Find Expert Speakers

Abhisek R is a Security Consultant at NetSPI, where he specializes in internal network penetration testing, with a strong focus on Active Directory security assessments. He has also worked on penetration tests across web applications, APIs, mobile platforms, and enterprise environments in previous organizations.He has reported security vulnerabilities to organizations such as Google, Zoho, and Brave, and has contributed to publicly disclosed vulnerabilities, including CVE-2023-21035. His experience spans vulnerability assessments, penetration testing, and security research across a wide range of modern attack surfaces.Abhisek is also the host of “The Abhisek Cast,” a cybersecurity podcast that explores lesser-known and under-discussed areas of the security ecosystem, featuring CEOs, CISOs, and security researchers from across the industry. He actively contributes to the security community through research, knowledge sharing, and technical discussions aimed at making complex security topics more accessible.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

I often deliver technical security content to professional and executive level audiences. For example, as a SOC Analyst at IDDA, I directly presented our SOAR (Security Orchestration, Automation and Response) platform to Ministry of Security representatives. I gave a technical walkthrough of the platform architecture, incident automation workflows, threat correlation mechanisms, and presented real world use cases. Subsequent to the presentation, the product received considerable interest from multiple stakeholders and potential investors.I've also attended vendor meetings with Palo Alto and Forcepoint DLP, presenting technical assessments and making workflow recommendations to help optimize the deployment of security products and their integration into the corporate environment.Besides this type of enterprise-level presentation, I've also been the guy on the team to go to an international hackathon. I presented AI security and automation concepts at an innovation event in Georgia. I gave a presentation to a technical evaluation panel, detailing the design of the system, the model for threat detection, and the architecture of the data pipeline.I also took part in the Google AI Hackathon in Kazakhstan, where I presented a detailed technical pitch including model architecture, implementation strategy, and deployment aspects to judges and business representatives.These occasions implied explaining intricate technical details in a digestible form, addressing immediate technical inquiries, justifying architecture choices, and discussing security compromises. I feel at ease presenting deeply technical information to both engineering communities and business leaders.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Anubhab Sahu is a Senior Research Engineer at Keysight Technologies, working with the Application and Threat Intelligence (ATI) team. With an M.Tech in Cyber Security, he specializes in vulnerability research, AI/LLM security, reverse engineering, security analysis, and automation. He actively writes technical blogs on security topics including AI security and traffic analysis, and holds an approved US patent in the field. His work bridges the gap between offensive security research and real-world threat simulation, contributing to advanced cybersecurity network testing solutions. He has prior experience delivering technical talks at leading security conferences, including ROOTCON '19 - one of Southeast Asia's largest cybersecurity conferences. When he's not tinkering with tech, he enjoys sharing his expertise through technical writing, conference talks, and community meetups.

Offensive Security Lead and globally ranked security researcher with extensive experience in vulnerability research and red teaming. Recognized as Best Bug Hunter at Microsoft MVR (2023–2025) and acknowledged by leading organizations including Apple (2022) and Google (2021). Featured in the Hall of Fame of 300+ Fortune companies for responsible disclosures.Holds multiple industry certifications including CRTP, LPT, CPENT, eWPTXv2, CHFI, and CEH. Discovered and reported 5 CVEs. Active CTF player and public speaker, regularly sharing insights on offensive security, bug bounty methodologies, and advanced attack techniques at international conferences and universities.

Hey, I’m Bhavesh Pardhi, a cybersecurity practitioner and bug hunter focused on real-world web application security.My work primarily revolves around reconnaissance, vulnerability discovery, and building practical workflows that improve efficiency in bug hunting. I focus on identifying real attack surfaces and optimizing recon processes to reduce noise and increase meaningful findings.I am the founder of CyberXsociety, a growing platform where I share cybersecurity knowledge through blogs, digital products, and a community-driven forum focused on real-world learning and methodologies.Alongside this, I am building a local tech community, Jalgaon Hackers Meetup, to connect and grow serious learners in cybersecurity, development, and related fields through discussions, meetups, and collaborative learning.My approach is strongly practical and system-driven. Instead of focusing only on tools, I focus on building structured methodologies that can be applied across different targets and environments.I am actively working on bug bounty programs, contributing to the cybersecurity community, and continuously exploring ways to improve recon workflows and vulnerability discovery processes.

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell is a 2025 recipient of the DARPA YFA for $500,000. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

Instructor-led training and lectures in cybersecurity, bug bounty hunting, and blockchain development through Flowdiary. Regularly deliver technical walkthroughs, live exploitation demos, and vulnerability analysis sessions for learners and developers. Experience presenting complex security concepts clearly to both technical and non-technical audiences.

I have a speaking experience of almost around 2.5 years, I started givung sessions from my own college utself and then I have been approached to provide expert training sessions in multiple colleges by far I might have given training sessions at around 6 to 7 colleges and i have also given online sessions as well. And my LinkedIn profile is proof of it.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

As we hand more agency to machines, we’re creating identities that can act, but not always be held accountable. I research how to red team and secure autonomous AI systems before that gap becomes systemic risk. My work lives at the intersection of offensive security and the rapid, often untethered growth of artificial intelligence. As an AI/ML Researcher and Red Teamer, I don't just look for bugs; I map the boundaries of autonomous systems to ensure they remain resilient when the unexpected happens. From the intricate layers of LLM pipelines to the hidden vulnerabilities in blockchain and DevSecOps automations, I focus on uncovering risks before they become reality. At DEF CON 33, I had the opportunity to speak on the Policy Track about the legal frameworks for ethical hacking. To me, security is as much about the humans who defend the systems as it is about the code itself. Advocating for global safe harbor standards is a vital part of ensuring that researchers can continue to protect the digital world without fear. I believe that as we hand more agency to machines, our need for intentional, human-centered security only grows. Whether I am simulating a real-world attack on an AI-driven workflow or refining a policy for international safety, my goal is to provide a clean window of clarity in an increasingly complex threat landscape. I am always open to quiet conversations about the offensive side of security, the future of AI resilience, or the ongoing effort of building trust in technology.

I'm an engineer from Turkey, who is interested with biotechnology, computer science and digital gaming.So far, I made over 2million$ from bug bounty on multiple platforms like Synack, Bugcrowd and HackerOne combined.

Cybersecurity professional working at the intersection of offensive security, vulnerability management, and real world enterprise risk. Experience includes security research, penetration testing, and leading governance initiatives across large scale global environments, with a focus on translating adversarial thinking into practical security improvements and resilient organizational defenses.

Pramod Rana is author of below open source projects:Omniscient - LetsMapYourNetwork: a graph-based asset management framework CICDGuard - Orchestrating visibility and security of CICD ecosystem vPrioritizer - Art of Risk Prioritization: a risk prioritization frameworkHe has presented at BlackHat, defcon, nullcon, OWASPGlobalAppSec, HITB, CyberConAus, rootcon, AppSecNZ, HackMiami, HackInParis, CodeBlue and Insomnihack before. He is OWASP Pune chapter lead.He is leading the application security function in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.

Guest Lecturer: Certified Ethical Hacking (CEH)Poornima University, Jaipur | 2023 (Offline/On-Campus)The Engagement: Delivered an intensive 4-day offline lecture series to a cohort of over 200+ cybersecurity students.The Impact: Managed the full end-to-end delivery of the CEH program, translating dense theoretical frameworks into practical, hands-on offensive security insights.Key Achievement: Successfully maintained high engagement for a large-scale student body, focusing on real-world exploit demonstrations and career guidance in the offensive security domain.International Cybersecurity TrainerBLACKOPS Cybersecurity Consortium | Online (International)The Engagement: Provided specialized online technical training specifically for cybersecurity students located in the Philippines.The Impact: Focused on bridging international security gaps by teaching advanced penetration testing methodologies and vulnerability research.Key Achievement: Delivered high-value training across time zones, ensuring that complex security concepts were accessible and actionable for a global audience.Head Coordinator & Mentor: National Internship ProgramMSG’s Crime Free Bharat (CFB) | 2021 (Online/National)The Engagement: Served as the Head Coordinator for a massive 6-month online internship program, managing and mentoring over 500+ students.The Impact: Oversaw the technical and administrative direction of the program, designed to educate the next generation of security professionals on digital crime prevention and offensive security basics.Key Achievement: Successfully scaled a mentorship framework to support a massive volume of interns, maintaining quality control and technical rigor over a half-year duration.