Keynote speakers

Troy Hunt
Troy Hunt will present the keynote 50 Shades of AppSec

Troy Hunt

Troy Hunt is an Australian Microsoft Most Valuable Professional for Developer Security and Author for Pluralsight — a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distil complex subjects into relatable explanations. This has lead Troy to become an industry thought leader in the security space and produce many top-rated courses for Pluralsight. Currently, Troy is heavily involved in Have I been pwned? a free service that aggregates data breaches and helps people establish potential impacts from malicious web activity. As the author of the eBook and series “OWASP Top 10 for .NET Developers”, Troy blogs regularly about web security and is a frequent speaker at industry conferences and throughout the media to discuss a wide range of technologies. Aside from technology and security, Troy is an avid snowboarder, windsurfer, tennis player and regular motor sport participant.

Simon Bennetts
Simon Bennetts will present the keynote OWASP ZAP: More Advanced Features

Simon Bennetts

Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and works for Mozilla as part of the Cloud Services Security Team.
He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac.
Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

Frank Breedijk
Frank Breedijk will present the keynote Red team, blue team or white cell? – Trends in IT and how they force security to behave as an immune system

Frank BreedijkFrank Breedijk started working as a Security Engineer at Schuberg Philis since 2006. He is Schuberg Philis’ Security officer since 2011 which makes him responsible for the information security of Schuberg Philis Mission Critical outsourcing services. This includes, but is not limited to

  • Security Awareness
  • Cooporation with the National Cyber Security Center in the MSP-ISAC
  • Vulnerability management
  • Internal security consultancy
  • Internal technical audits
  • Seccubus development

Frank Breedijk has been active in IT Security for over 10 years. Before joining Schuberg Philis he worked as a Security Consultant for INS/BT and Security Officer for Interxion. He managed the European Security Operations Center (SOC) for Unisys‘ managed security services. During this period Gartner labeled Unisys leader in the magic quadrant for Managed Security Services in Europe.

Besides his day job Frank Breedijk is an active on Twitter and writes blog entries for He has also written magazine articles about various information security topics.

Joshua Corman
Joshua Corman will present the keynote Continuous Acceleration: Why Continuous Everything Requires a Supply Chain Approach

Joshua Corman

In his capacity as CTO, Josh researches new technologies and software development trends to help evolve Sonatype’s product strategy. Additionally, Josh is working with the broader IT community as well as policy and standards bodies to improve software development security standards and best practices.
Prior to Sonatype, Josh served as a security researcher and executive at Akamai Technologies, The 451 Group, and IBM Internet Security Systems, among other firms. A well-regarded innovator, he co-founded Rugged Software and IamTheCavalry to encourage the development of new cyber security solutions in response to the world’s increasing reliance on digital infrastructure. Josh’s unique approach to addressing cyber security in the context of human factors and social impact has helped position him as one of the most trusted names in IT security. He also serves as adjunct faculty for Carnegie Mellon’s Heinz College, IANS Research, and as a Fellow at the Ponemon Institute.
Josh received his bachelor’s degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Tobias Gondrom
Tobias Gondrom will present the keynote From Zero to Hero – or how OWASP saved my holiday

Tobias Gondrom

Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory operating in Asia and Europe.
He has 15 years of experience in information security and risk management, software development, application security, cryptography and global standardization organizations, working for independent software vendors and large global corporations in the financial, technology and government sector. Over the years, he has run various corporate information security functions and trained and advised dozens of CISOs and senior information security leaders around the globe. Tobias is a Sloan Fellow from London Business School, holding its most senior business degree, the Sloan M.Sc. in Leadership and Strategy.
Since 2003 he is the chair of working groups at the IETF (, member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He is vice-chairman for research and programs of the CSA Hong Kong and Macau chapter and an ISC2 CSSLP and CISSP Instructor.
Tobias has been in a number of OWASP project and chapter leadership roles since 2007. Today, he is a member of the OWASP Global Board and member of the London chapter board and project lead of the CISO Survey & Report project.
He has authored the Internet standards RFC 4998, 6283 and 7034, co-authored the books Secure Electronic Archiving and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles on security (e.g. AppSec, IETF, …).

Jim Manico
Jim Manico will present the keynote HTTPS is better than ever before. Now it’s your turn

Jim Manico

Jim Manico is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. Jim Manico is also the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has a 18 year history building software as a developer and architect. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications from McGraw-Hill. For more information, see

Steve Lord
Steve Lord will present the keynote Securing the Internet of Things

Steve Lord

Steve has been a career penetration tester and occasional drop-in replacement for Chris John Riley for over 15 years. While heavier than Chris, he lacks Chris’ reach and would probably not beat Chris in a bloodsport-style pit-fight to the death. When not contemplating pit fights with Chris John Riley, Steve breaks into networks and applications at Mandalorian, co-organises the UKs 44CON Cybersecurity and 44CON London conferences, breaks lots of embedded Linux devices and is currently writing his first book, definitive penetration guide – “Breaking In: The Pentester’s Hidden Handbook”.
Steve last spoke at AppsecEU in 2009 about WordPress (in)security in Dublin. He also writes about penetration testing and career hacking at and occasionally for SC Magzine, IT Security Guru, the Gentleman Hacker’s Club and other online outlets.

Matt Tesauro
Matt Tesauro will present the keynote Lessons from DevOps: Taking DevOps practices into your AppSec Life

Matt Tesauro

Matt has been involved in the Information Technology and application development for more than 10 years. His background in web application development and system administration helped bring a holistic focus to Secure SDLC efforts he’s driven. He has taught both graduate level university courses and for large financial institutions. Matt has presented and provided training a various industry events including DHS Software Assurance Workshop, Agile Austin, AppSec EU, AppSec US, AppSec Academia, and AppSec Brazil.
Matt is currently on involved in many OWASP projects and committees. Matt is the project leader of the OWASP WTE (Web Testing Environment) which is the source of the OWASP Live CD Project and Virtual Machines pre-configured with tools and documentation for testing web applications. All running on Linux (of course).
Industry designations include the RHCE, Linux+, Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University.

Hans Folmer, Colonel RNLDA
Hans Folmer will present the keynote Security is part of the DNA of a Defense organisation

Hans Folmer, Colonel RNLDA

Colonel Hans Folmer was born in 1964 and joined the Royal Military Academy in 1982. In 1986 he was commissioned as Artillery Officer. In October 2011 he was tasked to implement the cyber program in the Netherlands Armed Forces. Currently Col Folmer is CO of the NLD Defence Cyber Command.
Before starting the cyber program Hans Folmer was Chief Joint C4ISR requirements at the MoD, Directorate for Operational Policy, Requirements and Planning. Col Folmer also served as the Chief of the European Union Operations Centre and Watchkeeping Capability in Brussels, CO of the bi-national CIS Battalion of the 1 (GE/NL) Corps and as the Military Assistant of the Commander ISAF RC(South) in Kandahar.
Col Hans Folmer holds a Master in Electrical Engineering from the Delft University of Technology and a Master in Strategic Studies from the US Army War College.

Brenno de Winter
Brenno de Winter will present the keynote The software not the human is the weakest link

Brenno de Winter

Brenno de Winter (1971) is a nerd and investigative journalist. He has shown many failures with information security, privacy protection and governmental projects. In 2011 his ICT-reporting made him Journalist of the Year.