Jason Haddix AKA jhaddix is the CEO and “Hacker in Charge” at Arcanum Information Security and the field CISO for flare.io. Arcanum is a world class assessment and training company. Jason has had a distinguished 20-year career in cybersecurity previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 57th all-time on Bugcrowd’s bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks on offensive security methodology, including speaking at cons such as DEFCON, Bsides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, Toorcon and many more.

Ben Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben's professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and Bsides.

Jeff Foley has over 20 years of experience in information security, focusing on research & development, security assessment, and attack surface management. During the last eight years, Jeff identified a lack of situational awareness in traditional information security programs and shifted his attention to this vital function. He is now the Project Leader for Amass, an OWASP Foundation Flagship Project that provides the community with guidance and tooling for in-depth attack surface mapping and asset discovery. Jeff has assisted various companies with attack surface management and has been invited to speak at conferences. In past lives, Jeff was the Vice President of Research at ZeroFox, focused on proactive cybersecurity outside the traditional corporate perimeter. He also served as the Global Head of Attack Surface Management at Citi, one of the largest global banks, and started their first program addressing exposure management. Jeff began his career serving the United States Air Force Research Laboratory as a contractor specializing in cyber warfare research and development. He concluded his government contracting at Northrop Grumman Corporation, where he performed the roles of Subject Matter Expert for Offensive Cyber Warfare Research & Development and Director of Penetration Testing. In these roles, he also developed a penetration testing training curriculum for the Northrop Grumman Cyber Academy and taught trainers to utilize the material across this international organization. During his time in this profession, Jeff has taught at various academic institutions on offensive security, cloud security, and attack surface management.

Hazem Elsayed is a penetration tester and security researcher focused on web, mobile, game, and AI-driven systems. He leads offensive security engagements at HackerOne and works as a penetration tester with Bugcrowd. Previously, he served as Lead Offensive Security Engineer at Cyrex, where he oversaw red team operations and application-level assessments. With a track record of uncovering 500+ security flaws across a wide range of technologies, Hazem approaches security with a mix of hands-on exploitation, programming, and automation. He spends most of his time in the bug bounty space, digging into real-world vulnerabilities and helping companies fix critical issues before they’re exploited. His work blends technical depth with a practical mindset aimed at breaking—and improving—things at scale.

Harrison Richardson (rs0n) began his Cybersecurity career in the US Army as a 25B. After leaving the service, Harrison worked various contract and freelance jobs while completing his Masters in Cybersecurity from the University of Dallas. Harrison's first full-time job in the civilian sector was at Rapid7, where he worked as a senior security solutions engineer as part of their Applied Engineering Team. Today, Harrison works as a product security engineer coving web applications, cloud, and AI systems. In his free time, Harrison develops a wide range of open-source tools and works to provide educational content to the bug bounty community through YouTube & Twitch.

Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security. - www.linkedin.com/in/cloudy-with-a-chance-of-security - https://github.com/sonofagl1tch

As a penetration tester for Rhino Security Labs, I bring over a decade of experience to the security industry. For the past two years, I have specialized in bug bounty hunting and penetration testing, focusing on web applications and recently expanding into Android application security. My work has resulted in vulnerability submissions to major companies, including Epic Games and PayPal. Beyond my primary roles, I actively conduct security research on open-source projects and emerging web technologies. This research has led to the discovery of several CVEs, including a critical Unauthenticated Remote Command Execution (RCE) vulnerability in Appsmith Enterprise Edition.

Bruno is a security researcher with a background in Web2, specializing in client-side vulnerabilities. he has conducted extensive audits and research on topics such as popular wallets and sandbox environments. He is currently ranked in the top 10 on the HackenProof bug bounty platform worldwide and has reported vulnerabilities through HackerOne to platforms such as Zoom and MetaMask.

Previously a top 10 bounty hunter at Bugcrowd, now the VP of Operations overseeing triage, appeals, escalations, and the support team, also creating YouTube content at youtube.com/codingo and developing tools at github.com/codingo.

Sam is a security engineer @ Google and helps run the Google & Alphabet VRP. In the past, Sam has won two DEF CON Black Badges and numerous live hacking event awards including an MVH trophy. Sam has submitted hundreds of bug bounty reports and triaged thousands of your reports.

Jasmin Landry is a seasoned ethical hacker and full-time bug bounty hunter who has reported hundreds of security vulnerabilities to some of the world’s largest tech companies. After years leading cybersecurity efforts as Senior Director of Information Security at Nasdaq, Jasmin returned to his roots in hacking — now focusing exclusively on uncovering critical bugs through platforms like HackerOne and Bugcrowd. Recognized at multiple live hacking events for top findings, he brings a sharp eye for unexpected issues and a deep understanding of modern attack surfaces. He’s also a co-leader of OWASP Montréal and an active voice in the security research community.

Hello! I am an application security engineer by day, and a bug bounty hunter by night! I enjoy turning security research, and bug bounties, into an engineering problem. I love collaborating with others, and I am always trying to learn new technologies. Other than hacking, I enjoy hockey, fitness, exploring, and video games!

Dane is an Innovations Architect at HackerOne, where he helps organizations run AI-focused bug bounty programs and improve the security of emerging technologies. His work includes winning 2nd place in the Department of Defense AI Bias Bounty competition, discovering critical vulnerabilities in platforms like Worldcoin, and helping design and manage Anthropic's AI Safety Bug Bounty program. Drawing on his background as a bug hunter, Dane blends strategic guidance with hands-on expertise to advance the safety and security of disruptive tech across industries.

Goraksh is Senior Security Engineer on the Amazon Bug Bounty Team where he leads overall Strategy and Engineering initiatives. He is core founding member of the Amazon Bug Bounty Program and passionate about unleashing its full potential. Goraksh also has a penetration testing background with expertise in hardware and mobile security. He likes emerging challenges and loves to do focused research. When not doing security he is into testing his legs with hiking and running half marathons.

Born and raised in TX, been hacking or breaking things since I was Kid. Got my start in Phreaking because computers were too expensive back then! Been working in the Information Security field since 2013 and have been working for Synack since 2016. I've seen over 15k reports in that time and have been pretty active with researchers from all over the world. Before security I worked as a technician for various companies including Geek Squad. Before my time on in IT I did body piercings or worked in various fields included retail and fast food. All of which helped me understand the importance of helping people to the best of my abilities.

Richard Hyunho Im (@richeeta) is a security researcher who has over a dozen credited reports from Apple (including CVE-2025-24225, CVE-2025-24198, and CVE-2024-44235), is ranked in the top 25 of OpenAI's bug bounty program, and created Fertitta Entertainment's inaugural vulnerability disclosure and bug bounty programs.

Inti is the currently the Chief Hacker Officer at bug bounty platform Intigriti.

Martin is a Security Researcher at PortSwigger with over 10 years of experience specializing in web security and reverse engineering. Renowned for presenting multiples groundbreaking researches at premier conferences like Black Hat, DEFCON and RSA. Active participant in Capture The Flag (CTF) competitions and bug bounty programs, consistently uncovering critical vulnerabilities and driving innovation in cybersecurity.

Robert Vulpe, also known as nytr0gen, is a Senior Security Engineer at UiPath. He is renowned for his expertise in cybersecurity, particularly in assessing product security through various penetration testing methodologies. With over 300 pentest assessments under his belt, Robert has identified and reported over 1500 security vulnerabilities in high-profile companies such as Amazon, PayPal, Goldman Sachs, and Epic Games. His meticulous approach to security is evident in his detailed and professional reports. He is listed among PayPal's Top 10 Hackers and was selected for the prestigious Forbes 30 under 30 list for his outstanding achievements in cybersecurity. With more than 8 years of experience in source-code review, he possesses a keen eye for identifying code-level security flaws.

For over 20 years, Adam has balanced the worlds of application security and web development. He currently serves as the CTO of HackingHub and the Director of BSides Exeter. Over the past five years, he has combined his expertise to create and deliver gamified educational content, aimed at teaching the next generation of ethical hackers and developers about web application security.

Vanshal is a security engineer and AI researcher focused on web application security and automation. He has responsibly disclosed vulnerabilities through platforms like HackerOne and Bugcrowd, and his recent work explores how artificial intelligence can scale vulnerability discovery. Vanshal has built AI-powered agents that automate recon, analyze HTTP responses, and identify real bugs across thousands of domains. He’s also worked on secure sandboxing for running hacking tools safely. At DEF CON 33, he’ll share how he built an autonomous bug bounty agent — from prompt engineering and tool orchestration to live recon and vulnerability triage. His talk blends hands-on hacking with AI, aimed at researchers who want to scale their impact with modern tooling.

Splunk Offensive Security Engineer with over 9 years of experience poking holes in things (responsibly, of course) and helping others sleep at night (sometimes). Whether it’s finding flaws in a product before the bad guys sniff them out, leading incident response like a firefighter, or scaling bug bounty programs, Gabriel brings a mix of curiosity, chaos, and calm. He is always evangelizing the art of ethical hacking—and occasionally reminding people that security by obscurity is not a strategy.

Denis Smajlović (@deni) is an OSCP-certified Principal Security Consultant at Nova Information Security who directly and skillfully managed high profile bug bounty programs for some of Silicon Valley’s most recognized brands.

Parsia is an offensive security "engineer" at Microsoft. While not a full-time hunter, he has learned a great deal from hunts and the bug bounty community. He spends most of his time reading code and experimenting with static and dynamic analysis – but wishing he was gaming. Parsia has previously presented at DEF CON's main venue and the AppSec Village. When not breaking (or fixing) things, he plays videogames, D&D, spends time with family outside - and, as his wife jokes, ""subjects himself to the tax and immigration systems of US and Canada."