Find Expert Speakers

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

Cyber Security Engineer with 2 years combined experience in Software Engineering and hands-on experience across cloud security, identity & access management, and security governance. graduated with MSc in Cyber Security from University of Birmingham and B.Eng in Software Engineer from Kuala Lumpur University Science Technology.Kamil has interest in academia and professional topics, Currently working at a fintech environment focused on securing cloud-native workloads (GCP), including privileged access management (PAM) solutioning, IAM controls, and contributing to security policy and risk initiatives. Kamil work closely with platform and product teams to translate security requirements into practical, scalable controls.

Abhisek R is a Security Consultant at NetSPI, where he specializes in internal network penetration testing, with a strong focus on Active Directory security assessments. He has also worked on penetration tests across web applications, APIs, mobile platforms, and enterprise environments in previous organizations.He has reported security vulnerabilities to organizations such as Google, Zoho, and Brave, and has contributed to publicly disclosed vulnerabilities, including CVE-2023-21035. His experience spans vulnerability assessments, penetration testing, and security research across a wide range of modern attack surfaces.Abhisek is also the host of “The Abhisek Cast,” a cybersecurity podcast that explores lesser-known and under-discussed areas of the security ecosystem, featuring CEOs, CISOs, and security researchers from across the industry. He actively contributes to the security community through research, knowledge sharing, and technical discussions aimed at making complex security topics more accessible.

Aditya Shankar is a cybersecurity professional with over 10 years of experience in infrastructure, cloud, and enterprise security. He currently works as a Senior Security Architect & Administrator, focusing on Azure security, infrastructure hardening, threat detection, and security automation across large-scale enterprise environments.His work spans security architecture, log analysis, identity hardening, and defensive engineering, with a growing focus on practical applications of AI in cybersecurity workflows. He actively experiments with AI-assisted reconnaissance, automation pipelines, and modern offensive-security tooling to explore how emerging technologies are reshaping both attack and defense strategies.Aditya holds the CISSP certification along with multiple Microsoft security certifications and is passionate about making complex security concepts practical, accessible, and operationally relevant for the community.

- Unveiling Digital identities: Device and Browser fingerprinting have been accepted at Blackhat MEA , Nullcon Goa, Bsides Bloomington, Connecticut, Sydney, Hackred Con 2024, Defcon Delhi 0x07 etc.- Ghost in the Machine: Exploiting Hardware & Network Fingerprints for Tracking Presented at Myhack Malaysia.- Reinventing Access Control: Fingerprinting for Credential Protection Presented at VulnCon 2025 and BSides Mumbai 2025.- Speaker at Defcon Delhi 0x06: Presented my research paper on analyzing the Mirai Botnet and its derivatives.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Ailin Castellucci’s speaking experience spans key cybersecurity communities and public forums across Latin America, where she delivers both technical workshops and high-level talks focused on practical, real-world security.She has been part of conference lineups such as NotPinkCon, where she presented “Cyber-Operation,” exploring cybersecurity and cyber conflict concepts in an accessible, audience-friendly way.At Congreso AGETIC 2023 (Bolivia), she led a hands-on workshop, “Threat Modeling in a Nutshell,” designed to help teams apply threat modeling methodologies in practice—covering strengths, real-life use, and the human challenges organizations face when implementing these practices. In the same event, she was also listed as a keynote speaker with “Avengers, assemble! – Seguridad colaborativa,” reinforcing her emphasis on collaborative security approaches.She has also spoken at the “Cibercrisis” conference series by Sombreros Blancos, where she presented a talk titled “Roses are red, violets are blue… there’s a spy in your net and she’s behind you!”, bringing an engaging, story-driven angle to security awareness and adversarial thinking.Beyond large events, Ailin frequently speaks in community and online formats—such as Discord sessions—on topics like “Seguridad Colaborativa,” aiming to bridge the gap between security best practices and what teams can realistically implement.Overall, her speaking style blends practitioner experience (offensive security, bug bounty, and security teams) with clear frameworks and actionable guidance, making her talks useful for both newcomers and experienced professionals.

Alessandro Pisani is a software and security engineer at Meta, focusing on large-scale infrastructure defense and threat detection systems. With a strong background in software engineering and advanced malware research, he specializes in building resilient systems that bridge deep security telemetry with modern, high-throughput production environments. He holds an M.Sc. in Computer Engineering from Politecnico di Torino.

🎤 Public Speaking & Knowledge Sharing1️⃣ 🇮🇳 Nullcon Goa 2026 — “Why Did the Model Think That? Demystifying the Black Box with Explainable AI (XAI)” 🔗 Link: https://nullcon.net/talk/why-did-the-model-think-that-demystifying-the-black-box-with-explainable-ai-xai/2️⃣ 🇮🇳 OWASP AppSec Days Bangalore 2025 — “Unveiling the Risks of MCP Servers: An In-Depth Exploration” 🔗 Link: https://owaspappsecdaysbangaloreoct.sched.com/event/28Z5G/unveiling-the-risks-of-mcp-servers-an-in-depth-exploration3️⃣ 🇸🇬 OWASP AppSec Days Singapore 2024 — “The Dark Side of AI: Exploring Adversarial Threats” 🔗 Link: https://owaspappsecdayssingapore202.sched.com/event/1ir3T/the-dark-side-of-ai-exploring-adversarial-threats4️⃣ 🇮🇪 Security BSides Dublin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://www.bsidesdub.ie/speakers.php5️⃣ 🇩🇪 Nullcon Berlin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://nullcon.net/berlin-2024/speaker-into-the-abyss-adversarial-tactics-in-ai-security6️⃣ 🇮🇳 Seasides Infosec Conference 2023 — “Primer into SAP Penetration Testing & OWASP SAPKiln” 🔗 Link: https://www.bugbountyvillage.com/speakers7️⃣ 🇮🇳 c0c0n 15th Edition (2022) — “Hyperledger Fabric & Ethereum Apps: Security Deep Dive” 🔗 Link: https://india.c0c0n.org/2022/agenda8️⃣ 🇹🇳 OWASP Tunisia Chapter (2020) — “Blockchain Security” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=fRQrJttI5vI9️⃣ 🇮🇳 OWASP Kerala Chapter (2020) — “Pen Testing Blockchain Solutions (Ethereum Nodes & Smart Contracts)” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=ahZ_V6qdBjQ

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

Amey Parab is a seasoned Staff Software Engineer and Tech Lead with over 14 years of comprehensive software development experience, specializing in frontend architecture and high-performance web applications. Currently serving as a Staff Software Engineer and Tech Lead at Magnit Global, Amey leads the development of cutting-edge AI-powered workforce management platforms that streamline complex business processes.Amey's expertise lies in architecting scalable frontend solutions that significantly accelerate feature delivery and boost overall team velocity. He has a proven track record of building foundational components and frameworks that serve as the backbone for enterprise-level applications across multiple industries, including workforce management, financial services, healthcare, and digital media. As a technical leader, Amey has consistently driven innovation through the development of reusable Angular frameworks and UI component libraries that promote consistency and maintainability across large-scale applications.Throughout his career, Amey has made significant contributions to various sectors. In workforce management, he is leading the architectural foundation for Magnit Platform's modern AI-powered solutions. In financial services, he developed comprehensive digital investment platforms and financial planning tools at Prudential Financial. His healthcare technology work includes creating advanced analytics platforms and high-content analysis solutions for medical research, while his digital media experience encompasses building interactive video recording and content management systems.Amey specializes in Angular framework development, TypeScript, and modern web technologies, with extensive experience in creating responsive, accessible, and cross-browser compatible applications. His technical toolkit includes expertise in UI/UX implementation, REST API integration, unit testing frameworks, and cloud deployment strategies. His collaborative approach with cross-functional teams, including product managers, designers, and backend developers, has resulted in robust RESTful API architectures and seamless user experiences.Amey is passionate about mentoring development teams and establishing best practices that ensure the delivery of maintainable, scalable, and high-quality code. His approach combines technical excellence with strategic thinking, enabling organizations to build robust digital solutions that meet evolving business needs. He holds a Bachelor of Management Studies from the University of Mumbai and has completed an Advanced Programme in Software Development. He is a Microsoft Certified Professional Developer with specializations in .NET Framework applications, demonstrating his commitment to continuous learning and professional development.Based in the Bay Area, Amey continues to drive innovation in frontend development while contributing to the advancement of modern web application architectures.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Over the years, I’ve had the opportunity to speak at cybersecurity conferences, technology summits, university campuses, and industry communities where I focus on making security practical, relatable, and engaging through real-world stories, demonstrations, and attacker-driven thinking.I’ve delivered talks at events including ATAGTR 2024, ATAGTR 2025, AITestFest 2025, AITestFest 2026, Identity Shield, SAP Security Expert Summit, TechX, along with guest sessions and cybersecurity awareness talks across multiple university campuses.My sessions typically revolve around AI-driven threats, OSINT, phishing, social engineering, dark web exposure, privacy, cyber risk, and the growing intersection between offensive security and governance. I enjoy blending live demonstrations, attacker psychology, and practical security lessons to help audiences understand not just how attacks happen — but why organisations continue to underestimate them.Beyond conferences, I actively mentor aspiring professionals, contribute to security awareness initiatives, and enjoy simplifying complex security concepts for both technical and non-technical audiences.

Anubhab Sahu is a Senior Research Engineer at Keysight Technologies, working with the Application and Threat Intelligence (ATI) team. With an M.Tech in Cyber Security, he specializes in vulnerability research, AI/LLM security, reverse engineering, security analysis, and automation. He actively writes technical blogs on security topics including AI security and traffic analysis, and holds an approved US patent in the field. His work bridges the gap between offensive security research and real-world threat simulation, contributing to advanced cybersecurity network testing solutions. He has prior experience delivering technical talks at leading security conferences, including ROOTCON '19 - one of Southeast Asia's largest cybersecurity conferences. When he's not tinkering with tech, he enjoys sharing his expertise through technical writing, conference talks, and community meetups.

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering vulnerabilities in complex environments — from AWS misconfigurations to API flaws — he has worked with startups, enterprises, and government agencies to strengthen their security posture. Bhaumik is passionate about sharing real-world lessons from the field, mentoring the next generation of security professionals, and occasionally sneaking in a pop-culture reference or two to make security just a little more fun.

Hey, I’m Bhavesh Pardhi, a cybersecurity practitioner and bug hunter focused on real-world web application security.My work primarily revolves around reconnaissance, vulnerability discovery, and building practical workflows that improve efficiency in bug hunting. I focus on identifying real attack surfaces and optimizing recon processes to reduce noise and increase meaningful findings.I am the founder of CyberXsociety, a growing platform where I share cybersecurity knowledge through blogs, digital products, and a community-driven forum focused on real-world learning and methodologies.Alongside this, I am building a local tech community, Jalgaon Hackers Meetup, to connect and grow serious learners in cybersecurity, development, and related fields through discussions, meetups, and collaborative learning.My approach is strongly practical and system-driven. Instead of focusing only on tools, I focus on building structured methodologies that can be applied across different targets and environments.I am actively working on bug bounty programs, contributing to the cybersecurity community, and continuously exploring ways to improve recon workflows and vulnerability discovery processes.

I am a Threat Researcher at SonicWall Capture Labs with over 10 years of hands-on experience in malware analysis and cybersecurity. I specialise in PDF and MS Office malware, with deep expertise in static and dynamic analysis, reverse engineering obfuscated binaries, and tracking adversarial evasion techniques used by threat actors.I started my career at Quick Heal, where I worked on file-infecting viruses, writing detection signatures and repair routines for infected PE files. At Symantec, I was part of the IDS/IPS team, focusing on network-level intrusion detection and threat hunting. For the past seven years at SonicWall Capture Labs, I have been researching document-based malware, reverse engineering malicious payloads, and tracking how threat actors evolve their delivery and evasion strategies.I hold an M.Tech. in Computer Science (Security) from BITS Pilani, where my research was focused on machine learning for malware detection.Speaking ExperienceI have delivered internal threat research presentations at SonicWall, sharing findings on emerging PDF malware campaigns and novel evasion techniques with engineering and threat intelligence teamsI have conducted knowledge-sharing sessions on malware analysis methodologies, reverse engineering workflows, and PDF structure analysisI have published five technical threat research reports on the SonicWall Capture Labs blog, communicating complex malware findings to a broad security audience

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.