2019 BASC Speakers

Mansour Ahmadi
Northeastern University Mansour Ahmadi is a research associate at Northeastern University. Before coming to Northeastern, he obtained a PhD in Computer Engineering from the University of Cagliari in 2017. His research is mainly focused in applying machine learning methods for systems security problems, especially malware detection and classification, and vulnerability discovery. He co-authored over 10 scientific papers. Also, He is the lead developer of IntelliAV, which is the first on-device machine learning-based mobile malware detector.

Chris Chagnon
UXDM Lab at Worcester Polytechnic Institute Chris Chagnon is an ITSM Architect and developer who designs, develops, and maintains award-winning experiences for managing and carrying out the ITSM process. Chris has a Master of Science in Information Technology, and a bachelor’s degree in Visual Communications. In addition, Chris is a PhD Candidate studying Information Systems with a focus on user and service experience. As A Top 25 Thought Leader in ITSM, and an ALE IT Vanguard, Chris speaks nationally about the future of ITSM, practical applications of artificial intelligence and machine learning, gamification, continual service improvement, and customer service/experience. Follow Chris on Twitter @Chagn0n.

Madison Cool
TraceLink Madison Cool is an associate AppSec engineer at TraceLink, delivering a secure platform for the Pharmaceutical Supply Chain. She works with the TraceLink team to make "TraceLink = Trusted" by ensuring that customers, partners and internal engineering can meet and exceed best security practices. Their goal is to make security accessible and understandable by both the security-minded and the security-unaware.

Kristin Dahl
IBM X-Force IRIS Kristin Dahl is a cyber security consultant with IBM X-Force IRIS and former research staff member at MIT Lincoln Laboratory. Kristin’s experience includes investigative research, policy development, threat assessment, and security operations across the defense sectors, critical systems, academia, and private industry. Kristin has worked collaboratively with multiple stakeholders and federal agencies, including the Department of Defense, the Department of Homeland Security, and the Department of Energy.

Joshua Dow
NCC Group Joshua Dow is a Security Consultant with NCC Group, joining the organization in Spring of 2019. Joshua has made contributions in his career as both a blue team practitioner and a red team operator. Joshua specializes in web application penetration testing, network penetration testing, and cloud security auditing. Joshua worked as a Senior Software Engineer prior to getting his start in Information Security.

Kristofer Duer
HCL Kristofer Duer is the Lead Cognitive Researcher for AppScan Source. He has worked in the application security field for the last 8 years in the world of Static Application Security Testing (SAST) and researching language specific attack surfaces. His particular specialty deals with applying machine learning to solve some of the impossible problems which occur naturally in the world of SAST - namely Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

Outside of work he enjoys the gym, Disc Golf (super fun!) and spending time with his wife and two kids.

Reza Mirzazade Farkhani
Northeastern University Reza Mirzazade Farkhani is pursuing a PhD in Cybersecurity at Northeastern University. His research interests span a wide range of topics in systems security with a particular focus on software vulnerability detection, exploit mitigation techniques and binary analysis. Currently, Reza is focusing on developing novel techniques to protect applications against memory safety vulnerabilities. He is especially interested in new security features in ARM architecture to accelerate the performance and security of the current systems.

Brad Giguere
Secure Code Warrior Brad Giguere is a Sales Engineer for Secure Code Warrior, a global security company that makes software development better and more secure. Giguere has worked in the technology and SAAS software industry for the majority of his career and is passionate about helping organizations better understand their business challenges and translating those into a solution tailored to meet their needs. He now focuses on empowering development teams to be the first line of defense in making security a highly visible piece of the SDLC.

Gabrielle E. Hempel, CHTI
Black Mirage Gabrielle is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology. She worked for an institutional review board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. She moved to IT consulting in 2018, and currently works as a penetration tester for Black Mirage while pursuing a certificate in Advanced Computer Security at Stanford. She continues to serve as a genetic scientist for NIH-regulated recombinant genetic studies, and serves as an instructor and mentor for a student cohort of cybersecurity analysts through Cybrary. She recently obtained her Certified Human Trafficking Investigator (CHTI) credentials through the McAfee Institute, and works with various law enforcement groups and task forces in order to combat human trafficking through digital forensics and analysis. Her area of expertise lies in GDPR/HIPAA/regulatory compliance and medical device security.

Chad Holmes
Security Innovation Chad Holmes is a Product Marketing Manager for Security Innovation with a focus on educating customers on emerging Cyber Range technologies and how they can improve security education within organizations. Prior to joining Security Innovation Chad was a Penetration Tester, Product Manager, Security Program Manager and team lead at Cigital, Veracode and Red Hat.

Kitty Huang
Communications Trainer and Relationship Coach Kitty Huang is an award-winning speaker who has led several fun and effective communication workshops at MIT, Harvard University, and corporate training events. She has worked as a copywriter at advertising agencies, a screenwriter for a television situation comedy, and a newspaper journalist. Her perceptive mind and creative approaches have successfully helped many individuals to solve problems in professional relationships and personal relationships.

Robert Hurlbut
Bank of America Robert Hurlbut, is a Threat Modeling Architect / Lead at Bank of America. Robert is a Microsoft MVP for Developer Security and Technologies and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure security, software architecture, and software development. He speaks at user groups, national and international conferences, and has provided training for many companies in the past. Robert is also a co-host of the Application Security Podcast (Twitter - @AppSecPodcast). Follow Robert on Twitter at @RobertHurlbut.

Prateek Jain
UXDM Lab at Worcester Polytechnic Institute Prateek Jain is a UX researcher currently pursuing Ph.D. in Innovation with User Experience at Worcester Polytechnic Institute. His Ph.D. research focuses on User Experience. His research interests are augmented reality, internet of things (IoT), accessibility and persona development. He is working on multiple research projects focusing on the use of augmented reality and IoT to improve the user experience of products and services. Along with that, he is also working on developing and testing different persona frameworks to help organizations make effective design decisions.

Artie Jurgenson
Sonatype Artie Jurgenson is a Solution Architect at Sonatype. He spends his day to day working with companies small and large to apply the principles of DevSecOps and automation to their software development supply chains. This stems from an intense distaste of performing the same procedures more than once. Artie looks to resolve such redundancies both inside and out of his professional life which has led him down pursuits including: implementation of CI/CD toolchains and workflows from completely manual build/deploy processes, development and automation of crypto/forex trading algorithms, front-end test and deployment automation, container orchestration, API development, and computational scientific research optimized for supercomputer clusters. Artie is happy to talk about any of the above at the reception.

Aanand Krishnan
Tala Security Aanand Krishnan is the CEO and Founder of Tala Security. Most recently he held senior technical roles at Symantec. Aanand spent several years in M&A and investment banking at Morgan Stanley and Dolby Labs acting as an adviser to leading security software, semiconductor and clean-tech companies. He started his career building high-speed optical networking products at Agilent Technologies. Aanand holds an MBA from Berkeley where he was a recipient of CJ White Fellowship, a Masters in Photonics and Optoelectronics from UC Santa Barbara where he was a QUEST Fellow and a Bachelors in Electrical Engineering with Honors from BITS, Pilani.

Ryan LaMarche
UXDM Lab at Worcester Polytechnic Institute Ryan LaMarche is a digital transformation and design thinking expert that brings ideas to life with a focus on user experience, and smart system design. When Ryan isn’t building systems, he spends his time as a dual-enrolled Bachelor’s and Master’s student at Worcester Polytechnic Institute studying Computer Science and Innovation with UX. Ryan is also a founding member and CTO of Seldom Technologies where he works with companies to develop systems, applications, and websites and consult on process improvement in the ITSM space.

Rami McCarthy
NCC Group Rami McCarthy is a Security Consultant with NCC Group, joining with the acquisition of VSR in 2016. He's spent the past three years performing security assessments of all kinds, from SaaS products to cloud IoT platforms. In addition to client work, Rami has published research into misspelled security headers and Chromebook security. Rami got his start in security as an intern at a deep web threat analysis startup, and has a BS in CS from Northeastern University, with a concentration in cyber operations. He's currently working towards an MS from Brandeis University.

Tal Melamed
Protego Labs In the past two years, Tal Melamed has been experimenting in offensive and defensive security for the serverless technology, as Head of Security Research at Protego Labs. He specializes in AppSec with more than 15 years of experience in security research and vulnerability assessment. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects, and is a frequent speaker at security conferences, including DefCon, DerbyCon, OWASP, BSides and more. Follow Tal on Twitter at @_nu11p0inter

Omid Mirzaei
Northeastern University Omid Mirzaei is a postdoctoral research associate in the Systems Security (SecLab) and the Research in Software and Systems Security (RiS3) Labs at Northeastern University, working with Prof. Engin Kirda and Dr. Long Lu. Prior to this, Omid was an assistant professor in Universidad Carlos III de Madrid. Also, he spent around 4 years at COmputer SECurity lab (COSEC) as a PhD student and he received his PhD degree in Computer Science from the same university. Omid's thesis was mainly focused on Android malware analysis and triage. Generally speaking, Omid is working and conducting research in computer and cyber security. However, he is particularly interested in mobile security, malware analysis, reverse engineering and applied machine learning in security. In addition, he is eager to tackle security issues from a multi-objective perspective, i.e. trying to deal with such problems by consuming the least possible amount of in hand resources. Previously and as an undergraduate student, Omid worked in a wide range of areas, from advanced software engineering to Artificial Intelligence (AI). Omid also developed several intelligent systems and passed different AI-related courses, including machine learning, pattern mining, fuzzy systems, evolutionary computation and optimization, neural networks and image processing.

Carson E. Owlett, OSCP CEH
Black Mirage Carson is a graduate of Connecticut College, where he studied Computer Science and Slavic Studies. After graduating, he obtained his OSCP and CEH and did a brief stint doing research for DARPA. He then founded Black Mirage in 2019, where he serves as the CEO and Assessment Team Lead for penetration tests, and he has been working to implement programs for offensive security education.

Rashmi Patil
HCL Rashmi is passionate about software engineering and applying it to solve complex problems in day to day life. She has a diverse set of work experience through past research, internships and full-time work experience that has really helped others in understanding the broader picture. In her free time, she volunteers and conducts educational workshops to teach young high school girls about the importance of Cybersecurity and encourage them to pursue a career in Computer Engineering.

Chris Romeo
Security Journey Chris Romeo is CEO and co-founder of Security Journey where he creates and deploys security culture influencing training, consults, and speaks. His passion is to bring security culture change to all organizations large and small through the creation and design of gamified security education. He was the Chief Security Advocate at Cisco for five years, where he empowered engineers to shift security left in all products at Cisco and led the creation of Cisco’s security belt program. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications. Find Chris on Twitter, @edgeroute, or on LinkedIN, https://www.linkedin.com/in/securityjourney/

Allison Schoenfield
Autodesk Inc. Allison Schoenfield is from Berkeley and also attended UC Berkeley, but is now a San Franciscan. She works as an Application Security Engineer at Autodesk. She enjoys threat modeling and working in partnership with developers to secure applications. Previously, she worked as a security consultant in penetration testing. In her free time, she likes to play social deduction games, bake and eat cupcakes, and mentor.

Izar Tarandach
Autodesk Inc. Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he’s willing to admit to in the information security arena, he is a member of SAFECode Technical Leadership Council and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Luke Tucker
HackerOne Luke Tucker is the Senior Director of Community at HackerOne — the leading hacker-powered security platform with the largest community of hackers in the world. A seasoned community engagement professional, he is passionate about helping identify and nurture what makes people and communities tick, so understanding how hackers feel and how they are seen is his bread and butter. He is the Creator and Editor of the Zero Daily Newsletter, which provides daily application security, hacker and bug bounty news. Previously at HackerOne, Luke oversaw all B2B content marketing efforts, brand voice and social media management, and educational content development for the growing community of hackers. Prior to HackerOne, he served in several creative roles including Captricity and Sultan Ventures.

Paulina Valdivieso
Bennington College Paulina Valdivieso is a senior undergrad in Computer Science and Public Policy, studying the intersections between Cybersecurity, Law and Politics. Interested in hacking, information security, programming and general electronic shenanigans, she recently started to apply all of this knowledge into the workplace, centering on network and application security. She is an advocate for open access and privacy, using and committing to open source tools whenever possible and making sure people understand the implications and dark side of the tools they use everyday.

Roy Wattanasin
Information Security Professional Roy Wattanasin is a healthcare information security professional. You can find him on @wr0