HackTheBay 3.0

Ani Turner is a Senior Security Engineer at Adobe, where she leads the bug bounty program and works closely with ethical hackers to help strengthen product security. She sits at the intersection of research and engineering, triaging vulnerability reports, assessing real world impact, and guiding findings from submission to remediation. With a background in full-stack development and psychology, Ani brings a unique, practical, and collaborative approach to building scalable security programs.

Bhagavan Bollina is a passionate security researcher who loves building and breaking things in the cloud. Parallelly he also dabbles in web, network and mobile security. When not building and breaking stuff in the cloud, he enjoys bug bounty submissions with over 200+ across crowd source platforms. He loves training
his dog as well in his spare time, but the dog weirdly seems to not like Bug Bounty.

David Porcello (aka grep8000) is an independent security researcher, consultant, pentester, instructor, course developer, OSCP certificate holder, founder of Pwnie Express, and creator of the award-winning Pwn Plug and other penetration testing devices featured in Wired, Ars Technica, PC Magazine, Forbes, and Mr. Robot. Over the years, David has built covert hacking devices for DARPA, hosted workshops at Defcon, authored the Pentester's Handbook GitHub book, and built the tech behind NPR’s Project Eavesdrop.

I’ve been working as Head of Technical Advocacy at SCYTHE, Founder & Investor at CROSS-INTEL, Advisor & Investor at Sherlockeye, BSides Porto Organizer, Red Team Village Director (DEF CON), Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Master Degree in Portugal, Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

Matt Miller (kn0ck0ut) is an ethical hacker, Master's student in Data Science, and serial entrepreneur who likes breaking things to figure out how they work. With a background in application security and solo-founding multiple startups, he recently dove deep into wireless security research, combining data science methodologies with hands-on hacking. Over the past year, he's conducted extensive Bluetooth warwalking across multiple cities, collecting hundreds of thousands of device observations using custom Raspberry Pi rigs. His research applies statistical analysis to real-world security failures, revealing both exploitation opportunities and surveillance risks in urban wireless environments. He believes in making complex security concepts accessible while showing the practical consequences of wireless misconfigurations.

Mahesh Babu is a former VP of Information Security turned company builder and now leads growth at Kodem, venture‑backed application security startup. At HSBC he built and scaled global application security and identity & access management platforms that safeguard billions of transactions. His career began at Purdue University’s Information Assurance & Security Research Center, where he researched secure software engineering and biometrics. Mahesh blends academic rigor with enterprise and startup execution to help organizations stay ahead of modern threats.

Rob Wright (aka eth0.rwx) got his start in security in 1997, back when exploits were traded on mailing lists and vulnerability databases were just being invented. He founded Security-Source, one of the first online vulnerability databases, and spent years in offensive security before stepping away in 2002. Returning in 2022, he now works in vulnerability management focused on automation, remediation, and closing real risk in production environments.

He brings an attacker’s perspective to defensive security, with a focus on how things actually break and how to fix them at scale.

Hacker | Security Researcher | AppSec Innovation at Palo Alto Networks

Rotem Bar is a veteran hacker and security researcher with over 20 years of experience breaking—and then fixing—complex systems. Currently serving as a Hacker within the InfoSec organization at Palo Alto Networks,

Rotem focuses on offensive security, identifying novel attack vectors in modern cloud infrastructures, and securing the software supply chain. Rotem's career spans the full spectrum of the industry, from early days in the IDF’s elite technology units to securing critical infrastructure in the automotive and SaaS sectors. Before joining Palo Alto Networks (via the acquisition of Cider Security), he led security initiatives at AppsFlyer and Cymotive, where he specialized in penetration testing and automotive security concept design.

As a bug bounty hunter, Rotem has uncovered critical vulnerabilities in major global platforms, including TikTok, Aws, General Motors, AT&T, and many more. His research has led to significant industry disclosures, for example the discovery of a vulnerability in Elementor that exposed over 6 million websites (CVE-2022-29455) and groundbreaking research on hacking automotive clouds presented at DEF CON.

He is a frequent speaker at top-tier conferences like DEF CON (Cloud & AppSec Villages), BSidesTLV, and Security Fest, where he often shares new novel reaearch," CI/CD security, and the intricacies of the hacker mindset.

Mandiant / Google Cloud | Cybersecurity Leader | Red / Blue Team SME

A 20-year veteran of technology and security and court-recognized as a Subject Matter Expert in digital forensics, Mr. Massfeller serves as an Incident Response Manager within Mandiant’s Mid-Atlantic Southeast region, where he leads complex consulting engagements with a primary focus on large-scale incident response and digital forensics. He acts as the strategic lead for clients from initial kickoff through complete remediation, providing expert project management and technical subject matter expertise to navigate critical security breaches. Additionally, Mr. Massfeller holds the role of Service Line Owner for Physical Security Penetration Testing. In this capacity, he provides strategic oversight for the service line, defining its mission to proactively mitigate critical business risks by securing physical perimeters. This is achieved through comprehensive security reviews and realistic penetration tests that challenge and mature an organization's physical security posture. He is responsible for establishing the methodologies that enable clients to defend against physical threats and ensure their physical security posture matures in alignment with evolving global risks.

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.

Stephen Brennan is a mathematician who researches neural network model
internals in the quest to increase the explainability of AI. His hobbies
include hiking, camping, and deck building games. He has contributed
significantly to R&D for in-depth neural network analysis to identify
vulnerabilities, weaknesses, and inefficiencies, helping improve the
robustness and security of AI systems.

Sumanth Vankineni is a cybersecurity enthusiast who enjoys exploring a little bit of everything : breaking things, understanding how they work, and figuring out how they can be improved. His interest lies in how systems fail and how they behave when pushed in unexpected ways. He brings a chess player’s mindset to security: curious, strategic, and always thinking a few moves ahead. His chess rule is his security rule: if it looks like a trap, it probably is, so don’t click it!

Ulrich Lang received his PhD from Cambridge University Computer
Laboratory (Security Group) on Access Policies for Middleware in 2003
after having completed a Master's in Information Security from Royal
Holloway College (London) in 1997. With 25+ years in infosec, he is a
renowned thought leader in vulnerability analysis of AI, binary
software, 5G, as well as supply chain risk analysis, Zero Trust access
control, and more. He is responsible for the business and technical
strategy, architecture, and direction of ObjectSecurity and its
products. He has published over 150 papers/presentations, 10+ patents,
and was a proposal and project evaluator, Board Member of the Cloud
Security Alliance (Silicon Valley Chapter), conference program
committee, panel moderator, consultant, and book author.

Venky Raju is Field CTO at ColorTokens, advising CISOs and business leaders on resilient, Zero Trust strategies to stay ahead of AI-enabled cyber threats. With a career spanning embedded systems, cloud-native platforms, and global networks, he brings a unique lens to securing complex environments. Previously, Venky was a founding member of Samsung Knox, the groundbreaking Android security platform protecting billions of devices. He is a named inventor with multiple patents and holds CISSP and CCSP certifications. He is also passionate about giving back through hackerspaces and maker communities.