BSides London 2025

Ashley Barker is a technical leader who bridges the worlds of security and technology, with over 10 years in cybersecurity and deep experience in digital delivery, products, and user-focused solutions. A passionate advocate for NIST CSF, OWASP, and SANS, he simplifies complex security challenges, building robust cloud and DevSecOps systems for global organisations. Staying hands-on, Ashley crafts practical solutions that secure critical systems while driving innovation, making him a go-to for turning chaotic projects into clear, effective outcomes.

Hi, I’m Ada - originally from Poland and I discovered my passion for cybersecurity about five years ago. Since then, I’ve been exploring the many layers of this ever-evolving field.

After recently graduating, I’ve stepped into a consultancy role that allows me to bridge the technical and human sides of cybersecurity by helping organisations stay secure while building awareness and collaboration.

Outside the cyber world, you’ll often find me running, swimming, or playing tennis (and I’m excited to be adding cycling to that list soon!).

Hi, I’m Akash. I’m a student who just finished an internship in the energy sector, where I got my first real exposure to OT security. I’ve also competed in events like Cyber 9/12 and the Cyber Leaders Challenge, which pushed me to think about how technical work connects with bigger strategic decisions. This is my first BSides talk, and I’m using it as a chance to share what I’ve learned about incident response in the physical world of OT.

Alexander Brown is an Associate Security Consultant from ReverSec who focuses on offensive security and vulnerability research. His talk draws from hands-on experience in penetration testing and real-world security assessments.

I like to talk about everything and anything appsec related.

Socials: https://linktr.ee/appsecexplained

Arnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has been teaching ICS cybersecurity trainings since 2015.

Ashu is the co-founder and co-CEO of TryHackMe, the world's largest online cybersecurity training platform. Used by millions of aspiring ethical hackers and defenders, TryHackMe provides a comprehensive environment to learn the technical cybersecurity skills essential for breaking into the cybersecurity industry. TryHackMe’s mission is to make the world more digitally secure, in an ever-evolving security landscape, by bridging the cybersecurity skills gap through interactive, gamified, and affordable learning experiences.

At TryHackMe, Ashu spends a lot of his time with TryHackMe's portfolio of over 900 SOC and IR leaders, learning about their challenges, and how TryHackMe can support them with skill and cyber capability development.

Prior to starting his own company, Ashu worked as a security consultant at Accenture specializing in Cloud Security. He also has a MEng in Computer Science from UCL.

I am a final year Cyber Security and Digital Forensics student from University of Greenwich. I love Digital forensics and network traffic analysis. I have completed Windows Registry forensics course from Coursera, network traffic analysis course from Hack the Box, and Windows Operating system Course from Let's Defend. I have completed couple of digital forensics related CTF in Hack the Box.
In addition, Now, I am building python project that automate various day to day tasks.

Ben is a Security Engineer with a focus on cloud, networking, automation, and security architecture. He has hands-on experience delivering secure infrastructures and building resilient detection and defence capabilities.

I’m Ali Sohail, a Cloud Infrastructure & DevOps Lead with over a decade securing Linux, on-prem network, and cloud environments for enterprises and MSPs. I’ve just relaunched my own IT MSP while balancing end-of-life caregiving for my mother, and I thrive on turning complex security challenges into clear, actionable steps.

As an official Red Hat training partner and hands-on mentor, I build workshops that empower junior defenders to level up their skills. This will be my first public talk, and I’m excited to share practical, no-nonsense tips you can implement first thing Monday morning.

Most people will know him as the guy that records the talks at many, many conferences all over the planet. What people don't typically realise is that he does this as volunteer, same as all the other helpers. He somehow manages to balance this with his full-time day job is as senior software developer for a company making software for mental healthcare hospitals.

I am the Chief Security Officer at Ontinue, where I lead global security strategy and operations. Previously, as Director of the Sophos Pacific Rim campaign, I oversaw one of the longest and most complex defensive operations against Chinese nation-state adversaries, guiding the response to years of sustained espionage and intrusion attempts. With deep experience across threat intelligence, incident response, and strategic defense, I specialize in bridging technical tradecraft with the leadership decisions required in high-pressure environments. I have worked closely with governments, industry partners, and international law enforcement, and bring a unique perspective on how persistent adversaries operate and how they can be disrupted. My mission is to share real-world lessons from the field to strengthen the wider security community, making the realities of nation-state conflict both accessible and actionable for defenders.

Cristian Sindile is the Founder of Covert Security, a specialized offensive threat intelligence firm focused on dark web investigations, operational security and APT-level tactics, offering practical training for skilled analysts.

I'm a red team operator with AmberWolf, and have a career of hacking all the things going back 17 years. As well as red teaming I'm into doing terrible things to network devices, bypassing disk encryption, hardware hacking, and social engineering.

Davide Cioccia is the founder of DCODX, an ethical hacking, and security training firm focusing on DevSecOps, and AI pentesting. Davide is also CPO at SecDim.

A Cyber Security and IT Professional with over 25 years experience in helping build and protect organisations and the people that work in them.
A self-admitted geek, who still finds wonder in things, I try to be a doer of good deeds.

Current and previous roles including
Co-Founder - Damn Good Security Ltd - cyber security consultancy and managed services for companies of all sizes.
Cyber Security Operations Director @ National Grid / National Gas,
Head of Managed Security Services, Quorum Cyber
Principal Consultant in Managed Services, Senior Technical
Consultant, and Senior Incident Responder

Co-Founder - Hack Thursday - Cyber community meet up group for the central belt of Scotland.
Co-Founder - Hack Glasgow - Scotland's annual community led Cyber Security Conference

Volunteer, Presenter, MC and Mentor at various events and levels from student events through to customer, professional and CISO panels.
As a way of contributing and helping the cyber community I regularly
volunteer for cyber groups, as a mentor to new speakers, panel
member on cyber discussions, conference volunteer and as a
presenter covering Keynotes, technical talks, Leadership and career
topics.

Contributing Author : 97 Things Every Information Security Professional Should Know

Interesting Note: Nobody has ever seen Batman and David in the same room at the same time.

Telecoms professional. A bit broken. Love dogs.

I am a Penetration Tester currently working at KPMG. Originally from South Wales, I travelled to university in 2021 and upon completing my masters at the University of York, Decided to stay in the North to start my career.
Previously I competed within CS:GO then CS2, only recently hanging up the mouse to focus my attention fully on cyber security.

Elizabeth works in a red team in the finance sector, with a passion for open-source intelligence, social engineering and executive security. She has a particular interest in vishing and the power of a well-crafted conversation.

With nearly two decades in nursing across both the NHS and private sectors, Emma brings a wealth of hands-on experience to her current role as a forensic nurse in police custody. She’s passionate about the human side of healthcare and increasingly fascinated by how technology and cybersecurity shape patient safety and clinical practice. Emma is committed to bridging the gap between frontline healthcare and digital security, advocating for smarter collaboration and awareness to protect both people and data.

Felix Meggison is a Red Team Operator with over six years of experience in offensive security, specialising in adversary emulation, Active Directory exploitation, and cloud-native attack simulation. He has led red team operations across multiple sectors, delivering realistic attack scenarios that test both technical controls and organisational resilience. Passionate about bridging the gap between red and blue teams, Felix often turns attack insights into practical detection strategies. His recent focus has been on IPv6-based internal attacks and their often-overlooked detection opportunities.

Hi my name's Filip, I'm from Poland. I have been a penetration tester in the UK for the past 3.5 years working for various companies. As of recently, I've become a part of the adversary simulation team at JUMPSEC. Outside of pentesting, I enjoy playing football!

Funke Omolere is a Sr. Technology Product Owner in Cybersecurity, specialising in Governance, Risk, and Compliance (GRC). With a background in Sociology, she has built a career driving global cloud regulatory initiatives across frameworks such as SOC 2, ISO 27001, BSI C5, and TISAX. Funke brings a distinctive perspective to cybersecurity by combining technical expertise with human insight, ensuring that compliance is not only about controls but also about collaboration and confidence.

Beyond her role, she is a mentor with WiCyS UK & Ireland , where she supports women and professionals navigating their path into cybersecurity. A proud mum of three, Funke balances her professional responsibilities with family life, making her talks both relatable and inspiring. She is passionate about empowering others to stand tall in the face of challenges and build meaningful careers in cybersecurity.

I have been Cyber Security for 10 years formally blue team turned Red. Before that he worked with a government body on radio communications, and is now an amateur radio operator. I have given talks on RF hacking, offensive security but generally just a weirdo who loves going down Cyber Security rabbit holes.

Ismail is a Lead Data Engineer with over 9 years experience designing and delivering secure, scalable and enterprise-grade data platforms across financial services, retail, and risk domains. Currently leading technical delivery for financial crime data platforms at NatWest Group, he has architected cloud-native solutions on AWS, Azure, Snowflake and Databricks, embedding DevOps, CI/CD and Agile practices. Recognized for mentoring teams, implementing enterprise-grade data governance and delivering measurable operational improvements, Ismail is passionate about unlocking data strategy potential through innovation, governance and inclusive leadership

CISO @ Temenos Group
Lifelong hacker and nerd

Jeevan Jutla, Co-Founder and CEO at Gecko Security, joined the NCSC as a teenager, working in security research. He later led offensive security tooling for Binance's Red Team in China.

Jenn Gile is a tech educator and community builder. Currently she's Head of Community at Endor Labs, and previously worked at F5, NGINX, and the U.S. Department of State. Outside of work, she's very involved in the cycling community as a board member with 2nd Cycle

Jessica is co-founder of CxB - Cyber Governance for Boards, a non-profit that supports boards and non-executive directors to raise their game in cyber governance, and works with government to develop its guidance for boards. Previously she was Vice Chair/acting Chair at UK Cyber Security Council, the UK's self-regulatory body for the cyber security profession, CEO of a cyber security consulting firm serving government, and Chair of a large UK charity.

Jonathan Pake is a CHECK Team Member, specialising in offensive security and attacker emulation. He currently works as a penetration testing consultant at Aristi, performing security assessments across a range of enterprise environments. Jonathan has a strong interest in researching SAP exploitation techniques and exploring how attackers target these often-overlooked systems.

Joshua Rawles is a Senior Threat Analyst at Sophos MDR focused on Microsoft 365 and cloud threats. He combines DFIR expertise with attacker-infrastructure tracking to hunt adversaries and understand how they operate. His current focus is on SaaS, investigating how attackers abuse identities and cloud services and using that insight to strengthen defenses. Previously, Joshua worked in incident response with the Royal Australian Navy. Outside work he boulders, writes heavy metal, and gets out into nature.

I am a student pursuing an MSc in Information Security at the University of Surrey and have experience as a software engineer in startup environments. I am the President of our WiCyS (Women in CyberSecurity) student chapter and serve as a brand ambassador for the Surrey Cyber Cluster. Through these roles, I am passionate about promoting diversity and empowerment in cybersecurity while actively engaging with the local cybersecurity community. My background in software engineering and my current studies in information security enable me to bridge the gap between development and security, sharing my journey to inspire others to adopt a security mindset early in their careers.

Ken Westin has been in the cybersecurity field for over 15 years working with companies to improve their security posture, through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.

Privacy freak. Former robotics student (before I graduated in cyber). Passionate about security governance, penetration testing and privacy. Accidental AI trainer.

Kush Pandya – Security researcher at Socket.dev

I am a cyber security GRC consultant who helps SMEs and supply chain businesses build better cyber governance. With a background in cyber security education and a focus on board-level engagement, I recently developed a training course for executive teams on cyber security risk. This is my first BSides London talk and part of a broader effort to make governance and communication skills more accessible to security professionals at every level.

Leigh Trinity is a trans woman, Red Team hacker and instructor based in Newfoundland, Canada, blending over fifteen years of military service—including as an armoured reconnaissance crew member in Yugoslavia and a Leopard battle tank commander in Afghanistan—with deep expertise in exploit development, reverse engineering, and programming in Assembly, Bash, Python and C#. As an instructor at Hackers Arise and member of the Board of Directors at Malware Village, she trains others in advanced cybersecurity, while also embracing a rugged, adventurous lifestyle—known for 21 km hikes with her Cane Corso and boating whenever possible.

Marcelle Lee is the CEO and founder of Fractal Security Group. She brings over twelve years of experience in cybersecurity, and her journey has taken her through some of the most elite teams in the field, including Secureworks Counter Threat Unit (CTU) and the Equinix Threat Analysis Center (ETAC). She's a security consultant, threat researcher, educator, and intel analyst with deep expertise in cyber threat intelligence, digital forensics, intrusion analysis, security operations, and technical writing.

She has contributed to both government and private sector initiatives, bringing a well-rounded perspective to cyber defense and threat research. Before transitioning into cybersecurity, Marcelle led operations and managed complex projects across various industries.

A frequent speaker at conferences and training events, Marcelle is deeply committed to advancing the cybersecurity field and empowering the next generation of professionals.

She is an active leader in the cyber community, serving on boards and working groups such as the Women’s Society of Cyberjutsu. She is also an enthusiast of cyber competitions, both as a builder and participant.

Marcelle holds numerous industry certifications, including CISSP, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|HFI, C|EH, PenTest+, CASP+, Security+, and Network+. She has earned four academic degrees, including a Master’s in cybersecurity. Her contributions have been recognized with honors such as the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu.

Learning security researcher and social engineering nerd.

Meera Tamboli is a cybersecurity professional with hands-on experience across SOC Operations & Incident Response. She started her journey in cybersecurity as an intern, completed an MSc in Cyber Security and now works as a Digital Forensic & Incident Response Analyst in the UK.

Without formal mentorship or a clear roadmap, Meera carved her own path into cyber, which now fuels her passion for helping others do the same. She mentors aspiring professionals through her YouTube channel (20K+ subs) and 1:1 mentoring sessions. She has mentored over 1000 individuals to break into cybersecurity, support career growth and pursue higher studies, which led to her being featured in Times Square, New York.

Meera is passionate about community-driven learning and loves to participate in any speaking, mentorship and collaborative events.

Neil Lines is a senior security consultant with over 10+ years of experience in penetration testing and red teaming. He has worked with leading consultancies, specialising in offensive security simulations, and began his career in IT and networking roles. Neil has presented at numerous conferences and has given guest lecturers at leading universities, sharing his expertise and real-world insights with both industry professionals and students.

Oliver Ellis is a cybersecurity student at Manchester Metropolitan University, diving into ethical hacking with enthusiasm. Previously a chef for four years, he discovered cybersecurity through bug bounty hunting on HackerOne and BugCrowd in April 2025, balancing studies and kitchen shifts. He’s reported vulnerabilities, from low to critical, for companies like Audible and Atlassian, aiding fixes with clear reports. Oliver’s learning tools like BurpSuite and Nmap. Two weeks after his first $400 bounty, he landed a penetration testing job. At BSides 2025, he’s excited to share his beginner’s journey and practical tips.

Final year Computer Science student with a recent interest in Operational Technology (OT) cybersecurity. I have long attended many BSides events, including BSides London, and while my knowledge of OT is still developing, I hope to give back to the community by sharing my perspective.

Ozonuwe Onyenike is an IT business analyst and cybersecurity specialist with experience in cloud security, workflow automation and digital transformation. He has contributed to secure cloud migrations, platform launches and enterprise automation projects, helping organizations improve efficiency and strengthen security.

Passionate about knowledge sharing, Ozonuwe volunteers in cybersecurity communities and supports peers in developing technical and business skills. He advocates for making cybersecurity a shared responsibility across all digital roles.

Security Researcher Veteran | Serial Entrepreneur | Lecturer | Keynote Speaker | Baba

A master's student in Cyber Security at the University of Birmingham.

Prevail is a master’s student and DevOps practitioner with a background in software engineering and cloud deployments. She has hands-on experience building and managing CI/CD pipelines for web applications, including leading the deployment of ExpensePal, a full-featured student expense tracker. Passionate about bridging development and security, she focuses on sharing practical, beginner-friendly lessons that help newcomers see how security can be integrated into real-world DevOps workflows.

-Quantum Village

An OG gamer & coder kiddy that got lost in the commercial side of Tech & Cyber but now deep in Ethical Hacking & Coding studies for fun; balanced with High Security Clearance Cyber Risk Management & SOC Transformation, having utilised new free online learning tools like TryHackMe, Security Blue Team & Cisco Network Academy, Udemy & HTB to hack my way into a career change where I feel I now have a purpose; jot just a job.

Hi! This is Ram!

malware analyst, penetration tester, aspiring exploit developer.

i also love threat intelligence.

Riyaz Walikar is the Chief Hacker at Appsecco, a boutique security consulting company specializing in SaaS products and their AI implementations. He has over a decade of experience in offensive security, hacking his way into web applications, mobile apps, wireless networks, thick clients, and cloud and container-based infrastructure. As part of his professional career, he has led security testing teams at Microland, PwC, Citrix, and Appsecco. He likes to evangelize cybersecurity and has been a speaker/trainer and multiple hacker conferences around the world including BlackHat, DefCON, OWASP AppsecUSA, Nullcon, and c0c0n. He has co-authored 2 books and loves teaching cybersecurity which he does through various online blogs and publications, in-person and online training programs, community talks, conference presentations, and beer sessions.

When he is not writing/breaking code, you can find him dabbling in photography, playing video games, googling for weight loss solutions, stargazing, or laughing at his own jokes.

Ron Masas is a security researcher and leads the Offensive Security team at Imperva. His work focuses on web privacy, application security, and side-channel attacks. Over the years, he has discovered vulnerabilities across various platforms, contributing to stronger security in widely used technologies. Passionate about offensive security, he continuously explores new attack surfaces to stay ahead of emerging threats.

Sadik Miah is an authentic cybersecurity leader with a passion for personal growth and community impact. As Head of Cybersecurity, he brings strategic vision and integrity to safeguarding digital ecosystems. Sadik is deeply committed to continuous learning and development, both for himself and those around him, and actively contributes to the cybersecurity community through mentorship and knowledge sharing. His leadership style blends technical expertise with a people-first approach, fostering resilience and trust in every environment he supports.

A cybersecurity consultant who challenges audiences to explore the ethical, moral, and mental health dimensions of cyber work, sparking reflection on the human choices shaping our digital world.

Sandra is an OSINT and Cyber Threat Intelligence analyst with a background in criminology. Curious by nature and always eager to learn new things.

Sarit Yerushalmi is an experienced security researcher at Imperva. Her research mainly focuses on application security and APIs. She analyzes traffic to detect new threats, writes security blogs and talks at conferences. Some of her work has been presented at security conferences such as Botconf, Bsides TLV, NorthSec, and Kernelcon.

Simon is co-founder and CTO of Punk Security. He approaches DevSecOps from an infrastructure background with 20 years of experience in the field and a focus on cyber security and automation. Simon’s experience is diverse, having served as an engineer in the Royal Air Force and working across various industries, including government, manufacturing, finance, and technology, delivering automation and information security.
He is a keen Python and .NET CORE developer and a huge open source advocate, having authored a suite of open source tools himself.

I’ve been working in Cybersecurity for 8 years. I started out in incident response at CrowdStrike and CME Group, handling live breaches and all the chaos that comes with them. Over time, I realised I preferred building things that prevent incidents, so I moved into security engineering at Synopsys and now Webamon.

These days, I’m all about open-source & self-hosted tooling. I spend most of my time mapping and monitoring the web, crawling domains, fingerprinting infrastructure, and trying to understand how the internet actually works (or doesn’t).

I’ve got a chip on my shoulder when it comes to threat intel vendors selling stale or recycled data. If I can build it myself, I will. I think more people in this field should feel empowered to do the same.

Ibrahim is a security engineer focused on the security and privacy of end-to-end encrypted (E2EE) messaging applications, including WhatsApp, Telegram, and Signal. His research explores vulnerabilities in these systems, from zero-click attacks to metadata leaks with the goal of strengthening the guarantees they provide to billions of users worldwide.

In addition, Ibrahim has over a decade of experience advancing program analysis and static analysis techniques to detect and prevent vulnerabilities at scale. He has contributed to securing massive codebases in languages such as PHP, Python, and Java, building tools that help developers and security teams identify and remediate issues more effectively.

Head of adversary simulation at JUMPSEC - loves all things cloud native, aka the Entra ID guy within our team.

Thomas has more than 20 years of Java development experience with a focus on information security. He is a member of the OpenSSF (part of the Linux Foundation) Memory Safety Special Interest Group whose mission is to understand and reduce memory safety vulnerabilities in Open Source Software. He is also a lifetime member of OWASP and an avid contributor to Open Source projects.

Ever wondered how a lock works inside? Already know, and want to up your picking game? Come and meet the experts from TOOOL UK at the lockpicking village.
The Open Organisation Of Lockpickers are a multinational group dedicated to defeating locks for fun and games.
Learn to beat a pin tumbler lock, see inside various locks, padlocks and, er, even more locks! Come and play with locks!

I’m currently Head of Cyber Security for a private University but although I have 20 years experience around infosec / GRC I’ve also worked in TV drama, various areas of the BBC, the NHS and higher education.
I also spend what little free time I have volunteering with a Scout Group as a Group Lead Volunteer & Cub Scout Leader providing outdoor and life skills to children aged 4-17.

Currently working as a Senior Threat Intel Advisor at Team Cymru. Previously Will was a CTI Researcher and Threat Hunter at the Equinix Threat Analysis Center (ETAC). Prior to this, I worked for Cyjax, a UK-based CTI vendor. His other main commitment is as the co-author of the SANS FOR589: Cybercrime Intelligence course. I have also volunteered my spare time to being the co-founder and main organiser of the Curated Intelligence trust group, Bournemouth 2600, and BSides Bournemouth.

MSc Cyber Security | Passionate about Web3 security and decentralised futures