Find Expert Speakers

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others. I’ve served as University Professor in Master Degree - Portugal and Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Haakon is currently a security consultant working for Binary Security in Oslo, focusing mostly on WebApps and backend security. He has a strong background in Cybersecurity, with expertise in analyzing and securing applications and operating systems. His experience includes working at the Norwegian National Defense Research Establishment (FFI), where he conducted in-depth security assessments. Additionally, his background as a mathematician has equipped him with the skills to analyze and understand complex systems effectively.

As a seasoned technologist, life-long hacker, and world-renowned security professional, I excel at tackling complex problems from unconventional angles to uncover innovative solutions. With expertise in managing multicultural environments, I bridge the gap between commercial and technical sides of businesses, aligning international teams to achieve common goals. My entrepreneurial spirit and technical acumen enable me to navigate crisis situations, chaotic business environments, and strategic changes with ease.With a deep understanding of IP networking, telecom, internet communications, security, and cloud computing, I stay ahead of the curve by exploring new technologies before they hit the market. I analyze their strategic implications, disruptive effects, and emerging opportunities, providing valuable insights to businesses.My extensive experience spans designing complex computing environments, evaluating security issues in widely used systems, including election equipment, and authoring academic studies on election security. As a co-founder of the first pan-European internet service provider EUNet, I have a proven track record of developing secure communication protocols and technologies.Since 2005, I have advised law and policy makers, national and local governments, on cybersecurity and critical infrastructure in the United States, ASEAN, and elsewhere. I work with multiple companies on security technologies, identity management, cryptography, and digital biotech applications. My expertise is also sought after for security trainings and assessments of critical infrastructure worldwide.As a co-founder and co-organizer of DEF CON Voting Village, I have played a pivotal role in shaping the global security research and hacker community. My work has been featured in two Emmy-nominated HBO documentary films, "Hacking Democracy" (2006) and "Kill Chain: The Cyber War on America's Elections" (2020), showcasing my successful proof-of-concept mock election hack and follow-up analysis on election security.

Topic:CTI: Dark Web Credential Monitoring Is Expensive Regret NotificationWhat processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.They Tested Everything Except What FailedDissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.Google Cloud Armor Vulnerability DiscoveryFound a critical WAF bypass in Google Cloud Armor. Google patched it globally.Beyond SAST: Building a Multi-LLM JudgeUsing multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.Strategic Detection Engineering at ScaleBuilding proactive threat detection for government platforms serving 50M+ users. Detection over reaction.

Matthias Luft is a seasoned information security leader. After more than 15 years in security, he is still excited about a broad range of topics (from hypervisors via containers/clouds to security leadership) and has had the privilege to present on them around the globe. Currently he works on container and cloud security engineering. Outside of work, he enjoys the outdoors, martial arts, and spending time with dogs.

Two decades of cybersecurity experience including executive roles at Twitter, CoinList, Mozilla and OWASP. A co-founder and CEO of a venture backed cybersecurity startup (acquired) and an early stage investor finding and growing the next generation of amazing cybersecurity companies. Based in San Francisco.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force. For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me. I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

Mohamed Ouad is a Senior Security Consultant focused on web apps and cloud infrastructure. Mohamed garnered his professional security experience at NTT Data Italy. There, he was involved in penetration testing and vulnerability assessments for critical insurance and telecommunications companies. During his research and bug bounty activities, Mohamed has been recognized by numerous companies including: Microsoft’s MSRC, Kaspersky, the Dutch Cancer Society, Symantec, and ESET. He has also discovered multiple security vulnerabilities across various open-source projects, contributing responsible disclosures that helped strengthen their overall security posture

PyCon APAC 2024 - Python at Scale: Building a Node Autoscaling Engine with a Distributed SystemAWS User Group Indonesia 2024 - AWS Security 101: Let’s Simulate and Learn!Kubernetes Community Days Indonesia 2024 - Letting Hackers Into Your Kubernetes ClusterPyCon SG 2025 - Firecracker Made Easy with PythonOpenInfra Days ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMsCloud Village @ DEFCON 33 - TencentGoat: An Intentionally Vulnerable Tencent Cloud EnvironmentAWS Community Day ID 2025 - Attack the Cloud Before Attackers Do: Building Adversary Simulation Playbooks

- **AWS Dev Day 2023**_E-2: Learning Security by Design from Anti-Patterns in Amazon S3, Amazon Cognito, and AWS Lambda_[Slide deck](https://www.docswell.com/s/a-zara-n/5248R9-devday)- **BSides Las Vegas 2024**_Are you content with our current attacks on Content-Type?_[Talk info](https://archive.bsideslv.org/2024/talks#PAPKRL) / [Slides](https://speakerdeck.com/flatt_security/are-you-content-with-our-current-attacks-on-content-type)- **BSides Tokyo 2024**_XSS using dirty Content-Type in the cloud era_[Talk info](https://bsides.tokyo/2024/#norihide-saito--azara) / [Slides](https://speakerdeck.com/flatt_security/xss-using-dirty-content-type-in-cloud-era)- **JSAC 2024 (JPCERT/CC)**_Introduction to Cloud Incident Investigation Through Architecture-Based Understanding_Hands-on workshop covering real-world unauthorized access cases in AWS and Azure.- **CODE BLUE 2024**_Beyond Misconfigurations: A Comprehensive Look at Threats in Object Storage like S3_[Program page](https://archive.codeblue.jp/2024/program/time-table/day1-opentalks-007/)

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Sr. Security Engineer @ Coupa Software . Passionate Learner for OffSec and Security Engineering. Working collaboratively with Security Operations , Security Engineering & Threat Management @ Coupa Software

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020);  (HITB)Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024), Hack Lu and BlackHat MEA (2025) With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

I am a cybersecurity professional with over 10 years of experience across industries like telecom, healthcare, product development, and banking. I graduated with a Postgraduate Diploma in Information Security from CDAC. My expertise includes application and network security assessments, focusing on mobile app security for Android and iOS. I've disclosed critical vulnerabilities in platforms like Salesforce and Oracle, including CVE-2023-22042.

ISACA Cybersecurity ConferenceDelivered an insightful session on Zero Trust Security, breaking down its practical implementation and its role in modern cyber defense architecture. His talk was well-received by industry professionals and highlighted the evolving nature of perimeter-less security models.CIO News Cybersecurity ForumPresented on the integration of offensive and defensive security practices, emphasizing collaboration over siloed efforts. His impactful delivery earned him an on-the-spot award for excellence in thought leadership and practical insight.Crypto Expo DubaiTook the stage at one of the largest blockchain and cryptocurrency platforms in Dubai, where he delivered a high-impact talk on “Hacking Crypto Wallets”. The session provided deep dives into real-world attack vectors and preventive mechanisms, drawing significant attention from global fintech and blockchain professionals.