CREST Penetration Testing Focus Group

Boglarka is Director of Operations at Commissum (Eurofins Cyber Security UK), with a background in penetration testing and UNIX systems administration. In her role she relays a lifelong passion for the security industry, supporting a variety of businesses, both large and small on their journey to a more mature security posture. Boglarka works with young people to help them find a fulfilling career in one of the many areas of cyber security, focusing on challenges associated with niche requirements such as testing mainframes.

Information Security Specialist with 7 years of experience in delivering and leading Vulnerability Assessment and Penetration Testing services for Fortune 500 companies, Banking, Financial and Telecom industries. Have assisted and trained Defense personnel’s, Government resources in the matter of Cyber Security.

In addition to standard Offensive security services, I have also delivered Advanced Cyber Security training programs on topics such as Advanced Penetration Testing, Network Monitoring and Malware Analysis for University Graduates. I’m also a member of OWASP Kerala chapter wherein my responsibilities lie in conducting technical talks/sessions, preparing technical materials/ reviewing them and such to name a few.

Currently I function as a Service Delivery Manager with overlapping responsibilities of Technical Lead as well within UST.

Certifications: ISO 27001:2013 LA, Certified Red Team Professional (CRTP), ECSA

Simon has 13+ years of experience in Cyber Security.  He taught Penetration Testing classes at both BSc and MSc levels. He owns the following certifications: CISSP, CCSP, PMP, SEPP.  Simon completed his BSc in Computer Science in 2019 and his MSc in Computer Security and Systems Forensics in 2011.

His publications include several ethically disclosed zero-day vulnerabilities, CVEs as well as book chapters and scientific papers.  Simon’s passions include martial arts, motors and humans’ behavioural threats studies.

I am currently employed by StickmanCyber as their Lead Penetrati:on Tester with over three years of professional experience in penetration testing and offensive security engagement, and over five years in bug bounty hunting which I remain actively engaged in.

From 2015 to 2016, I was a regular volunteer for Free and Open Source (FOSS) and Mozilla in Nepal, then in 2017 I began guest speaking and running training workshops at events such as the Cybersecurity Awareness Program by the Rotary Club Tilottama Nepal and Cybersecurity Seminar for financial organisations that was hosted by npCert.

I am currently listed on over 40 ‘Hall of Fames’, some of the most notable being Google, Intel, Twitter, United Airlines, and the US Department of Defence and in 2018 I was honoured as one of only two ambassadors in the AU region (one of 19 ambassadors worldwide) for Bugcrowd.

In 2019, I founded and ran a monthly infosec focus group specifically for Nepali students, to help train and guide them into a professional career in the Australian cybersecurity workforce.

I have also remained an active core member and volunteer for the last seven years, at Pentester Nepal; a non-profit organisation created to help develop and support the next generation of infosec enthusiasts in Nepal.

Throughout my career I have enjoyed being part of the security community not just in Nepal, but in Australia and India as well.

Involved with cyber security roles for 25 years, starting as a sysadmin and now as a team leader/department head in a cyber security organisation (Quorum Cyber).

Started off as a Sysadmin in an Internet Service Provider back in Mozambique in the late 90s.
While in university, worked as a sysadmin managing the infrastructure that served the Computer Engineering Department and all their students.

After university, worked as a sysadmin in a bank before fully turning to pentesting in 2008 when I worked for Sysvalue.

In 2013, I moved to Scotland where I joined 7 Elements Ltd as a pentester. While at 7 Elements, I delivered multi-discipline engagements and achieved the CREST Certified Tester APP certification. In 2018, I joined Commissum as a Senior Pentester and became a CHECK Team Leader. During this time, I also got promoted to Head of Testing where I managed the team of 10+ pentesters.

In 2021, I moved to Quorum Cyber to lead the Offensive Security team where I continue to add value to our customers by delivering pentesting and security assessments.

Throughout my career, I’ve been regularly involved in social, academic and community events both as attendee, speaker and even organizer. I’m one of the organisers for the DC44131 (Edinburgh Defcon Chapter).

I started my cyber security career with MWR (later acquired by F-Secure) as a Security Consultant. In my stint in MWR, I build my experience in Penetration Testing and Adversary Simulation activities. The experience helped build a strong technical foundation within me, as I experienced engagements that required deep technical expertise across various technologies. These technologies included app sec (web & mobile), net sec, specialised technologies (e.g. ATM, Mainframe, etc), and adversary simulation activities.

After MWR, I joined EVYD Technology as a Senior Security Engineer. This experience allowed me to have an “end-user” view of security and its relation & impact on the business. In this role, I had the opportunity to build security technology & processes while ensuring their business relevance.

In my current role, I joined watchTowr as a Principal Security Researcher. I am currently helping to build the Attack Surface Management & Continuous Attack Surface Testing Platform in watchTowr. In this role, I had the opportunity to help build a product that aims to scale Penetration Testing activities at scale.

In parallel to my “day job”, I also played an active role in research & sharing them on public platforms. I had the opportunity to share my tooling & findings on multiple platforms, such as Black Hat Europe, InfoSec in the City (SINCON), and also CRESTCon Asia.

Tim is a highly skilled individual, with significant experience in the management and delivery of security consultancy services, both technical (application and infrastructure penetration testing) and non-technical (security policy and procedure reviews), across a wide range of business sizes and industry verticals. Through this experience, he has developed a keen understanding of challenges that may be faced while implementing security across an organisation and is able to provide detailed security advice tailored to a client’s unique situation and needs.

Tim is one of the Directors and Co-Founders of Sentrium Security Ltd, an IT security consultancy that resolves to provide their clients with meticulous technical assessment services of the highest quality and pioneer new ways of working within the industry. In this role, Tim is dedicated to ensuring that Sentrium’s assessment services provide clients with an in depth view of the security posture of their organisation and maximise the value gained the engagement.

I started as a whitehat hacker passionate. Now, I am a life long learner to run the iT security business and build the cyber security community for a safer world.

Leading the VSEC team over 10 years, we deliver world-class cyber security services to protect the clients with reasonable cost.

Tony is CEO and founder of VerSprite.

Tony’s 25-year career in IT/InfoSec has led him to champion ‘true spirited’ security consulting. This is based on the observation that true security, although relative to each organization, is best managed via a risk-based approach where both an understanding of data usage and functional use cases are known in the context of viable threats scenarios and supportive attack vectors.

Tony is a co-author of Risk Centric Threat Modeling (Wiley 2015). Beyond VerSprite, Tony runs the OWASP Atlanta, GA Chapter and has been heavily involved in the OWASP global initiatives since 2008.

Paul is currently the Chief Operations Officer at Emagined Security and has more than 30 years’ experience in the field of network and information security management. Paul is experienced in both executive and technical management and an accomplished technically skilled consultant. Many technical services offered by the Emagined Security Consulting Services Division were created or adapted by Paul to ensure they meet and exceed client expectations. He is experienced with incident response, penetration testing services, security architecture and design, identification and authorization systems, security policies and procedures, security assessment services, certificate authorities, encryption, and Security Operations Centers. Paul has also served on several boards previously including the Colorado State OIT board and Emagined Security.

I currently work as a Managing Senior Security Consultant for Nettitude, a CREST member company based in Leamington Spa, UK. Founded in 2003, Nettitude is an award-winning global provider of cybersecurity services, and part of the LRQA group.

In my role at Nettitude, I lead large and complex penetration testing engagements, which typically require multiple testers on delivery. This testing typically includes application, infrastructure, code review, and various other disciplines. As a member of the Nettitude penetration testing leadership team, I am also directly involved in creating and overseeing strategy, policy, process, and people management.

In addition to achieving multiple technical certifications and identifying multiple vulnerabilities that have been awarded a CVE number, I have performed a variety of roles during my time at Nettitude, including training of new employees, mentoring, and delivering external recruitment events. I am also a member of the quality assurance team – ensuring customer reports meet a high standard prior to delivery.

Prior to my career at Nettitude, I worked at Datatrack as a Network Security Developer. Datatrack are based in Christchurch, UK, and develop software and hardware solutions for collecting and analysing telecommunications data. My role within their security team included planning and delivering penetration testing for Datatrack’s products, as well as conducting remediation for identified security issues.

I have a First Class Bachelor of Science from Coventry University, where I studied Ethical Hacking and Cyber Security.

I have had a vast and varied career working with all sizes of businesses from SME to FTSE100. Throughout this career I’ve been exposed to multiple disciplines and specialties, achieved professional certifications in many and continually engage in learning. Working in smaller businesses gave me a detailed insight into how those types of businesses function on a day-to-day basis, whilst working for defence contractors gave me experience of working within government departments and the armed forces. Having been exposed to advance military technologies and being involved in the development, securing and testing of Royal Navy flag ships, I have a deep understanding of risks and how to address them. Working directly with the UK nuclear deterrent I gained an insight into technologies and processes that allowed me to advance my career even further. Recently I was elected as a member of the Royal Institute of Naval Architects in recognition of my career and contributions I made.

I am the director of several successful businesses and understand how security is applied at the board level, the decision-making process and the nuances around it. I am actively involved in the Cyber Essentials Plus scheme and regularly provide information to the NCSC. I have developed my team from the ground up and play an important role in their development plan, providing one to one training on a regular basis, giving me the opportunity to have direct involvement in developing inhouse training based on CREST syllabuses.