November 14–16, 2018
Vancouver, British Columbia, Canada


Interested in unique or novel research involving Suricata?

This is a great opportunity to find out about new research, existing ideas, and innovative uses of Suricata!

Find out more, at SuriCon 2018!.

(The call for Poster Session submissions closed on October 8th, 2018.).


NEW! This year OISF was pleased to offer 2 student scholarships to attend SuriCon plus one Suricata training class offered at the conference.

Scholarships were available ONLY to full-time students at two- or four-year technical schools, colleges, or universities.

The call for submissions has closed. 2018 scholarship recipients will be notified after October 8th, 2018


Doug Burks

CEO at Security Onion Solutions, LLC

Doug started Security Onion in 2008 to provide a comprehensive platform for intrusion detection, network security monitoring, and log management. Today, Security Onion has over 600,000 downloads and is being used by organizations around the world to help monitor and defend their networks. In 2014, Doug started Security Onion Solutions LLC to help those organizations by providing commercial support and training. Doug is a CEO, public speaker, teacher, former president of the Greater Augusta ISSA, and co-founder of BSides Augusta, but what he really likes the most is catching bad guys.

Randy Caldejon

CEO & Cofounder
at CounterFlow AI, Inc

As co-founder and CEO, Randy leads the company vision, innovation, and execution. He is a widely-respected authority in network security monitoring and an active supporter of the Suricata project since the beginning. In his spare time, Randy enjoys biking, fly fishing, and instrumenting his farm with IoT sensors. He holds a BS in Computer Science from University of Maryland Baltimore County (UMBC) and a MEng in Computer and Systems Engineering from Rensselaer Polytechnic Institute (RPI).

Pierre Chifflier

Head of the Intrusion Detection Lab (LED) at ANSSI (French National Information Security Agency)

Pierre is interested in various security topics such as Operating Systems, boot sequence, compilers and languages, and new intrusion detection methods. He’s also trying to link all these topics by improving detection tools, writing safe parsers and deploying tools in a secure architecture. He is also a Debian Developer and has been involved in Free Software for a long time.

Champ Clark III

at Quadrant Information Security

Champ Clark III (@dabeave666) is the CTO at Quadrant Information Security and is the lead developer of the Sagan log analysis engine (GPLv2).

Peter Czanik

at Balabit

Peter is an engineer working as evangelist at Balabit, the company that developed syslog-ng. He assists distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly at conferences (SCALE, All Things Open, FOSDEM, Libre Software Meeting, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machinesact:

Robert Haist

Head of Threat Detection & Hunting

Robert is leading the technical development team for the Threat Detection & Hunting managed security service at DCSO. He has a strong background in incident response consulting to detect and mitigate attacks on corporate and public networks. He believes in the power of Open Source Software for modern IT-security challenges and is a contributor to the Debian project.

Ray Hansen

Professor at Wentworth Institute of Technology

Ray is a professor at Wentworth Institute of Technology, where he leads the Cybersecurity program. He spent over a decade at Purdue University, where he taught network engineering and security courses. Along the way, he acquired an interest in network forensics, began consulting in that arena, created courses in digital and network forensics, and architected and developed a forensic tool for file reconstruction for a large-scale network. He also participates in the Suricata Mob League to bridge industry and academia participation on all things Suricata.

Tom Hegel

Senior Threat Researcher at ProtectWise 401TRG

Tom Hegel is an expert in network security and threat intelligence. He focuses his day on designing network detection mechanisms, monitoring and tracking malicious activity of all types. Tom is primarily involved with advanced actor groups, particular malware families, and attack campaigns.

Jason Ish


Jason is a professional software developer with over a decade of experience developing and integrating open source solutions in the security and networking fields. Jason’s experience covers device drivers right up to user interfaces, including co-founding and acting as a CTO of an IDS integrator which was later acquired. Jason currently resides in Saskatoon, Canada.

Joe Johnson

Software Engineer at Gigamon

Joe Johnson is a software engineer at Gigamon and has spent the last 2 and a half years working on Network Security Monitoring and Intrusion Detection. Prior to that, he worked on Microsoft’s Anti-Virus team for 9 years with a focus on malware removal, rootkits, dynamic analysis and automatic classification of malware.

Victor Julien

Suricata Lead Programmer & Founder at OISF

Victor has been active as a software developer in the infosec community for many years. He is the creator of the Vuurmuur Firewall project, has been one of the developers at the Snort_inline IPS project. Victor has spent the last years doing contract development on Open Source security software including significant additions to Snort. At the end of 2007, he started development on the OISF codebase on which he now leads the development effort. He maintains a blog at and uses twitter at

Chris Knott

Software Engineer
& Systems Architect

My name is Chris. I have been a software engineer, systems architect, and consultant in the field of telecommunication security for over 15 years. I am based in a small town near Munich in Germany. My playgrounds are large packet switched networks. Finding creative ways to analyse and exploit such networks is my day-to-day job. Regarding Suricata: My first contact was at TROOPERS17 where I attended the 2-day training. Since then I have used Suricata quite frequently for network analysis.

Christian Kreibich

at Corelight

As an engineer at Corelight, Christian helps commercialize one of his first NSM loves: the Bro network monitor. Prior to Corelight he lead the networking team at Lastline. He’s also a researcher in the networking group at the International Computer Science Institute in Berkeley, and misses the days on the OISF advisory board.

Eric Leblond

Developer at OISF & CEO at Stamus Networks

Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He has worked on the development of Suricata, the open source IDS/IPS, since 2009 and he is currently one of the Suricata core developers. He is also a founder of Stamus Networks, a company providing security solutions based on Suricata.

Peter Manev

QA & Training Lead at OISF & Co-Founder at Stamus Networks

Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a Security Solution Architect. Peter maintains some additional info points of interest about Suricata:,, and

Kelley Misata, PhD

Executive Director at OISF

Kelley combines over 15 years in business with a passion for facilitating conversations around responsible digital citizenship, digital safety, and free speech online. She combines her skill in strategic business development with her unique peerspective as a survivor of cyberstalking. Drawing on current trends and conversations in digital security with local and federal law enforcement, information security experts and national resources she creates strategies incorporating the human side of information security. Kelley holds a BS in Marketing, an MBA and a PhD in Information Security from Purdue.

Cooper Nelson

Network Security Analyst at UC San Diego

Cooper is an authority in content delivery, high-performance computing, and computer security. He has over twenty years experience working in the public and private R&D sector, including AT&T Bell Laboratories, AT&T Research, CERFNET, startups, SDSC, and the Scripps Institute of Oceanography. He has spent the last 14 years as the technical lead for UCSD IR initiatives and the campus SOC.

Jos Schellevis

Chief Technology Officer
at Deciso B.V. / OPNsense

Jos Schellevis likes to describe himself as a creative thinker, entrepreneur, and engineer at heart with a passion for open source. As Chief Technology Officer at Deciso B.V. and core member of the OPNsense community project, he is a technology enthusiast and innovator. In his spare time Jos enjoys cooking, a good glass of wine, and watching detectives. He graduated from Rotterdam University of Applied Technology and has over 20 years of experience in networking and telecommunications.

Sascha Steinbiss

Senior Security Engineer

Sascha has a background in bioinformatics and efficient sequence pattern search algorithms. After several years of using his skills to analyze pathogen genomes, he decided in 2016 to focus on other challenging threats instead. As a Senior Security Engineer at DCSO, he now helps build and run the network security monitoring infrastructure that forms the basis of DCSO’s Threat Detection and Hunting service. He is also a Debian Developer and occasional contributor to the Debian packaging effort for Suricata and its ecosystem.

Josh Stroschein

at Dakota State University

Dr. Josh Stroschein has spent over a decade as a programmer, security researcher, and consultant with a focus on malware analysis, exploits, reverse engineering, and web application security. His other expertise includes penetration testing, incident response and software development. Dr. Stroschein has a PhD from Dakota State University where he is also a full-time professor. In addition, Dr Stroschein is a senior consultant and trainer for VDA labs, Pluralsight course author, and malware analyst for Bromium.

Anthony Tellez

Global Lead Consultant
at Splunk

Anthony is a Data Scientist at Splunk. Anthony supports customers globally with machine learning and advanced analytics use cases in the domains of cybersecurity, fraud, and business analytics. Anthony works closely with Splunk’s product team to develop new premium solutions for customers and partners. His previous roles include cloud strategy, data governance, product development, and geospatial analysis. He is a certified ethical hacker(CEH) and holds industry certifications in support of network defense (CNDA) and information security (Sec+, CISSP).

Anton Tyurin

Head of Attack Detection Team
at Positive Technologies

Anton focuses on threat hunting and creating new techniques to detect modern adversaries.

Chris Wakelin, PhD

Senior Threat Analyst at Emerging Threats/Proofpoint

Chris worked for over 20 years as a systems administrator and security analyst for the University of Reading, UK, before joining Proofpoint in 2015. While at the University, he was an early adopter of Suricata as an IDS for the University network, and contributed many rules to the Emerging Threats Open ruleset. Now at Proofpoint, Chris is focused mainly on analysing malware campaigns, but maintains an interest in Suricata, in particular finding uses for some of the more advanced features, such as Lua.



CounterFlowai Logo 10.04.18



Intel Corporation




Protectwise Logo - Achieve pervasive visibility, high-performance threat hunting and accelerated incident response; across your security environment and across time.




Amazon logo


lastline malware protection

FOX-IT merkteken-Pos-RGB-1200 (1)


SecDSM logo

Secureworks Logo 3

Accolade Technology Logo




Duane Howard

KeChao Xu

Shuo Liu

Matthew Cantu




Matt Jonkman

R. Scott Belford



bowbridge Software


Justin Turner

Anthony Tellez

Quadrant Information Security

Sentinel Intrusion Prevention Systems

Norwegian University of Science and Technology (NTNU)



There is a $200 attendance fee for the 3-day conference.



Pan Pacific Vancouver
Suite 300-999
Canada Place Vancouver
British Columbia V6C 3B5, Canada

Room block is almost SOLD OUT!

Call (604-662-3223) or email ( for reservations and mention the conference ID: OISF1118


Contact Us
For more information
send us an email:



On November 12 and 13, 2018, be sure to join one of our newly redesigned training sessions led by OISF’s team of experts:

NEW! Network Security Monitoring with Suricata

NEW! Advanced Deployment and Architecture Training

UPDATED! Practical Signature Development Training for Suricata

Don’t Forget! Attend both the conference and a training, receive 20% discount off the cost of the training.



Suricata - an open source, high performance Network IDS, IPS and Network Security Monitoring engine.

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. It is open source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

SuriCon is dedicated to providing a community-centric, safe and harassment-free conference experience for everyone, regardless and not limited to, of gender, sexual orientation, disability, physical appearance, body size, race or religion.

We do not tolerate harassment of conference participants in any form. We also expect all attendees and sponsors to help create a pleasant experience for all conference participants. Unacceptable behavior can result in participants being asked to leave or sponsors being asked to remove their booth and personnel from the exhibit floor without refund.