Program Overview

Bangalore 2026 FIRST Technical Colloquium

Tuesday, February 10^th
Day 1
Wednesday, February 11^th
Day 2

Tuesday, February 10^th

	Day 1
09:00 – 09:15	Coffee & Networking
09:15 – 09:30	Welcome & Introduction
09:30 – 10:30	IN Keynote: AI-Resilient Incident Response: Essential Skills for Cyber Defenders Priya Madhavan ( SSC Nasscom, IN) TLP:CLEAR
10:30 – 11:05	IN Evolving TTPs of Android Malware: Nation State Actors vs Cybercriminals Vivek Muskan (CERT-In, IN) TLP:GREEN
11:05 – 11:35	Morning Break
11:35 – 12:10	IN US CoAnalyst: An AI-Driven Framework for Enhanced SOC Triage Avinash Kumar (Cisco, IN); Harshitha HH (IN); Logan Wilkins (Cisco, US) TLP:GREEN
12:10 – 12:45	IN Can You Trust That Repo? Juhi Ramani (Dell, IN); Soumyo Maity (Dell Technologies, IN) TLP:AMBER
12:45 – 13:45	Lunch Break
13:45 – 14:20	IN Turning Adversary Infrastructure Insights into Actionable Defense and Intelligence Aadesh Shinde (BforeAI, IN) TLP:AMBER
14:20 – 14:55	IN Beyond Guardrails: Engineering Resilience into the AI SDLC via the Adversary-to-Architect (A2A) Lifecycle Lokesh Balu (Dell Technologies, IN) TLP:GREEN
14:55 – 15:25	Afternoon Break
15:25 – 16:00	IN Two Countries and One Lie: Unmasking a Misattributed APT from Baku to Dushanbe Priya Patel (SEQRITE Labs, IN); Subhajeet Singha (Acronis TRU Labs, IN) TLP:GREEN
16:00 – 16:35	IN The Scale and Stakes of Security at LinkedIn Aravind Baskaran, Gaurav Gupta (LinkedIn Corporation, IN) TLP:GREEN
16:35 – 16:45	Closing
17:30 – 19:30	Social Event

Wednesday, February 11^th

	Day 2
09:00 – 09:15	Welcome & Introduction
09:15 – 10:15	IN Keynote: Security to Resilience Ashutosh Bahuguna (CERT-In, IN) TLP:AMBER
10:15 – 10:50	IN From Shadow AI to Secure AI: Defending Private LLMs in the Enterprise SOC Archana Mendon (NASSCOM , IN); Nanda Kumar Kirubakaran (SaaviGenAI, IN) TLP:CLEAR
10:50 – 11:20	Morning Break
11:20 – 11:55	IN Trajectory in NPM Attacks Targeting Supply Chain Bharath Balasubramaniam (Schneider Electric Private Limited, IN) TLP:CLEAR
11:55 – 12:30	IN CAI - Framework for Cybersecurity AI Fluency Smitha Sriharsha (F5, IN) TLP:GREEN
12:30 – 13:30	Lunch Break
13:30 – 14:30	IN Panel: Cyber Resilience as a Value Protector, Preserver, and Driver Deepa Vasudeva , Niranjini Arunachalam, Suchitra Krishnagiri (Deloitte, IN) TLP:RED
14:30 – 15:05	IN From Incident to Insight: Building Cyber Resilience with Multi-Relational Knowledge Graphs H C Ravishankar (CloudStory, IN); Shankar Murali (Commonwealth Bank of Australia, IN) TLP:CLEAR
15:05 – 15:35	Afternoon Break
15:35 – 16:10	IN From Panic to Plan: When High-Profile CVEs Break the Vulnerability Management Playbook Himanshu Saraswat, Priyam Bohra (Cisco, IN)
16:10 – 16:45	IN Hunting the Hidden: Behavioral Detection of Email Threats and Distraction Campaigns Ajay Kumar (World Bank, IN) TLP:CLEAR
16:45 – 17:00	Closing

INTLP:GREEN
Beyond Guardrails: Engineering Resilience into the AI SDLC via the Adversary-to-Architect (A2A) Lifecycle
Lokesh BaluLokesh Balu (Dell Technologies, IN)
Traditional AppSec methodologies fail against the non-deterministic nature of Generative AI. Static analysis cannot detect a semantic jailbreak, and WAFs cannot identify indirect prompt injection. For Product Security teams, the challenge is no longer just finding bugs, but architecting systems that withstand inherent model unpredictability.

This session introduces the Adversary-to-Architect (A2A) model, a technical operating framework that transforms Red Team findings into engineering constraints. We move beyond high-level governance to provide a blueprint for "Start Left" security.

Attendees will gain actionable architectural patterns for: The 7-Layer AI Stack: A structural approach to threat modeling, from Vector Stores to Agent Orchestrators. Adversarial Unit Testing: Integrating automated red-teaming into CI/CD pipelines to catch semantic failures before deployment. Resilient Design: Blueprints for Sanitization Microservices in RAG pipelines and Identity Propagation for autonomous agents. This is a comprehensive guide for architects and engineers to transition from "trusting the model" to engineering a resilient environment around it.

Lokesh Balu leads the architectural security strategy for the Infrastructure Solutions Group at Dell Technologies, integrating proactive defence across the product development engineering ecosystem. His expertise spans the full system development lifecycle, where he serves as a trusted consultant on secure software development while evolving robust control frameworks for cloud and AI technologies. Lokesh is a proven leader in high-stakes product and application vulnerability response, fortifying enterprise systems against advanced threats to ensure operational resilience. As a co-inventor of a U.S. patent in secure software risk modelling, his work is defined by pre-emptive threat mitigation, integrating threat intelligence at the earliest stages of system design. His technical capability is backed by certifications from SANS, ISC2, and CSA. He has earned an eMasters degree in Cybersecurity from IIT Kanpur and PG diploma in Cyber Law from NLSIU, Bangalore. He is a regular speaker at international conferences, and a strong advocate for the convergence of Trustworthy AI and Cybersecurity.

February 10, 2026 14:20-14:55
INTLP:GREEN
CAI - Framework for Cybersecurity AI Fluency
Smitha SriharshaSmitha Sriharsha (F5, IN)
The Cybersecurity AI (CAI) framework is an open-source, agent-based platform designed to enhance AI fluency and automation within the cybersecurity sector. By supporting both offensive and defensive operations—such as vulnerability scanning, exploitation, and mitigation—CAI offers modular agents and integrated tools that allow organizations and practitioners to scale security workflows efficiently and safely. Guardrails are built in to prevent unsafe actions, and the system has been proven in real-world scenarios including bug bounty programs and competitive CTFs. CAI aims to democratize advanced AI capabilities, making ethical, transparent, and effective AI-powered security accessible to organizations of all sizes.

Smitha Sriharsha is the Sr Manager Platform Security Engineering at F5 Networks, with over 24 years of experience in product security, cloud, and privacy engineering. She possesses a unique blend of expertise in development, product and application security, and compliance. Smitha excels in establishing security standards, partnering to build foundational security capabilities, and delivering consumable security stacks in strategic environments within a DevSecOps model, driving adoption across organizations. As a prominent blogger and speaker, Smitha has designed and contributed to numerous security education programs and bootcamps. Throughout her career, Smitha has received numerous awards and recognition during her tenures at Dell, Cisco, Ness, and SonicWall, highlighting her exceptional contributions to the Cybersecurity field.

February 11, 2026 11:55-12:30
INTLP:AMBER
Can You Trust That Repo?
Juhi RamaniSoumyo MaityJuhi Ramani (Dell, IN), Soumyo Maity (Dell Technologies, IN)
Open-source components are foundational to modern software development but can we truly trust the repositories? Our talk will focus on:
- Introduction: Shifting the conversation from vulnerability detection to evaluating open-source trustworthiness.
- Open-source software importance to modern development and trust in its components is often ignored.
- Trustworthiness Scoring Framework that assesses open-source projects beyond just counting vulnerabilities.
- Emphasizing security-focused development, responsiveness to issues, community health, and code quality.
- Proactive Strategy in incorporating this model into the Security Development Lifecycle (SDL). How organizations can take a proactive and transparent approach to choosing open-source software.
- Improving internal security practices and boosting customer confidence by showing responsible and secure open-source use.
- Questions
  
  Juhi Ramani is a Security Consultant at Dell Technologies. Her specialization includes advanced knowledge of Cybersecurity, Product and Application Security, Security & Customer Trust. She holds an MS in Software Engineering and has presented at multiple Industry forums on Securing the IoT Ecosystem, Proactive Security Practices, Product and Application Security, Cybersecurity Awareness, Security Culture and Training, Effective PSIRT, and SDL Handshake.
  
  Dr. Soumyo Maity is an information security expert and currently spearheading the global strategies and roadmaps for the Security Development Lifecycle and OSS Assurance program in Dell Technologies. He earned his PhD in Information Technology from Indian Institute of Technology Kharagpur and has coauthored several research articles and book-chapters on information security. He has multiple patents in his name filed in the USA and India. Being a regular speaker in different security forums, Maity is well-connected to the cybersecurity community in India. He is an active member in SAFECODE, and part of the working group for Quantum Cryptography, and Secure Software Development. He is a member of IEEEE and OWASP. He has earned many coveted industry certifications like, Certified Ethical Hacker (CEH), Certified in Cloud Security Professional (CCSK), GIAC Certified Information Security Professional (GISP) and GIAC Certified Defensible Security Architect (GDSA), GIAC Certified ML Engineer(GMLE) etc. He also received his Post Graduate Diploma in Cyber Law and Cyber Forensics from NLSIU, Bangalore.
February 10, 2026 12:10-12:45
IN USTLP:GREEN
CoAnalyst: An AI-Driven Framework for Enhanced SOC Triage
Avinash KumarHarshitha HHLogan WilkinsAvinash Kumar (Cisco, IN), Harshitha HH (IN), Logan Wilkins (Cisco, US)
Modern Security Operations Centers (SOCs) face overwhelming alert volumes, causing analyst fatigue, skill gaps, and manual processes that result in improper verdicts, missed threats, and compromised organizational resilience. This session introduces "CoAnalyst" – a practical, AI-driven framework designed to streamline and enhance security incident triage and analysis, empowering Tier 1 analysts and improving operational scalability.

Our approach integrates Large Language Models (LLMs) with historical incident data and existing security tools, executing a four-phase workflow. This framework dynamically generates analysis steps, enriches cases with context from similar past incidents, and automates triage tasks across various security platforms. It culminates in AI-driven analysis that delivers clear verdicts, detailed case notes, and crucial explainability.

This methodology enables analysts to make faster, more informed decisions, significantly reduces manual effort, and improves accuracy. Attendees will gain practical, transferable insights into architectural principles and lessons learned for building efficient, resilient security operations that strengthen an organization's ability to "Build Trust through Resilience.

Avinash Kumar brings over 10 years of experience in security and software development, specializing in the full security operations lifecycle. He expertly manages detection content and builds applications and workflows to support event triage and incident response processes. Avinash has extensive software development skills in Python, Java, relational and graph databases, as well as experience with large language models (LLMs) and AI development.

Passionate about addressing critical business challenges in incident detection and response, Avinash builds strong, collaborative relationships with stakeholders to ensure effective and efficient security operations. His technical expertise and commitment to operational excellence make him a key contributor to the team’s success.

Harshitha H H is a Senior Cybersecurity Analyst specializing in the automation of security analysis within modern SOC environments. With 7 years of experience in malware analysis, threat hunting, and cloud security monitoring, she works extensively on building automated, analyst-assisted workflows that speed up triage and improve response quality. Her expertise spans AWS, Azure, Splunk, with a strong focus on practical, scalable automation.

Logan Wilkins is a seasoned cybersecurity leader with over 15 years of experience in the field. He currently leads a software engineering team within Cisco's CSIRT, overseeing development programs focused on incident detection and response, data management, and security metrics. Logan holds industry-recognized certifications including CISSP, GSEC, and PMP. He plays an active role in the global security community as the chair of the Metrics SIG within FIRST and has served as a FIRST Candidate Sponsor for multiple groups. Before joining Cisco's security organization, Logan gained diverse experience in e-commerce, pharmaceutical drug discovery, and education, bringing a broad perspective to his cybersecurity work. He is passionate about building meaningful relationships and collaborating across teams to achieve common goals.

February 10, 2026 11:35-12:10
INTLP:GREEN
Evolving TTPs of Android Malware: Nation State Actors vs Cybercriminals
Vivek MuskanVivek Muskan (CERT-In, IN)
Android's rapid growth over the past decade has made it a prime target for cyberattacks, especially in India, where more than 600 million smartphone users rely heavily on Android and UPI-based payments. Our research observed a sharp rise in sophisticated Android malware, including Remote Access Trojans (SpyNote, AhMythRAT, CapraRAT), banking trojans, and credential-stealing apps. Attackers increasingly use advanced protectors like DexProtector and Virbox to evade detection. To better understand these threats, we reverse-engineered infected APKs using tools such as jadx, MobSF, Frida, and Wireshark. The findings reveal widespread use of encryption, obfuscation, and anti-debugging techniques. By mapping these behaviours to the MITRE ATT&CK for Mobile framework, we identified clear patterns in financial and espionage-driven malware. This session aims to share practical insights, strengthen detection strategies, and encourage collaboration across the security community.

Vivek Muskan currently works as Scientist at Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and IT, Government of India. He has more than 10 years of experience in Vulnerability Evaluation, Network & Systems Security and E-governance. Currently, his primary role is that of a malware analyst and to provide threat intelligence based upon analysis of the malicious samples and threat hunting using various tools. His interest area includes Digital forensic and Malware analysis.

February 10, 2026 10:30-11:05
INTLP:CLEAR
From Incident to Insight: Building Cyber Resilience with Multi-Relational Knowledge Graphs
H C RavishankarShankar MuraliH C Ravishankar (CloudStory, IN), Shankar Murali (Commonwealth Bank of Australia, IN)
Every cyber incident holds valuable lessons, yet most organizations fail to capture and reuse this knowledge effectively. Post-incident reports, while detailed, rarely preserve the relationships between users, attackers, systems, tools, and actions—causing critical insights to be lost over time. This session introduces a multi-relational knowledge graph approach to represent and institutionalize lessons learned from cyber incidents. By modeling entities and their interconnections, organizations can transform fragmented data into an intelligent, queryable knowledge base that supports future detection, investigation, and risk management. Drawing from experience in SOC operations, threat intelligence, and threat modeling, this talk demonstrates how structured knowledge fosters organizational memory, trust, and resilience. Attendees will learn how to connect incident data, frameworks like MITRE ATT&CK, and AI-driven reasoning to create a living system that continuously strengthens cyber defense.

H C Ravishankar is a seasoned IT and cybersecurity leader with over 32 years of experience in managing large-scale enterprise technology environments. He brings deep expertise in incident response, cloud security (AWS & Azure), cybersecurity governance, and operational resilience. He was part of the pioneering team that implemented BSNL’s first broadband services in 2002, gaining early hands-on experience with large-scale outages and recovery operations. As a technology consultant and co-founder of CloudStory, he helps organizations build strong incident response capabilities aligned with compliance and business continuity.

Shankar Murali (He/Him) is a cybersecurity practitioner and AI security leader specializing in incident strategy, security architecture, and adversarial AI. He designs and builds security solutions and products at scale, enabling secure and responsible adoption of emerging and AI-driven technologies. Guided by first-principles thinking, he emphasizes understanding why systems fail before defining how to secure them. His work and research focus on AI security, adversarial machine learning, artificial consciousness, and building ethical, human-centric cyber and AI defense systems.

February 11, 2026 14:30-15:05
IN
From Panic to Plan: When High-Profile CVEs Break the Vulnerability Management Playbook
Himanshu SaraswatPriyam BohraHimanshu Saraswat (Cisco, IN), Priyam Bohra (Cisco, IN)
When a high-profile CVE or zero-day disclosure hits, traditional vulnerability management tools and playbooks start to crack. Scanners lack signatures, asset inventories drift, communication channels slow down, and leadership wants clear answers right away. This talk shares how our team built an Emergency Vulnerability Response Program (EVRP) to transform day-zero chaos into coordinated action.

We'll share real-world examples demonstrating how the program supports continuous disclosure monitoring through KEV, vendor advisories, and threat intelligence. We'll cover rapid impact assessment using asset and service data, along with a simple triage model that balances blast radius, exploitability, and business criticality. From there, we'll discuss how graded mitigations such as patching, feature flags, WAF rules, or temporary configuration changes help contain risk even before scanners catch up.

Attendees will leave with a reusable framework and practical ideas for building their own 'emergency mode' for vulnerability management, bridging the gap between compliance-era tools and playbooks meet day-zero realities.

Himanshu Saraswat is a Solutions Architect at Cisco based in Amsterdam, where his work focuses on Attack Surface Management (ASM), Platform Security, and running the Bug Bounty program. With a deep foundation securing major U.S. banks, he brings a unique perspective that blends financial-grade rigor with modern tech agility. At Cisco, he has evolved from Security Research to Architecture, applying Red Team thinking to Blue Team challenges to cut through the noise of zero-days and CVEs. Additionally, Himanshu is a published IEEE author, having contributed research on application security.

Priyam Bohra is an information security professional with over 10 years of experience leading high-impact programs at Cisco. He has managed compliance and cloud vulnerability management, led bug bounty initiatives, and contributed to programs that provide operational risk visibility to the company’s board. He currently leads the Emergency Vulnerability Management Program, which grew from a side-project to a dedicated team responding to zero-day and high-profile vulnerabilities. Priyam is passionate about building zero-to-one security programs and connecting cross-functional teams to scale impactful security initiatives.

February 11, 2026 15:35-16:10
INTLP:CLEAR
From Shadow AI to Secure AI: Defending Private LLMs in the Enterprise SOC
Archana MendonNanda Kumar KirubakaranArchana Mendon (NASSCOM , IN), Nanda Kumar Kirubakaran (SaaviGenAI, IN)
Enterprises are rapidly adopting private Large Language Models (LLMs) to accelerate operations, while employees quietly rely on public chatbots — creating an invisible "shadow AI" ecosystem. This uncontrolled usage exposes sensitive data, weakens governance, and expands the attack surface with threats that traditional SOC workflows aren't designed to handle.

This session reframes LLM misuse and compromise as mainstream security incidents that demand detection, containment, and forensic rigor. Starting with how LLMs learn, generate, and fail, we explain why limitations like statelessness, knowledge cutoff, hallucination, and context leakage translate into unique security blind spots.

Through real-world incidents and frameworks such as the OWASP Top-10 for LLMs and MITRE ATLAS, the talk demonstrates how SOCs can detect prompt injection, model extraction, and RAG/data poisoning via observable IOCs. We walk through a structured LLM Incident Response playbook, SIEM-ready schema, and red/blue team exercises that integrate AI telemetry into existing monitoring pipelines.

Attendees leave with a one-page IR playbook, logging checklist, and prompt corpus — tangible tools to bring AI under measurable security control.

Archana Mendon is a seasoned cybersecurity leader with over 19 years of expertise spanning Security Operations Centers (SOC), cyber strategy, incident response, and incident management. For the past 14 years at Cisco, she has fortified global cyber defenses through technical leadership in incident response efforts and handling major incident management, driving customer engagement and partnering with executive leadership to align security priorities with business objectives.

As a key member of NASSCOM’s FutureSkills Prime — a national digital skilling platform and a joint initiative with MeitY–NASSCOM — she plays a pivotal role in shaping India’s cybersecurity talent pipeline by defining career pathways and guiding curriculum standards, including work with C-DAC Hyderabad and AICTE’s Cybersecurity Diploma. A strong advocate for diversity, Archana has led the Cisco Women in Cybersecurity (CWiCS) India chapter, and actively mentors through WiCSP (Women in Cybersecurity & Privacy), a nonprofit community dedicated to raising cybersecurity awareness and is an experienced international speaker, having presented at FIRST TC, NASSCOM academia forums, and leading industry conferences.

Nanda Kumar Kirubakaran— Founder & CEO of SaaviGenAI and former Cybersecurity Leader at HPE, Aruba & Cisco — brings over 23 years of experience in engineering and security leadership across product development and enterprise defense. At Cisco, he helped build the CS-MARS SIEM and Next-Gen Firewall platforms. At HPE, he contributed to the IntroSpect UEBA product. At Aruba, he led the Cybersecurity Incident Response Team (CSIRT) and drove SOC 2 Type 2, ISO 27001, and GDPR compliance initiatives for global business units serving Fortune-100 customers. Today, as Founder of SaaviGen.AI, Nanda focuses on AI and LLM Security education and consulting, helping enterprises adopt GenAI securely through risk-aware design, governance alignment, and practical implementation roadmaps.

February 11, 2026 10:15-10:50
INTLP:CLEAR
Hunting the Hidden: Behavioral Detection of Email Threats and Distraction Campaigns
Ajay KumarAjay Kumar (World Bank, IN)
BOGO on Email Threats – How an Image Was Weaponized and How Fraud Was Buried Under a Flood of Spam. This session dives into two distinct real-world attack patterns: AI-generated image files used to deliver obfuscated malicious payloads, and spam bombing campaigns designed to distract users and hide account compromise/financial fraud. You will see how attackers use synthetic code and inbox overload to bypass filters and bury alerts. Though unrelated in execution, both threats exploit behavioral blind spots. We will walk through behavioral detection logic that surfaces these threats using size thresholds, sender heuristics, burst analysis, and schema-aware filtering. You will leave with insights into the threat actor's tactics and reusable queries to kickstart your own hunts.

Ajay Kumar: I lead the threat hunting function within the World Bank Group’s Security Operations team. I am specialize in uncovering malicious activity that evades traditional and automated security stacks. A big part of my role is proactively hunting for hidden threats and adversary behaviors. I Combine deep technical expertise with strategic impact to strengthen SOC maturity. My work empowers defenders to move beyond alerts and toward proactive, intelligence‑driven defense.

February 11, 2026 16:10-16:45
INTLP:CLEAR
Keynote: AI-Resilient Incident Response: Essential Skills for Cyber Defenders
Priya MadhavanPriya Madhavan ( SSC Nasscom, IN)

Priya Madhavan is a dynamic business leader with nearly 31 years of experience in establishing and scaling high-growth business lines within the IT services industry. Proven record of driving digital transformation initiatives, building new service lines, and leading global delivery teams across technology and cybersecurity. Currently driving national digital skilling initiatives on FutureSkills Prime (FSP) at SSC Nasscom, national digital skilling platform. This is a MeitY and Nasscom initiative. The aim is to skill 1M on digital skills by 2027 to ensure India remains the global hub for digital talent. Also drive the industry standards creation for IT-ITeS industry, which is key for achieving the vision of NEP 2020.

February 10, 2026 09:30-10:30
INTLP:AMBER
Keynote: Security to Resilience
Ashutosh BahugunaAshutosh Bahuguna (CERT-In, IN)

Having experience of 2 decades in the field of cyber security, Ashutosh Bahuguna's area of work is focused on Cyber Security assurance, Benchmarking, International & National cyber security exercises, National Cyber Crisis Management Framework, Behavioural aspects of cyber security, ICS/OT security, application of data science in cyber security, and Security assessments.

He leads the team of Cybersecurity Assurance at CERT-In. He authored various research papers, frameworks & articles. He is an invited speaker at domestic & international platforms.

Actively contributing to regional & global initiatives such as the Counter Ransomware Coalition, the Quad Cyber Working Group - Aligning Software Security Standards, the Asia Pacific CERT(APCERT), the Global Forum on Cyber Expertise(GFCE), and bilateral exercises with partner nations.

Academic and Professional Education: Master of Technology (Computer Science & Engineering), International Program on cyber security studies - George C. Marshall European Centre for Security Studies, Insider Threats Program Manager - CERT/CC, USA, AI in Cyber Security - CMU, USA, Post Graduate Diploma in Information Security, Information Security Management System - Lead Auditor, Post Graduate Diploma in Disaster Management.

February 11, 2026 09:15-10:15
INTLP:RED
Panel: Cyber Resilience as a Value Protector, Preserver, and Driver
Deepa Vasudeva (Deloitte, IN), Niranjini Arunachalam (Deloitte, IN), Suchitra Krishnagiri (Deloitte, IN)
Cyber resilience benefits a wide spectrum of stakeholders. It minimizes incident costs, accelerates recovery, and ensures uninterrupted critical operations. It provides long-term advantages like customer trust, regulatory compliance, and competitive differentiation. Business leaders, operational staff, IT teams, and customers all benefit from robust resilience strategies by safeguarding sensitive data and enabling digital transformation with confidence.

Suchitra Krishnagiri is a Director in Cybersecurity at Deloitte, bringing over 18 years of deep expertise in Information Security. Her experience spans Devsecops, Application Security, Security Architecture Reviews, Mobile Security, Cloud Security, and Vulnerability Management. She has successfully led global vulnerability management and penetration testing programs for enterprise clients across diverse industry verticals, including manufacturing ,insurance, consumer, automobile . Throughout her career, Suchitra has held strategic leadership roles such as Global Delivery Head and Center of Excellence (COE) Head for Application Security, driving innovation and operational efficiency. She specializes in modernizing vulnerability management, developing and implementing Continuous Threat Exposure Management (CTEM), conducting security maturity reviews, and architecting automation solutions to streamline security operations. Her hands-on experience includes implementing security for applications hosted on hybrid environments, on-premises, private cloud, and public cloud. Suchitra is also a postgraduate in Cyberlaw and Cyber Forensics from the National Law School, combining technical expertise with a strong understanding of regulatory and legal frameworks. Leadership Experience: Director at Deloitte India Global Delivery Head at Paladion Networks COE Head for Application Security at Techmahindra Core Expertise Devsecops Application Security Security Architecture Review Mobile Security Cloud Security Vulnerability Management

Panel Members: Deepa Vasudeva and Niranjini Arunachalam of Deloitte.

February 11, 2026 13:30-14:30
INTLP:GREEN
The Scale and Stakes of Security at LinkedIn
Aravind BaskaranGaurav GuptaAravind Baskaran (LinkedIn Corporation, IN), Gaurav Gupta (LinkedIn Corporation, IN)
Imagine orchestrating security across hundreds of thousands of bare metal servers and nearly one million Kubernetes PODs—a scale where traditional approaches falter and threats loom large. At LinkedIn, we embraced this challenge, transforming our Linux production infrastructure with a vision for the future.

Enter SkyFall, our custom eBPF-based agent, delivering continuous, real-time security telemetry from every Kubernetes node, server, and container. With SkyFall, suspicious command executions and privilege escalations are exposed instantly, providing unprecedented visibility across our vast environment.

But detection is only the beginning. SecureHarvest, written in Go, complements SkyFall by enabling rapid, on-demand forensic data collection whenever threats are detected. Leveraging the Open CyberSecurity Schema Framework (OCSF), SecureHarvest standardizes security artifacts for efficient analysis and seamless interoperability.

This session reveals how LinkedIn's security engineers planned and executed a fleetwide transformation—scaling custom security solutions to nearly one million nodes. Discover our approach to identifying critical syscalls, and how the integration of SkyFall and SecureHarvest empowers us to detect, collect, and investigate security threats in near real-time.

Join us to explore the future of security at scale—where innovation meets visibility, and where proactive defense is not just a goal, but a reality.

Aravind Baskaran has been in the Cyber Security Domain for 7+ years and has specialized in Incident Handling/Response, Proactive Threat Hunting, Digital Forensics, Vulnerability Management and Detection Engineering. He joined the LinkedIn Incident Response Team a year ago bringing with him a diverse background gained through roles at Microsoft, Imperva, and Deloitte.

Aravind is certified and proficient in Azure Cloud Security and Azure DevOps, and is currently expanding his expertise in Linux security. His passion lies in staying ahead of emerging threats and contributing to the resilience and security of modern organizations.

Gaurav Gupta is an accomplished cybersecurity leader with 17 years of experience in information security operations, large-scale infrastructure, and critical incident management. Currently, he leads the Incident Response team at LinkedIn in Bangalore, serving as an Incident Commander for major security events and overseeing end-to-end remediation and postmortem strategies.

Throughout his career, Gaurav has specialized in enhancing security visibility and site reliability at scale. He is currently driving high-impact initiatives at LinkedIn involving eBPF-based security monitoring and digital forensics across massive Linux and Kubernetes environments. With a deep foundation in system design and network security monitoring, Gaurav is dedicated to innovating security postures for both cloud and on-premises infrastructures.

February 10, 2026 16:00-16:35
INTLP:CLEAR
Trajectory in NPM Attacks Targeting Supply Chain
Bharath BalasubramaniamBharath Balasubramaniam (Schneider Electric Private Limited, IN)
The JavaScript ecosystem faces escalating supply chain attacks targeting the npm registry evolving from opportunistic exploits to sophisticated, coordinated campaigns. The 2025 trajectory reveals a shift toward sophisticated techniques exploiting thousands of downstream dependencies, with attackers developing self-replicating worms and advanced obfuscation strategies to maintain persistence while evading detection systems. The presentation will outline npm attack evolution - encompassing methodologies, supply chain workflows, and its 2025 campaigns. A deep dive analysis on the "Shai-Hulud" worm's execution flow to demonstrate attackers increasing sophistication in compromising maintainers and exploiting post-installation code execution. At the conclusion, the presentation will emerge defensive and detection methodologies, proactive mitigation approaches, actionable threat intelligence practices, and techniques for IOC enrichment.

Bharath Balasubramaniam is a cybersecurity technical leader with more than 15 years of experience in cybersecurity, security operations, and information security. He currently leads initiatives within the Corporate Product Cyber Emergency Response Team (CPCERT) at Schneider Electric, focusing on enhancing enterprise resilience and response capabilities. His cross-industry expertise spans energy, banking, fintech, and information technology sectors. Bharath holds an MSc in Cyber Forensics and Information Security and actively contributes to advancing best practices in Vulnerability Management, threat intelligence and incident response.

February 11, 2026 11:20-11:55
INTLP:AMBER
Turning Adversary Infrastructure Insights into Actionable Defense and Intelligence
Aadesh ShindeAadesh Shinde (BforeAI, IN)
Adversary infrastructure is evolving faster than our defenses. From dynamic redirects and DNS abuse to cloud-hosted delivery layers, attackers now operate like distributed service providers. This session uncovers how threat actors design, deploy, and protect their infrastructures and how defenders can turn these same tactics into intelligence advantages.

Drawing on real-world investigations, we'll examine how advanced evasion mechanisms such as TDS chains, geofencing, and DNS-based cloaking are used in phishing, malware, and loader campaigns. Through three case studies, we'll explore techniques for mapping attacker ecosystems, identifying shared assets, and correlating threat activity across campaigns.

Participants will leave with actionable workflows: how red teams can emulate such evasive setups for realistic testing, how blue teams can detect and disrupt them, and how threat intel teams can extract and operationalize infrastructure-based intelligence.

This talk bridges offense, defense, and intelligence transforming infrastructure awareness into a cornerstone of cyber resilience.

Aadesh Shinde is a Senior Threat Researcher at BforeAI, specializing in cyber threat intelligence, adversary infrastructure hunting. His work focuses on identifying and tracking threat actor infrastructure, analysing large-scale attack campaigns, and understanding adversary ecosystems to improve early threat detection. He has authored multiple patents in the field and is an engaging speaker who blends technical depth with accessible insights. Aadesh has presented at conferences and workshops on topics including cyber threat intelligence, adversary infrastructure hunting, campaign tracking, threat actor ecosystems, and attacker tradecraft.

February 10, 2026 13:45-14:20
INTLP:GREEN
Two Countries and One Lie: Unmasking a Misattributed APT from Baku to Dushanbe
Subhajeet SinghaPriya Patel (SEQRITE Labs, IN), Subhajeet Singha (Acronis TRU Labs, IN)
Attribution in cyber espionage is rarely straightforward—but what happens when a single linguistic mistake rewrites the entire threat narrative? This talk exposes a sophisticated Central Asian APT group that evaded proper attribution through misdirection, only to be unmasked through cascading OPSEC blunders spanning from Baku to Dushanbe.

For years, this threat group orchestrated precisely timed campaigns targeting geopolitical flashpoints: the Russia-Azerbaijan Strategic Cooperation Summit in Dushanbe (October 2025) and the China-Central Asia Summit in Astana (June 2025). Yet a critical clue lay hidden in their malicious infrastructure, now a grammatically incorrect Russian filename that suggested non-native authorship rather than a Russian state operation, contradicting initial attribution theories. The group's technical evolution reveals an organization adapting to public security research. They shifted from hardcoding Base64-encoded reverse shells into C++ binaries to hosting payloads on GitHub, suggesting awareness of previous publications. Their toolkit spans PowerShell reverse shells, custom C++ loaders, .NET implants, and open source tunneling tools, prioritizing operational speed over novel exploit development.

What ultimately exposed them were compounding OPSEC failures. Metadata embedded in LNK files revealed consistent working directory patterns that correlated across multiple campaigns. Shared command and control addresses appeared across geographically disparate operations hosted in the Netherlands and Russia. Even malicious filenames followed predictable patterns—containers and their contents shared identical names, making them trivial to pattern match once discovered. The most revealing pattern was geographic convergence on Dushanbe. Both campaigns, despite targeting different geopolitical relationships, converged on the same city and the same underlying regional narrative. Campaign I targeted Russian-Azerbaijani diplomatic entities, while Campaign II targeted China-Central Asia infrastructure projects. This obsession with Dushanbe contradicts traditional nation-state attribution, which typically focuses on clear adversarial relationships rather than regional summits involving the suspected sponsoring nation itself.

Initial Russian attribution seemed logical: Russian language lures, targeting of Russian entities, and Russian-hosted infrastructure. However, the convergence of linguistic errors, metadata reuse, infrastructure overlap, and strategic focus on Dushanbe suggests either a non-Russian actor attempting misdirection or an organization operating under significant constraints that forced operational shortcuts. This presentation reveals how a single linguistic clue, combined with infrastructure analysis and geopolitical context, rewrote the entire attribution narrative, demonstrating that the roads lead not to Moscow, but to Astana.

Priya Patel currently works as an intern at SEQRITE Labs focusing on security research and threat hunting, publishing research, on various APT groups across the globe and various other incidents. She occasionally loves travelling and cooking.

Subhajeet Singha is a Senior Researcher at Acronis TRU Labs, working around threat intelligence, malware research, and reverse engineering. Subhajeet actively investigates advanced persistent threats (APTs), reverse-engineers complex malware strains, and contributes to research initiatives that improve threat detection & have previously presented researches at Virus Bulletin, FIRST Conference, AVAR and loves biking occasionally.

February 10, 2026 15:25-16:00