Doug started Security Onion in 2008 to provide a comprehensive platform for intrusion detection, network security monitoring, and log management. Today, Security Onion has over 600,000 downloads and is being used by organizations around the world to help monitor and defend their networks. In 2014, Doug started Security Onion Solutions LLC to help those organizations by providing commercial support and training. Doug is a CEO, public speaker, teacher, former president of the Greater Augusta ISSA, and co-founder of BSides Augusta, but what he really likes the most is catching bad guys.

As co-founder and CEO, Randy leads the company vision, innovation, and execution. He is a widely-respected authority in network security monitoring and an active supporter of the Suricata project since the beginning. In his spare time, Randy enjoys biking, fly fishing, and instrumenting his farm with IoT sensors. He holds a BS in Computer Science from University of Maryland Baltimore County (UMBC) and a MEng in Computer and Systems Engineering from Rensselaer Polytechnic Institute (RPI).

Pierre is interested in various security topics such as Operating Systems, boot sequence, compilers and languages, and new intrusion detection methods. He’s also trying to link all these topics by improving detection tools, writing safe parsers and deploying tools in a secure architecture. He is also a Debian Developer and has been involved in Free Software for a long time.

Champ Clark III (@dabeave666) is the CTO at Quadrant Information Security and is the lead developer of the Sagan log analysis engine (GPLv2).

Peter is an engineer working as evangelist at Balabit, the company that developed syslog-ng. He assists distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly at conferences (SCALE, All Things Open, FOSDEM, Libre Software Meeting, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machinesact:

Robert is leading the technical development team for the Threat Detection & Hunting managed security service at DCSO. He has a strong background in incident response consulting to detect and mitigate attacks on corporate and public networks. He believes in the power of Open Source Software for modern IT-security challenges and is a contributor to the Debian project.

Ray is a professor at Wentworth Institute of Technology, where he leads the Cybersecurity program. He spent over a decade at Purdue University, where he taught network engineering and security courses. Along the way, he acquired an interest in network forensics, began consulting in that arena, created courses in digital and network forensics, and architected and developed a forensic tool for file reconstruction for a large-scale network. He also participates in the Suricata Mob League to bridge industry and academia participation on all things Suricata.

Tom Hegel is an expert in network security and threat intelligence. He focuses his day on designing network detection mechanisms, monitoring and tracking malicious activity of all types. Tom is primarily involved with advanced actor groups, particular malware families, and attack campaigns.

Jason is a professional software developer with over a decade of experience developing and integrating open source solutions in the security and networking fields. Jason’s experience covers device drivers right up to user interfaces, including co-founding and acting as a CTO of an IDS integrator which was later acquired. Jason currently resides in Saskatoon, Canada.

Joe Johnson is a software engineer at Gigamon and has spent the last 2 and a half years working on Network Security Monitoring and Intrusion Detection. Prior to that, he worked on Microsoft’s Anti-Virus team for 9 years with a focus on malware removal, rootkits, dynamic analysis and automatic classification of malware.

Victor has been active as a software developer in the infosec community for many years. He is the creator of the Vuurmuur Firewall project, has been one of the developers at the Snort_inline IPS project. Victor has spent the last years doing contract development on Open Source security software including significant additions to Snort. At the end of 2007, he started development on the OISF codebase on which he now leads the development effort. He maintains a blog at http://www.inliniac.net/blog/ and uses twitter at http://twitter.com/inliniac.

My name is Chris. I have been a software engineer, systems architect, and consultant in the field of telecommunication security for over 15 years. I am based in a small town near Munich in Germany. My playgrounds are large packet switched networks. Finding creative ways to analyse and exploit such networks is my day-to-day job. Regarding Suricata: My first contact was at TROOPERS17 where I attended the 2-day training. Since then I have used Suricata quite frequently for network analysis.

As an engineer at Corelight, Christian helps commercialize one of his first NSM loves: the Bro network monitor. Prior to Corelight he lead the networking team at Lastline. He’s also a researcher in the networking group at the International Computer Science Institute in Berkeley, and misses the days on the OISF advisory board.

Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He has worked on the development of Suricata, the open source IDS/IPS, since 2009 and he is currently one of the Suricata core developers. He is also a founder of Stamus Networks, a company providing security solutions based on Suricata.

Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a Security Solution Architect. Peter maintains some additional info points of interest about Suricata: www.pevma.blogspot.com, https://github.com/pevma, and https://twitter.com/pevma.

Kelley combines over 15 years in business with a passion for facilitating conversations around responsible digital citizenship, digital safety, and free speech online. She combines her skill in strategic business development with her unique peerspective as a survivor of cyberstalking. Drawing on current trends and conversations in digital security with local and federal law enforcement, information security experts and national resources she creates strategies incorporating the human side of information security. Kelley holds a BS in Marketing, an MBA and a PhD in Information Security from Purdue.

Cooper is an authority in content delivery, high-performance computing, and computer security. He has over twenty years experience working in the public and private R&D sector, including AT&T Bell Laboratories, AT&T Research, CERFNET, startups, SDSC, and the Scripps Institute of Oceanography. He has spent the last 14 years as the technical lead for UCSD IR initiatives and the campus SOC.

Jos Schellevis likes to describe himself as a creative thinker, entrepreneur, and engineer at heart with a passion for open source. As Chief Technology Officer at Deciso B.V. and core member of the OPNsense community project, he is a technology enthusiast and innovator. In his spare time Jos enjoys cooking, a good glass of wine, and watching detectives. He graduated from Rotterdam University of Applied Technology and has over 20 years of experience in networking and telecommunications.

Sascha has a background in bioinformatics and efficient sequence pattern search algorithms. After several years of using his skills to analyze pathogen genomes, he decided in 2016 to focus on other challenging threats instead. As a Senior Security Engineer at DCSO, he now helps build and run the network security monitoring infrastructure that forms the basis of DCSO’s Threat Detection and Hunting service. He is also a Debian Developer and occasional contributor to the Debian packaging effort for Suricata and its ecosystem.

Dr. Josh Stroschein has spent over a decade as a programmer, security researcher, and consultant with a focus on malware analysis, exploits, reverse engineering, and web application security. His other expertise includes penetration testing, incident response and software development. Dr. Stroschein has a PhD from Dakota State University where he is also a full-time professor. In addition, Dr Stroschein is a senior consultant and trainer for VDA labs, Pluralsight course author, and malware analyst for Bromium.

Anthony is a Data Scientist at Splunk. Anthony supports customers globally with machine learning and advanced analytics use cases in the domains of cybersecurity, fraud, and business analytics. Anthony works closely with Splunk’s product team to develop new premium solutions for customers and partners. His previous roles include cloud strategy, data governance, product development, and geospatial analysis. He is a certified ethical hacker(CEH) and holds industry certifications in support of network defense (CNDA) and information security (Sec+, CISSP).

Anton focuses on threat hunting and creating new techniques to detect modern adversaries.

Eugene is a security researcher at Positive Technologies Attack Detection Team. In everyday tasks he meets malware analysis, IDS signatures development, and network forensics.

Chris worked for over 20 years as a systems administrator and security analyst for the University of Reading, UK, before joining Proofpoint in 2015. While at the University, he was an early adopter of Suricata as an IDS for the University network, and contributed many rules to the Emerging Threats Open ruleset. Now at Proofpoint, Chris is focused mainly on analysing malware campaigns, but maintains an interest in Suricata, in particular finding uses for some of the more advanced features, such as Lua.