Find Expert Speakers

Farhad Sajid Barbhuiya is a passionate security professional with over 5 years of hands-on experience in offensive security, delivering more than 2000 hours of training across educational institutions, corporations, and government organizations. His trainings cover Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review, and more, empowering diverse audiences with practical, real-world skills.Currently a Staff Information Security Engineer on the Offensive Security team at Zscaler, Farhad works on offensive security assessments spanning across Mobile Application Security (Android & iOS), Reverse Engineering, Web Application Security, Agentic AI and LLMs and Hardware Security. His work focuses on uncovering vulnerabilities in high-stakes environments, from custom exploit chains to evasion techniques in containerized and cloud systems.A sought-after speaker, Farhad has presented at premier cybersecurity conferences including NullCon Goa (Advanced Web Apps Pentesting training), Bsides Delhi (Reverse Engineering for Exploit Development), Null Delhi (Reverse Engineering for Developers), Bsides Mumbai (DYLD Library Injection on macOS), Defcon Delhi (IoT Village), Bsides Vizag (TACTOU Attacks in AI Agents), and Bsides Mussorie (Magazine Exhaustion on iOS Heap Allocators). His sessions blend deep technical dives with live demos, making complex topics accessible and actionable.Farhad thrives at the intersection of vulnerability research, exploit development, and secure architecture, contributing to the infosec community through research, tools, and knowledge-sharing.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.