Find Expert Speakers

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Passionate about ensuring the reliability and performance of networking solutions, I specialize in protocol qualification, test automation, and validation for cutting-edge telecommunications and networking technologies. With a strong foundation in networking protocols, software testing, and automation frameworks, I thrive on optimizing test processes and driving continuous improvements in network quality.At Nokia, I focus on verifying and qualifying networking protocols to meet the highest industry standards, leveraging automation to enhance efficiency, accuracy, and scalability in testing. My expertise spans across routing, switching, network security, and cloud-native networking solutions, ensuring seamless integration and deployment.Key strengths:✔ Protocol Qualification & Network Testing – Expertise in evaluating routing and switching protocols, ensuring interoperability and compliance.✔ Test Automation & Scripting – Proficient in developing test suites that streamline validation processes.✔ Troubleshooting & Performance Analysis – Skilled in debugging complex network issues and optimizing system performance.✔ Collaboration & Innovation – Work closely with cross-functional teams to enhance test strategies and improve product quality.Always eager to explore emerging technologies, improve testing methodologies, and contribute to the evolution of next-generation networking solutions. Let’s connect and discuss innovations in networking and test automation!

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I'm a developer (Firefox) and bug hunter for browsers.

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

Danish Tariq is a Security Engineer by profession and a Security researcher by passion. He has been working in Cyber Security for over 8 years and it all started out of a curiosity to break things and look deep down into those things (physical or virtual) back in his teenage years. His major expertise is Penetration Testing and Vulnerability Assessments.He was also involved in bug bounty programs as well, where he helped many companies by finding vulnerabilities at different levels. Companies include Microsoft, Apple, Nokia, Blackberry, Adobe, etc.Spoke @ BlackHat MEA 2022 (Briefing: Supply-Chain Attacks)Featured in "The Register" for an initial workaround for the NPM dependency attacks.Certified Ethical Hacker, Certified Vulnerability Assessor (CVA), Certified AppSec Practitioner, Certified Network Security Specialist (CNSS),IBM Cyber Security AnalystEx-Chapter Leader @ OWASPEx-Top Rated freelancer (Information security category) on UpworkRecent security research and CVEs include - CVE-2022-2848 & CVE-2022-25523Served as a Moderator @ OWASP 2022 Global AppSec APAC.Researched and Speaker at MCTTP, Germany - HITB, Thailand - OOTB, Indonesia and many more.

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Haakon is currently a security consultant working for Binary Security in Oslo, focusing mostly on WebApps and backend security. He has a strong background in Cybersecurity, with expertise in analyzing and securing applications and operating systems. His experience includes working at the Norwegian National Defense Research Establishment (FFI), where he conducted in-depth security assessments. Additionally, his background as a mathematician has equipped him with the skills to analyze and understand complex systems effectively.

I am a versatile Application Security Engineer dedicated to enhancing the security posture of both web and mobile applications. My primary focus is on implementing robust security measures through thorough assessments, comprehensive source code reviews, and the integration of security practices within the DevSecOps framework. I specialise in embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines through various methods, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST). By driving effective threat modelling sessions, I identify and mitigate potential vulnerabilities early in the development lifecycle, ensuring that security is a fundamental component rather than an afterthought.Additionally, I work on building secure-by-default pipelines and guardrails tailored to the unique requirements of each project, fostering a culture of security awareness among development teams. My goal is to empower organisations to deliver secure applications without compromising on agility or performance.

Topic:CTI: Dark Web Credential Monitoring Is Expensive Regret NotificationWhat processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.They Tested Everything Except What FailedDissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.Google Cloud Armor Vulnerability DiscoveryFound a critical WAF bypass in Google Cloud Armor. Google patched it globally.Beyond SAST: Building a Multi-LLM JudgeUsing multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.Strategic Detection Engineering at ScaleBuilding proactive threat detection for government platforms serving 50M+ users. Detection over reaction.

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 16+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.Jordan has also discovered critical vulnerabilities in Oracle, IBM and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, Infosec in the city, Code Blue and Ekoparty.

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Mohit Kulamkolly works at Netskope as an Security Analyst ll - Red team and Offensive Operations, a Santa Clara-based company that offers the Cloud Native Security Platform to assist enterprises secure their growing cloud footprint.He has been working with the Appsec division Pen-testing applications and product features for more than 4 years , in addition to making sure firms’ product development projects are secure. His particular areas of interest are binary exploitation, fuzzing, exploit development and reverse engineering. In his tenure at Netskope he has discovered multiple critical vulnerabilities within the Application and driven by passion for cutting edge research in his domain. An accomplished speaker, he presented at Black Hat Europe Arsenal 2025 and has delivered over 10+ technical presentations to a diverse range of product development disciplines within his current organization. His research has made contributions to the cyber security community including reporting CVE-2024-46455 and open source contributions.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Two decades of cybersecurity experience including executive roles at Twitter, CoinList, Mozilla and OWASP. A co-founder and CEO of a venture backed cybersecurity startup (acquired) and an early stage investor finding and growing the next generation of amazing cybersecurity companies. Based in San Francisco.

Mohamed Ouad is a Senior Security Consultant focused on web apps and cloud infrastructure. Mohamed garnered his professional security experience at NTT Data Italy. There, he was involved in penetration testing and vulnerability assessments for critical insurance and telecommunications companies. During his research and bug bounty activities, Mohamed has been recognized by numerous companies including: Microsoft’s MSRC, Kaspersky, the Dutch Cancer Society, Symantec, and ESET. He has also discovered multiple security vulnerabilities across various open-source projects, contributing responsible disclosures that helped strengthen their overall security posture

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.