BSides Perth 2025

Application Security Engineer, student chaplain and all around novice

Adam Foster, also known as evildaemond is a Senior Penetration Tester with OneStep Group and an Information Security Researcher, with niches in Physical and Hardware Security. They have developed and released open source tools such as the DoorSim and Physsec Methodology, aiming to encourage cyber security professionals to understand the physical side of information security.

Angus is a vulnerability researcher at InfoSect. At work, he is well known for giving talks that go way over time and contain unnecessary amounts of detail. Outside of work, Angus enjoys learning new (usually useless) skills, attempting (and forever failing) to win CTFs, cooking (hopefully) tasty food, and is known to be overly competitive when playing (video|board|role-playing|war)games with his friends.

Christian Frichot (he/him) is an application security professional with a passion for threat modelling & OSS - who spends his free time trying to avoid computers. Currently working at Atlassian as a Senior Product Security Manager, Christian has a history spanning both large tech companies internationally (LinkedIn, Salesforce, SafeStack, GM Cruise, Hashicorp), and local Aussie orgs as well (Bankwest, Asterisk, CyberCX, Rio Tinto). He's also been fortunate enough to present at wonderful events such as Kiwicon, DEFCON, CactusCon, OWASP APAC, Blackhat Arsenal and BSidesSF. Christian is also the co-author of The Browser Hacker's Handbook, published by Wiley, and the creator of threatcl.github.io.

Cole is the Founder and CEO of Galah Cyber, Australia’s leading Application Security consultancy. Cole founded Galah after working w/ internationally recognised organisations to plan, implement, and operate large-scale AppSec and Product Security programs. Cole is a regular OWASP contributor, with his most recent contributions including the XSS CheatSheet rewrite, Code Review guide update, and a OWASP 20th Anniversary speech.

Cole is well known in the Australian security scene, having penned thought-provoking articles about software engineering with a security lens, and regularly presenting at BSides and AISA conferences around the country. Cole is also the host of the Secured podcast, which focuses on the humans and business side of AppSec, and is the father of two daughters, Monica and Xinni.

Cybersecurity professional who specialises on Threat Intelligence, Detection Engineering, and Security Operations Design, focusing on Operational Technology (OT) and Industrial Automation and Control Systems (IACS) networks. I'm passionate about empowering and educating the next generation of cybersecurity professionals.

George Hewitt is a seasoned technologist with 20+ years in IT leading teams, building infrastructure, forcing change and designing systems around humans. Having worked across healthcare, mining, government, and enterprise environments, he’s no stranger to complex people and systems—or how to find clever ways to subvert them.

His recent work explores the intersection of AI, social engineering, and procedural trust. Equal parts practitioner and provocateur, George brings a mix of insight, irreverence, and just enough chaos to make audiences think twice about the systems they rely on.

He’s here to challenge assumptions, have a bit of fun—and maybe prove a point about how easily the gatekeepers can be fooled.

Jia Hao Poh is a Senior Security Consultant at Elttam, whose interest lies in web application security. He is always interested in staying up to date about the latest hacking techniques used to challenge the assumptions.

Lee Yang Peng (CISA, CISM, CRISC, OSCP) is a Lead Cybersecurity Consultant at DACTA Global specialising in Governance, Risk, Compliance (GRC) services. He graduated from the National University of Singapore (8th in the World) with a Bachelor of Computing (Information Security) with Honours (Distinction).

With a strong technical foundation, including experience in Penetration Testing, Yang Peng is able to bridge the gap between business strategy and cybersecurity compliance, translating complex technical and organizational risks into actionable strategies. Over the past few years, he has delivered enterprise-level cybersecurity solutions across both IT and OT environments, leading multi-domain initiatives that typically require multiple senior roles.

Past Talks:
▪ BSides Montreal (Canada) Cybersecurity Conference – 2025 (https://bsidesmtl.ca/bsides-montreal-en/program-en-2025/)
▪ Python Conference Asia-Pacific (PyCon APAC) – 2015 (https://tw.pycon.org/2015apac/en/lightning_en/index.html)
▪ Python Conference Singapore (PyCon SG) – 2015 (https://pycon.sg/archive/2015/speaker/profile/60/)

Louis Nyffenegger is an experienced speaker who has delivered talks and training at major security events worldwide. His sessions focus on web application security, vulnerability research, and advanced code review techniques.

Luke is a senior penetration tester with over five years of experience breaking into things professionally — from thick clients and mobile apps to infrastructure and external networks. Currently working in the financial sector, they’ve spent time across industries including health and resources, with past roles spanning everything from red teaming to compliance assessments.

They hold multiple certifications (OSWE, OSCP, CRTO, GMOB) and have been recognised in the Google Hall of Fame. Luke is an ECU alum with a background in Computer and Network Security and is a member of the GIAC Advisory Board.

Matt is a Director and Co-founder of elttam, an industry leader in product security testing. Matt has 20 years of experience in technical roles where he’s specialised in security engineering of bespoke products, vulnerability research, and conducting technical security assessments.

Sajeeb Lohani is the Global TISO and Senior Director of Cybersecurity at Bugcrowd, and a Sessional Lecturer at the University of Melbourne. He holds OSCP and OSWE certifications, and is a core contributor to Interlace, an open-source tool for automating penetration testing workflows. Ranked in Bugcrowd’s global top 40 and #2 on DVuln, Sajeeb is an active bug bounty hunter with acknowledgments in the halls of fame of Amazon, Yahoo, GitHub, Atlassian, Okta, and many others.

He regularly contributes to the Melbourne security community as founder of the Monash Cyber Security Club, a mentor with AWSN workshops, and a frequent speaker at meetups and conferences, including DevSecCon Seattle, Bsides Perth, RuxCon, and OWASP New Zealand.

Sohan is a senior analyst in PwC’s Threat Intelligence team, where he contributes to intelligence reporting focused on Crime and Asia-Pacific based threat actors. Sohan is the North Korea-based threats lead for the team. Prior to joining PwC, Sohan spent three years in the financial services sector, working in Cyber Threat Intelligence and Security Operations Centre (SOC) operations.

Will has been doing security consulting things in Perth for just over 10 years.

He's done a little bit of everything, but mainly penetration testing and similar technical assessments.

If you were a Victorian-based insurance company during his brief phase configuring firewalls... he is really really sorry. But he wanted me to tell you that he "figured out the stupid thing he'd done pretty quickly" and that "Production wasn't down for THAT long..."