Trainers



  • For over the last 20 years, Jason has been ethically peering into Client Behavior, Wireless Networks, Web Applications, APIs and Cloud Systems, helping organizations secure their assets and intellectual property from unauthorized access. As a consultant he's taken hundreds of organizations through difficult compliance mine fields, ensuring their safety. As a researcher he has found flaws in consumer IOT systems and assisted in hardening them against external attacks. At Cequence Security Jason does research, community outreach and supports efforts in identifying Automated Attacks against Web, Mobile, and API-based Applications to keep Cequence's customers safe.

  • Experienced information security professional with a demonstrated history of working in the application security industry. Strong engineering professional with practical skills in Penetration testing, code review, threat modelling, design review, mobile security testing, DevSecOps, RASP and Cloud Security. The instructor has delivered training in the past for OWASP Delhi and Houston chapters.

  • Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.

  • Mohammed A. 'secfigo' Imran is the Founder and CEO of Practical DevSecOps and seasoned security professional with over a decade of experience in helping organizations in their Information Security Programs.
    He has a diverse background in R&D, consulting, and product-based companies with a passion for solving complex security programs. Imran is the founder of Null Singapore, the most significant information security community in Singapore, where he has organized more than 60 events & workshops to spread security awareness.
    He was also nominated as a community star for being the go-to person in the community whose contributions and knowledge sharing has helped many professionals in the security industry.
    He is usually seen speaking and giving training in conferences like Blackhat, DevSecCon, AppSec, All Day DevOps, Nullcon, and many other international conferences.

  • Mauricio Tavares (BS Aerospace Engineering) has worked with small and large companies in education, finance, and medical fields building and protecting user data. Currently a researcher at RENCI involved in next generation network research and an instructor with the Chameleon experimental research platform, he has given talks and workshops at ISSA InfoSecCon, Southeast Linux Fest, and IEEE SoutheastCon.

  • Keatron Evans is the Managing Partner at KM Cyber Security, LLC, https://kmcybersecurity.com, and responsible for global information security consulting business which includes penetration testing, cyber threat hunting, digital forensics, and training. He regularly consults for and trains members of the intelligence community of the US and other governments in offensive cyber operations and works on several classified threat hunting operations each year. Keatron is also one of the authors of the award-winning Certified Ethical Hacking course administered by the Infosec Institute. Additionally, he is the lead author of Chained Exploits: Advancing Hacking Attacks from Start to Finish, a textbook still used for offensive training throughout academic and corporate communities.

  • After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of 'Practical Web Defense' - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

  • Matt Tesauro is currently rolling out AppSec automation at a major financial institution and is a founder of 10Security. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 63 different security tools. Prior work included the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He has over 20 years of Linux experience and 7 years of using Linux containers, primarily Docker. Matt holds two degrees from Texas A&M University and several security and Linux certifications.

  • Nithin Jois is a Solutions Engineer at we45 - a focused Application Security company. He has helped build ‘Orchestron’ - A leading Application Vulnerability Correlation and Orchestration Framework. He is experienced in Orchestrating containerized deployments securely to Production. Nithin and his team have extensively used Docker APIs as a cornerstone to most of we45 developed security platforms and he has also helped clients of we45 deploy their Applications securely.
    Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook.
    Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training.
    Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.

  • Dhamotharan is a seasoned security professional with over a decade worth of experience ranging from application security to infrastructure and now dealing with DevSecOps. He is currently working as a Lead Cyber Defence Analyst with PayU India. Some of his research ideas and technical advisories can be found in his blog. A security researcher, an active speaker and a bug hunter, discovered multiple Bug hunter in modern web application, His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Oracle, Slack, Sony, Sophos, Bit Defender, ING, NN-Group,& Cisco, Matomo etc. His works with various communities (OWASP Seasides, Bsides , Nullcon and National Cyber Safety and Security standards (india) and is passionate about increasing participation in Infosec space. he has been a speaker at OWASP Global Seasides 2020, NCDR Conference). Dhamotharan also volunteers for the Member in National Cyber Safety & Security Standards(NCDRC), India and Lead Security Researcher in Bug Discover community. OWASP Erode Chapter Leader

  • Michael Furman has over 13 years of experience with application security.
    Michael Furman has been the Lead Security Architect at Tufin for over 6 years. He is responsible for the security of all Tufin software products.
    Tufin has over 2000 customers, including over half of the Fortune 50 organizations.

  • Aleksandr Kolchanov is an independent security researcher and consultant. Ex penetration tester of a bank in Russia. He takes part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Yandex, Privatbank). Aleksandr is interested in uncommon security issues, telecom problems, privacy, and social engineering. Speaker at PHDays 2018 and 2019, c0c0n 2018, DeepSec 2018 and 2019, HiTB 2019, Infosec in the City 2019, OzSecCon 2019, Hacktivity 2019, No cON Name 2019 and BSides.