Find Expert Speakers

Ailin Castellucci’s speaking experience spans key cybersecurity communities and public forums across Latin America, where she delivers both technical workshops and high-level talks focused on practical, real-world security.She has been part of conference lineups such as NotPinkCon, where she presented “Cyber-Operation,” exploring cybersecurity and cyber conflict concepts in an accessible, audience-friendly way.At Congreso AGETIC 2023 (Bolivia), she led a hands-on workshop, “Threat Modeling in a Nutshell,” designed to help teams apply threat modeling methodologies in practice—covering strengths, real-life use, and the human challenges organizations face when implementing these practices. In the same event, she was also listed as a keynote speaker with “Avengers, assemble! – Seguridad colaborativa,” reinforcing her emphasis on collaborative security approaches.She has also spoken at the “Cibercrisis” conference series by Sombreros Blancos, where she presented a talk titled “Roses are red, violets are blue… there’s a spy in your net and she’s behind you!”, bringing an engaging, story-driven angle to security awareness and adversarial thinking.Beyond large events, Ailin frequently speaks in community and online formats—such as Discord sessions—on topics like “Seguridad Colaborativa,” aiming to bridge the gap between security best practices and what teams can realistically implement.Overall, her speaking style blends practitioner experience (offensive security, bug bounty, and security teams) with clear frameworks and actionable guidance, making her talks useful for both newcomers and experienced professionals.

🎤 Public Speaking & Knowledge Sharing1️⃣ 🇮🇳 Nullcon Goa 2026 — “Why Did the Model Think That? Demystifying the Black Box with Explainable AI (XAI)” 🔗 Link: https://nullcon.net/talk/why-did-the-model-think-that-demystifying-the-black-box-with-explainable-ai-xai/2️⃣ 🇮🇳 OWASP AppSec Days Bangalore 2025 — “Unveiling the Risks of MCP Servers: An In-Depth Exploration” 🔗 Link: https://owaspappsecdaysbangaloreoct.sched.com/event/28Z5G/unveiling-the-risks-of-mcp-servers-an-in-depth-exploration3️⃣ 🇸🇬 OWASP AppSec Days Singapore 2024 — “The Dark Side of AI: Exploring Adversarial Threats” 🔗 Link: https://owaspappsecdayssingapore202.sched.com/event/1ir3T/the-dark-side-of-ai-exploring-adversarial-threats4️⃣ 🇮🇪 Security BSides Dublin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://www.bsidesdub.ie/speakers.php5️⃣ 🇩🇪 Nullcon Berlin 2024 — “Into The Abyss: Adversarial Tactics In AI Security” 🔗 Link: https://nullcon.net/berlin-2024/speaker-into-the-abyss-adversarial-tactics-in-ai-security6️⃣ 🇮🇳 Seasides Infosec Conference 2023 — “Primer into SAP Penetration Testing & OWASP SAPKiln” 🔗 Link: https://www.bugbountyvillage.com/speakers7️⃣ 🇮🇳 c0c0n 15th Edition (2022) — “Hyperledger Fabric & Ethereum Apps: Security Deep Dive” 🔗 Link: https://india.c0c0n.org/2022/agenda8️⃣ 🇹🇳 OWASP Tunisia Chapter (2020) — “Blockchain Security” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=fRQrJttI5vI9️⃣ 🇮🇳 OWASP Kerala Chapter (2020) — “Pen Testing Blockchain Solutions (Ethereum Nodes & Smart Contracts)” 🎥 Watch on YouTube: https://www.youtube.com/watch?v=ahZ_V6qdBjQ

Anubhab Sahu is a Senior Research Engineer at Keysight Technologies, working with the Application and Threat Intelligence (ATI) team. With an M.Tech in Cyber Security, he specializes in vulnerability research, AI/LLM security, reverse engineering, security analysis, and automation. He actively writes technical blogs on security topics including AI security and traffic analysis, and holds an approved US patent in the field. His work bridges the gap between offensive security research and real-world threat simulation, contributing to advanced cybersecurity network testing solutions. He has prior experience delivering technical talks at leading security conferences, including ROOTCON '19 - one of Southeast Asia's largest cybersecurity conferences. When he's not tinkering with tech, he enjoys sharing his expertise through technical writing, conference talks, and community meetups.

I am a Threat Researcher at SonicWall Capture Labs with over 10 years of hands-on experience in malware analysis and cybersecurity. I specialise in PDF and MS Office malware, with deep expertise in static and dynamic analysis, reverse engineering obfuscated binaries, and tracking adversarial evasion techniques used by threat actors.I started my career at Quick Heal, where I worked on file-infecting viruses, writing detection signatures and repair routines for infected PE files. At Symantec, I was part of the IDS/IPS team, focusing on network-level intrusion detection and threat hunting. For the past seven years at SonicWall Capture Labs, I have been researching document-based malware, reverse engineering malicious payloads, and tracking how threat actors evolve their delivery and evasion strategies.I hold an M.Tech. in Computer Science (Security) from BITS Pilani, where my research was focused on machine learning for malware detection.Speaking ExperienceI have delivered internal threat research presentations at SonicWall, sharing findings on emerging PDF malware campaigns and novel evasion techniques with engineering and threat intelligence teamsI have conducted knowledge-sharing sessions on malware analysis methodologies, reverse engineering workflows, and PDF structure analysisI have published five technical threat research reports on the SonicWall Capture Labs blog, communicating complex malware findings to a broad security audience

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

I'm working as a Security Researcher at Seqrite Labs (Quick Heal), specializing in Advanced Persistent Threat (APT) hunting, cyber threat intelligence, malware reverse engineering, and adversary infrastructure analysis. Actively involved in uncovering sophisticated intrusion campaigns, mapping TTPs aligned with the MITRE ATT&CK framework, analyzing multi-stage malware ecosystems, and tracking nation-state and financially motivated threat actors across diverse attack surfaces.

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Jaswanth has speaking experience in multiple well reputed conference's such as Seasides goa, OWASP, Security BSides, NexGen CyberWomen, and multiple universities.

I am a Principal Researcher with Forcepoint's X-Labs team, focused on APT malware, information stealers, phishing attacks, and tracking the latest threats. My recent work expands into the emerging attack surface around AI and agentic systems, including in-the-wild indirect prompt injection research that has been covered widely in the security press. Over the years, I have investigated and published deep technical analyses on a wide range of active malware families, banking trojans, and infostealer campaigns targeting users across Latin America, Europe, and Asia. I regularly track how threat actors abuse legitimate infrastructure, cloud services, and emerging protocols to evade detection and scale their operations. My approach combines reverse engineering, behavioral analysis, and adversary emulation to translate frontline research into stronger defenses for customers. I am passionate about advancing defensive adversary emulation and threat research.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision “Build Locally, Scale Globally”, and he believes in empowering the Arab World to be recognized as a leader in technology research and development.Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape.Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today’s digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally.CTM360’s technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

Moonbeom ParkCPO(Chief Product Officer) @78ResearchLabFormer senior researcher of KrCERT/CC & KISAI'm working at 78ResearchLab(http://www.78researchlab.com) in South Korea, a company specializing in the development of cyber warfare tactics and offensive and attack technologies. They analyze the cyber warfare strategies of Advanced Persistent Threat(APT) groups and conduct research on of attack techniques such as 0-day vulnerabilities and develop various cyber weapons, exploites, Post-Exploitation techniques that can be utilized in cyber warfare operations.

Cybersecurity professional working at the intersection of offensive security, vulnerability management, and real world enterprise risk. Experience includes security research, penetration testing, and leading governance initiatives across large scale global environments, with a focus on translating adversarial thinking into practical security improvements and resilient organizational defenses.

lives in Boston with his wife and two cats, enjoys solving math problems on college chalkboards at night, and runs a website dedicated to the city's best dive bars. He works at a security startup and maintains a blog focused on OSINT and North Korea

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) and Security Architecture team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Partho Alkesh Pandya (known online as Psychomong) is a cybersecurity professional from Patan/Ahmedabad, Gujarat, India. He currently serves as Cyber Security Manager at Decimal Point Analytics in Ahmedabad. He previously worked as a Cyber Security Analyst at Demmisto Technologies.Professional Bio & ExpertisePartho is a recognized ethical hacker, bug bounty hunter, digital forensics expert, and VAPT (Vulnerability Assessment and Penetration Testing) specialist. He holds over 100 certifications, including CEH v13 AI (Certified Ethical Hacker) and ISO 42001 Lead Auditor. He focuses on practical cybersecurity research, threat intelligence, AI-related risks, deepfakes, and digital safety awareness.He is an active public speaker, educator, and content creator. He has:Delivered 130+ workshops and seminars on cyber awareness, ethical hacking, and emerging threats at colleges, universities, conferences (IIT & IIMs)and educational platforms.Trained police personnel on cybersecurity topics.Served as a panelist/expert on news channels (e.g., Nirman News) discussing topics like OpenAI trends, digital vigilance, and business cybersecurity risks.Built a following through his Medium blog (Psychomong), LinkedIn, Instagram (@parthopandya), and YouTube, where he shares practical insights, research, and awareness content. His blogging and speaking journey started after encouragement from mentors to deepen his own expertise by teaching others.Claim to FameBug bounty discoveries: Notably found and reported vulnerabilities (including an XSS flaw) on high-profile sites such as NASA and RBI (Reserve Bank of India), earning recognition in the ethical hacking community.Public educator and speaker: Frequently invited for talks, workshops, and media appearances on real-world cyber threats, making complex topics accessible to students, professionals, and law enforcement.Community contributor: Known for promoting free, practical cybersecurity education and collaborating on learning resources.

Sr. Security Engineer @ Coupa Software . Passionate Learner for OffSec and Security Engineering. Working collaboratively with Security Operations , Security Engineering & Threat Management @ Coupa Software

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

Rahul is a security researcher with 7+ years in offensive security and red teaming. He specializes in malware development, AV/EDR evasion, and bypassing security controls in heavily defended environments. As a full-time red teamer, he's built tools and developed techniques that work against real-world security stacks.He currently works as Manager of Offensive Security and Threat Assessment with leading financial organizations across the Middle East, collaborating with red, blue, and purple teams to find and fix security gaps in enterprise infrastructure. He's spoken at international conferences including BlackHat, CONFidence, and HAcktivity.His expertise spans enterprise security and cloud infrastructure, with particular focus on identifying and exploiting design flaws in hardened environments.

Guest Lecturer: Certified Ethical Hacking (CEH)Poornima University, Jaipur | 2023 (Offline/On-Campus)The Engagement: Delivered an intensive 4-day offline lecture series to a cohort of over 200+ cybersecurity students.The Impact: Managed the full end-to-end delivery of the CEH program, translating dense theoretical frameworks into practical, hands-on offensive security insights.Key Achievement: Successfully maintained high engagement for a large-scale student body, focusing on real-world exploit demonstrations and career guidance in the offensive security domain.International Cybersecurity TrainerBLACKOPS Cybersecurity Consortium | Online (International)The Engagement: Provided specialized online technical training specifically for cybersecurity students located in the Philippines.The Impact: Focused on bridging international security gaps by teaching advanced penetration testing methodologies and vulnerability research.Key Achievement: Delivered high-value training across time zones, ensuring that complex security concepts were accessible and actionable for a global audience.Head Coordinator & Mentor: National Internship ProgramMSG’s Crime Free Bharat (CFB) | 2021 (Online/National)The Engagement: Served as the Head Coordinator for a massive 6-month online internship program, managing and mentoring over 500+ students.The Impact: Oversaw the technical and administrative direction of the program, designed to educate the next generation of security professionals on digital crime prevention and offensive security basics.Key Achievement: Successfully scaled a mentorship framework to support a massive volume of interns, maintaining quality control and technical rigor over a half-year duration.

R.D. Tarun (RDT) is a cybersecurity researcher specializing in malware analysis, reverse engineering, and adversary tradecraft. His work focuses on dissecting real-world attack campaigns, with particular emphasis on multi-stage infection chains, fileless execution, and evolving infostealer ecosystems.He conducts in-depth research on active malware campaigns, tracking their progression from commodity tooling to custom-developed payloads. His analysis has uncovered previously undocumented behavior, including custom infostealers, infrastructure patterns, and techniques used to evade modern defenses. His research has been widely circulated within the security community and covered by multiple security news outlets and industry publications.His work combines static and dynamic analysis with memory-level investigation to trace full execution chains from initial access to data exfiltration. He focuses on understanding attacker tradecraft end-to-end and translating offensive techniques into practical detection strategies for SOC and DFIR teams.He actively publishes technical deep-dives on malware, including infostealers, fileless loaders, and multi-stage attack chains, and has presented his research at reputed security community meetups and forums.

Detection and Response Analyst focused on understanding how real-world attacks actually unfold beyond initial detection.- Experienced across endpoint, network, identity, and cloud investigations - Background in internal SOC and security engineering (IR, monitoring, detections) - Interested in OS behavior, execution flow, and abuse of trusted components - Tend to go beyond alerts, connecting signals and reconstructing attack chains - Outside work: travel, people, cultures, and adrenaline hits.