Eva is Managing Partner and CEO of Alzette Information Security with more than 8 years of professional experience in security source code review, penetration testing, vulnerability assessment, vulnerability management, digital forensics, IT auditing, telecommunication networks and security research. She has two Master’s degrees; one in Electrical Engineering and another one in Networks and Telecommunication.
She holds the following industry-recognized information security certifications: GIAC Security Essentials Certification (GSEC), Global Industrial Cyber Security Professional (GICSP), GIAC Continuous Monitoring Certification (GMON), GIAC Response and Industrial Defense (GRID), GIAC Secure Software Programmer-Java (GSSP-JAVA), GIAC Web Application Penetration Tester (GWAPT), GIAC Mobile Device Security Analyst (GMOB), Certificate of Cloud Security Knowledge (CCSK), eLearnSecurity Web Application Penetration Tester (eWPT), eLearnSecurity Junior Penetration Tester (eJPT), QualysGuard Certified Specialists (QGCS).
Eva has spoken at international conferences like BruCON (2018), Hack.lu (2018), Hacktivity (2018), Nuit du Hack (2018), Black Alps (2018), BSides London (2019), BSides Stuttgart (2019), BSides Munich (2018, 2019), BSidesBUD (2018, 2019), Pass the SALT (2018, 2019), Security Session (2018) and she is member of the organizer team of the Security BSides Luxembourg conference.
David is Managing Partner and CTO of Alzette Information Security with more than 8 years of professional experience in penetration testing, red teaming, vulnerability assessment, vulnerability management, security monitoring, security architecture design, incident response, digital forensics and software development. He has two Master’s degrees; one in Computer Engineering and another one in Networks and Telecommunication and also has a Bachelor’s degree in Electrical Engineering.
He holds the following industry-recognized information security certifications: GIAC Security Essentials (GSEC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Enterprise Defender (GCED), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Continuous Monitoring Certification (GMON), GIAC Certified Detection Analyst (GCDA), GIAC Network Forensics Analyst (GNFA), GIAC Python Coder (GPYC), GIAC Mobile Device Security Analyst (GMOB), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certificate of Cloud Security Knowledge (CCSK), EC-Council Certified Ethical Hacker (CEH), eLearnSecurity Certified Professional Penetration Tester (eCPPT Gold), eLearnSecurity Mobile Application Penetration Tester (eMAPT), eLearnSecurity Network Defense Professional (eNDP), SecurityTube iOS Security Expert (SISE), Sophos Certified Architect (UTM), Sophos Certified Engineer (UTM, Web Protection), Palo Alto Networks: Accredited Configuration Engineer (ACE), QualysGuard Certified Specialists (QGCS).
David is an instructor at SANS Institute, teaching FOR572: Advanced Network Forensics. He has presented at conferences like BruCON (2017, 2018), Hack.lu (2013, 2016, 2017, 2018), Hacktivity (2008, 2016, 2018), x33fcon (2018, 2019), Nuit du Hack (2017, 2018), Black Alps (2018), BSides London (2019), BSides Stuttgart (2019), BSides Munich (2018, 2019), BSidesLjubljana (2017), BSidesBUD (2018, 2019), Pass the SALT (2018, 2019), Security Session (2018), SANS @Night Talks (2017, 2018), and he is member of the organizer team of the Security BSides Luxembourg conference.
Deployment, fine-tuning and management of open source and commercial Network or Host-based Intrusion Detection/Prevention System (NIDS/NIPS or HIDS/HIPS), Network Security Monitoring (NSM) and Security Information and Event Management (SIEM) solutions. Threat hunting exercises to proactively identify signs of compromise.
Digital Forensic (DF) and Incident response (IR) activities, analysis of artifacts, disks, memory images and mobile devices using methodologies, procedures, techniques and industry-accepted hardware and software solutions that preserve the chain of custody and admissible in a court of law.
Dynamic and static analysis of malicious software and cross-checking results with threat intelligence sources like CIRCL's Malware Information Sharing Platform (MISP).
Architecture design, review and audit for defensible networks, cloud solutions, endpoints and applications using tried and tested security models, methods, components and concepts.
Training for professionals; network security, endpoint security, network security monitoring, log analysis and monitoring, penetration testing, secure coding. User awareness programs for employees, professionals, developers, and executives.
Security source code review services for languages including but not limited to Java, JSP, ColdFusion, PHP, .NET, C/C++, Python. Design and implementation of Secure Development Life Cycle and Secure DevOps.
Vulnerability assessment services using automated scanners configured for the target environment, where results are manually evaluated by experts to remove false-positives. Continuous assessment and remediation of vulnerabilities through our vulnerability management services.
External and internal network penetration testing, wireless penetration testing based on the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM) methodologies. Red team engagements that include social engineering, physical penetration and advanced techniques like USB HID attacks.
Web, mobile and thick/binary application penetration testing based on methodologies such as the Open Web Application Security Project (OWASP) Testing Guide.