Program Speakers

Speakers – IT-DEFENSE 2018

Marc Gassert

Marc Gassert spent a major part of his life in different cultures on various continents and has learned the Asian martial arts with renowned grandmasters. He studied Communication Studies and Intercultural Communication in Munich and Japanese Studies in Tokyo. With master ranks in three Asian martial arts, he is the expert on “the Tao of discipline”. Marc Gassert is a speaker who transfers knowledge between Far Eastern and Western cultures.

Stephan Gerling

We go back to the year 1983. It all started with the “breadbox” under the Christmas tree. Stephan Gerling has since then been infected with the computer virus. Viruses have also been the first encounter with IT security. He started to collect them and analyze their function to then clean up his friends’ infected computers.

Starting out as an electrician, he soon switched to electronics, ultimately restoring navigation systems for helicopters. He has been working as an IT security expert/security evangelist in the oil and gas sector at a globally active company in Lingen, Germany, for more than 17 years. Today, his “program” includes computer forensics, penetration testing and awareness measures, especially hacker attacks and the associated security measures. In this respect, he combines his experience from both the physical and the virtual world. Electronics and computer forensics in the age of the Internet of Things (IoT) are his weapons to detect security flaws.

He gives talks on topics such as hacking, social engineering and physical security at relevant conferences such as DEF CON (DC24 Skytalks), ZeroNights or SHA2017, to name just a few.

Joerg Heidrich

Joerg Heidrich is a legal adviser and data protection officer of the German publishing house Heise; on top of that, he works a lawyer in Hannover. He studied law in Cologne, Germany and Concord, NH, US and has been focusing on the issues of the Internet and data protection law since 1997. As a lawyer, he specializes in IT law, and he is a TÜV-certified data protection officer and expert witness for IT products. Heidrich is the author of numerous specialist articles and a speaker on legal IT-security aspects; moreover, he is a visiting lecturer at Hanover University of Music, Drama and Media.

Mikko H. Hypponen

Mikko Hypponen is a cyber war veteran. He works as the Chief Research Officer of F-Secure. He has written on his research for the New York Times, Wired and Scientific American and lectured at the universities of Oxford, Stanford and Cambridge. He's also the Curator for the Malware Museum at the Internet Archive.

Paula Januszkiewicz

Paula Januszkiewicz is CEO and founder of CQURE Inc. and CQURE Academy. She is also Enterprise Security MVP and a world-class cybersecurity expert, consulting customers all around the world.

She has 14 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises. At the same time, Paula is a top speaker and a keynote speaker at many well-known conferences, including Microsoft Ignite (rated as No. 1 speaker among 1,100 speakers and 26,000 attendees), RSA (in 2017 in San Francisco, her session was one of the 5 hottest sessions), Black Hat, TechEd North America, TechEd Europe, TechEd Middle East, CyberCrime, etc., where she is often rated as No. 1 speaker. Her presentations gather thousands of people.

Paula also creates security awareness programs for various organizations, including awareness sessions for top management (telecoms, banks, government, etc.). Paula is passionate about sharing her knowledge with others. In private, she enjoys working with her research team, converting the results of her findings to authored leading-edge trainings and tools used in practice in projects. She wrote a book about Threat Management Gateway and is currently working on the next one.

She has access to a source code of Windows, an honor granted to just few people around the world!

Paula is a type that suffers when doing nothing; every year, she takes over 215 flights to provide security services to international organizations and enterprises. You can always expect some thoughtful ideas and interesting arguments!

Benjamin Kollenda

Benjamin Kollenda has been a doctoral candidate at the Chair for Systems Security with Prof. Holz at Ruhr-University Bochum for two years. His research focuses mainly on attacks on and defense mechanisms for software. Benjamin’s interests focus on low-level details of operating systems and processors; however, JavaScript-based attacks have already been part of his research as well.

His current research focus is the analysis of CPU microcode, with the aim of improving existing defense mechanisms in the software field and developing new methods. At the same time, there are other ongoing projects in this field, such as the analysis of runtime behavior of instructions and the identification of undocumented features in CPUs.

Philipp Koppe

Philipp Koppe studied Computer Science and Telecommunications in Leipzig and IT Security in Bochum. He has been a doctoral candidate at the Chair for Systems Security with Prof. Holz at Ruhr-University Bochum for three years. His field of research involves code-reuse attacks as well as defense mechanisms on the application and operating system level. The focus is mostly on commercial-off-the-shelf binaries, so methods such as static and dynamic program analysis as well as reverse engineering are used. What is more, Philipp assesses the security of CPU updates, analyzes x86-processor microcode encoding and implements applications in microcode.

Volker Kozok

Lieutenant Colonel Volker Kozok works as a technical officer in the legal department of the German Federal Ministry of Defence and is a proven cyber security expert. For more than 20 years, he has been working in various positions in the IT security of the German Armed Forces. In 2002, he planned and trained the Computer Emergency Response Team of the German Armed Forces.

He is a trained IT forensics expert and conducted the first training courses for computer forensics and incident management in the German Armed Forces.

He is a speaker at both national and international events, lecturing on cyber security and data protection topics, and he focuses on the “dark side of the Internet”, which includes the analysis of hacker attacks, cybercrime and social media attacks.

Since 2002, he has been leading the annual US study tour, where cyber security experts of the German Armed Forces and of the industry exchange views on cyber security with US offices and organizations in a 14-day trip in the United States.

At his annual confidential security conference, the international “Bulletproofhosting & Botnetkonferenz”, national and international representatives of the German Armed Forces, authorities, intelligence services, industry and the hacker scene exchange views on example cases, attacks and ways to react.

Nikhil Mittal

Nikhil Mittal Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post-exploitation research. He has 8+ years of experience in penetration testing for his clients, which include many global corporate giants. He is also a member of Red teams of selected clients. He specializes in assessing security risks at secure environments that require novel attack vectors and an "out-of-the-box" approach. He has worked extensively on using human interface devices in penetration tests and PowerShell for post exploitation. He is the creator of Kautilya, a toolkit that makes it easy to use HIDs in penetration tests, and Nishang, a post-exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. Nikhil has held trainings and boot camps for various corporate clients (in the US, Europe and SE Asia) and at the world’s top information security conferences. He has spoken/trained at conferences like DEF CON, Black Hat USA, Black Hat Europe, RSA China, Shakacon, DeepSec, PHDays, Black Hat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at

Colin O'Flynn

CTO NewAE Technology Inc.

Colin O’Flynn started the open-source ChipWhisperer project aimed at bringing power analysis and glitch attacks to everyone. He previously was a design engineer working on embedded systems, and he helped develop several low-power wireless protocols. In moving from "design engineer" to "IoT arsonist", he completed a PhD around side-channel power analysis. He now runs a startup helping more companies uncover potential pitfalls in their embedded designs.

Vesselin Popov

Vesselin Popov is the Business Development Director for the University of Cambridge Psychometrics Centre, a multidisciplinary research institute specialising in online behaviour and psychological assessment. Vess oversees the Centre’s commercial partnerships and focusses on the impact that Big Data and psychometrics, used together, can have in business and the community.
Vess also runs the Apply Magic Sauce project, a battery of predictive algorithms based on 8 million users’ psychological and social media data. Apply Magic Sauce API translates digital footprints of human behaviour into accurate psycho-demographic profiles, and can more accurately predict a user’s personality than people’s friends, family and loved ones. It makes psychological sense of social media data, such as Pages liked on Facebook or language used on Twitter.
Vess is a law graduate of Trinity College, Cambridge and has delivered Big Data projects for many global brands, such as Ubisoft, Hilton, Warner Bros., Nissan and National Geographic.

Marcus J. Ranum

Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is a pioneer in security technology who was one of the early innovators in firewall, VPN, and intrusion detection systems. Ranum has been involved in every level of operations of a security product business, from developer to founder and CEO of NFR. He holds numerous industry awards.


Starbug studied microsystems technology and computer engineering in Berlin. Since receiving his degree in engineering, he has worked at different Fraunhofer Society institutes, for security companies and as a freelance consultant. He is currently involved in the Security in Telecommunications (SECT) working group, a cooperation between Telekom Innovation Laboratories and the TU-Berlin. Starbug has been dealing with overcoming biometric systems for more than 15 years now, recently demonstrated when hacking the iPhone fingerprint sensor. He also inspects the security of microchips, e.g. the access system based on MIFARE Classic or the LEGIC prime chip installed in the immobilizer.

Jayson E. Street

Jayson E. Street is an author of Dissecting the hack: series. Jayson is also the DEF CON Groups Global Coordinator.He has also spoken at DEF CON, DerbyCon, UCON and at several other CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street”.

He is a highly carbonated speaker, who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are, please note he was chosen as one of Time’s persons of the year for 2006.

Stefan Strobel

CEO and Founder of cirosec GmbH

Stefan Strobel, born in 1970, studied Medical Informatics at Heidelberg University and Intelligence Artificielle at LIA of the University of Savoie in Chambery, France.

Before and during his studies, he had already worked freelance for several IT companies. In 1995, he was one of the founders of Centaur Communication GmbH in Heilbronn, which was sold to the UK company Integralis in 1998, then became Articon-Integralis AG and later NTT Com Security.

At Centaur Communication GmbH, Stefan Strobel was responsible for successfully reorganizing the company to focus solely on IT security. He was the Head of Technology at IntegralisCentaur GmbH, and he designed and implemented some of the first and largest firewall environments used by multinational companies.

When the company was sold, he became Technical Development Director at IntegralisCentaur GmbH, and he was responsible for the selection and evaluation of new technologies and trends at Articon-Integralis AG.

Early in 2002, Stefan Strobel founded cirosec GmbH with some of his former colleagues, and he has been the company’s CEO ever since.

In addition to his regular work, he gives lectures at conferences on current IT security topics, trends, new technologies and security strategies, and he is responsible for the program of the IT-Defense Security Conference. Moreover, he has worked as a lecturer on IT security at different universities.

Stefan Strobel has more than 20 years of experience in consulting major companies with very high security requirements and in developing concepts and policies.

Moreover, he is the author of several technical books, which have been published in different languages, and he frequently publishes articles on IT security in specialist magazines.

Changhoon Yoon

Changhoon Yoon is a PhD student at KAIST. He is working with Dr. Seungwon Shin at Network and System Security Laboratory, and his research interests primarily lie in the area of network security including SDN/NFV and IoT security. He has presented his recent work at NDSS, Black Hat USA, ONS and more.