As we dive into the second quarter of 2024, the Information Security (InfoSec) industry stands as a testament to human ingenuity and resilience in the face of relentless cyber threats. This year, more than ever, the individuals leading the charge in InfoSec deserve recognition.
We curated a list of 41 thought-leaders in InfoSec, and it's more than a roster of experts. It's a snapshot of the frontline in cyber defense, featuring a diverse group of professionals.
Tib3rius is recognized as a professional penetration tester at White Oak Security, with a specialization in web application hacking, though his skills also encompass network penetration testing. His passion for sharing knowledge and mentoring within the cybersecurity community is evident through various educational and mentoring initiatives. Tib3rius's contributions to the field, including his participation in The Hacker Mind podcast, highlight his commitment to advancing cybersecurity practices and fostering a deeper understanding of penetration testing among professionals and enthusiasts alike.
Pradeep S. Sandhu is a recognized Cloud Security Leader at Deloitte, known for his passion and expertise in simplifying the cloud security journey for clients. His role involves driving cloud security strategies, managing risks, and ensuring compliance across various cloud platforms. Pradeep's contributions to the field are highlighted through his active engagement on LinkedIn, where he shares insights and developments in cloud security. His leadership extends beyond his professional role, as evidenced by his participation in industry events and discussions, further establishing him as a trusted practitioner in cloud security.
Abhay Bhargav is the Founder and Chief Research Officer at AppSecEngineer, a premier online training platform specializing in Application Security and Cloud-Native Security. In addition to his role at AppSecEngineer, he is also the CEO of we45, an Application Security company. With over 15 years of experience in the field, Abhay is an AppSec expert, author, and Black Hat Trainer dedicated to building the world's best security training platform. His contributions to the cybersecurity community are widely recognized, making him a respected figure in the industry.
Jason Haddix is a prominent figure in the cybersecurity community known for his expertise in red teaming, bug bounty hunting, and security leadership. His GitHub profile is a resource hub for offensive security practitioners, featuring projects that cater to their needs. Jason also shares his knowledge and experiences through his YouTube channel, "jhaddix," which has garnered a significant following. Currently serving as the CISO and "Hacker in Charge" at BuddoBot, a consultancy specializing in adversary emulation, Jason has had a distinguished 15-year career in the field. His contributions to cybersecurity are well-regarded, which makes him a respected voice and authority in the community.
Ashish K., with over 15 years in product management at Qualys, is a force in cybersecurity, dedicated to crafting innovative solutions that shield businesses from emerging threats. His track record boasts significant achievements like leading Araali to the RSA Innovation Sandbox 2022, pioneering Device Care at Symantec into a major revenue generator, and amplifying a global service business by 180%. Ashish's contributions extend beyond product launches; he's also an author of patents and publications in the field, embodying the spirit of a lifelong learner constantly navigating the dynamic terrain of cybersecurity and cloud computing.
Luke Stephens, also known as "hakluke," is the Director and Founder of haksec, a cybersecurity firm based in Queensland, Australia. With a mission to improve marketing within the cybersecurity industry, Luke has also founded HackerContent, which focuses on content creation in the cybersecurity space. Known for his hacking skills, Luke is dedicated to providing holistic cybersecurity services through Haksec and sharing his knowledge and insights through various platforms, including his personal projects. His commitment to the field is evident in his active engagement in the community, where he shares valuable content and engages with cybersecurity professionals and enthusiasts alike.
Jayson E. Street is the Chief Adversarial Officer at Secure Yeti. Known for his unique approach to cybersecurity, Jayson is an author, speaker, and expert in ethical hacking, using his skills to educate and empower organizations in their cybersecurity efforts. His work at Secure Yeti involves leading offensive security strategies to enhance organizational defenses through real-world hacking simulations and training. Jayson's contributions to the field, combined with his engaging speaking style, make him a respected and influential voice in cybersecurity.
Steven R. is a Technical Specialist in Security at Inviso that brings over 11 years of experience in cloud security and cloud-native technologies. His focus on information security has made him a valuable asset to Inviso, where he contributes to enhancing the company's cybersecurity posture. Steven's expertise is recognized within the organization, as evidenced by acknowledgments from colleagues like Juliet Helms on LinkedIn. His role involves addressing complex security challenges and ensuring the secure deployment and operation of cloud-based solutions that makes him a key figure in Inviso's technical team.
Shachar Hirshberg is a Senior Product Manager at Amazon Web Services (AWS), where he leads strategic initiatives, particularly focusing on cloud security. With a background that includes an MBA from Harvard, Shachar's expertise in product management and cloud security is well-regarded within AWS and the broader tech community. His work involves building, designing, launching, and scaling significant AWS services, contributing to the AWS Security Hub's development and enhancement. Shachar's professional journey is marked by his contributions to AWS's strategic growth and his active engagement in sharing insights and developments in cloud security.
Rana Khalil is a distinguished Application Security Engineer Lead at C3SA Cyber Security Audit, where she plays a pivotal role in enhancing the cybersecurity posture of both public and private sectors in Canada. Her leadership extends to her involvement with BSides Ottawa, and her expertise in application security is recognized through her contributions as a consultant. Rana's work focuses on steering digital safety initiatives, and her proficiency in the field is further highlighted by her active engagement in the cybersecurity community by sharing insights and leading discussions on pertinent security topics. Her commitment to the field is evident in her efforts to secure open-source dependencies and her dedication to advancing application security practices.
Devender R. is a Security Researcher at HackerOne, where he is passionate about staying current with the latest threat landscapes and security trends. He is dedicated to applying cutting-edge strategies to safeguard digital assets and is recognized for his contributions to the cybersecurity community. His profile on LinkedIn highlights his role and contributions at HackerOne.
Clint Gibler, as the Head of Security Research at Semgrep, is at the forefront of sharing cutting-edge cybersecurity research and insights. He is also the founder of tl;dr sec, a platform dedicated to aggregating and distilling security tools and research to enhance efficiency within the cybersecurity community. Clint's work at Semgrep involves leading initiatives to improve security practices through innovative research and development. His contributions to the field are further amplified through his active engagement on social media platforms like Twitter, where he shares valuable cybersecurity information and updates. Clint's background, including his education at the University of California, Davis, and his role as an angel investor, shows his deep commitment to advancing cybersecurity knowledge and practices.
Louis Nyffenegger, the founder of PentesterLab, has established a renowned learning platform dedicated to web penetration testing and cybersecurity training. His creation has become an essential resource for both beginners and seasoned professionals looking to enhance their skills in security engineering and ethical hacking. Louis's work in developing PentesterLab reflects his deep commitment to the cybersecurity community by providing practical, hands-on exercises that cover a wide range of vulnerabilities and attack techniques. His contributions extend beyond PentesterLab, as he is also recognized for his engagement with the community through social media and various speaking engagements, where he shares insights and promotes cybersecurity awareness.
Bharat Kishore, serving as the Chief Conversation Architect/CRO at we45, is dedicated to elevating the product security skills of software teams. Through hands-on training that spans from foundational AppSec Essentials to advanced topics like Kubernetes, cloud, and supply-chain security, Bharat guides product teams toward establishing secure practices organically. His approach emphasizes a gradual and sustainable path to achieving secure defaults to ensure that security enhancements are both effective and lasting.
Tony U., the CEO & Founder of VerSprite Security, leads a global security, privacy, and risk management firm. With a strong background in cybersecurity, Tony has established VerSprite as a key player in the industry by providing comprehensive security services to multinational corporations. He is also recognized for co-creating the PASTA (Process for Attack Simulation & Threat Analysis) methodology that enhances threat modeling and risk assessment practices.
Evan Oslick, the VP of Solutions Engineering at True Positives, LLC, champions a simplified approach to software security, emphasizing it as a facet of quality. He integrates software engineering best practices and psychology to streamline security measures, moving away from complex and fear-driven approaches.
Jason Popp serves as the Sr Director of Cybersecurity Engineering and Architecture at GEICO, where he brings a wealth of experience in architecting, managing, engineering, mentoring, and strategizing within the cybersecurity domain. His proven track record in building and leading security programs is highlighted through his LinkedIn profile and various professional engagements. Jason's role at GEICO involves overseeing cybersecurity data infrastructure engineering, showing the importance of cybersecurity in the organization's operations.
Sashibhusan Satapathy, currently at SC Ventures by Standard Chartered, is an Information Security professional with over 14 years of experience. His expertise spans threat modeling, cloud migration, and security, underpinned by a proactive approach to solving complex security challenges. Recognized for his innovative solutions in architecting and designing cloud solutions, Sashibhusan has a proven track record in developing informed cloud strategies and managing their implementation. His ability to merge creative solutions with fresh initiatives, along with his attention to detail and proficiency in collaborating with customer security departments, marks him as a leader in information and cybersecurity.
Vandana Verma is a distinguished figure in the cybersecurity community, currently serving as a Security Relations Leader at Snyk. She has a strong connection with the OWASP® Foundation because of her significant contributions to the field through her work in DevSecOps and her participation in various public events, including Global OWASP AppSec and BlackHat events. Vandana is also known for her efforts in fostering diversity and inclusion within the cybersecurity domain through initiatives like InfosecGirls.
Tanya Janca, known in the cybersecurity community as SheHacksPurple, is the Head of Education and Community at Semgrep. She is renowned for her contributions to application security education, notably as the best-selling author of "Alice and Bob Learn Application Security." Tanya's role at Semgrep involves leading initiatives to educate and engage the community around secure coding practices and the use of Semgrep's tools for enhancing application security. Her extensive background in cybersecurity, combined with her passion for community building and education, makes her a pivotal figure in advancing the field of application security.
Rupender Singh is a Security Engineer at Backbase, known for his expertise in cybersecurity, coaching, and his solid work ethic. His professional journey is marked by a strong foundation in Computer Science, with a specialization in Cyber Security and Forensics, and a diverse skill set that includes Application Security, Code Reviews, DevSecOps, Security Automation, and Product Security. Rupender is committed to integrating security into the fabric of technology to guarantee that every line of code contributes to a safer digital environment.
Taimur Ijlal is a distinguished information security leader associated with Amazon Web Services (AWS), with over 21 years of international experience in cybersecurity and IT risk management, particularly within the fintech industry. His LinkedIn profile highlights his multi-award-winning career and his contributions to the field of cybersecurity. Taimur is also active in sharing his knowledge and insights on platforms like Medium, where he writes about cybersecurity career development and cloud security skills. Additionally, he is recognized for his work as a cybersecurity instructor on Udemy, further emphasizing his commitment to educating and mentoring professionals in the cybersecurity domain.
Scott Piper is recognized as a Principal Cloud Security Researcher at Wiz, where he contributes his extensive expertise in cloud security. Known as a "cloud security historian," Scott has developed notable tools and resources such as flaws.cloud and CloudMapper, which are widely used in the cybersecurity community. His work at Wiz involves researching and suggesting measures to ensure secure cloud environments, particularly focusing on AWS security best practices. Scott's involvement in the founding team of fwdcloudsec and his active engagement on social media platforms like Twitter, where he shares insights and developments in cloud security, underscore his significant contributions to the field.
Aakansha Puri is a Senior Cloud Security Engineer at Thomson Reuters, where she is part of the security architecture team that focuses on enhancing cloud security. Her previous experience includes working in the Cyber Detect and Respond practice at Deloitte, where she was involved in SOC, SIEM, threat hunting, and threat intelligence services. Beyond her professional role, Aakansha is passionate about sharing and teaching her knowledge in cybersecurity and cloud technologies to contribute to community spaces to help others learn. She is committed to learning and implementing cloud security measures and exploring various cybersecurity domains, with a particular interest in the intersection of information security, business, and creativity.
Chuck Brooks is an Adjunct Faculty at Georgetown University's Applied Intelligence Program and graduate Cybersecurity Programs. At Georgetown, he imparts his extensive knowledge through courses that delve into the complexities of cybersecurity that prepares the next generation of professionals to navigate the evolving digital landscape. With a career spanning over 25 years, Chuck's expertise is not only recognized in academia but also in his contributions as a thought leader, where he frequently shares insights on cybersecurity trends and best practices.
Anantha Krishna, currently with Hiver, stands out as an Information Security Leader and Freelance Technical Instructor, boasting over 9 years of rich experience in the cybersecurity domain. His professional journey, detailed on his LinkedIn profile, showcases a deep commitment to enhancing cybersecurity measures and educating others in the field. Anantha's expertise spans a wide array of cybersecurity practices, and he is particularly noted for his ability to translate complex security concepts into actionable knowledge for a diverse audience.
Sean Wright serves as the Head of Application Security at Featurespace, bringing a wealth of experience from his background as a software developer. With over 10 years in security-focused roles, Sean has a deep understanding of application security, particularly in the realm of web-based applications. His work involves leading the application security initiatives at Featurespace that focus on safeguarding applications from potential threats and vulnerabilities. Sean is also active in the cybersecurity community, sharing insights and engaging with peers through platforms like Twitter and his personal blog, where he delves into various AppSec topics. His passion for application security, combined with his technical leadership, makes him a key figure in the field.
Izar Tarandach is a Principal Security Architect at SiriusXM, where he is known for his expertise in security architecture and threat modeling. His work involves leading security initiatives and contributing to the development of secure systems within the organization. Izar is also active in the cybersecurity community to share his knowledge and insights through various platforms and presentations. His contributions to the field, including the development of security frameworks and methodologies, are well-regarded among his peers and within the industry.
Nitesh Shilpkar is an Infrastructure Lead Analyst at Citi Bank who brings a wealth of experience and expertise to his role, with over 8 years dedicated to the field of cybersecurity and infrastructure analysis. Nitesh's role at Citi involves a dynamic blend of technical acumen, strategic planning, and leadership as he navigates the complex landscape of financial cybersecurity. His contributions extend beyond routine security measures, involving the development and implementation of advanced security protocols, risk assessment methodologies, and incident response strategies. His work is pivotal in maintaining the integrity and resilience of Citi's digital assets to make sure that the bank remains at the forefront of cybersecurity practices in the financial sector.
Het Mehta serves as an Associate Analyst in Information Security at Accops Systems Pvt. Ltd., where he plays a crucial role in the cybersecurity domain. His responsibilities likely encompass vulnerability management, security analysis, and contributing to the overall security posture of Accops Systems. Het's engagement in the field is also evident from his active participation on LinkedIn, where he shares insights and updates related to cybersecurity that indicates his commitment to staying abreast of industry trends and contributing to the community. His role at Accops Systems positions him at the front line of addressing complex security challenges and safeguarding digital assets.
Buchi Reddy B is the CEO and Co-Founder of Levo.ai, a company on a mission to enhance API security. With over 11 years of experience in building and scaling SaaS products, Buchi Reddy has a strong background in application security and engineering. His journey from engineering student to tech entrepreneur showcases his dedication to addressing the challenges in digital security, particularly in securing APIs easily. His work at Levo.ai focuses on taking control of API sprawl and proactively mitigating API risks to ensure the development of secure and resilient APIs.
Sripati M S, serving as the Assistant Vice President - Risk at Utkarsh Small Finance Bank, brings a wealth of over 18 years of experience in information security to the table. His expertise spans creating, consulting, and managing tailored security programs across diverse sectors such as oil/gas, utilities, banking, and finance. Sripati is well-versed in all aspects of security assessment services, from RFP responses to project closure, and boasts hands-on penetration testing skills for both network and web applications. His leadership extends to team management and cross-departmental coordination that guarantee project success and team growth. Sripati is also a published author in notable magazines and has developed and delivered extensive security training, impacting over 2500 individuals.
Tushar Verma is an Offensive Security Consultant at NetSentries Technologies, where he brings a dynamic and seasoned approach to cybersecurity. With a passion for simulating real-world cyber threats, Tushar plays a crucial role in enhancing the security posture of organizations by identifying vulnerabilities and strengthening defenses. His work at NetSentries involves a deep understanding of offensive security measures, and he is also recognized for his contributions to the cybersecurity community through platforms like LinkedIn and Twitter. Tushar's engagement in public speaking and openness to freelance engagements further highlight his dedication to the field and his commitment to sharing knowledge and expertise.
Heitor Lessa holds the position of Chief Architect for Powertools at AWS, where he plays an important role in enhancing serverless architectures and cloud solutions. His contributions to the AWS community include the creation of the AWS Well-Architected Serverless Lens in 2017 and the development of Powertools, a suite of utilities that simplifies the use of AWS services in serverless applications. Heitor is actively involved in sharing knowledge and insights about AWS services, serverless architectures, and best practices through various platforms, including LinkedIn and Twitter. His work not only impacts the development of AWS Powertools but also fosters a community around serverless technologies.
Jen Easterly currently serves as the Director of the Cybersecurity and Infrastructure Security Agency (CISA), having been nominated by President Biden in April 2021. With a background as an American intelligence and former military official, Easterly brings a wealth of experience to her role at CISA, where she is responsible for enhancing the cybersecurity and infrastructure resilience of the United States. Her leadership is pivotal in addressing the nation's cybersecurity challenges, and she is recognized for her contributions to America's cyber defense. Easterly's engagement with the community, including her presence on social media platforms like Twitter, emphasizes her commitment to cybersecurity awareness and education.
Yuri Diogenes serves as a Principal PM Manager at Microsoft, where he has been contributing since October 2021. With a Master of Science degree in Cybersecurity Intelligence and Forensics Investigation from UTICA College, Yuri plays a pivotal role in the Microsoft CxE ASC Team. His work focuses on demonstrating the security capabilities within Microsoft's suite of products, particularly in cloud and AI security. Yuri's extensive experience at Microsoft, dating back to 2006, and his leadership in the Customer Experience Engineering Defender for Cloud team emphasize his significant contributions to enhancing Microsoft's cybersecurity posture and customer experience.
Vadivel R at GlobalLogic is recognized for his expertise in ethical hacking and cybersecurity. With over a decade of experience, Vadivel has contributed significantly to the cybersecurity landscape by demonstrating a profound understanding of how to protect systems and data against evolving cyber threats. His role involves not just defending digital assets but also innovating security solutions that address current and future challenges in the field. Vadivel's commitment to advancing cybersecurity practices and his contributions to the development of robust security measures position him as a key figure to watch in the InfoSec world.
Sabeer Bijapur, an Information Security Officer specializing in Product Security, has over 7 years of experience in the cybersecurity industry. His expertise includes a broad spectrum of activities, including Penetration Testing across various platforms, Security Architecture Review, Breach and Attack Simulations, and Cloud Security, to name a few. Sabeer's proficiency in Vulnerability Assessments, Threat Modelling, and Compliance, coupled with his achievements in Bug Bounty programs, has earned him recognition from tech giants like Google, Apple, and Netflix. His contributions have significantly enhanced product security across multiple domains, which makes him a valuable asset in the field of information security.
Ben Sadeghipour, known as "NahamSec" online, is a respected figure in the cybersecurity realm and the Co-Founder & CEO of HackingHub. Renowned for his expertise in ethical hacking and bug bounty hunting, Ben has made significant contributions to the security community by identifying vulnerabilities in major corporations and sharing his knowledge through various platforms. His educational endeavors, including tutorials and live streams, have made him a key resource for both aspiring and established cybersecurity professionals. Ben's leadership at HackingHub underscores his commitment to advancing the field of cybersecurity and fostering a collaborative community.
Yazad Khandhadia is a key figure in cybersecurity at Emirates NBD, holding a leadership role in security engineering. His work involves guiding the organization's cybersecurity strategies and implementing innovative security solutions. Yazad's contributions to Emirates NBD include running cybersecurity awareness campaigns and workshops that are focused on the importance of cybersecurity in the banking sector. His expertise and leadership in the field make him a notable professional in the InfoSec community.
Michael Man is a prominent figure at Veracode, bringing over 20 years of IT security experience to his role. He has been instrumental in advising large enterprises on secure software development, emphasizing compliance with regulations and enhancing security postures. Michael's expertise extends to secure coding practices, DevSecOps, and ethical hacking, with his OSCP certification highlighting his proficiency in the field. His contributions to the cybersecurity community, including founding one of the largest DevSecOps meetups, shows his commitment to fostering knowledge sharing and best practices in software security.
Staying updated with the latest trends and threats is important for securing our digital assets. The field is marked by continuous advancements in technology and equally sophisticated cyber threats. With this comes the demand for constant vigilance and adaptation from professionals and users alike. Information Security thought leaders and platforms like AppSecEngineer play a critical role in this ecosystem by providing cutting-edge knowledge, resources, and training that address current security challenges and anticipate future ones.