Adam Foster, also known as evildaemond is a Senior Penetration Tester with OneStep Group and an Information Security Researcher, with niches in Physical and Hardware Security. They have developed and released open source tools such as the DoorSim and Physsec Methodology, aiming to encourage cyber security professionals to understand the physical side of information security.

Adam Kues (hashkitten) is a Security Researcher at Assetnote from Melbourne. Outside of finding esoteric and tricky but exploitable vulnerabilities in enterprise software in his day job, he participates in CTFs with the skateboarding dog team. He represented Australia in the International Cybersecurity Championships from 2022 to 2024 and regularly contributes challenges for DownUnderCTF.

in 1633 alex was excommunicated by the catholic church for insisting the earth revolves around the sun

I'm a digital nomad fighting cybercrime.
I've been travelling Australia full time for over two years in my Landcruiser and hacking the planet from the most pristine beaches our country has to offer to the most remote parts of the outback.
I specialise in dark web, cybercrime and blockchain security, I'm also the proud founder of Rivanorth.

Ananda is a security enthusiast who has been doing web hacking and bug bounty since 2018. He is working as a Vulnerability Researcher at Patchstack and focuses on finding security vulnerabilities in WordPress ecosystem.

Animesh is a Security Consultant working at Tanto Security. He is interested in web security research and occasionally does Bug Bounties. You can get in touch with him on LinkedIn at https://www.linkedin.com/in/an1msh/

Reverse engineering for threat intel by day. Reverse engineering for no reason by night.

Anurag is a Director with the CrowdStrike Digital Forensics and Incident Response (DFIR) team, where he leads the team in Asia Pacific. His team works on several incident response investigations that involve nation state and eCrime adversaries every year.

He has led several high profile investigations over years involving nation state threat actors, investigating threat actor activity, scoping the incidents, creating and executing eviction plans and helping organisations improve detection capabilities .His work has led to detection and tracking of previously unknown threat actor groups and malware.

He has also been involved in eCrime incident response investigations, often getting into knife fights with adversaries, during dynamic threat actor activity.

Anurag is a SANS Certified Instructor where he teaches SEC504: Hacker Tools, Techniques, and Incident Handling.

Ayman is a principal security consultant at CyberCX with a decade of professional cybersecurity experience. Ayman enjoys offensive security research, vulnerability discovery and malware analysis.

Ben's background spans embedded development, safety-critical systems, browser security, network security and cryptographic protocols. He left Apple in 2024, having worked on autonomous systems, iCloud Keychain sync protocols, and a Rust implementation of IPsec that secures network traffic across Apple's data centres. He has trained hundreds of engineers and helped multiple teams to adopt and deploy Rust at scale.

-

The BSides Canberra Organising Group is a volunteer team passionate about growing Australia’s cyber security community. Since 2016, they’ve built BSides Canberra into the country’s largest hacker conference - while keeping it community-focused, technically deep, and welcoming.

Outside the conference, the team supports year-round learning and connection through events like CSides and initiatives that promote diversity and inclusion in cyber.

• Interested in find vulnerability in Windows (kernel, user application), binary exploit
• MSI, eScan Hall Of Fame (with BoB.0DayResearchLab)
• Presentation Member of CODEBLUE 2024 (1-Click-Fuzz: Systematically Fuzzing the Windows Kernel Driver with Symbolic Execution.)
• CVE-2024-20653, CVE-2024-21442, CVE-2024-21445 in windows kernel, and find many CVE from that project
• M.S. Computer Science in Sejong University

After earning his PhD in Mathematics, Dave dedicated the next 25 years to consulting for the Australian Government, focusing primarily on Defence, Intelligence, and Law Enforcement, before transitioning to roles at CrowdStrike and Gen Digital (which was formed from the merger of Avira, Avast, and NortonLifelock). Throughout his career, he has remained deeply involved in Incident Response and Forensics, with the privilege of supporting individuals during some of their most challenging moments at work.

His expertise spans the full spectrum of cybersecurity, from offensive and defensive operations to incident response and building security capabilities. He holds a strong passion for digital forensics and incident response, with a focus on helping people prevent and recover from attacks, and on removing obstacles to effective information sharing.

David is an open source software engineer at G-Research. His security interests centre around Unix and networks and how to break them in surprising ways. He believes that we need to understand more historical vulnerabilities in order to fix current issues and so spends his spare time researching codebases or technologies that no-one else thinks to look at. This has lead to talks at various conferences, including DEF CON. In addition when he can put it in DNS, he will, creating such hits as "Wikipedia over DNS" and "Wordle over DNS".

Dave/Karit has worked in various parts of the IT industry and has developed a skillset that encompasses various disciplines in the information security domain. Dave currently does Security Consulting in Wellington and runs Kākācon.

Dave has presented at a range of conferences such as DefCon, Kiwicon, Aerospace Village @ DefCon, BSidesCBR, CHCon, Unrestcon and at numerous local meetups; along with running training at Kiwicon, Syscan, CrikeyCon, CHCon and TuskCon. He also has a keen interest in aerospace, lock-picking and all things wireless.

Dylan Pindur is a Security Researcher at Assetnote from Perth. He has a diverse background in information security, having worked in roles over the last ten years that have included pentesting, creating vulnerable VMs for Offensive Security, and leading an Application Security team for a large insurance company.

Edward Farrell is a cybersecurity professional, educator, and founder of Mercury Information Security Services. With over a decade of experience spanning penetration testing, incident response, and infrastructure hardening, Edward has presented at leading conferences including AusCERT, CrikeyCon, and various BSides events. His elevation from helpdesk, to role as CEO has, in true dilbert principle style, led to a complete loss of his ability to do any real work.

Giuliana is a Security Engineer at Atlassian. She likes poking at things on her laptop until they do something they aren’t supposed to. She loves food, fashion and making new friends - so come say hi!

Jack Sessions is a cybersecurity researcher from Melbourne specializing in mobile security, forensics, and counterintelligence. He builds custom Android OS toolkits for anti-forensics, reverse-engineers real world apps for CVEs, and advises early stage security startups.

Jack blends offensive research with field driven counter-surveillance techniques to push the limits of what’s possible on mobile devices.

He also runs a YouTube channel @JackSessions featuring mobile hacking tutorials, forensic deep dives, and live analysis of mobile threat landscapes.

Jamal is also a Security Engineer at Atlassian. He likes computers, masquerading as a farmer, making new friends and wholesome security vibes, so come say hi!

James is an Intrusion Analyst and Threat Hunter at CrowdStrike (OverWatch), with a strong focus on identity and authentication security. Formerly, he was an Security Engineer at Monash University, and a Systems Engineer at identity startup Lithnet.

Senior Penetration Tester - SilentGrid

Jeremy has worked in Cyber Security for close to 15 years and coming from a non-technical background, was told by a colleague on day one "the hardest bit is that you're going to need to learn a new language". Boy was that guy right. In an industry that is sometimes deadly serious, Jeremy likes to find the lighter side of things wherever it can be found. Moonlighting as a stand-up comedian / MC / semi pro piss taker provides him with a different perspective on various matters and makes him an engaging and entertaining presenter.

Jia Hao Poh is a Senior Security Consultant at Elttam, whose interest lies in web application security. He is always interested in staying up to date about the latest hacking techniques used to challenge the assumptions.

John Uhlmann (he/him) is a Security Research Engineer at Elastic where he is the R&D lead for the Elastic Endpoint (EDR) Windows agent. Prior to this he did similar work at the Australian Cyber Security Centre.

Joshua Padman is a Senior Principal Security Analyst working in Red Hat's Information Security Incident Response team. He has spent a total of eight years at Red Hat, prior to his current role he was in the Product Security team. Joshua has a strong interest in the challenges faced by companies working in open source. More importantly, Joshua is a long term BSides Canberra volunteer and attendee.

Justin is a speaker with a remarkable background in Network Security. After gaining his degree in Network Security and working as a forklift driver for a few years, he is now working as a Security Engineer. Justin regularly competes in Capture the Flag events where he improves his skills and knowledge. Despite living with ADHD, or perhaps because of it, he has developed an unquenchable thirst for cybersecurity knowledge.

Justin is a seasoned computer security professional with 13 years of experience across Incident Response and Software Security. As Tanto Security's Head of Research, Justin fosters the curiosity and ingenuity of our consultants, supporting them as they engage in their own research projects.

Katie Deakin-Sharpe is a malware analyst at the Australian Cyber Security Centre (ACSC), where she reverse engineers malware to help protect and defend Australian government and industry networks. Prior to joining the ACSC, she worked as a software developer at the consumer privacy start-up Anonyome Labs.

A Security Engineer with Advanced Practices at Google. He primarily supports frontline intelligence operations and incident response investigations.

Kristin (aka Krispy) is a Security Engineer in Google’s Detection and Response team. Her team’s mission is to protect, respect and defend their users, Googlers and the internet. Her area of expertise is all things Identity; think authentication, tokens and cookies galore.

Outside of work, she enjoys travelling, joining an unsustainable amount of book-clubs and speaking in third person.

Liam began his cybersecurity journey in 2020 and currently works as a Senior Capability Developer in the Digital Forensics & Incident Response (DFIR) team at CyberCX. In his current role, he is responsible for designing, implementing and maintaining various in-house and third-party tooling used by the DFIR practice, as well as contributing to investigations specializing in cloud and application security.

He currently holds the GIAC Certified Forensic Analyst (GCFA) and GIAC Cloud Security Automation (GCSA) certifications and has a wealth of knowledge and experience in digital forensics, incident response, application security, and software engineering.

Liv Rowley is a Research Manager at Open Measures. Much of her current research focuses on threats and digital harms originating from fringe tech platforms. In previous roles, Liv has worked as a threat intelligence analyst in both the US and Europe, specializing in understanding threats from the cybercriminal underground as well as the Latin American cybercriminal space.

Luke is a Junior Security Engineer at Bugcrowd with a particular interest around supply chain vulnerabilities and security risks that impact systems and developers.

As a security researcher he has reported vulnerabilities to over 40+ organisations including Microsoft, Adobe, Anthropic, Electronic Arts and more!

Luke brings with him two decades of cyber security and IT experience, along with a passion for explaining concepts in the simplest way possible. Inspired by the ingenuity (and sometimes accidental brilliance) found in game speed running strategies, he bridges the gap between seemingly disparate worlds to illuminate fundamental concepts in cyber security.

Malware Security

Marcio Almeida is one of the Co-Founders and the Director of Technical Services at Tanto Security. He has worked in cyber security for over 15 years and has experience with Penetration Testing, Code Review, Exploit Development, Secure Development, DevSecOps and Red Team Operations.

Matthew is a principal security consultant within the Proactive Labs team, with over 15 year’s
experience in the Information Technology industry, and with 8 years in offensive security.

Matthew regularly develops bespoke tooling for engagements, and has
also performed other technical roles outside of penetration testing, including development of
open-source collection systems, and technical advisory for uplifting large government organisations.

Matthew Flanagan (@mattimustang@infosec.exchange) is the Director and Principal Cyber Security Consultant at Cybliminal, a security consultancy he founded in 2022. With 30 years of IT experience, including 25 years specialising in cyber security, he applies adversarial and offensive techniques to help organisations build stronger, more resilient defences.

Nic is an experienced cyber security manager with a strong passion for helping lay people understand complex and technical concepts.

This is aided by his broad experience gained from 20 years in Government across intrusion detection, network analysis, technical analysis, cryptography, non-technical analysis, crisis leadership, teaching technical concepts to non-technical audiences and music. (Thankfully, no interpretive dance).

Nic has infinite curiosity and considers it a great day when he has learned something new. He also hates writing about himself pompously in the third person.

Patrick is a professional yapper when it comes to Cyber Threat Intelligence and Proactive Threat Detection. Currently focusing on threat hunting implementation and loves an OSINT challenge. Avid Australian wildlife fanatic and a lover of the sweet science of MMA.

Paul is the Head of Research at Safety (safetycli.com) and a well-known researcher in the malicious packages space, as well as being a DevSecOps OG. He founded multiple startups including SecureStack in 2017, SourceCodeRED in 2023 and GitHax in 2024 . Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, and Australian government amongst others.  Paul is a frequent contributor to open source and is the author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM” and when he’s not doing that he’s snowboarding with his wife and 3 amazing kids.

Perri Adams is a fellow at Dartmouth’s Institute for Security Technology Studies (ISTS) and former Special Assistant to the Director at the Defense Advanced Research Projects Agency (DARPA), where she advised stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.

Prior to this role, Ms. Adams was a DARPA Program Manager within the Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC). A frequent speaker on both technical and cyber policy issues, her written work has been published by Lawfare and the Council on Foreign Relations. She has advised and collaborated with think tanks such as the as Carnegie Endowment for International Peace and Georgetown’s Center for Security and Emerging Technology. She is also an adjunct professor at the Alperovitch Institute at Johns Hopkins School of Advanced International Studies and served for two years on the organizing committee of the DEF CON CTF, the world’s premier hacking competition.
Ms. Adams holds a Bachelor of Science degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.

Priya Gnanasekaran is a Senior Security Engineer at LAB3, a TEDx speaker, and a recognised cybersecurity advocate. With a strong background in infrastructure security, DevSecOps, and identity management, Priya blends technical expertise with a passion for reimagining digital trust. She has led enterprise-wide security transformations, championed secure design thinking, and frequently speaks on global stages about emerging technologies, including Web3, AI, and decentralized identity. Priya’s mission is to make cybersecurity more accessible, equitable, and human-centric—bridging the gap between innovation and impact.
Linkedin Profile: https://www.linkedin.com/in/priyacyber/

Rachel Noble is the former Director General of the Australian Signals Directorate, Australia’s signals intelligence and cyber security agency. Rachel held this role for five years prior to which she was the head of ASD’s Australian Cyber Security Centre.

Prior to ASD, Rachel was the Deputy Secretary Executive Group in the Department of Home Affairs responsible for enterprise strategy, risk, assurance, security and ministerial, media and intelligence services. Rachel led the Portfolio’s Home Affairs Implementation Team to stand up the Home Affairs Portfolio in 2017.

In 2014, Rachel was promoted to Deputy Secretary Policy Group in the Department of Immigration and Border Protection which included responsibility for trade, customs, immigration and international policy.

Rachel joined the Australian Customs and Border Protection Service (ACBPS) in May 2013 as the National Director Intelligence and Chief Information Officer. Her previous role was as First Assistant Secretary Ministerial and Executive Coordination and Communication, at the Department of Defence.

Prior to rejoining Defence, Rachel was the National Security Chief Information Officer and Cyber Policy Coordinator in Prime Minister and Cabinet, responsible for improving information sharing among the national security community and coordinating whole of government policy on cyber issues. Rachel received a Public Service Medal for this work.

Rachel previously held several SES positions in the Department of Defence including Assistant Secretary Governance, responsible for the overall governance and assurance framework for Defence; Assistant Secretary Americas, North and South Asia, Europe in the International Policy Division, and Deputy Chief of Facility at the Joint Defence Facility Pine Gap.

Rachel has also worked for the Bureau of Meteorology on international policies to address global climate change and started her career in private industry working for Optus.

Rachel has a Masters of Business Administration in Technology Management and a Bachelor of Science with Honours.

Lead Security Researcher at Patchstack.

Rajiv is an expert in explaining emerging technology, and helping organisations to apply it in a way that is both secure and delivers business value. In addition to running his own consulting business, MDR Security, he is a Fellow of the Australian Strategic Policy Institute, and a member of the board of the Australian Information Security Association. He is a regular speaker at major conferences, including SXSW Sydney 2024 and the CSIRO "Quantum Meets Communications" event.
Rajiv has a PhD in quantum physics, and has almost 30 years experience in the technology industry, working across cyber security, quantum technology, telecommunications, AI and cloud. His current work includes technical advice and oversight to major IT projects, solution architecture for complex data platforms and providing technical input to strategy development and analysis of public policy options. Rajiv's previous experience includes as the inaugural Australian regional director for the cyber security division of BAE Systems, and establishing Australian federal government business for British Telecom.

Redacted Information Security

Richard is a cybersecurity professional with over 20 years of hands-on technical experience across offensive security, incident detection, and research. He currently serves as Principal Security Consultant and Head of Research at SilentGrid Security, where he he specialises in application assessments and drives innovation in security tooling and methodology.

Riley has experience building, breaking, learning, and teaching across consulting and internal security teams in Australia and Europe. As the Product Owner of Adversary Simulation at NAB, he helps protect the bank by proactively doing what our tracked threat actors like to do.

Principle Consultant @ControlPlane - Like to talk about how Security is fundamental to DevOps, how Kubernetes often isn't the best answer to your problem and my lived experience of SRE.

I've been Automating toil in Linux for 20 years, but when Kubernetes came along I was initially dismissive, after all I was already building everything in Containers with Docker and orchestrating in a variety of semi-manual ways. I've since come to appreciate all it can do and also what its limitations are and when NOT to use it. I've taught DevOps courses and Kubernetes courses while also helping large enterprises setup internally managed Kubernetes platforms with a product based mindset.

Sean Park is a reverse engineer and AI security researcher who hunts for blind spots in modern agentic systems. From prompt injections to compromised MCP servers, he uncovers how small flaws in AI workflows can trigger full-scale compromise. Whether analyzing Jupyter kernel traffic, tracing hallucinated dependencies, or stress-testing sandboxed agents, Sean blends automation, adversarial thinking, and low-level precision to stay ahead of emerging threats. His motto: every system can be mapped, exploited—and secured.

Season Cherian is a hacker and entrepreneur with deep expertise in technical and strategic security across both private and public sectors. Leading Hardware Security Research at Traboda Cyber Labs, he specializes in OT System Security Analysis, IoT Security, and N-day research. Beyond his entrepreneurial pursuits, Season is a key organizer of the bi0s meetup, collaborating with a team to host monthly sessions that draw top cybersecurity experts and researchers, promoting cutting-edge discussions and advancements. Additionally, he is a speaker and trainer at premier conferences, including Black Hat, SINCON, and InCTF.

Lead Incident Responder @ Mastercard

Shubham Shah is a security researcher and entrepreneur, known for co-founding Assetnote (acquired by Searchlight Cyber) - a leading attack surface management platform. He's ranked as the #1 bug bounty hunter in Australia for three consecutive years and #31st in the world on HackerOne.

skateboarding dog aren’t just any CTF team – they’re the best in the country. A powerhouse of talent, this team of former university students turned elite hackers has dominated the Australian CTF scene for years. They win almost every local conference they play in and have claimed the top spot at the BSides Canberra CTF for the past three years running.

In 2025, they're stepping up in a new role: not just as competitors, but as creators. skateboarding dog is designing and hosting the BSides Canberra CTF – and if their track record is anything to go by, it’s going to be one of the best challenges you’ll play all year. With deep technical skill, a nose for creative exploitation, and a flair for building clever, high-quality puzzles, they’re setting the bar high.

They’re also part of the brains behind DownUnderCTF, Australia’s largest online CTF, helping grow and support the local community of hackers and learners.

Get ready – the BSides Canberra 2025 CTF is going to be unforgettable. With skateboarding dog at the helm, you’re in for something special.

Follow them on twitter: https://x.com/sk8boardingdog

Stephen has been working in cyber security for around 20 years across both Government and the private sector. His current focus includes work such as security research, pentesting, vulnerability hunting, purple and red teaming, working on cyber security incidents and building, designing and maintaining offensive security systems and tools.

Leading strategist in Mission Assurance. Technical cyber defence mission lead.

Experiences;
- Protecting mission critical infrastructure
- Enhancing decision superiority through technical to business translation of cyber risks
- Finding innovative solutions to complex cyber, physical, and social challenges
- Designing agile and integrated strategy
- Driving cyber-minded cultural change
- Leading interdisciplinary teams

Your host for the Speedrun CTF is none other than toasterpwn (https://x.com/toasterpwn) - winner of the Hexacon Speedrun CTF 2024, captain of the rising Australian team Emu Exploit, and a professional vulnerability researcher at InfoSect.

Known for sharp skills and even sharper reflexes, toasterpwn has quickly built a reputation as Australia’s newest, brightest hacker. Whether it’s pwning binaries or racing the clock, they're here to put challengers to the test and bring the heat to the qualifier.

A cybersecurity professional with extensive experience in incident response and threat research. Initially beginning my career as an Incident Responder, I specialized in managing and mitigating active security threats within enterprise environments. Building upon this foundational expertise, I have transitioned into the role of a Threat Researcher, where I focus on in-depth analyses of emerging cyber threats, including sophisticated malware families.

Vivek N J is a seasoned cybersecurity professional with expertise in IoT security, penetration testing, firmware analysis, and reversing. As a Senior Security Engineer at Traboda, he leads the security team in identifying and mitigating risks associated with IoT devices. His focus lies in firmware analysis and reversing, enabling him to uncover hidden vulnerabilities and develop comprehensive security solutions for firmware-based systems.

BSides Canberra is entirely volunteer-run, with around 40 dedicated volunteers who contribute both before and during the event. Volunteers can be easily identified by their maroon t-shirts.