Find Expert Speakers

Yeonwoo Park previously conducted penetration testing projects targeting Korean companies at his former workplace (Core Research Team at Raon Secure) and currently serves as a red teamer at his current workplace (Cyber Threat Analysis Team at SK AX).Through his AD zero-day research, he discovered an exception-handling flaw in the Kerberos protocol, uncovering a method to bypass Microsoft's security policies. Furthermore, through continuous research into areas undetected by popular open-source tools like BloodHound and unexplored topics, he contributes to enhancing the maturity of the red team.

I’m currently working as a Security Analyst, with experience in both red team and blue team operations. My current focus is on red team engagements, zero-day research, and malware analysis.

Cyber Security Engineer with 2 years combined experience in Software Engineering and hands-on experience across cloud security, identity & access management, and security governance. graduated with MSc in Cyber Security from University of Birmingham and B.Eng in Software Engineer from Kuala Lumpur University Science Technology.Kamil has interest in academia and professional topics, Currently working at a fintech environment focused on securing cloud-native workloads (GCP), including privileged access management (PAM) solutioning, IAM controls, and contributing to security policy and risk initiatives. Kamil work closely with platform and product teams to translate security requirements into practical, scalable controls.

Aden is a Lead Penetration Tester at BAE Systems DI based in Malaysia, with over 10 years of experience in offensive security. He has successfully led red teaming and advanced penetration testing engagements across multiple industries worldwide, uncovering critical vulnerabilities in both applications and infrastructure. Beyond client work, he actively contributes to bug bounty and vulnerability disclosure programs. His research has led to the discovery of multiple internet-exposed vulnerabilities, earning him 18 CVE IDs to date. He has previously shared his work at ROOTCON, BSides, Nanosec, and RedTeam Hacker Academy conferences.

- Unveiling Digital identities: Device and Browser fingerprinting have been accepted at Blackhat MEA , Nullcon Goa, Bsides Bloomington, Connecticut, Sydney, Hackred Con 2024, Defcon Delhi 0x07 etc.- Ghost in the Machine: Exploiting Hardware & Network Fingerprints for Tracking Presented at Myhack Malaysia.- Reinventing Access Control: Fingerprinting for Credential Protection Presented at VulnCon 2025 and BSides Mumbai 2025.- Speaker at Defcon Delhi 0x06: Presented my research paper on analyzing the Mirai Botnet and its derivatives.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Carlos Gómez Quintana is a Security Consultant at IOActive, specializing in Red Team operations and offensive security. As one of the youngest professionals to join the firm, he conducts advanced penetration testing, adversarial simulation, and security research across diverse enterprise environments.At IOActive, Carlos focuses on cutting-edge security research, including automotive security where he has developed novel attack techniques such as rollback agnostic replay attacks against vehicular systems. He regularly conducts Red Team engagements that simulate real-world adversarial scenarios for enterprise clients.Carlos is an active security researcher and contributor to Maldev Academy, where he has contributed to the phishing section and active research on malware development.

Feel free to email me on basically anything on computing or history

DongHyeon Oh is a security researcher and Co-Founder of PatchPoint, based in South Korea. With an M.S. from KAIST's SoftSec Lab (NDSS 2019, CodeAlchemist), he has spent years breaking browsers, embedded devices, and Windows — collecting CVEs from Apple and Microsoft along the way. Ranked Microsoft Top 10 Security Researcher and previously spoke at CODE BLUE 2023. He now lives in IDA Pro and LLM prompts, hunting Windows vulnerabilities at the boundary of human intuition and AI.

Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell is a 2025 recipient of the DARPA YFA for $500,000. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Instructor-led training and lectures in cybersecurity, bug bounty hunting, and blockchain development through Flowdiary. Regularly deliver technical walkthroughs, live exploitation demos, and vulnerability analysis sessions for learners and developers. Experience presenting complex security concepts clearly to both technical and non-technical audiences.

Jan de Vries is a senior trainer, business IT consultant, coach, researcher and public speaker in the fields of Agile, DevOps, Business Information Management, Service Management, Antifragility and Strategy Development.He (co-)founded:- BlueOceanRecon.com to facilitate the development of Blue Oceans and Lean Startups.- Antifragility.works to conduct research on the practical application of antifragility in organisations.- GRCinAgile to explore common ground between Agile/DevOps teams and Governance, Risk & Compliance.

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

I have delivered technical presentations at leading cybersecurity conferences worldwide, sharing vulnerability research and offensive security methodologies with international audiences:Featured Conference Appearances:HITB (Hack In The Box) – Technical deep-dive on vulnerability discovery methodologiesBlack Hat KSA – Offensive security research and exploitation techniquesBSides – Community-focused talks on practical security testingtenguCon – Advanced threat research and attack surface analysisAdditional platforms globally – Continuing to share research across diverse security communitiesSpeaking Style: accessible delivery, making complex vulnerability research understandable for both seasoned security professionals and those newer to offensive security. Presentations include live demonstrations, real-world case studies from 0-day discoveries, and actionable takeaways that audiences can implement immediately.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

I have presented at:Black Hat USA: Main Track and ArsenalDEF CON: Demo Labs and Blue Team VillageEkopartyTyphoonConBSides: Austin and Córdoba