Endpoint Security Professionals to Know 2025

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Shyam Gajula is a Cybersecurity Professional specializing in Endpoint Security, Identity & Access Management (IAM), Zero Trust Architecture, and Cloud Security with 9+ years of experience securing enterprise and hybrid environments. He helps organizations strengthen security posture by implementing identity-centric architectures, continuous risk reduction frameworks, and compliance-focused controls across AWS, VDI, and distributed infrastructures. Shyam holds the AWS Certified Solutions Architect credential and has hands-on expertise in cloud security design, endpoint hardening, authentication frameworks (including SAML 2.0 / SSO), access governance, EDR/agent policy optimization, and secure cloud operations. His research and practical work focus on real-world defenses against modern threats, endpoint risk scoring, and identity-driven security automation. He is a published cybersecurity researcher, an international keynote speaker, and serves as a judge and evaluator for global cybersecurity awards and innovation competitions. Shyam frequently contributes to peer review panels and provides expert insights on best practices for Zero Trust adoption, cloud risk mitigation, and securing modern digital workplaces. Orcid Research Profile: https://orcid.org/0009-0001-4279-9629

Scott Altiparmak is a Senior Information Security Engineer with 8+ years of experience spanning identity and access management, email security, and cloud security, with a focus on building and automating enterprise security programs end to end. He is the creator of Threat Terminal, a live game-based research platform studying how humans detect phishing in the generative AI era, and maintains open-source tools including Enterprise-Zapp and Threat Intelligence Tarot. He serves as Director of Programming for the South Florida ISSA chapter and speaks regularly at industry and academic events including Tech Hub Pulse 2026, PBSC CyberWeek, and the PBSC Cybersecurity Symposium.

📌 Key Areas: Secure Software Engineering | Zero-Trust Security | Cloud & DevOps Security | AI for Cyber Defense | Research & Innovation | Cybersecurity Advocacy I am an award-winning Cybersecurity Professional and Software Engineer with about 10 years of experience building secure, resilient, and scalable systems that safeguard enterprises and critical infrastructures worldwide. At Microsoft, I have spearheaded high-impact security engineering initiatives across Azure, DevOps, and enterprise security driving innovations in zero-trust frameworks, system observability, automation, and AI-integrated security solutions. My contributions have fortified services relied upon by global customers while elevating industry standards in reliability, compliance, and risk management. Beyond corporate impact, I am deeply committed to advancing the cybersecurity community. As an advisor, trainer, and researcher, I actively contribute to academic publications, global workshops, and non-profit initiatives with multiple global organizations like CyberNGO, Mentors Without Borders, TCET, CHARUSAT, PARUL, MSU, Live2Serve and Many More, promoting cybersecurity awareness and training future leaders. Recognized with honors such as the Global Recognition Award 2025 and multiple CISO50 Innovation & Excellence Awards, my mission is to bridge research, engineering, and leadership to shape the future of digital trust and resilience.

CYRX360 is a healthcare‐focused cybersecurity company dedicated to protecting medical practices, hospitals, and clinics with comprehensive, regulation-driven solutions. Our services include a 24/7 Security Operations Center (SOC), HIPAA compliance audits, endpoint & ransomware protection, secure password management, dark web surveillance, and incident response. We help organizations reduce risk, ensure patient data confidentiality, and maintain trust.

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

My path to security leadership came through offensive security testing, software engineering, and product management. I've written code, designed and built security products, created and sold managed security services, and served as both GM and CISO for organizations ranging from early-stage startups to multi-billion-dollar enterprises. That background shapes how I approach security: I understand the trade-offs engineering teams face, I know what's actually feasible to implement and operate, and I prioritize controls that reduce real risk over ones that just satisfy auditors. I stay hands-on with cloud architecture, application security, AI, and emerging threats. At IOmergent, my co-founder Brett Wilson and I work with growing companies that need real security leadership but aren't ready for a full-time CISO. We provide fractional CISO (vCISO) services, managed cloud security, and practical assessments that tell you where you actually stand. Our focus is on building security into engineering culture and operations, as well as with executive teams. We work extensively with SaaS companies, healthcare and fintech organizations, and AI startups navigating their first enterprise customers, dealing with incidents or near misses, or trying to figure out what "good enough" security actually looks like for their stage. If you're a founder or technical leader looking to mature your security posture, preparing for your first compliance audit, or navigating an incident and need experienced support, I'm always happy to connect. And if you just want to talk through a security challenge with someone who's been there, reach out.

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

Seasoned content writer with more than a decade of experience.Wrote hundreds of blogs, ebooks, newsletters, social media content, news articles.Worked with numerous tech start-ups, digital marketing agencies, and media publications.Focused mostly on B2B tech, cybersecurity, blockchain, and AI. Capable of covering virtually any topic.Experienced in journalistic writing.

Puneet Bhatnagar is an identity and AI security expert with nearly two decades of experience advising global enterprises on identity governance, access risk, and emerging AI-driven security challenges. He has led large-scale identity modernization initiatives across financial services, technology, and regulated industries, and regularly speaks at industry conferences on modern IAM and access intelligence. His work focuses on translating complex security risks into practical, business-aligned strategies.

Cybersecurity Expert | Cyberwarfare Strategist | Founder, Centuria Labs Research With over 25 years of specialized experience, Giovanni Battista Caria is a prominent figure in the European cybersecurity landscape. As the head of Centuria Labs Research, he has dedicated his career to advanced research in digital crime prevention and the development of impenetrable defensive architectures. His work bridges the gap between technical innovation and strategic analysis, making him a sought-after speaker at major international forums, including the International Security & Digital Council. Literary Contribution & Strategic Insight Caria’s extensive research has culminated in a series of influential works that address the evolving nature of digital threats from both a technical and legal perspective: The Black Book of Cybersecurity (Il Libro Nero della Cybersecurity): A deep dive into the structural flaws of modern digital infrastructure and the methodologies of high-level cyber attacks. The Invisible Front (Cybersecurity & Cyberwarfare): Co-authored as a comprehensive guide to the convergence of law, technology, and national security, this work serves as a manual for understanding state-sponsored digital conflict. The Architects of Shadow (PsyOps & Information Warfare): An analytical exploration of psychological operations and social engineering, detailing how digital influence can compromise national stability and institutional trust. Innovation in Defensive Systems Throughout his two-decade-long career, Caria has focused on creating innovative defensive frameworks designed to be mathematically and structurally resilient. His approach at Centuria Labs emphasizes proactive threat hunting and the implementation of security layers that go beyond traditional firewalls, focusing instead on system-level integrity and zero-trust principles. Strategic Vision A recognized expert in the legal and technical facets of the GDPR and cyber-law, Caria integrates regulatory compliance with hard-core technical defense. His philosophy is rooted in the belief that true cybersecurity requires a holistic understanding of the "invisible front"—the space where software engineering, international law, and geopolitical interests collide. "Cyber defense is not a static wall, but a dynamic architecture of constant anticipation and research." — Giovanni Battista Caria

David Santiago (@DavidSecurity) is a Certified Security Professional with over 15 years of operational experience in security management, risk assessment, and physical protection. A U.S. Marine Corps veteran, David’s background includes securing U.S. embassies abroad and leading campus-wide security operations at a State Department-sponsored international school in Tunis, Tunisia, during the Arab Spring. Today, David works as a security consultant helping physical security integrators, SaaS platforms, and risk management firms improve their content marketing, thought leadership, and client engagement strategies. He specializes in creating industry-specific content—such as case studies, technical guides, and white papers—that informs decision-makers and drives growth. Based in Orlando, Florida, David actively follows the latest trends in physical security. He advises clients, contributes to leading industry publications, and regularly participates in conferences as a writer and subject matter expert.

I am a cybersecurity professional with over 18 years of experience in offensive security, penetration testing, and cyber defense. I focus on deeply understanding complex security challenges and developing practical, real-world solutions that strengthen organizations against evolving threats. I enjoy working across various security domains and approaching problems with a hands-on, analytical mindset. My colleagues and clients describe me as a hardworking, disciplined professional who remains calm and solution-oriented when handling high-risk incidents and challenging environments. My areas of expertise include vulnerability assessment, exploit development, incident response, network security architecture, and enterprise systems administration. I hold industry-recognized certifications such as OSCP, OSCE, GWAPT, GCIH, CCNA, and RHCE, which demonstrate my commitment to continuous learning and technical excellence.

An experienced security professional helping security folks discover their best with HealthyByte. Previously built and led secure design functions at Insight, secured and protected thousands of websites per day at SiteLock alongside malware research at Sectigo, and currently building and scaling security for millions of rental cars at Turo. I’m curious and a lifetime learner across every field. Areas of Expertise & Interest: ‣ Enterprise/Corporate Security ‣ Infrastructure Security ‣ AWS Cloud Security ‣ Offensive Security (Red Teaming) ‣ Incident Detection and Response

Josh Fleming is the Risk Advisory & GRC practice lead at Echelon Risk + Cyber, where he helps organizations strengthen resilience against today’s most complex cyber and physical threats. He brings a unique ability to bridge technical expertise with executive strategy, enabling leaders to make confident, informed decisions during both preparation and crisis. With extensive experience across industries such as healthcare, manufacturing, financial services, and energy, Josh has partnered with organizations to identify risks, fortify defenses, and implement effective governance strategies. His work spans from building incident prevention programs to leading executive tabletop exercises, risk assessments, and crisis response planning. Josh regularly advises executive teams, C-suites, and boards on incident response readiness and strategic risk management. He is known for developing actionable frameworks and clear decision-making playbooks that reduce risk exposure, accelerate response, and build stakeholder trust. As an industry thought leader, Josh is committed to advancing the conversation around governance, risk, and compliance. He stays at the forefront of emerging trends and regulations, particularly in areas such as AI governance and cybersecurity resilience, to ensure his clients and partners are not only compliant, but future-ready. Above all, Josh is recognized as a trusted advisor who combines technical depth, business acumen, and a client-centric approach to deliver lasting value. His mission is to help organizations move beyond compliance to achieve true resilience and competitive advantage in an evolving risk landscape.

Matt Lindley is the Chief Innovation & Information Security Officer at NINJIO, a leading cybersecurity awareness training and human risk management platform. Matt leads NINJIO’s cybersecurity team and AI innovation projects. Previously, he was the CEO and Principal Consultant at REIN Cybersecurity, which focused on governance, risk management, and compliance (GRC). He has also served as the Director of Security Services at Cal Net Technology Group and the virtual CIO at Convergence Networks. Matt is an authority on IT, cybersecurity, GRC, and operational maturity whose expert insights have been published in media outlets spanning cybersecurity and many other relevant verticals. His byline has appeared in a wide range of cybersecurity and tech publications, including Dark Reading, Cyber Defense Magazine, Innovation & Tech Today, Spiceworks, Security Magazine, Cybersecurity Insiders, Security Boulevard, U.S. Cybersecurity Magazine, Information Week, and Cyber Protection Magazine. Matt has also published extensively in outlets serving specific industry verticals, such as InsuranceNewsNet, Business Traveler, Manufacturing.net, and Carrier Management. He is considered a leading security analyst whose research and expertise cover AI strategy and transformation, emerging cyberthreats, behavioral psychology, social engineering, and organizational resilience. Matt has over a decade and a half of experience as both a practitioner and a thought leader in cybersecurity, and he is particularly focused on human risk management—a core pillar of cybersecurity at a time when the human element is implicated in the majority of breaches.

I am a globally acclaimed Cyber security researcher and Whitehat Hacker with a proven track record of discovering Critical Zero Day Security Issues in a significant number of Web Applications, Products and Browsers which have helped protecting Privacy and Security of millions of users globally. In addition to that,I regularly contribute opinion pieces on prevailing issues and affairs related to Cyber Security. I am author of two books on Cyber Security, "Web Hacking Arsenal" and "Ethical hacking And Pentesting Guide".

Harman Singh, director at respected consultancy Cyphere, is an experienced security professional consulting public and private sector customers across the globe. He brings over a decade of intensive consulting experience, advising both private and public sector organisations on security matters around offensive and defensive security, particularly SOC operations maturity, CREST pen testing, risk and governance. Harman is recognised for his teaching ability; he is not just a consultant, but an educator of other experts: Black Hat Trainer: He has delivered advanced, practical training sessions at the prestigious Black Hat security conferences. Advanced Hacking: His training focuses on sophisticated techniques for attacking and defending complex digital infrastructure, upskilling security teams worldwide. Corporate Consulting: Beyond training, he possesses extensive experience consulting with corporate security teams, helping them manage threats across traditional networks and cloud-based systems. His insights—covering regulatory compliance, comments and best practices—are frequently featured in publications such as Infosecurity Magazine and Fast Company.

Roguevault News is an independent and authoritative voice in the cybersecurity world. For over a decade, we’ve built a reputation as a trusted source for balanced, timely, and in‑depth reporting.

We Expect The Unexpected - Creative Information Security Practices To Protect Your Security Blind Spots BlueSteel Cybersecurity delivers a new approach in intelligent cybersecurity protection, compliance, engineering, and strategy services. We translate the complexity of cybersecurity protection into clear and actionable insights to bridge the widening gap between organizational objectives and critical cybersecurity protection. Our enterprise-level security services are carefully engineered to help our partners prepare for future threats while meeting strict compliance requirements. We are experts in security, data, software, and IT with decades of experience analyzing and communicating complex information upon which critical decisions are made. Our goal is to prove our value – and the value of cybersecurity processes and protections – through innovative solutions that help our clients achieve their information security goals Learn more: www.bluesteelcyber.com.