Find Expert Speakers

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

Aden is a Lead Penetration Tester at BAE Systems DI based in Malaysia, with over 10 years of experience in offensive security. He has successfully led red teaming and advanced penetration testing engagements across multiple industries worldwide, uncovering critical vulnerabilities in both applications and infrastructure. Beyond client work, he actively contributes to bug bounty and vulnerability disclosure programs. His research has led to the discovery of multiple internet-exposed vulnerabilities, earning him 18 CVE IDs to date. He has previously shared his work at ROOTCON, BSides, Nanosec, and RedTeam Hacker Academy conferences.

Aditya Shankar is a cybersecurity professional with over 10 years of experience in infrastructure, cloud, and enterprise security. He currently works as a Senior Security Architect & Administrator, focusing on Azure security, infrastructure hardening, threat detection, and security automation across large-scale enterprise environments.His work spans security architecture, log analysis, identity hardening, and defensive engineering, with a growing focus on practical applications of AI in cybersecurity workflows. He actively experiments with AI-assisted reconnaissance, automation pipelines, and modern offensive-security tooling to explore how emerging technologies are reshaping both attack and defense strategies.Aditya holds the CISSP certification along with multiple Microsoft security certifications and is passionate about making complex security concepts practical, accessible, and operationally relevant for the community.

Founder at Armur AI - offensive security tool development - backed by Techstars and Outlier VenturesAuthor of the book - Rust from blockchain application developmentTechnical Youtuber - https://www.youtube.com/@AkhilSharmaTechSecurity researcher - published multiple papers on agentic memory poisoning and supply chain attacksInstructor - multiple cybersecurity courses on Linkedin learning platformSpeaker - at hundreds of tech events including Bsides San Francisco and Bsides Kerala

Alessandro Pisani is a software and security engineer at Meta, focusing on large-scale infrastructure defense and threat detection systems. With a strong background in software engineering and advanced malware research, he specializes in building resilient systems that bridge deep security telemetry with modern, high-throughput production environments. He holds an M.Sc. in Computer Engineering from Politecnico di Torino.

🎤 Public Speaking & Knowledge Sharing1️⃣ 🇮🇳 Nullcon Goa 2026 — “Why Did the Model Think That? Demystifying the Black Box with Explainable AI (XAI)” 🔗 Link: https://nullcon.net/talk/why-did-the-model-think-that-demystifying-the-black-box-with-explainable-ai-xai/2️⃣ 🇮🇳 OWASP AppSec Days Bangalore 2025 — “Unveiling the Risks of MCP Servers: An In-Depth Exploration” 🔗 Link: https://owaspappsecdaysbangaloreoct.sched.com/event/28Z5G/unveiling-the-risks-of-mcp-servers-an-in-depth-exploration3️⃣ 🇸🇬 OWASP AppSec Days Singapore 2024 — “The Dark Side of AI: Exploring Adversarial Threats” 🔗 Link: https://owaspappsecdayssingapore202.sched.com/event/1ir3T/the-dark-side-of-ai-exploring-adversarial-threats4️⃣ 🇮🇪 Security BSides Dublin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://www.bsidesdub.ie/speakers.php5️⃣ 🇩🇪 Nullcon Berlin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://nullcon.net/berlin-2024/speaker-into-the-abyss-adversarial-tactics-in-ai-security6️⃣ 🇮🇳 Seasides Infosec Conference 2023 — “Primer into SAP Penetration Testing & OWASP SAPKiln” 🔗 Link: https://www.bugbountyvillage.com/speakers7️⃣ 🇮🇳 c0c0n 15th Edition (2022) — “Hyperledger Fabric & Ethereum Apps: Security Deep Dive” 🔗 Link: https://india.c0c0n.org/2022/agenda8️⃣ 🇹🇳 OWASP Tunisia Chapter (2020) — “Blockchain Security” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=fRQrJttI5vI9️⃣ 🇮🇳 OWASP Kerala Chapter (2020) — “Pen Testing Blockchain Solutions (Ethereum Nodes & Smart Contracts)” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=ahZ_V6qdBjQ

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

I often deliver technical security content to professional and executive level audiences. For example, as a SOC Analyst at IDDA, I directly presented our SOAR (Security Orchestration, Automation and Response) platform to Ministry of Security representatives. I gave a technical walkthrough of the platform architecture, incident automation workflows, threat correlation mechanisms, and presented real world use cases. Subsequent to the presentation, the product received considerable interest from multiple stakeholders and potential investors.I've also attended vendor meetings with Palo Alto and Forcepoint DLP, presenting technical assessments and making workflow recommendations to help optimize the deployment of security products and their integration into the corporate environment.Besides this type of enterprise-level presentation, I've also been the guy on the team to go to an international hackathon. I presented AI security and automation concepts at an innovation event in Georgia. I gave a presentation to a technical evaluation panel, detailing the design of the system, the model for threat detection, and the architecture of the data pipeline.I also took part in the Google AI Hackathon in Kazakhstan, where I presented a detailed technical pitch including model architecture, implementation strategy, and deployment aspects to judges and business representatives.These occasions implied explaining intricate technical details in a digestible form, addressing immediate technical inquiries, justifying architecture choices, and discussing security compromises. I feel at ease presenting deeply technical information to both engineering communities and business leaders.

Aniket is a seasoned cybersecurity and AI risk management professional who brings over 14 years of practical experience. He has spent his career working with major global companies, focusing on how to manage security risks, consult on risk matters, and audit technology systems. Aniket currently heads the Uber India cybersecurity and AI risk auditing team that is responsible for reviewing the cyber and AI risks . Prior to Uber he has worked in the Banking (Wells Fargo and Deutsche Bank) and Consulting (KPMG and Infosys) industries.He has an MBA in Information Systems Security from Symbiosis Center for Information Technology, and a Bachelor's in Engineering in Information Technology. Aniket is also highly certified, holding credentials such as CISSP, CISA, Cloud Computing Zero Trust (CCZT), Cloud Computing Security Knowledge (CCSK), ISO 27001 LA-2013

Over the years, I’ve had the opportunity to speak at cybersecurity conferences, technology summits, university campuses, and industry communities where I focus on making security practical, relatable, and engaging through real-world stories, demonstrations, and attacker-driven thinking.I’ve delivered talks at events including ATAGTR 2024, ATAGTR 2025, AITestFest 2025, AITestFest 2026, Identity Shield, SAP Security Expert Summit, TechX, along with guest sessions and cybersecurity awareness talks across multiple university campuses.My sessions typically revolve around AI-driven threats, OSINT, phishing, social engineering, dark web exposure, privacy, cyber risk, and the growing intersection between offensive security and governance. I enjoy blending live demonstrations, attacker psychology, and practical security lessons to help audiences understand not just how attacks happen — but why organisations continue to underestimate them.Beyond conferences, I actively mentor aspiring professionals, contribute to security awareness initiatives, and enjoy simplifying complex security concepts for both technical and non-technical audiences.

Anubhab Sahu is a Senior Research Engineer at Keysight Technologies, working with the Application and Threat Intelligence (ATI) team. With an M.Tech in Cyber Security, he specializes in vulnerability research, AI/LLM security, reverse engineering, security analysis, and automation. He actively writes technical blogs on security topics including AI security and traffic analysis, and holds an approved US patent in the field. His work bridges the gap between offensive security research and real-world threat simulation, contributing to advanced cybersecurity network testing solutions. He has prior experience delivering technical talks at leading security conferences, including ROOTCON '19 - one of Southeast Asia's largest cybersecurity conferences. When he's not tinkering with tech, he enjoys sharing his expertise through technical writing, conference talks, and community meetups.

Armaan Pathan is a Senior Security Engineer at KATIM with deep expertise in application security, penetration testing, and bug bounty hunting. Over the past 10+ years, he has uncovered and responsibly disclosed critical vulnerabilities at leading tech organizations including Google, Facebook, Apple.Holding a Master’s degree in Information Technology and certifications such as OSCP, Armaan has excelled in both offensive security operations and mentoring engineering teams to adopt secure-by-design practices. His research spans areas like browser security, OAuth misconfigurations, and novel attack vectors that challenge industry assumptions.Beyond client work, Armaan actively contributes to the security community—publishing technical blogs, presenting at conferences, and raising awareness of emerging threats and practical defenses.

Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering vulnerabilities in complex environments — from AWS misconfigurations to API flaws — he has worked with startups, enterprises, and government agencies to strengthen their security posture. Bhaumik is passionate about sharing real-world lessons from the field, mentoring the next generation of security professionals, and occasionally sneaking in a pop-culture reference or two to make security just a little more fun.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password. He is the founder of the security site Liquidmatrix Security Digest & podcast. Dave also hosts the Chasing Entropy Podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference. Dave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory boards for the Black Hat Sector Security Conference in Canada, and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.

Drijesh Patel is an Engineering Manager and AI security practitioner with extensive experience building and securing large-scale cloud and AI-driven systems. His work sits at the intersection of Generative AI, cybersecurity, and modern software engineering, where he focuses on identifying and mitigating real-world risks introduced by LLMs, AI agents, and automated development workflows.Over the years, he has led engineering teams delivering high-impact platforms across enterprise environments, with a strong emphasis on secure architecture, DevSecOps, and AI adoption. His recent work explores adversarial techniques against LLM-powered applications, including prompt injection, data exfiltration, and supply chain risks in AI-assisted development.Drijesh is also an active speaker and community leader, regularly conducting workshops and talks for developers and security professionals on AI, secure system design, and emerging threat landscapes. He has been recognized by Google Developer Communities for his contributions and continues to drive conversations around building secure, human-centric AI systems.

Farhad Sajid Barbhuiya is a passionate security professional with over 5 years of hands-on experience in offensive security, delivering more than 2000 hours of training across educational institutions, corporations, and government organizations. His trainings cover Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review, and more, empowering diverse audiences with practical, real-world skills.Currently a Staff Information Security Engineer on the Offensive Security team at Zscaler, Farhad works on offensive security assessments spanning across Mobile Application Security (Android & iOS), Reverse Engineering, Web Application Security, Agentic AI and LLMs and Hardware Security. His work focuses on uncovering vulnerabilities in high-stakes environments, from custom exploit chains to evasion techniques in containerized and cloud systems.A sought-after speaker, Farhad has presented at premier cybersecurity conferences including NullCon Goa (Advanced Web Apps Pentesting training), Bsides Delhi (Reverse Engineering for Exploit Development), Null Delhi (Reverse Engineering for Developers), Bsides Mumbai (DYLD Library Injection on macOS), Defcon Delhi (IoT Village), Bsides Vizag (TACTOU Attacks in AI Agents), and Bsides Mussorie (Magazine Exhaustion on iOS Heap Allocators). His sessions blend deep technical dives with live demos, making complex topics accessible and actionable.Farhad thrives at the intersection of vulnerability research, exploit development, and secure architecture, contributing to the infosec community through research, tools, and knowledge-sharing.

I spoke at OWASP Global AppSec USA 2025 in Washington D.C. (November 2025), presenting "Security Exception Management: Balancing Risk with Reality at Enterprise Scale". The talk was part of the Defender track, pitched at an intermediate audience, and covered enterprise-scale vulnerability exception management and the use of LLMs insecurity workflows.

Jaswanth has speaking experience in multiple well reputed conference's such as Seasides goa, OWASP, Security BSides, NexGen CyberWomen, and multiple universities.

He focuses on Java security and AI security. His work has helped many high-profile vendors, including Google, Amazon, Cloudera, IBM, Microsoft, and Oracle. He has presented at Black Hat Europe 2024, Zer0Con 2025, Off-by-One Con 2025, Black Hat USA 2025, DEFCON 33, and Zer0Con 2026.

Johann Rehberger has over twenty years of experience in threat modeling, risk management, penetration testing, and red teaming. During his tenure at Microsoft, Johann established a Red Team within Azure Data and led the program as Principal Security Engineering Manager. He went on to build a Red Team at Uber, and currently serves as Red Team Director at Electronic Arts. In addition to his industry roles, Johann is an active security researcher and a former instructor in ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK and ATLAS frameworks and is the author of "Cybersecurity Attacks - Red Team Strategies". He holds a master's degree in computer security from the University of Liverpool. You can find his latest research at embracethered.com.

BSides BarodaBSides MumbaiMitre APACBluehat IndiaVulnconIdentity Shield Summit Cloud identity summit Germany

A highly accomplished professional with over 15 years of experience across diverse industries, including telecommunications, wireless technologies, networking, embedded systems, cybersecurity, and the automotive sector.Over the past seven years, I have specialized extensively in cybersecurity, with expertise in server security (including OpenBMC), automotive security, and network security.I earned my Bachelor of Engineering in Electronics and Communication from V.V.P. Engineering College, Rajkot, and subsequently completed a Post Graduate Diploma in Embedded System Design from C-DAC, Government of India.Currently, I am serving as a Security Expert at Hewlett Packard Enterprise, Bengaluru, where I have been contributing for the past 4.5 years. My responsibilities include security architecture design and feature development across multiple domains, including security library development, FIPS certification, post-quantum cryptography (PQC) solutions, hardware ASIC engine optimization for security operations, Public Key Infrastructure (PKI), and secure key management.In addition to my core responsibilities, I actively lead AI-driven cybersecurity initiatives focused on improving productivity and strengthening security operations. These initiatives include AI-based CVE assessment, threat modeling, and PQC compliance automation.I also serve as a mentor with the Cyber Security Association of India and am a lifetime member of QSECDEF. Furthermore, I regularly collaborate and participate in global initiatives, industry events, and professional forums related to cybersecurity, defense technologies, and artificial intelligence.