Speakers
Bug Bounty Village
Speakers
Jason Haddix (@jhaddix)
Jason Haddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards.
Justin Gardner (@Rhynorater)
Yo! I'm Justin Gardner - a full-time bug bounty hunter out of Richmond, VA. I also host the Critical Thinking - Bug Bounty Podcast and advise for Caido - the latest and greatest HTTP proxy. I'm an active member of the HackerOne live hacking event circuit (the medium through which I do most of my bug bounties) and have placed top 5 in most of the live hacking events I've attended for the past couple years. Web hacking is my sh*t, but I love all types of hacking.
Daniel Le Gall (@Blaklis_)
Blaklis is a bug bounty hunter that started seven years ago, as a hobby. He co-founded a company that was doing, as one of the main activities, bug bounty hunting, and decided to get back to freelance again two years ago, to be free again.
Joel Alexis Noguera (@niemand_sec)
Joel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than eight years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, among others.
Gonçalo Magalhães (@realgmhacker)
Aerospace engineer, turned embedded systems engineer, turned smart contract engineer. Currently Head of Security at Immunefi and Advanced Solidity and Blockchain teacher. Web3 security audits independently.
Prince Chaddha (@princechaddha)
Prince Chaddha leads the nuclei-templates project at ProjectDiscovery. With over a decade of experience in web application security, bug bounties, code auditing, and pentesting across various domains, including network, API, mobile, cloud, and infrastructure security. He actively writes about DevSecOps and cloud security, including AI, open-source, and blockchain security.
Ryan Barnett (@ryancbarnett)
Ryan Barnett is a Principal Security Researcher working on the Akamai Threat Research Team supporting the App and API Protector product. In addition to his primary work at Akamai, he is also a former Faculty Member for the SANS Institute, a WASC Board Member and OWASP Project Leader for: ModSecurity Core Rule Set (CRS) Web Hacking Incident Database (WHID). Mr. Barnett has also authored two web security books: Preventing Web Attacks with Apache (Pearson) and The Web Application Defender's Cookbook: Battling Hackers and Defending Users (Wiley).
Kasimir Schulz (@abraxus7331)
Kasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
Jessica Sexton (@sgtcardigan)
Jessica Sexton, Sr. Director of Community at HackerOne, has significantly contributed over the past five years, leading the live hacking program and innovative initiatives like the Ambassador World Cup. She heads the Hacker Success Management team, focusing on retention, enablement, and growth of the hacker community. Before HackerOne, Jessica held roles in customer management and cybersecurity, honing her skills in strategy and growth. Her work inspires and energizes the HackerOne community, fostering a collaborative and inclusive environment.
Katie Noble
Director, PSIRT and Bug Bounty at a Fortune 50 tech Company. Katie serves as a CVE Program Board, Bug Bounty Community of Interest Board, and Hacking Policy Council member. She is a passionate defensive cybersecurity community activist, she is regularly involved is community driven projects and is most happy when she is able to effect positive progress in cyber defense. Prior to joining private sector, Katie spent over 15 years in the US Government. Most recently as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA).
Martin Doyhenard (@tincho_508)
Martin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP Servers and Web Applications. His latest work includes HTTP Response Smuggling and exploiting SAP’s Inter-Process Communication - compromising more than 200 thousand companies in the world. Over the past few years, he presented his findings in some top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
Tarun Koyalwar (@KoyalwarTarun)
Tarun is a Go developer at ProjectDiscovery, where he maintains and contributes to open-source projects such as Nuclei, Cvemap, Katana, and Subfinder. He specializes in developing and contributing to automation tools for bug bounty hunting, with a focus on large-scale automation and fuzzing techniques. Alongside his development work, Tarun has hands-on experience as a part-time bug bounty hunter. He is passionate about discovering and refining techniques for automating bug bounty experience
Inti De Ceukelaire (@securinti)
Inti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator.
He currently works as the Chief Hacker Officer at Europe’s largest vulnerability disclosure platform, Intigriti, a founding member of the Hacker Policy Council. With extensive experience in the field of security and ethical hacking, Inti has earned a reputation as a thought leader in the industry. His work and expertise have been featured in a variety of international publications, including the BBC, Wired, The Verge, CNET, Mashable, and New York Magazine.
Roni Carta (@0xlupin)
Roni Carta, a.k.a @0xlupin, is a 22 years old ethical hacker. He left school and his virtual classes to devote himself full-time to hacking. He credits Maurice Leblanc's book "Arsène Lupin" with immersing him into the culture and mindset of ethical hacking. Roni co-founded with his brother Lupin & Holmes, an offensive security Research & Development company
Rotem Bar (@rotembar)
Rotem Bar is a dedicated cybersecurity expert with over ten years of experience, focusing on internal security using bug bounty programs and other pentesting capabilities. His passion for identifying and mitigating security vulnerabilities has led him to actively participate in numerous security initiatives, earning recognition within the community.
Diego Jurado Pallarés (@djurado9)
Diego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne.
Nikhil Shrivastava (@niksthehacker)
My name is Nikhil Shrivastava, also known as niks. As an ethical hacker and bug bounty hunter, I have assisted over 300 companies, in identifying more than 1500 security vulnerabilities. I am ranked as the #1 hacker in India on Synack Red Team and was honoured with the "Synack Legend Hacker" title in 2021. Additionally, I founded Security BSides Ahmedabad, an international hacking conference held annually in Ahmedabad, India.
Lucas Philippe (@BitK_)
BitK is a French Security Researcher, Bug Hunter, Member of the French CTF team The Flat Network Society and Tech Ambassador at YesWeHack. He has been doing CTF and bug bounty for over ten years with a specialty in web exploitation. He is also the author of multiple hacking tools like pwnfox, yesweburp, CTFNote and more.
Isabella Barnett (@4ng3lhacker)
Isabella Barnett is a Software Engineering Intern at Databuoy and a rising freshman at George Mason Honor's College studying Cyber Security Engineering.
Harrison Richardson (@rs0n_live)
Harrison Richardson (rs0n) began his Cybersecurity career in the US Army as a 25B. After leaving the service, Harrison worked various contract and freelance jobs while completing his Masters in Cybersecurity from the University of Dallas. Harrison's first full-time job in the civilian sector was at Rapid7, where he worked as a senior security solutions engineer as part of their Applied Engineering Team. Today, Harrison is the security engineering manager for the FloQast Security Team, specifically overseeing application security. In his free time, Harrison works to provide educational content to the bug bounty community through YouTube and Twitch.
Logan MacLaren (@maclarel_)
Logan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!
Jeffrey Guerra (@s2jeff_gh)
Jeff Guerra is a Sr. Product Security Engineer at GitHub who enjoys bounties, application security, and much more. He is an avid advocate for vulnerability disclosure/bug bounty programs and the effectiveness and community engagement that comes with it. He's a curious and passionate security professional who loves to talk all things security. He loves watching and playing soccer and has recently began his journey into time-attack track events. He's a huge car enthusiast and recently began learning to modify cars for the track and daily use.
Michael Skelton (@codingo_)
Previously a top 10 bounty hunter at Bugcrowd, now the VP of Operations overseeing triage, appeals, escalations, and the support team, also creating YouTube content at youtube.com/codingo and developing tools at github.com/codingo.
James Kettle (@albinowax)
James 'albinowax' Kettle is the Director of Research at PortSwigger - his latest work includes HTTP desync attacks and automating hunting unknown vulnerability classes. He loves working on inventing novel techniques to hack websites, implementing them into Burp Scanner, and then seeing hackers in the community using his techniques to find new vulnerabilities. He also wrote three of the ten most popular Burp Suite extensions - ActiveScan++, HTTP Request Smuggler, and Backslash Powered Scanner.
Ben Sadeghipour (@nahamsec)
Ben Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben's professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and Bsides.
Sam Erb (@erbbysam)
Sam is a security engineer at Google who helps run the Google and Alphabet Vulnerability Reward Program. He holds two DEFCON black badges and numerous bug bounty live hacking event awards. He has presented previously on the DEFCON main stage and in the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.
Gunnar Andrews (@G0LDEN_infosec)
I am a hacker, engineer, gamer, and creator from the Midwest. I enjoy being involved in the bug bounty community, meeting new hunters, learning techniques, and building cool software! I have a passion for writing security tools and building systems, as well as creating the best and biggest community of friends I can! I love to talk automation, hacking, software/systems, and just about anything else tech.
Charlie Waterhouse
Texas native Charlie has a deep interest in computer science. Starting as an International Flight Attendant at United Airlines, he transitioned to networking, programming, stack development, web design, and finally breaking stuff. Charlie also spoke at the Texas Cyber Summit on the executive/leadership talk track.
Emile Fugulin (@TheSytten)
Emile was a freelance DevOps & backend developer for many years prior to starting Caido. He always had a passion for security, and working on Caido is the perfect combination of both!
Chloé Messdaghi (@ChloeMessdaghi)
Chloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
Ryan Rutan (@r00br1q)
After spending over a decade building online communities for tech savvy enterprises, Ryan has returned to his hacker roots as the Sr. Director, Community at the Synack Red Team. He is a long-time developer/maker at heart and technology innovator by trade, but his passion comes from uniting people, process and technology into sustainable community programs capable of scaling to meet any business challenge. In his spare time, he enjoys flexing his creativity by writing fiction novels (Fork This Life), hacking on IoT projects and furthering his cybersecurity knowledge through his programming, automation and integration talents cultivated over the past twenty years of his technical career.
Johnathan Kuskos
There's no place Kuskos would rather be than somewhere with a cool breeze, lightning-fast bandwidth, a decent brew, and a list of servers to target . He discovered his passion for offensive security nearly 13 years ago and quickly became obsessed with the art of finding overlooked vulnerabilities, understanding why they're missed, and enhancing tools and methodologies for comprehensive coverage. Kuskos is the founder of Chaotic Good Information Security, a labor of love boutique penetration testing firm.
Gareth Heyes (@garethheyes)
PortSwigger researcher Gareth Heyes is probably best known for smashing the AngularJS sandbox to pieces and creating super-elegant XSS vectors. When he's not authoring books (like the recent title, JavaScript for hackers).
In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, researching new techniques to attack web applications. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time he loves writing new BApp extensions such as Hackvertor.
Dhiyaneshwaran Balasubramaniam
Dhiyaneshwaran is a Nuclei Template Engineer at ProjectDiscovery.io, crafting Nuclei templates for trending exploits and CVEs. With over 1350 templates written, he leads the Nuclei-Templates leaderboard. In his free time, he engages in bug bounty hunting and develops unique reconnaissance methodologies. He is also an active speaker and organizer in the cybersecurity community, contributing to Null Chapter, OWASP Local Chapters, and BSides Chapters.