Program Committee

FIRST Cyber Threat Intelligence Symposium
London (UK), March 18-20^th, 2019

Denise Anderson, NH-ISAC

Denise Anderson, MBA, is President of the National Health Information Sharing and Analysis Center (NH-ISAC), a non-profit organization dedicated to protecting the health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.

Denise currently serves as Chair of the National Council of ISACs and participates in a number of industry groups and initiatives. In addition, she has served on the Board and as Officer and President of an international credit association, and has spoken at events all over the globe.

Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for ten years.

She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.
Wade Baker, Cyentia Institute

"Wade Baker is a Co-Founder of the Cyentia Institute, which focuses on improving cybersecurity knowledge and practice through data-driven research. He’s also a professor in Virginia Tech’s College of Business, teaching courses for the MBA and MS of IT programs. Prior to this, Baker held positions as the VP of Strategy at ThreatConnect and was the CTO of Security Solutions at Verizon, where he had the great privilege of leading Verizon’s annual Data Breach Investigations Report (DBIR) for eight years."
Sarah Brown, NATO

Sarah Brown is a Senior Scientist at the NATO Communications and Information (NCI) Agency where she works on cyber security capability development for NATO, with a particular interest in cyber threat intelligence. She works on independent research projects under the name Security Links. Prior to NATO, Sarah worked at Fox-IT, delivering threat information to banks globally and leading standardization efforts for delivery of such content. Sarah worked for nine years at MITRE. Sarah has spoken at RSA, FIRST, ACM WISCS, CyCON, Holland Strikes Back, and Hack in the Box. Sarah holds a BA in Mathematics and Computer Science and an MA in Mathematics from University of Maryland, College Park.
James Chappell, Digital Shadows

James is the Co-Founder and Chief Innovation Officer at Digital Shadows. He has led teams in InfoSec and Cybersecurity since 1997, working across the private sector and government organizations helping them to understand the technical aspects of information security.

James spent over ten years of his career as a security architect and deputy head of the Information Security profession at BAE Systems Detica; he previously worked at Nortel Networks in the United States. James has always been fascinated by innovative ways of counteracting the growth of crime and fraud in computer networks and developing effective ways of measuring and managing the security big picture. In 2011 this journey led to an exploration of digital footprints, and their impact on the security of the modern business. James is a regular speaker at technology events and cybersecurity conferences across the globe and is regularly quoted in the press.
Trey Darley, CERT.be (Program Committee Chair)

Trey Darley is part of the CERT.be team, where he serves as Cyber Security Expert, CTI Strategist. Trey also serves alongside Richard Struse as co-chair of the OASIS Cyber Threat Intelligence (CTI) Technical Committee responsible for STIX/TAXII. He's been working in infosec for years, including stints at NATO and Splunk's Security Practice, and most recently as Director of Standards Development at New Context. Trey's articles have been featured in publications such as IEEE Security and Privacy and USENIX ;login:. He has presented at a number of security conferences, including O'Reilly Security, BruCON, USENIX LISA, RSAC, and various FIRST events. Trey is the official liaison between OASIS and FIRST, a long-time member of the BruCON organizing committee, a member of the OASIS Technical Advisory Board, and a CISSP.
Gina Doekhie, Fox-IT

Gina is Forensic IT Expert at Fox-IT’s Forensics and Incident Response department. Before Gina came to work at Fox-IT, she graduated with a double Master’s degree at the University of Amsterdam. She studied Artificial Intelligence (AI), which she really enjoyed: "ICT combined with psychology, simulating the mind of a human being on a computer." After her bachelor's Artificial Intelligence she started the Master with a specialization in Forensic Intelligence. However, the emphasis was not on Forensics. Therefore she chose a second master Forensic Science, where I learned all about DNA, fingerprints, trace evidence and forensic processes.

At Forensics Gina works on digital forensics, but also gives a lot of training and helps with e-discovery cases. The work at Forensics is very diverse. If a client calls when an incident occurred, we must act quickly. Gina first conducts an intake interview with the client, and then draws a plan of action. If the client agrees, the data will be secured in the Fox-IT lab. When that's done, the real investigation can begin. Gina is also a judicial expert in digital forensics. As a legal expert, I can advise the court of the probative value of digital evidence.

Gina also worked at the Managed Security Services (MSS) department for a while. “The MSS department monitors 24/7 our clients’ systems and networks. They detect, investigate and resolve cyber threats and suspicious activity, such as hacking, data leaks or virus outbreaks. I helped MSS redesigning a system that handles large amounts of data. My knowledge of artificial intelligence algorithms was very useful to analyze and recognize data patterns.
Alexandre Dulaunoy, CIRCL

Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team.
Merike Kaeo, Double Shot Security

Merike Kaeo is the CEO of Double Shot Security, a company whose focus is to engage with international policy and corporate leadership teams to provide strategic directions for information security and privacy initiatives. She is a global expert in information security and authored a book, ‘Designing Network Security’ by Cisco Press, that unified technology, policy and operational considerations to secure network infrastructures. Previously, Kaeo has served as the chief technology officer at Farsight Security, a threat intelligence company, and as the chief information security officer for Internet Identity, a cyberthreat data company. She is a member of the Security and Stability Advisory Council for the Internet Corporation for Assigned Names and Numbers and in 2017 was appointed to the ARIN Board of Directors to serve Jan 1, 2017 thru Dec 31, 2017.
Gary Katz, Lockheed Martin

Gary Katz is a Principle Engineering Architect for FireEye, designing systems to support analyzing network defense events and cyber threat intelligence. Previously he was one of Lockheed Martin's four chief engineers overseeing their cyber portfolio, working on site at one of the United States' federal cyber centers, the DoD Cyber Crime Center (DC3) as their chief architect. In this role, he provided contractor leadership over their Technology Solutions Development organization. He is an active member of the OASIS Cyber Threat Intelligence standards committee, supporting the development of the STIX and TAXII standards. Previous to his work at DC3, Gary Katz was a member of Lockheed Martin's Center for Cyber Security Innovation, their Advanced Technology Office, and Advanced Technology Labs.
Sarah Kelley, MITRE

Sarah Kelley is currently a Lead Cybersecurity Engineer for Defensive Operations at The MITRE Corporation. At MITRE, she focuses on helping develop new and better ways to use Cyber Threat Intelligence to help inform defensive cyber missions. She is also a member of the Oasis Cyber Threat Intelligence Technical Committee (CTI-TC), supporting the development of STIX and TAXII in her role as a co-chair of the STIX subcommittee. Previously, she has worked as a SOC analyst, a forensic analyst, and a cyber threat analyst in her roles at the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the National Security Agency. Sarah has a B.S. in Mathematics from the University of Michigan and a M.S. in Computer Science/Information Assurance from Johns Hopkins University.
Robert M. Lee, Dragos

Rob is CEO of Dragos. A National Cybersecurity Fellow at DC-based think tank New America, he was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year 2015, and was inducted into Forbes’ 30 under 30 for Enterprise Technology 2016 as one of “the brightest entrepreneurs, breakout talents, and change agents” in the sector. A passionate educator, Rob is the course author of SANS 1CS515 “ICS/SCADA Active Defense and Incident Response,” the only ICS-specific incident response course in the world, and the lead author of SANS F0R578 “Cyber Threat Intelligence.”

Rob pursued cybersecurity in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community. He has performed defense, intelligence, and attack missions focused on identifying and remediating hostile nation-state adversary operations.
Éireann Leverett, Concinnity Risks

Éireann Leverett once found 10,000 vulnerable industrial systems on the internet.

He then worked with Computer Emergency Response Teams around the world for cyber risk reduction.

He likes teaching the basics, and learning the obscure.

He continually studies computer science, cryptography, networks, information theory, economics, and magic history.

He is also fascinated by zero knowledge proofs, firmware and malware reverse engineering, and complicated network effects such as Braess' and Jevon's Paradoxes. He has worked in quality assurance on software that runs the electric grid, penetration testing, and academia. He likes long binwalks by the hexdumps with his friends.

Éireann Leverett is a regular speaker at computer security conferences such as FIRST, BlackHat, Defcon, Brucon, Hack.lu, RSA, and CCC; and also a regular speaker at insurance and risk conferences such as Society of Information Risk Analysts, Onshore Energy Conference, International Association of Engineering Insurers, International Risk Governance Council, and the Reinsurance Association of America. He has been featured by the BBC, The Washington Post, The Chicago Tribune, The Register, The Christian Science Monitor, Popular Mechanics, and Wired magazine.

He was part of a multidisciplinary team that built the first cyber risk models for insurance with Cambridge University Centre for Risk Studies and RMS.
Terry MacDonald, Cosive

Terry MacDonald has been involved in information security for over 17 years. He has worked in various roles during that time, spanning Security Operations, Policy, Planning, Business Development and Product Development. Terry co-founded the Spark NZ Security Operations Team, has worked in senior roles at the Cisco Managed Threat Defense centre and helped Microsoft develop their internal Threat Intelligence Management solution. In recent years Terry has focused on helping organizations integrate threat intelligence, incident response and policy planning together to gain the most benefit from their information security programmes. Terry has been a major contributor to the OASIS STIX, TAXII and CybOX threat intelligence sharing standards, and has provided advisory services to major vendors such as Microsoft, Soltra and EclecticIQ. He was also instrumental in the FIRST IEP Policy Framework and is a FIRST IEP-SIG co-chair. Terry is also a NZITF board member in his spare time.
Ryusuke Masuoka, Fujitsu

Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories Limited in Toranomon, Tokyo, Japan, working on Cyber Security. He is also a part-time lecturer of Graduate School of Mathematical Sciences, the University of Tokyo in Japan. Since joining Fujitsu Laboratories Ltd. in 1988, he conducted research into neural networks, simulated annealing, and agent systems. Results from all of those research areas have led to products from Fujitsu. After moving to Fujitsu Laboratories of America, Inc. in March of 2001, he engaged in researches on pervasive/ubiquitous computing, Semantic Web, and bioinformatics, from which Task Computing resulted. Then he extended his research into Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things and Cyber Security, when he led a group of 15 PhDs (, contractors and interns) with annual budget of more than 6 Million USD. He also led numerous standard activities and collaborations with universities, national and private research institutes and startups. From the beginning of 2012, he started working on Anti Cyber Attack Solutions at Fujitsu Laboratories Limited. He joined the Center for International Public Policy Studies in July 2012 and studied Cyber Security Policy for two year. He is now with Fujitsu System Integration Laboratories Limited, working on Cyber Security. A top 1% and the #10 in Setagaya TripAdvisor reviewer.
Kyle Maxwell, Accenture

Kyle Maxwell is a product manager with decades of experience as a practitioner in incident response and network security investigations. He currently manages feature development for iDefense IntelGraph as well as external partner integrations. Additionally, he has written or contributed to several open source projects such as Maltrieve and Combine.

He has contributed to a number of public reports on data breach analysis and frequently speaks at conferences about the practice and application of cyber threat intelligence. Previously, he led the incident response team at a large payment processor and performed digital forensics for clients across the United States at several private investigation firms. Mr. Maxwell speaks fluent Spanish and holds a degree in Mathematics from the University of Texas at Dallas.
Chris O'Brien, EclecticIQ

A fully qualified SANS Cyber Guardian, STIX geek and all-around nerd, Chris has led teams across both UK Public and Private sector Cyber Security and Intelligence arenas. Chris started out as an Intrusion Analyst in UK Intelligence, tracking and responding to incidents, and was one of the first technical analysts to help establish NCSC UK. Prior to his current role, Chris held the post of Deputy Technical Director at NCSC UK specialising in technical knowledge management to support rapid response to cyber incidents, and is now Director Intelligence Operations at EclecticIQ.
Alex Pinto, Verizon

Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services. He is responsible for data science, analytics and machine learning capabilities of the Verizon Autonomous Threat Hunting product. He joined Verizon through the acquisition of Niddel, where Alex was Co-Founder and Chief Data Scientist.

Alex has over 20 years of experience in build security solutions and products and the last 5 of those years have been solely dedicated to the application of machine learning in cybersecurity detection and threat hunting activities. He also holds multiple cybersecurity certifications, such as CISSP-ISSAP, CISA, CISM, and was previously PMP and PCI-QSA certified.

He is an accomplished international speaker and thought leader, has presented various times at conferences such as Black Hat, DEFCON, RSA Conference and FIRST. His usual research subjects are machine learning applied to security, threat intelligence evaluation and metrics, and threat hunting automation.

Before founding Niddel, Alex was a founder of Cipher Security, a global full-solution provider of Brazilian origin. He was born in Rio de Janeiro, but for a twist of fate can't play any soccer.
Tomas Sander, Intertrust Technologies Corporation

Dr. Tomas Sander is the Data Protection Officer (DPO) and a Senior Research Scientist at Intertrust Technologies. Prior to joining Intertrust, Tomas worked for 14 years at Hewlett Packard Labs in Princeton, New Jersey where he was a member of the Security and Manageability Lab which conducts research in security, privacy and cloud technologies. Before joining HP, he worked for STAR Lab, the research lab of InterTrust Technologies in Santa Clara, California on a broad range of topics relevant to advanced digital rights management (DRM). Tomas Sander received a doctorate in Mathematics from the University of Dortmund, Germany in 1996. From September 1996 to September 1999 he was a postdoctoral researcher at the International Computer Science Institute (ICSI) in Berkeley, California. His research interests include computer security, privacy and cryptography. He did research on how to implement good privacy practices in large organizations and created the HP Privacy Advisor, a decision support tool deployed across HP which assists employees in making the right decisions when handling personal information.

Tomas was the lead scientist for creating Hewlett Packard’s Threat Central solution, a platform for threat information sharing that is used by more than 150 organizations. In 2014 Tomas founded the ACM Workshop on Information Sharing and Collaborative Security (WISCS 2014), the first scientific workshop focused on the topic.
Thomas Schreck, Siemens

Thomas Schreck is a Board Member and the Chairman of the Forum of Incident Response and Security Teams. Since 2007 he works within Siemens CERT and is currently heading this team. He holds a PhD in Computer Engineering from the Friedrich Alexander University Erlangen-Nuremberg and a Diploma in Computer Science for the University of Applied Sciences Landshut.
Andreas Sfakianakis, Individual

Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional. Andreas is currently a CTI Analyst of Royal Dutch Shell based in Netherlands. He is also a member of European Network and Information Security Agency’s Threat Landscape Stakeholders’ Group and an external expert for ENISA and European Commission. He is a former CTI Analyst at Lloyds Banking Group and Network Information Security Expert at ENISA. He has more than 5 years of experience on Cyber Threat Intelligence field working and engaging with organizations from the banking and Oil & Gas sectors, European agencies, CERTs/CSIRTs, law-enforcement, intelligence professionals and researchers.

Andreas has been the co-author of a number of reports, namely: WEF's Global Risks 2013: "Digital Wildfires in a Hyperconnected World", ENISA's Threat Landscape 2012, ENISA's report on "Exploring the opportunities and limitations of current Threat Intelligence Platforms". He has also participated in the reviewing of ENISA CERT exercises as well as in various research and innovation proposals for European Commission. Finally, Andreas has been the Editor-in-chief of the "Threat Intel Weekend Reads" newsletter for 3 years.

Andreas' Twitter handle is @asfakian!
Andrew Storms, New Context

Andrew Storms is the Vice President of Product at New Context, an innovator in the security of data for highly regulated industries including energy, telecommunications and government. Previously, Storms was the Senior Director of DevOps for CloudPassage and the Director of Security Operations for nCircle (acquired by Tripwire). At nCircle, he was responsible for the definition and enforcement of the security programs, delivering EAL3 certification, SOC2 audits and managed the company’s PCI ASV program. He has been leading IT, Security and Compliance teams for the past 2 decades. His multi-disciplinary background, also includes product management, quality assurance and software engineering. Storms commentary on IT security issues has appeared in CNBC, Forbes and The New York Times, as well as many other publications. He is a CISSP, a member of Infragard, the OASIS Cyber Threat Intelligence (CTI) Technical Committee and a graduate of the FBI Citizens' Academy.
Richard Struse, MITRE

Richard Struse is the Chief Strategist for Cyber Threat Intelligence (CTI) at The MITRE Corporation, leading the effort to improve cyber defense by better understanding the adversary’s tactics and techniques. In addition, he is the chair of the Cyber Threat Intelligence Technical Committee within OASIS, an international standards development organization. In 2018, Mr. Struse was elected to serve on the board of directors of OASIS.

Previously, Mr. Struse served as the Chief Advanced Technology Officer for the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) where he was responsible for technology vision, strategy and implementation in support of the NCCIC’s mission. Mr. Struse is the creator of the STIX and TAXII automated information sharing initiatives which have been widely adopted across the public and private sectors. In October 2014, Secretary of Homeland Security Jeh Johnson presented Mr. Struse with one of the department’s highest honors, the Secretary’s Award for Excellence, in recognition of his pioneering work on STIX and TAXII.

Prior to joining DHS, Mr. Struse was Vice President of Research and Development at VOXEM, Inc., where he was responsible for the architecture, design and development of a high-performance, extreme high- reliability communications software platform that is in use in telecommunications systems around the world. He began his technical career at Bell Laboratories where his work focused on tools to automate software development and the UNIX operating system.

In 2015 Mr. Struse was named by Federal Computer Week as one of the “Federal 100” in recognition of his leadership role in the development of cyber threat intelligence technology standards. In 2016, OASIS selected Mr. Struse to receive their “Distinguished Contributor” award for his work as “a pioneer in the development of the STIX, TAXII, and CybOX standards and was instrumental in successfully transitioning the CTI work to OASIS.”
Masato Terada, Hitachi

Masato TERADA is the Technology and Coordination Designer for the Hitachi Incident Response Team (HIRT). He is also affiliated with the Information-technology Promotion Agency, Japan (IPA), JPCERT/CC, ICT-ISAC Japan (ict-isac.jp) and Chuo University. His fields of interest are vulnerability database and information sharing. He also promotes STIX/TAXII deployment as a steering committee member at ICT-ISAC Japan.
Allan Thomson, LookingGlass

As LookingGlass Chief Technology Officer, Allan Thomson has more than three decades of experience across network, security, and distributed systems technologies. Allan leads technical and architecture strategy across the LookingGlass solutions portfolio.

Allan is also co-chair of OASIS CTI Interoperability Sub-committee that is introducing STIXPreferred certification program for the new STIX/TAXII version 2 standards.

Prior to LookingGlass, Allan served as Principal Engineer at Cisco Systems, Inc., where he led the software architecture and design of the company’s Cyber Threat Defense System and Platform Exchange Grid. He was responsible for overall systems management and security telemetry collection/aggregation, as well as distributed threat analysis/intelligence services in multi-tenant public and private cloud deployments.

Before joining Cisco, Allan oversaw the technology growth initiatives of several start-up companies, including Airespace, where he was a Software Architect responsible for the design, development and network management/location tracking of the company’s wireless local area network (WLAN) system.
Zachary Tudor, Idaho National Laboratory

Zachary (Zach) Tudor is the Associate Laboratory Director of Idaho National Laboratory’s National and Homeland Security’s organization, a major US center for national security technology development and demonstration. At INL, he is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions. Previously, Tudor served as a Program Director in the Computer Science Laboratory at SRI International, where he supported cyber security and critical infrastructure programs such as DHS Cyber Security Division’s Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC) consortium, and the Industrial Control System Joint Working Group R&D working group. He has served as a member of (ISC)2’s Application Security Advisory Board and the NRC’s Nuclear Cyber Security Working Group, as well as the Vice Chair of the Institute for Information Infrastructure Protection at George Washington University. Tudor is a member of the National Academy of Science Air Force Studies Board and (ISC)2’s Board of Directors. A retired U.S. Navy Submarine Electronics Limited Duty Officer and Chief Data Systems Technician, Tudor holds an M.S. in Information Systems from George Mason University concentrating in cybersecurity, where he was also an adjunct professor teaching graduate courses in information security.
Krassimir Tzvetanov, Fastly

Krassimir Tzvetanov is a security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks.

In the past he worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications.

Krassimir has established a couple of Threat Intelligence programs at past employers in the past and has been actively involved in the security community facilitating information exchange in large groups.

Currently Krassimir is a co-chair and co-founder of the FIRST CTI SIG.

Before retiring, he was a department lead for DefCon, and an organizer of the premier BayArea security event BayThreat. In the past he was also an organizer of DC650 - a local BayArea security meetup.

Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.
Eva van der Valk

Eva van der Valk has been working in IT for over 20 years, of which 10+ in the IT Security field and has been taking things apart for as long as she can remember. After a background in UNIX sysadmin and networking, she switched to a future in IT Security at Canon EMEA. Initially in a technical IT Security Officer role and later on managing the Security and Compliancy Operations department. In these roles she has gained a wealth of experience in both the IT and information security fields, with multiple focus points, including IT auditing, compliancy and offensive and defensive operations.

She currently holds the ISC2 CISSP, GWAPT (GIAC Web Application Penetration Tester), GMON (GIAC Continuous Monitoring Certification), GPEN (GIAC Network Penetration Testing and Ethical Hacking) & ITILv3 certification and is currently studying to pass the GXPN (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking) exam. Eva has also attended the SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques & SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques training.