Stephen Doyle
I’ve been working in Cybersecurity for 8 years. I started out in incident response at CrowdStrike and CME Group, handling live breaches and all the chaos that comes with them. Over time, I realised I preferred building things that prevent incidents, so I moved into security engineering at Synopsys and now Webamon.
These days, I’m all about open-source & self-hosted tooling. I spend most of my time mapping and monitoring the web, crawling domains, fingerprinting infrastructure, and trying to understand how the internet actually works (or doesn’t).
I’ve got a chip on my shoulder when it comes to threat intel vendors selling stale or recycled data. If I can build it myself, I will. I think more people in this field should feel empowered to do the same.
Session
The best intelligence isn’t bought, it’s built by you and your organisation. This talk explains how to build the bare-metal infrastructure and the pipelines that run on it to scan the web at scale. We’ll build an open-source sandbox with built-in fingerprinting and runtime detections, then leverage that sandbox to mass-scan large portions of the web (hundreds of millions of domains). By storing results in OpenSearch, we can perform advanced queries and correlations across raw data and derived fingerprints, turning individual incidents into linked campaigns.