Speakers & Trainers

Abhay Bhargav


Abhay Bhargav is the CTO of we45, an Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, including OWASP AppSecUSA 2016, OWASP AppSec EU 2017 and OWASP AppSec USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Eldar Marcussen


Eldar is a penetration tester and security researcher with HackLabs where he performs red teaming, and other pentests. He is also an assessor for CREST Australia. He has worked closely with bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers. In addition to finding vulnerabilities he contributes to and maintain several open source projects in his spare time aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.

Ken Johnson


Ken Johnson, has been hacking web applications professionally for 10 years and given security training for 7 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.

Seth Law

Security Consultant

Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth currently hosts the Absolute AppSec podcast with Ken Johnson and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.

Max Feldman


Max Feldman is a member of the Product Security team at Slack, where he works on the bug bounty program and performs security assessments of Slack features, as well as the development of security tools and automation. He was previously a member of the Product Security team at Salesforce.

Keith Hoodlet

Thermo Fisher Scientific

Keith Hoodlet is the Manager of Development Security Operations at Thermo Fisher Scientific, a global enterprise providing all-things-science-related to the world. In his free time, Keith hosts the Application Security Weekly podcast - while also hacking "all the things" as a a Top 100 Security Researcher on Bugcrowd, and building new web applications as a self-identified "Full-Stack Developer". Keith has spoken internationally on topics related to learning and development in the field of Application Security, and has trained others in the subject at well-regarded industry conferences.

Pieter Danhieux

Secure Code Warrior

Pieter Danhieux is the CEO of Secure Code Warrior. He is a globally recognised security expert, with over 12 years’ experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. In 2016, he was recognised as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

Nina Juliadotter

Nina was a software developer who became tired of reading about data breaches caused by insecure source code and decided to do something about it. Currently a Principal Application Security Consultant, she helps software developers write secure applications that keep data safe.

Scott Coulton


Scott Coulton is a Principal Software Engineer and Docker captain with 10 years of experience in the managed services and hosting space. He has extensive experience in systems architecture and rolling out systems and network solutions for national and multinational companies with a wide variety of technologies, including AWS, Puppet, Docker, Cisco, VMware, Microsoft, and Linux. His design strengths are in cloud computing, automation and the security space.

Matt Jones


A partner at @elttam, Matt has over a decade of industry experience in both offensive and defensive roles. He enjoys problem solving, data-based analysis, and trying to come up with ways to incorporate whisky into cooking.

Michael Gianarakis


Michael Gianarakis is the co-founder and CEO of Assetnote, a platform for continuous monitoring of your external attack surface. Michael has presented his mobile security research at various industry events and meetups including, DEF CON, BSides Las Vegas, Black Hat Asia, Thotcon, Rootcon, and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.

Lidia Giuliano

Real Estate Australia

Lidia Giuliano has 15 years’ experience in information security. Her professional and personal interests span multiple areas including SecOps, vulnerability management, malware defense, other defensive and open-source projects. She has presented internationally on many areas of information security, enjoys mentoring for FiTT and AWSN and is activity involved in the InfoSec community.

Louis Nyffenegger


Louis Nyffenegger is the founder of Pentesterlab. He is also a security engineer and entrepreneur based in Melbourne, Australia where he performs pentests, architecture and code reviews on a daily basis.

Jeff Thomas


Jeff is a Security Specialist with over a decade of experience in IT and information security. He leverages his web application and development expertise to identify new and exciting ways to exploit application and logic flaws. Past security research includes remote hacking of drones. He holds multiple information security certifications including OSCE, OSCP, OSWP, and CISSP.

Katie Foster


Katie is a Security Engineer at Fitbit where she manages Fitbit's responsible disclosure & bug bounty program.

Vasant Kumar Chinnipilli


Vasant works at Shelde as a security consultant and devsecops practitioner working towards securing code in a continuous deployment world. He has interests in penetration testing, vulnerability assessment, vulnerability management, securing cloud service. He also provides consulting services for companies ranging from startups to Fortune 100.

David Black


David is a security engineer at Atlassian where he breaks and fixes things. In his spare time he likes to *redacted* and *redacted*.

Mario Areias


Mario is a software engineer with a passion for security and open source. FindSecBugs, Brakeman, and ZAProxy are some of the open source projects Mario has contributed to. He currently works at Tyro as a software engineer on the Application Security Team.

Rebecca Trapani


Rebecca is a "white rabbit" hacker by day and a Python developer by night. She loves good looking code, poisonous plants and spending time dreaming up new security tools that eventually (someday) might get published. She also suffers from a chronic case of refactoring syndrome and checklist-itis. In Rebecca's post-hacker life she worked for SaaS providers trying to make information security and policy more accessible and fun, giving workshops on lock-picking and vulnerability management. If left unattended too long she will resume her Pavlovian-style training to get people to improve security practices.

Kevin Manderson


Kevin currently performs incident response and threat intelligence at Telstra. He is also specialising in industrial control systems.

Osama Elnaggar

Osama is an independent security consultant who works in areas of infrastructure security, application security, cloud security and general information security. Previously, he led information security and application security teams at a major telco. He is also a key contributor in a number of OWASP projects including the OWASP Top 10 2017 project, the OWASP Proactive Controls project and the OWASP ASVS project.

Brendan Seerup

Brendan is an Application Security Specialist in New Zealand. He loves helping teams with appsec, threat modeling and getting the most from penetration testing. He also leads a threat hunting group which discloses findings to New Zealand's CERT helping to make the internet in New Zealand a safer place. Outside of security, Brendan is studying fine wine, enjoys lock sport and is a fanatical comic & toy collector.

Ulisses Albuquerque


Ulisses is a principal security consultant at PS&C group. He is a DevSecOps and agile advocate with a passion for building and fixing software.

Topy A

Loop Secure

Hacker. Breaker. Lock Picker. Physical Security Enthusiast. HackHouse. @OzSecCon. Curious. IBM Z9 Owner. Topy has run Lockpicking events at several Australian conferences. Living in a warehouse dubbed "the Hack House" he disappears for days at a time lost amongst piles of computers cables and locks. Topy has lived and breathed the security industry for the past 15 years and loved it all.

Liam O


Liam is a former developer turned pentester. His passion is not just breaking systems, but providing empathetic and actionable advice on how they can be improved. Liam is Director of Consulting at Assurance and is a duck enthusiast \_o