Co-Founder Kloudle
Securing a K8s cluster is daunting, given the industry-wide capability gap in Kubernetes. Many grapple with hiring true K8s security experts. With numerous interlinked components in K8s, its attack surface - both internal and external - is huge. Add to this the intricacies of Authentication, RBAC, and Cloud IAM, and clusters can face a myriad security issues. Appsecco’s PTaaS method offers a comprehensive cluster configuration assessment, spotlighting every potential attack point. Drawing from MITRE ATT&CK, PTES, and OWASP frameworks, we enumerate security misconfigurations. Our thorough audit for Cloud IAM and Cluster RBAC authentication and authorization includes reviewing privileges, roles, bindings, tokens, and Cloud IAM-service account correlations. Our PTaaS report is a straightforward guide for developers and cluster admins. Delivered in various file formats, it furnishes severity-ranked technical data, remediation guidance, and exploit paths, enabling targeted solutions. Starting with Appsecco is seamless. We price testing by cluster size. We provide scripts that are used to gather the necessary data required to begin testing and our report offers immediate remedial actions post-testing. I have been hacking and breaking into systems for over 15 years now. I created the K8s security testing methodology at Appsecco based on the MITRE ATT&CK, PTES and OWASP frameworks. I have led pentesting and product security teams at PwC and Citrix in the past. I have domain expertise in the cloud and container space with multiple certifications like CKA, CKAD and have reported security issues with software all over the Internet.
Automotive / IoT Security Researcher
Kartheek Lade is a passionate security researcher with a strong focus on enhancing the security landscape of the Internet of Vehicles (IoV). He actively contributes to the Seasides community and serves as a technical committee member of the ASRG Vulnerability Management team, focusing on fortifying vehicle and embedded security. Kartheek is also a regular speaker and trainer at renowned international security conferences, including Seasides, DEFCON Car Hacking Village, BlackHat Arsenal, Secure Our Streets (SOS), C0c0n, and NullCon. Whether it's breaking down security barriers or sparking insightful discussions, he's always up for the challenge. 😉
Technical Director, Consultant Reinfosec India
Experienced with exposure and experience in understanding, reversing and fuzzing wireless protocols in the RF-Layer of systems. Experienced in reversing hardware protocols and implementing hardware attacks and threat-modelling of Wireless and Signals Systems. Have previous exposure and experience in Signal Design and Offensive Singal Tactics. Presently working on application of EW and SIGINT techniques in the Aerospace and Defense domain. Personal projects include machine learning and deep learning methods of recognition and deepfaking signals that can cause signal_cant impact on the physical domain/layer of systems and OpenWRT for mesh networking.
Founder CRAC LEARNING
Founder of CRAC LEARNING. I am a cybersecurity enthusiast exploring multiple domains in security, learning and keeping myself updated with latest trends and techniques. Worked with great teams at Amazon, AWS, Microsoft. Also an active volunteer to help budding talent and initiatives in cybersecurity research and awareness.
Senior Security Engineer - Cloud Flipkart
Anjali Singh is a senior cloud security engineer & founder of Kubernetes Village. She has over 5 years of experience in cloud security ( GCP, AWS & Azure )and DevSecOps (CI/CD), Kubernetes (EKS & GKE), and IAC security. She was a member of the Infosec Girls mentorship program and regularly publishes research on various cloud security via youtube channel @peachycloudsecurity. She was a volunteer at Defcon Cloud Village and currently leads the Bangalore chapter for W3-CS. Additionally, she is an AWS Community Builder. She has delivered training and talks at conferences like Blackhat Spring’24, Blackhat Europe’23, Bsides Bangalore 2023/2024, CSA Bangalore Annual Summit, C0c0n 2023, Null Community Meetup Bangalore, Google Cloud IAP Security at the Cloud Security Podcast, and Nullcon 2023.
Senior Security Engineer Confluent
Divyanshu is a Senior security engineer with more than 7 years of experience in Security architecture reviews of cloud, Web & Cloud Pentesting, DevSecops, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and a very-vulnerable-serverless application. Also part of AWS Community Builder for security and was a Defcon Cloud Village crew member 2020/2021/2022. He has also given training and talks in events like Nullcon Hyderabad'24, Brucon'24, Blackchat Europe Arsenal'23, C0c0n'24, Nullcon Goa'24, Bsides Bangalore'23, Parsec IIT Dharwad and Null community. Awarded title of Cloudsecurity Champion CSA Bangalore'23 & Cybersecurity Samurai at the Bsides Bangalore'23.
Manager Cyber Security - Enciphers
As the Cybersecurity Manager at Enciphers, I bring extensive experience in managing and executing numerous penetration tests and cyber security projects, across various domains. From the initial client onboarding to the successful delivery of each project, I ensure smooth communication and effective project management throughout the entire process. In my role, I am responsible for establishing and managing the penetration testing team at Enciphers, overseeing end-to-end delivery of penetration testing services. This includes conducting thorough manual penetration tests on web and mobile applications, network devices, and infrastructure, both on an ad-hoc basis and through periodic assessments. I am committed to providing clients with detailed and actionable reports on identified vulnerabilities, ensuring they have a clear understanding of potential risks and remediation steps. Additionally, I focus on training developers and infosec professionals in application security, sharing critical knowledge to enhance their security practices. In addition to my technical work, I have delivered multiple workshops and trainings to our Corporate clients and in events like Seasides,Nullcon and Bsides Delhi, covering topics such as Web Application Hacking, Reverse Engineering, and Mobile Application Security. These sessions, where I have served as both a trainer and co-trainer, have helped broaden the security expertise of professionals across various sectors. With a strong focus on leadership, technical depth, and knowledge sharing, I am committed to ensuring the success of every cybersecurity initiative I lead.
Security Analyst - Enciphers
I work as a Security Analyst at Enciphers. With experience in identifying security vulnerabilities, I have dedication to help organizations strengthen their digital assets. My core expertise lies in Web, API, Network, Mobile(iOS) penetration testing, where I specialize in uncovering weaknesses and ensuring robust security postures. Additionally, I occasionally participate in bug bounty programs, contributing to a safer digital environment by discovering and responsibly reporting vulnerabilities. Beyond technical assessments, I have had the privilege of being part of corporate training programs, as a co-trainer, in India and overseas too. Covering topics such as web application hacking, cloud security, wireless security audit, AI/LLM security, etc. I also contribute to building Lab for our Certification programs and also CVE Cipher Labs, designing realistic training environments that challenge and educate aspiring security professionals. These labs reflect real-world scenarios, enabling learners to develop hands-on skills that are critical in today’s cybersecurity landscape.
Founder - Sttor Security
I am applying my DevSecOps expertise to solve cybersecurity problems for small and medium-sized businesses and startups. I am passionate about creating secure and scalable solutions that protect data and systems from threats and vulnerabilities. I have a strong background in security engineering and operations, with over 8 years of experience in various domains and industries. I have contributed to the Google Vulnerability Research Program, ranking in the Top 50 world Hall of Fame, and to the Facebook White Hat Program for four consecutive years. I have also led and supported security teams at DeHaat, Zeta Suite, Sentieo, and Zopper, delivering multiple projects and initiatives that enhanced security posture and compliance. I hold a B.Tech. in Information Technology from the National Institute of Technology, Kurukshetra, Haryana, where I developed my technical and analytical skills.
Security Researcher
Amal Joy is a Security Researcher. His area of research falls into Infrastructure Security, Red Teaming in Multi Cloud environments and Corporate Networks. He also loves spending his leisure time on malware development. He also spoke at reputed international conferences such as DEF CON 32, C0C0N 2024. He is an Executive member of the DC0471 defcon group and crew member of Adversary village He has over 3 years of experience in playing CTFs and also hosted many hiring MultiCloud Adversary CTFs in Reputed conferences like Seasides 22. With a Strong focus on MultiCloud and ActiveDirectory, He currently holds various certifications like CARTS,CARTP,MCRTA,CCRTA,EJPT
Senior Product Security Specialist - Confidential
For over 6 years, I’ve lived and breathed security, transforming complex systems into fortified fortresses. At at my every employer, a trailblazer in the information security landscape, I’ve collaborated with visionary clients to uncover the unseen — from web and mobile APIs to hardware and firmware. Armed with an EMAPT certification and a toolkit of cutting-edge penetration testing strategies, I don't just find vulnerabilities; I expose opportunities for resilience. 🏆 MVP in the Hunt for Bugs Bugcrowd is my battlefield, where I’ve earned multiple Hall of Fame entries and industry recognition by uncovering critical flaws and contributing to safer platforms. The thrill of solving puzzles fuels my dedication to this ever-evolving field. 🎙 Storyteller & Strategist Security isn’t just a profession; it’s a narrative I love sharing. As a speaker, writer, and educator, I connect with curious minds through workshops, webinars, and articles that unravel the mysteries of cybersecurity. 🔧 Engineer by Mindset, Explorer by Passion Starting with a diploma in civil engineering, I honed the analytical and structural thinking that now fuels my digital exploits. I embrace every challenge as a step toward making the digital world safer, smarter, and more robust. 🚀 Future-Focused Every vulnerability I uncover is a chance to innovate. Every attack I simulate is a story of growth. My journey isn’t just about finding flaws; it’s about building the future of cybersecurity, one secure system at a time. Let’s connect, collaborate, and redefine what it means to secure the digital frontier.
Deputy Manager - Titan
Security Research Analyst/ Penetration Tester who is very keen to explore security threats raised daily in the digital world. Perform Web and Mobile Application and API PenTesting. Looking forward to working with an organization, where I can support them to make more secure products and at the same time find more about my potential in the security domain.
Engineering Manager, R&D - Fortinet
Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Nullcon, PHDays, c0c0n, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.
Senior Cybersecurity Consultant - Thales
Donavan is a Physics graduate turned into cybersecurity consultant with eight years of experience in technical domains (offensive security), architectural domains (threat modelling, security architecture) and business domains (governance, risk and compliance). He understands how multiple businesses and operations run, such as government, aviation, transportation, defence and financial sectors. He excels at identifying key cybersecurity solutions to enable companies to compliance with regulations, cybersecurity confidence and cost-effectiveness (3 Cs) to ensure companies optimise their cyber maturity. He has contributed to the open-source cybersecurity community, such as his series of deliberately vulnerable machines on Vulnhub from 2018 to 2021. He has also conducted talks on both technical and strategic cybersecurity topics at multiple conferences and venues regionally (Mystikcon, Vulncon, Division 0), as well as to non-cybersecurity audiences. He has also conducted career talks to inspire younger students at both the middle school and university levels to consider cybersecurity as a meaningful career option. In Thales, he has also led a team to create a fully-functional, made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in a short span of three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements. Recently, Donavan was also appointed a member of the advisory board at VULNCON 2024 to provide technical thought leadership. He also moderated a panel with fellow CISO/VP-level cybersecurity executives on the future of cybersecurity. His views on cybersecurity have also been quoted in the book "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, as well as his course reviews being quoted by Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) project as a member of the Technical Advisory Panel Workshop. Additionally, he has also written articles on ISACA on topics such as post-quantum cryptography as well as how topics such as geopolitics and economics are related to cybersecurity. Donavan also possesses multiple certifications ranging from Offensive Security certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is currently pursuing his Masters in Cybersecurity at Georgia Tech (OMSCY).
Co-Founder & CTO - RiskProfiler.io
From scripting automations for Orkut scrapes, crafting phishing sites, rooting servers, stepping into bug bounty to architecting advanced application and cloud security patterns for industry giants like Time Inc, C&F, HSBC, Amazon, Barclays, Credit Suisse, Santander, and Vodafone - my fascination with cybersecurity grew. But, here's a twist. My journey wasn't just confined to corporate cubicles. I ventured into the wild terrains of the entrepreneurship, building RiskProfiler.io from scratch to tackle external cybersecurity threats for an organization. RiskProfiler is an unified platform for managing your Third-Party Risk, Attack Surface Management, and Automated Vendor Questionnaire Assessments mapped into a security graph. Today, as its CTO, I don't just wear a title. I immerse myself in every aspect — from tech intricacies, exhilarating customer demos, cutting-edge research, to devising product strategies. Sprint planning, ensuring customer success, and even diving into heaps of documentation - yes, my role is that of a glorified CTO. But in the dynamic world of startups, every responsibility embraced is a step closer to success. Outside these duties, my commitment to the community remains unwavering. Whether it's sharing insights at DEF CON, BlackHat, SeaSides, contributing to open-source initiatives, or mentoring the next-gen cybersecurity enthusiasts — I'm all in. Now, let me share a secret. I've never climbed Kanchenjunga. But I've scaled mountains of challenges, faced the biting cold of skepticism, and trudged through valleys of doubt. I’ve been tempted to quit, to give up when the journey seemed treacherous. But perseverance is my second name. Whether it's a real mountain or a metaphorical one, when I say I'll conquer it, believe me, I will. So, as I extend my hand, inviting you to be a part of my narrative, remember this: in the world of cybersecurity and life, I don't just face challenges – I embrace them, conquer them, and make history.
Product Security Engineer - Flipkart
Abhishek S is a Security Engineer at Flipkart, specializing in application security and red teaming. He has presented his research at prestigious conferences, including DEF CON 32, Blackhat, C0c0n etc and serves as a staff member at Adversary Village @ DEF CON.
Creator & CEO - Prowler
I'm creator of Prowler and CEO, we build one of the most popular Open Source tools for Cloud Security. I also worked for AWS as a senior security engineer and a security consultant. I'm passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. My blog is blyx.com, where I write from time to time. During this time I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool), Alfresco Backup and Disaster Recovery White Paper, Alfresco Security Best Practices Guide, Alfresco data leak prevention tools, and some others. I have talked in many conferences around the world, among others, in the last years: BlackHat, DEFCON, SANS Cloud Security Summit, OWASP Atlanta, BSides Augusta, BSides Vegas and RootedCon.
Senior Security Engineer - Crestron
I am Veerababu, better known as Mr-IoT, and the founder of the iotsrg.org community. My passion lies in transforming IoT security knowledge into open-source resources. Over the years, I have worked on developing ICE-Bite hardware microprobing, an IoT pentesting OS, curated lists, and insightful blogs, all aimed at advancing the field of IoT security since 2017. As a keynote speaker at BSides Dehradun, I have also had the privilege of delivering workshops, training sessions, and villages at events like c0c0n, BSides Bangalore, VulnCon, CracCon, and the Null/OWASP Bangalore communities. I have nurtured and grown the iotsrg.org community across platforms such as Reddit, Telegram, and Discord, creating a vibrant and engaging space for sharing knowledge and fostering innovation in IoT security
Lead Testing Eng. - Crestron
Karthik is a Lead Security Engineer at Crestron Electronics, a global leader in smart home and office solutions. He have more than 9+ years of experience in IoT/OT security. He had worked & experienced many edge-cutting technologies. Telecom Software: SONET, SDH and OTN Technologies Telecom Software: FW4100(SONET) & FWCDS(OTN) FNC’s (Fujitsu Network Communications) Manual / Auto Regression testing (Python Scripting) & System Verification Testing Support Datacom L2 and L3 testing in black box testing, Establishing Network circuit and enabling the management network between the DUT and Verifing ip applications .
Co-founder & CEO - CredShields
As the co-founder and CEO of CredShields, I empower developers to build credible solutions using web and blockchain technologies. CredShields provides security consultancy, pentest services, and products, such as SolidityScan.com, a cloud-based smart contract security scanner that delivers audit reports with a click of a button. I have over 10 years of experience in network security, cybersecurity, and information security, and I am passionate about making the Internet a safer place for everyone. Prior to CredShields, I worked as a security analyst and pentester at HackerOne, Deriv, and Cobalt.io, where I led a team of talented security researchers and performed over 100 pentests for various clients. I have also participated in bug bounty programs and reported security issues to companies like Facebook, Google, Apple, Microsoft, and Twitter, earning recognition and rewards for my contributions. I hold AWS certifications and have expertise in smart contract security, web and blockchain security, and ethical hacking. I am always eager to learn new skills and explore new challenges in the field of cybersecurity.
Consultant - SISA
A curiosity-driven individual who enjoys breaking into boards and hunting misconfigurations in the cloud.
Manager - Fortive
Experienced Manager with a demonstrated history of working in the information security and services industry. Skilled in Agile & Waterfall Methodologies, JavaServer Pages (JSP), Secure Code Review, Tidal Enterprise Scheduler,Sonar, Penetration Testing and network testing. Pursuing CISSP . Strong information technology professional with a Bachelor's degree focused in Information Technology from Vinayaka Mission's Research Foundation - University.
Security Engineer (AppSec) - Amazon
Sarwar Jahan is a Computer Engineer working towards securing the digital space. Currently working as an Information Security Engineer at @Amazon, he worked at tech giants like Synopsys, Microsoft and Salesforce. Sarwar has 11+ years of experience and is passionate about sharing knowledge with the community. Sarwar's runs a non-profit initiative called InfoSecCamp, for spreading information security awareness: https://www.linkedin.com/company/infoseccamp
Software Developer - Ace Cloud Business Management
📅 Professional Overview: • Frontend Engineer: Developed UI components, enhancing user experiences. • Information security Enthusiast: Leveraging my skills to contribute to a secure digital landscape, dedicated to secure coding practices and vulnerability identification. • InfoSecCamp Volunteer: Devoting time to organize non-profit workshops, raise cybersecurity awareness, and empower individuals. • Security researcher: Actively engaging in bug bounty programs to fortify digital products.
Senior Security testing Engineer - EPAM Systems India Pvt Ltd
Sastry is an accomplished professional with over 6 years of Infosec experience in Vulnerability assessment &Penetration Testing on Web ,Network and mobile applications and known for good leadership, and management within the Information Security domain.He has good understanding of Security guidelines like OWASP Top 10, SANS Top 25 and Mobile Top10. He has good Expertise in red team assessments especially on AD security .A strong emphasis on having good expertise in Secure code review on Java based applications.Currently he is working on implementing security in AI based applications.
Security Consultant - Prescient Security
Nanak is an accomplished professional with over 3 years of experience in Application Security, leadership, and management within the Information Security domain. Known for driving security initiatives and safeguarding critical systems, Nanak has demonstrated expertise in securing cloud, telephony, and payment-related applications. A strong emphasis is placed on identifying vulnerabilities and implementing robust defense strategies, fostering a culture of security and innovation across teams and organizations.
Founder - Empathy Wellness Foundation and Ridhara Mindcare
Ridhima Batra is a passionate mental health advocate, international speaker, and author dedicated to empowering individuals through healing and self-growth. As the founder of Empathy Wellness Foundation and Ridhara Mindcare Pvt. Limited, she has impacted over 50,000 lives globally by promoting kindness, mental wellness, and resilience. With over 500 workshops and 30 national and international events to her credit, Ridhima specializes in inspiring people to transform challenges into opportunities for personal growth. Her work spans across 10–15 countries, where she has collaborated on projects addressing mental health, youth empowerment, and global peace. As the author of Unexpected Hope and Unexpected: The Next Chapter of Resilience, Ridhima uses her writing to guide readers toward healing and positivity. Her philosophy revolves around spreading love, empathy, and hope, creating a ripple effect of positive change worldwide.