Find Expert Speakers

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

I have spoken at multiple international cybersecurity conferences and platforms, addressing both deeply technical audiences and early-career practitioners, with topics spanning AI security, detection engineering, and modern SOC evolution. At NDC Security 2026 Oslo, I shall deliver “Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities”, where I'll examine non-human identities, AI agents, and the emerging risks of autonomous privilege, focusing on governance, detection, and containment strategies in cloud environments. At BSides Pittsburgh and BSides Krakow, as well as at the Silicon Saxony Day (19th edition), I presented “Enhancing Open-Source IDS & SIEM Solutions into AI-Enabled XDR & SOAR Solutions in Cloud Environments”, focusing on extending open-source detection stacks with automation, ML-driven enrichment, and response orchestration to build scalable, analyst-effective security operations. In contrast, my session at BSides Buffalo, “From Curiosity to Cybersecurity: A Practical Guide to Getting Started and Standing Out”, was designed for students and early professionals, offering actionable guidance on skill-building, differentiation, and navigating cybersecurity careers. Beyond conferences, I have appeared on the Distilled Security Podcast, where I discussed how deploying specialised, small language models locally can significantly improve efficiency, reduce operational friction, and make AI-assisted security workflows more practical and trustworthy.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I'm a developer (Firefox) and bug hunter for browsers.

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

Topic:CTI: Dark Web Credential Monitoring Is Expensive Regret NotificationWhat processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.They Tested Everything Except What FailedDissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.Google Cloud Armor Vulnerability DiscoveryFound a critical WAF bypass in Google Cloud Armor. Google patched it globally.Beyond SAST: Building a Multi-LLM JudgeUsing multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.Strategic Detection Engineering at ScaleBuilding proactive threat detection for government platforms serving 50M+ users. Detection over reaction.

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Two decades of cybersecurity experience including executive roles at Twitter, CoinList, Mozilla and OWASP. A co-founder and CEO of a venture backed cybersecurity startup (acquired) and an early stage investor finding and growing the next generation of amazing cybersecurity companies. Based in San Francisco.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force. For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me. I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

I do pentesting, red teaming, and security engineering. In my free time, I focus on vulnerability research in open-source applications and play CTFs. I prefer source code review over black-box testing, though I’m comfortable with both.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Orange Tsai is the principal security researcher of DEVCORE and a core member of CHROOT security group in Taiwan. He is also the champion and title holder of 'Master of Pwn' in Pwn2Own Vancouver 2021 and Toronto 2022. Additionally, Orange has spoken at several top hacking conferences, such as Black Hat USA (6 times), DEF CON (5 times), HITCON (12 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!Currently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for "Best Server-Side Bug" in 2019 and 2021 but also secured 1st place in the "Top 10 Web Hacking Techniques" for 2017, 2018 and 2024. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020);  (HITB)Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024), Hack Lu and BlackHat MEA (2025) With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

Cybersecurity Enthusiast, CTF Player and Bug Hunter. Contributed to the organization of SECCON CTF, took the stage at AVTOKYO2020/2023/2024, Security Analyst Summit 2024, Hack Fes. 2024, m0leCon 2025, TyphoonCon Seoul 2025, HITCON 2025 and competed in the DEF CON CTF Finals. Renowned for uncovering and reporting vulnerabilities in web services and softwares including Google and Firefox.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

I'm Seokchan Yoon, and I am an offensive web security researcher and auditor. I currently work at Zellic, where I focus on auditing Web2 infrastructure that underpins Web3 systems. In addition, I serve as a Security Team member of Apache Airflow, contributing to securing one of the most widely used workflow platforms.Over the years, I have disclosed vulnerabilities and CVEs across major open-source ecosystems such as Django, Apache Airflow, Python, Ruby on Rails, and Spring. I have also participated in the global security community through CTF competitions, most recently as a finalist at DEF CON 33 CTF.Beyond vulnerability research, I actively share my findings with the community. I have spoken at PyCon Korea 2024 and CODEGATE 2023, where I presented practical insights on exploiting and defending against framework-specific security weaknesses. More about my work can be found on my portfolio: https://ch4n3.kr

ISACA Cybersecurity ConferenceDelivered an insightful session on Zero Trust Security, breaking down its practical implementation and its role in modern cyber defense architecture. His talk was well-received by industry professionals and highlighted the evolving nature of perimeter-less security models.CIO News Cybersecurity ForumPresented on the integration of offensive and defensive security practices, emphasizing collaboration over siloed efforts. His impactful delivery earned him an on-the-spot award for excellence in thought leadership and practical insight.Crypto Expo DubaiTook the stage at one of the largest blockchain and cryptocurrency platforms in Dubai, where he delivered a high-impact talk on “Hacking Crypto Wallets”. The session provided deep dives into real-world attack vectors and preventive mechanisms, drawing significant attention from global fintech and blockchain professionals.

Cybersecurity Consultant with over three years of hands-on industry experience, I specialize in offensive security—driven by a passion for uncovering and exploiting weaknesses before adversaries can. My work spans Red Team operations, Network Security, and Web/API Vulnerability Assessment & Penetration Testing (VAPT), with successful engagements across BFSI, IT Products & Services, and Healthcare sectors.With a strong research focus on Adversarial Tactics, Techniques, and Procedures (TTPs), I continuously explore emerging threat vectors and offensive methodologies to deliver actionable security insights that directly reduce business risk. My approach blends technical precision with creative attack strategies, ensuring organizations stay ahead of evolving cyber threats