The trainer of this course is a cybersecurity certified professional i.e. Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) with more than 12 years of work experience. He works in the field of cybersecurity for various domains such as cybersecurity research and threat intelligence, training for cybersecurity user awareness, cybersecurity policies/frameworks, and penetration testing. He has a passion of teaching and likes to share the knowledge obtained during job tasks. He has also conducted on premise classes as well as online sessions to deliver the lectures on Ethical Hacking to university students as visiting faculty.
Ali Abdollahi a Cybersecurity consultant with over 8 years of experience working in a variety of security fields. Currently the cybersecurity division manager, Board of review, author and instructor at Hakin9, Pentest &eForensics magazine. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs, author books and some articles in the field of cybersecurity. Ali is a regular speaker and trainer at industry conferences and events.
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of 'Practical Web Defense' - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
I work as a penetration tester with over 8 years of experience and as a trainer with over 14 years (5 in the security field). Certifications: OSCP, CEH, ECSA, CHFI, ISO 27001, CREST CRT, CREST CPSA, etc. Penetration testing customers: over 15 companies in different areas: retail companies (Metro/Makro, Real, Carrefour), banking and insurance and IFN (Raiffeisen, BRD, Orange Money, NN, Ergo, etc.), ride-sharing companies Penetration testing areas: Web and mobile, code review, infrastructure, Wi-Fi and Social Engineering Trainer for:CEH, CHFI, ECSA, Custom security training ( Secure Development, Ethical Hacking, Social Engineering), CNA, CCNA Security
Alper Basaran has over 15 years experience in penetraion testing and source code review. He has mainly worked with government agencies, military units and enterprise level software development companies. His company, Sparta Bilisim, provides cybersecurity consulting and penetration testing services throughout the Middle-East, North Africa, Europe and Central Asia. He is the OWASP Ankara Chapter leader and provides free trainings to universities and NGOs in cyber security awareness and penetration testing. Alper is a published author with 3 published books and a registered keynote speaker with the Celebrity Speakers Agency.
Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Hi, I'm Mehul Patel and I specialize in Information Technology and Services. I’m passionate about what I do. I am a Developer Tech by profession, an open-source enthusiast, Linux geeky, and a maker by heart. I hold *Masters in Computers Science* and have been working relentlessly and contributing towards the open source community in all ways I can. I am an active member of the *Mozilla* Community which is a program run by a group of highly trained & passionate Mozillians(Tech enthusiasts), who share technical knowledge about Firefox, Mozilla, OpenSource and the Web at various regional developer-facing events. Currently, I am acting as a Rust Mobilizer in the community and trying best to aware people of this awesome and secure programming language. I am also part of other opensource peers like WordPress, Red Hat Linux, Debian, OpenStack, Auth0, and much more. I also represent Mozilla while being on the *Campus Advisory Committee*, a *Reps Mentor* and ambassador at *Auth0*. I have been invited as a Technical Speaker at All things open, OWASP AppSec Israel, LinuxCon, Open Innovation Summit, MozFest, ServerlessDays and so on to share and educate tech enthusiasts regarding opensource technologies Like Red Hat, WordPress, Rust, Virtualization, server securities & hardening and much more. I frequently blog at https://medium.com/@rowdymehul List of key talks and publications: http://bit.ly/2FVfzDE
Christian has pursued a successful career as a freelance Java software developer since 1997 and expanded it in 2005 to include the focus on IT security. His major areas of work are penetration testing, security architecture consulting, and threat modeling. As a trainer, Christian regularly conducts in-house training courses on topics like web application security and coaches agile projects to include security as part of their process by applying DevSecOps concepts. Christian regularly enjoys speaking and giving trainings on major national and international conferences.
AviD is a high-end, independent security architect and developer, with decades of experience implementing security requirements and protecting complex systems. He has been designing, developing, and testing secure applications for over 20 years, and is obsessed with maximizing value output from security efforts, since originally building threat models at Microsoft over a dozen years ago. Avi leads consulting at Bounce Security, where he supports organizations of all sizes in integrating security methodologies and products into their development processes, often providing training on secure coding and other security topics. We utilize various methodologies as circumstances demand, and adjust accordingly. Recently, our relentless drive to optimize security investment and threat modeling in particular, has led us to adapt the classic threat modeling methodology to a more agile workflow in order to empower developers and agile R&D teams. Mr. Douglen is a frequent trainer and speaker at industry conferences, such as OWASP, RSA, BSides, and Infosec, as well as developer conferences such as O’Reilly, DevSecCon, PyCon, and DevOpsDays. He has trained hundreds of developers on security, including secure coding, security architecture, threat modeling, and more. Avi also co-founded the OWASP Threat Modeling project, and is one of the project leaders. He also leads the OWASP Israel chapter, and created the successful AppSec Israel security conference. He volunteers as a high school tech teacher and mentor, and is also a community moderator on https://Security.StackExchange.com/.
SDLC Security Consultant, Threat model (trainer), OWASP Threat Model Project Leader Steven Wierckx is a software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design, Steven shares his passion for web application security through writing and training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He is the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. Steven spoke at Hack in the Box Amsterdam, hosted a workshop at BruCON and delivered threat modeling trainings at OWASP AppSec USA and O’Reilly Security New York.
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of 'Practical Web Defense' - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
Keatron Evans is the Managing Partner at KM Cyber Security, LLC, https://kmcybersecurity.com, and responsible for global information security consulting business which includes penetration testing, cyber threat hunting, digital forensics, and training. He regularly consults for and trains members of the intelligence community of the US and other governments in offensive cyber operations and works on several classified threat hunting operations each year. Keatron is also one of the authors of the award-winning Certified Ethical Hacking course administered by the Infosec Institute. Additionally, he is the lead author of Chained Exploits: Advancing Hacking Attacks from Start to Finish, a textbook still used for offensive training throughout academic and corporate communities.
Michael Furman has over 13 years of experience with application security. Michael Furman has been the Lead Security Architect at Tufin for over 6 years. He is responsible for the security of all Tufin software products. Tufin has over 2000 customers, including over half of the Fortune 50 organizations.
Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook. Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training. Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.
For over the last 20 years, Jason has been ethically peering into Client Behavior, Wireless Networks, Web Applications, APIs and Cloud Systems, helping organizations secure their assets and intellectual property from unauthorized access. As a consultant he's taken hundreds of organizations through difficult compliance mine fields, ensuring their safety. As a researcher he has found flaws in consumer IOT systems and assisted in hardening them against external attacks. At Cequence Security Jason does research, community outreach and supports efforts in identifying Automated Attacks against Web, Mobile, and API-based Applications to keep Cequence's customers safe.
Aleksandr Kolchanov is an independent security researcher and consultant. Ex penetration tester of a bank in Russia. He takes part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Yandex, Privatbank). Aleksandr is interested in uncommon security issues, telecom problems, privacy, and social engineering. Speaker at PHDays 2018 and 2019, c0c0n 2018, DeepSec 2018 and 2019, HiTB 2019, Infosec in the City 2019, OzSecCon 2019, Hacktivity 2019, No cON Name 2019 and BSides.
Mohammed A. 'secfigo' Imran is the Founder and CEO of Practical DevSecOps and seasoned security professional with over a decade of experience in helping organizations in their Information Security Programs. He has a diverse background in R&D, consulting, and product-based companies with a passion for solving complex security programs. Imran is the founder of Null Singapore, the most significant information security community in Singapore, where he has organized more than 60 events & workshops to spread security awareness. He was also nominated as a community star for being the go-to person in the community whose contributions and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking and giving training in conferences like Blackhat, DevSecCon, AppSec, All Day DevOps, Nullcon, and many other international conferences.
Dhamotharan is a seasoned security professional with over a decade worth of experience ranging from application security to infrastructure and now dealing with DevSecOps. He is currently working as a Lead Cyber Defence Analyst with PayU India. Some of his research ideas and technical advisories can be found in his blog. A security researcher, an active speaker and a bug hunter, discovered multiple Bug hunter in modern web application, His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Oracle, Slack, Sony, Sophos, Bit Defender, ING, NN-Group,& Cisco, Matomo etc. His works with various communities (OWASP Seasides, Bsides , Nullcon and National Cyber Safety and Security standards (india) and is passionate about increasing participation in Infosec space. he has been a speaker at OWASP Global Seasides 2020, NCDR Conference). Dhamotharan also volunteers for the Member in National Cyber Safety & Security Standards(NCDRC), India and Lead Security Researcher in Bug Discover community. OWASP Erode Chapter Leader
Experienced information security professional with a demonstrated history of working in the application security industry. Strong engineering professional with practical skills in Penetration testing, code review, threat modelling, design review, mobile security testing, DevSecOps, RASP and Cloud Security. The instructor has delivered training in the past for OWASP Delhi and Houston chapters.
Matt Tesauro is currently rolling out AppSec automation at a major financial institution and is a founder of 10Security. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 63 different security tools. Prior work included the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He has over 20 years of Linux experience and 7 years of using Linux containers, primarily Docker. Matt holds two degrees from Texas A&M University and several security and Linux certifications.
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. In his recent roles, he has been responsible for managing enterprises software assurance programs, with emphasis on governance, secure development practices, and security training. Before specializing in application security, John was active as a Java enterprise architect and Web application developer. In an earlier life, John had specialized in developing discrete-event simulations of large distributed systems, in a variety of languages - including the Java-based language (FreeSML) he developed as part of his doctoral research. John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, and is Co-Leader of the OWASP Application Security Curriculum Project.
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. For more than 20 years, he has been involved in various projects as an architect, coach, and developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID Foundation, he is also enthusiastic to deal with all aspects of application security.
Charles Givre recently joined JP Morgan Chase works as a data scientist and technical product manager in the cybersecurity and technology controls group. Prior to joining JP Morgan, Mr. Givre worked as a lead data scientist for Deutsche Bank. Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for seven years where he worked in the intersection of cyber security and data science. At Booz Allen, Mr. Givre worked on one of Booz Allen's largest analytic programs where he led data science efforts and worked to expand the role of data science in the program. Mr. Givre is passionate about teaching others data science and analytic skills and has taught data science classes all over the world at conferences, universities and for clients. Mr. Givre taught data science classes at BlackHat, the O'Reilly Security Conference, the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University. He is a sought-after speaker and has delivered presentations at major industry conferences such as Strata-Hadoop World, Open Data Science Conference and others. One of Mr. Givre's research interests is increasing the productivity of data science and analytic teams, and towards that end, he has been working extensively to promote the use of Apache Drill in security applications and is a committer and PMC Member for the Drill project. Mr. Givre teaches online classes for O'Reilly about Drill and Security Data Science and is a coauthor for the O'Reilly book Learning Apache Drill. Prior to joining Booz Allen, Mr. Givre, worked as a counterterrorism analyst at the Central Intelligence Agency for five years. Mr. Givre holds a Masters Degree in Middle Eastern Studies from Brandeis University, as well as a Bachelors of Science in Computer Science and a Bachelor's of Music both from the University of Arizona. He speaks French reasonably well, plays trombone, lives in Baltimore with his family and in his non-existant spare time, is restoring a classic British sports car. Mr. Givre blogs at thedataist.com and tweets @cgivre.
Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely. Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook. Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training. Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.
Chetan Karande is a project leader for the OWASP Node.js Goat project and contributor to multiple open-source projects including Node.js core. He is the author of 'Securing Node Applications' (O’Reilly). He is a trainer on the O'Reilly Learning platform and has offered training at OWASP AppSec USA and Global OWASP AppSec conferences.
Morgan Roman works on the application security team at CoinBase. He started his career writing integration tests for web applications and APIs as a software development engineer in test. He is passionate about finding ways to automate security development and testing and make it part of the deployment process.
Rohit is an Associate Director with NotSoSecure, a Claranet Group company. He is a technology enthusiast with over 9+ years of experience in hacking anything that runs on binaries and is on the ground. He also delivers one of the bestselling classes by NotSoSecure titled 'Application Security for Developers' and ‘DevSecOps’. He has also trained and spoken at premier security conferences like Blackhat,OWASP AppSec and Nullcon. He is humbled to be part of the list of '50 Influential DevSecOps Professional - Peerlyst 2019'. He also loves to reverse engineer binaries and mobile applications and find and exploit vulnerabilities in them. He spends his free time learning new technologies,programming languages or maybe even tinkering with open source tools.
CTO and Co-Founder , Bridgecrew A tech-leader and open-source enthusiast based in Tel Aviv, Barak’s passion for software began at the age of 14. Starting with a BSc in Computer Science and MBA in IT, he went on to serve as tech lead of big data engineering at the IDF C4I & Cyber Security Directorate before making his mark and continued as data scientist and software architect at Fortscale and RSA Security. In 2019 Barak left RSA and joined the founding team of Bridgecrew, an innovative cloud security company as VP Engineering and CTO.
Matt Tesauro is currently rolling out AppSec automation at a major financial institution and is a founder of 10Security. He has over 20 years of Linux experience and 7 years of using Linux containers, primarily Docker. Prior work included the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 63 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.
Anthony Webb is proud to have been a committed tech geek ever since first learning to code on a BBC Micro at around 6 years old. He has worked in Information Security specifically for the past 6 years and specialises in Cloud Security, Infrastructure Security, Penetration Testing and Red Teaming. Anthony works as an Associate Director with NotSoSecure and holds industry recognised accreditations including OSCP, QSTM/CTM, CREST CRT as well as a number of Cloud certifications including AWS Security – Specialty, Solutions Architect and Developer Associate. He is a trainer for a number of NotSoSecure’s hacking courses ranging from introductory through to advanced and specialist, and is a lead trainer for both the Advanced Infrastructure Hacking (AIH) and Hacking and Defending Cloud courses. Anthony has delivered training to large and small audiences at a number of conferences including Black Hat conferences globally, CPX360, BruCON, OWASP AppSec Day, as well as many smaller classroom and in-house groups and live web-based training delivery.
Mauricio Tavares (BS Aerospace Engineering) has worked with small and large companies in education, finance, and medical fields building and protecting user data. Currently a researcher at RENCI involved in next generation network research and an instructor with the Chameleon experimental research platform, he has given talks and workshops at ISSA InfoSecCon, Southeast Linux Fest, and IEEE SoutheastCon.