Find Expert Speakers

Aryan is a senior security researcher with nearly six years of focused experience in malware development, AV/EDR evasion, and low-level system programming. His work bridges deep technical research and practical offensive security, creating advanced tooling for red team engagements. He holds the CRTO certification and has led numerous adversarial simulations against mature defenses. His research also extends to implementing fuzzing frameworks and automation.Previous Speaking Engagements:WildWest Hackin' Fest - Presented research on advanced security evasion.The Hack Summit - Delivered a talk on modern malware techniques.CarolinaCon - Shared findings in offensive security research.BSides Ahmedabad - Led technical training sessions on red team tooling and methodologies.

Chi-en “Ashley” Shen is a Security Research Engineering Technical Leader at Cisco Talos, specializing in emerging threat research—ranging from nation-state attacks to financially motivated crimes and spyware campaigns. Before joining Cisco, she worked at Google’s Threat Analysis Group, where she hunted zero-day exploits and tracked botnets. Prior to that, she was part of Mandiant’s Global Research Team, where she co-authored the APT41 report and published research on ICEFOG campaigns. In Taiwan, Ashley co-founded Team T5 and served as a senior threat analyst with a focus on targeted attacks in APAC. A passionate advocate for women in cybersecurity, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan, and she currently organizes Rhacklette, a security community for FINTA in Switzerland. She has presented her research at a range of conferences, including Black Hat, HITB, HITCON, FIRST, Pivotcon and CODE BLUE. In her free time, she supports the community by offering training sessions and serving on the review boards for Black Hat, HITCON, and HITB.

1. Guest Speaker at BINUS University (Indonesia) | 2024Topic: Cybersecurity Practices & The "Open Possible" SpiritDescription: Delivered a keynote during an overseas technical exchange, sharing insights on Taiwan Mobile's security strategies and fostering transnational internship opportunities.2. Internal Technical Seminar at Taiwan MobileTopic: Case Study: Exploiting Google Web Designer (Zip Slip Vulnerability)Description: A deep-dive presentation analyzing the root cause of a $7,500 Google VRP finding. Covered the discovery process, exploitation of the path traversal defect, and the final reporting methodology.3. Advanced Security Training Series (Internal)Topic: Offensive Security & Reverse EngineeringDescription: Conducted multiple technical sessions for internal engineering teams. Topics included:DLL Hijacking & Patch Diffing: Analyzing attack vectors in Windows environments.Reverse Engineering: Practical training using IDA Pro and Linux CTF challenges.Web Exploitation: Methodologies for identifying XSS and SQL Injection vulnerabilities

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRG | MCPD Enterprise ArchitectChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder ofAuroraSec and RRG, and has helped develop many of today’s most widely used RFIDresearch tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-knownRFID hacking and Proxmark3 evangelist, serving the community as both a forumadministrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black HatAsia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon. He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 14 years of experience in bespoke software development, Christian specializes in.NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFIDtechnologies, and has served as an instructor for Red Team Alliance (RTA), including trainingsessions at Black Hat.

Feel free to email me on basically anything on computing or history

Diyar Saadi Ali is a formidable force in the realm of cybersecurity, renowned for their expertise in cybercrime investigations and their role as a certified SOC and malware analyst. With a laser-focused mission to decode and combat digital threats, Diyar approaches the complex world of cybersecurity with precision and unwavering dedication. At the core of their professional journey lies real-time security event monitoring a task Diyar executes with exceptional vigilance and expertise. As a respected MITRE ATT&CK Contributor, they have made invaluable contributions to the global cybersecurity community, sharing insights and strategies that help organizations bolster their defenses against evolving cyber threats. Diyar’s impact is further amplified by their role as the discoverer and owner of critical Common Vulnerabilities and Exposures (CVEs), including CVE-2024-25400 and CVE-2024-25399. These achievements underscore their commitment to identifying and addressing systemic vulnerabilities that could otherwise threaten digital ecosystems.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

Fareed is a malware security researcher with more than 5 years of experience. His interests lie in malware reverse engineering, threat intelligence, digital forensics, and detection. As part of the Global Research and Analysis Team (GReAT) at Kaspersky, Fareed participates in investigating cybercrimes, tracking APT groups, and dismantling the malicious infrastructure of threat actors. Additionally, Fareed frequently shares his knowledge through public talks, mentorship, training sessions, briefings, and media interviews, representing both himself and Kaspersky. His specialization in malware and APT analysis allows him to speak and share his insights with a wide range of audiences, contributing significantly to the local and international cybersecurity community.

The speaker has served as a presenter at Black Hat Asia in both 2023 and 2024, participating in the Arsenal (Web Application Security) track held in Singapore.The speaker has also served as a guest speaker in several universities and community events & had attended BlackHat MEA 2022 - 2024 in Riyadh as a CTF Finals participant.

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

KaiJern (xwings). Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics.He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-engine.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Previous talks:Black Hat USA 2020: “Fooling Windows through Superfetch”Fooling Windows through Superfetchc0c0n 2022, India: “Intel SGX: the ransomware strongbox?”REcon 2023, Canada.: “Press Play to Restart: Under the Hood of the Restart Manager”Mathilde Venault Press Play To Restart Under the Hood of the Windows Restart ManagerSinCon 2025, Singapore “DrawMeATree: the master key to WinDbg’s fortress”Previous workshops:Diana Initiative 2023, USA: “Introduction to Reverse Engineering” https://infocondb.org/con/diana-initiative/diana-initiative-2023/blackhoodie-introduction-to-reverse-engineering-workshop-for-women 44con 2024, London: “Trick-or-treat WinDbg: taming the Windows debugger”https://44con.com/44con-2024-talks-and-workshops/ SinCon 2025, Singapore “Trick-or-treat WinDbg: taming the Windows debugger”https://www.infosec-city.com/schedule/sin25-con

Niek brings over 10 years of expertise to the device security field. With a background in System and Network Engineering and an intrinsic interest, he's able to digest the complexities of device security efficiently.He shared his research with the community at various security and academic conferences, as well as journals, such as Black Hat, Bluehat, Usenix WOOT, hardwear.io, FDTC and PoC||GTFO.He gave trainings at HITB, hardwear.io and Ringzer0.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Prajwal is a Malware Analyst at Cloudsek, specializing in reverse engineering and threat intelligence. He focuses on uncovering new threats through malware research, with a background in Offensive Security and Windows Internals.

Rahul is a security researcher with 7+ years in offensive security and red teaming. He specializes in malware development, AV/EDR evasion, and bypassing security controls in heavily defended environments. As a full-time red teamer, he's built tools and developed techniques that work against real-world security stacks.He currently works as Manager of Offensive Security and Threat Assessment with leading financial organizations across the Middle East, collaborating with red, blue, and purple teams to find and fix security gaps in enterprise infrastructure. He's spoken at international conferences including BlackHat, CONFidence, and HAcktivity.His expertise spans enterprise security and cloud infrastructure, with particular focus on identifying and exploiting design flaws in hardened environments.

I'm a security researcher with a passion for OS internals and all things low-level. Over the years I have specialised in Android & the Linux kernel, but have dabbled in a number of domains. When I'm not figuring out how things work and breaking them, I love to share my experiences and help others; whether it's via my blog, talks or mentoring.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 CTF hacking contests in his country as well as passed DefCon quals 5 times. He has run numerous security conferences and hacking contests such as SECUINSIDE and CODEGATE in Korea. Also, he has given talks at BLACKHAT Las Vegas, SYSCAN, CANSECWEST, AVTOKYO, HITCON, SECUINSIDE, EDSC, and TROOPERS. Hunting bugs and exploiting them are his main interests. He was one of GRAYHASH company founders now acquired by LINE which is a leading messenger company in Asia. He is ex-CISO of LINE Plus.

Shubham is currently Founder of Triagz platform ( an AI driven endpoint analysis platform). Along with this, he is also lead security developer at Arctic Wolf Networks. Before Arctic wolf, he has worked as Staff security researcher as sentinelone and Security Researcher at Microsoft. In Microsoft, he was committed to secure the windows ecosystem by protecting customers from different vulnerability targeting Windows kernel, specifically that aims toward processors and enclaves. His expertise lies in low level security and internals which includes reverse engineering, exploitation and firmware security. Prior to joining Microsoft, Shubham was Security researcher at Mcafee where he is working in exploit prevention team where he contributed to protect customers from 0days and vulnerabilities in the wild. Beyond his professional engagements, Shubham actively shares his knowledge and insights with the cybersecurity community through his esteemed security blog, nixhacker.com. There, one can find a wealth of content focusing on low-level security and internals. He has previously spoken at conferences like AVAR, Defcon Demolabs, Deepsec etc.

Cybersecurity Consultant with over three years of hands-on industry experience, I specialize in offensive security—driven by a passion for uncovering and exploiting weaknesses before adversaries can. My work spans Red Team operations, Network Security, and Web/API Vulnerability Assessment & Penetration Testing (VAPT), with successful engagements across BFSI, IT Products & Services, and Healthcare sectors.With a strong research focus on Adversarial Tactics, Techniques, and Procedures (TTPs), I continuously explore emerging threat vectors and offensive methodologies to deliver actionable security insights that directly reduce business risk. My approach blends technical precision with creative attack strategies, ensuring organizations stay ahead of evolving cyber threats

Vishal Chand is a cybersecurity researcher at BharatGen, IIT Bombay, specializing in AI-driven threat defense and generative AI security. As an author and Red Team contributor at OWASP AI Exchange, he works on adversarial robustness, model exploitation, and AI red teaming frameworks. His research focuses on offensive AI, malware analysis on Windows and macOS, and AI-powered threat detection. Vishal has presented at Microsofts BlueHat Asia, BSides Ahmedabad, BSides Bangalore, BSides Mumbai, and FOSS Mumbai.

Vitaly Simonovich is a senior security researcher at Cato Networks and a member of Cato CTRL. Currently, Vitaly focuses on researching topics related to LLM security, with a particular emphasis on jailbreaks and prompt injections, as well as conducting vulnerability research across a wide range of technologies. In addition, he is actively involved in threat intelligence, analyzing emerging threats and attack trends to strengthen organizational defenses.Prior to joining Cato in 2023, Vitaly worked at Incapsula and Imperva, where he led teams of security analysts and researchers. With over nine years of experience in cybersecurity, Vitaly specializes in application security, data security, LLM security, vulnerability research, and threat intelligence.An active contributor to the cybersecurity community, Vitaly regularly publishes research blogs, hosts webinars, and presents at conferences. In addition to his professional work, he teaches cybersecurity at local colleges and enjoys solving CTF challenges in his free time to stay sharp and enhance his skills.