Adam Shostack is a leading expert in threat modeling, and the author of Threats: What Every Engineer Should Learn from Star Wars and Threat Modeling, Designing for Security.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of Iron-Clad Java - Building Secure Web Applications from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Josh Grossman has worked as a consultant in IT and Application Security and Risk for 15 years now, as well as a Software Developer. This has given him an in-depth understanding of how to manage the balance between business needs, developer needs and security needs which goes into a successful software security programme.
Josh is currently CTO for Bounce Security where he helps clients improve and get better value from their application security processes and provides specialist application security advice. As well as working at Bounce, has also spent time working as a consultant and team leader for various other leading security consultancies.
He has provided guidance and support to clients including multi-national software development organizations, Fortune 500 companies as well as early and mid-stage start-ups. His consultancy work has led him to work, speak and deliver training both locally and worldwide including privately for ISACA and Manicode and publicly for OWASP's Global AppSec conferences and at Black Hat USA.
In his spare time, he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board. He was also recognized as a Key Contributor for the OWASP Proactive Controls project and has also contributed to the OWASP Top 10 Risks project and the OWASP JuiceShop project.
After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop Electron app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of Practical Web Defense, a hands-on eLearnSecurity attack / defense course, OWASP OWTF project leader, an OWASP flagship project - owtf.org, Major degree and Diploma in Computer Science, some certs - CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE-Security, MCSA-Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity. Multiple presentations, pentest reports and recordings can be found at 7asecurity.com/publications
Michael Loadenthal, Ph.D., is as a Professor of Research, with the Center for Cyber Strategy and Policy, within the School of Public and International Affairs at the University of Cincinnati, and the founder and Executive Director of the Prosecution Project which tracks political violence occurring in the US. Dr. Loadenthal serves as a security researcher, trainer, consultant, and subject matter expert focused on political violence, social movements, extremism, and technology. He routinely trains and advises NGOs, journalists, activists, elected officials, and other high-risk individuals in digital-operational security, risk assessment, threat modeling, and open-source intelligence (OSINT) investigative techniques. His research focuses on North American far-right digital networks and other extremist social movements, and has involved research and practice on five continents.
Dr. Loadenthal supports a variety of ongoing research projects including the Transcultural Conflict and Violence Initiative (Georgia State University), Movement Engaged Research Hub (George Mason University), Bridging Divides Initiative (Princeton University), Accelerationism Research Consortium (Middlebury Institute of International Studies), and the Global Network on Extremism and Technology (Kings College London). He is a frequent publisher of his work, which has been featured in books, journals, and news outlets including, The Washington Post, New York Times, The Guardian, Al Jazeera, the Intercept, and USA Today. His latest book, Prosecuting Political Violence (2021) explores the criminal justice system’s treatment of terrorism, extremism, hate crimes, and political protest. Dr. Loadenthal holds a Ph.D. in Conflict Analysis (George Mason University), and a Master’s degree from the Centre for the Study of Terrorism and Political Violence (University of St. Andrews), and has held teaching appointments at Georgetown University, George Mason University, Miami University, University of Cincinnati, the University of Malta, and several correctional institutions.
Rob van der Veer is an AI pioneer with 32 years of experience in the AI field, specializing in engineering, security and privacy. He is the lead author of the ISO/IEC 5338 standard on AI lifecycle, co-founder of the digital bridge for security standards OpenCRE.org, and creator of the OWASP AI Exchange - open sourcing the global discussion on AI security. He is advisor to ENISA and deeply involved in international standardization through different roles in ISO/IEC and CEN/CENELEC, including JTC21/WG5 - working on the security standardization request for the AI Act. At Software Improvement Group, Rob is senior director of AI, security, and privacy, working with organizations around the world on these topics.
Dr. Kim Wuyts is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC Belgium as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices. She is a guest lecturer, experienced speaker, and invited keynote at international privacy and security conferences such as OWASP Global AppSec, RSA, Troopers, CPDP, and IAPP DPC. In the last few years, Kim has been delivering privacy awareness and privacy threat modeling training at many events, including academic guest lectures and corporate training. Kim is also a co-author of the Threat Modeling Manifesto+Capabilities, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering.
Avi Douglen has been building secure applications for decades, and is *obsessed* with maximizing value output from security efforts. Avi is the founder and CEO of Bounce Security, a boutique consulting agency dedicated to helping developers integrate security efficiently into their workflows. He is a frequent speaker, keynote, and trainer, and has trained thousands of developers to build more secure products. AviD is an active contributor to open source communities, including leading the OWASP Israel chapter, creating the incredibly popular AppSec Israel security conference, co-founding the OWASP Threat Modeling project, and currently serving on the OWASP Global Board of Directors. He is also a community moderator on https://Security.StackExchange.com/, and co-authored the Threat Modeling Manifesto+Capabilities https://www.threatmodelingmanifesto.org/.# TrainerId: trainer_dos# Title: Practical Privacy by Design - Building secure applications that respect privacy
While leading and co-authoring the OWASP API Top 10 Project, Paulo is a security practitioner with a solid background in software development who has spent the last decade breaking software and helping organizations improve their security posture. In addition, Paulo participated in writing several Secure Coding Practices documents and delivered talks, webinars, articles, and workshops on secure coding and API security.
Fabio delivered this training to thousands of developers and security professionals. He also regularly delivers training to technical audiences on various topics such as application security, cloud security, and information security. Here is a reference from one attendee of his courses, 'Fabio is an excellent instructor. I was lucky enough to attend one of the courses where he was the instructor. He was able to present the subject matter in an interesting way and at an appropriate pace. He encouraged interaction and was able to answer questions with ease by leveraging his extensive experience in the industry.' Fabio Cerullo is an official certified instructor for (ISC)², the global leader in information security education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries ranging from financial and government institutions to software houses and start-ups. He regularly trains professionals from different backgrounds in application security, cloud security, and information security. He is a regular speaker at events organized by OWASP, ISACA and (ISC)² among others; and provides commentary and written articles for specialized industry media (Computer Weekly, Infosecurity Magazine, SiliconRepublic.com, etc). He holds an MSc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from (ISC)².