Find Expert Speakers

Yeonwoo Park previously conducted penetration testing projects targeting Korean companies at his former workplace (Core Research Team at Raon Secure) and currently serves as a red teamer at his current workplace (Cyber Threat Analysis Team at SK AX).Through his AD zero-day research, he discovered an exception-handling flaw in the Kerberos protocol, uncovering a method to bypass Microsoft's security policies. Furthermore, through continuous research into areas undetected by popular open-source tools like BloodHound and unexplored topics, he contributes to enhancing the maturity of the red team.

Abhisek R is a Security Consultant at NetSPI, where he specializes in internal network penetration testing, with a strong focus on Active Directory security assessments. He has also worked on penetration tests across web applications, APIs, mobile platforms, and enterprise environments in previous organizations.He has reported security vulnerabilities to organizations such as Google, Zoho, and Brave, and has contributed to publicly disclosed vulnerabilities, including CVE-2023-21035. His experience spans vulnerability assessments, penetration testing, and security research across a wide range of modern attack surfaces.Abhisek is also the host of “The Abhisek Cast,” a cybersecurity podcast that explores lesser-known and under-discussed areas of the security ecosystem, featuring CEOs, CISOs, and security researchers from across the industry. He actively contributes to the security community through research, knowledge sharing, and technical discussions aimed at making complex security topics more accessible.

Hushcon West 2019Presented a technical talk on cellular infrastructure security, focusing on real-world weaknesses in mobile and carrier-adjacent systems. The session drew from hands-on research into cellular protocols, deployment realities, and how attackers exploit assumptions in telecom environments that are often treated as “trusted” or out of scope by enterprise security teams.Hushcon East 2023Delivered a talk centered on hacker culture, attacker mindset, and how security thinking evolves outside formal frameworks. The session explored how curiosity-driven exploration, informal knowledge sharing, and cultural norms shape real attacker behavior more accurately than checklists, tooling, or compliance-driven models.PRaSEC 2023Presented a red-team-focused session on Domain Admin attack paths, blending practical exploitation techniques with philosophical perspectives on adversary reasoning. The talk emphasized how attackers model trust, authority, and system design to move from initial access to full domain control.

Aditya Shankar is a cybersecurity professional with over 10 years of experience in infrastructure, cloud, and enterprise security. He currently works as a Senior Security Architect & Administrator, focusing on Azure security, infrastructure hardening, threat detection, and security automation across large-scale enterprise environments.His work spans security architecture, log analysis, identity hardening, and defensive engineering, with a growing focus on practical applications of AI in cybersecurity workflows. He actively experiments with AI-assisted reconnaissance, automation pipelines, and modern offensive-security tooling to explore how emerging technologies are reshaping both attack and defense strategies.Aditya holds the CISSP certification along with multiple Microsoft security certifications and is passionate about making complex security concepts practical, accessible, and operationally relevant for the community.

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Offensive Security Consultant with 2.5+ years of experience specializing in Web App, AD, and Network Penetration Testing. Expert in manual exploitation, lateral movement, and privilege escalation. Proven success in simulating real-world attacks to identify security gaps and providing comprehensive remediation guidance to technical and executive stakeholders. Committed to continuous learning, problem-solving, and contributing to secure environments.

Mars Cheng leads TXOne Networks' PSIRT and Threat Research Team as their Threat Research Manager, where he coordinates product security initiatives and threat research efforts. He also holds the position of Executive Director for the Association of Hackers in Taiwan, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence, and hunting, as well as enterprise system security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography.Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He plays an instrumental role as the General Coordinator for the HITCON CISO Summit 2024 and has successfully organized several past HITCON events including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.

Cybersecurity Researcher and Security Trainer with hands-on experience in Web, API, Active Directory, and Thick Client Application Security Assessments. Worked on multiple large-scale onsite VAPT engagements across enterprise environments, focusing on identifying complex attack paths, exploitation techniques, and realistic security risks.Specialized in offensive security operations involving Active Directory, cloud environments, and advanced web application testing. Experienced in conducting black-box and system-level security assessments, developing security testing methodologies, and researching emerging attack vectors. Holds expertise in Windows and Linux security architecture testing along with multi-cloud offensive security concepts across AWS, Azure, and GCP.Beyond assessments, actively involved in mentoring and training students and security enthusiasts through practical, real-world cybersecurity sessions. Passionate about security research, red teaming methodologies, wireless security, and building offensive security tooling. Frequently works on vulnerability research, security documentation, and conference-driven security content focused on practical attack demonstrations and defensive awareness.

Rahul is a security researcher with 7+ years in offensive security and red teaming. He specializes in malware development, AV/EDR evasion, and bypassing security controls in heavily defended environments. As a full-time red teamer, he's built tools and developed techniques that work against real-world security stacks.He currently works as Manager of Offensive Security and Threat Assessment with leading financial organizations across the Middle East, collaborating with red, blue, and purple teams to find and fix security gaps in enterprise infrastructure. He's spoken at international conferences including BlackHat, CONFidence, and HAcktivity.His expertise spans enterprise security and cloud infrastructure, with particular focus on identifying and exploiting design flaws in hardened environments.

I specialise in OffSec and AI Security and professionalise in Red Teaming, AppSec and Cloud. With my core expertise lying in Adversarial testing of modern AI-driven systems and LLMs and MCP servers I have also gotten my hands into much of Vuln research and ASM projects in the banking sector.I currently focus into breaking GenAI, AI and LLM models with deep research into Agentic AI systems exploit development as well for better security assessments. My frameworks are adopted by major MNCs in the Banking/Fintech industry for real world exploit devs across enterprise environments to assess security measures thoroughly. My  particularised intereste lies in bleeding border line emerging attack paths involving AI agents, APIs, cloud platforms, and identity systems to develop misconfigs and logic abuse scenarios in currently established AI practices in orgs.

Yuan Yudistira is the Head of Information Security at Siloam Hospitals Group, where he leads enterprise cybersecurity and digital risk strategy across 41 hospitals. He works closely with executive leadership to enable secure digital health transformation, secure cloud adoption, data protection, and operational resilience in large, complex healthcare environments.With over 12 years of experience spanning information security leadership, cloud architecture, and risk governance, Yuan has led initiatives aligned with NIST Cybersecurity Framework and ISO 27001 to strengthen cyber resilience, protect sensitive health data, and support scalable, cloud-first healthcare operations. He is a CISSP and CISM certified professional and a published book author on practical cybersecurity and risk management for organizations.