Find Expert Speakers

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

I am a versatile Application Security Engineer dedicated to enhancing the security posture of both web and mobile applications. My primary focus is on implementing robust security measures through thorough assessments, comprehensive source code reviews, and the integration of security practices within the DevSecOps framework. I specialise in embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines through various methods, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST). By driving effective threat modelling sessions, I identify and mitigate potential vulnerabilities early in the development lifecycle, ensuring that security is a fundamental component rather than an afterthought.Additionally, I work on building secure-by-default pipelines and guardrails tailored to the unique requirements of each project, fostering a culture of security awareness among development teams. My goal is to empower organisations to deliver secure applications without compromising on agility or performance.

Frequent speaker on secure software development, AI security, and innovative security practices at leading industry conferences, demonstrating thought leadership and innovation aligned with industry-leading organizations. Below are some of the recent topics I have shared:• “The Code You Didn’t Write: Invisible Threats in Modern Software Development”• "Security From the Start - The Financial and Operational Gains of Secure Software Development"• "Navigating the AI Landscape - Balancing Benefits and Risks of AI for Business Processes"• “Cybersecurity Controls That Fail: Lessons from History”• "Cyber Adversary Modeling - Bridging Gaps in Imperfect Data"

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Matthias Luft is a seasoned information security leader. After more than 15 years in security, he is still excited about a broad range of topics (from hypervisors via containers/clouds to security leadership) and has had the privilege to present on them around the globe. Currently he works on container and cloud security engineering. Outside of work, he enjoys the outdoors, martial arts, and spending time with dogs.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force. For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me. I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) and Security Architecture team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Pramod Rana is author of below open source projects:Omniscient - LetsMapYourNetwork: a graph-based asset management framework CICDGuard - Orchestrating visibility and security of CICD ecosystem vPrioritizer - Art of Risk Prioritization: a risk prioritization frameworkHe has presented at BlackHat, defcon, nullcon, OWASPGlobalAppSec, HITB, CyberConAus, rootcon, AppSecNZ, HackMiami, HackInParis, CodeBlue and Insomnihack before. He is OWASP Pune chapter lead.He is leading the application security function in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.

Sankar is a cybersecurity professional with over 10 years of experience spanning telecom, healthcare, product development, and banking industries. His expertise lies in vulnerability assessment, penetration testing, red team operations, and mobile application security for Android and iOS platforms. Currently at Aldar, Sankar leads security assessments across multiple organizational entities, helping strengthen enterprise defenses against evolving threats. He has responsibly disclosed critical vulnerabilities in major platforms including Salesforce (CVE-2023-22042) and Oracle, demonstrating his commitment to improving security across the industry. Beyond his professional role, Sankar actively participates in bug bounty programs and CTF competitions, and engages in Web3 security research through platforms like Immunefi. His current focus on AI-powered security automation and autonomous penetration testing frameworks reflects his dedication to advancing offensive security methodologies. Sankar holds a Postgraduate Diploma in Information Security from CDAC and regularly shares his insights through conference talks and technical presentations, contributing to both regional and global cybersecurity communities.

For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking. For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking.

I am an active educator in the cybersecurity community and currently work as a Consultant in Offensive Security at Kroll. I have delivered technical workshops at multiple colleges across India. These sessions cover practical topics like ethical hacking, mobile application penetration testing, and Red Teaming.I am also an instructor on Udemy. I share my knowledge with a global audience by creating courses that help students learn complex security concepts. In addition to teaching, I contribute to the industry as a Subject Matter Expert for Hack The Box. I help the community understand the latest trends in offensive security.​I have been recognised for my skills by the NCIIPC as one of the top 15 hackers in India. I also participate in bug bounty programs and have received acknowledgements from various organisations. My goal is to make cybersecurity education accessible and practical for everyone.

Vinod has spent the past decade working in cybersecurity across financial services, government, and tech sectors. Currently a Staff Security Engineer at PIP Labs, he navigates the intersection of traditional enterprise security and the emerging world of Web3 and blockchain infrastructure.His journey has taken him through companies like Amazon, Zapier, and HackerOne, where he's gained hands-on experience in penetration testing, cloud security architecture, and application security. He works with AWS, GCP, and Azure environments, focusing on threat modeling and secure DevOps practices while approaching security as an enabler rather than a blocker.He shares his experiences and lessons learned through writing on Medium, breaking down complex security topics and exploring practical approaches to building security programs that work in real-world environments. Outside of his day job, he participates in bug bounty programs, mentors aspiring security professionals, and continues researching emerging threats and technologies in both traditional and Web3 security landscapes.

A competent and committed professional currently working as a Cloud-Native Security Consultant on behalf of Control Plane. Fully energetic and ambitious person who has developed a mature and responsible approach to any undertaken task or situation he has been presented with.A competent and committed professional currently working as a Cloud-Native Security Consultant on behalf of Control Plane. Fully energetic and ambitious person who has developed a mature and responsible approach to any undertaken task or situation he has been presented with.