The Honeynet Project Annual Workshop 2025Prague, Czech Republic — June 2nd, 3rd, and 4th, 2025
The Honeynet Project Annual Workshop 2025We're going to be announcing the speakers soon!
Sharad Agarwal is a final-year PhD candidate at University College London (UCL), where he specializes in combating online financial fraud. He studies cybercrime longitudinally using a data-driven approach. His research has been published at top academic venues like USENIX Security and Financial Cryptography, and has been cited in major news outlets. Beyond academia, he works as a Product Analyst at Stop Scams UK, helping translate research into real-world impact.
Murtuza Ali is a Ph.D. candidate in the Cybersecurity research group at TU Delft. His research is focused mainly on network security, internet measurements and cyber threat intelligence. He also works part time as a security researcher at Hunt and Hackett on their Breach and Attack Simulation platform.
Václav Bartoš is a network security researcher and a leader of a small team at CESNET, the operator of the Czech academic network. He has more than 10 years of experience in network monitoring and cybersecurity. Currently, his work focuses on collection and sharing of cyber threat intelligence, honeypots, and network traffic analysis for threat detection and device classification. He has participated in several national and European cybersecurity projects, is an author of several journal publications and the main author of the open threat intelligence platform NERD (https://nerd.cesnet.cz/).
Rajaram B, Director, Solution Architect Group at Acalvio Technologies Inc has over 20 years of experience in cybersecurity, building and deploying innovative products and solutions. In his current role, Rajaram works on defining, building and deploying innovative applications using cyber deception concepts to solve real world challenges facing the enterprise like Insider Threat, Data Exfiltration and Identity Attacks.
David is a Staff Security Strategist on Splunk’s SURGe research team. He is also a SANS Certified Instructor, where he teaches network forensics. David has over 25 years of experience in the information security field, primarily in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI). He is the creator of the Pyramid of Pain and lead author of the PEAK threat hunting framework. Really, he just wants to make security better for everyone, and he has a special interest in helping people get started in their cybersecurity careers. You can follow David on Bluesky as @DavidJBianco.bsky.social or on Mastodon as DavidJBianco@infosec.exchange.
Dr. Gregory Carpenter, coauthor of Reverse Deception: Organized Cyber Threat Counter-Exploitation and Principal Partner at CW PENSEC. He is a Fellow of the Royal Society for the Arts (RSA), a researcher with the Special Operations Medical Association, served on the International Board of Advisors for the Mackenzie Institute, and advised EC-Council University. A retired U.S. Army officer with 27 years of service and was named the NSA operations officer of the year. He has held senior roles across military and civilian sectors, including Chief of Security Testing and Chief of Special Space Operations. He holds a Doctorate in Public Health, and multiple certifications, including CISM and Lean Six Sigma Black Belt
Anastasiia Dorosh is a Cybersecurity Implementation Lead at Labyrinth. In her role, she specializes in the deployment and integration of the Labyrinth Deception Platform across primary, essential, and derivative systems, ensuring robust and adaptive cybersecurity solutions.
She holds a Master’s degree in Cybersecurity and information security from Kyiv Polytechnic Institute (Ukraine) and enhanced her technical expertise through an academic exchange program at the Universidad de Burgos (Spain), focusing on computer software engineering. She is certified by Google Cloud, Cisco, and MikroTik, and she is committed to continuously advancing her technical knowledge and aligning her skills with the latest industry standards.
Prior to joining Labyrinth, she gained practical experience working as a NOC and DevOps Engineer at various technology companies, where she developed a strong foundation in network operations, system administration, and automation practices.
Beyond her professional interests, she enjoy painting with oil pastels and taking photos of cats. She is fluent in Ukrainian, English, and actively study Spanish, and she welcomes opportunities to collaborate, share insights, and discuss cybersecurity topics.
Karina is a PhD student at DTU Denmark. She is a researcher at DTU Compute in the Cybersecurity Engineering section. Her research is in the area of defensive cyber deception and critical infrastructure.
Elias Flötzinger works as a Software Engineer at Deutsche Telekom Security GmbH. He has been involved in developing applications for threat and fraud intelligence since 2019. In 2024, he began focusing on the DT Honeypot Initiative. Before taking on his current role, he was a dual student, balancing professional work with academic study. He is currently pursuing his Master’s degree with a focus on IT security.
Sebastian Garcia is a malware researcher and security teacher with experience in applied machine learning on network traffic. He founded the Stratosphere Lab, aiming to do impactful security research to help others using machine learning. As Assistant Professor and researcher, he believes that free software and machine learning tools can help better protect users from abuse of our digital rights. He researches on machine learning for security, honeypots, malware traffic detection, social networks security detection, distributed scanning (dnmap), keystroke dynamics, fake news, Bluetooth analysis, privacy protection, intruder detection, and microphone detection with SDR (Salamandra). He taught in several Universities and worked on penetration testing for both corporations and governments. He talked in conferences such as BlackHat, Defcon Villages, Ekoparty, DeepSec, Hackitivy, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCon, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, AAMAS, etc. He co-founded the MatesLab hackspace in Argentina and co-founded the Independent Fund for Women in Tech.
@eldracote
Hugo Gonzalez graduated from University of New Brunswick in 2017, alumni of Canadian Institute for Cybersecurity. His PhD work was about authorship attribution on Android malware. Currently, he is a faculty member of the Polytechnics University of San Luis Potosi, he is also collaborating with law enforcement through the cyber crime unit at the University. He is member of different professional organizations such as ACM, IEEE and The Honeynet Project. He is a frequent speaker and trainer in several local and international events related with Information Security.
Brian Hay is a member of the Honeynet Project and a researcher at Security Works. He has an interest in virtualization, machine learning, and systems programming. He is a frequent speaker at conferences, and an instructor on a variety of topics in commercial and academic venues.
Vlad is the co-founder of ELLIO, a research lab turning mass exploitation and network reconnaissance data into actionable threat intelligence and real-world defense techniques. A lifelong cybersecurity enthusiast, he’s especially passionate about network security, IoT, and cyber deception. He also serves as President of the Anti-Malware Testing Standards Organization (AMTSO), which helps shape standards for testing security solutions. Before starting ELLIO, Vlad founded and led the Avast IoT Lab (now part of Gen Digital), where he worked on security tools and explored new IoT threats. He has spoken at many community events like BSides and HackTheBay, as well as large conferences like Web Summit and SXSW where he showed how smart homes and connected devices can be vulnerable, even to non-cybersec audiences.
Mario works as a Senior Research Scientist at Dynatrace Research. He is currently developing open-source solutions that catch hackers by injecting honeytokens directly into software applications at runtime, without modifying source code or recompiling applications. His daily toolkit includes Kubernetes, eBPF, Linux, and container runtimes. Mario joined Dynatrace in 2020 and is currently pursuing his PhD on cyber deception, balancing industry needs and academic research.
Georgy Kucherin is a researcher at Kaspersky’s Global Research and Analysis Team and a student at Moscow State University. He is passionate about analysis of complex malware and reverse engineering. His previous research includes attribution of the SolarWinds attack, as well as thorough investigations into APTs such as Operation Triangulation, Turla, FinFisher, APT41 and Lazarus.
Kara Nance, PhD, is CEO at SecurityWorks LLC where she is responsible for meeting specialized technology needs of cybersecurity clients. She is co-author of The Ghidra Book: The Definitive Guide and regularly conducts training on the evolution of the reverse-engineering tool since its release as an open-source product by the NSA at RSA 2019. A computer science professor before transitioning to government and industry, she served as a Senior-Executive Advisory Board member for the Office of the Director of National Intelligence and as a Board Member of the Honeynet Project for many years. She is a frequent speaker and author on cybersecurity and enjoys building Ghidra extensions in her spare time.
Ondrej Nekovar is experienced CISO and Chief Deception Officer. His specialty is creating and planning adversary engagement scenarios and their deployment through influence operations. He is a frequent speaker and trainer at conferences such as BlackHat, RSA, hack.lu and others. He is the co-founder of the DEF CON Group for the Czech Republic (DCG420.org). He is also the founder of RainbowHat.org, an initiative to promote openness and equality in the cybersecurity community. It supports the creation of safe harbors for all people in cyber, their views and being, and the lives they want to live.
Marco Ochse is working as a Senior Security Expert for Deutsche Telekom Security GmbH in the Cyber Defense Technologies & Analytics team.
Marco started working on the DT honeypot initiative shortly after joining the DT Group Security back in 2011. Before signing on for Deutsche Telekom Marco was working as a security consultant specializing in internal and perimeter security with customers mainly from within the finance and insurance sector.
Cybersecurity professional with a background in electronic engineering and several industry-recognized certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. 4 published books and +15 peer-reviewed research papers. Has worked in the public and private sectors, including regional roles in global companies.
Tim Pappa is an Incident Response Engineer - Cyber Deception Strategy, Content Development, and Marketing, at Walmart Global Tech. Previously, he was a Supervisory Special Agent and profiler with the Federal Bureau of Investigation’s (FBI) Behavioral Analysis Unit (BAU), where he specialized in cyber deception and online influence. Tim helped develop BAU’s Deception and Influence Group (DIG), where he pioneered the creation and application of behavioral content against online threat actors. Tim has held several roles in joint intelligence environments, including at the Defense Intelligence Agency (DIA) and Central Intelligence Agency (CIA). Tim is also a Senior Behavioral Consultant at Analyst1. Tim has spoken at several academic and industry conferences, including CYBERWARCON, NDSS, IEEE Euro S&P, and Black Hat Asia. Tim will be publishing (Singapore: World Scientific) a book in August 2025 as part of a series on terrorism and insurgency narratives, “Influencing the Influencers: Applying Whaley’s Deception and Communication Frameworks to Terrorism and Insurgent Narratives”.
Jan Pohl is currently a threat hunter and practical CISO advisor. He is a frequent speaker at conferences such as BlackHat, RSA, hack.lu and others. His specialty is APT attacker techniques, procedures, and tactics in the context of an adversary engagement elements deployment. He is the co-founder of the DEF CON Group for the Czech Republic (DCG420.org)
Daniele Rosetti works in Certego, an Italian MDR and TI provider. He is the Administrator and Frontend Maintainer of the IntelOwl platform
Muris is a PhD student at FEL CTU. He is a researcher at the Stratosphere Laboratory. His research is focused mostly on cyber deception and defense, and the impact of generative AI on cybersecurity. He is the author of shelLM, an LLM-based, high-interaction honeypot, and VelLMes, an AI-based deception framework. He has experience presenting at various conferences and workshops, including ESORICS, AD&D, BlackHat, etc. He is a teaching assistant in the Introduction to Security course at FEL CTU.
Pavel Valach is a member of CESNET-CERTS, the cybersecurity team of the operator of the Czech academic network. With the background in development and systems administration, he is currently developing the Hugo project for easier deployment of honeypots.
Marie Vasek is a lecturer in the computer science department at University College London. Her research is broadly in cybercrime measurement. She applies both quantitative and qualitative tools from the social sciences to explain relevant data and interpret the incentives and strategies of malicious actors and stakeholders. Her work regularly features in top venues in her field such as Usenix Security, IEEE Security & Privacy, and Financial Cryptography & Data Security as well as being highlighted in the press by the New York Times, Financial Times, and the Washington Post, among others.
Emmanouil Vasilomanolakis is an associate professor in cyber-security at the Technical University of Denmark (DTU), part of DTU Compute and the Cyber Security Engineering section. He is also a member of the board of directors of the Honeynet Project. Emmanouil is the principal investigator in various large projects (e.g., Loki and Apate; both in the field of cyber-deception). His research interests include cyber-deception, (collaborative) threat detection, botnet monitoring and darkweb analytics.
Anthony has been hunting and responding to malware and adversaries in large internet companies for more than 10 years. During his free time, he has been studying Internet background traffic and contributing to open source security projects including Zeek, Suricata and Tenzir.