Speakers

Sarah Hume

Purple Team Lead

Security Risk Advisors (SRA)

Sarah leads the Purple Team service at Security Risk Advisors (SRA). She has led hundreds of Threat Intelligence-based Purple Team exercises for organizations in the Fortune 500 and Global 1000 over the past 7 years. Her background is in offensive security, primarily internal network, OT/ICS, and physical security penetration testing. Sarah also has experience in external network penetration testing, web application assessments, OSINT, phishing/vishing campaigns, vulnerability management, and cloud assessments. She was a DEF CON 33 speaker. Sarah graduated Summa Cum Laude from Penn State with a B.S. in Cybersecurity. She is a Certified Red Team Operator (CRTO), Certified Information Systems Security Professional (CISSP), Google Digital Cloud Leader, AWS Certified Cloud Practitioner, and Advanced Infrastructure Hacking Certified. She lives in Philadelphia with her dog, Paxton.

Annika Clarke

Red Teamer & Penetration Tester

Security Risk Advisors

Annika Clarke is a red teamer, penetration tester, and offensive security engineer working at Security Risk Advisors. Her focus is on researching and developing novel attack techniques that creatively evade traditional detection mechanisms in real-world client engagements.

Tracy Z. Maleeff

Principal

Sherpa Intelligence LLC

Tracy Z. Maleeff, aka InfoSecSherpa, is the principal of Sherpa Intelligence LLC. She previously held roles at the Krebs Stamos Group, The New York Times Company, and GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. A native of the Philadelphia area, she is passionate about Philly sports - Go Birds! Tracy publishes OSINT blogs and an Information Security & Privacy newsletter.

Matt Maisel

CTO & Co-founder

Sondera

Matt Maisel cofounded Sondera, a Philly-based AI security startup, where he serves as CTO. He's built ML security products at Cylance, Obsidian, and NetRise. Recently, he's focused on agentic systems--- both building and breaking them. He's presented at BSidesCharm and DEF CON AI Village, and trained at Black Hat USA.

Evan Perotti

Lead Scientist

Security Risk Advisors

Evan Perotti is a Lead Scientist at Security Risk Advisors. He focuses on research and development, primarily within the offensive security space. His specialties include AWS security, Windows endpoint security, and purple teaming.

Michael Raymond

vCISO & Compliance Professional

Independent

Michael Raymond is a vCISO and compliance professional who thrives on exploring the bleeding edge of tech. In his earlier career, Michael was a security researcher and video producer, delivering live-streamed educational content on channels like Null Byte, SecurityFWD, and Hak5. Outside of his day job, Michael's curiosity drives him into the realms of hardware, electronics, and aerospace. Whether it's tracking airplanes through ADS-B, diving into signals intelligence with SDRs, home automation with Home Assistant, or uncovering other obscure niche topics, he brings the same passion and friendly enthusiasm to every new challenge.

Dr. Thomas Heverin

Director of Technology and Cybersecurity & AI Educator

The Baldwin School

Director of Technology and Cybersecurity & AI Educator at The Baldwin School. Dr. Heverin has over a decade of experience in cybersecurity, penetration testing, and AI security research. He has published multiple papers with his students at the Baldwin School (an all-girls private school) on topics including prompt injection attacks, ontology-driven cybersecurity, and vulnerabilities in enterprise technologies. He is the author of a Navy cyber risk assessment patent, a NVD CVE entry, exploits on ExploitDB, Google Dorks, and countless bug bounty reports for universities and a government agency.

BV_ & Syntax

Security Practitioners

Various

BV_ is a security practitioner currently working at (intentionally left blank). Syntax is a long-term pen tester currently working at (intentionally left blank) with a combined over 40 years of experience in the industry they have seen some things and this is where they get to regale you all with some stories so hopefully you can learn from everyone else's mistakes. A lot of them ours.

Prof. Atdhe Buja

Assistant Professor

Commonwealth University of Pennsylvania

Atdhe Buja is an Assistant Professor of computer science, digital forensics, and cybersecurity at the Commonwealth University of Pennsylvania, USA (Bloomsburg University). Atdhe is a world-renowned cybersecurity expert with decades of experience. As PM, Atdhe has established and led the CERT team in academia and the private sector in Southeast Europe. He is an EC-Council Instructor (CEI), Microsoft IT Professional, and Oracle Administrator for RDMBS, and a leading authority on information technology, Industrial IoT, and ICS/SCADA cybersecurity. His research work focuses on cybersecurity countermeasures for Industrial IoT, IoT security, ICS/SCADA infrastructures, wireless sensor network WSN, cybersecurity of ML and artificial intelligence, and database management systems. Author of multiple books including 'Cybersecurity of Industrial Internet of Things (IIoT)' and 'AI and ML-Driven Cybersecurity: Industrial IoT and WSN with Python Scripting'.

Chris Glanden

Professional Mentalist

Independent

Professional mentalist and speaker who explores the intersection of psychological manipulation and cybersecurity.

Amanda Draeger

Principal Cyber Risk Engineer

Liberty Mutual Insurance

Principal Cyber Risk Engineer at Liberty Mutual Insurance with expertise in cyber insurance and risk management.