CFP Directory

I am a security-focused systems and cloud engineer with hands-on experience across infrastructure monitoring, security operations, DevSecOps automation, cloud security, and offensive security testing.I began my career in 24×7 infrastructure and application monitoring, ensuring high availability and reliability using tools like Zabbix and Grafana, where I handled alert triage, incident escalation, operational dashboards, and root cause analysis. This foundation gave me strong operational discipline, SLA awareness, and real-world incident handling experience.Currently, I work as an Associate System Administrator with a strong security engineering focus, where I operate at the intersection of SecOps, DevSecOps, and cloud security. My work includes web and API penetration testing, identifying authentication, authorization, business logic, and access control vulnerabilities through manual testing using Burp Suite, Postman, and cURL, supported by source code review aligned with OWASP Top 10.I actively implement shift-left security by integrating SAST, SCA, container, and Kubernetes security controls into CI/CD pipelines, using tools such as SonarQube, OWASP Dependency Checkmarx, Kubebench, Trivy, and Kubescape, ensuring vulnerabilities are detected early and remediated before reaching production.On the cloud security side, I secure and monitor Microsoft Azure environments, focusing on identity security, network hardening, storage security, WAF tuning, and Kubernetes (AKS) security. My responsibilities include Azure Entra ID Conditional Access and MFA enforcement, Key Vault access reviews, NSG and firewall baseline analysis, Azure Front Door WAF tuning, TLS enforcement, logging coverage improvement, and Defender for Containers runtime monitoring.I also support Kubernetes security and operations, reviewing cluster configurations, pod security contexts, container images, and runtime logs across both AKS and on-prem Kubernetes environments, ensuring secure configurations, version compliance, and visibility for incident investigation.My work aligns closely with NIST SP 800-53 Rev.5 controls and Zero Trust principles, focusing on least privilege, continuous verification, and secure-by-design cloud architectures.I am particularly interested in roles that involve SecOps, DevSecOps, Cloud Security Engineering, and Blue Team security, where I can combine offensive security thinking, automation, and defensive monitoring to reduce real-world risk and strengthen security posture.Speaker at InfraSec Village, Cybersurksha & Gujarat University. 4X Acknowledged by Apple - 2025Acknowledged by Apple - 2026Acknowledged by Redbull, Microsoft, Tesla, Substack, etc.

Hey, I’m Bhavesh Pardhi, a cybersecurity practitioner and bug hunter focused on real-world web application security.My work primarily revolves around reconnaissance, vulnerability discovery, and building practical workflows that improve efficiency in bug hunting. I focus on identifying real attack surfaces and optimizing recon processes to reduce noise and increase meaningful findings.I am the founder of CyberXsociety, a growing platform where I share cybersecurity knowledge through blogs, digital products, and a community-driven forum focused on real-world learning and methodologies.Alongside this, I am building a local tech community, Jalgaon Hackers Meetup, to connect and grow serious learners in cybersecurity, development, and related fields through discussions, meetups, and collaborative learning.My approach is strongly practical and system-driven. Instead of focusing only on tools, I focus on building structured methodologies that can be applied across different targets and environments.I am actively working on bug bounty programs, contributing to the cybersecurity community, and continuously exploring ways to improve recon workflows and vulnerability discovery processes.

Armaan Pathan is a Senior Security Engineer at KATIM with deep expertise in application security, penetration testing, and bug bounty hunting. Over the past 10+ years, he has uncovered and responsibly disclosed critical vulnerabilities at leading tech organizations including Google, Facebook, Apple.Holding a Master’s degree in Information Technology and certifications such as OSCP, Armaan has excelled in both offensive security operations and mentoring engineering teams to adopt secure-by-design practices. His research spans areas like browser security, OAuth misconfigurations, and novel attack vectors that challenge industry assumptions.Beyond client work, Armaan actively contributes to the security community—publishing technical blogs, presenting at conferences, and raising awareness of emerging threats and practical defenses.

Farhad Sajid Barbhuiya is a passionate security professional with over 5 years of hands-on experience in offensive security, delivering more than 2000 hours of training across educational institutions, corporations, and government organizations. His trainings cover Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review, and more, empowering diverse audiences with practical, real-world skills.Currently a Staff Information Security Engineer on the Offensive Security team at Zscaler, Farhad works on offensive security assessments spanning across Mobile Application Security (Android & iOS), Reverse Engineering, Web Application Security, Agentic AI and LLMs and Hardware Security. His work focuses on uncovering vulnerabilities in high-stakes environments, from custom exploit chains to evasion techniques in containerized and cloud systems.A sought-after speaker, Farhad has presented at premier cybersecurity conferences including NullCon Goa (Advanced Web Apps Pentesting training), Bsides Delhi (Reverse Engineering for Exploit Development), Null Delhi (Reverse Engineering for Developers), Bsides Mumbai (DYLD Library Injection on macOS), Defcon Delhi (IoT Village), Bsides Vizag (TACTOU Attacks in AI Agents), and Bsides Mussorie (Magazine Exhaustion on iOS Heap Allocators). His sessions blend deep technical dives with live demos, making complex topics accessible and actionable.Farhad thrives at the intersection of vulnerability research, exploit development, and secure architecture, contributing to the infosec community through research, tools, and knowledge-sharing.