I'm a detection engineer based in Glasgow and a former Principal Security Engineer at Oracle. I've spent the last seven years working across banking, enterprise, and startup security teams, and currently lead detection at Alpha Level, an ML threat detection startup, alongside independent consulting work. I'm mostly drawn to the parts of security operations that don't have tidy answers yet.
- No Signature, No Problem: Detecting the Coming 0-Day Flood
Andy Gill is an adversarial architect and offensive security practitioner with a focus on adversary emulation, tradecraft realism, and intelligence-led operations. His work centres on replicating real-world attacker behaviour using native tooling, proxy disapline, and low-footprint techniques rather than traditional payload-heavy approaches.
- Automating Chaos at Scale
I am a cybersecurity researcher, threat analyst, and bug bounty hunter based in Warwick, UK, currently pursuing an MSc in Cybersecurity. I have also worked as a Research Assistant with WMG, contributing to cybersecurity-focused research.
I have reported multiple security vulnerabilities across leading global platforms and have been recognized in the Hall of Fame by organizations including BBC, Microsoft, Apple, HubSpot, and the University of San Diego.
I discovered CVE-2023-37728, an XSS vulnerability in IceWarp Server impacting over 100,000 users globally. I I was recognized by Apple, Microsoft, and Red Bull as an Elite, world-class bug hunter.
I am passionate about securing digital ecosystems and continuously work on identifying and responsibly disclosing security vulnerabilities.
- From Data to Defense: Real-World Cyber Threat Intelligence & Threat Hunting
SecOps Analyts Baillie Gifford
- Meet the Fixers: How One Social Engineering Technique Spawned a Family and How to Catch It
I am a Cyber Threat Intelligence Analyst working for CrowdStrike. I studied Cyber Security and Forensics at Edinburgh Napier University and graduated in September 2024. I had an internship in my third year with CrowdStrike, who offered me a full-time position post-graduation while I was at university, and I have been working there ever since.
- The eCrime Ecosystem: How Cybercriminals Operate and How We Track Them
Former ENUSEC president, tinkerer (breaker) of many devices, that one idiot with the LED jacket collar.
I got a First Class Honours BEng in Computing from Napier and I'm using it to make computers do janky and relatively insecure things.
- The Dark Sorcery of Video Encoding
Gemma Barrow is a Lead Detection & Response Engineer at Lloyds Banking Group, having joined the organisation 15 years ago via the Group’s graduate programme. She is a Mathematics with French graduate from the University of St Andrews and has spent the past eight years in security roles, now leading a detection and response engineering team.
- KEYNOTE - History’s Blueprint for Cyber Resilience
Imogen is a second year studying Interdisciplinary Futures at the University of Edinburgh. She is interested in cyber policy and using a humanities perspective to improve cybersecurity. Recently Imogen competed in the of the Cyber Leaders Challenge. Within her team she focused on geopolitical and human factors and made it to the semifinal of the competition.
- Not Just Tech: The People and Politics of Cyber
Personal bio
Currently a cyber operations manager at Lloyds banking group, former CISO and Global DPO, James is a recognised expert in his field, having worked in AI, simulation, energy and financial services for several blue-chip companies. He has managed and mitigated cyber security incidents since 2007 and has set up and led incident response and threat intelligence teams. He has in depth knowledge of Geopolitics actively participating in professional groups. An active contributor to the MITRE Center for Threat Informed Defense, he is president of ISC2 Scotland and has won several prizes and accolades for his contributions to the cyber security field – helping other professional succeed in their careers, by mentoring.
- How does AI, Geopolitics impact on the cyber landscape ? What can you do to “hack” your brain for a resilient career !
Later
- Dumb shit in history 3.0
Kerry Archibald is a security consultant with over 12 years of experience in the ATM industry, where her career has been consistently focused on security products and solutions. She began in ATM software support, building strong operational expertise before transitioning into security engineering, a role she has held for the past five years. Kerry now works primarily as a consultant, helping organisations secure their ATM estates, advising on protective controls, and investigating fraud incidents to address real‑world threats. Alongside her technical career, she has spent five years as a board member of a women’s career development group, supporting mentoring, coaching, and initiatives that provide colleagues with meaningful career development opportunities.
- Securing ATMs: 101
Edinburgh Napier Graduate 2023 with interest in medical device security. Still learning everyday.
- Burning the candle at all ends - a burnout talk
Luiz leads the Offensive Security practice at Bridewell and has 2 decades of experience as a penetration tester, red team manager and leader.
He is a Chartered Cyber Security Professional (ChCSP), holds an MSc in Information Security from Royal Holloway along with various industry certifications.
Luiz has a particular interest in user-driven attacks, and leveraging social engineering to bypass technical controls.
- You’ve Been Ph0ned: How Attackers Compromise Organisations Via Telephone Social Engineering
- Hiding in Plain Sight - OSINT CTF (workshop)
Mike Varley is a DFIR analyst who professionally investigates cyber incidents and unprofessionally enjoys recreating them for educational purposes. With experience across SOC and incident response, he’s spent years tracking how attackers turn a single phish into a very bad day.
He specialises in translating chaos into something defenders can actually use - with minimal jargon and maximum “oh no.”
- Hot Singles In Your Area Want Your Session Tokens
Rory has worked in the cyber security arena for the last 26 years in a variety of roles. These days he spends his work time on container and cloud native security as a senior security researcher and advocate for Datadog. He is an active member of the container security community having delivered presentations at a variety of conferences including RSA and OWASP Appsec EU. He has also presented at major security and containerization conferences and is an author of the CIS Benchmarks for Docker and Kubernetes and member of Kubernetes SIG-Security.
- Ghosts in the Cluster - Hiding in Kubernetes for Years
My name is Samantha Varley and I graduated with a first class honours in Cybersecurity and Digital Forensics at Edinburgh Napier in 2022. During that time was COVID so I did most of my degree from home, while also driving buses in West Lothian part time. I now work as a CSIRT Analyst at Orange Cyberdefense where I have been since I graduated. In my almost 4 years at OCD I have been exposed to a wide variety of attackers and silliness. I love cats, I have two rescues who regularly interrupt my work calls! I love to play games and build Lego in my spare time, as well as the occasional spin on my mountain bike (MTB).
- The Nightmare before Christmas
Security Researcher and Bug Bounty Hunter with 6 years of experience hunting vulnerabilities across web applications.
- HackerOne Top 16 with around 1,000 reported vulnerabilities
- 2nd place finisher at the HackerOne Ambassador World Cup
- Invited participant at the HackerOne live hacking event H1-702 2022, H1-702 2023, H1-4420 2023
My approach is simple do manual testing — go deeper than everyone else, read what others skip, and test what others assume is safe.
You can connect with me on X: @_xploiterr
- Testing What the Scanner Missed: A Bug Bounty Perspective
This year's ENUSEC committee;
Connor - President
Scott - Vice President
Lewis - Secretary
Xander - Treasurer
Eden - Media Officer
- OPENING REMARKS
- CLOSING REMARKS
- Welcome