Find Expert Speakers

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

Cyber Threat IntelligenceProficient in collecting, analyzing, and disseminating threat intelligence to enhance cybersecurity defense strategies. I have worked extensively with OpenCTI in the context of digital public infrastructure, building and managing comprehensive threat intelligence feeds, and integrating them into existing security operations to identify and mitigate potential risks. My experience includes managing threat data, detecting emerging threats, and ensuring the resilience of public digital systems through actionable intelligence.Bug Bounty & Vulnerability Research:Expertise in discovering, reporting, and remediating vulnerabilities in web applications, APIs, and enterprise systems. Strong track record in participating in top-tier bug bounty programs (Meta, BBC, Microsoft) and contributing to critical vulnerability disclosures (e.g., CVE-2023-37728).Offensive Security & Penetration Testing:In-depth knowledge of web/API penetration testing, vulnerability scanning, and exploiting security weaknesses. Skilled in using tools like Burp Suite, Metasploit, and Nmap for identifying and exploiting vulnerabilities.Threat Hunting & Incident Response:Hands-on experience in investigating and mitigating security incidents, utilizing tools like EDR, SIEM, and log analysis to identify indicators of compromise (IOCs) and understand attacker behavior.Security Automation & CI/CD:Integrated automated security tools into CI/CD pipelines to secure code and application deployments. Expertise in Ansible, Jenkins, and SonarQube for securing DevOps environments and streamlining vulnerability management workflows.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Chi-en “Ashley” Shen is a Security Research Engineering Technical Leader at Cisco Talos, specializing in emerging threat research—ranging from nation-state attacks to financially motivated crimes and spyware campaigns. Before joining Cisco, she worked at Google’s Threat Analysis Group, where she hunted zero-day exploits and tracked botnets. Prior to that, she was part of Mandiant’s Global Research Team, where she co-authored the APT41 report and published research on ICEFOG campaigns. In Taiwan, Ashley co-founded Team T5 and served as a senior threat analyst with a focus on targeted attacks in APAC. A passionate advocate for women in cybersecurity, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan, and she currently organizes Rhacklette, a security community for FINTA in Switzerland. She has presented her research at a range of conferences, including Black Hat, HITB, HITCON, FIRST, Pivotcon and CODE BLUE. In her free time, she supports the community by offering training sessions and serving on the review boards for Black Hat, HITCON, and HITB.

Diyar Saadi Ali is a formidable force in the realm of cybersecurity, renowned for their expertise in cybercrime investigations and their role as a certified SOC and malware analyst. With a laser-focused mission to decode and combat digital threats, Diyar approaches the complex world of cybersecurity with precision and unwavering dedication. At the core of their professional journey lies real-time security event monitoring a task Diyar executes with exceptional vigilance and expertise. As a respected MITRE ATT&CK Contributor, they have made invaluable contributions to the global cybersecurity community, sharing insights and strategies that help organizations bolster their defenses against evolving cyber threats. Diyar’s impact is further amplified by their role as the discoverer and owner of critical Common Vulnerabilities and Exposures (CVEs), including CVE-2024-25400 and CVE-2024-25399. These achievements underscore their commitment to identifying and addressing systemic vulnerabilities that could otherwise threaten digital ecosystems.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

Jan de Vries is a senior trainer, business IT consultant, coach, researcher and public speaker in the fields of Agile, DevOps, Business Information Management, Service Management, Antifragility and Strategy Development.He (co-)founded:- BlueOceanRecon.com to facilitate the development of Blue Oceans and Lean Startups.- Antifragility.works to conduct research on the practical application of antifragility in organisations.- GRCinAgile to explore common ground between Agile/DevOps teams and Governance, Risk & Compliance.

Topic:CTI: Dark Web Credential Monitoring Is Expensive Regret NotificationWhat processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.They Tested Everything Except What FailedDissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.Google Cloud Armor Vulnerability DiscoveryFound a critical WAF bypass in Google Cloud Armor. Google patched it globally.Beyond SAST: Building a Multi-LLM JudgeUsing multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.Strategic Detection Engineering at ScaleBuilding proactive threat detection for government platforms serving 50M+ users. Detection over reaction.

Joseliyo Sanchez is a security engineer at VirusTotal - Google. Previously worked at McAfee and BlackBerry as a threat researcher. His main objectives are threat hunting that leads to detection engineering and analysis of APTs and Crime groups.

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Mars Cheng leads TXOne Networks' PSIRT and Threat Research Team as their Threat Research Manager, where he coordinates product security initiatives and threat research efforts. He also holds the position of Executive Director for the Association of Hackers in Taiwan, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence, and hunting, as well as enterprise system security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography.Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He plays an instrumental role as the General Coordinator for the HITCON CISO Summit 2024 and has successfully organized several past HITCON events including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.

Moonbeom ParkCPO(Chief Product Officer) @78ResearchLabFormer senior researcher of KrCERT/CC & KISAI'm working at 78ResearchLab(http://www.78researchlab.com) in South Korea, a company specializing in the development of cyber warfare tactics and offensive and attack technologies. They analyze the cyber warfare strategies of Advanced Persistent Threat(APT) groups and conduct research on of attack techniques such as 0-day vulnerabilities and develop various cyber weapons, exploites, Post-Exploitation techniques that can be utilized in cyber warfare operations.

Our team at CloudSEK has been revolutionizing threat intelligence by integrating AI-driven automations, significantly enhancing threat feeds and response times. My research has been acknowledged by top intelligence agencies for its impact on stealer malware understanding. We've empowered organizations worldwide through insightful presentations, fortifying their defenses against evolving cyber threats.

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

I am a cybersecurity professional with 1.5 years of work experience in DFIR and CTI. Recently, I have been researching into macOS threats and forensics since this topic is niche in Malaysia. I've also spent two years in the CTF scene, competing with the M53 and L3ak teams, where I had the opportunity to compete on a global stage and achieve multiple victories in CTF competitions and writeup contests. I now channel that same curiosity and rigor into professional development, pursuing certifications and exploring macOS research, RFID security, and blockchain security.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking. For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking.

Vinod has spent the past decade working in cybersecurity across financial services, government, and tech sectors. Currently a Staff Security Engineer at PIP Labs, he navigates the intersection of traditional enterprise security and the emerging world of Web3 and blockchain infrastructure.His journey has taken him through companies like Amazon, Zapier, and HackerOne, where he's gained hands-on experience in penetration testing, cloud security architecture, and application security. He works with AWS, GCP, and Azure environments, focusing on threat modeling and secure DevOps practices while approaching security as an enabler rather than a blocker.He shares his experiences and lessons learned through writing on Medium, breaking down complex security topics and exploring practical approaches to building security programs that work in real-world environments. Outside of his day job, he participates in bug bounty programs, mentors aspiring security professionals, and continues researching emerging threats and technologies in both traditional and Web3 security landscapes.

Vishal Chand is a cybersecurity researcher at BharatGen, IIT Bombay, specializing in AI-driven threat defense and generative AI security. As an author and Red Team contributor at OWASP AI Exchange, he works on adversarial robustness, model exploitation, and AI red teaming frameworks. His research focuses on offensive AI, malware analysis on Windows and macOS, and AI-powered threat detection. Vishal has presented at Microsofts BlueHat Asia, BSides Ahmedabad, BSides Bangalore, BSides Mumbai, and FOSS Mumbai.

Vitaly Simonovich is a senior security researcher at Cato Networks and a member of Cato CTRL. Currently, Vitaly focuses on researching topics related to LLM security, with a particular emphasis on jailbreaks and prompt injections, as well as conducting vulnerability research across a wide range of technologies. In addition, he is actively involved in threat intelligence, analyzing emerging threats and attack trends to strengthen organizational defenses.Prior to joining Cato in 2023, Vitaly worked at Incapsula and Imperva, where he led teams of security analysts and researchers. With over nine years of experience in cybersecurity, Vitaly specializes in application security, data security, LLM security, vulnerability research, and threat intelligence.An active contributor to the cybersecurity community, Vitaly regularly publishes research blogs, hosts webinars, and presents at conferences. In addition to his professional work, he teaches cybersecurity at local colleges and enjoys solving CTF challenges in his free time to stay sharp and enhance his skills.