2019 BASC Speakers

Mansour Ahmadi
Northeastern University Mansour Ahmadi is a research associate at Northeastern University. Before coming to Northeastern, he obtained a PhD in Computer Engineering from the University of Cagliari in 2017. His research is mainly focused in applying machine learning methods for systems security problems, especially malware detection and classification, and vulnerability discovery. He co-authored over 10 scientific papers. Also, He is the lead developer of IntelliAV, which is the first on-device machine learning-based mobile malware detector.

Joel Carlson
Secure Code Warrior Joel Carlson is a security professional with 15 years of experience in the security industry. Joel has a long history of connecting businesses with security tools to help them ensure a secure environment. He joined Secure Code Warrior earlier this year after previous success at Veracode, Dell and Bitsight.

Chris Chagnon
UXDM Lab at Worcester Polytechnic Institute Chris Chagnon is an ITSM Architect and developer who designs, develops, and maintains award-winning experiences for managing and carrying out the ITSM process. Chris has a Master of Science in Information Technology, and a bachelor’s degree in Visual Communications. In addition, Chris is a PhD Candidate studying Information Systems with a focus on user and service experience. As A Top 25 Thought Leader in ITSM, and an ALE IT Vanguard, Chris speaks nationally about the future of ITSM, practical applications of artificial intelligence and machine learning, gamification, continual service improvement, and customer service/experience. Follow Chris on Twitter @Chagn0n.

Madison Cool
TraceLink Madison Cool is an associate AppSec engineer at TraceLink, delivering a secure platform for the Pharmaceutical Supply Chain. She works with the TraceLink team to make "TraceLink = Trusted" by ensuring that customers, partners and internal engineering can meet and exceed best security practices. Their goal is to make security accessible and understandable by both the security-minded and the security-unaware.

Kristin Dahl
IBM X-Force IRIS Kristin Dahl is a cyber security consultant with IBM X-Force IRIS and former research staff member at MIT Lincoln Laboratory. Kristin’s experience includes investigative research, policy development, threat assessment, and security operations across the defense sectors, critical systems, academia, and private industry. Kristin has worked collaboratively with multiple stakeholders and federal agencies, including the Department of Defense, the Department of Homeland Security, and the Department of Energy.

Joshua Dow
NCC Group Joshua Dow is a Security Consultant with NCC Group, joining the organization in Spring of 2019. Joshua has made contributions in his career as both a blue team practitioner and a red team operator. Joshua specializes in web application penetration testing, network penetration testing, and cloud security auditing. Joshua worked as a Senior Software Engineer prior to getting his start in Information Security.

Kristofer Duer
HCL Kristofer Duer is the Lead Cognitive Researcher for AppScan Source. He has worked in the application security field for the last 8 years in the world of Static Application Security Testing (SAST) and researching language specific attack surfaces. His particular specialty deals with applying machine learning to solve some of the impossible problems which occur naturally in the world of SAST - namely Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

Outside of work he enjoys the gym, Disc Golf (super fun!) and spending time with his wife and two kids.

Reza Mirzazade Farkhani
Northeastern University Reza Mirzazade Farkhani is pursuing a PhD in Cybersecurity at Northeastern University. His research interests span a wide range of topics in systems security with a particular focus on software vulnerability detection, exploit mitigation techniques and binary analysis. Currently, Reza is focusing on developing novel techniques to protect applications against memory safety vulnerabilities. He is especially interested in new security features in ARM architecture to accelerate the performance and security of the current systems.

Brian Fox
Sonatype Co-founder and CTO, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Gabrielle E. Hempel, CHTI
Black Mirage Gabrielle is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology. She worked for an institutional review board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. She moved to IT consulting in 2018, and currently works as a penetration tester for Black Mirage while pursuing a certificate in Advanced Computer Security at Stanford. She continues to serve as a genetic scientist for NIH-regulated recombinant genetic studies, and serves as an instructor and mentor for a student cohort of cybersecurity analysts through Cybrary. She recently obtained her Certified Human Trafficking Investigator (CHTI) credentials through the McAfee Institute, and works with various law enforcement groups and task forces in order to combat human trafficking through digital forensics and analysis. Her area of expertise lies in GDPR/HIPAA/regulatory compliance and medical device security.

Kitty Huang
Communications Trainer and Relationship Coach Kitty Huang is an award-winning speaker who has led several fun and effective communication workshops at MIT, Harvard University, and corporate training events. She has worked as a copywriter at advertising agencies, a screenwriter for a television situation comedy, and a newspaper journalist. Her perceptive mind and creative approaches have successfully helped many individuals to solve problems in professional relationships and personal relationships.

Robert Hurlbut
Bank of America Robert Hurlbut, is a Threat Modeling Architect / Lead at Bank of America. Robert is a Microsoft MVP for Developer Security and Technologies and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure security, software architecture, and software development. He speaks at user groups, national and international conferences, and has provided training for many companies in the past. Robert is also a co-host of the Application Security Podcast (Twitter - @AppSecPodcast). Follow Robert on Twitter at @RobertHurlbut.

Prateek Jain
UXDM Lab at Worcester Polytechnic Institute Prateek Jain is a UX researcher currently pursuing Ph.D. in Innovation with User Experience at Worcester Polytechnic Institute. His Ph.D. research focuses on User Experience. His research interests are augmented reality, internet of things (IoT), accessibility and persona development. He is working on multiple research projects focusing on the use of augmented reality and IoT to improve the user experience of products and services. Along with that, he is also working on developing and testing different persona frameworks to help organizations make effective design decisions.

Ryan LaMarche
UXDM Lab at Worcester Polytechnic Institute Ryan LaMarche is a digital transformation and design thinking expert that brings ideas to life with a focus on user experience, and smart system design. When Ryan isn’t building systems, he spends his time as a dual-enrolled Bachelor’s and Master’s student at Worcester Polytechnic Institute studying Computer Science and Innovation with UX. Ryan is also a founding member and CTO of Seldom Technologies where he works with companies to develop systems, applications, and websites and consult on process improvement in the ITSM space.

Rami McCarthy
NCC Group Rami McCarthy is a Security Consultant with NCC Group, joining with the acquisition of VSR in 2016. He's spent the past three years performing security assessments of all kinds, from SaaS products to cloud IoT platforms. In addition to client work, Rami has published research into misspelled security headers and Chromebook security. Rami got his start in security as an intern at a deep web threat analysis startup, and has a BS in CS from Northeastern University, with a concentration in cyber operations. He's currently working towards an MS from Brandeis University.

Tal Melamed
Protego Labs In the past two years, Tal Melamed has been experimenting in offensive and defensive security for the serverless technology, as Head of Security Research at Protego Labs. He specializes in AppSec with more than 15 years of experience in security research and vulnerability assessment. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects, and is a frequent speaker at security conferences, including DefCon, DerbyCon, OWASP, BSides and more. Follow Tal on Twitter at @_nu11p0inter

Omid Mirzaei
Northeastern University Omid Mirzaei is a postdoctoral research associate in the Systems Security (SecLab) and the Research in Software and Systems Security (RiS3) Labs at Northeastern University, working with Prof. Engin Kirda and Dr. Long Lu. Prior to this, Omid was an assistant professor in Universidad Carlos III de Madrid. Also, he spent around 4 years at COmputer SECurity lab (COSEC) as a PhD student and he received his PhD degree in Computer Science from the same university. Omid's thesis was mainly focused on Android malware analysis and triage. Generally speaking, Omid is working and conducting research in computer and cyber security. However, he is particularly interested in mobile security, malware analysis, reverse engineering and applied machine learning in security. In addition, he is eager to tackle security issues from a multi-objective perspective, i.e. trying to deal with such problems by consuming the least possible amount of in hand resources. Previously and as an undergraduate student, Omid worked in a wide range of areas, from advanced software engineering to Artificial Intelligence (AI). Omid also developed several intelligent systems and passed different AI-related courses, including machine learning, pattern mining, fuzzy systems, evolutionary computation and optimization, neural networks and image processing.

Carson E. Owlett, OSCP CEH
Black Mirage Carson is a graduate of Connecticut College, where he studied Computer Science and Slavic Studies. After graduating, he obtained his OSCP and CEH and did a brief stint doing research for DARPA. He then founded Black Mirage in 2019, where he serves as the CEO and Assessment Team Lead for penetration tests, and he has been working to implement programs for offensive security education.

Rashmi Patil
HCL Rashmi is passionate about software engineering and applying it to solve complex problems in day to day life. She has a diverse set of work experience through past research, internships and full-time work experience that has really helped others in understanding the broader picture. In her free time, she volunteers and conducts educational workshops to teach young high school girls about the importance of Cybersecurity and encourage them to pursue a career in Computer Engineering.

Chris Romeo
Security Journey Chris Romeo is CEO and co-founder of Security Journey where he creates and deploys security culture influencing training, consults, and speaks. His passion is to bring security culture change to all organizations large and small through the creation and design of gamified security education. He was the Chief Security Advocate at Cisco for five years, where he empowered engineers to shift security left in all products at Cisco and led the creation of Cisco’s security belt program. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications. Find Chris on Twitter, @edgeroute, or on LinkedIN, https://www.linkedin.com/in/securityjourney/

Allison Schoenfield
Autodesk Inc. Allison Schoenfield is from Berkeley and also attended UC Berkeley, but is now a San Franciscan. She works as an Application Security Engineer at Autodesk. She enjoys threat modeling and working in partnership with developers to secure applications. Previously, she worked as a security consultant in penetration testing. In her free time, she likes to play social deduction games, bake and eat cupcakes, and mentor.

Izar Tarandach
Autodesk Inc. Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he’s willing to admit to in the information security arena, he is a member of SAFECode Technical Leadership Council and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Luke Tucker
HackerOne Luke Tucker is the Senior Director of Community at HackerOne — the leading hacker-powered security platform with the largest community of hackers in the world. A seasoned community engagement professional, he is passionate about helping identify and nurture what makes people and communities tick, so understanding how hackers feel and how they are seen is his bread and butter. He is the Creator and Editor of the Zero Daily Newsletter, which provides daily application security, hacker and bug bounty news. Previously at HackerOne, Luke oversaw all B2B content marketing efforts, brand voice and social media management, and educational content development for the growing community of hackers. Prior to HackerOne, he served in several creative roles including Captricity and Sultan Ventures.

Paulina Valdivieso
Bennington College Paulina Valdivieso is a senior undergrad in Computer Science and Public Policy, studying the intersections between Cybersecurity, Law and Politics. Interested in hacking, information security, programming and general electronic shenanigans, she recently started to apply all of this knowledge into the workplace, centering on network and application security. She is an advocate for open access and privacy, using and committing to open source tools whenever possible and making sure people understand the implications and dark side of the tools they use everyday.

Roy Wattanasin
Information Security Professional Roy Wattanasin is a healthcare information security professional. You can find him on @wr0