- Matthew Green
- Claudio Guarnieri
- Alex Halderman
- Charlie Miller
- Katie Moussouris
- Kristin Paget
- Marc Rogers
- Avi Rubin
- Bruce Schneier
- Adam Shostack
- Ashkan Soltani
- Michael Specter
- Alex Stamos
- Chris Valasek
- Tarah Wheeler
- Chris Wysopal
- Peiter "Mudge" Zatko
- Sarah Zatko
Matthew Green is a cryptographer and security technologist. Green specializes in applied cryptography and privacy technologies. His work has exposed vulnerabilities in the cryptographic protocols that secure the Internet. He is a winner of the EFF Pioneer award.
Claudio Guarnieri is a privacy and security researcher. Currently he is the Head of Security Lab at Amnesty International, where he leads technical investigations into digital attacks targeting human rights defenders. He is also part of the Research Advisory Group at Citizen Lab, University of Toronto, and a core member of The Honeynet Project, a 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.
Alex Halderman is Professor of Computer Science and Engineering at the University of Michigan and Director of Michigan's Center for Computer Security and Society. Widely known for his work in election cybersecurity, he testified before Congress as part of the Senate intelligence committee's investigation of Russian interference. He also co-founded Let's Encrypt, the world's largest HTTPS certificate authority, which helps secure more than 200 million web sites.
Dr. Charlie Miller is currently Principal Autonomous Vehicle Security Architect at Cruise. He is a security researcher who has discovered and reported vulnerabilities in a number of products such as iPhones, iPads, MacBooks, and Android phones. He also discovered and reported a vulnerability in 1.4 million Fiat Chrysler vehicles that could allow an attacker to remotely control the vehicle's brakes and steering. Previously, he worked at the National Security Agency’s Tailored Access Operations office.
Katie Moussouris is the founder and CEO of Luta Security, a company specializing in creating robust vulnerability disclosure and bug bounty programs. Ms. Moussouris has testified as an expert on bug bounties and the labor market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology. She created Microsoft’s and the Pentagon’s first bug bounty programs. She was later invited by the US State Department to help renegotiate the Wassenaar Arrangement, during which she successfully helped change the export control language to include technical exemptions for vulnerability disclosure and incident response. She is a coauthor of an economic research paper on the labor market for bugs, published as a book chapter by MIT Press in 2017, and presented on the first system dynamics model of the vulnerability economy and exploit market in 2015, as part of her academic work as a visiting scholar at MIT Sloan School. She is also an author and co-editor of standards ISO 29147 Vulnerability disclosure and ISO 30111 Vulnerability handling processes.
Kristin Paget has been a professional security researcher for almost 20 years, working for companies such as Intel, Apple, Tesla, Google, and Microsoft, as well as publishing independent research on cellphone security, access control systems, payment systems, and more. She believes that CFAA reform is sorely needed, particularly to offer researchers the protection of the law when acting in the public interest.
Marc Rogers has been hacking since the 80’s and is now a white-hat hacker renowned for hacking things like Apple's TouchID, Google Glass and the Tesla Model S. Prior to Okta, Mr. Rogers served as the Head of Security for Cloudflare and spent a decade managing security for the UK operator, Vodafone. He's been a CISO in South Korea and has also co-founded a disruptive Bay Area startup. In his role as technical advisor on “Mr. Robot,” he helped create hacks for the show. He's also an organizer and the Head of Security for the world’s largest hacking conference: DEF CON. Most recently Mr. Rogers helped found the CTI League, a multinational cybersecurity initiative combining industry professionals, government agencies and law enforcement from 80 different countries.
Dr. Aviel (Avi) D. Rubin is Professor of Computer Science and Technical Director of the Information Security Institute at Johns Hopkins University. He is also the Director of the JHU Health and Medical Security Lab. Prior to joining Hopkins, Rubin was a research scientist at AT&T Labs. His is also the founder of Harbor Labs, a cybersecurity company. Rubin testified about information security before the U.S. House and Senate on multiple occasions, and he is the author of several books about computer security. Rubin is a frequent keynote speaker at industry and academic conferences, and he delivered a widely viewed TED talk in 2011 and another TED talk in September, 2015. He also testified in federal court as an expert witness on numerous occasions in matters relating to high tech litigation. Rubin served as Associate Editor of IEEE Transactions on Information Forensics and Security, Associate Editor of Communications of the ACM (CACM), and an Advisory Board member of Springer's Information Security and Cryptography Book Series. In 2010-2011 Rubin was a Fulbright Scholar at Tel Aviv University. In January 2004 Baltimore Magazine named Rubin a Baltimorean of the Year for his work in safeguarding the integrity of our election process, and he is also the recipient of the 2004 Electronic Frontier Foundation Pioneer Award. Rubin has a B.S ('89), M.S.E ('91), and Ph.D. ('94) from the University of Michigan.
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by the Economist. He is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is the New York Times best-selling author of 14 books and the author of the influential newsletter Crypto-Gram and blog Schneier on Security, which are read by over 250,000 people. He is the Chief of Security Architecture at Inrupt, Inc.
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates. He serves on both commercial and academic advisory boards. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Ashkan Soltani is an independent researcher and technologist specializing in privacy, security, and technology policy. He previously served as a Senior Advisor to the U.S. Chief Technology Officer in the White House Office of Science and Technology Policy and as the Chief Technologist for the Federal Trade Commission. Ashkan was also recognized as part of the 2014 Pulitzer winning team for his contributions to the Washington Post’s coverage of national security issues and was the primary technical consultant on the Wall Street Journal’s investigative series, “What They Know.”
Michael A. Specter is a PhD student in Computer Science at the Massachusetts Institute of Technology, advised by Gerry Sussman and Danny Weitzner. His research focuses on the interplay between applied cryptography, systems security, and public policy. Prior to joining MIT as a graduate student, Michael spent four years as research staff at MIT's Lincoln Laboratory where he worked on national-security relevant projects involving operating system security, malware analysis, reverse engineering, and vulnerability discovery.
Alex Stamos is a cybersecurity expert, educator and entrepreneur working to improve the security and safety of the Internet as the Director of the Stanford Internet Observatory and a lecturer in the Stanford Computer Science department. As Chief Security Officer at Facebook and Yahoo and a co-founder of iSEC Partners, Alex has investigated and responded to some of the most seminal events in the short history of cybersecurity. He is working on election security as a member of the Annan Commission on Elections and Democracy and advising NATO’s Cybersecurity Center of Excellence. He has spoken on six continents, testified in Congress, served as an expert witness for the wrongly accused, earned a BSEE from UC Berkeley and holds five patents.
Chris Valasek is a Principal Autonomous Vehicle Security Architect at Cruise Automation and also served as a security lead at Uber’s Advanced Technology Center and chairman of SummerCon, America’s longest running hacker conference. Best known for engineering the remote compromise of a 2014 Jeep Cherokee with his research partner, Dr. Charlie Miller, he has been praised for exposing serious security flaws in automobiles. Chris is one of the first researchers to discuss automotive security issues in detail – his release of code, data and tools that allowed vehicles to be physically accessed and controlled through the vehicle’s CAN bus garnered worldwide media attention.
Tarah Wheeler is a Cyber Project Fellow at the Belfer Center for Science and International Affairs at Harvard University’s Kennedy School of Government. She is Cybersecurity Policy Fellow at New America leading a new international cybersecurity capacity building project with the Hewlett Foundation’s Cyber Initiative and a US/UK Fulbright Scholar in Cyber Security for the 2020/2021 year. She is an inaugural contributing cybersecurity expert for the Washington Post and a Foreign Policy contributor on cyber warfare. She has appeared on Bloomberg Asia on US-China trade and cybersecurity. She is the author of the best-selling Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories.
Chris Wysopal is Veracode's CTO and CISO. He founded the company in 2006. As CTO he is responsible for the company's software security analysis capabilities and overseeing the Veracode security research team. Veracode has over 750 employees and provides application security testing for over 2500 organizations, including U.S. government agencies. Prior to Veracode, Chris was the VP of Research at security consultancy @stake which released dozens of important security advisories in the early 2000's. In the 90's, Chris was one of the original vulnerability researchers and a member of the hacker think tank, L0pht Heavy Industries. He has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first security advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for over 20 years. The focus of his vulnerability research was Microsoft Windows software and web application software. He was one of the original developers of the first commercial password cracking tool, L0phtCrack. He is the author of The Art of Software Security Testing published by Addison-Wesley. Chris has a Bachelor of Science degree in Computer & System Engineering from Rensselaer Polytechnic Institute.
Peiter Zatko known professionally as Mudge, is a respected network security expert who has been prominent in the security field for over 20 years. He published some of the first security advisories and research demonstrating early vulnerabilities in computer systems and was an early advocate for educating the public about computer security and safety. In 2010 he took an appointed position as a Department of Defense official within the Defense Advanced Research Projects Agency (DARPA), where he was responsible for redirecting the DoD’s cyber research efforts. After his tenure at DARPA he was corporate VP of engineering at Motorola, and then the Deputy Director of Google’s Advanced Technology and Projects group, before stepping down to be the Director of the Cyber Independent Testing Lab (“Cyber ITL”). He currently works for Stripe and chairs the board at Cyber ITL.
Sarah Zatko is the Chief Scientist at the Cyber Independent Testing Lab (“Cyber ITL”). She has a bachelor’s in Math with Computer Science from MIT and a master’s in Computer Science from Boston University. She has worked in the computer security field for over a decade for government contractors such as BBN Technologies, the Institute for Defense Analysis (a federally funded research and development center), and commercial companies like IBM and L0phtcrack, LLC. Sarah also has a strong interest in security education and has presented talks on the subject of computer science curriculum design at University of Michigan, West Point, and Shmoocon, a computer security conference held annually in Washington, DC. Sarah will be using her math and computer security experience to develop models for predicting the expected security of software systems based on their initial test results and metrics.