This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2019 BASC Speakers

Jump to: navigation, search
Home | Agenda | Code of Conduct | Presentations | Workshops | Speakers | Twitter 32.png

Platinum Sponsors

NCC Group Ordr WhiteHat

Gold Sponsors

Auric Checkmarx HackerOne Netsparker Sonatype Tala

Silver Sponsor


Individual Sponsor: Justin Olin

Please help us keep BASC free by viewing and visiting all of our sponsors.

Mansour Ahmadi

Northeastern University
Mansour Ahmadi is a research associate at Northeastern University. Before coming to Northeastern, he obtained a PhD in Computer Engineering from the University of Cagliari in 2017. His research is mainly focused in applying machine learning methods for systems security problems, especially malware detection and classification, and vulnerability discovery. He co-authored over 10 scientific papers. Also, He is the lead developer of IntelliAV, which is the first on-device machine learning-based mobile malware detector.

Chris Chagnon

UXDM Lab at Worcester Polytechnic Institute
Chris Chagnon is an ITSM Architect and developer who designs, develops, and maintains award-winning experiences for managing and carrying out the ITSM process. Chris has a Master of Science in Information Technology, and a bachelor’s degree in Visual Communications. In addition, Chris is a PhD Candidate studying Information Systems with a focus on user and service experience. As A Top 25 Thought Leader in ITSM, and an ALE IT Vanguard, Chris speaks nationally about the future of ITSM, practical applications of artificial intelligence and machine learning, gamification, continual service improvement, and customer service/experience. Follow Chris on Twitter @Chagn0n.

Madison Cool

Madison Cool is an associate AppSec engineer at TraceLink, delivering a secure platform for the Pharmaceutical Supply Chain. She works with the TraceLink team to make "TraceLink = Trusted" by ensuring that customers, partners and internal engineering can meet and exceed best security practices. Their goal is to make security accessible and understandable by both the security-minded and the security-unaware.

Kristin Dahl

Kristin Dahl is a cyber security consultant with IBM X-Force IRIS and former research staff member at MIT Lincoln Laboratory. Kristin’s experience includes investigative research, policy development, threat assessment, and security operations across the defense sectors, critical systems, academia, and private industry. Kristin has worked collaboratively with multiple stakeholders and federal agencies, including the Department of Defense, the Department of Homeland Security, and the Department of Energy.

Joshua Dow

NCC Group
Joshua Dow is a Security Consultant with NCC Group, joining the organization in Spring of 2019. Joshua has made contributions in his career as both a blue team practitioner and a red team operator. Joshua specializes in web application penetration testing, network penetration testing, and cloud security auditing. Joshua worked as a Senior Software Engineer prior to getting his start in Information Security.

Kristofer Duer

Kristofer Duer is the Lead Cognitive Researcher for AppScan Source. He has worked in the application security field for the last 8 years in the world of Static Application Security Testing (SAST) and researching language specific attack surfaces. His particular specialty deals with applying machine learning to solve some of the impossible problems which occur naturally in the world of SAST - namely Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

Outside of work he enjoys the gym, Disc Golf (super fun!) and spending time with his wife and two kids.

Reza Mirzazade Farkhani

Northeastern University
Reza Mirzazade Farkhani is pursuing a PhD in Cybersecurity at Northeastern University. His research interests span a wide range of topics in systems security with a particular focus on software vulnerability detection, exploit mitigation techniques and binary analysis. Currently, Reza is focusing on developing novel techniques to protect applications against memory safety vulnerabilities. He is especially interested in new security features in ARM architecture to accelerate the performance and security of the current systems.

Brad Giguere

Secure Code Warrior
Brad Giguere is a Sales Engineer for Secure Code Warrior, a global security company that makes software development better and more secure. Giguere has worked in the technology and SAAS software industry for the majority of his career and is passionate about helping organizations better understand their business challenges and translating those into a solution tailored to meet their needs. He now focuses on empowering development teams to be the first line of defense in making security a highly visible piece of the SDLC.

Gabrielle E. Hempel, CHTI

Black Mirage
Gabrielle is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology. She worked for an institutional review board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. She moved to IT consulting in 2018, and currently works as a penetration tester for Black Mirage while pursuing a certificate in Advanced Computer Security at Stanford. She continues to serve as a genetic scientist for NIH-regulated recombinant genetic studies, and serves as an instructor and mentor for a student cohort of cybersecurity analysts through Cybrary. She recently obtained her Certified Human Trafficking Investigator (CHTI) credentials through the McAfee Institute, and works with various law enforcement groups and task forces in order to combat human trafficking through digital forensics and analysis. Her area of expertise lies in GDPR/HIPAA/regulatory compliance and medical device security.

Chad Holmes

Security Innovation
Chad Holmes is a Product Marketing Manager for Security Innovation with a focus on educating customers on emerging Cyber Range technologies and how they can improve security education within organizations. Prior to joining Security Innovation Chad was a Penetration Tester, Product Manager, Security Program Manager and team lead at Cigital, Veracode and Red Hat.

Kitty Huang

Communications Trainer and Relationship Coach
Kitty Huang is an award-winning speaker who has led several fun and effective communication workshops at MIT, Harvard University, and corporate training events. She has worked as a copywriter at advertising agencies, a screenwriter for a television situation comedy, and a newspaper journalist. She is also a relationship coach. Her perceptive mind and creative approaches have successfully helped many individuals to solve problems in professional relationships and personal relationships.

Robert Hurlbut

Bank of America
Robert Hurlbut, is a Threat Modeling Architect / Lead at Bank of America. Robert is a Microsoft MVP for Developer Security and Technologies and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure security, software architecture, and software development. He speaks at user groups, national and international conferences, and has provided training for many companies in the past. Robert is also a co-host of the Application Security Podcast (Twitter - @AppSecPodcast). Follow Robert on Twitter at @RobertHurlbut.

Prateek Jain

UXDM Lab at Worcester Polytechnic Institute
Prateek Jain is a UX researcher currently pursuing Ph.D. in Innovation with User Experience at Worcester Polytechnic Institute. His Ph.D. research focuses on User Experience. His research interests are augmented reality, internet of things (IoT), accessibility and persona development. He is working on multiple research projects focusing on the use of augmented reality and IoT to improve the user experience of products and services. Along with that, he is also working on developing and testing different persona frameworks to help organizations make effective design decisions.

Artie Jurgenson

Artie Jurgenson is a Solution Architect at Sonatype. He spends his day to day working with companies small and large to apply the principles of DevSecOps and automation to their software development supply chains. This stems from an intense distaste of performing the same procedures more than once. Artie looks to resolve such redundancies both inside and out of his professional life which has led him down pursuits including: implementation of CI/CD toolchains and workflows from completely manual build/deploy processes, development and automation of crypto/forex trading algorithms, front-end test and deployment automation, container orchestration, API development, and computational scientific research optimized for supercomputer clusters. Artie is happy to talk about any of the above at the reception.

Aanand Krishnan

Tala Security
Aanand Krishnan is the CEO and Founder of Tala Security. Most recently he held senior technical roles at Symantec. Aanand spent several years in M&A and investment banking at Morgan Stanley and Dolby Labs acting as an adviser to leading security software, semiconductor and clean-tech companies. He started his career building high-speed optical networking products at Agilent Technologies. Aanand holds an MBA from Berkeley where he was a recipient of CJ White Fellowship, a Masters in Photonics and Optoelectronics from UC Santa Barbara where he was a QUEST Fellow and a Bachelors in Electrical Engineering with Honors from BITS, Pilani.

Ryan LaMarche

UXDM Lab at Worcester Polytechnic Institute
Ryan LaMarche is a digital transformation and design thinking expert that brings ideas to life with a focus on user experience, and smart system design. When Ryan isn’t building systems, he spends his time as a dual-enrolled Bachelor’s and Master’s student at Worcester Polytechnic Institute studying Computer Science and Innovation with UX. Ryan is also a founding member and CTO of Seldom Technologies where he works with companies to develop systems, applications, and websites and consult on process improvement in the ITSM space.

Rami McCarthy

NCC Group
Rami McCarthy is a Security Consultant with NCC Group, joining with the acquisition of VSR in 2016. He's spent the past three years performing security assessments of all kinds, from SaaS products to cloud IoT platforms. In addition to client work, Rami has published research into misspelled security headers and Chromebook security. Rami got his start in security as an intern at a deep web threat analysis startup, and has a BS in CS from Northeastern University, with a concentration in cyber operations. He's currently working towards an MS from Brandeis University.

Tal Melamed

Protego Labs
In the past two years, Tal Melamed has been experimenting in offensive and defensive security for the serverless technology, as Head of Security Research at Protego Labs. He specializes in AppSec with more than 15 years of experience in security research and vulnerability assessment. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects, and is a frequent speaker at security conferences, including DefCon, DerbyCon, OWASP, BSides and more. Follow Tal on Twitter at @_nu11p0inter

Omid Mirzaei

Northeastern University
Omid Mirzaei is a postdoctoral research associate in the Systems Security Lab (SecLab) at Northeastern University, working with Prof. Engin Kirda. Prior to this, Omid was an assistant professor in Universidad Carlos III de Madrid. Also, he spent around 4 years at COmputer SECurity lab (COSEC) as a PhD student and he received his PhD degree in Computer Science from the same university. Omid's thesis was mainly focused on Android malware analysis and triage. Generally speaking, Omid is working and conducting research in computer and cyber security. However, he is particularly interested in mobile security, malware analysis, reverse engineering and applied machine learning in security. In addition, he is eager to tackle security issues from a multi-objective perspective, i.e. trying to deal with such problems by consuming the least possible amount of in hand resources. Previously and as an undergraduate student, Omid worked in a wide range of areas, from advanced software engineering to Artificial Intelligence (AI). Omid also developed several intelligent systems and passed different AI-related courses, including machine learning, pattern mining, fuzzy systems, evolutionary computation and optimization, neural networks and image processing.

Carson E. Owlett, OSCP CEH

Black Mirage
Carson is a graduate of Connecticut College, where he studied Computer Science and Slavic Studies. After graduating, he obtained his OSCP and CEH and did a brief stint doing research for DARPA. He then founded Black Mirage in 2019, where he serves as the CEO and Assessment Team Lead for penetration tests, and he has been working to implement programs for offensive security education.

Rashmi Patil

Rashmi is passionate about software engineering and applying it to solve complex problems in day to day life. She has a diverse set of work experience through past research, internships and full-time work experience that has really helped others in understanding the broader picture. In her free time, she volunteers and conducts educational workshops to teach young high school girls about the importance of Cybersecurity and encourage them to pursue a career in Computer Engineering.

Steven Pelletier

Secure Code Warrior
Steven Pelletier is an Enterprise Account Executive for Secure Code Warrior. Secure Code Warrior is a global software security company that aims to make software development more secure by offering an interactive gamified training platform. After serving 10 years in the US military, he transitioned into the technology industry where he has helped organizations understand complex business requirements while implementing new solutions to help hit target KPIs and advance the organization's mission.

Chris Romeo

Security Journey
Chris Romeo is CEO and co-founder of Security Journey where he creates and deploys security culture influencing training, consults, and speaks. His passion is to bring security culture change to all organizations large and small through the creation and design of gamified security education. He was the Chief Security Advocate at Cisco for five years, where he empowered engineers to shift security left in all products at Cisco and led the creation of Cisco’s security belt program. Chris has twenty years of experience in security, holding positions across the gamut, including application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications. Find Chris on Twitter, @edgeroute, or on LinkedIN,

Izar Tarandach

Autodesk Inc.
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he’s willing to admit to in the information security arena, he is a member of SAFECode Technical Leadership Council and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Luke Tucker

Luke Tucker is the Senior Director of Community at HackerOne — the leading hacker-powered security platform with the largest community of hackers in the world. A seasoned community engagement professional, he is passionate about helping identify and nurture what makes people and communities tick, so understanding how hackers feel and how they are seen is his bread and butter. He is the Creator and Editor of the Zero Daily Newsletter, which provides daily application security, hacker and bug bounty news. Previously at HackerOne, Luke oversaw all B2B content marketing efforts, brand voice and social media management, and educational content development for the growing community of hackers. Prior to HackerOne, he served in several creative roles including Captricity and Sultan Ventures.

Paulina Valdivieso

Bennington College
Paulina Valdivieso is a senior undergrad in Computer Science and Public Policy, studying the intersections between Cybersecurity, Law and Politics. Interested in hacking, information security, programming and general electronic shenanigans, she recently started to apply all of this knowledge into the workplace, centering on network and application security. She is an advocate for open access and privacy, using and committing to open source tools whenever possible and making sure people understand the implications and dark side of the tools they use everyday.

Roy Wattanasin

Information Security Professional
Roy Wattanasin is a healthcare information security professional. You can find him on @wr0

You can find out more about this conference at the 2019 BASC Homepage
or by emailing [email protected]
Twitter 32.png