Find Expert Speakers

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Armaan Pathan is a Senior Security Engineer at KATIM with deep expertise in application security, penetration testing, and bug bounty hunting. Over the past 10+ years, he has uncovered and responsibly disclosed critical vulnerabilities at leading tech organizations including Google, Facebook, Apple.Holding a Master’s degree in Information Technology and certifications such as OSCP, Armaan has excelled in both offensive security operations and mentoring engineering teams to adopt secure-by-design practices. His research spans areas like browser security, OAuth misconfigurations, and novel attack vectors that challenge industry assumptions.Beyond client work, Armaan actively contributes to the security community—publishing technical blogs, presenting at conferences, and raising awareness of emerging threats and practical defenses.

Farhad Sajid Barbhuiya is a passionate security professional with over 5 years of hands-on experience in offensive security, delivering more than 2000 hours of training across educational institutions, corporations, and government organizations. His trainings cover Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review, and more, empowering diverse audiences with practical, real-world skills.Currently a Staff Information Security Engineer on the Offensive Security team at Zscaler, Farhad works on offensive security assessments spanning across Mobile Application Security (Android & iOS), Reverse Engineering, Web Application Security, Agentic AI and LLMs and Hardware Security. His work focuses on uncovering vulnerabilities in high-stakes environments, from custom exploit chains to evasion techniques in containerized and cloud systems.A sought-after speaker, Farhad has presented at premier cybersecurity conferences including NullCon Goa (Advanced Web Apps Pentesting training), Bsides Delhi (Reverse Engineering for Exploit Development), Null Delhi (Reverse Engineering for Developers), Bsides Mumbai (DYLD Library Injection on macOS), Defcon Delhi (IoT Village), Bsides Vizag (TACTOU Attacks in AI Agents), and Bsides Mussorie (Magazine Exhaustion on iOS Heap Allocators). His sessions blend deep technical dives with live demos, making complex topics accessible and actionable.Farhad thrives at the intersection of vulnerability research, exploit development, and secure architecture, contributing to the infosec community through research, tools, and knowledge-sharing.

The speaker has served as a presenter at Black Hat Asia in both 2023 and 2024, participating in the Arsenal (Web Application Security) track held in Singapore.The speaker has also served as a guest speaker in several universities and community events & had attended BlackHat MEA 2022 - 2024 in Riyadh as a CTF Finals participant.

Jaswanth has speaking experience in multiple well reputed conference's such as Seasides goa, OWASP, Security BSides, NexGen CyberWomen, and multiple universities.

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

Niek brings over 10 years of expertise to the device security field. With a background in System and Network Engineering and an intrinsic interest, he's able to digest the complexities of device security efficiently.He shared his research with the community at various security and academic conferences, as well as journals, such as Black Hat, Bluehat, Usenix WOOT, hardwear.io, FDTC and PoC||GTFO.He gave trainings at HITB, hardwear.io and Ringzer0.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) and Security Architecture team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Pengfei is a Solution Architect at Picus Security, where he advise enterprise security teams in implementing automated adversary simulation operations and framework.Previously, he worked as a Cybersecurity Engineer in GovTech's GCSOC team, where he led the implementation of continuous purple teaming across the Whole-of-Government. Before this role, he served on GovTech's red team, mainly dabbling in VAPT and Adversary Simulation.Pengfei is certified with OSCP, eMAPT, Crest CRT, CCSK V4, etc. He has conducted research on emerging cybersecurity technologies and presented his findings at renowned conferences like Black Hat USA & Asia, DEFCON, SINCON, ROOTCON, etc.

I'm a security researcher with a passion for OS internals and all things low-level. Over the years I have specialised in Android & the Linux kernel, but have dabbled in a number of domains. When I'm not figuring out how things work and breaking them, I love to share my experiences and help others; whether it's via my blog, talks or mentoring.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.