CREST Intelligence-Led Testing Focus Group

Matt has been working in the IT industry for the last 25 years. He has held CREST qualifications for over 10 years as a Crest Certified Tester and Crest Simulated Attack Specialist. Matt is dedicated to the role and has delivered engagements for a diverse range of global clients working within the military, government, financial and commercial sectors. Matt has also been awarded Chartership status through the UK Cyber Security Council and is a CHECK Team Leader. He has presented at a broad range of conferences with topics that cover cyber security skills development, red team tradecraft and career progression in the industry. He is an experienced speaker and regularly contributes to podcasts and publications.

As the cybersecurity landscape shifts and cyber-attackers become more sophisticated, Saeid Atabaki empowers organizations to combat attacks and enhance their security posture with comprehensive cyber solutions. Most importantly, he aligns the information security (IS) program with business strategies.

Leveraging new and emerging technologies to shore up defenses against cybercrime and best approaches for championing data protection and compliance, Saeid offers a growing range of topics providing valuable insights to help reinforce resilience, boost customer trust, and elevate shareholder value. Currently, he delivers cyber security consultation and ethical hacking services to digitally transform financial institutions and government agencies across Asia.

To enable security professionals to continuously challenge, validate, and optimize the cybersecurity posture of their organizations, Saeid launched a SaaS, autonomous, machine learning-based attack simulation platform. It is equipped with a built-in integrated AI component that recommends preferred attack paths. The quantifiable cybersecurity posture metrics allow organizations to measure and develop their cybersecurity strategy.

At OCBC Bank, Saeid helped to built the bank’s red team from the ground up. He researched real-world threat actor tactics, techniques, and procedures and applied that knowledge to red team exercises. Most importantly, he led a cybersecurity strategy to reduce threats and vulnerabilities, maintaining the highest level of system sustainability worldwide. Furthermore, he developed an in-house advanced adversarial simulation tool in Java/C# to enhance offensive capabilities.

Saeid is a Certified Information Security Professional, and is multi-credentialed in offensive security exploitation, simulated attack planning, infrastructure testing, security analysis, and penetration testing. He is also an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), CREST CCT Infrastructure, CREST CCSAS, eLearnSecurity Threat Hunting Professional, and eLearnSecurity Penetration Testing eXtreme.

Security consultant, trainer and author with significant experience delivering engagements to financial, government and retail organisations.

Responsible for STAR-FS, CBEST, TIBER and intelligence-led penetration testing.

Notable achievements:
– CHECK/CREST Team Leader since 2007
– CREST Certified Simulated Attack Specialist
– CREST Certified Simulated Attack Manager
– Lead for MDSec’s CBEST, STAR-FS and TIBER services
– Lead author for the Mobile Application Hacker’s Handbook (ISBN-10: 1118958500)
– Founding director of MDSec
– Subject matter expert for CompTIA Secure iOS Development examination

Ed is a senior manager at Accenture responsible for the offensive security capability in Australia and New Zealand. He has more than 15 years’ professional experience in information security spanning multiple domains and disciplines. He believes security should be realistic and pragmatic, a fine balance between risk and control, and a beautiful collaboration of people, process and technology.

Coming from a technical background, Ed has extensive hands-on experience, blended with exceptional client consulting and team leadership skills. In previous roles, Ed has led security teams in major finance and government institutions, providing security advice and consultancy services to some of the highest profile and most complex IT projects across Australia.

Ian has 20 years’ experience in the IT industry latterly as technical lead for DXC managing CHECK, STAR and GBEST penetration testing and long-term vulnerability scanning implementations. He has also been responsible for secure architecture reviews and secure code reviews covering multiple industries including finance, public sector, telecoms, and oil and gas. Ian has been a CREST Assessor since 2015 and is currently running the our exam development group creating our next generation exams.

Doug possess World-leading knowledge and skills pertaining to penetration testing, networking, architecture, security systems and integration, developed and evidenced over a 20-year career, within numerous and varied highly technical information security roles. Currently, Doug is the Head of Nettitude’s Global Red Team, conducting offensive engagements in-line with industry frameworks, testing the detection and response capabilities of countless, prominent global organizations.

Doug started his career as a systems administrator, before working in network security and managed security services roles. Doug then moved into consultancy in both a defensive and offensive capacity, building Secure Operations Centers and carrying out hundreds of penetrations tests. Now, with around six years of experience simulating Advanced Persistent Threats (APT) groups and cyber criminals, Doug has a consummate understanding of emerging threats and what it takes to assist companies in defending themselves against highly sophisticated cyber-attacks.

Philip is an accomplished Information Security Consultant and Manager with over 20 years of experience in cybersecurity. He possesses a Master of Science degree in Network and Information Security and holds several prestigious certifications, including CISSP, GXPN, and GCPN. His extensive background and advanced qualifications underscore his expertise and commitment to information security. 

He spearheaded establishing and managing robust penetration testing programs for major global clients across diverse sectors, including government, banking, and multinational corporations. Philip is experienced at developing and implementing comprehensive, tailored penetration testing strategies, including Red Team emulations and Purple Team simulations, to enhance security performance and information assurance. 

Philip’s leadership extends beyond his technical expertise. He excels in creating training and mentorship programs, significantly contributing to developing high-performance information security teams. His mentorship has inspired these teams to manage complex security landscapes effectively, showcasing the positive impact of his leadership.

Olle is a veteran within the IT security industry, having devoted himself to both “breaking” and “building” security solutions for over 20 years. Since his appointment as Principal Security Consultant at F-Secure in 2016, he has established a new security consulting practice in Stockholm, Sweden, that has grown into a team of 12 expert consultants serving some of the biggest and most targeted organizations in Sweden.

At F-Secure, Olle is also actively engaged in improving consulting practices and methodologies to provide better assurance for clients in new and more efficient ways. Olle is a regular speaker at information security conferences and is also a co-founder of one of them, the popular SEC-T hacker conference in Stockholm.

Ben is the Global Head of Nettitude’s Advisory Services’ and has over a decade’s experience in the cyber security sector. During this time he has worked with a huge client base ranging from UK Government, Banking Sector (Including Central Banks) and many well-known private sector organisations worldwide. Ben specialises in intelligence-led simulations (STAR) and infrastructure testing but has a wide variety of knowledge in many areas, including training, tool development and incident response. Not only has he delivered in-depth technical assurance services, but has excellent communications skills that span a wide range of audiences including technical, business management and senior leadership.