Tobias’ primary research interests are in Security Monitoring of Highspeed Networks, SIEM, Vulnerability Management, Penetration Testing, Machine Learning, and Gamification. He is also helping out with teaching IT Security at the Ludwig-Maximilian University in Munich and works as an external consultant for teaching ethical hacking. He has been operating the current Suricata installation at LRZ for the past two years and is currently working on implementing the next generation of Security Monitor for the Munich Scientific Network.

Sake has been analyzing packets for 20 years and has been a member of the Wireshark Core-Developer team since 2007. He started developing for Wireshark (Ethereal at the time) when he thought of features that could make his day-to-day analysis job easier. When he was working for a reseller of L4-7 networking equipment he discovered many bugs and worked with the vendors to reproduce and solve them. Now Sake works for a company he started in 2009 to provide protocol analysis services to its customers. He solves application, network, and performance problems for his customers. He also helps his customers train their staff in Wireshark, Network Protocols, and troubleshooting.

Somehow, I’ve managed to earn the nickname Rusty. Hopefully that’s because of my enthusiasm and evangelism for Rust code, which I tend to impart on others through Rust meetups, massive pull requests against Suricata, or open source Rust libraries. When I’m not contributing to Suricata, I work for Protectwise (now acquired by Verizon), capturing and processing packets at a large scale. I do this work either at an appliance level, or in the cloud. I’m also always up for conversations on programming languages, maintainable code, cloud architectures, or hockey.

As a high-performance software specialist at ntop, Alfredo leads the development of network monitoring technologies, focusing on network device drivers, raw traffic recording, and inline packet processing. He received his master’s degree at the University of Pisa with a thesis about packet capture acceleration for network monitoring on Virtual Machines.

Pierre is interested in various security topics such as Operating Systems, boot sequence, compilers and languages, and new intrusion detection methods. He’s also trying to link all these topics by improving detection tools, writing safe parsers, and deploying tools in a secure architecture. He is also a Debian Developer and has been involved in Free Software for a long time.

Champ has spoken at numerous computer and network security events, including DEFCON, HOPE, CCC Congress, and Suricon, as well as other national and global conferences. He is the lead developer of the Sagan Log Analysis engine and has authored books about VoIP security from Syngress publishing. Champ’s current role is to work with teams to develop ways to detect and deter attackers.

Luca is the leader of the ntop project (https://www.ntop.org), which is aimed at developing an open-source monitoring platform for high-speed traffic analysis. He shares his time between ntop and the University of Pisa, where he is a lecturer in the Computer Science department.

Jeremy is responsible for the transition away from Snort in favor of Suricata across all customers for Quadrant. He has a degree in Networking and is working towards a Masters in Cyber Security and Information Assurance. His goal is to continue grow in his career and enjoy the ability to come to work to play with his toys.

Ray is a professor at Wentworth Institute of Technology, where he leads the Cybersecurity program. He spent over a decade at Purdue University, where he taught network engineering and security courses. Along the way, he acquired an interest in network forensics, began consulting in that arena, created courses in digital and network forensics, and architected and developed a forensic tool for file reconstruction for a large-scale network. He also participates in the Suricata Mob League to bridge industry and academia participation on all things Suricata.

Alex is based in Cambridge, UK. He enjoys tracking malware families, admiring process trees, and finding exciting ways of visualizing samples.

Victor has been active as a software developer in the infosec community for many years. He is the creator of the Vuurmuur Firewall project, has been one of the developers at the Snort_inline IPS project. Victor has spent the last years doing contract development on Open Source security software including significant additions to Snort. At the end of 2007, he started development on the OISF codebase on which he now leads the development effort. He maintains a blog at http://www.inliniac.net/blog/ and uses twitter at http://twitter.com/inliniac.

Tiago has been working in information security for over 10 years in various roles. He’s currently the information security architect for a dutch-based company and the founder of 3CORESec, a company that develops information security programs focused in network security monitoring with a strong focus in automation (based in their vSOC – Virtual SOC) and security orchestration in AWS-based environments. In his spare time Tiago works on several open source projects, plays around with adversary detection, spends time with his kids and races motorcycles.

Joe specializes in security. They spent the last 3.5 years working on network security tools, and before that 9 years working on anti-virus at Microsoft.

Benjamin consults ausecus’ customers in network security, defense concepts, security management, and monitoring. Formerly, he researched computer security at the University of Applied Sciences Augsburg and worked as IT-security administrator in a hospital.

Konstantin has a background in the behavioral analysis of APT threat actors and now works within DCSO’s Threat Detection and Hunting service. Suricata has been his trusty companion in all his professional life. Konstantin combines his technical and analytical skills with great passion to deliver accurate, complete, and efficient solutions for all kinds of problems in the field of cyber security. His current focus of interest lies in security content development, threat detection, and threat hunting using Suricata and passive DNS.

Markus’ area of expertise is packet capture and log processing, DevOps tools and techniques, and data science. His current work involves researching stream processing techniques, and he is responsible for teaching network security monitoring tools in CCDCOE. Previously, he was server administrator in a hosting and software development company for over 5 years, focusing mostly on Linux systems and back-end infrastructure development. He holds an MSc from Tallinn University of Technology where he wrote a thesis on syslog and event correlation.

Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He has worked on the development of Suricata, the open source IDS/IPS, since 2009 and he is currently one of the Suricata core developers. He is also a founder of Stamus Networks, a company providing security solutions based on Suricata.

Giuseppe is a software developer involved in the development of network security software. He started his contribution in the open source world with the Netfilter organization, and then joined OISF. Since then, he commits to give his contribution to Suricata.

Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a Security Solution Architect. Peter maintains some additional info points of interest about Suricata: www.pevma.blogspot.com, https://github.com/pevma, and https://twitter.com/pevma.

Jean (@iansus) has been conducting security audits for more than 5 years, as well as performing DFIR assignments for the CERT-W. He noticed a need for ready-to-use large-scale incident response tools, which led him to develop CERTitude to assist security professionals in reaching their objectives. He is also a regular lecturer in some universities on miscellaneous subjects such as DFIR, Windows domain security, and pentests.

Before joining the LED (Research and Exploration in Intrusion Detection Laboratory), Johan completed a PhD at LAAS-CNRS in Toulouse, and then did a Post-doc in National Institute of Informatics in Tokyo. He is interested in network security-related topics.

Kelley combines over 15 years in business with a passion for facilitating conversations around responsible digital citizenship, digital safety, and free speech online. She combines her skill in strategic business development with her unique peerspective as a survivor of cyberstalking. Drawing on current trends and conversations in digital security with local and federal law enforcement, information security experts and national resources she creates strategies incorporating the human side of information security. Kelley holds a BS in Marketing, an MBA and a PhD in Information Security from Purdue.

Vincent is the head of CERT-W and has worked on various cyber threats cases from regular ransomwares to advanced DDoS and APT. He is interested in DFIR and Threat Intelligence fields and is devoted to the fight against cybercrime. Vincent is a GCFA & GREM certified professional. He is a regular speaker in European conferences and newspapers, and lecturer in several computer science universities on topics related to DFIR, Dark Web, SOC, SIEM.

Mauno’s area of expertise is monitoring, data mining, and situational awareness. Prior experience includes 5 years as a monitoring administrator and developer for the largest telecommunications operator in Estonia. In addition to being a GIAC GMON Continuous Monitoring Certified Professional, he is also a Red Hat Certified System Administrator, Red Hat Certified Engineer and a Red Hat Certified Specialist in Ansible Automation. Mauno holds an MSc, and is pursuing a PhD degree at the Tallinn University of Technology researching log analysis, data mining, and machine learning.

Tatyana specializes in network intrusion detection and Android threat research. She joined Kaspersky in 2013. Tatyana graduated from Lomonosov Moscow State University and has also studied at Eberhard Karls University of Tübingen. She has previously talked about Snort/Suricata at AVAR (Beijing), as well as the PHDays (Moscow) and OverDrive (Girona) conferences.

As a researcher at the LED (research and Exploration in intrusion Detection Laboratory), Jacob works on finding new ways to detect attacks. Previously he worked for 10 years at ArxSys, a company he founded, where he was the core developer of DFF, an open-source digital forensics framework. He also conducted forensics investigations, incident response missions, and trained people on these subjects.

Sascha has a background in bioinformatics, efficient string algorithms and genome annotation handling. After several years of using his skills to analyze pathogen genomes, he decided in 2016 to focus on a different kind of threat. His team at DCSO now builds and runs the network security monitoring infrastructure that forms the basis of DCSO’s Threat Detection and Hunting service. He is also a Debian Developer and occasional contributor to the Debian packaging effort for Suricata and its ecosystem.

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. At OISF, he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. He’s an accomplished trainer at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.

Matthias has been immersed in operational network security monitoring for the last decade. He ported the Zeek network security monitor from a single-machine to a cluster architecture. After equipping security analysts with a torrent of logs, he tackled the next problem: how to generate actionable insight from network security monitoring data.

David leads network countermeasure development: currently he researches the latest vulnerabilities and threats, and crafts, tests, refines, and deploys network IPS rules for thousands of managed and monitored devices to protect myriad clients across diverse industries. He has 20 years experience in the IT industry, including more than 12 years writing and applying IDS/IPS rules for a variety of platforms. A big supporter and user of Suricata from its inception, David is excited by its past success, current community, and bright future. He holds a BS in Computer Science and an MS in Information Security from Georgia Tech.

Brad leads the Emerging Threats product line. He is a four-time published author of network security books through O’Reilly and Syngress. Prior to his current role at Proofpoint, he spent six years at Juniper Networks as a layer 7 security product manager and product line engineer. He started his endeavors in the network security industry working for a security consulting company in Ann Arbor Michigan for four years delivering a variety of network security technologies and services.