Find Expert Speakers

Hushcon West 2019Presented a technical talk on cellular infrastructure security, focusing on real-world weaknesses in mobile and carrier-adjacent systems. The session drew from hands-on research into cellular protocols, deployment realities, and how attackers exploit assumptions in telecom environments that are often treated as “trusted” or out of scope by enterprise security teams.Hushcon East 2023Delivered a talk centered on hacker culture, attacker mindset, and how security thinking evolves outside formal frameworks. The session explored how curiosity-driven exploration, informal knowledge sharing, and cultural norms shape real attacker behavior more accurately than checklists, tooling, or compliance-driven models.PRaSEC 2023Presented a red-team-focused session on Domain Admin attack paths, blending practical exploitation techniques with philosophical perspectives on adversary reasoning. The talk emphasized how attackers model trust, authority, and system design to move from initial access to full domain control.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Working since 15+y in telecom security, striving to move the industry to a more open and collaborative approach of critical infrastructure security. Today, leading POST Luxembourg TelcoSec team developing offensive & defense capabilities, research and building telecom security solutions to protect operators around the world. I have been previously publishing at Underground Economy, Chaos Computer Congres (CCC), Hack.lu, CTI-Summit, ETIS, GSMA FSAG, ENISA Telecom Security Forum, HITB, Troopers, TSD, HackitoErgoSum and many other private conference where we are invited to share our research.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and various B-Side events. He is a perennial feature at the Thotcon conference in his native Chicago, USA and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the country. 

Feel free to email me on basically anything on computing or history

EXPERTISE:- Experienced Cyber Security with a demonstrated history of working in the several industry. Skilled in Penetration testing, XDR, EDR, DFIR, Threat Hunting, and OSINT.- Advanced Ethical Hacking:Proficient in various hacking methodologies, including but not limited to network penetration testing, (web, API, Infra, mobile) application testing, wireless network exploitation, and social engineering.- Deep Knowledge of Security Frameworks: Expertise in industry- standard security frameworks such as OWASP, NIST, and PTES, with the ability to apply their guidelines effectively

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Dustin Heywood, otherwise known as EvilMog has been in the Cybersecurity Industry for close to 2 decades. He is an Executive Managing Hacker and Senior Technical Staff Member for IBM X-Force, a member of "Team Hashcat", and a Bishop of the "Church of Wifi".EvilMog is a world champion Hacker Jeopardy Player, and a holder of multiple "Black Badges" including DEFCON, THOTCON, and CypherCon.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

As a seasoned technologist, life-long hacker, and world-renowned security professional, I excel at tackling complex problems from unconventional angles to uncover innovative solutions. With expertise in managing multicultural environments, I bridge the gap between commercial and technical sides of businesses, aligning international teams to achieve common goals. My entrepreneurial spirit and technical acumen enable me to navigate crisis situations, chaotic business environments, and strategic changes with ease.With a deep understanding of IP networking, telecom, internet communications, security, and cloud computing, I stay ahead of the curve by exploring new technologies before they hit the market. I analyze their strategic implications, disruptive effects, and emerging opportunities, providing valuable insights to businesses.My extensive experience spans designing complex computing environments, evaluating security issues in widely used systems, including election equipment, and authoring academic studies on election security. As a co-founder of the first pan-European internet service provider EUNet, I have a proven track record of developing secure communication protocols and technologies.Since 2005, I have advised law and policy makers, national and local governments, on cybersecurity and critical infrastructure in the United States, ASEAN, and elsewhere. I work with multiple companies on security technologies, identity management, cryptography, and digital biotech applications. My expertise is also sought after for security trainings and assessments of critical infrastructure worldwide.As a co-founder and co-organizer of DEF CON Voting Village, I have played a pivotal role in shaping the global security research and hacker community. My work has been featured in two Emmy-nominated HBO documentary films, "Hacking Democracy" (2006) and "Kill Chain: The Cyber War on America's Elections" (2020), showcasing my successful proof-of-concept mock election hack and follow-up analysis on election security.

I am a versatile Application Security Engineer dedicated to enhancing the security posture of both web and mobile applications. My primary focus is on implementing robust security measures through thorough assessments, comprehensive source code reviews, and the integration of security practices within the DevSecOps framework. I specialise in embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines through various methods, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST). By driving effective threat modelling sessions, I identify and mitigate potential vulnerabilities early in the development lifecycle, ensuring that security is a fundamental component rather than an afterthought.Additionally, I work on building secure-by-default pipelines and guardrails tailored to the unique requirements of each project, fostering a culture of security awareness among development teams. My goal is to empower organisations to deliver secure applications without compromising on agility or performance.

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Makoto Sugita is an independent security researcher with expertise in network defense, penetration testing, and active cyber deception. He has delivered talks and live demonstrations at major conferences including Black Hat USA and BSides Las Vegas. His recent work, the Azazel System, introduces a portable SOC/NOC concept designed for resilience in disaster environments, combining intrusion detection, deception technologies, and delaying action strategies.

Markus Vervier is a security researcher from Germany. Software security is his main focus of work. During the last 15 years he collected professional experience in offensive IT security working as a penetration tester and security consultant for highly regarded companies. His experience combined with his personal passion regarding security research made him start his own company in 2015. Besides his daily security work, he is very actively practicing security research and discovers high profile vulnerabilities regularly such as the recent libotr heap overwrite.

Mathew Caplan is Director of International Professional Services and a Security Advisor for Orange Cyberdefense based in London, England. He is a highly experienced cybersecurity specialist with over 25 years in the field and a proven record in the implementation of information risk management processes.As a recognised trusted advisor, Mathew has helped many businesses with cybersecurity strategy, governance, process and policy. He works in the Orange Group on many international projects being the go-to guy on security and compliance matters and enjoys finding sustainable solutions to challenging problems.Mathew loves music, movies, and cats and wherever possible will combine his audio-visual skills to simplify complex topics and breathe life into cybersecurity.