BSidesVienna 0x7E7

Chris John Riley

Staff Security Engineer, Information Security Engineering

Chris leads Google's Minimum Viable Secure Product (MVSP) efforts, and is part of Google
security teams efforts to help the world secure their software. Previously Chris was responsible
for leading vendor security assessment efforts and worked on the security of 3P security
integrations. Before joining Google, Chris was an IT security consultant who specialized in
security testing and research in the financial services sector across the United Kingdom,
Germany, and Austria.

  • Taking third-party risk in stride
Christopher Skallak

Christopher Skallak is currently an IT-Security masters student at FH Campus Vienna with high interest in Capture The Flag and Pentesting. His studies focus on embedded security, especially on the wireless communication protocols Bluetooth and Bluetooth Low Energy. He deepened his knowledge in his master's thesis by creating a Threat Model of Bluetooth Low Energy, which is based on the STRIDE model to categorize various vulnerabilities.

  • Bluetooth LE Security & Threat Modeling
Davor Frkat

Security Engineer at an automotive supplier. Also likes trains. Based in Vienna.

  • Automotive Security Challenges: Supplier's View
Gerhard Hechenberger

Gerhard Hechenberger is a Senior Security Consultant at SEC Consult who specializes in embedded systems and OT security and works in the SEC Consult Hardware Laboratory in Vienna. His main job is the assessment of embedded systems, IoT/OT devices and OT networks to uncover vulnerabilities. He is a holder of several IT security certificates and has already published multiple security advisories and blog posts.

  • How to Hack Routers Like it's 1996: Adventures with Zyxel Routers

Ines Kramer is research staff at the Competence Center for IT-Security at FH Campus Wien - University of Applied Sciences. The security evaluation of the telehealth applications was conducted during the Telehealth Blocks project from the Health Assisting Engineering program at FH Campus Vienna. This project was funded by the City of Vienna, Magistratsabteilung 23, Austria under Grant number MA23-338474-2021-2

  • What is Your Painlevel? - Testing Security and Privacy of Physiotherapy Mhealth Apps
Klaus Agnoletti

Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides KĂžbenhavn in 2019. Currently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games and other fun assignments and ideas coming his way.

  • Gamified Incident Response training: The whys, whats and hows to get you started right away

For someone working in security management I have a very technical background, from backend development to system administration. I was a penetration tester, and a security engineer.

  • Tracking Broken Cloud Security Promises
Martin Herfurt

Martin Herfurt is the founder and managing director of IT-Wachdienst, a small company from Salzburg that specializes in IT security solutions for SMEs. Martin Herfurt has many years of experience in the field of IT security and is a recognized expert in Bluetooth technology. He has made a significant contribution to the development of security standards for Bluetooth and has presented his research results at renowned conferences such as BlackHat and DEF CON.

As an IT security consultant and penetration tester, Martin Herfurt supports his customers in protecting their IT systems from attacks and optimizing their security processes. Among other things, he analyzed the security of the Tesla PhoneKey feature and made suggestions for improvements. Martin Herfurt is an innovative and committed entrepreneur who is constantly training and looking for new challenges.

  • Project TEMPA - Hacking Teslas for Fun and NO Profit
Patrick Eisenschmidt

Patrick has worked for several years in the offensive security sector. With his current role as Red Team Lead at NVISO ARES (Adversarial Risk Emulation & Simulation) he is taking care of high profile Red Teams and Tiber Assessments while also leading the exposure activities.

Additionally, he also likes to get his hands dirty with creating sophisticated spear phishing campaigns and improving the Red Team's life by maintaining open-source methodology and tooling.

  • Introducing CS2BR - Teaching Badgers new Tricks
Steffen Robertz

Steffen Robertz is a Security Consultant at SEC Consult who specializes in embedded systems. In his Job, he focuses on retrieving and reverse engineering of firmwares in order to find vulnerabilities. Due to his background as an electrical engineering student, he also takes interest in RF systems and hardware development. He already published multiple security advisories via the SEC Consult Vulnerability lab.

  • How to Hack Routers Like it's 1996: Adventures with Zyxel Routers