Meet Our
Expert Trainers

Scapia

Akhil Mahendra is a seasoned security engineering leader with over 8 years of experience building security teams in high-growth fintech startups. He currently leads security at Scapia, a fast-growing fintech startup, where he is building security foundations from the ground up. Previously, he was a founding member of the security team at CRED, where he helped build and scale the product security function and established charters for security engineering and software supply chain security. He is the creator of several open-source security tools, including SupplyShield, DepConfuse, and Patronus, which address critical gaps in software supply chain security, dependency confusion. His work has been featured at Nullcon, OWASP AppSec Days, Black Hat and is actively used by engineering teams to shift security left without compromising development velocity. Akhil is also an active contributor to the security community. As a former member of Team bi0s, India’s top-ranked CTF team, he has won numerous competitions and helped organize national contests like InCTF, promoting offensive security education across the country.

CRED

Yadhu is a passionate Security Engineer, currently leading the software supply chain security charter at CRED, with over four years of experience in security. He specializes in identifying security vulnerabilities and building scalable security solutions. He has been a speaker at prominent security conferences, including Nullcon, BlackHat Asia and BlackHat Europe. As an open-source enthusiast and core maintainer of the SupplyShield project, he actively contributes to improving software supply chain security. He has reported high-severity security issues in critical projects such as Node.js, Gunicorn, and Safari, earning multiple CVEs for his work. He also has been part of team bi0s (India’s top CTF team) as a mentor, CTF player, and challenge creator.

Thoughtworks

Nal is a Cyber Security Regional practitioner - EMEI with ~12+ Years of experience. Nal's areas of expertise include AI security, Threat modeling, Threat identification, vulnerability management, assessments, building security capabilities, security automation, and DevSecOps. Nal is also a co-creator of AIGoat - a tool to practically learn LLM vulnerabilities. Outside work, Nal is an avid painter and sportsman.

Thoughtworks

Farooq Mohammad is a cybersecurity professional at Thoughtworks with over a decade of experience in application and mobile security. He works closely with developers, infra teams, and business stakeholders to build secure, scalable systems, with a strong focus on DevSecOps.Farooq is also a co-creator of AIGoat - a tool to practically learn LLM vulnerabilities Lately, he's been diving deep into the intersection of AI and security. Farooq loves breaking things (ethically) and helping teams shift security left—without slowing down the flow.

Kubotor

Abhijeet Singh is a security practitioner designated at Kubotor. He specializes in exploit writing and low-level security research.

AppSecEngineer

Vishnu Prasad — Principal DevSecOps Solutions Engineer at AppSecEngineer 9+ years of experience in DevSecOps, Security Automation, and AI Security Expert in embedding security into CI/CD and AI/ML systems Delivered masterclasses at Black Hat, DEF CON, OWASP, Troopers, BruCON Specializes in SAST, SCA, DAST automation, Kubernetes & Cloud Security, and LLM threat modeling & defense

Satish Patnayak is a seasoned application security expert with more than 14 years of experience. Specializing in mobile app security, he has collaborated with leading organizations to enhance the security of their Android applications. He is the creator of widely used security tools, including AndroGoat, ScanAndroidXML, S3CURE, SG-Cleaner, which are trusted by the security community. Satish Patnayak has presented at renowned conferences such as Black Hat, OWASP, and Null meetings, where he shares his deep knowledge of application security. His passion lies in educating developers on secure coding practices and advocating for greater awareness of mobile security threats. Certifications: 1. SANS GIAC Mobile Device Security Analyst (GMOB) 2. AWS Certified Security Specialty 3. Certified DevSecOps Professional (CDP) Open Source Projects: 1. AndroGoat – Vulnerable Android application developed using Kotlin. 2. ScanAndroidXML – Scanning tool to identify vulnerabilities in Android applications. 3. S3CURE - Scans Amazon S3 buckets for potential security vulnerabilities. 4. SG - Cleaner - Identifies and safely removes unused security groups in AWS. Public Presentations: 1. BlackHat Europe 2020 2. Null Hyderabad chapter meet – July 2023 on Shift-left Security – IaC 3. OWASP Hyderabad chapter meet –September 2018 on Dynamic Instrumentation using Frida 4. OWASP Hyderabad chapter meet –April 2016 on Android Security 5. OWASP Sofia Chapter 6. OWASP Bay Area Blogs: 1. https://medium.com/@satish.appsec 2. http://badnetizen.blogspot.in

Kowshik Ramadugu is a cybersecurity professional specializing in SOC operations and security training.

SquareX

Dakshitaa Babu is a security researcher and product evangelist at SquareX. Her work focuses on cutting-edge browser security research, including email security bypasses, breaking Secure Web Gateways, Browser Syncjacking, polymorphic extensions, and Full Screen BitM attacks. She has presented at DEF CON, BSides San Francisco, and OWASP Singapore, with her research featured by Forbes Exclusive, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.

Riyaz Walikar is a seasoned security professional known for his work in web application security and offensive security.

• Currently working as Principal Threat Researcher, Working from 20+ years in industry, previously worked as Threat Intelligence Researcher, Information Security consultant, Developer of Firewall/IDS/IPS devices. • Speaker at multiple International Security conferences: NullCon, AVAR Singapore, Bsides Delhi. • Worked in various aspects of Threat Intelligence like Darknet coverage, OSINT, Building & deploying Honeypots, Automation of Darknet data collection, • Python programmer, official programmer in past and Now for automation and fun and the love of python. • Lock picking enthusiastic, done lock picking workshop at Garage4Hackers meet. Also done the first Lock picking workshop in India at NullCon 2015. • Hardware and Electronics enthusiastic, works with AVR and other embedded devices as hobby. Created first ever hardware badge of Nullcon conference in 2014.

I am a threat researcher with a background in digital forensics and incident response, including ransomware attacks. My expertise lies in adversary engagement and hunting, where I investigate cybercriminal groups to gain a comprehensive understanding of their motives, methods, and operational intricacies.

Anjali Shukla is a seasoned cloud security engineer with over six years of experience in DevSecOps, Kubernetes security (EKS/GKE) as welll as AWS, Azure, GCP security. She is the founder of Kubernetes Village, a community dedicated to enhancing Kubernetes security along with leading the OWASP EKS Goat project, focusing on AWS EKS security, and actively shares her research on cloud security via her YouTube channel, @peachycloudsecurity. She has contributed to the community by volunteering at events like Cloud Village at DEF CON and BSides and is recognized AWS Community Builder. Her speaking engagements include Black Hat Spring USA, Black Hat Europe, Nullcon, Seasides Goa, BSides Bangalore, CSA Bangalore, C0c0n, and Nullcon.

Divyanshu Shukla is a Senior security engineer with more than seven years of experience in Cloud Security, Kubernetes Security, DevSecops, Web Application Pentesting, and Threat Modelling. Reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Currently co-lead of OWASP EKS Goat, Author of Burp-o-mation and a very-vulnerable-serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member 2020/2021/2022. Delivered talks at events like Blackhat Europe, Seasides, C0c0n, Nullcon, Brucon, Bsides Bangalore and Bsides Ahmedabad. Also winner of ""Cybersecurity samurai 2023"" at Bsides Bangalore 2023 & ""Cloud Security Champion'' at CSA Bangalore 2023.

Niranjan Talreja is a seasoned Product Security Architect and Cybersecurity Leader with a strong track record in securing complex software and systems for global technology platforms. He has significant experience in product security, application security, and cybersecurity, having worked with leading technology companies including Microsoft, Salesforce, and NETGEAR—where he contributed to advancing secure development practices and protecting products against evolving threats. Niranjan combines deep technical expertise with a pragmatic approach to security, working closely across engineering and product teams to embed robust security controls throughout the software lifecycle. His professional journey reflects a commitment to enhancing secure coding practices, threat modelling, vulnerability management, and cross-functional collaboration to deliver resilient and secure technology solutions. Known for his hands-on leadership and passion for building secure products, Niranjan actively champions security awareness and excellence within engineering organizations. His blend of strategic vision and technical execution positions him as a respected voice in the cybersecurity community.

Enciphers

I work as a Senior security analyst at Enciphers. With experience in identifying security vulnerabilities, I have dedication to helping organizations strengthen their digital assets. My core expertise lies in Web, API, Network, and Mobile (iOS) penetration testing, where I specialize in uncovering weaknesses and ensuring robust security postures. Additionally, I occasionally participate in bug bounty programs, contributing to a safer digital environment by discovering and responsibly reporting vulnerabilities. Beyond technical assessments, I have had the privilege of being part of corporate training programs, as a co-trainer, in India and overseas too. Covering topics such as web application hacking, cloud security, wireless security audits, AI/LLM security, etc. I also contribute to building labs for our certification programs and also CVE Cipher Labs, designing realistic training environments that challenge and educate aspiring security professionals. These labs reflect real-world scenarios, enabling learners to develop hands-on skills that are critical in today’s cybersecurity landscape.

Enciphers

I work as a Security Analyst at Enciphers having 1.5 YOE. With experience in identifying security vulnerabilities, I have dedication to help organizations strengthen their digital assets. My core expertise lies in Web, API, Network, Mobile(Android) penetration testing, where I specialize in uncovering weaknesses and ensuring robust security postures. Additionally, I hold certifications as eWPTX and eJPT I also contribute to building Lab for our Certification programs and also CVE Cipher Labs, designing realistic training environments that challenge and educate aspiring security professionals. These labs reflect real-world scenarios, enabling learners to develop hands-on skills that are critical in today’s cybersecurity landscape.