Find Expert Speakers

Yeonwoo Park previously conducted penetration testing projects targeting Korean companies at his former workplace (Core Research Team at Raon Secure) and currently serves as a red teamer at his current workplace (Cyber Threat Analysis Team at SK AX).Through his AD zero-day research, he discovered an exception-handling flaw in the Kerberos protocol, uncovering a method to bypass Microsoft's security policies. Furthermore, through continuous research into areas undetected by popular open-source tools like BloodHound and unexplored topics, he contributes to enhancing the maturity of the red team.

I’m currently working as a Security Analyst, with experience in both red team and blue team operations. My current focus is on red team engagements, zero-day research, and malware analysis.

Hushcon West 2019Presented a technical talk on cellular infrastructure security, focusing on real-world weaknesses in mobile and carrier-adjacent systems. The session drew from hands-on research into cellular protocols, deployment realities, and how attackers exploit assumptions in telecom environments that are often treated as “trusted” or out of scope by enterprise security teams.Hushcon East 2023Delivered a talk centered on hacker culture, attacker mindset, and how security thinking evolves outside formal frameworks. The session explored how curiosity-driven exploration, informal knowledge sharing, and cultural norms shape real attacker behavior more accurately than checklists, tooling, or compliance-driven models.PRaSEC 2023Presented a red-team-focused session on Domain Admin attack paths, blending practical exploitation techniques with philosophical perspectives on adversary reasoning. The talk emphasized how attackers model trust, authority, and system design to move from initial access to full domain control.

Aden is a Lead Penetration Tester at BAE Systems DI based in Malaysia, with over 10 years of experience in offensive security. He has successfully led red teaming and advanced penetration testing engagements across multiple industries worldwide, uncovering critical vulnerabilities in both applications and infrastructure. Beyond client work, he actively contributes to bug bounty and vulnerability disclosure programs. His research has led to the discovery of multiple internet-exposed vulnerabilities, earning him 18 CVE IDs to date. He has previously shared his work at ROOTCON, BSides, Nanosec, and RedTeam Hacker Academy conferences.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Ailin Castellucci’s speaking experience spans key cybersecurity communities and public forums across Latin America, where she delivers both technical workshops and high-level talks focused on practical, real-world security.She has been part of conference lineups such as NotPinkCon, where she presented “Cyber-Operation,” exploring cybersecurity and cyber conflict concepts in an accessible, audience-friendly way.At Congreso AGETIC 2023 (Bolivia), she led a hands-on workshop, “Threat Modeling in a Nutshell,” designed to help teams apply threat modeling methodologies in practice—covering strengths, real-life use, and the human challenges organizations face when implementing these practices. In the same event, she was also listed as a keynote speaker with “Avengers, assemble! – Seguridad colaborativa,” reinforcing her emphasis on collaborative security approaches.She has also spoken at the “Cibercrisis” conference series by Sombreros Blancos, where she presented a talk titled “Roses are red, violets are blue… there’s a spy in your net and she’s behind you!”, bringing an engaging, story-driven angle to security awareness and adversarial thinking.Beyond large events, Ailin frequently speaks in community and online formats—such as Discord sessions—on topics like “Seguridad Colaborativa,” aiming to bridge the gap between security best practices and what teams can realistically implement.Overall, her speaking style blends practitioner experience (offensive security, bug bounty, and security teams) with clear frameworks and actionable guidance, making her talks useful for both newcomers and experienced professionals.

Working since 15+y in telecom security, striving to move the industry to a more open and collaborative approach of critical infrastructure security. Today, leading POST Luxembourg TelcoSec team developing offensive & defense capabilities, research and building telecom security solutions to protect operators around the world. I have been previously publishing at Underground Economy, Chaos Computer Congres (CCC), Hack.lu, CTI-Summit, ETIS, GSMA FSAG, ENISA Telecom Security Forum, HITB, Troopers, TSD, HackitoErgoSum and many other private conference where we are invited to share our research.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Aryan is a senior security researcher with nearly six years of focused experience in malware development, AV/EDR evasion, and low-level system programming. His work bridges deep technical research and practical offensive security, creating advanced tooling for red team engagements. He holds the CRTO certification and has led numerous adversarial simulations against mature defenses. His research also extends to implementing fuzzing frameworks and automation.Previous Speaking Engagements:WildWest Hackin' Fest - Presented research on advanced security evasion.The Hack Summit - Delivered a talk on modern malware techniques.CarolinaCon - Shared findings in offensive security research.BSides Ahmedabad - Led technical training sessions on red team tooling and methodologies.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Carlos Gómez Quintana is a Security Consultant at IOActive, specializing in Red Team operations and offensive security. As one of the youngest professionals to join the firm, he conducts advanced penetration testing, adversarial simulation, and security research across diverse enterprise environments.At IOActive, Carlos focuses on cutting-edge security research, including automotive security where he has developed novel attack techniques such as rollback agnostic replay attacks against vehicular systems. He regularly conducts Red Team engagements that simulate real-world adversarial scenarios for enterprise clients.Carlos is an active security researcher and contributor to Maldev Academy, where he has contributed to the phishing section and active research on malware development.

Chiao-Lin Yu (Steven Meow) currently serves as a Red Team Cyber Threat Researcher at Trend Micro. He holds numerous professional certifications including OSCE³ , OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as DEFCON Main Stage, IoT Village, Car Hacking Village, Security BSides Tokyo, HITCON Bounty House, and CYBERSEC. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans red team exercises, web security and IoT security.

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and various B-Side events. He is a perennial feature at the Thotcon conference in his native Chicago, USA and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the country. 

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRG | MCPD Enterprise ArchitectChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder ofAuroraSec and RRG, and has helped develop many of today’s most widely used RFIDresearch tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-knownRFID hacking and Proxmark3 evangelist, serving the community as both a forumadministrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black HatAsia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon. He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 14 years of experience in bespoke software development, Christian specializes in.NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFIDtechnologies, and has served as an instructor for Red Team Alliance (RTA), including trainingsessions at Black Hat.

Diyar Saadi Ali is a formidable force in the realm of cybersecurity, renowned for their expertise in cybercrime investigations and their role as a certified SOC and malware analyst. With a laser-focused mission to decode and combat digital threats, Diyar approaches the complex world of cybersecurity with precision and unwavering dedication. At the core of their professional journey lies real-time security event monitoring a task Diyar executes with exceptional vigilance and expertise. As a respected MITRE ATT&CK Contributor, they have made invaluable contributions to the global cybersecurity community, sharing insights and strategies that help organizations bolster their defenses against evolving cyber threats. Diyar’s impact is further amplified by their role as the discoverer and owner of critical Common Vulnerabilities and Exposures (CVEs), including CVE-2024-25400 and CVE-2024-25399. These achievements underscore their commitment to identifying and addressing systemic vulnerabilities that could otherwise threaten digital ecosystems.

Dominic Chell is a seasoned cybersecurity expert and one of the co-founders and directors at MDSec, a UK-based consultancy specializing in red teaming, application security, and adversary simulation. He has over 20 years of hands-on experience, delivering technical security assessments and training for major financial, government, and retail organizations .

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell is a 2025 recipient of the DARPA YFA for $500,000. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

My journey in cybersecurity didn't start at the finish line. I built my foundation from the ground up, working extensively as a Security Analyst and Penetration Tester. Those early years spent analyzing defenses gave me the perspective I needed to evolve into my current role as a Head RND practitioner and Red Teamer.Sharing knowledge has always been a core part of my professional growth. Since 2012, I have been actively presenting materials on network security, Man-in-the-Middle attacks, and wireless security within university environments. This passion for research eventually led me to my current specific focus: biometric security.To truly test the limits of these systems, I realized I needed to build my own arsenal. This led me to develop several custom security tools specifically for biometric device pentesting, including zksentinel, Bac0d, GAMPAR, Tab0k, B0c0r, and BA RAT.I’ve been fortunate enough to share the insights from this development journey on larger stages like IDSecConf, where I first presented "Semi-automating Vulnerability Scanner and Exploitation in Biometric Systems." Most recently, I took that research further with a talk titled "Beyond the Match: From Biometric Bypass to Full Control - The Post-Exploitation Secrets Red Teams Use."At the end of the day, my goal isn't just to break systems, but to understand them deeply. My sincere hope is that the tools and knowledge I share can serve as useful resources for others and contribute positively to our community."

I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others. I’ve served as University Professor in Master Degree - Portugal and Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

Johann Rehberger has over twenty years of experience in threat modeling, risk management, penetration testing, and red teaming. During his tenure at Microsoft, Johann established a Red Team within Azure Data and led the program as Principal Security Engineering Manager. He went on to build a Red Team at Uber, and currently serves as Red Team Director at Electronic Arts. In addition to his industry roles, Johann is an active security researcher and a former instructor in ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK and ATLAS frameworks and is the author of "Cybersecurity Attacks - Red Team Strategies". He holds a master's degree in computer security from the University of Liverpool. You can find his latest research at embracethered.com.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.