Vulnerability research

Back to the list of Speakers and Sessions
Watch the stream
Q&A and discussion for the malware block, hosted and moderated by Rayna Stamboliyska. Questions will be gathered from the audience during the four prior talks.

Ivica Stipovic Information Security Consultant, Ward Solutions

Ivica works as an Information Security Consultant. He tries to understand the intricacies of security processes and find the ways to undermine them. In a previous life a network and system administrator, he moved recently towards security research. Currently, a proud employee of Ward Solutions. Formal education encompasses BSc in Computing and Telecom ,MSc in Computer Forensics and Masters in Business Administration.

Jeff Dileo Technical Director, NCC Group

Jeff is a security consultant by day, and sometimes by night. A Technical Director at NCC Group, he specializes in application security, and regularly assesses mobile device firmware applications, embedded platforms, web applications, and "privileged" code of all kinds. He has spoken publicly at conferences such as DEF CON, ToorCon, RECON, and CCC, covering a wide range of topics including Android and Java bytecode instrumentation, scriptable debugging, and, more recently, eBPF and unikernel security. A connoisseur of exotic candies and snacks, he enjoys starting arguments about text editors and window managers that he doesn't actually use. Jeff holds an MS in Computer Science from NYU Poly (Tandon).

Addison Amiri Security Consultant, Shibuya Industries

Addison Amiri got his start in security in the mid-2000’s when he read about how easy it was to break WEP. From there, he’s meandered the world of security, through academia and industry, eventually entering the world of professional security consulting. Along the way, he’s had the opportunity to be simultaneously amazed at how well computers work and terrified that our lives now rely on them. These days he’s traveling the world and making the most of the cyberpunk dystopia.

Yuan Stevens Policy Lead on Technology, Cybersecurity and Democracy; Research Affiliate, Ryerson Leadership Lab and Cybersecure Policy Exchange at Ryerson University; Data & Society Research Institute

Yuan (rhymes with Suzanne) Stevens works at the intersections of law, policy, and technology with a focus on privacy and cybersecurity. She holds the position of Policy Lead on Technology, Cybersecurity and Democracy at the action-oriented think tank Ryerson Leadership Lab at Ryerson University. Her work equips society with the ability to understand and patch up harmful vulnerabilities in sociotechnical and legal systems. Based in Montréal, she is a research fellow at McGill University’s Centre for Media, Technology & Democracy and research affiliate at Data & Society Research Institute. She received her BCL/JD from McGill University in 2017. She serves on the board of directors for Open Privacy Research Institute, Head & Hands in Montréal, and previously worked at the Berkman Klein Center for Internet & Society at Harvard University.

Stephanie Tran Policy and Research Assistant, Ryerson Leadership Lab

Stephanie is a Policy and Research Assistant at the Cybersecure Policy Exchange and Ryerson Leadership Lab. She is an experienced researcher with over five years of experience analyzing public policy and human rights issues related to digital technologies, with past experience working for the Citizen Lab, Amnesty International Canada, the United Nations Office for the Coordination of Humanitarian Affairs (UN OCHA) and more. She is a trained computer programmer, having earned a Diploma in Computer Programming from Seneca College. She also holds a dual degree Master of Public Policy (Digital, New Technology and Public Affairs Policy stream) from Sciences Po in Paris, and a Master of Global Affairs from the University of Toronto. She earned her BA degree from the University of Toronto specializing in Peace, Conflict and Justice.

Florian Martin-Bariteau University Research Chair in Technology and Society, University of Ottawa

Pedro Ribeiro Founder & Director of Research, Agile Information Security

Pedro started working in security by doing ISO27001 audits. After almost dying of boredom, he jumped into penetration testing, reverse engineering and vulnerability research, focusing on embedded systems and enterprise software.

He is the Founder & Director of Research at Agile Information Security, a boutique security consultancy that focuses in providing hardcore technical cyber security solutions to its clients.

In his spare time Pedro hacks hardware and software and has made public dozens of remote code execution vulnerabilities resulting in 140+ CVE, and authored 60+ Metasploit exploits. He regularly participates in Pwn2Own as part of "Flashback Team", winning Pwn2Own Tokyo 2020 outright with his teammate Radek Domanski.

Rayna Stamboliyska ,

Rayna Stamboliyska focuses on EU cyber diplomacy and resilience including issues related to cybersecurity, strategic autonomy and data protection. An award-winning author for her most recent book "La face cachée d'Internet" ("The dark side of the Internet",  Larousse 2017), Rayna is also an IoT hacker and a staunch proponent of open source, data and science. Rayna has served in various Directorship and security-related foreign policy positions: she has consulted for international organisations, private companies, governments and non-profits, interfacing with public sector actors and guiding them through innovative policy-making processes. Energetic and passionate, Rayna has grown to become a recognised information security speaker committed to educating those outside of the industry on security threats and best practices. A longtime diversity advocate, she is Council Member of Women4Cyber Europe.

Currently, Rayna is the VP Governance and Public Affairs at YesWeHack, a global bug bounty and coordinated disclosure leader. She also manages the EU-funded SPARTA research and innovation project, which is a pilot for the EU Cyber Competences Network. She teaches at Sciences Po Paris and writes up the cybersecurity expert column "50 shades of Internet" at