process. Before his current role, he was part of Siemens CERT specializing as a senior incident responder, particularly drawn to special vulnerability handling including zero-day exploits and advanced persistent threats.

Vasileios Mavroeidis is a Professor of Cybersecurity at University of Oslo and a board member of the esteemed standards development organization OASIS Open. His research focuses on security automation and threat-informed and collaborative defense, including cyber threat intelligence representation, reasoning, and exchange. Vasileios has published numerous scientific papers contributing to the body of knowledge and has been involved in Norwegian and European research and innovation cybersecurity actions supporting critical infrastructure operators and authorities responsible for cybersecurity. He is a member of the ENISA ad hoc working groups on Cyber Threat Landscapes and Security Operations Centres, and he has assisted the agency as a rapporteur, performing desk research, analysis, and advisory tasks pertinent to standardization. Additionally, Vasileios participates in the EU's Stakeholder Cybersecurity Certification Group, which was established to advise on strategic cybersecurity certification issues. Other involvements include contributing to standardization works and co-chairing the FIRST Automation special interest group and the OASIS Open Threat Actor Context and CACAO standardization committees. In 2022, OASIS Open awarded Vasileios the distinguished contributor designation for his contributions to cybersecurity standardization and open-source projects.