Find Expert Speakers

Hey, I’m Bhavesh Pardhi, a cybersecurity practitioner and bug hunter focused on real-world web application security.My work primarily revolves around reconnaissance, vulnerability discovery, and building practical workflows that improve efficiency in bug hunting. I focus on identifying real attack surfaces and optimizing recon processes to reduce noise and increase meaningful findings.I am the founder of CyberXsociety, a growing platform where I share cybersecurity knowledge through blogs, digital products, and a community-driven forum focused on real-world learning and methodologies.Alongside this, I am building a local tech community, Jalgaon Hackers Meetup, to connect and grow serious learners in cybersecurity, development, and related fields through discussions, meetups, and collaborative learning.My approach is strongly practical and system-driven. Instead of focusing only on tools, I focus on building structured methodologies that can be applied across different targets and environments.I am actively working on bug bounty programs, contributing to the cybersecurity community, and continuously exploring ways to improve recon workflows and vulnerability discovery processes.

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRGChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder of AuroraSec and RRG, and has helped develop many of today’s most widely used RFID research tools, including the Proxmark3 RDV4 and the Chameleon Mini.He is a well-known RFID hacking and Proxmark3 evangelist, serving the community as both a forum administrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black Hat Asia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, TenguCon, Balccon, TumpiCon, WHY and SaintCon.He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 15 years of experience in bespoke software development, Christian specializes in .NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFID technologies, and has served as an instructor for Red Team Alliance (RTA), including training sessions at Black Hat.sessions at Black Hat.

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

Dustin Heywood, otherwise known as EvilMog has been in the Cybersecurity Industry for close to 2 decades. He is an Executive Managing Hacker and Senior Technical Staff Member for IBM X-Force, a member of "Team Hashcat", and a Bishop of the "Church of Wifi".EvilMog is a world champion Hacker Jeopardy Player, and a holder of multiple "Black Badges" including DEFCON, THOTCON, and CypherCon.

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

I build and break Identity Systems for a living. With 14 years in Cyber Security, I’ve worked across Identity & Access Management (IAM), Non-Human Identities Security, Endpoint Security, Data security, and Cloud Applications Security focusing on how access really works versus how we think it works.

Cybersecurity Researcher and Security Trainer with hands-on experience in Web, API, Active Directory, and Thick Client Application Security Assessments. Worked on multiple large-scale onsite VAPT engagements across enterprise environments, focusing on identifying complex attack paths, exploitation techniques, and realistic security risks.Specialized in offensive security operations involving Active Directory, cloud environments, and advanced web application testing. Experienced in conducting black-box and system-level security assessments, developing security testing methodologies, and researching emerging attack vectors. Holds expertise in Windows and Linux security architecture testing along with multi-cloud offensive security concepts across AWS, Azure, and GCP.Beyond assessments, actively involved in mentoring and training students and security enthusiasts through practical, real-world cybersecurity sessions. Passionate about security research, red teaming methodologies, wireless security, and building offensive security tooling. Frequently works on vulnerability research, security documentation, and conference-driven security content focused on practical attack demonstrations and defensive awareness.

Rahul is a security researcher with 7+ years in offensive security and red teaming. He specializes in malware development, AV/EDR evasion, and bypassing security controls in heavily defended environments. As a full-time red teamer, he's built tools and developed techniques that work against real-world security stacks.He currently works as Manager of Offensive Security and Threat Assessment with leading financial organizations across the Middle East, collaborating with red, blue, and purple teams to find and fix security gaps in enterprise infrastructure. He's spoken at international conferences including BlackHat, CONFidence, and HAcktivity.His expertise spans enterprise security and cloud infrastructure, with particular focus on identifying and exploiting design flaws in hardened environments.

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

I am Yash Vasoya, also known as “Cyber Vasoya,” a cybersecurity researcher, analyst, and educator specializing in cybercrime investigation, digital forensics, and ethical hacking. With a strong foundation in both academic research and real-world cybersecurity practice, I focus on analyzing modern cyber threats and translating them into actionable defensive strategies.I have delivered training sessions and workshops for students, professionals, and law enforcement agencies, where I emphasize hands-on learning, real-world case studies, and practical demonstrations. My goal is to bridge the gap between complex cybersecurity concepts and their real-world application in investigations and threat mitigation.I am passionate about building digital resilience and actively contribute to cybersecurity awareness and education. My mission is to simplify complex security challenges and empower individuals and organizations to stay ahead in an evolving cyber threat landscape.