NorthSec 2021

Addison Amiri

Addison Amiri got his start in security in the mid-2000’s when he read about how easy it was to break WEP. From there, he’s meandered the world of security, through academia and industry, eventually entering the world of professional security consulting. Along the way, he’s had the opportunity to be simultaneously amazed at how well computers work and terrified that our lives now rely on them. These days he’s traveling the world and making the most of the cyberpunk dystopia.

  • Vulnerability research
  • dRuby Security Internals
Ange Albertini

Ange Albertini is a reverse engineer and file format expert, single father of three and currently Infosec engineer at Google.

  • You're not an idiot
  • Security teams
Axelle Apvrille

Axelle is Principal Security Researcher at Fortinet. She has been working there for over 10 years on mobile malware and IoT malware. She is also the lead organizer of Ph0wn CTF, a CTF dedicated to smart objects, which takes place on the French Riviera.
In a previous life, Axelle worked on cryptography (implementation) and security protocols.

  • Reversing Android malware for the Smart and Lazy
Ben Gardiner

Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including GENIVI security sessions, Hack in Paris, HackFest and DEF CON.

  • Just Add More LEDs: NSec 2018 and 2019 Badge Mods
  • How Crypto Gets Broken (by you)
  • Hardware
Carlos aka Plug

Carlos aka Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually led him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events. Currently he leads the Threat Hunting Program for a fortune 20 organization.

  • Detection engineering
Carrie Roberts

Carrie Roberts is a web application developer, turned pentester, turned red teamer, turned blue. She loves to learn and give back to the community. She is currently one of the primary Atomic Red Team project maintainers and developers and has developed many of her own open source tools including the Domain Password Audit Tool (DPAT) and Slack Extract. She holds Masters Degrees in both Computer Science and Information Security Engineering. She has earned 12 GIAC certifications including the prestigious “Security Expert” (GSE) certification. She has spoken at numerous security conferences including DerbyCon and Wild West Hackin’ Fest, published many blog posts on topics ranging from social engineering to bypassing anti-virus, and contributed new research on the VBA Stomping maldoc technique.

  • Atomic Red Team Hands-on Getting Started Guide
Chloé Messdaghi

Chloé Messdaghi is an award-winning changemaker who is innovating tech and information security sectors to meet today and tomorrow demands. For over 10 years, she has accelerated startups through solutions that empower organizations and people to stand out from the tech crowd. She is an international keynote speaker at major information security and tech conferences and events, and serves as a trusted source for national and sector reporters and editors, such as Forbes and Business Insider. Additionally, she is one of the Business Insider’s 50 Power Players of Cybersecurity, a SC Magazine honoree, Cybersecurity Advocate of the Year, and Cybersecurity Women of the Year by Cybersecurity Excellence Awards.

Outside of her work, she is the cofounder of WoSEC and Hacking is NOT a Crime, and founder of WeAreHackerz. She holds a Master of Science from The University of Edinburgh, and a BA in International Relations from University of California, Davis, as well as executive education certificates from Wharton and Cornell.

Learn more:
Connect on LinkedIn/Instagram/Twitter @ChloeMessdaghi

  • Burnout: Destabilizing Retention Goals and Threatening Organizational Security
  • Security teams
Cory Doctorow

Cory Doctorow ( is a science fiction author, activist, and journalist. His latest book is ATTACK SURFACE, a standalone adult sequel to LITTLE BROTHER. He is also the author HOW TO DESTROY SURVEILLANCE CAPITALISM, nonfiction about conspiracies and monopolies; and of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE; and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His first picture book was POESY THE MONSTER SLAYER (Aug 2020). He maintains a daily blog at He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles.

  • Privacy Without Monopoly: Beyond Feudal Security
  • Privacy, online platforms & misinformation
David Décary-Hétu

David Hétu est cofondateur et chef de la recherche de Flare Systems. David est titulaire d'un doctorat en criminologie de l'Université de Montréal. Ses principaux intérêts de recherche portent sur les marchés illicites en ligne et l’impact de la technologie sur la criminalité, que ce soit du point de vue des délinquants ou du point de vue du législateur. Les recherches de David ont été publiées dans les plus grandes revues académiques (ex. British Medical Journal) et présentées lors de conférences de premier plan (Botconf, HOPE). Il est régulièrement invité à partager son analyse de la cybercriminalité dans les médias. David a développé l'outil logiciel DATACRYPTO pour surveiller les activités des délinquants sur le darknet et a codéveloppé l'outil logiciel BitCluster pour suivre les transactions de cryptomonnaies.

  • Unmasking the Cameleons of the Criminal Underground: An Analysis From Bot To Illicit Market Level
  • Malware & geopolitics
Dhiraj Mishra

An active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at BlackHat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at and tweets on @RandomDhiraj

  • Introduction to fuzzing
Dolev Farhi

Dolev is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defences for one of the fastest Fintech companies in North America.

Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB.

  • Application security
  • Damn GraphQL - Attacking and Defending APIs
Eric Evenchick

Eric is a Technical Director working within the Transportation and Hardware practices at NCC Group. His work has been focused on automotive system security, firmware binary analysis, and tool development.

Eric has developed several open-source tools for automotive security testing including CANtact and CANtact Pro. These tools have been used by a wide variety of automotive companies, security firms, and government agencies.

Eric holds a Bachelor of Applied Science in Electrical Engineering from the University of Waterloo. While in school, he performed research on development of alternative fuels vehicles in partnership with General Motors.
Eric is a member of the Black Hat and SecTor review boards. He has also presented at numerous security conferences including: Black Hat, SecTor, DEF CON, ToorCon, PyCon USA, and NorthSec.

  • Building CANtact Pro: An Open Source CAN Bus Tool
  • Hardware
Evelyn Lam

Evelyn Lam is an Identity and Access Management Lead Security Architect, Vice President at Morgan Stanley. She has over 16 years of IT experience managing enterprise-scale global projects for such industries as Wall Street Investment Banking, Retail Banking, and Big 4 Consultancy. She has nine years of experience in leading security teams, development teams in North America and Asia, and managing client relationships in North America, Europe, and Asia.

Evelyn specializes in strategic and architectural decision-making in authentication, identity management, cloud security, and data masking.

In addition to her Security Architect role, Evelyn has a track record of public speaking, tutoring, and mentoring since 2010. She was a speaker at Grace Hopper Conference 2020, a summer guild instructor in Women in Technology in New York 2019, a speaker and a panelist at security conferences. Evelyn has been an instructor of entry-level and advanced security classes teaching security architecture and threat modeling in her Firm since 2018. She is an active member of campus recruitment teams in North America. She is also a mentor in Rewriting the Code (RTC).

Evelyn is a Certified Information Security Manager with a Master's degree in Computer Science.

  • Cloud security
  • Authentication challenges in SaaS integration and Cloud transformation
Florian Martin-Bariteau
  • Vulnerability research
  • See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
Geneviève Lajeunesse (denki)

Geneviève is a cybersecurity professional and maker. Her professional experience spans almost 2 decades in technology in various industries, currently focusing on cloud security. A seasoned educator, she has initiated hundreds of teenagers to the maker movement and disruptive technologies such as rapid prototyping of electronics and 3D printing. She volunteers alongside marginalized and at-risk groups to empower them in adopting the best cybersecurity posture possible and to innovate to futher their missions.

  • Hardware
Igor Kozlov

Igor Kozlov received his PhD from McGill University, Canada. He co-authored 9 research articles in 3 different fields, including computational studies of data from the LHC (biggest experiment in human history). Currently he works as a Data Scientist in Cyber Security at Bell Canada. He is always happy to share his passion for everything (data, computer, natural, applied, fundamental) science.

  • Data Science way to deal with advanced threats.
  • Detection engineering
Indiana Moreau

Indiana is a security engineer at Security Innovation who specializes in testing web applications, APIs, and cloud configurations. He has a background in web development and previously worked in telecommunications and banking, performing penetration tests and security assessments. In his spare time, he works on personal coding projects and eats copious amounts of sushi.

  • Application security
  • Repo Jacking: How Github usernames expose 70,000 open-source projects to remote code injection
Ivica Stipovic

Ivica works as an Information Security Consultant. He tries to understand the intricacies of security processes and find the ways to undermine them. In a previous life a network and system administrator, he moved recently towards security research. Currently, a proud employee of Ward Solutions. Formal education encompasses BSc in Computing and Telecom ,MSc in Computer Forensics and Masters in Business Administration.

  • Vulnerability research
  • Bypassing advanced device profiling with DHCP packet manipulation
Jared Atkinson

Jared is a security researcher who specializes in Digital Forensics and Detection Engineering. Recently, he has been building and leading private sector Detection and Response programs. In his previous life, Jared led incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, maintains a DFIR focused blog at, and is the host of the Detection: Challenging Paradigms podcast.

  • Detection engineering
Jeff Dileo

Jeff is a security consultant by day, and sometimes by night. A Technical
Director at NCC Group, he specializes in application security, and regularly
assesses mobile device firmware applications, embedded platforms, web
applications, and "privileged" code of all kinds. He has spoken publicly at
conferences such as DEF CON, ToorCon, RECON, and CCC, covering a wide range of
topics including Android and Java bytecode instrumentation, scriptable
debugging, and, more recently, eBPF and unikernel security. A connoisseur of
exotic candies and snacks, he enjoys starting arguments about text editors and
window managers that he doesn't actually use. Jeff holds an MS in Computer
Science from NYU Poly (Tandon).

  • Vulnerability research
  • dRuby Security Internals
Joëlle-Alexandra Desmarais

Joëlle-Alexandra Desmarais-Lauzon is a graduate of HEC Montreal in business administration and holds a master's degree in software engineering from the University of Sherbrooke. She has held numerous positions as an information security consultant for several large Canadian institutions and now works for Ubisoft as a security team leader (IAM).

In parallel to her professional career, she is involved in various initiatives that promote the leadership of women in the IT field.

She is also the co-founder of a small company specialized in balcony optimization, Demain Dimanche, whose products are proudly made in Montreal.

  • Security teams
Laurent Desaulniers

Laurent is the Director of Penetration Testing for GoSecure. He has conducted over 400 pentesting and red team engagements over the span of 10 years and is still enthusiastic about it. Laurent is also a challenge designer for Northsec and has given talks to RSA, CQSI, NCFTA, HackFest, RSI, Montrehack, Owasp Montreal and Northsec. Besides security, Laurent is interested in Lockpicking, magic and pickpocketing.

  • Application security
Lex Gill

Lex Gill is a lawyer at a groundbreaking Montreal firm known for class actions and public interest litigation in areas like human rights, environmental law, and corporate accountability. She is also an affiliate at the Citizen Lab, where she supports the organization’s work on issues like freedom of expression, equality, and surveillance. Lex teaches part-time at McGill University’s Faculty of Law, and has worked for organizations that include the Supreme Court of Canada (as clerk to the Chief Justice), the Canadian Civil Liberties Association, and the Canadian Internet Policy and Public Interest Clinic.

  • Privacy, online platforms & misinformation
Magno Logan

Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among other topics. He has been tapped as a resource speaker for numerous security conferences around the globe including Canada, USA, Portugal and Brazil. He is also the founder of JampaSec and a member of the CNCF SIG-Security team.

  • Cloud security
  • Kubernetes Security 101: Best Practices to Secure your Cluster
Mansi Sheth

Mansi Sheth is a Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finds insecure usage in customer code and suggests automation measures in finding vulnerabilities for Veracode's Binary Static Analysis service. She is an avid traveller with the motto "If not now, then when?”

  • Cryptography Do's and Don't in 2021
  • Application security
Marc-andre Labonte

Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.

Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing research and testing on IOT devices, he also presented "Leveraging UART, SPI and JTAG for firmware extraction" workshop at NSEC in 2019. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.

  • Hardware
  • Automated contact tracing experiment on ESP Vroom32
Marc-Etienne M.Léveillé
  • Malware & geopolitics
Marie-Pier Villeneuve-Dubuc

Marie-Pier Villeneuve-Dubuc is a student with a bachelor's degree in criminology from Université de Montréal. She is an intern from Commissionnaire du Québec in their cybersecurity department (VYGL). Marie-Pier also works with other cybersecurity organizations such as SERENE-RISC to help share knowledge about cybercrime and cybersecurity. Through her studies, she accomplished different research projects on cybercrimes, the dark web, and recently geopolitical issues such as political interference on the cyber surface. She intends on doing a master's degree focusing primarily on cybercrimes and their international matters.

  • Social bots: Malicious use of social media
  • Privacy, online platforms & misinformation
Mathieu Saulnier

Mathieu Saulnier is a Core Mentor member for Defcon's Blue Team Village. He has held numerous positions as a consultant within several of Quebec’s largest institutions. Since 2011, he has been focused on putting in place SOC and has specialized in detection (Blue Team), content creation and mentorship. He worked as a "Senior Security Architect" and acted as "Adversary Detection Team Lead" and "Threat Hunting Team Lead" for one of Canada’s largest carrier for more than a decade and he is now "Sr Manager Incident Response" at Syntax. He loves to give talk and had the honor to do so at Derbycon, Defcon’s BTV, NorthSec, BSidesLV, Grayhat, GoSec and BSidesCharm.

  • Full Circle Detection: From Hunting to Actionable Detection
  • Detection engineering
Max Habra

Lead Cloud Integrator for the Data Analytics & Innovation Team at Mouvement Desjardins, Max is a Security Consultant for Financial Services, specialized in cloud, application security and secure pipelines.

  • Cloud security
Mitchell Cohen

Mitchell is Product Lead at 1Password, where he specializes in delivering usable security in the browser and on the desktop. Before he joined the joined the dark side and became a software developer, Mitchell followed a circuitous path through technical writing, journalism, and liberal arts. His interests span from operating systems, to UX, to linguistics, to the history of science and technology. Mitchell lives in a tiny Toronto apartment with his partner and cat. He will make you a great cup of coffee if you ask.

  • Application security
  • How to harden your Electron app
Morgan Whitlow

Morgan Whitlow is a multidisciplinary reverse engineer working primarily with embedded and mobile devices. A former lockpicking instructor and nanotechnology researcher, she eventually decided to pursue Master of Science in Applied Computer Science, breaking into tech security and hunting, monitoring, and responding to threats within client systems. She has a particular affinity for hardware and rapid prototyping.

  • Reverse Engineering Practical Overview
Ofir Shaty

Security Researcher at Imperva for the last 3 years & 2 years as a database security & complience expert.
Web application vulnerability research & analysis.
Database Security & Web Application Security.
Data & Information Security, Compliance and Regulations.
Risk Management, Vulnerability Assessments and Scanning.

  • CrimeOps of the KashmirBlack Botnet
  • Malware & geopolitics
Olivier Bilodeau

Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With
more than 10 years of infosec experience, he enjoys attracting embedded Linux
malware, writing tools for malware research, reverse-engineering
all-the-things and vulnerability research. Passionate communicator, Olivier has
spoken at several conferences like BlackHat USA/Europe, Defcon, Botconf, SecTor,
Derbycon, HackFest and many more. Invested in his community, he co-organizes
MontréHack, a monthly workshop focused on applied information security, and
NorthSec, Montreal's community conference and Capture-The-Flag.

  • Capture-The-Flag 101
Pedro Ribeiro

Pedro started working in security by doing ISO27001 audits. After almost dying of boredom, he jumped into penetration testing, reverse engineering and vulnerability research, focusing on embedded systems and enterprise software.

He is the Founder & Director of Research at Agile Information Security, a boutique security consultancy that focuses in providing hardcore technical cyber security solutions to its clients.

In his spare time Pedro hacks hardware and software and has made public dozens of remote code execution vulnerabilities resulting in 140+ CVE, and authored 60+ Metasploit exploits. He regularly participates in Pwn2Own as part of "Flashback Team", winning Pwn2Own Tokyo 2020 outright with his teammate Radek Domanski.

  • Vulnerability research
  • Critical Vulnerabilities in Network Equipment: Past, Present and Future
Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.

  • Request Smuggling 101
  • Cloud security
Rayna Stamboliyska

Rayna Stamboliyska focuses on EU cyber diplomacy and resilience including issues related to cybersecurity, strategic autonomy and data protection. An award-winning author for her most recent book "La face cachée d'Internet" ("The dark side of the Internet",  Larousse 2017), Rayna is also an IoT hacker and a staunch proponent of open source, data and science. Rayna has served in various Directorship and security-related foreign policy positions: she has consulted for international organisations, private companies, governments and non-profits, interfacing with public sector actors and guiding them through innovative policy-making processes. Energetic and passionate, Rayna has grown to become a recognised information security speaker committed to educating those outside of the industry on security threats and best practices. A longtime diversity advocate, she is Council Member of Women4Cyber Europe.

Currently, Rayna is the VP Governance and Public Affairs at YesWeHack, a global bug bounty and coordinated disclosure leader. She also manages the EU-funded SPARTA research and innovation project, which is a pilot for the EU Cyber Competences Network. She teaches at Sciences Po Paris and writes up the cybersecurity expert column "50 shades of Internet" at

  • Vulnerability research
Renzon Cruz

Renzon Cruz, a Filipino security professional living in Dubai who works as Digital Forensics & Incident Response in a FinTech company based in the UK. He previously worked as Senior Security Consultant as part of a National Cyber Security Agency in Doha, Qatar. Prior to working in Dubai, he was also assigned as Sr. Security Analyst & Incident Responder and was also a previous college instructor at New Era University, Philippines. He was also accepted to various international conferences as a speaker such as BSides Vancouver (2019), BSides London (2019), BSides Doha (2020), and ROOTCON Hacking Conference (2020). He is also a co-founder, course developer, and instructor of GuideM, a real-world cybersecurity training center based in the Philippines. He also holds different certifications such as GCFA GCFE, GCIH, eCTHP, eCDFP, eJPT, CFR. He is mainly interested in defensive strategy, threat hunting, digital forensics, and incident response, malware analysis, adversary simulation.

  • Cloud security
  • Forensicating Endpoint Artifacts in the World of Cloud Storage Services
Roger Johnston

Roger Johnston is a security specialist at Ubisoft and a member of Cognitive Security Collaborative. In 2020, Cognitive Security Collaborative set up the CTI League's disinformation team, and continues to work with groups around the world to bootstrap communities of disinformation responders.

His work involves security consulting, adversary emulation, and malware development. At Cognitive Security Collaborative he researches influence operation TTPs and develops mitigation strategies for the AMITT framework, performs red team exercises, and develops trainings.

  • Privacy, online platforms & misinformation
  • AMITT Countermeasures - A Defensive Framework to Counter Disinformation
Sam Quinn

Sam Quinn is a Security Researcher on McAfee’s Advanced Threat Research team , focused on finding new vulnerabilities in both software and hardware. Sam has a focus on IOT and embedded devices with knowledge in the fields of reverse engineering and penetration testing.

  • Malware & geopolitics
  • Hacking K-12 school software in a time of remote learning
Sara-Jayne Terp

Sara-Jayne “SJ” Terp is a data nerd with a long history of working on the hardest data problems she can find. Her background includes designing unmanned vehicle systems, transport, intelligence and disaster data systems with an emphasis on how humans and autonomous systems work together; developing crowdsourced advocacy tools, managing innovations, teaching data science to Columbia’s international development students, designing probabilistic network algorithms, working as a pyrotechnician, and CTO of the UN’s big data team. Her current interests are focused on misinformation mechanisms and counters; she founded Bodacea Light Industries to focus on this, worked with the Global Disinformation Index to create an independent disinformation rating system, and runs a Credibility Coalition working group on the application of information security principles to misinformation. SJ holds degrees in artificial intelligence and pattern analysis and neural networks.

  • Privacy, online platforms & misinformation
  • AMITT Countermeasures - A Defensive Framework to Counter Disinformation
Sarit Yerushalmi

Security researcher at Imperva for the last 5 years in web application and cloud data security and for 5 years as a security analyst.
Analyse CVEs and threats in web applications and cloud environment.
Develop algorithms to detect and protect against attacks.

  • CrimeOps of the KashmirBlack Botnet
  • Malware & geopolitics
Stephanie Tran

Stephanie is a Policy and Research Assistant at the Cybersecure Policy Exchange and Ryerson Leadership Lab. She is an experienced researcher with over five years of experience analyzing public policy and human rights issues related to digital technologies, with past experience working for the Citizen Lab, Amnesty International Canada, the United Nations Office for the Coordination of Humanitarian Affairs (UN OCHA) and more. She is a trained computer programmer, having earned a Diploma in Computer Programming from Seneca College. She also holds a dual degree Master of Public Policy (Digital, New Technology and Public Affairs Policy stream) from Sciences Po in Paris, and a Master of Global Affairs from the University of Toronto. She earned her BA degree from the University of Toronto specializing in Peace, Conflict and Justice.

  • Vulnerability research
  • See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
Suchakra Sharma

Suchakra Sharma is Staff Scientist at ShiftLeft Inc. where he builds code analysis tools and and hunts security bugs. He completed his Ph.D. in Computer Engineering from Polytechnique Montréal where he worked on eBPF technology and hardware-assisted tracing techniques for OS analysis. As part of his research, he also developed one of the first hardware-trace based virtual machine analysis techniques. He has delivered talks and trainings at venues such as RSA, USENIX LISA, SCALE, Papers We Love, Tracing Summit, etc. When not playing with computers, he hikes and writes poems.

  • DIY Static Code Analyzer: Building your own security tools with Joern
Tanya Janca

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

  • Security Metrics That Matter
  • Security teams
Vickie Li

Vickie Li is the resident developer evangelist at ShiftLeft. She is an experienced web developer with an avid interest in security research. She can be found on, where she blogs about security news, techniques, and her latest bug bounty findings. She also hosts “Security Simplified”, a developer education series focusing on web security:

  • DIY Static Code Analyzer: Building your own security tools with Joern
Vitor Ventura

Vitor Ventura is a Cisco Talos security researcher. Has a researcher, he investigated and published various articles on emerging threats. Most of the days Vitor is hunting for threats, investigating, them reversing code but also looking for the geopolitical and/or economic context that better suits them. Vitor has been a speaker in conferences, like NorthSec, Virus Bulletin, Recon Brussels, Defcon Crypto Village and BSides Lisbon and oPorto among others. Prior to that he was IBM X-Force IRIS European manager where he was lead responder on several high profile organizations affected by the WannaCry and NotPetya infections, helping to determine the extent of the damage and to define the recovery path. Before that he did penetration testing at IBM X-Force Red, where Vitor lead flagship projects like Connected Car assessments and Oil and Gas ICS security assessments, custom mobile devices among other IoT security projects. Vitor holds multiple security related certifications like GREM (GIAC Reverse Engineer Malware), CISM (Certified Information Security Manager).

  • Blurred lines - The mixing of APTs with Crimeware groups
  • Malware & geopolitics
Warren Mercer

Warren Mercer joined Talos coming from a network security background, having previously worked for other vendors and the financial sector. Focusing on security research and threat intelligence, Warren finds himself in the deep, dark and dirty areas of the Internet and enjoys the thrill of the chase when it comes to tracking down new malware and the bad guys! Warren has spent time in various roles throughout his career, ranging from NOC engineer to leading teams of other passionate security engineers. Warren enjoys keeping up to speed with all the latest security trends, gadgets and gizmos; anything that makes his life easier in work helps!

  • Blurred lines - The mixing of APTs with Crimeware groups
  • Malware & geopolitics
Yuan Stevens

Yuan (rhymes with Suzanne) Stevens works at the intersections of law, policy, and technology with a focus on privacy and cybersecurity. She holds the position of Policy Lead on Technology, Cybersecurity and Democracy at the action-oriented think tank Ryerson Leadership Lab at Ryerson University. Her work equips society with the ability to understand and patch up harmful vulnerabilities in sociotechnical and legal systems. Based in Montréal, she is a research fellow at McGill University’s Centre for Media, Technology & Democracy and research affiliate at Data & Society Research Institute. She received her BCL/JD from McGill University in 2017. She serves on the board of directors for Open Privacy Research Institute, Head & Hands in Montréal, and previously worked at the Berkman Klein Center for Internet & Society at Harvard University.

  • Vulnerability research
  • See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government