Announcing #GRIMMCon a FREE VIRTUAL Conference for the community! We’ll have two tracks, one especially for First Time Speakers who we’ll pair with an expert. Talks will be a mix of tech and personal fun.


Date/Time: 14 APR 20, 1100 - 1900 EST

GRIMMCon Discord


TRACK ONE - New Speakers

TRACK TWO - Experts

Schedule Below

Keynote Speakers

Xena Olsen

Adversary Detection Pipelines: Finally Making Your Threat Intel Useful

Xena Olsen is a threat intelligence analyst in the financial services industry. A graduate of SANS Women’s Academy with 7 GIAC certifications, an MBA IT Management, and a doctoral student in Cybersecurity at Marymount University. Twitter

Wendy Nather

What CISOs Wish They Could Say Out Loud

Wendy Nather is head of the Advisory CISO team at Duo Security (now Cisco). She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She is co-author of The Cloud Security Rules, and was listed as one of SC Magazine's Women in IT Security "Power Players" in 2014, as well as an “Influencer” in the Reboot Leadership Awards in 2018. She serves on the advisory board for Sightline Security, an organization that helps nonprofits improve their cybersecurity. Twitter: LinkedIn:

Wade Wells

Mapping your network to Mitre ATT&CK to visualize threats, logging, and detection

Wade Wells currently works as a security engineer in the FinTech industry based in San Diego, CA. He specializes in both threat hunting and threat intel. He currently holds bachelors in Cyber Security and working on his masters at Georgia Tech. Twitter: Linkedin:

Tarah Wheeler

Always Fail The First Time

Tarah Wheeler is Cybersecurity Policy Fellow at New America leading a new international cybersecurity capacity building project with the Hewlett Foundation’s Cyber Initiative and a US/UK Fulbright Scholar in Cyber Security for the 2020/2021 year. She is an inaugural contributing cybersecurity expert for the Washington Post and a Foreign Policy contributor on cyber warfare. She has appeared on Bloomberg Asia on US-China trade and cybersecurity. She is the author of the best-selling Women In Tech: Take Your Career to The Next Level With Practical Advice And Inspiring Stories. She is an information security researcher, political scientist in the area of international conflict, author, and poker player. She has been Head of Offensive Security & Technical Data Privacy at Splunk & Senior Director of Engineering and Principal Security Advocate at Symantec Website Security. She has led projects at Microsoft Game Studios (Halo and Lips) and architected systems at encrypted mobile communications firm Silent Circle. She has spoken on information security at the European Union, at the Malaysian Securities Commission, for Foreign Policy, the OECD and FTC, at universities such as Stanford, American, West Point, and Oxford, and multiple governmental and industry conferences. She has $3640 in lifetime cashes in the World Series of Poker. Twitter: LinkedIn:

Spencer McIntyre

First Time Speaker Coach

Spencer McIntyre works for a US-based technology company doing offensive security-oriented Research and Development. Previously he worked at a consulting firm where he dealt with clients from a multiple industries including healthcare, energy and manufacturing. He is an avid open source contributor and Python enthusiast. Twitter: LinkedIn:

Nicole Hoffman

Applying Fraud Detection Techniques to Hunt Adversaries

Nicole Hoffman is a Threat Research Analyst with experience in researching threat actor techniques, tactics, and procedures. Understanding of several cyber security frameworks including ATT&CK and the Lockheed Martin kill chain approach to protection, detection, incident response and recovery. Experience with PowerShell, SPARQL, HTML, CSS, Windows, and Linux. Basic understanding of red, blue, and purple team operations as well as proactive threat hunting operations. Twitter: LinkedIn:

Mike Forgione

Increasing efficiency of threat intelligence collection by leveraging cyclical automation

Michael Forgione is the Director of Operations/Senior Engineer for an Intelligence led service company called Shadowscape. He has worked in Cybersecurity for the past 8 years developing security programs, managing SOC operations, and working on various engineering projects. He has developed a passion for automation over the years because he has seen the need to help our industry as well as our customers. Aside from automation, he enjoys being outdoors whether it's snowboarding, skateboarding, mountain biking or camping. Twitter: LinkedIn:

Matt Carpenter

First Time Speaker Coach

Matt leads research in Embedded System Security and related Cyber Physical (CyPhy) interests at GRIMM. Matt has deep expertise in reverse engineering and vulnerability research of hardware, software, and firmware. He specializes in systems where these disciplines intersect, such as Industrial Control Systems (ICS), the Internet of Things (IoT), Automotive, and Aviation. Matt oversees research at the CyPhy lab in Sparta, MI, -- a dedicated lab for reverse engineering large systems for the purposes of vulnerability assessments. With ample classroom space, Matt and his team develop and instruct hands-on courseware for developers, engineers, and cybersecurity professionals / program managers. Courses range from automotive, to ICS, to IoT security. Matt’s ICS interest began twenty years ago when he first began helping government, industry leaders, and policymakers define strategies and frameworks for securing cyber physical systems (CPS). He is the former vice-chair of UCA International Users Group Advanced Metering Infrastructure security (AMI-SEC) task force and the Smart Grid Security working group. Matt recently led the vulnerabilities team for the NIST cyber security coordination task force developing NISTIR-7628 for the security of CPS. He was captain of three winning DEFCON Capture the Flag teams, and you may often find him at hacker or automotive conferences providing insightful and entertaining talks about current and emerging threats. Twitter: LinkedIn:

Konstantin Klinger

Passive DNS for Threat Detection & Hunting

Konstantin currently works as a Security Research Engineer for Proofpoint and creates static and dynamic signatures for various threats on a daily basis. He combines his technical and analytical skills with great passion and effort to deliver accurate, complete and efficient solutions for all kind of problems in the field of cyber security. His background is Network Security Monitoring and Threat Hunting of APT campaigns. He served for the government and defended large enterprise networks for a Managed Security Service Provider. Further he is involved actively in the Suricata community and supports various open source projects. Twitter: LinkedIn:

Kamel Ghali

Bluetooth and why we need more people studying it

I'm an Automotive Cybersecurity Technology Architect at White Motion, an automotive cybersecurity firm based out of Tokyo. I'm always trying to broaden my skillset (currently studying Bluetooth and USB) and in my spare time I play games in Tokyo's arcades (although less so lately for social distancing reasons) Twitter: LinkedIn:

Jorge Orchilles

First Time Speaker Coach

Jorge Orchilles is a published author who holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science respectively. Jorge leads the offensive security teams in a large financial institution; is a SANS Certified Instructor; author of Security 564: Red Team Exercises and Adversary Emulation, CVSS, and a threat-led penetration testing framework; C2 Matrix Project Lead; ISSA Fellow; and serves on the Board of Directors of the ISSA South Florida Chapter. Twitter: LinkedIn:

Johnny Xmas

The Maker Response to the US COVID-19 Pandemic

Johnny Xmas is a predominant personality in the Information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. Currently a trainer with the famous Grimm Security Engineering group, he has formerly partnered with Australian firm 'Kasada' to defend against the automated abuse of web infrastructure, and was the lead consultant on Uptake's Industrial Cybersecurity Platform. Prior to this, he spent many years in the field as a penetration tester, focusing heavily on both IT and physical security of financial and medical facilities, Security Engineer for a global Fortune 500 retail corporation, and Mainframe auditor and Systems Engineer for several IT asset recovery firms. Twitter:

Johnny Ciocca

Password Vaults and (Dead Routers)

Johnny Ciocca graduated bachelor in network administration back in 2004, specialized in infosec right after that. Acted as Federal Public Defense's Infosec Coordinator. He's currently CSIRT Tech Supervisor @ Caixa Econômica Federal, Brazil's federal state-owned bank, since Oct 18. Twitter: LinkedIn:

John ‘JT’ Thomas

Threat Modeling 101

JT is a freelance software developer with a decade of experience. While primarily working in the mobile application space, he has been transitioning to information security. 2020 JT blames middle school JT for watching too many cyber crime films and wanting to be a “CIA hacker” when he grew up. In addition to development and application security, JT has a passion for digital privacy. He provides consultation to political organizers, journalists, legal observers, and the public on privacy strategy and is a frequent contributor to local security communities such as #misec. Twitter: LinkedIn:

Joe Gary

First Time Speaker Coach

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior OSINT Specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, Joe has placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT CTF, and 3rd Place in the 2018 & 2019 NOLACon OSINT CTFs. Joe has independently placed 2nd in the HackFest Quebec SECTF, 4th Place in the DerbyCon OSINT CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris. Joe has contributed material for the likes of TripWire, AlienVault, ITSP Magazine, CSO Online, Forbes, and Dark Reading as well as his own platforms. Joe is the author of a few OSINT tools, such as WikiLeaker and the forthcoming tools DECEPTICON and INTERCEPTICON. Social Media: Twitter: LinkedIn: Facebook: Blogs: Website:


Analyzing SUID binaries - VMware Fusion

Jeffball is a senior researcher at GRIMM, where he conducts vulnerability assessments, exploit development, tool development, and other security research. Jeffball has presented at numerous security conferences, such as DEF CON, BSidesLV, LayerOne, and MTEM, and has written several security tools and papers. Before working at GRIMM, jeffball worked at MIT Lincoln Laboratory, where he received an MIT Excellence Award for his work. He holds a BS degree in computer science and applied mathematics and a MS degree in computer science from East Stroudsburg University. Twitter:

Ian Tabor

From an IVI in a box to a CAR in a box

Network / security architect that has a passion for car hacking, found vulnerabilities in his own car and also private Car bug bounties. Now runs Car Hacking Village UK and is part of the team behind CHV at defcon LinkedIn Twitter: Website:

Gabrielle Hempel

Outbreak! Virus vs. Virus: How We Can Apply Current Legislation and Handling of the COVID-19 Pandemic to the Spread of Malware

Gabrielle Hempel is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology with a minor in Criminal Justice. She worked for an institutional review board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. She moved to IT consulting in 2018, and currently work as an Senior Security Analyst with a Fortune Global-500 company while pursuing a certificate in Advanced Computer Security at Stanford. She continues to serve as a genetic scientist for NIH-regulated recombinant genetic studies, and serve as an instructor and mentor for a student cohort of cybersecurity analysts through Cybrary. She recently obtained her Certified Human Trafficking Investigator (CHTI) credentials through the McAfee Institute, and work with various law enforcement groups and task forces in order to combat human trafficking through digital forensics and analysis. Her area of expertise lies in GDPR/HIPAA/regulatory compliance and medical device security. Twitter: LinkedIn:

Evan D. Wolff

First Time Speaker Coach

Evan Wolff, formerly an advisor to senior DHS leadership, is Crowell & Moring’s Privacy & Cybersecurity Practice Co-Chair. He advises leading companies on network security, intrusion investigations, and data breaches. Evan is a Woodrow Wilson International Center for Scholars fellow, and a member of the Sandia National Lab External Advisory Board and Aspen Institute's Homeland Security Group.

Elizabeth Wharton

First Time Speaker Coach

Elizabeth (Liz) Wharton is a technology-focused business and public policy attorney who has advised researchers, startups, and policymakers at the federal, state, and local level. She is the Chief of Staff at SCYTHE as well as a member of the Technology & Innovation Council with Business Executives for National Security and a member of the DEFCON CFP Review Board. In addition to being the former technology attorney for the World’s Busiest Airport, she also is the former host of “Buzz Off with Lawyer Liz” podcast. Twitter: LinkedIn:

Dave Kennedy

Finding the Calm: In the Storm

Dave Kennedy is the Founder and Senior Principal Security Consultant at TrustedSec. He is also a cybersecurity authority whose mission is to drive the industry forward and make the world a more secure place. In addition to creating two large-scale cybersecurity firms, David has testified before Congress on issues of national security and has appeared as a subject matter expert on hundreds of national news and TV shows. Prior to creating TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company. As a forward thinker in the security field, David has had the privilege of speaking at some of the nation’s largest conferences, including Microsoft’s BlueHat, DEF CON, Black Hat, and DerbyCon, which he co-created in 2011 and expanded into DerbyCon Communities. Twitter: Linkedin:

Clay Moody

First Time Speaker Coach

Clay Moody is an expert and proven cybersecurity professional with over 21 years experience in information technology and security. Computer science educator, public speaker, researcher, and author with military experience across the spectrum from tactical to strategic. Participates in cybersecurity capture the flag competitions as a player, designer, and coach. Twitter: LinkedIn:

Chris Dale

First Time Speaker Coach

Chris Dale is currently the Head of Cyber Security at Netsecurity. Along with his security expertise, he has a background in programming, system administration and management. His broad experience certainly helps a great deal when working in the security industry. Outside of his day job, Chris is also a certified SANS instructor. Chris has been featured several times in news and media, and is often to see around speaking at conferences, or mingling at events in the security industry. He also frequently talks at conferences. Youtube: Twitter:!/ChrisADale LinkedIn:

Casey Ellis - Taking the Internet's Immune System to the Next Level

Casey is the Founder, Chairman, and CTO of Bugcrowd. He is an 20 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s in the passionate pursuit of potential. LinkedIn:

Carel van Rooyen

First Time Speaker Coach

Carel van Rooyen is a computer systems engineer. Prior to his roles as security analyst and security researcher he spent years teaching web application development and network security principles. He is currently heading red team operations at a multinational financial institution based in Zurich. Twitter:

Angela Marafino

Harry Potter and the Career of Secrets: What we can all learn from year two at Hogwarts

Angela Marafino is Co-Founder of Room 4 Security and Co-Organizer of WoSec Seattle. Angela is making the most out of her ability to network and bring people together in the cybersecurity industry at this time. With no background in IT or computer science, Angela did not take the traditional route to a career in security. However, being computer savvy and having a passion for privacy, prompted her to enroll in a security bootcamp, which developed the skills and mindset to land a job in the industry. She is CompTIA Network+ and Security+ certified and also holds two Bachelor's degrees, one in Fine Arts and another in Legal Assistant Studies. Twitter: LinkedIn:

Alyssa Miller

Stealing Reality – Exploiting the Human Element with Deep Fakes

Alyssa Miller has a passion for security which she evangelizes to business leaders and industry audiences both through her work as a cyber security professional and through her various public speaking engagements. Her goal is to change the way we look at the security of our interconnected way of life and focus attention on defending privacy and upholding trust. Alyssa has always had a driving curiosity to understand how technology works and how existing technologies can be hacked to function in new ways. At the young age of 12, Alyssa got her start by taking a job as a paper carrier to save up enough money to buy her first computer. From the time she brought that computer home from Best Buy, she has taught herself new skills and pushed the capabilities of digital technologies. Today, Alyssa leads the Information Security Solutions practice for CDW. She continues to work with executive and senior business leaders on developing comprehensive enterprise security programs. Additionally, she evangelizes her message about evolving the way people think about and approach security, privacy and trust through speaking engagements at various conferences and other events. When not engaged in security research and evangelism, she is also an accomplished soccer referee, guitarist and photographer. Twitter: LinkedIn:

Alexandre Blanc

The Cyber Threat landscape is after your Accounts!

Alexandre Blanc became cyber risk subject matter expert, from local infrastructures to global threat landscape analysis through 20+ years of infrastructure management, protecting and securing systems from online threats. He loves to correlate information from OSINT, and draw global trends in cyber threat landscape. His hands on experience on protecting sensitive infrastructures, combined with daily threats trend analysis and awareness raising, brought him to an essential position in regard to risk analysis overview, information sharing, from low to high level perspectives. Twitter: LinkedIn:

Harri "scofield" Hursti

Current State and Future of Elections, With or Without Corona

Harri "scofield" Hursti strengths lie in taking any problem and looking at it from a new angle to find unexpected solutions, having the communication skills needed to manage multi-cultural environments, whether it is bringing the commercial side and technology side of a business together, or getting an international teams in line to achieve a common goal. He the skills needed to take over and manage a crisis, a chaotic business environment, or one undergoing strategy changes - entrepreneurial to the core. He come with deep, “nuts'n'bolts” level of technical understanding for such field as IP networking and services, telecom and internet communications networks and infrastructures, security, and cloud computing. He has a passion for understanding new technologies before they hit the market, and understand the strategic implications, the disruptive effects, and the new opportunities they bring into the business. Twitter: LinkedIn:

Virtual Villages

Virtual Car Hacking Village
Gain access and learn how to interact with the game in the CHV channel on
Discord (named "car-hacking-village")
They can read up and get started preparing by visiting

. That's right. COBOL. Don't know it (few do)? No problem, it's a learning CTF. How far down the rabbit COBOL can you go?
To participate go to

Virtual Lobby Con

GRIMMCon Discord
Please read/follow Code of Conduct

GRIMMCon Support
Need a little help...
reach out to the GRIMMCon-Support channel in Discord for support
or email
Since we are an all volunteer community CON our volunteers
will do their best to support you, we appreciate your patience

Con Schedule

Start Time

Track 2 - Experts

Track 1 - New Speakers

11:00 EST

Opening Keynote - Tarah Wheeler: Always Fail The First Time

Keynotes will take place in TRACK 2 ONLY. If you'd like to see the keynotes, make sure you sign up for Track 2, even if all of the other talks you're interested in are in Track 1.

11:45 EST

Ian Tabor - From an IVI in a box to a CAR in a box

Mike Forgione: Increasing efficiency of threat intelligence collection by leveraging cyclical automation

12:30 EST

Alyssa Miller: Stealing Reality – Exploiting the Human Element with Deep Fakes

John "JT" Thomas: Threat Modeling 101

13:15 EST

Xena Olsen: Adversary Detection Pipelines: Finally Making Your Threat Intel Useful

Wade Wells: Mapping your network to Mitre ATT&CK to visualize threats, logging, and detection

14:00 EST

Wendy Nather: What CISOs Wish They Could Say Out Loud

Angela Marafino: Harry Potter and the Career of Secrets: What we can all learn from year two at Hogwarts

14:45 EST

Harri Hursti: Current State and Future of Elections, With or Without Corona

Nicole Hoffman: Applying Fraud Detection Techniques to Hunt Adversaries

15:30 EST

ʝօɦռռʏ Ӽʍǟֆ - The Maker Response to the US COVID-19 Pandemic

Alexandre Blanc: The cyber threat landscape is after your accounts

16:15 EST

Casey Ellis: - Taking the Internet's Immune System to the Next Level

Johnny Ciocca: Password Vaults and (Dead Routers)

17:00 EST

Jeffball: Analyzing SUID Binaries - VMWare Fusion

Konstantin Klinger: Passive DNS for Threat Detection & Hunting

17:45 EST

Gabrielle Hempel: Outbreak! Virus vs. Virus: How We Can Apply Current Legislation and Handling of the COVID-19 Pandemic to the Spread of Malware

Kamel Ghali: Bluetooth and why we need more people studying it

18:30 EST

Closing Keynote - Dave Kennedy: A Sense of Calm in the Storm

Keynotes will take place in TRACK 2 ONLY. If you'd like to see the keynotes, make sure you sign up for Track 2, even if all of the other talks you're interested in are in Track 1.

19:00 EST

Virtual Happy Hour (See Discord for details)

Virtual Happy Hour (See Discord for details)