in Amsterdam
Scroll down for more info

SuriCon 2019-Amsterdam



The registration fee
is $250 for
the 3-day conference.

register now!


The conference will take place
at Beurs van Berlage
in Amsterdam.



Reserve now to
guarantee your room
for the conference.



Contact us! For more information send us an email: info@oisf.net

Training & Scholarships

Training Sessions

SURICON attendees receive a 20% discount on any of the THREE 2-day training events happening in Amsterdam on October 28–29, 2019:

Threat Hunting with Suricata
Practical Signature Development Training for Suricata
NEW! Advanced Deployment and Architecture Training

Simply register for SURICON, then email us at info@oisf.net and we’ll send you a link to receive your discount code for the training.

Click here for more information on the trainings.

Training Scholarships

Suricata is pleased to offer two student training scholarships for trainings to be held at SuriCon 2019! To be eligible, you must currently be enrolled as a full-time student at a two-year, four-year, or graduate student at a college or university. Scholarship does not cover travel expenses.

The call is now closed, please look for this opportunity again at Suricon 2020.

Call for Posters

SuriCon call for posters

Working on interesting, unique or novel research? Have an innovative or fun way of using Suricata? Share it with the rest of the community!

The call is now closed, please look for this opportunity again at Suricon 2020.

Become a Sponsor TODAY!



Tobias Appel

Security Researcher & PhD candidate
at Leibniz Supercomputing Centre (LRZ)

Tobias’ primary research interests are in Security Monitoring of Highspeed Networks, SIEM, Vulnerability Management, Penetration Testing, Machine Learning, and Gamification. He is also helping out with teaching IT Security at the Ludwig-Maximilian University in Munich and works as an external consultant for teaching ethical hacking. He has been operating the current Suricata installation at LRZ for the past two years and is currently working on implementing the next generation of Security Monitor for the Munich Scientific Network.

Sake Blok

at SYN-bit

Sake has been analyzing packets for 20 years and has been a member of the Wireshark Core-Developer team since 2007. He started developing for Wireshark (Ethereal at the time) when he thought of features that could make his day-to-day analysis job easier. When he was working for a reseller of L4-7 networking equipment he discovered many bugs and worked with the vendors to reproduce and solve them. Now Sake works for a company he started in 2009 to provide protocol analysis services to its customers. He solves application, network, and performance problems for his customers. He also helps his customers train their staff in Wireshark, Network Protocols, and troubleshooting.

Danny J. Browning

Platform Engineer
at Protectwise

Somehow, I’ve managed to earn the nickname Rusty. Hopefully that’s because of my enthusiasm and evangelism for Rust code, which I tend to impart on others through Rust meetups, massive pull requests against Suricata, or open source Rust libraries. When I’m not contributing to Suricata, I work for Protectwise (now acquired by Verizon), capturing and processing packets at a large scale. I do this work either at an appliance level, or in the cloud. I’m also always up for conversations on programming languages, maintainable code, cloud architectures, or hockey.

Alfredo Cardigliano

Principal Engineer
at ntop

As a high-performance software specialist at ntop, Alfredo leads the development of network monitoring technologies, focusing on network device drivers, raw traffic recording, and inline packet processing. He received his master’s degree at the University of Pisa with a thesis about packet capture acceleration for network monitoring on Virtual Machines.

Pierre Chifflier

Head of the Intrusion Detection Lab (LED) at ANSSI (French National Information Security Agency)

Pierre is interested in various security topics such as Operating Systems, boot sequence, compilers and languages, and new intrusion detection methods. He’s also trying to link all these topics by improving detection tools, writing safe parsers, and deploying tools in a secure architecture. He is also a Debian Developer and has been involved in Free Software for a long time.

Champ Clark III

at Quadrant Information Security

Champ has spoken at numerous computer and network security events, including DEFCON, HOPE, CCC Congress, and Suricon, as well as other national and global conferences. He is the lead developer of the Sagan Log Analysis engine and has authored books about VoIP security from Syngress publishing. Champ’s current role is to work with teams to develop ways to detect and deter attackers.

Luca Deri

Project Leader
at ntop

Luca is the leader of the ntop project (https://www.ntop.org), which is aimed at developing an open-source monitoring platform for high-speed traffic analysis. He shares his time between ntop and the University of Pisa, where he is a lecturer in the Computer Science department.

Tiago Faria

at 3CORESec

Tiago has been working in information security for over 10 years in various roles. He’s currently the information security architect for a dutch-based company and the founder of 3CORESec, a company that develops information security programs focused in network security monitoring with a strong focus in automation (based in their vSOC – Virtual SOC) and security orchestration in AWS-based environments. In his spare time Tiago works on several open source projects, plays around with adversary detection, spends time with his kids and races motorcycles.

Jeremy Grove

Senior Security Engineer
at Quadrant Information Security

Jeremy is responsible for the transition away from Snort in favor of Suricata across all customers for Quadrant. He has a degree in Networking and is working towards a Masters in Cyber Security and Information Assurance. His goal is to continue grow in his career and enjoy the ability to come to work to play with his toys.

Ray Hansen

at Wentworth Institute of Technology

Ray is a professor at Wentworth Institute of Technology, where he leads the Cybersecurity program. He spent over a decade at Purdue University, where he taught network engineering and security courses. Along the way, he acquired an interest in network forensics, began consulting in that arena, created courses in digital and network forensics, and architected and developed a forensic tool for file reconstruction for a large-scale network. He also participates in the Suricata Mob League to bridge industry and academia participation on all things Suricata.

Alex Holland

Malware Analyst
at Bromium

Alex is based in Cambridge, UK. He enjoys tracking malware families, admiring process trees, and finding exciting ways of visualizing samples.

Joe Johnson

Software Engineer
at Gigamon

Joe specializes in security. They spent the last 3.5 years working on network security tools, and before that 9 years working on anti-virus at Microsoft.

Victor Julien

Suricata Lead Programmer & Founder

Victor has been active as a software developer in the infosec community for many years. He is the creator of the Vuurmuur Firewall project, has been one of the developers at the Snort_inline IPS project. Victor has spent the last years doing contract development on Open Source security software including significant additions to Snort. At the end of 2007, he started development on the OISF codebase on which he now leads the development effort. He maintains a blog at http://www.inliniac.net/blog/ and uses twitter at http://twitter.com/inliniac.

Benjamin Kahler, MSc

Lead Consultant
at ausecus GmbH

Benjamin consults ausecus’ customers in network security, defense concepts, security management, and monitoring. Formerly, he researched computer security at the University of Applied Sciences Augsburg and worked as IT-security administrator in a hospital.

Konstantin Klinger

Security Content Engineer

Konstantin has a background in the behavioral analysis of APT threat actors and now works within DCSO’s Threat Detection and Hunting service. Suricata has been his trusty companion in all his professional life. Konstantin combines his technical and analytical skills with great passion to deliver accurate, complete, and efficient solutions for all kinds of problems in the field of cyber security. His current focus of interest lies in security content development, threat detection, and threat hunting using Suricata and passive DNS.

Markus Kont


Markus’ area of expertise is packet capture and log processing, DevOps tools and techniques, and data science. His current work involves researching stream processing techniques, and he is responsible for teaching network security monitoring tools in CCDCOE. Previously, he was server administrator in a hosting and software development company for over 5 years, focusing mostly on Linux systems and back-end infrastructure development. He holds an MSc from Tallinn University of Technology where he wrote a thesis on syslog and event correlation.

Eric Leblond

at OISF & CEO at Stamus Networks

Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He has worked on the development of Suricata, the open source IDS/IPS, since 2009 and he is currently one of the Suricata core developers. He is also a founder of Stamus Networks, a company providing security solutions based on Suricata.

Giuseppe Longo

Software Developer

Giuseppe is a software developer involved in the development of network security software. He started his contribution in the open source world with the Netfilter organization, and then joined OISF. Since then, he commits to give his contribution to Suricata.

Peter Manev

Security Solution Architect
at OISF & Co-Founder at Stamus Networks

Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a Security Solution Architect. Peter maintains some additional info points of interest about Suricata: www.pevma.blogspot.com, https://github.com/pevma, and https://twitter.com/pevma.

Jean Marsault

Senior Security Consultant
at Wavestone

Jean (@iansus) has been conducting security audits for more than 5 years, as well as performing DFIR assignments for the CERT-W. He noticed a need for ready-to-use large-scale incident response tools, which led him to develop CERTitude to assist security professionals in reaching their objectives. He is also a regular lecturer in some universities on miscellaneous subjects such as DFIR, Windows domain security, and pentests.

Johan Mazel

at the LED at ANSSI

Before joining the LED (Research and Exploration in Intrusion Detection Laboratory), Johan completed a PhD at LAAS-CNRS in Toulouse, and then did a Post-doc in National Institute of Informatics in Tokyo. He is interested in network security-related topics.

Kelley Misata, PhD

Executive Director

Kelley combines over 15 years in business with a passion for facilitating conversations around responsible digital citizenship, digital safety, and free speech online. She combines her skill in strategic business development with her unique peerspective as a survivor of cyberstalking. Drawing on current trends and conversations in digital security with local and federal law enforcement, information security experts and national resources she creates strategies incorporating the human side of information security. Kelley holds a BS in Marketing, an MBA and a PhD in Information Security from Purdue.

Vincent Nguyen

Cybersecurity & Digital Trust Manager
at Wavestone

Vincent is the head of CERT-W and has worked on various cyber threats cases from regular ransomwares to advanced DDoS and APT. He is interested in DFIR and Threat Intelligence fields and is devoted to the fight against cybercrime. Vincent is a GCFA & GREM certified professional. He is a regular speaker in European conferences and newspapers, and lecturer in several computer science universities on topics related to DFIR, Dark Web, SOC, SIEM.

Mauno Pihelgas


Mauno’s area of expertise is monitoring, data mining, and situational awareness. Prior experience includes 5 years as a monitoring administrator and developer for the largest telecommunications operator in Estonia. In addition to being a GIAC GMON Continuous Monitoring Certified Professional, he is also a Red Hat Certified System Administrator, Red Hat Certified Engineer and a Red Hat Certified Specialist in Ansible Automation. Mauno holds an MSc, and is pursuing a PhD degree at the Tallinn University of Technology researching log analysis, data mining, and machine learning.

Tatyana Shishkova

Malware Analyst
at Kaspersky

Tatyana specializes in network intrusion detection and Android threat research. She joined Kaspersky in 2013. Tatyana graduated from Lomonosov Moscow State University and has also studied at Eberhard Karls University of Tübingen. She has previously talked about Snort/Suricata at AVAR (Beijing), as well as the PHDays (Moscow) and OverDrive (Girona) conferences.

Jacob Solal

at the LED at ANSSI

As a researcher at the LED (research and Exploration in intrusion Detection Laboratory), Jacob works on finding new ways to detect attacks. Previously he worked for 10 years at ArxSys, a company he founded, where he was the core developer of DFF, an open-source digital forensics framework. He also conducted forensics investigations, incident response missions, and trained people on these subjects.

Sascha Steinbiss

Team Lead Network Visibility

Sascha has a background in bioinformatics, efficient string algorithms and genome annotation handling. After several years of using his skills to analyze pathogen genomes, he decided in 2016 to focus on a different kind of threat. His team at DCSO now builds and runs the network security monitoring infrastructure that forms the basis of DCSO’s Threat Detection and Hunting service. He is also a Debian Developer and occasional contributor to the Debian packaging effort for Suricata and its ecosystem.

Josh Stroschein

Director of Training & Academic Initiatives

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. At OISF, he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. He’s an accomplished trainer at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.

Matthias Vallentin

Co-founder & CEO
at Tenzir

Matthias has been immersed in operational network security monitoring for the last decade. He ported the Zeek network security monitor from a single-machine to a cluster architecture. After equipping security analysts with a torrent of logs, he tackled the next problem: how to generate actionable insight from network security monitoring data.

David Wharton

Senior Security Researcher
at SecureWorks Counter Threat Unit

David leads network countermeasure development: currently he researches the latest vulnerabilities and threats, and crafts, tests, refines, and deploys network IPS rules for thousands of managed and monitored devices to protect myriad clients across diverse industries. He has 20 years experience in the IT industry, including more than 12 years writing and applying IDS/IPS rules for a variety of platforms. A big supporter and user of Suricata from its inception, David is excited by its past success, current community, and bright future. He holds a BS in Computer Science and an MS in Information Security from Georgia Tech.

Brad Woodberg

Group Product Manager
at Proofpoint Inc.

Brad leads the Emerging Threats product line. He is a four-time published author of network security books through O’Reilly and Syngress. Prior to his current role at Proofpoint, he spent six years at Juniper Networks as a layer 7 security product manager and product line engineer. He started his endeavors in the network security industry working for a security consulting company in Ann Arbor Michigan for four years delivering a variety of network security technologies and services.




Pluralsight-SuriCon 2019



Roqos sponsor of SuriCon 2019

Gatewatcher SuriCon 2019 sponsor

NapaTech, sponsor of SuriCon 2019

STAMUS Networks SuriCon 2019 sponsor

Thales-SuriCon 2019 sponsor


Catena Cyber Security SuriCon 2019 sponsor

Secureworks - SuriCon 2019 sponsor

FMADIO-SuriCon 2019 sponsor

3CORESEC-SuriCon 2019 sponsor

lastline malware protection

CloudShark-SuriCon 2019

Facebook - SuriCon 2019


R. Scott Belford

Duane Howard

Chris Wakelin

William Wilson


Suricata - an open source, high performance Network IDS, IPS and Network Security Monitoring engine.

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. It is open source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

SuriCon is dedicated to providing a community-centric, safe and harassment-free conference experience for everyone, regardless and not limited to, of gender, sexual orientation, disability, physical appearance, body size, race or religion.

We do not tolerate harassment of conference participants in any form. We also expect all attendees and sponsors to help create a pleasant experience for all conference participants. Unacceptable behavior can result in participants being asked to leave or sponsors being asked to remove their booth and personnel from the exhibit floor without refund.