BSides Cleveland
October 18th, 2025 — Ingenuity Cleveland
23 speakers across three concurrent tracks
ajman
Senior Offensive Security Engineer, Red Team — Praetorian, Inc.
Fortune 500 Red Team Initial Access: Why not just ask for it?
Senior Offensive Security Engineer on the Red Team at Praetorian, specializing in Red Team Operations and novel initial access tactics. Research includes internal Windows network attacks, social engineering methodology, and Fortune 500 engagements.
Amarnatha Thumalur
Associate, Software Engineer III
Securing the Business Intelligence Stack: Governance, Compliance, and Threat Detection
BI and Data Analytics expert with 18+ years' experience in business intelligence, data visualization, and enterprise reporting. Skilled in SAP BO, SAC, Tableau, Power BI, and major databases across multiple industries.
Amodh Yadav
Oracle Certified Professional — Rajiv Gandhi Proudyogiki Vishwavidyalaya
Healthcare ERP Integration Attack Surface: Securing Legacy-Cloud Hybrid Architectures
AI-Enhanced Healthcare ERP Security: Defending Against Emerging Attack Vectors
Oracle Certified Professional with 13+ years of Oracle EBS implementation and development experience. Delivered solutions across healthcare, education, oil & gas, and manufacturing industries in the USA, Middle East, and India.
Bhaskar Bharat Sawant
Lead Engineer — Cornerstone Building Brands
Adaptive Defense Systems: Applying Machine Learning to PowerShell Security Automation
Lead Engineer with 15+ years in enterprise architecture, cloud development, and regulatory compliance. IEEE Senior Member and frequent reviewer and speaker at national and international tech conferences.
Bill Sempf
Application Security Architect
Making and Baking an Application Security Department
Trends in AppSec
Software security architect with 20 years of professional experience in security testing, design, and developer training. Has participated in the creation of well over 200 applications across diverse environments.
Brett Hawkins
Distinguished Consultant — Stealth Startup
Becoming the Trainer: Attacking ML Training Infrastructure
Author of SharPersist, SCMKit, ADOKit, MLOKit, and InvisibilityCloak. Speaker at Black Hat, TROOPERS, BlueHat, DerbyCon, Wild West Hackin' Fest, and ShmooCon.
Catherine Ullman
Principal Technology Architect, Security — University at Buffalo
Firewalls and Fire Alarms: What to Do When Your Best Defenses Go Up in Smoke
Persistence Reloaded: RMM Abuse and the Revival of Classic Threats
Author of Wiley's The Active Defender and contributor to O'Reilly's 97 Things Every Information Professional Should Know. Frequent presenter at infosec and hacker conferences.
Chen Shiri
Cyber Security Researcher — Accenture Security
OpenShift and the Chamber of Defaults: Exposing Hidden Security Nightmares
“I Own your Cluster” — Taking over AWS EKS cluster with Chain Attack
Known for research on low-level security and container isolation, revealing significant flaws in widely-used services. Published research on weaknesses in microservices and container-based web apps.
Chris Brown
Offensive Security Professional
Malware Development for Fun and Profit
Cybersecurity professional specializing in offensive security research, Windows internals, and EDR evasion. Passionate about malware development methodology and detection/mitigation strategies.
Costa Petros
Senior Security Consultant — TrustedSec
Let's Clone an RFID Cloner — Personal Build of an RFID Cloner for a First Time Hardware Hacker
Specialist in Social Engineering and Physical Penetration Testing. Worked his way up through IT support and administration into penetration testing; a jack of all trades across security disciplines.
Vexance
Senior Cloud Penetration Tester — Bishop Fox
Chasing SSRF in Downstream Asynchronous Workflows
Senior penetration tester specializing in offensive security testing of cloud, containerization, and application environments. Former Operations Sergeant with the Ohio Army National Guard.
Elizabeth Wadsworth
Sr. AI Innovation Strategist — Velera
AI Governance 101: Herding Cats, Models and Humans
Certified AI Governance Professional (AIGP) helping organizations build trust in intelligent systems through practical governance. Bridges the gap between compliance and creativity across fintech and innovation teams.
Ian Thornton-Trump
CISO — Inversion6
Incident Response Communications: A Marks & Spencer Case Study
CISO at Inversion6 and infosec pundit with deep expertise in incident response communications, threat actor intelligence, and the Scattered Spider threat group.
Joshua Lochner
Security Engineer — (presenting unaffiliated)
A harrowing journey of getting value from agentic workflows
Cybersecurity professional with a foundation in system and network administration. Experienced building resilient security infrastructures across complex retail environments.
Matt Scheurer
VP, Computer Security & Incident Response — ThreatReel Podcast
Lies, Telephony, and Hacking History
Definitely Not Secure (DNS)
VP of Computer Security & Incident Response with extensive DFIR experience. Keynote speaker at the Information Security Summit; official “Hacking is NOT a Crime” Advocate; technical mentor for WomSA.
Michael Roytman
CTO — Empirical Security
Cybersecurity is Ready for Local Models
CTO of Empirical Security; former Chief Data Scientist of Kenna Security and Distinguished Engineer at Cisco. Forbes 30 Under 30 (2017) and Forbes Technology Council member.
Mudassir
Lead Security Software Engineer
Evolving Code, Evolving Threats: Defensive Programming in 2025
Software engineer with 15+ years of experience, including five years in cybersecurity. Focused on defensive programming practices for modern, API-heavy, and AI-assisted development environments.
Rajeev
Researcher — Campbellsville University, USA
Securing the ML Pipeline: How to Build Trustworthy, Scalable AI with MLOps
Researcher focused on embedding security, auditability, and governance into MLOps pipelines to ensure AI systems are scalable, compliant, and secure by design.
Sean Argyle
Graduate Student — Case Western Reserve University
Panopt-Pi-con: You'd never know your IoT is watching you
Former NASA STEM contractor and secondary math teacher now pursuing a Master's in computer science at Case Western with emphasis on full-stack software engineering, IoT, and cybersecurity.
Seger Steele
Lead Security Engineer
Evolution of Cyber Warfare: Combined Arms in the Information Age
Lead Security Engineer with 6+ years across security engineering, operations, incident response, IAM, and vulnerability management. Passionate about cyber warfare and the Defense sector.
Spencer McIntyre
Offensive Security R&D
A Paranoid Guide To Building An SSH CA
Offensive security-oriented R&D professional; avid open-source contributor and Python enthusiast. Previously consulted across healthcare, energy, and manufacturing sectors.
Srikanth
Multi-Cloud Architect & Lead Software Engineer — JP Morgan Chase
Old Dogs, New Tricks: Using AI to Detect Resurgent Financial Fraud Patterns
Renewed Threats in Cloud Infrastructure: Securing IaC Against Classic Attack Patterns
AWS Certified Solutions Architect with 14+ years of experience specializing in cloud migrations, IaC with Terraform, and database automation. MS in Electrical Engineering from SUNY.
Tyler Hudak
Director of Incident Response — Inversion6
Persistence Reloaded: RMM Abuse and the Revival of Classic Threats
Incident Response Communications: A Marks & Spencer Case Study
Seasoned incident response and digital forensics expert with 25+ years of hands-on experience. Has helped many companies recover from ransomware, business email compromises, and APT-level attacks.
Three concurrent tracks — Stage A: Red Team Stage B: AI Track Stage C: Blue Team
| Time | Stage A — Red Team first floor, near reception |
Stage B — AI Track 4th floor, end of hallway |
Stage C — Blue Team 4th floor, office by stairs |
|---|---|---|---|
| 9:00 – 10:00 am |
Matt Scheurer
Lies, Telephony, and Hacking History
|
Brett Hawkins
Becoming the Trainer: Attacking ML Training Infrastructure
|
Catherine Ullman
Firewalls and Fire Alarms: What to Do When Your Best Defenses Go Up in Smoke
|
| 10:00 – 11:00 am |
Chen Shiri
OpenShift and the Chamber of Defaults: Exposing Hidden Security Nightmares
|
Bhaskar Bharat Sawant
Adaptive Defense Systems: Applying Machine Learning to PowerShell Security Automation
|
Bill Sempf
Making and Baking an Application Security Department
|
| 11:00 am – 12:00 pm |
ajman
Fortune 500 Red Team Initial Access: Why not just ask for it?
|
Michael Roytman
Cybersecurity is Ready for Local Models
|
Spencer McIntyre
A Paranoid Guide To Building An SSH CA (11:00–11:30)
Amodh Yadav
Healthcare ERP Integration Attack Surface (11:30–12:00)
|
| 12:00 – 1:00 pm |
Chen Shiri
“I Own your Cluster” — Taking over AWS EKS (12:00–12:30)
Sean Argyle
Panopt-Pi-con: You'd never know your IoT is watching you (12:30–1:00)
|
Srikanth
Old Dogs, New Tricks: Using AI to Detect Resurgent Financial Fraud Patterns
|
Bill Sempf
Trends in AppSec
|
| 1:00 – 2:00 pm |
Chris Brown
Malware Development for Fun and Profit
|
Rajeev
Securing the ML Pipeline: How to Build Trustworthy, Scalable AI with MLOps
|
Tyler Hudak & Catherine Ullman
Persistence Reloaded: RMM Abuse and the Revival of Classic Threats
|
| 2:00 – 3:00 pm |
Seger Steele
Evolution of Cyber Warfare: Combined Arms in the Information Age (2:00–2:30)
Vexance
Chasing SSRF in Downstream Asynchronous Workflows (2:30–3:00)
|
Elizabeth Wadsworth
AI Governance 101: Herding Cats, Models and Humans
|
Ian Thornton-Trump & Tyler Hudak
Incident Response Communications: A Marks & Spencer Case Study
|
| 3:00 – 4:00 pm |
Costa Petros
Let's Clone an RFID Cloner
|
Joshua Lochner
A harrowing journey of getting value from agentic workflows
|
Amarnatha Thumalur
Securing the Business Intelligence Stack (3:00–3:30)
Srikanth
Renewed Threats in Cloud Infrastructure: Securing IaC Against Classic Attack Patterns (3:30–4:00)
|
| 4:00 – 5:00 pm |
Matt Scheurer
Definitely Not Secure (DNS)
|
Amodh Yadav
AI-Enhanced Healthcare ERP Security: Defending Against Emerging Attack Vectors
|
Mudassir
Evolving Code, Evolving Threats: Defensive Programming in 2025
|
Ingenuity Cleveland is a vibrant nonprofit organization dedicated to fostering creativity and innovation in Cleveland, Ohio. Ingenuity supports STEAM (Science, Technology, Engineering, Arts, and Mathematics) education and creative entrepreneurship, making it the perfect home for BSidesCLE.
Thank you to the organizations that made BSidesCLE 2025 possible:
Sponsorship opportunities for BSidesCLE 2026 are now open.
View 2026 Conference 2026 Sponsorship Info sponsors@bsidescle.comContact the BSides Cleveland team for any questions about past or upcoming events.
bsidescleveland@gmail.com