Endpoint Security Professionals to Know 2025

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Shyam Gajula is a Cybersecurity Professional specializing in Endpoint Security, Identity & Access Management (IAM), Zero Trust Architecture, and Cloud Security with 9+ years of experience securing enterprise and hybrid environments. He helps organizations strengthen security posture by implementing identity-centric architectures, continuous risk reduction frameworks, and compliance-focused controls across AWS, VDI, and distributed infrastructures. Shyam holds the AWS Certified Solutions Architect credential and has hands-on expertise in cloud security design, endpoint hardening, authentication frameworks (including SAML 2.0 / SSO), access governance, EDR/agent policy optimization, and secure cloud operations. His research and practical work focus on real-world defenses against modern threats, endpoint risk scoring, and identity-driven security automation. He is a published cybersecurity researcher, an international keynote speaker, and serves as a judge and evaluator for global cybersecurity awards and innovation competitions. Shyam frequently contributes to peer review panels and provides expert insights on best practices for Zero Trust adoption, cloud risk mitigation, and securing modern digital workplaces. Orcid Research Profile: https://orcid.org/0009-0001-4279-9629

Cyber Security Consultant and Tech Enthusiast with 10+ years of experience helping businesses strengthen digital security, optimize technology strategies, and drive innovation across the Cyber Security, Business Consulting, Technology, and SaaS industries. Skilled in identifying security risks, implementing resilient solutions, and advising organizations on secure digital transformation initiatives. Passionate about emerging technologies, PKI, cloud security, SaaS ecosystems, and helping startups and enterprises build scalable, secure, and future-ready systems. Known for combining technical expertise with business insight to deliver practical solutions that enhance operational efficiency, compliance, and cybersecurity resilience.

Scott Altiparmak is a Senior Information Security Engineer with 8+ years of experience spanning identity and access management, email security, and cloud security, with a focus on building and automating enterprise security programs end to end. He is the creator of Threat Terminal, a live game-based research platform studying how humans detect phishing in the generative AI era, and maintains open-source tools including Enterprise-Zapp and Threat Intelligence Tarot. He serves as Director of Programming for the South Florida ISSA chapter and speaks regularly at industry and academic events including Tech Hub Pulse 2026, PBSC CyberWeek, and the PBSC Cybersecurity Symposium.

📌 Key Areas: Secure Software Engineering | Zero-Trust Security | Cloud & DevOps Security | AI for Cyber Defense | Research & Innovation | Cybersecurity Advocacy I am an award-winning Cybersecurity Professional and Software Engineer with about 10 years of experience building secure, resilient, and scalable systems that safeguard enterprises and critical infrastructures worldwide. At Microsoft, I have spearheaded high-impact security engineering initiatives across Azure, DevOps, and enterprise security driving innovations in zero-trust frameworks, system observability, automation, and AI-integrated security solutions. My contributions have fortified services relied upon by global customers while elevating industry standards in reliability, compliance, and risk management. Beyond corporate impact, I am deeply committed to advancing the cybersecurity community. As an advisor, trainer, and researcher, I actively contribute to academic publications, global workshops, and non-profit initiatives with multiple global organizations like CyberNGO, Mentors Without Borders, TCET, CHARUSAT, PARUL, MSU, Live2Serve and Many More, promoting cybersecurity awareness and training future leaders. Recognized with honors such as the Global Recognition Award 2025 and multiple CISO50 Innovation & Excellence Awards, my mission is to bridge research, engineering, and leadership to shape the future of digital trust and resilience.

Luke Irwin is a cybersecurity strategist, speaker, and Founder of Aegis Cybersecurity, an Australian consultancy focused on cybersecurity governance, risk, compliance, and strategic advisory. He works with organisations to strengthen cyber resilience through clearer leadership, stronger governance, and practical security programs aligned to business priorities. He is known for helping boards, executives, and business leaders understand cybersecurity as a whole-of-business risk rather than a purely technical issue. His work centres on translating complex security and compliance requirements into commercially grounded decisions that support resilience, accountability, trust, and long-term performance. Luke advises across frameworks and standards including ISO 27001, SOC 2, Essential Eight, NIST, and SMB1001. His experience spans cybersecurity strategy, security maturity uplift, policy and control development, third-party risk, governance improvement, and fractional CISO support, particularly for small to mid-market and regulated organisations. Alongside his advisory work, Luke is a regular speaker and industry commentator on cyber risk, governance, vendor risk, and modern security leadership. He is recognised for his direct, practical perspective and his ability to bridge the gap between technical security expectations and executive decision-making.

CYRX360 is a healthcare‐focused cybersecurity company dedicated to protecting medical practices, hospitals, and clinics with comprehensive, regulation-driven solutions. Our services include a 24/7 Security Operations Center (SOC), HIPAA compliance audits, endpoint & ransomware protection, secure password management, dark web surveillance, and incident response. We help organizations reduce risk, ensure patient data confidentiality, and maintain trust.

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

My path to security leadership came through offensive security testing, software engineering, and product management. I've written code, designed and built security products, created and sold managed security services, and served as both GM and CISO for organizations ranging from early-stage startups to multi-billion-dollar enterprises. That background shapes how I approach security: I understand the trade-offs engineering teams face, I know what's actually feasible to implement and operate, and I prioritize controls that reduce real risk over ones that just satisfy auditors. I stay hands-on with cloud architecture, application security, AI, and emerging threats. At IOmergent, my co-founder Brett Wilson and I work with growing companies that need real security leadership but aren't ready for a full-time CISO. We provide fractional CISO (vCISO) services, managed cloud security, and practical assessments that tell you where you actually stand. Our focus is on building security into engineering culture and operations, as well as with executive teams. We work extensively with SaaS companies, healthcare and fintech organizations, and AI startups navigating their first enterprise customers, dealing with incidents or near misses, or trying to figure out what "good enough" security actually looks like for their stage. If you're a founder or technical leader looking to mature your security posture, preparing for your first compliance audit, or navigating an incident and need experienced support, I'm always happy to connect. And if you just want to talk through a security challenge with someone who's been there, reach out.

Nikolas Lamprou is a Principal Consultant in Vulnerability Management with 15 years of hands-on experience in IT, spanning web development and e-commerce before specialising in cybersecurity. He holds an MSc and industry certifications including GCFR, SC-200, Security+, PNPT, eJPT, and BTL1, and works daily at the intersection of vulnerability management, penetration testing, and practical security defence. He is also the founder of Solve Tech Today, where he writes clear, no-nonsense guidance on security, Windows, and everyday tech problems.

Mark Lynd is the Head of Executive Advisory & Strategy at Netsync, one of the nation's leading value-added resellers, where he works daily with C-Suite executives on AI, cybersecurity strategy, and digital transformation. A 5x CIO/CISO, author, thought leader and keynote speaker with decades of hands-on operational experience, Mark brings a rare combination of boardroom perspective and practitioner depth to every engagement. Ranked as a Top 5 Global Thought Leader in both AI and Cybersecurity by Thinkers360, Mark has facilitated over 150 incident response tabletop exercises across school districts, Fortune 500 enterprises, healthcare systems, government agencies, and mid-market manufacturers. His original research from these exercises represents the most comprehensive tabletop dataset published by a single practitioner. Mark has delivered more than 100 keynotes at marquee events including RSA Conference, Oracle CloudWorld, Cisco Partner Summit, Dell Technologies World, IBM Think, and Gartner Security & Risk Management Summit. His speaking topics span AI generative strategy, AI infrastructure, cybersecurity operations, ransomware preparedness, incident response, and business continuity. He holds a Bachelor of Science degree from the University of Tulsa and attended The Wharton School. Mark served honorably in the United States Army's 3rd Ranger battalion, and 82d Airborne. My Newsletters: - Cybervizer: Weekly strategic briefings for 10k+ professionals. (www.cybervizer.com) - AI Bursts: Cutting through the noise of AI adoption. (www.aibursts.com) My Published Books: Books available on Amazon, Barnes & Noble, Apple Books, and many other outlets: - Cyber War: One Scenario – A guide to infrastructure resilience. - A Leader’s Playbook to Cyber Insurance – Managing the financial ROI of risk. - Cybersecurity Life Skills for Teens – My passion project for digital safety.

I am an Information Security Professional with years of experience in Application Security, Penetration Testing & Information Risk Management. I have rich experience with working on complex security engagements, from designing and executing of Application Security Strategy, Supply Chain Security to Compliance Consulting. Some of the topics that is fascinating to me is DevSecOps, Advancement and usage of AI in Application Security, Security Awareness and Vulnerability Management. My mission is to use my existing knowledge and expertise to assist organizations in making their applications more resilient. Always enthusiastic about sharing my insights and best practices with other security professionals and enthusiasts via talks and coffee chats.

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

I’m a Penetration Tester with a solid background in cybersecurity, specializing in uncovering vulnerabilities in web applications, APIs, and cloud environments. I focus on simulating real-world attack techniques to help organizations understand their risks and strengthen their security posture. My work includes ethical hacking, threat analysis, and integrating security automation into modern development workflows. I’m currently working at ZeroThreat.ai, building an automated penetration testing tool powered by AI.

Pranav Saji is an AI Security and Generative AI expert based in the San Francisco Bay Area, currently Head of AI Security at Symosis Security and a Machine Learning Consultant at LinkedIn. He has delivered over $50M in business impact across Fortune 100 enterprises and startups, founded or led AI at 5+ companies, and built production AI systems spanning security analytics, agentic workflows, and large language model applications. A recognized voice on AI agent and MCP security, he publishes thought leadership in outlets such as HackerNoon and advises enterprises on securing generative AI and agentic systems. He is an accepted trainer at OWASP Global AppSec USA 2026 and a Core Judge for the USAII Global AI Hackathon. He holds a Master's in Computer Science (AI specialization) and CompTIA Security+ and Azure AI Engineer certifications.

Seasoned content writer with more than a decade of experience.Wrote hundreds of blogs, ebooks, newsletters, social media content, news articles.Worked with numerous tech start-ups, digital marketing agencies, and media publications.Focused mostly on B2B tech, cybersecurity, blockchain, and AI. Capable of covering virtually any topic.Experienced in journalistic writing.

Puneet Bhatnagar is an identity and AI security expert with nearly two decades of experience advising global enterprises on identity governance, access risk, and emerging AI-driven security challenges. He has led large-scale identity modernization initiatives across financial services, technology, and regulated industries, and regularly speaks at industry conferences on modern IAM and access intelligence. His work focuses on translating complex security risks into practical, business-aligned strategies.

Cybersecurity Expert | Cyberwarfare Strategist | Founder, Centuria Labs Research With over 25 years of specialized experience, Giovanni Battista Caria is a prominent figure in the European cybersecurity landscape. As the head of Centuria Labs Research, he has dedicated his career to advanced research in digital crime prevention and the development of impenetrable defensive architectures. His work bridges the gap between technical innovation and strategic analysis, making him a sought-after speaker at major international forums, including the International Security & Digital Council. Literary Contribution & Strategic Insight Caria’s extensive research has culminated in a series of influential works that address the evolving nature of digital threats from both a technical and legal perspective: The Black Book of Cybersecurity (Il Libro Nero della Cybersecurity): A deep dive into the structural flaws of modern digital infrastructure and the methodologies of high-level cyber attacks. The Invisible Front (Cybersecurity & Cyberwarfare): Co-authored as a comprehensive guide to the convergence of law, technology, and national security, this work serves as a manual for understanding state-sponsored digital conflict. The Architects of Shadow (PsyOps & Information Warfare): An analytical exploration of psychological operations and social engineering, detailing how digital influence can compromise national stability and institutional trust. Innovation in Defensive Systems Throughout his two-decade-long career, Caria has focused on creating innovative defensive frameworks designed to be mathematically and structurally resilient. His approach at Centuria Labs emphasizes proactive threat hunting and the implementation of security layers that go beyond traditional firewalls, focusing instead on system-level integrity and zero-trust principles. Strategic Vision A recognized expert in the legal and technical facets of the GDPR and cyber-law, Caria integrates regulatory compliance with hard-core technical defense. His philosophy is rooted in the belief that true cybersecurity requires a holistic understanding of the "invisible front"—the space where software engineering, international law, and geopolitical interests collide. "Cyber defense is not a static wall, but a dynamic architecture of constant anticipation and research." — Giovanni Battista Caria

I have been working in security operations for nearly 2+ years, protecting 20,000+ state devices through automation. In my free time, I focus on learning and applying my knowledge to current problems in the industry, focusing on defending against AI devices. I have worked with cutting-edge security and AI tools built by companies like Microsoft, Palo Alto Networks, and Meta.

David Santiago (@DavidSecurity) is a Certified Security Professional with over 15 years of operational experience in security management, risk assessment, and physical protection. A U.S. Marine Corps veteran, David’s background includes securing U.S. embassies abroad and leading campus-wide security operations at a State Department-sponsored international school in Tunis, Tunisia, during the Arab Spring. Today, David works as a security consultant helping physical security integrators, SaaS platforms, and risk management firms improve their content marketing, thought leadership, and client engagement strategies. He specializes in creating industry-specific content—such as case studies, technical guides, and white papers—that informs decision-makers and drives growth. Based in Orlando, Florida, David actively follows the latest trends in physical security. He advises clients, contributes to leading industry publications, and regularly participates in conferences as a writer and subject matter expert.