TROOPERS08 - Speaker


Francisco Amato

Francisco Amato is a security researcher & consultant specialized in vulnerability development, blackbox testing, reverse engineering. He is running his own company, [ISR] – Infobyte Security Research, where many of it’s developments in audit tools and vulnerabilities in several Novell , IBM products. He is one of the organizers of the ekoparty security conference.

Andrey Belenko

Andrey is a security researcher and software engineer at Elcomsoft (, a password recovery company. He is involved in analysis of real-world security systems. Area of his research interest includes practical cryptography, high-performance and distributed computing (including that on GPUs and special hardware).

Dan j. Bernstein

Dan J. Bernstein (US) is a full professor in the Department of Mathematics, Statistics, and Computer Science at the University of Illinois at Chicago. Professor Bernstein has received a U.S. National Science Foundation CAREER award, a Cyber Trust award, three more U.S. government grants, and a Sloan Research Fellowship for his research in computational number theory, cryptography, and computer security. He is the author of several dozen papers and two of the Internet’s most popular server software packages, djbdns and qmail.

Rodrigo Branco

Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.

Sergey Bratus

Sergey Bratus is a Research Assistant Professor the Computer Science Dept. at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and all kinds of wired and wireless network hacking.

Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.

Jon Callas

Jon Callas is the Chief Technical Officer and Chief Security Officer of PGP Corporation. He is an author of cryptographic standards including OpenPGP and DKIM, and a frequent author and commentator. Jon has worked for a number of companies including Counterpane Internet Security, Apple, DEC, and others.

Raoul Chiesa

Raoul “Nobody” Chiesa (OPST, OPSA), Founder & CTO, – Italy. Mr. Chiesa has been active in the field of computer security research at a high level since 1986; from 1997, as a member of a team of experts and researchers, he contributed to national and international Security R&D projects. Raoul is a co-author of the books (in english) “Hacking Linux Exposed, ISECOM Edition” (2008) and Profiling Hackers (2008), along with a huge list of contributions and papers in Italy.

Andrew Cushman

As director of security response and outreach for the Microsoft® Security Response Center (MSRC), part of the Trustworthy Computing Group at Microsoft Corp., Andrew Cushman manages the teams responsible for the company’s monthly security updates and those focused on collaborating with researchers and companies to mitigate the effect of security vulnerabilities. Cushman and his teams lead emergency responses to security threats, define and enforce response policies, and monitor monthly update quality and timeliness. Cushman has expanded Microsoft’s outreach programs to cover security researchers as well as mainstream security organizations, companies and computer emergency response teams. Cushman joined the MSRC in 2004 as a member of the Security Engineering Group executive leadership team that made security processes an integral part of Microsoft’s engineering culture. Since then he has been a driving force behind the company’s security researcher outreach strategy and execution efforts, formulating the Responsible Disclosure Initiative strategy and initiating the BlueHat security conference franchise. Today he is director of the MSRC and a key influencer of Microsoft’s Security Development Lifecycle. Since joining Microsoft in January 1990, Cushman has held positions on the Microsoft International Product Group, the Microsoft Money team and the Internet Information Services (IIS) team. He led the IIS product team during the development of IIS 6.0 in Windows Server® 2003. IIS 6.0 was one of the first Microsoft products to fully adopt the security engineering processes that are today embodied in the SDL and remains a “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing. Cushman earned a bachelor’s degree in international studies from the University of Washington and a master of international business degree from Seattle University. Away from work, he is an avid skier and spectator of dressage, a form of competitive horse training.

Bryan Fite

Bryan K. Fite: A committed security practitioner and entrepreneur, Bryan is currently a Senior Cyber Physical Security Consultant at BT. Having spent over 25 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn't. Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor. "The challenges facing organizations today require a business reasonable approach to managing risk, trust and limited resources while protecting what matters."

He is also the creator of PacketWars™ ( the World’s premier Cyber Sport.

Christofer Hoff

Christofer Hoff has over 15 years of experience in network and information security administration, engineering, and operations with his expertise focused on developing strategies for innovation in the area of information security, survivability, resilience and assurance with a focus on rational risk management. Hoff is Unisys Corporation’s chief architect of security innovation.

Hoff is a prolific blogger (,) featured speaker at numerous information security conferences, holds several security credentials and is an accomplished and accredited instructor in multiple security disciplines.

Thorsten Holz

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general.

Michael Kemp

Michael is an experienced UK based security consultant, with a specialism in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus, and is currently preparing his first book length technical manuscript. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), and a host of freelance clients throughout the globe. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person.

Roger Klose

Coming soon

Alexander Kornbrust

Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, IT Underground and Syscan. Alexander has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander reported over 320 security bugs in different Oracle products.

Volker Kozok

Lieutenant Colonel Volker Kozok is Assistant Branch Chief Technical Data Protection in the Ministry of Defense, Organizational Staff. He is a IT-Security Specialist and Security Analyst in the Bundeswehr. He has worked as a IT-Security Staff Officer in different organizations with the main focus on control and on-site-inspections of IT-Systems, Officies and Agencies. He is an authorized Expert for IT-Incidents & Computer Crime Cases. He was the Head of the first CERT-Bw-Training Course and an IT-Forensic-Expert.

Pierre Kroma

Pierre Kroma is exclusively occupied with Pentesting, Webapplication-,WLAN-Hacking, IT- and Mobile Forensic. He is concentrated to discover and publish new vulnerabilities. In addition his colleagues and he analyse rooms and devices with the focus to discover bugging devices.

Friedwart Kuhn

Friedwart Kuhn is a renowned expert for Active Directory security and has performed a huge number of projects both in the concept and design space and in the pentesting and incident analysis field.

Daniel Mende

Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.

Andrew Morris

Andrew Morris has over a decade of security experience and is current the Senior Technical Consultant for LogLogic EMEA, the market leader in Log Management and Intelligence. Focusing on being logging specialist, he has provided consultancy, architected, and implemented logging solutions to some of the largest enterprise customers, worldwide. Before joining LogLogic, Andrew owned his own security consultancy company providing security solutions for financial and telecoms companies in EMEA.

Enno Rey

Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.

Simon Rich

Simon Rich is a German security researcher specialized on network protocols and technologies. He has contributed to finding several protocol flaws in the past and is known for innovative approaches to (depending who’s the customer) implementing or breaking the security of technologies. He is also well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and have presented on protocol security at many occasions including CCC Easterhegg, Daycon, IT Underground and Troopers08.

Dror-John Roecher

Before joining Computacenter Dror worked as a Senior Security Consultant for ERNW assessing the security of networks and researching into different security-technologies. After fiddling around with Cisco gear for some years and presenting on different topics at several international security conferences he has moved on to develop a kind of holistic approach to information security. He still believes that it should be possible to `measure security` in some way and spends some of his time trying to understand how security can be `made measurable`.

Horst Speichert

Horst Speichert is a specialized attorney in the field of IT Law, Data Protection and IT Security Law. He is assistant professor at Stuttgart University, the author of the juristic textbook “Praxis des IT-Rechts”, second edition 2007, and lectures on Media Law and International Contract Law. His scope of activity involves the arrangement of software contracts and privacy agreements. He acts as data protection officer in several companies.

Rolf Strehle

Rolf Strehle has a degree in Computer Science and over 16 years of experience as founder and manager of IT-Security companies. He is accredited auditor for ISO/IEC 27001 at BSI (Bundesamt für Sicherheit in der Informationstechnik) and consults customers in the areas of IT-Security and Data Protection as CEO of ditis, a security company in Ulm, Germany. Furthermore he is responsible for the worldwide IT-Security strategies as CSO of VOITH AG, an international manufacturing company with over 34,000 employees worldwide. In this position he was defining new security standards and implementing global defense technologies for the VOITH corporate network.

Michael Thumann

Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.

In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.

Ariel Waissbein

Ariel Waissbein joined Corelabs at Core Security Technologies in 1999. During 1999-2002 he worked on a new public-key cryptographic scheme, he discovered cryptographic attacks to popular software products such as SSH and MySQL and designed a cryptographic attack method against polynomial-based public-key schemes. In 2003-2004 he worked in digital rights management projects and developed a provably secure software protection method. Since 2004 he leads a research group which has been tasked with web-application and end-point security and penetration testing. This group has designed a security and privacy enforcement system for web applications called CORE GRASP (see, a static analysis vulnerability detection scheme and has collaborated in a new web-application penetration testing platform. Since 2005 he co-leads the Computer Security program in the Ph.D program at ITBA university where he still teaches. Papers and presentations: see for a complete list.

Job de Haas

Job de Haas holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, smart meters and a variety of modems (ADSL, Wireless). Further, he is a specialist in the reverse engineering of applications and consumer electronics. At Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card-sharing attacks for conditional access providers. Job has participated in the creation of several certification schemes for customers of embedded products. Job has a long speaking history at international conferences, including talks on security of mobile technologies, reverse engineering of firmware and side channel attacks on embedded systems.