Find Expert Speakers

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I am a versatile Application Security Engineer dedicated to enhancing the security posture of both web and mobile applications. My primary focus is on implementing robust security measures through thorough assessments, comprehensive source code reviews, and the integration of security practices within the DevSecOps framework. I specialise in embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines through various methods, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST). By driving effective threat modelling sessions, I identify and mitigate potential vulnerabilities early in the development lifecycle, ensuring that security is a fundamental component rather than an afterthought.Additionally, I work on building secure-by-default pipelines and guardrails tailored to the unique requirements of each project, fostering a culture of security awareness among development teams. My goal is to empower organisations to deliver secure applications without compromising on agility or performance.

Topic:CTI: Dark Web Credential Monitoring Is Expensive Regret NotificationWhat processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.They Tested Everything Except What FailedDissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.Google Cloud Armor Vulnerability DiscoveryFound a critical WAF bypass in Google Cloud Armor. Google patched it globally.Beyond SAST: Building a Multi-LLM JudgeUsing multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.Strategic Detection Engineering at ScaleBuilding proactive threat detection for government platforms serving 50M+ users. Detection over reaction.

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Sankar is a cybersecurity professional with over 10 years of experience spanning telecom, healthcare, product development, and banking industries. His expertise lies in vulnerability assessment, penetration testing, red team operations, and mobile application security for Android and iOS platforms. Currently at Aldar, Sankar leads security assessments across multiple organizational entities, helping strengthen enterprise defenses against evolving threats. He has responsibly disclosed critical vulnerabilities in major platforms including Salesforce (CVE-2023-22042) and Oracle, demonstrating his commitment to improving security across the industry. Beyond his professional role, Sankar actively participates in bug bounty programs and CTF competitions, and engages in Web3 security research through platforms like Immunefi. His current focus on AI-powered security automation and autonomous penetration testing frameworks reflects his dedication to advancing offensive security methodologies. Sankar holds a Postgraduate Diploma in Information Security from CDAC and regularly shares his insights through conference talks and technical presentations, contributing to both regional and global cybersecurity communities.

I am an active educator in the cybersecurity community and currently work as a Consultant in Offensive Security at Kroll. I have delivered technical workshops at multiple colleges across India. These sessions cover practical topics like ethical hacking, mobile application penetration testing, and Red Teaming.I am also an instructor on Udemy. I share my knowledge with a global audience by creating courses that help students learn complex security concepts. In addition to teaching, I contribute to the industry as a Subject Matter Expert for Hack The Box. I help the community understand the latest trends in offensive security.​I have been recognised for my skills by the NCIIPC as one of the top 15 hackers in India. I also participate in bug bounty programs and have received acknowledgements from various organisations. My goal is to make cybersecurity education accessible and practical for everyone.

Vinod has spent the past decade working in cybersecurity across financial services, government, and tech sectors. Currently a Staff Security Engineer at PIP Labs, he navigates the intersection of traditional enterprise security and the emerging world of Web3 and blockchain infrastructure.His journey has taken him through companies like Amazon, Zapier, and HackerOne, where he's gained hands-on experience in penetration testing, cloud security architecture, and application security. He works with AWS, GCP, and Azure environments, focusing on threat modeling and secure DevOps practices while approaching security as an enabler rather than a blocker.He shares his experiences and lessons learned through writing on Medium, breaking down complex security topics and exploring practical approaches to building security programs that work in real-world environments. Outside of his day job, he participates in bug bounty programs, mentors aspiring security professionals, and continues researching emerging threats and technologies in both traditional and Web3 security landscapes.

Yuan Yudistira is the Head of Information Security at Siloam Hospitals Group, where he leads enterprise cybersecurity and digital risk strategy across 41 hospitals. He works closely with executive leadership to enable secure digital health transformation, secure cloud adoption, data protection, and operational resilience in large, complex healthcare environments.With over 12 years of experience spanning information security leadership, cloud architecture, and risk governance, Yuan has led initiatives aligned with NIST Cybersecurity Framework and ISO 27001 to strengthen cyber resilience, protect sensitive health data, and support scalable, cloud-first healthcare operations. He is a CISSP and CISM certified professional and a published book author on practical cybersecurity and risk management for organizations.