Application Security Professionals to Know 2025

I am a Cybersecurity expert with ~15 years of hands-on experience in Application Security. I have a proven track record of building robust security frameworks and Security Testing Strategies to help organizations safeguard their Application landscape. I have worked with leading Industry Clients, across diverse Line of Business in implementing Vulnerability Assessment and Penetration Testing services. I am currently pivoting to AI Safety and AI Security.

Application security researcher and founder of AppSec Santa, a curated comparison of 163+ application security tools across 10 categories. Published original research including the AI Code Security Study 2026 (tested 6 LLMs against OWASP Top 10 with 534 code samples) and the Security Headers Adoption Study (scanned 10,000+ websites). Helps security teams select the right AppSec tools through data-driven analysis.

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Scott Altiparmak is a Senior Information Security Engineer with 8+ years of experience spanning identity and access management, email security, and cloud security, with a focus on building and automating enterprise security programs end to end. He is the creator of Threat Terminal, a live game-based research platform studying how humans detect phishing in the generative AI era, and maintains open-source tools including Enterprise-Zapp and Threat Intelligence Tarot. He serves as Director of Programming for the South Florida ISSA chapter and speaks regularly at industry and academic events including Tech Hub Pulse 2026, PBSC CyberWeek, and the PBSC Cybersecurity Symposium.

Omair Manzoor is the Founder and CEO of ioSENTRIX, a cybersecurity firm specializing in Penetration Testing as a Service (PTaaS), application security, and AI/ML security assessments. ioSENTRIX serves mid-market and enterprise clients across financial services, healthcare, SaaS, and critical infrastructure — delivering continuous security testing through a hybrid human-AI approach with audit-ready deliverables mapped to SOC 2, ISO 27001, HIPAA, and PCI DSS frameworks. The company has been featured in FOX News, NBC, CBS, AP, ABC News, Business Insider, and Yahoo Finance, and is listed on AWS Marketplace and G2. Omair's areas of expertise include penetration testing strategy, PTaaS implementation, AI/LLM security and red teaming, application security program development, vibe coding security risks, compliance-driven security testing, and continuous threat exposure management (CTEM).

I’m a Penetration Tester with a solid background in cybersecurity, specializing in uncovering vulnerabilities in web applications, APIs, and cloud environments. I focus on simulating real-world attack techniques to help organizations understand their risks and strengthen their security posture. My work includes ethical hacking, threat analysis, and integrating security automation into modern development workflows. I’m currently working at ZeroThreat.ai, building an automated penetration testing tool powered by AI.

An experienced security professional helping security folks discover their best with HealthyByte. Previously built and led secure design functions at Insight, secured and protected thousands of websites per day at SiteLock alongside malware research at Sectigo, and currently building and scaling security for millions of rental cars at Turo. I’m curious and a lifetime learner across every field. Areas of Expertise & Interest: ‣ Enterprise/Corporate Security ‣ Infrastructure Security ‣ AWS Cloud Security ‣ Offensive Security (Red Teaming) ‣ Incident Detection and Response

Karthikeyan Ramdass a seasoned cybersecurity professional with over 18 years of experience securing mission-critical systems for leading Fortune 500 companies across industries including aviation, finance, automotive, and technology. I have played a pivotal role in protecting organizations such as Southwest Airlines, Wells Fargo, Morgan Stanley, Toyota Motors North America, AIG, Cognizant, Salesforce, and Deluxe Corporation. Specializing in application security, vulnerability management, secure architecture, and supply chain defense, led the design and implementation of enterprise-scale security frameworks, CI/CD pipelines, and advanced security testing solutions. Extensive experience in SAST, DAST, SCA, zero-day vulnerability management, and penetration testing, ensuring compliance with global standards such as NIST CSF, PCI DSS, and OWASP Top 10.

Cybersecurity Expert | Cyberwarfare Strategist | Founder, Centuria Labs Research With over 25 years of specialized experience, Giovanni Battista Caria is a prominent figure in the European cybersecurity landscape. As the head of Centuria Labs Research, he has dedicated his career to advanced research in digital crime prevention and the development of impenetrable defensive architectures. His work bridges the gap between technical innovation and strategic analysis, making him a sought-after speaker at major international forums, including the International Security & Digital Council. Literary Contribution & Strategic Insight Caria’s extensive research has culminated in a series of influential works that address the evolving nature of digital threats from both a technical and legal perspective: The Black Book of Cybersecurity (Il Libro Nero della Cybersecurity): A deep dive into the structural flaws of modern digital infrastructure and the methodologies of high-level cyber attacks. The Invisible Front (Cybersecurity & Cyberwarfare): Co-authored as a comprehensive guide to the convergence of law, technology, and national security, this work serves as a manual for understanding state-sponsored digital conflict. The Architects of Shadow (PsyOps & Information Warfare): An analytical exploration of psychological operations and social engineering, detailing how digital influence can compromise national stability and institutional trust. Innovation in Defensive Systems Throughout his two-decade-long career, Caria has focused on creating innovative defensive frameworks designed to be mathematically and structurally resilient. His approach at Centuria Labs emphasizes proactive threat hunting and the implementation of security layers that go beyond traditional firewalls, focusing instead on system-level integrity and zero-trust principles. Strategic Vision A recognized expert in the legal and technical facets of the GDPR and cyber-law, Caria integrates regulatory compliance with hard-core technical defense. His philosophy is rooted in the belief that true cybersecurity requires a holistic understanding of the "invisible front"—the space where software engineering, international law, and geopolitical interests collide. "Cyber defense is not a static wall, but a dynamic architecture of constant anticipation and research." — Giovanni Battista Caria

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

I am a cybersecurity professional with over 18 years of experience in offensive security, penetration testing, and cyber defense. I focus on deeply understanding complex security challenges and developing practical, real-world solutions that strengthen organizations against evolving threats. I enjoy working across various security domains and approaching problems with a hands-on, analytical mindset. My colleagues and clients describe me as a hardworking, disciplined professional who remains calm and solution-oriented when handling high-risk incidents and challenging environments. My areas of expertise include vulnerability assessment, exploit development, incident response, network security architecture, and enterprise systems administration. I hold industry-recognized certifications such as OSCP, OSCE, GWAPT, GCIH, CCNA, and RHCE, which demonstrate my commitment to continuous learning and technical excellence.

Cybersecurity expert with over a decade and a half of deep-dive experience, I bring an unparalleled level of understanding and expertise in strategic Cybersecurity planning, effective risk control, and pioneering product innovation. My career reflects my role as a reliable authority for organizations of all sizes, as well as an effective liaison with different regulatory bodies.

As a Digital Privacy Advocate and Lead SEO at Adult Advisor, I specialize in auditing digital platforms for user safety, subscription transparency, and data security. My work involves reverse-engineering complex web architectures and ensuring platforms adhere to strict consumer protection standards. With extensive experience in technical SEO and digital marketing, I help bridge the gap between user experience and web security, analyzing how online ecosystems can protect consumers from predatory billing and data breaches. I frequently share insights on technical SEO strategy, affiliate marketing, and digital privacy.

Results-oriented technology leader with over 9 years of experience in Infrastructure Security, Automation, Generative AI, and Software-Defined Operations. Demonstrated ability to lead high-performing teams, streamline enterprise support, and execute strategic initiatives that enhance organizational resilience and operational efficiency. A seasoned cybersecurity professional, experienced in vulnerability and patch management at scale, with a strong track record of driving measurable, data-driven impact through intelligent automation. Skilled in designing and implementing secure, scalable, and compliant infrastructure solutions that align with business and regulatory goals. Proven expertise in project and program management, particularly within Agile and Scrum frameworks, with a focus on cross-functional collaboration, risk mitigation, and continuous improvement. Recognized for combining technical depth with strategic vision to deliver transformative outcomes in complex enterprise environments.

Harman Singh, director at respected consultancy Cyphere, is an experienced security professional consulting public and private sector customers across the globe. He brings over a decade of intensive consulting experience, advising both private and public sector organisations on security matters around offensive and defensive security, particularly SOC operations maturity, CREST pen testing, risk and governance. Harman is recognised for his teaching ability; he is not just a consultant, but an educator of other experts: Black Hat Trainer: He has delivered advanced, practical training sessions at the prestigious Black Hat security conferences. Advanced Hacking: His training focuses on sophisticated techniques for attacking and defending complex digital infrastructure, upskilling security teams worldwide. Corporate Consulting: Beyond training, he possesses extensive experience consulting with corporate security teams, helping them manage threats across traditional networks and cloud-based systems. His insights—covering regulatory compliance, comments and best practices—are frequently featured in publications such as Infosecurity Magazine and Fast Company.

I am a globally acclaimed Cyber security researcher and Whitehat Hacker with a proven track record of discovering Critical Zero Day Security Issues in a significant number of Web Applications, Products and Browsers which have helped protecting Privacy and Security of millions of users globally. In addition to that,I regularly contribute opinion pieces on prevailing issues and affairs related to Cyber Security. I am author of two books on Cyber Security, "Web Hacking Arsenal" and "Ethical hacking And Pentesting Guide".

My path to security leadership came through offensive security testing, software engineering, and product management. I've written code, designed and built security products, created and sold managed security services, and served as both GM and CISO for organizations ranging from early-stage startups to multi-billion-dollar enterprises. That background shapes how I approach security: I understand the trade-offs engineering teams face, I know what's actually feasible to implement and operate, and I prioritize controls that reduce real risk over ones that just satisfy auditors. I stay hands-on with cloud architecture, application security, AI, and emerging threats. At IOmergent, my co-founder Brett Wilson and I work with growing companies that need real security leadership but aren't ready for a full-time CISO. We provide fractional CISO (vCISO) services, managed cloud security, and practical assessments that tell you where you actually stand. Our focus is on building security into engineering culture and operations, as well as with executive teams. We work extensively with SaaS companies, healthcare and fintech organizations, and AI startups navigating their first enterprise customers, dealing with incidents or near misses, or trying to figure out what "good enough" security actually looks like for their stage. If you're a founder or technical leader looking to mature your security posture, preparing for your first compliance audit, or navigating an incident and need experienced support, I'm always happy to connect. And if you just want to talk through a security challenge with someone who's been there, reach out.

Puneet Bhatnagar is an identity and AI security expert with nearly two decades of experience advising global enterprises on identity governance, access risk, and emerging AI-driven security challenges. He has led large-scale identity modernization initiatives across financial services, technology, and regulated industries, and regularly speaks at industry conferences on modern IAM and access intelligence. His work focuses on translating complex security risks into practical, business-aligned strategies.

David Santiago (@DavidSecurity) is a Certified Security Professional with over 15 years of operational experience in security management, risk assessment, and physical protection. A U.S. Marine Corps veteran, David’s background includes securing U.S. embassies abroad and leading campus-wide security operations at a State Department-sponsored international school in Tunis, Tunisia, during the Arab Spring. Today, David works as a security consultant helping physical security integrators, SaaS platforms, and risk management firms improve their content marketing, thought leadership, and client engagement strategies. He specializes in creating industry-specific content—such as case studies, technical guides, and white papers—that informs decision-makers and drives growth. Based in Orlando, Florida, David actively follows the latest trends in physical security. He advises clients, contributes to leading industry publications, and regularly participates in conferences as a writer and subject matter expert.