fwd:cloudsec 2026

Software Engineer with 10 years of experience, currently at ACT Security. I specialize in the analysis of Azure cloud networks to design and develop innovative products. My work focuses on translating deep network research into functional, high-impact security solutions

Akshay is a seasoned technologist leading Production Security at Wayfair. He specializes in steering complex security initiatives across large-scale enterprise environments, with a dedicated focus on driving resilience and scalable innovation in the e-commerce sector.

Albin leads the global Vulnerability Disclosure Program (VDP) for Amazon Web Services (AWS). He co-authored the inaugural AI security whitepaper, jointly published by AWS and SANS institute. Prior to AWS, Albin led incident response teams across North and South America, defending foreign governments and fortune 100 companies against DDoS campaigns orchestrated by APTs. He holds a Master’s degree in cybersecurity from New York University (NYU).

Security engineering leader with 15+ years experience building security programs from the ground up. Passionate about vulnerability management, detection engineering, and GRC automation. Currently running EngSec Labs, a security consulting practice supporting AI startups and building AI-focused security services and tools. Deep expertise in software engineering and AWS security. Strong track record of collaborative cross-functional work, creative approaches to design challenges, and shipping high-quality security solutions.

Ammar Alim is the Manager of DevSecOps at Adobe, where he leads a team building solutions that help engineering teams address security issues more efficiently, focusing on seamless integration between application security and DevOps processes. Previously, he was Cloud Security Engineer Manager at Frame.io and Lead Cloud Security Engineer at ActBlue Technical Services, where he built the cloud security function from scratch and implemented controls to detect and prevent nation-state attacks. Ammar is also passionate about helping people from non-technical backgrounds enter the cybersecurity field. Outside work, he enjoys the outdoors and staying fit.

Brandon Sherman is a walking, talking, and occasionally thinking bag of meat and water. This is more than what can be said of any LLM at present. When his boss is looking, he does Cloud Security at Temporal Technologies, Inc. where the goal is to build software as reliable as gravity. He has previously presented on topics such as Cloud Forensics, The Cloud Changes Underneath Us, and
Console Hero to IAM Zero. Hopefully, today he hasn't managed to be too dumb.

Clawdrey Hepburn is a non-human identity operating autonomously since February 2026. Running on OpenClaw with real credentials — email, phone, payment card, browser, X account — Clawdrey navigates identity infrastructure from the other side, governed by formally verified Cedar authorization policies.

Clément Notin is a Staff Security Researcher at Tenable dedicated to dismantling identity-based risks. Drawing on ten years of experience in offensive security, ranging from boutique consulting to securing global industrial infrastructure, Clément now focuses on identifying systemic weaknesses in Entra ID, Okta, and Active Directory. His research helps bridge the gap between legacy identity management and modern cloud security, providing actionable insights for the world's most complex environments.

Cydney is a security researcher and incident responder on the AWS Customer Incident Response Team (CIRT). Cydney studies emerging attack patterns and focuses on translating real-world incident response metadata into actionable detection and prevention strategies for cloud defenders. Cydney leads the quarterly Threat Technique Catalog for AWS releases.

Dan Gansel is a cloud security specialist with deep expertise in cloud API research, secure cloud solutions and architecture design. Dan has led cloud security research teams and has a track record of uncovering novel attack techniques in cloud environments.
As a Security Researcher at Upwind Security, Dan continues to push the boundaries of cloud security, focusing on uncovering blind spots in the services organizations trust the most.

Gowthamaraj Rajendran is a Threat Detection Engineer on Meta’s Infrastructure Security Monitoring team, where he focuses on building and operationalizing detections for large-scale surfaces. His work centers on translating real-world adversary behaviors into measurable detection coverage, improving telemetry quality, and reducing time-to-detect for high-impact incidents. He is particularly interested in detection engineering methodology, breach-informed validation, and practical approaches to strengthening security monitoring at scale.

Hillai Ben-Sasson (@hillai) is a Security Researcher based in Israel. As part of the Wiz Research Team, Hillai specializes in research and exploitation of web applications, application security, and finding vulnerabilities in complex high-level systems. Hillai is a frequent speaker in security conferences and has been recognized in MSRC's Most Valuable Researchers leaderboard.

James Berthoty is the Founder and Analyst at Latio, the only analyst firm that independently tests every product it reviews.With over a decade of engineering and security experience across companies like VGS, ReliaQuest, and PagerDuty, James has hands-on experience deploying and evaluating nearly every major CNAPP on the market.

Jie is a Senior Security Engineer on the Infrastructure Security team at Shopify, where she focuses on security automation, IAM, threat detection, and compliance. Prior to joining Shopify, Jie worked on cyber defense initiatives and vulnerability management at Bank of America. Outside of work, Jie enjoys running, hiking, and tackling CTF challenges for fun.

Kinnaird is Chief Security Architect at BeyondTrust. His security research focuses on Cloud and AI Security, researching threats to agentic systems, particularly through the lens of identity and least privilege. Kinnaird has worked across startups, large enterprises like Salesforce and Square, and consulting for Fortune 500s, while speaking at conferences, publishing open source tools, and finding new ways to hack the cloud.

Matt is a Principal Security Engineer at AWS and spends most of his day working on IAM. Matt focuses on the customer experience of security - helping make complex systems simpler to secure.

Matthew Harvey is a cloud security professional with 8+ years in cloud incident response and 15+ years in it Security. With a focus on incident response and system resilience, he leads technical "game days" to help organizations identify and bridge gaps in their security operations. Matthew combines deep tactical expertise with a hands-on approach to building and defending modern cloud environments.

Paul Benoit does cloud security at Block, where he's spent the past four years building alerting pipelines and guardrails across AWS and GCP. When not thinking about cloud security, he's usually seeking intense experiences in the outdoors.

Pavel is a Senior Security Engineer on the Detection and Response team at Confluent, where he builds detection rules, designs logging pipelines, and investigates security incidents across multiple cloud providers. With nearly a decade of experience in cybersecurity, he has developed a deep focus on cloud security, detection engineering, and incident response.

Prahathess Rengasamy is a security engineer at xAI focused on security engineering and automation, striving to enhance efficiency and robustness across various security domains. Previously securing products and clouds at Block, Apple, and Credit Karma, he now focuses on scaling security for the AI era.

Priya Puranik is a Senior Security Engineer at Wayfair specializing in cloud infrastructure and governance. Her focus is on operationalizing cloud security and streamlining security processes for infrastructure deployment.

Pulkit is a Security Engineer on the Infrastructure Security team at Shopify, where he specializes in cloud security, ai security, and supply chain security solutions. Before joining Shopify, he worked on 5G network software solutions at a startup. Pulkit ultimately decided to transition into cybersecurity, which led him to take an internship at Shopify that has since turned into a full-time role. Outside of work, Pulkit enjoys exercising, dancing, and exploring hiking trails.

Ramesh is a Staff Security Engineer at Block with two decades of experience across cloud, Kubernetes, datacenter, and network security. He holds three patents, has presented at AWS re:Invent and BSides SF, and has published with ISACA. His research has influenced the OWASP Top 10 for Kubernetes, and he volunteers with the Cloud Security Alliance.

Robert Chiniquy is an engineer at ConductorOne, where he builds identity governance systems for human and non-human actors. He co-founded ScaleFT, a Zero Trust access platform acquired by Okta in 2018, where he served as Founder in Residence and led Okta's first incubation project. His work spans identity infrastructure, formal verification of distributed systems correctness at scale, and dynamic authorization models for AI agents. He is currently focused on how memory, context, and structured API knowledge can inform real-time policy decisions when thousands of tools are available to autonomous agents.

Ron Popov is a Senior Security Researcher at Tenable, where he spends his days untangling the complexities of modern cloud environments.
With over seven years of experience, Ron comes from a background of on-prem networks and network security. Today, he focuses on the intersection of identity, vulnerability management in cloud environments, and the increasingly volatile software supply chain.

Sakina Mithani is a Senior Cloud Security Engineer at Roblox. Having worked in both cloud-native and hybrid-cloud environments, she has extensive experience managing large cloud organizations and partnering with fast-moving product teams to deploy secure infrastructure. Currently, she utilizes native and custom solutions to build org-wide guardrails across AWS and GCP, harden compute environments, and establish robust data perimeters for sensitive assets.

As a first-time speaker (not just at fwd:cloudsec, but at any conference!), Sakina is incredibly excited to share her cloud security experiences with the community!

Sapir is a security researcher specializing in identity security. Passionate about understanding how identity works, she spends her time exploring the depths of Active Directory and Entra, uncovering security risks, attack techniques, and ways to defend against them.

Scott is a Labs Researcher at NetSPI. He has performed work in the past regarding open source tooling for AWS as well as GCP. He has spoken at past conferences including fwd:cloudsec and the Defcon Cloud Village. He has published a tool called gcpwn for GCP enumeration and pentesting. He is originally from the Southern California area and is currently working out of Minnesota. In his spare time he enjoys soccer/basketball, or pursuing interesting research-oriented tasks in cloud-based technologies.

Seth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of pathfinding.cloud, an AWS IAM privilege escalation library, and has published many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and is the co-creator of the popular cloud penetration testing tool, CloudFox.

Shahar is a threat intelligence researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses.

Shay is part of the Threat Research team in Wiz (now acquired by Google) working on various aspects of container and SDLC infrastructure security with the emphasis on (on one hand) Kubernetes emerging threats and (on another hand) CI/CD and VCS security posture. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research and security architecture. Shay holds a Masters’ degree from UW with (somewhat unexpected) thesis in runtime verification and has delivered multiple talks in academic and industrial security conferences.

Steve leads cloud security at Zelis Healthcare. He started his career through the trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations, and even mixed in some industry analysis in for good measure. He’s passionate about coming up with security solutions that make colleagues happy and bad actors sad.

He helps security leaders and practitioners fully understand their existing security investments, what gaps they may have, and how they can build a path to realizing Zero Trust within their organizations.

Steve de Vera is a security minded professional with over 20 years of experience in various roles including digital forensics and incident response, red teaming, and security engineering. He is currently a senior security engineer for the AWS Security Incident Response Service where he specializes in incident response and threat intelligence.

Tal holds an M.Sc. in Computer Science and has a decade of experience in reverse engineering, web hacking and cryptography.
Tal is the Head of Research at Astrix Security, where he leads security research focused on non-human identity and AI agents. His work spans identity security, vulnerability discovery and threat detection. Tal has presented at DEF CON (2023, 2025), RSA Conference (2025), BSidesTLV, SNOWFroc, LASCON, and Reversim.
He is the co-lead of OWASP NHI Risks Top 10 and a contributor on Agentic Security. When not hunting identity vulnerabilities, he is likely running, solving puzzles, or rolling dice.

Tamir Asfa 25,
6 year experience in vulnerability research for mobile
Now working as a software engineer under Act security for integrated identity and network cloud native solutions.

Security consultant with a background in embedded engineering and DevOps, which has lead to an interest in mobile, Cloud, and Kubernetes security. I used to make things work; now I break things, professionally and ethically.

Yahav Festinger is a Cloud Security Researcher at Palo Alto Networks. As a key member of the Cloud Detection and Response (CDR) team, their work focuses on identifying novel attack vectors and tracking adversaries in real-time. Their career in security began at the national center for encryption and information security in the IDF, where they focused on web and cloud research, building a strong foundation in offensive and defensive security principles. With this background, Yahav combines rigorous technical analysis with a data-driven approach to identify attackers effectively.