Having completed his training to become an IT systems technician, Michael Brügge qualified for studying Computer Science at Münster University of Applied Sciences. During his studies, he worked as a software engineer. He spent one practical semester abroad in the United States (Huntingdon, Pennsylvania), where he was the head of the development team in a leading IT company. In the context of an international university cooperation, he then did his Bachelor’s thesis on successfully accessing contactless readable smartcards using an NFC-enabled Android device.
To become an IT security expert, Michael Brügge then started the Master’s program “IT Security / Networks and Systems” at the University of Bochum, switching to cirosec GmbH for his thesis in June 2014.
After finishing his studies, he started working as a consultant at cirosec GmbH at the beginning of 2015. His field of activity covers everything from security assessments of web applications and their server infrastructures to insider analyses to red team assessments and social engineering. Moreover, Michael Brügge advises customers on setting up their security operating centers (SOC) or CERTs and on carrying out security awareness campaigns.
Konstantin Bücheler received his Bachelor’s degree in IT Security from Albstadt-Sigmaringen University, where he studied from 2016 until 2020. During his studies he worked as a student assistant on several research projects concerning industrial IT security and supported professors in creating teaching and exercise material. He completed his studies in 2020 with a Bachelor’s thesis on the “collection and categorization of Onion services in the Tor network”.
In his spare time Konstantin Bücheler is a regular participant in capture-the-flag hacking competitions. He and his team won second place in the European final of the CSAW Embedded Security Challenge in France in 2019.
Konstantin Bücheler has been working as a consultant at cirosec GmbH since November 2020. He carries out penetration tests and examines the effectiveness of security solutions on a technical level both for endpoints and servers. Moreover, he is responsible for the command-and-control infrastructure and EDR evasions in red team assessments.
Gunter Dueck, born in 1951, lives in Waldhilsbach near Heidelberg with his wife Monika. Anne (34) and Johannes (31) did a PhD in Biochemistry and Mathematics, respectively.
Gunter Dueck studied Mathematics and Business Administration from 1971 until 1975 and did his PhD at Bielefeld University in Mathematics in 1977.
He spent 10 years researching with his thesis supervisor Rudolf Ahlswede, with whom he won the Prize Paper Award of the IEEE Information Theory Society in 1990 for a new theory of message identification. After having qualified as a university lecturer in 1981, he spent five years working as a professor for Mathematics at Bielefeld University and changed to IBM Heidelberg Scientific Center in 1987.
There, he founded a large research group aiming at solving the problems associated with industrial optimization. Furthermore, he contributed significantly to setting up the data warehouse service business of IBM Germany. He also worked on the strategy and the technological orientation of IBM and on cultural change. Between 2009 and 2010, he played a leading role in setting up a new strategic growth area of IBM Corporation, which aims at the growing industrialization of IT infrastructures up to cloud computing. He has been the Chief Technology Officer (CTO) of IBM Germany until August 2011. Due to having reached 60 years of age, he has been retired ever since – however, he is not tired and currently works freelance as an author, business angel and speaker, and he continues dedicating himself to improving the world.
Gunter Dueck was an IBM Distinguished Engineer and a member of the IBM Academy of Technology. He had been a member of the chairs of the German Informatics Society and the German Mathematical Society for many years. He is a fellow of the US Institute of Electrical and Electronics Engineers (IEEE), a fellow of the German Informatics Society and a corresponding member of the Göttingen Academy of Sciences and Humanities.
He has published satirical-philosophical books about life, people and managers: E-Man (2nd ed. 2002), Die Beta-Inside Galaxie and Wild Duck (3rd ed. 2003). A philosophy all of his own has been published in three volumes: Omnisophie: Über richtige, wahre und natürliche Menschen (2nd ed. 2004), Supramanie: Vom Pflichtmenschen zum Score-Man (2003) and Topothesie: Der Mensch in artgerechter Haltung (2004). The Springer-Verlag (German publisher) publishes his books in an individual category called Dueck’s World.
In 2006, the focus of his work was on bloodlessness and brainlessness: In his first novel Ankhaba, vampires find a way to explain the world. In a satirical and sarcastic way, the book Lean Brain Management – Erfolg und Effizienzsteigerung durch Null-Hirn warns of an economic horror scenario resulting in the stupidity of people and the call-centerization of work. In 2008, Abschied vom Homo Oeconomicus was published at Eichborn Verlag (German publisher), which is a book about the almost inevitable economic stupidity. In July 2009, Direkt-Karriere: Der schnellste Weg nach ganz oben was published, which is a satirical guide about the art of enjoying a rapid rise. The book Aufbrechen! Warum wir eine Exzellenzgesellschaft werden müssen contains the future program he claims when, due to the automation of many services, new fields of work need to be opened up today. What is the individual supposed to do? The recent book Professionelle Intelligenz – worauf es morgen ankommt will explain it. Das Neue und seine Feinde is about the often underestimated problems with innovations. The book Schwarmdumm covers one of the main problems of solidification (it has been on the bestseller lists of Spiegel economics books and the manager magazine for several months; came in 6th place). New in 2017: Flachsinn, a book on the attention economy, the current Twitter escapades of the US president make a good model for.
It was already in 1983 that Stephan Gerling started to make his first experiences in the IT and IT security field using the legendary C64. He started as an electrician and then quickly went from electronics, microprocessor technology, PLC and robotics to navigation electronics for aircrafts.
Since 1996 he has been turning his hobby into a career and continuously expanded his spectrum of knowledge through various positions like administrator, network engineer, forensic scientist, etc. Lucky circumstances have led to first presentations about yacht hacking and maritime security. Since then, Stephan Gerling has appeared as a speaker at many international conferences.
Following 20 years in the oil and gas industry, he is now working at Kaspersky as a Senior Security Researcher in the Industrial Cyber Security CERT (ICS-CERT). He is also a member of the AG-KRITIS, an independent union of 42 experts from the field of critical infrastructures.
Steffen Gundel studied Medical Informatics at Heilbronn University of Applied Sciences, Heidelberg University and Northumbria University in Newcastle (England). He has worked as an IT security consultant since 1999, and he has developed complex security solutions for large international corporations. He is one of the authors of the book “Firewalls im Unternehmenseinsatz” (literally translated: Firewalls used in companies) published by dpunkt-verlag.
Steffen Gundel has been working at cirosec since April 2002, where his focus is on conceptual IT security and risk analysis. He develops security guidelines and advises our customers regarding the introduction and further development of information security management systems (ISMS) according to ISO/IEC 27001 and “BSI baseline protection" (IT-Grundschutz), on the selection and introduction of tools for security management as well as on innovative and new IT security topics.
In his role as a managing consultant, he has, since 2009, also been responsible for the operational planning of cirosec consultants and for the related overall project management.
Moreover, he gives talks at various conferences on a regular basis, and he writes articles on current security topics for professional journals.
Joerg Heidrich is a legal adviser and data protection officer of the German publishing house Heise; on top of that, he works a lawyer in Hannover (recht-im-internet.de). He studied law in Cologne, Germany and Concord, NH, US and has been focusing on the issues of the Internet and data protection law since 1997. As a lawyer, he specializes in IT law, and he is a TÜV-certified data protection officer. Heidrich is the author of numerous specialist articles and a speaker on legal IT-security aspects; moreover, he is a visiting lecturer at Hanover University of Music, Drama and Media.
Paula Januszkiewicz is a Cloud and Datacenter Management Microsoft MVP, Microsoft Regional Director for CEE, MCT, Cybersecurity Expert and Penetration Tester. She is the CEO of CQURE and CQURE Academy, consulting customers all around the world. Paula is also a top speaker at global conferences including Microsoft Ignite, RSA (in 2019, she presented keynote sessions in Singapore and USA!), Black Hat (in 2019, Paula’s presentation was voted best of Black Hat Asia 2019 Briefings!) or Gartner Security Summit. Paula holds an MBA from Harvard Business School and has access to source code of Windows. Paula is not only a great, charismatic speaker that engages and inspires crowds of both – CxOs and ITPros, but also has a deep technical knowledge in the field of cybersecurity. As a Microsoft MVP in Cloud and Datacenter Management and Microsoft Regional Director, she has performed hundreds of security projects, including those for governmental organizations and big enterprises.
Dr. Ryan Johnson is the Senior Director, R&D at Kryptowire in McLean, VA. His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Kryptowire and has presented at Black Hat, DEF CON, IT-Defense, and @Hack.
Following his training as a reserve officer, Sebastian Kahlert studied law at the Leibniz University Hannover with a focus on international and European law. He has been working as a field officer with a qualification for judicial office since 2013. At first, he worked in the human resources department of the Navy Command in Rostock. Since 2018 he has been a consultant at the data protection office of the German Armed Forces where he mainly gives advice on questions related to data protection law for military communications.
Lieutenant Colonel Volker Kozok works as a technical officer in the legal department of the German Federal Ministry of Defence and is a proven cyber security expert. For more than 20 years, he has been working in various positions in the IT security of the German Armed Forces. In 2002, he planned and trained the Computer Emergency Response Team of the German Armed Forces.
He is a trained IT forensics expert and conducted the first training courses for computer forensics and incident management in the German Armed Forces.
He is a speaker at both national and international events, lecturing on cyber security and data protection topics, and he focuses on the “dark side of the Internet”, which includes the analysis of hacker attacks, cybercrime and social media attacks.
Since 2002, he has been leading the annual US study tour, where cyber security experts of the German Armed Forces and of the industry exchange views on cyber security with US offices and organizations in a 14-day trip in the United States.
At his annual confidential security conference, the international “Bulletproofhosting & Botnetkonferenz”, national and international representatives of the German Armed Forces, authorities, intelligence services, industry and the hacker scene exchange views on example cases, attacks and ways to react.
Ministry Director Stefan Krebs was born in Neckarsulm in 1960. He graduated in Public Administration at the University of Applied Sciences - Public Administration and Finance Ludwigsburg in 1986. Having worked as a developer and project manager at Datenzentrale Baden-Wuerttemberg and Regionales Rechenzentrum Franken for several years, he switched to the baking sector in 1990 and, among other things, was responsible for the IT security management of LBBW. Since 2001, he has worked at Finanz Informatik, the IT service provider of Sparkassen-Finanzgruppe, in Hannover in various leadership positions.
On July 1, 2015 Stefan Krebs was appointed as the first “State Government Commissioner for Information Technology”. As a CIO, he is assigned to the State Ministry of the Interior organizationally and responsible for the strategic planning and further development of the entire IT of the state of Baden-Wuerttemberg. He supervises the higher state authority IT Baden-Württemberg (BITBW), the state’s central IT service provider, and represents Baden-Wuerttemberg in the IT Planning Council that coordinates federal and state IT. At the same time, he is Chief Digital Officer (CDO) of the department of digitalization, which is responsible for the concept creation and implementation of Baden-Wuerttemberg’s strategy on digitalization across resorts called “digital@bw”. In the context of the strategy on digitalization, the Ministry of the Interior also initiated the “Cyberwehr Baden-Württemberg”, a professional contact point and counseling center on IT security incidents mainly aimed at small- and medium-size companies.
Felix von Leitner, nicknamed Fefe, has been operating a small IT security company called Code Blau, which specializes in code audits and security concepts (but tends to do other things as well), for almost 20 years. In the German-speaking area, he is well-known for his blog and for his podcast “Alternativlos” (no alternative) as well as for the talks at the Chaos Communication Congress he has been giving annually since the last millennium. When he is not busy being upset about the Wikipedia entry under his name, which was created by a few nasty data protection antiactivists against his explicit will, Felix might well be explaining to German members of parliament what an exploit is.
Marco Lorenz completed his studies in Applied Computer Science at Fulda University of Applied Sciences in 1999 with the thesis "Analysis of Weak Points and Optimization of Network Security at the Karlsruhe Research Center by Means of Firewalls with the Case Example Firewall Toolkit“. He continued specializing in the IT security field by working as a consultant for an IT security solutions provider.
Marco Lorenz has been working at cirosec GmbH since April 2002. His focus is on enterprise scanning, vulnerability management, risk management, mobile security, secure data exchange, traceability of administrative access as well as on the conception, development and implementation of security guidelines.
He is one of the instructors of the cirosec trainings “Forensics Extreme”, “Hacking Extreme Web Applications”, ”Hacking Extreme” and “Hacking Extreme Buffer Overflows” and he has played a vital role in developing these trainings. Moreover, he is a regular speaker at conferences on various topics.
Florian is Subject Matter Expert at Maltego providing support for digital forensics, incident response and security operations. He has more than 10 years of experience in the IT security field, and as a Security Consultant he advised customers on penetration testing, incident handling and IT forensics. Besides his job, Florian Murschetz has founded a local hack space and is part of the Telnet community.
Linus Neumann is a hacker and psychologist. He regularly informs the public about vulnerabilities in critical IT systems. Together with his colleagues from the Chaos Computer Club he hacked the IT systems of the previous German Bundestag election and analyzed spy software to render it harmless. As an expert witness in committees of the German Bundestag Linus Neumann has criticized the first and second IT Security Act and is speaking out in favor of an uncompromising IT security strategy.
Dr.-Ing. Altaf Shaik, is currently a senior researcher at the Technical University of Berlin in Germany. He conducts research in telecommunications, esp., 5G radio access and core network security. He combines a professional background in programming, wireless communications and offensive network security. His renowned research exposed several vulnerabilities in the commercial 4G and 5G specifications and commercial networks that allow attackers to perform powerful attacks affecting millions of base stations, handsets, M2M and NB-IoT devices.
Altaf is a frequent speaker at various prestigious international security conferences such as Blackhat USA & Europe, T2, SECT, Nullcon, Hardware.io and HITB and many others. His accomplishments landed him in the hall of fame of Google, Qualcomm, Huawei and GSMA. He also trains various companies and organizations in exploit development, and also building secure mobile networks including their testing and security evaluation.
Jayson E. Street is an author of the "Dissecting the hack: Series", also the DEF CON Groups Global Ambassador plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.
He was a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.
Boris Taratine is a passionate visionary and an influential ambassador of cyber security and cyber defence. He is an active participant in various industry forums influencing global cybersecurity development. Being often at odds with the conventional wisdom he actively promotes industry collaboration to take proactive actions for improvements and collective defence. He was honoured to judge at the Atlantic Council's Cyber 9/12 UK Strategy Challenge competition since inception. Boris graduated with the highest honour at the Saint-Petersburg State University, where he also continued his Ph.D. studies. He is an author of a number of scientific publications and dozens of patents granted and pending.
Dr. Paul Vixie is an internet pioneer. Currently, he is the Chairman, CEO and Cofounder of award-winning Farsight Security, Inc. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is a prolific author of open source internet software including BIND, and of many internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit internet infrastructure company (ISC, 1994), and the first neutral and commercial internet exchange (PAIX, 1991). Dr. Vixie earned his Ph.D. from Keio University.
He is an IT and security veteran of more than 20 years of professional experience in pentesting, incident handling and IT forensics. Besides his day job, he is a co-founder of "Telnet community". Dirk has known Maltego and its makers for more than a decade and joined the team full-time in 2019.
Dr. Christoph Wegener holds a PhD in Physics and has freelanced with wecon.it-consulting in information security, data protection and open source since 1999. After having worked at Horst Görtz Institut für IT-Sicherheit (HGI) for more than eight years, he was IT manager of the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum from 2013 until 2020, where he was mainly responsible for information security and data protection.
As an author of numerous specialist articles and a speaker at national and international conferences, Dr. Christoph Wegener is also committed to the training in information security. He is an advisory board member of the “Datenschutz und Datensicherheit” magazine and founding member of the “Arbeitsgruppe Identitätsschutz im Internet”, a work group concerned with identity protection on the Internet, as well as of the German Chapter of “Cloud Security Alliance”.