Find Expert Speakers

Amey Parab is a seasoned Staff Software Engineer and Tech Lead with over 14 years of comprehensive software development experience, specializing in frontend architecture and high-performance web applications. Currently serving as a Staff Software Engineer and Tech Lead at Magnit Global, Amey leads the development of cutting-edge AI-powered workforce management platforms that streamline complex business processes.Amey's expertise lies in architecting scalable frontend solutions that significantly accelerate feature delivery and boost overall team velocity. He has a proven track record of building foundational components and frameworks that serve as the backbone for enterprise-level applications across multiple industries, including workforce management, financial services, healthcare, and digital media. As a technical leader, Amey has consistently driven innovation through the development of reusable Angular frameworks and UI component libraries that promote consistency and maintainability across large-scale applications.Throughout his career, Amey has made significant contributions to various sectors. In workforce management, he is leading the architectural foundation for Magnit Platform's modern AI-powered solutions. In financial services, he developed comprehensive digital investment platforms and financial planning tools at Prudential Financial. His healthcare technology work includes creating advanced analytics platforms and high-content analysis solutions for medical research, while his digital media experience encompasses building interactive video recording and content management systems.Amey specializes in Angular framework development, TypeScript, and modern web technologies, with extensive experience in creating responsive, accessible, and cross-browser compatible applications. His technical toolkit includes expertise in UI/UX implementation, REST API integration, unit testing frameworks, and cloud deployment strategies. His collaborative approach with cross-functional teams, including product managers, designers, and backend developers, has resulted in robust RESTful API architectures and seamless user experiences.Amey is passionate about mentoring development teams and establishing best practices that ensure the delivery of maintainable, scalable, and high-quality code. His approach combines technical excellence with strategic thinking, enabling organizations to build robust digital solutions that meet evolving business needs. He holds a Bachelor of Management Studies from the University of Mumbai and has completed an Advanced Programme in Software Development. He is a Microsoft Certified Professional Developer with specializations in .NET Framework applications, demonstrating his commitment to continuous learning and professional development.Based in the Bay Area, Amey continues to drive innovation in frontend development while contributing to the advancement of modern web application architectures.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

As a seasoned technologist, life-long hacker, and world-renowned security professional, I excel at tackling complex problems from unconventional angles to uncover innovative solutions. With expertise in managing multicultural environments, I bridge the gap between commercial and technical sides of businesses, aligning international teams to achieve common goals. My entrepreneurial spirit and technical acumen enable me to navigate crisis situations, chaotic business environments, and strategic changes with ease.With a deep understanding of IP networking, telecom, internet communications, security, and cloud computing, I stay ahead of the curve by exploring new technologies before they hit the market. I analyze their strategic implications, disruptive effects, and emerging opportunities, providing valuable insights to businesses.My extensive experience spans designing complex computing environments, evaluating security issues in widely used systems, including election equipment, and authoring academic studies on election security. As a co-founder of the first pan-European internet service provider EUNet, I have a proven track record of developing secure communication protocols and technologies.Since 2005, I have advised law and policy makers, national and local governments, on cybersecurity and critical infrastructure in the United States, ASEAN, and elsewhere. I work with multiple companies on security technologies, identity management, cryptography, and digital biotech applications. My expertise is also sought after for security trainings and assessments of critical infrastructure worldwide.As a co-founder and co-organizer of DEF CON Voting Village, I have played a pivotal role in shaping the global security research and hacker community. My work has been featured in two Emmy-nominated HBO documentary films, "Hacking Democracy" (2006) and "Kill Chain: The Cyber War on America's Elections" (2020), showcasing my successful proof-of-concept mock election hack and follow-up analysis on election security.

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force. For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me. I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

- **AWS Dev Day 2023**_E-2: Learning Security by Design from Anti-Patterns in Amazon S3, Amazon Cognito, and AWS Lambda_[Slide deck](https://www.docswell.com/s/a-zara-n/5248R9-devday)- **BSides Las Vegas 2024**_Are you content with our current attacks on Content-Type?_[Talk info](https://archive.bsideslv.org/2024/talks#PAPKRL) / [Slides](https://speakerdeck.com/flatt_security/are-you-content-with-our-current-attacks-on-content-type)- **BSides Tokyo 2024**_XSS using dirty Content-Type in the cloud era_[Talk info](https://bsides.tokyo/2024/#norihide-saito--azara) / [Slides](https://speakerdeck.com/flatt_security/xss-using-dirty-content-type-in-cloud-era)- **JSAC 2024 (JPCERT/CC)**_Introduction to Cloud Incident Investigation Through Architecture-Based Understanding_Hands-on workshop covering real-world unauthorized access cases in AWS and Azure.- **CODE BLUE 2024**_Beyond Misconfigurations: A Comprehensive Look at Threats in Object Storage like S3_[Program page](https://archive.codeblue.jp/2024/program/time-table/day1-opentalks-007/)

Over 12 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025 and VulnCon 2025.

Sr. Security Engineer @ Coupa Software . Passionate Learner for OffSec and Security Engineering. Working collaboratively with Security Operations , Security Engineering & Threat Management @ Coupa Software

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020); Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024). With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

ISACA Cybersecurity ConferenceDelivered an insightful session on Zero Trust Security, breaking down its practical implementation and its role in modern cyber defense architecture. His talk was well-received by industry professionals and highlighted the evolving nature of perimeter-less security models.CIO News Cybersecurity ForumPresented on the integration of offensive and defensive security practices, emphasizing collaboration over siloed efforts. His impactful delivery earned him an on-the-spot award for excellence in thought leadership and practical insight.Crypto Expo DubaiTook the stage at one of the largest blockchain and cryptocurrency platforms in Dubai, where he delivered a high-impact talk on “Hacking Crypto Wallets”. The session provided deep dives into real-world attack vectors and preventive mechanisms, drawing significant attention from global fintech and blockchain professionals.

Cybersecurity Consultant with over three years of hands-on industry experience, I specialize in offensive security—driven by a passion for uncovering and exploiting weaknesses before adversaries can. My work spans Red Team operations, Network Security, and Web/API Vulnerability Assessment & Penetration Testing (VAPT), with successful engagements across BFSI, IT Products & Services, and Healthcare sectors.With a strong research focus on Adversarial Tactics, Techniques, and Procedures (TTPs), I continuously explore emerging threat vectors and offensive methodologies to deliver actionable security insights that directly reduce business risk. My approach blends technical precision with creative attack strategies, ensuring organizations stay ahead of evolving cyber threats

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking. For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking.

Producer at KazHackStan Conference and Managing Partner at TSARKA GROUP