Find Expert Speakers

Aarushi Koolwal is a Security Engineer in Risk & Security Engineering at PhonePe, with four years of experience spanning security engineering, risk analysis and threat intelligence.Aarushi is also an active speaker who has presented at leading cybersecurity conferences such as Black Hat MEA, BSides Ahemdabad, BSides Mumbai and c0c0n. She has previously worked with CloudSEK and NotSoSecure

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

Abhisek R is a Security Consultant at NetSPI, where he specializes in internal network penetration testing, with a strong focus on Active Directory security assessments. He has also worked on penetration tests across web applications, APIs, mobile platforms, and enterprise environments in previous organizations.He has reported security vulnerabilities to organizations such as Google, Zoho, and Brave, and has contributed to publicly disclosed vulnerabilities, including CVE-2023-21035. His experience spans vulnerability assessments, penetration testing, and security research across a wide range of modern attack surfaces.Abhisek is also the host of “The Abhisek Cast,” a cybersecurity podcast that explores lesser-known and under-discussed areas of the security ecosystem, featuring CEOs, CISOs, and security researchers from across the industry. He actively contributes to the security community through research, knowledge sharing, and technical discussions aimed at making complex security topics more accessible.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Ailin Castellucci’s speaking experience spans key cybersecurity communities and public forums across Latin America, where she delivers both technical workshops and high-level talks focused on practical, real-world security.She has been part of conference lineups such as NotPinkCon, where she presented “Cyber-Operation,” exploring cybersecurity and cyber conflict concepts in an accessible, audience-friendly way.At Congreso AGETIC 2023 (Bolivia), she led a hands-on workshop, “Threat Modeling in a Nutshell,” designed to help teams apply threat modeling methodologies in practice—covering strengths, real-life use, and the human challenges organizations face when implementing these practices. In the same event, she was also listed as a keynote speaker with “Avengers, assemble! – Seguridad colaborativa,” reinforcing her emphasis on collaborative security approaches.She has also spoken at the “Cibercrisis” conference series by Sombreros Blancos, where she presented a talk titled “Roses are red, violets are blue… there’s a spy in your net and she’s behind you!”, bringing an engaging, story-driven angle to security awareness and adversarial thinking.Beyond large events, Ailin frequently speaks in community and online formats—such as Discord sessions—on topics like “Seguridad Colaborativa,” aiming to bridge the gap between security best practices and what teams can realistically implement.Overall, her speaking style blends practitioner experience (offensive security, bug bounty, and security teams) with clear frameworks and actionable guidance, making her talks useful for both newcomers and experienced professionals.

🎤 Public Speaking & Knowledge Sharing1️⃣ 🇮🇳 Nullcon Goa 2026 — “Why Did the Model Think That? Demystifying the Black Box with Explainable AI (XAI)” 🔗 Link: https://nullcon.net/talk/why-did-the-model-think-that-demystifying-the-black-box-with-explainable-ai-xai/2️⃣ 🇮🇳 OWASP AppSec Days Bangalore 2025 — “Unveiling the Risks of MCP Servers: An In-Depth Exploration” 🔗 Link: https://owaspappsecdaysbangaloreoct.sched.com/event/28Z5G/unveiling-the-risks-of-mcp-servers-an-in-depth-exploration3️⃣ 🇸🇬 OWASP AppSec Days Singapore 2024 — “The Dark Side of AI: Exploring Adversarial Threats” 🔗 Link: https://owaspappsecdayssingapore202.sched.com/event/1ir3T/the-dark-side-of-ai-exploring-adversarial-threats4️⃣ 🇮🇪 Security BSides Dublin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://www.bsidesdub.ie/speakers.php5️⃣ 🇩🇪 Nullcon Berlin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://nullcon.net/berlin-2024/speaker-into-the-abyss-adversarial-tactics-in-ai-security6️⃣ 🇮🇳 Seasides Infosec Conference 2023 — “Primer into SAP Penetration Testing & OWASP SAPKiln” 🔗 Link: https://www.bugbountyvillage.com/speakers7️⃣ 🇮🇳 c0c0n 15th Edition (2022) — “Hyperledger Fabric & Ethereum Apps: Security Deep Dive” 🔗 Link: https://india.c0c0n.org/2022/agenda8️⃣ 🇹🇳 OWASP Tunisia Chapter (2020) — “Blockchain Security” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=fRQrJttI5vI9️⃣ 🇮🇳 OWASP Kerala Chapter (2020) — “Pen Testing Blockchain Solutions (Ethereum Nodes & Smart Contracts)” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=ahZ_V6qdBjQ

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

I often deliver technical security content to professional and executive level audiences. For example, as a SOC Analyst at IDDA, I directly presented our SOAR (Security Orchestration, Automation and Response) platform to Ministry of Security representatives. I gave a technical walkthrough of the platform architecture, incident automation workflows, threat correlation mechanisms, and presented real world use cases. Subsequent to the presentation, the product received considerable interest from multiple stakeholders and potential investors.I've also attended vendor meetings with Palo Alto and Forcepoint DLP, presenting technical assessments and making workflow recommendations to help optimize the deployment of security products and their integration into the corporate environment.Besides this type of enterprise-level presentation, I've also been the guy on the team to go to an international hackathon. I presented AI security and automation concepts at an innovation event in Georgia. I gave a presentation to a technical evaluation panel, detailing the design of the system, the model for threat detection, and the architecture of the data pipeline.I also took part in the Google AI Hackathon in Kazakhstan, where I presented a detailed technical pitch including model architecture, implementation strategy, and deployment aspects to judges and business representatives.These occasions implied explaining intricate technical details in a digestible form, addressing immediate technical inquiries, justifying architecture choices, and discussing security compromises. I feel at ease presenting deeply technical information to both engineering communities and business leaders.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Over the years, I’ve had the opportunity to speak at cybersecurity conferences, technology summits, university campuses, and industry communities where I focus on making security practical, relatable, and engaging through real-world stories, demonstrations, and attacker-driven thinking.I’ve delivered talks at events including ATAGTR 2024, ATAGTR 2025, AITestFest 2025, AITestFest 2026, Identity Shield, SAP Security Expert Summit, TechX, along with guest sessions and cybersecurity awareness talks across multiple university campuses.My sessions typically revolve around AI-driven threats, OSINT, phishing, social engineering, dark web exposure, privacy, cyber risk, and the growing intersection between offensive security and governance. I enjoy blending live demonstrations, attacker psychology, and practical security lessons to help audiences understand not just how attacks happen — but why organisations continue to underestimate them.Beyond conferences, I actively mentor aspiring professionals, contribute to security awareness initiatives, and enjoy simplifying complex security concepts for both technical and non-technical audiences.

Armaan Pathan is a Senior Security Engineer at KATIM with deep expertise in application security, penetration testing, and bug bounty hunting. Over the past 10+ years, he has uncovered and responsibly disclosed critical vulnerabilities at leading tech organizations including Google, Facebook, Apple.Holding a Master’s degree in Information Technology and certifications such as OSCP, Armaan has excelled in both offensive security operations and mentoring engineering teams to adopt secure-by-design practices. His research spans areas like browser security, OAuth misconfigurations, and novel attack vectors that challenge industry assumptions.Beyond client work, Armaan actively contributes to the security community—publishing technical blogs, presenting at conferences, and raising awareness of emerging threats and practical defenses.

Offensive Security Lead and globally ranked security researcher with extensive experience in vulnerability research and red teaming. Recognized as Best Bug Hunter at Microsoft MVR (2023–2025) and acknowledged by leading organizations including Apple (2022) and Google (2021). Featured in the Hall of Fame of 300+ Fortune companies for responsible disclosures.Holds multiple industry certifications including CRTP, LPT, CPENT, eWPTXv2, CHFI, and CEH. Discovered and reported 5 CVEs. Active CTF player and public speaker, regularly sharing insights on offensive security, bug bounty methodologies, and advanced attack techniques at international conferences and universities.

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

I'm an active member and contributor at various security and developer communities including null open security community and FOSS United.I delivered talks/training at various conferences such as HITB, Sincon, Nullcon, c0c0n, Defcon: Recon Village, various Bsides, Bugcrowd LevelUp, PyCon India etc.References to my talks/trainings:https://www.disruptivelabs.in/talks/https://speakerdeck.com/0xbharathhttps://www.disruptivelabs.in/trainings/

Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering vulnerabilities in complex environments — from AWS misconfigurations to API flaws — he has worked with startups, enterprises, and government agencies to strengthen their security posture. Bhaumik is passionate about sharing real-world lessons from the field, mentoring the next generation of security professionals, and occasionally sneaking in a pop-culture reference or two to make security just a little more fun.

Hey, I’m Bhavesh Pardhi, a cybersecurity practitioner and bug hunter focused on real-world web application security.My work primarily revolves around reconnaissance, vulnerability discovery, and building practical workflows that improve efficiency in bug hunting. I focus on identifying real attack surfaces and optimizing recon processes to reduce noise and increase meaningful findings.I am the founder of CyberXsociety, a growing platform where I share cybersecurity knowledge through blogs, digital products, and a community-driven forum focused on real-world learning and methodologies.Alongside this, I am building a local tech community, Jalgaon Hackers Meetup, to connect and grow serious learners in cybersecurity, development, and related fields through discussions, meetups, and collaborative learning.My approach is strongly practical and system-driven. Instead of focusing only on tools, I focus on building structured methodologies that can be applied across different targets and environments.I am actively working on bug bounty programs, contributing to the cybersecurity community, and continuously exploring ways to improve recon workflows and vulnerability discovery processes.

Bocheng Xiang (@crispr_x) is an offensive security researcher and PhD candidate at Fudan University. His work focuses on uncovering high-impact Windows vulnerabilities and exploitation primitives rooted in file system semantics and OS design flaws. He is an MSRC MVR (2024/2025) and ranked Top 20 on the MSRC 2024 Q3 Windows Leaderboard.He has published at USENIX Security and NDSS, with accepted talks at PoC 2025 and Black Hat USA/Europe.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

1. Guest Speaker at BINUS University (Indonesia) | 2024Topic: Cybersecurity Practices & The "Open Possible" SpiritDescription: Delivered a keynote during an overseas technical exchange, sharing insights on Taiwan Mobile's security strategies and fostering transnational internship opportunities.2. Internal Technical Seminar at Taiwan MobileTopic: Case Study: Exploiting Google Web Designer (Zip Slip Vulnerability)Description: A deep-dive presentation analyzing the root cause of a $7,500 Google VRP finding. Covered the discovery process, exploitation of the path traversal defect, and the final reporting methodology.3. Advanced Security Training Series (Internal)Topic: Offensive Security & Reverse EngineeringDescription: Conducted multiple technical sessions for internal engineering teams. Topics included:DLL Hijacking & Patch Diffing: Analyzing attack vectors in Windows environments.Reverse Engineering: Practical training using IDA Pro and Linux CTF challenges.Web Exploitation: Methodologies for identifying XSS and SQL Injection vulnerabilities

Security Engineer with 5 years of experience, currently working as a Senior Security Engineer at ShareChat.Previously worked with Flipkart as a Security Engineer and bug bounty hunter. Experienced across multiple domains including cloud security, WAF, application security, network and infrastructure security, as well as mobile security testing.

EXPERTISE:- Experienced Cyber Security with a demonstrated history of working in the several industry. Skilled in Penetration testing, XDR, EDR, DFIR, Threat Hunting, and OSINT.- Advanced Ethical Hacking:Proficient in various hacking methodologies, including but not limited to network penetration testing, (web, API, Infra, mobile) application testing, wireless network exploitation, and social engineering.- Deep Knowledge of Security Frameworks: Expertise in industry- standard security frameworks such as OWASP, NIST, and PTES, with the ability to apply their guidelines effectively