Find Expert Speakers

Aarushi Koolwal is a Security Engineer in Risk & Security Engineering at PhonePe, with four years of experience spanning security engineering, risk analysis and threat intelligence.Aarushi is also an active speaker who has presented at leading cybersecurity conferences such as Black Hat MEA, BSides Ahemdabad, BSides Mumbai and c0c0n. She has previously worked with CloudSEK and NotSoSecure

Speaker at Bsides Kochi, BIOS meetup, SlashN and various other conferences.

Abhijeet is a security researcher specializing in adversary simulations that mimic advanced threat actors, by crafting multi stage attack chains, from initial foothold to stealthy persistence and data exfiltration. With extensive hands-on experience, he has engineered and executed offensive engagements targeting CI/CD pipelines, Kubernetes clusters, Active Directory environments, cloud infrastructures (AWS, Azure, GCP), and *NIX systems. In his spare time he runs a homelab where he recreates adversary TTPs, toys with new tech, and dissects emerging threats. He’s also an avid reader, enthusiastic foodie, and weekend time home chef.

Aden is a Lead Penetration Tester at BAE Systems DI based in Malaysia, with over 10 years of experience in offensive security. He has successfully led red teaming and advanced penetration testing engagements across multiple industries worldwide, uncovering critical vulnerabilities in both applications and infrastructure. Beyond client work, he actively contributes to bug bounty and vulnerability disclosure programs. His research has led to the discovery of multiple internet-exposed vulnerabilities, earning him 18 CVE IDs to date. He has previously shared his work at ROOTCON, BSides, Nanosec, and RedTeam Hacker Academy conferences.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Ailin Castellucci’s speaking experience spans key cybersecurity communities and public forums across Latin America, where she delivers both technical workshops and high-level talks focused on practical, real-world security.She has been part of conference lineups such as NotPinkCon, where she presented “Cyber-Operation,” exploring cybersecurity and cyber conflict concepts in an accessible, audience-friendly way.At Congreso AGETIC 2023 (Bolivia), she led a hands-on workshop, “Threat Modeling in a Nutshell,” designed to help teams apply threat modeling methodologies in practice—covering strengths, real-life use, and the human challenges organizations face when implementing these practices. In the same event, she was also listed as a keynote speaker with “Avengers, assemble! – Seguridad colaborativa,” reinforcing her emphasis on collaborative security approaches.She has also spoken at the “Cibercrisis” conference series by Sombreros Blancos, where she presented a talk titled “Roses are red, violets are blue… there’s a spy in your net and she’s behind you!”, bringing an engaging, story-driven angle to security awareness and adversarial thinking.Beyond large events, Ailin frequently speaks in community and online formats—such as Discord sessions—on topics like “Seguridad Colaborativa,” aiming to bridge the gap between security best practices and what teams can realistically implement.Overall, her speaking style blends practitioner experience (offensive security, bug bounty, and security teams) with clear frameworks and actionable guidance, making her talks useful for both newcomers and experienced professionals.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

I often deliver technical security content to professional and executive level audiences. For example, as a SOC Analyst at IDDA, I directly presented our SOAR (Security Orchestration, Automation and Response) platform to Ministry of Security representatives. I gave a technical walkthrough of the platform architecture, incident automation workflows, threat correlation mechanisms, and presented real world use cases. Subsequent to the presentation, the product received considerable interest from multiple stakeholders and potential investors.I've also attended vendor meetings with Palo Alto and Forcepoint DLP, presenting technical assessments and making workflow recommendations to help optimize the deployment of security products and their integration into the corporate environment.Besides this type of enterprise-level presentation, I've also been the guy on the team to go to an international hackathon. I presented AI security and automation concepts at an innovation event in Georgia. I gave a presentation to a technical evaluation panel, detailing the design of the system, the model for threat detection, and the architecture of the data pipeline.I also took part in the Google AI Hackathon in Kazakhstan, where I presented a detailed technical pitch including model architecture, implementation strategy, and deployment aspects to judges and business representatives.These occasions implied explaining intricate technical details in a digestible form, addressing immediate technical inquiries, justifying architecture choices, and discussing security compromises. I feel at ease presenting deeply technical information to both engineering communities and business leaders.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Passionate about ensuring the reliability and performance of networking solutions, I specialize in protocol qualification, test automation, and validation for cutting-edge telecommunications and networking technologies. With a strong foundation in networking protocols, software testing, and automation frameworks, I thrive on optimizing test processes and driving continuous improvements in network quality.At Nokia, I focus on verifying and qualifying networking protocols to meet the highest industry standards, leveraging automation to enhance efficiency, accuracy, and scalability in testing. My expertise spans across routing, switching, network security, and cloud-native networking solutions, ensuring seamless integration and deployment.Key strengths:✔ Protocol Qualification & Network Testing – Expertise in evaluating routing and switching protocols, ensuring interoperability and compliance.✔ Test Automation & Scripting – Proficient in developing test suites that streamline validation processes.✔ Troubleshooting & Performance Analysis – Skilled in debugging complex network issues and optimizing system performance.✔ Collaboration & Innovation – Work closely with cross-functional teams to enhance test strategies and improve product quality.Always eager to explore emerging technologies, improve testing methodologies, and contribute to the evolution of next-generation networking solutions. Let’s connect and discuss innovations in networking and test automation!

Offensive Security Lead and globally ranked security researcher with extensive experience in vulnerability research and red teaming. Recognized as Best Bug Hunter at Microsoft MVR (2023–2025) and acknowledged by leading organizations including Apple (2022) and Google (2021). Featured in the Hall of Fame of 300+ Fortune companies for responsible disclosures.Holds multiple industry certifications including CRTP, LPT, CPENT, eWPTXv2, CHFI, and CEH. Discovered and reported 5 CVEs. Active CTF player and public speaker, regularly sharing insights on offensive security, bug bounty methodologies, and advanced attack techniques at international conferences and universities.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 200+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I'm a developer (Firefox) and bug hunter for browsers.

1. Guest Speaker at BINUS University (Indonesia) | 2024Topic: Cybersecurity Practices & The "Open Possible" SpiritDescription: Delivered a keynote during an overseas technical exchange, sharing insights on Taiwan Mobile's security strategies and fostering transnational internship opportunities.2. Internal Technical Seminar at Taiwan MobileTopic: Case Study: Exploiting Google Web Designer (Zip Slip Vulnerability)Description: A deep-dive presentation analyzing the root cause of a $7,500 Google VRP finding. Covered the discovery process, exploitation of the path traversal defect, and the final reporting methodology.3. Advanced Security Training Series (Internal)Topic: Offensive Security & Reverse EngineeringDescription: Conducted multiple technical sessions for internal engineering teams. Topics included:DLL Hijacking & Patch Diffing: Analyzing attack vectors in Windows environments.Reverse Engineering: Practical training using IDA Pro and Linux CTF challenges.Web Exploitation: Methodologies for identifying XSS and SQL Injection vulnerabilities

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

Danish Tariq is a Security Engineer by profession and a Security researcher by passion. He has been working in Cyber Security for over 8 years and it all started out of a curiosity to break things and look deep down into those things (physical or virtual) back in his teenage years. His major expertise is Penetration Testing and Vulnerability Assessments.He was also involved in bug bounty programs as well, where he helped many companies by finding vulnerabilities at different levels. Companies include Microsoft, Apple, Nokia, Blackberry, Adobe, etc.Spoke @ BlackHat MEA 2022 (Briefing: Supply-Chain Attacks)Featured in "The Register" for an initial workaround for the NPM dependency attacks.Certified Ethical Hacker, Certified Vulnerability Assessor (CVA), Certified AppSec Practitioner, Certified Network Security Specialist (CNSS),IBM Cyber Security AnalystEx-Chapter Leader @ OWASPEx-Top Rated freelancer (Information security category) on UpworkRecent security research and CVEs include - CVE-2022-2848 & CVE-2022-25523Served as a Moderator @ OWASP 2022 Global AppSec APAC.Researched and Speaker at MCTTP, Germany - HITB, Thailand - OOTB, Indonesia and many more.

EXPERTISE:- Experienced Cyber Security with a demonstrated history of working in the several industry. Skilled in Penetration testing, XDR, EDR, DFIR, Threat Hunting, and OSINT.- Advanced Ethical Hacking:Proficient in various hacking methodologies, including but not limited to network penetration testing, (web, API, Infra, mobile) application testing, wireless network exploitation, and social engineering.- Deep Knowledge of Security Frameworks: Expertise in industry- standard security frameworks such as OWASP, NIST, and PTES, with the ability to apply their guidelines effectively

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

IdentityShield Summit 2026 (Pune): Co-presented "The Automata Architect: Scaling Bug Bounty Success to Enterprise Level Security."

Haakon is currently a security consultant working for Binary Security in Oslo, focusing mostly on WebApps and backend security. He has a strong background in Cybersecurity, with expertise in analyzing and securing applications and operating systems. His experience includes working at the Norwegian National Defense Research Establishment (FFI), where he conducted in-depth security assessments. Additionally, his background as a mathematician has equipped him with the skills to analyze and understand complex systems effectively.