Meet Our
Expert Trainers

Scapia

Akhil Mahendra is a seasoned security engineering leader with over 8 years of experience building security teams in high-growth fintech startups. He currently leads security at Scapia, a fast-growing fintech startup, where he is building security foundations from the ground up. Previously, he was a founding member of the security team at CRED, where he helped build and scale the product security function and established charters for security engineering and software supply chain security. He is the creator of several open-source security tools, including SupplyShield, DepConfuse, and Patronus, which address critical gaps in software supply chain security, dependency confusion. His work has been featured at Nullcon, OWASP AppSec Days, Black Hat and is actively used by engineering teams to shift security left without compromising development velocity. Akhil is also an active contributor to the security community. As a former member of Team bi0s, India’s top-ranked CTF team, he has won numerous competitions and helped organize national contests like InCTF, promoting offensive security education across the country.

CRED

Yadhu is a passionate Security Engineer, currently leading the software supply chain security charter at CRED, with over four years of experience in security. He specializes in identifying security vulnerabilities and building scalable security solutions. He has been a speaker at prominent security conferences, including Nullcon, BlackHat Asia and BlackHat Europe. As an open-source enthusiast and core maintainer of the SupplyShield project, he actively contributes to improving software supply chain security. He has reported high-severity security issues in critical projects such as Node.js, Gunicorn, and Safari, earning multiple CVEs for his work. He also has been part of team bi0s (India’s top CTF team) as a mentor, CTF player, and challenge creator.

Thoughtworks

Nal is a Cyber Security Regional practitioner - EMEI with ~12+ Years of experience. Nal's areas of expertise include AI security, Threat modeling, Threat identification, vulnerability management, assessments, building security capabilities, security automation, and DevSecOps. Nal is also a co-creator of AIGoat - a tool to practically learn LLM vulnerabilities. Outside work, Nal is an avid painter and sportsman.

Thoughtworks

Farooq Mohammad is a cybersecurity professional at Thoughtworks with over a decade of experience in application and mobile security. He works closely with developers, infra teams, and business stakeholders to build secure, scalable systems, with a strong focus on DevSecOps.Farooq is also a co-creator of AIGoat - a tool to practically learn LLM vulnerabilities Lately, he's been diving deep into the intersection of AI and security. Farooq loves breaking things (ethically) and helping teams shift security left—without slowing down the flow.

Kubotor

Abhijeet Singh is a security practitioner designated at Kubotor. He specializes in exploit writing and low-level security research.

AppSecEngineer

Vishnu Prasad — Principal DevSecOps Solutions Engineer at AppSecEngineer 9+ years of experience in DevSecOps, Security Automation, and AI Security Expert in embedding security into CI/CD and AI/ML systems Delivered masterclasses at Black Hat, DEF CON, OWASP, Troopers, BruCON Specializes in SAST, SCA, DAST automation, Kubernetes & Cloud Security, and LLM threat modeling & defense

Satish Patnayak is a seasoned application security expert with more than 14 years of experience. Specializing in mobile app security, he has collaborated with leading organizations to enhance the security of their Android applications. He is the creator of widely used security tools, including AndroGoat, ScanAndroidXML, S3CURE, SG-Cleaner, which are trusted by the security community. Satish Patnayak has presented at renowned conferences such as Black Hat, OWASP, and Null meetings, where he shares his deep knowledge of application security. His passion lies in educating developers on secure coding practices and advocating for greater awareness of mobile security threats. Certifications: 1. SANS GIAC Mobile Device Security Analyst (GMOB) 2. AWS Certified Security Specialty 3. Certified DevSecOps Professional (CDP) Open Source Projects: 1. AndroGoat – Vulnerable Android application developed using Kotlin. 2. ScanAndroidXML – Scanning tool to identify vulnerabilities in Android applications. 3. S3CURE - Scans Amazon S3 buckets for potential security vulnerabilities. 4. SG - Cleaner - Identifies and safely removes unused security groups in AWS. Public Presentations: 1. BlackHat Europe 2020 2. Null Hyderabad chapter meet – July 2023 on Shift-left Security – IaC 3. OWASP Hyderabad chapter meet –September 2018 on Dynamic Instrumentation using Frida 4. OWASP Hyderabad chapter meet –April 2016 on Android Security 5. OWASP Sofia Chapter 6. OWASP Bay Area Blogs: 1. https://medium.com/@satish.appsec 2. http://badnetizen.blogspot.in

Kowshik Ramadugu is a cybersecurity professional specializing in SOC operations and security training.

SquareX

Dakshitaa Babu is a security researcher and product evangelist at SquareX. Her work focuses on cutting-edge browser security research, including email security bypasses, breaking Secure Web Gateways, Browser Syncjacking, polymorphic extensions, and Full Screen BitM attacks. She has presented at DEF CON, BSides San Francisco, and OWASP Singapore, with her research featured by Forbes Exclusive, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.

Riyaz Walikar is a seasoned security professional known for his work in web application security and offensive security.

• Currently working as Principal Threat Researcher, Working from 20+ years in industry, previously worked as Threat Intelligence Researcher, Information Security consultant, Developer of Firewall/IDS/IPS devices. • Speaker at multiple International Security conferences: NullCon, AVAR Singapore, Bsides Delhi. • Worked in various aspects of Threat Intelligence like Darknet coverage, OSINT, Building & deploying Honeypots, Automation of Darknet data collection, • Python programmer, official programmer in past and Now for automation and fun and the love of python. • Lock picking enthusiastic, done lock picking workshop at Garage4Hackers meet. Also done the first Lock picking workshop in India at NullCon 2015. • Hardware and Electronics enthusiastic, works with AVR and other embedded devices as hobby. Created first ever hardware badge of Nullcon conference in 2014.

I am a threat researcher with a background in digital forensics and incident response, including ransomware attacks. My expertise lies in adversary engagement and hunting, where I investigate cybercriminal groups to gain a comprehensive understanding of their motives, methods, and operational intricacies.

Anjali Shukla is a seasoned cloud security engineer with over six years of experience in DevSecOps, Kubernetes security (EKS/GKE) as welll as AWS, Azure, GCP security. She is the founder of Kubernetes Village, a community dedicated to enhancing Kubernetes security along with leading the OWASP EKS Goat project, focusing on AWS EKS security, and actively shares her research on cloud security via her YouTube channel, @peachycloudsecurity. She has contributed to the community by volunteering at events like Cloud Village at DEF CON and BSides and is recognized AWS Community Builder. Her speaking engagements include Black Hat Spring USA, Black Hat Europe, Nullcon, Seasides Goa, BSides Bangalore, CSA Bangalore, C0c0n, and Nullcon.

Divyanshu Shukla is a Senior security engineer with more than seven years of experience in Cloud Security, Kubernetes Security, DevSecops, Web Application Pentesting, and Threat Modelling. Reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Currently co-lead of OWASP EKS Goat, Author of Burp-o-mation and a very-vulnerable-serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member 2020/2021/2022. Delivered talks at events like Blackhat Europe, Seasides, C0c0n, Nullcon, Brucon, Bsides Bangalore and Bsides Ahmedabad. Also winner of ""Cybersecurity samurai 2023"" at Bsides Bangalore 2023 & ""Cloud Security Champion'' at CSA Bangalore 2023.

Niranjan Talreja is a seasoned Product Security Architect and Cybersecurity Leader with a strong track record in securing complex software and systems for global technology platforms. He has significant experience in product security, application security, and cybersecurity, having worked with leading technology companies including Microsoft, Salesforce, and NETGEAR—where he contributed to advancing secure development practices and protecting products against evolving threats. Niranjan combines deep technical expertise with a pragmatic approach to security, working closely across engineering and product teams to embed robust security controls throughout the software lifecycle. His professional journey reflects a commitment to enhancing secure coding practices, threat modelling, vulnerability management, and cross-functional collaboration to deliver resilient and secure technology solutions. Known for his hands-on leadership and passion for building secure products, Niranjan actively champions security awareness and excellence within engineering organizations. His blend of strategic vision and technical execution positions him as a respected voice in the cybersecurity community.

Enciphers

I work as a Senior security analyst at Enciphers. With experience in identifying security vulnerabilities, I have dedication to helping organizations strengthen their digital assets. My core expertise lies in Web, API, Network, and Mobile (iOS) penetration testing, where I specialize in uncovering weaknesses and ensuring robust security postures. Additionally, I occasionally participate in bug bounty programs, contributing to a safer digital environment by discovering and responsibly reporting vulnerabilities. Beyond technical assessments, I have had the privilege of being part of corporate training programs, as a co-trainer, in India and overseas too. Covering topics such as web application hacking, cloud security, wireless security audits, AI/LLM security, etc. I also contribute to building labs for our certification programs and also CVE Cipher Labs, designing realistic training environments that challenge and educate aspiring security professionals. These labs reflect real-world scenarios, enabling learners to develop hands-on skills that are critical in today’s cybersecurity landscape.

Enciphers

I work as a Security Analyst at Enciphers having 1.5 YOE. With experience in identifying security vulnerabilities, I have dedication to help organizations strengthen their digital assets. My core expertise lies in Web, API, Network, Mobile(Android) penetration testing, where I specialize in uncovering weaknesses and ensuring robust security postures. Additionally, I hold certifications as eWPTX and eJPT I also contribute to building Lab for our Certification programs and also CVE Cipher Labs, designing realistic training environments that challenge and educate aspiring security professionals. These labs reflect real-world scenarios, enabling learners to develop hands-on skills that are critical in today’s cybersecurity landscape.

Indrajeet Bhuyan is a security professional known for his work in cybersecurity contribution and guidance for beginners.

Rishika Desai is a security professional and content creator, known for building personal branding in cybersecurity.

Amit Dubey is a renowned cybersecurity expert and leader.

Amynasec Research Labs

Omkar Mali is a results-driven Security Professional and Head of Research at Amynasec Research Labs with over 6+ years of hands-on experience in Cybersecurity, Penetration Testing, Red Teaming, IoT Security, Automotive Security, Hardware Testing, and Security Research. He specializes in aerospace security, satellite penetration testing, and cyber-physical systems security. He leads the research department focusing on emerging threats in space systems, aircraft platforms, and critical infrastructure. His expertise spans vulnerability assessment, risk management, and implementing security controls to protect organizational assets across diverse domains including automotive, IoT, and satellite communication systems. Omkar holds multiple industry certifications including CPENT (Certified Penetration Testing Professional), LPT (Licensed Penetration Tester), CISEH, CPTE, CEH (Certified Ethical Hacker), and CNSS. He actively contributes to the cybersecurity community through training programs and security research focused on next-generation threats in aerospace and critical infrastructure.

Amynasec Research Labs

K. Yuvraj is a Research Intern with the Aerospace Security Research Department at Amynasec Research Labs, where he contributes to cutting-edge satellite penetration testing and aerospace cybersecurity research. His work focuses on satellite systems, aircraft platforms, and aviation-related infrastructure security. His research interests lie in space systems and aeronautical technologies, particularly in understanding and analyzing real-world attack surfaces across aerospace environments. He specializes in satellite communication security (SATCOM), RF signal analysis, telemetry and telecommand protocols, and SDR-based signal capture and analysis. As part of the research team, K. Yuvraj is actively involved in developing low-cost, simulated laboratory environments for satellite security research, making aerospace security education more accessible. He contributes to research on satellite OSINT, orbital intelligence, packet decoding, and ground station security vulnerabilities.

ALAB (Astera Labs)

Rushabh is currently working as a Cybersecurity and Data Protection Leader at Astera Labs. He has total 12 years of work experience in IT & Information Security domains. He has worked with Rubrik, Amazon Development Centre (India) Pvt Ltd, IBM India, PwC India, Deloitte India, BNP Paribas ISPL, Infosys Ltd. He has served industry sectors such as BFSI, Automobile & Manufacturing, Oil & Energy, Consulting, ITeS. He has pursued PGP-ITBM with specialization in Information Security from Symiosis Centre for Information Technology (SCIT), Pune. He also holds B.E in EC from Gujarat Technological University (GTU). He has also accomplished Advanced Program in Cyber Law from Asian School of Cyber Laws. Rushabh holds below professional credentials: • CISA(Q) • CISM(Q) • CRISC(Q) • CGRC • CTPRP • CDPSE • ISO 27001 ISMS LA • ISO 22301 BCMS LA • Certified BIA Professional • DCDPO • CDPO/IN • ISO 27701 PIMS LI • CRisP • NIST CSF • CCIO • CPEW • CCSK • SCCP • CSA STAR • ISO 27017 • ISC2 CC • AZ-500 • AZ-900 • SC-900 • OCI Foundations • Alibaba Cloud Security • OneTrust Certified Privacy Professional • CyberArk Level 1-Trustee • Qualys Certified Specialist-Policy Compliance Rushabh has hands-on experience in below mentioned core IT Audit skills: • General IT Controls (GITC) testing for ERP applications, Operating Systems, Databases & Network components • IT Automated Controls (ITAC) testing • Business Cycle Controls (BCC) testing for business processes such as P2P, O2C, R2R, Depreciation, Inventory Management - BOM/Back flushing, Payroll & Treasury • Information Produced/Provided by Entity (IPE) testing for completeness and accuracy of the customized reports • Sarbanes Oxley (S-Ox) Act-Section 404 reviews • Segregation of Duties (SoD) conflicts testing • Service Auditor Report (SAR) attestation: SOC 1 (SSAE 18/ISAE 3402) & SOC 2 (Trust Services Criteria) -both Type I & II He also possesses below mentioned information security skills: • GRC (NIST, COSO, COBIT, PCI-DSS, HIPAA, HITRUST) • Information Risk Assessment / Risk & Controls Self Assessment (RCSA) • ISMS-ISO 27001:2022 internal audits • Gap Analysis & Cybersecurity Maturity Assessments • TPRM • Cloud Security reviews • IT Infrastructure reviews • Data Privacy & GDPR • BCP/IT-DR • Identity & Access Management (IAM) Rushabh is enthusiastic, always keen to learn & capable of solving complex problems by applying analytical & logical understanding. He has an ability to work in team & coordinate with concerned stakeholders to bring the best possible outcome in whatever task he is assigned with. His hobbies include following cricket, playing chess, listening music.

Palosade

Security & Privacy Leader | AI-Driven Security Strategist | Product Security Architect | Product & Engineering Partner * Information Security professional (CISSP) with 15+ years of experience across multiple domains of the security * Specialized in operationalizing the Security teams and functions from scratch to assure security services are built-in and not bolted-on * Techno-managerial skills with hands-on experience on Security research, designing/architecting security solutions/products, penetration testing and ISMS * Author to the industry-wide used CIS security benchmarks for AWS, Azure and GCP

Mitigata

CISO | Risk Assessment | Incident Response | Database Security | Network Forensics | Information Security | Vulnerability Management | Security Policies | Cloud Security | Security Audit Highly committed and result-oriented cyber security professional with 12+ years of experience in implementing effective security measures and mitigating cyber threats. My expertise includes risk assessment, vulnerability management, incident response, and database security. I am a steep and astute thinker with a knack for problem solving through collaboration and strategic decision making. My strong analytical skills and ability to identify and mitigate security threats have resulted in successful long-term solutions. I have a proven track record of leading teams, implementing cybersecurity policies and procedures, and providing advisory support in the development of cyber security frameworks. I am constantly staying up-to-date with the latest security trends and technologies to ensure the highest level of protection. With a passion for database security and network forensics, I am actively seeking new opportunities in the cybersecurity domain to apply my skills and contribute to the success of organizations.

ArmorCode

Head of Cybersecurity - CISSP | CISA | CCSK | ISO27001 LA Expertise in the field of Information & Cyber Security with key focus in the areas of IS Audits, Information Security compliance, Cloud Security, IT Risk Management, SSAE 18, SOC2, Data Privacy Audit, SOx 404 assurance, ITGC, ISO 27001, Vendor Risk Management, VA-PT, and Application Security.

Poshmark

Anand Ganesan is the Lead Product Security Engineer at Poshmark, an e-commerce platform. He has a total of 10 years of experience in the security industry. He has been deeply engaged in driving all the product security efforts. This includes conducting threat modeling for various projects, executing penetration tests across diverse platforms, conducting source code analysis, prioritizing vulnerabilities based on severity, establishing content security policies from the ground up, assisting the compliance team during audits, and supporting them in assessing vendors from a product security perspective.He is deeply passionate about continuously enhancing his skills and finds great satisfaction in overcoming and bypassing security implementations. Additionally, he also finds fulfillment in mentoring junior team members and guiding them to become proficient.When he's not engaged in application security activities, he enjoys playing and watching cricket, socializing with friends, and catching up on movies.

Design for Hackers

Rahul Kumar is a specialist in teaching design principles tailored for the cybersecurity community. He guides technical experts through the intersection of hacker culture and professional design, helping them improve their visual communication, tool usability, and personal branding.

Seezo

Ved Prabhu is a Product Security expert and the founding engineer of Seezo, using GenAI to solve Product Security problems. He is an experienced bug bounty hunter and researcher with a history of finding vulnerabilities in major products.

Network Intelligence – Institute of Information Security

Swapnil Khandekar is a Cyber Security Specialist and Trainer at Network Intelligence with extensive experience across multiple domains of cybersecurity. He specializes in Web Application Security, Network Security, Mobile Application Security Testing, API and Cloud Security Testing and Review, as well as AI Risk Testing and Review. Swapnil also has strong expertise in Digital Forensics and has successfully delivered multiple cybersecurity trainings across these areas. Alongside training, he has actively worked on diverse security testing projects, helping organizations identify risks, strengthen defenses, and adopt robust security practices. His hands-on approach and passion for knowledge sharing make him a trusted professional in both cybersecurity operations and training.