The Elephant in AppSec Conference Day 2

Izar is a Sr Product Security Architect at a large entertainment provider. He held security-related positions at Datadog, SQSP, and many others. Author and presenter,co-author of "Threat Modeling: A Practical Guide for Development Teams" by O'Reilly, member of the Threat Modeling Manifesto Group, and maintainer of the OWASP pytm tool.

Ariel is a Senior Security Engineer at Stripe and a former Product Security Manager at Twilio. She has been instrumental in shaping the Product Security program at Twilio and promoting a heightened sense of security awareness within the Engineering organization. Through her empowering approach to security, Ariel led the charge in democratizing vulnerability management—an initiative that yielded significant risk reduction across the entire company. Her dedicated efforts contribute significantly to fortifying Twilio's security posture, making her a respected voice in the Product Security field.

I am currently an Application Security engineer at IronClad, where I am building a new Application Security Program. Before that, I was also an Application Security Engineer at Amazon for ~ 4 years, and during this period, I reviewed and collaborated on 500+ AWS services/features/tools. You can check my blog at https://medium.com/@mohamed.osama.aboelkheir

Marisa Fagan is Head of Product at Katilyst and has 16 years experience building security champion communities. She's dedicated her career to building security into the SDLC and empowering developers to own secure code. Marisa shares practical insights into what actually works when it comes to motivating developers, measuring program success, and avoiding common pitfalls. With an impressive background as a security culture expert at tech giants like Atlassian, Salesforce, Meta, and Bugcrowd, Marisa has been at the forefront of the security champions movement, helping transform how development and security teams collaborate.

Kennedy Toomey is an Application Security Researcher & Advocate at Datadog. Previously she was an Application Security Engineer where she spent her time working with developers to help fix vulnerabilities and write more secure code.

Max Zhou is a founding partner at PolarStar Cybersecurity Group, where he helps product security leaders in highly regulated industries translate technical execution into measurable business value. PolarStar combines the program management discipline with deep technical expertise to mature product security programs, strengthen control assurance, and frame security outcomes in terms the business can understand and measure. Risk reduction, control effectiveness, and return on investment. Previously, Max served as a Senior Staff Security Engineer at Greenlight, where he built and led the Product Security practice, supporting over seven million active users. His background is rooted in offensive application security, having begun his career as a professional pentester at Visa before advising Fortune 100 enterprises and hyper-growth startups as a security consultant.

Jyoti Raval works as Director, Cyber Security Engineering with Baker Hughes. She is Author of Phishing Simulation and MPT: Pentest in Action and presented at InfosecGirls, Nullcon, Defcon27, Blackhat Asia, HITB Singapore, OWASP NZ, Shecurity, Defcon32, Blackhat London before. She also heads OWASP Pune chapter. An application security enthusiast by heart and avid badminton player by passion.

Nohé is a R&D Engineer @ Escape. As a computer science enthusiast, he loves to craft new technologies, tools & applications for the open-source community. He has also shared his expertise at various security and tech conferences like BSides Berlin, engaging with a broader audience.