Nishant Sharma

Nishant Sharma

Product Builder | Cybersecurity Researcher and Trainer | Project Manager

About Me

Hello! I'm Nishant Sharma. I am an experienced team leader with proven track record in building and managing cost-effective, efficient remote technical teams.

With over a decade of experience in Cybersecurity Research and Product Development, I have dedicated my career to advancing the field through innovation and education. As a seasoned Cybersecurity expert, I have had the privilege of presenting my research at prestigious conferences such as DEFCON, Blackhat, HITB, and RootCon, reaching and impacting thousands of students and professionals across 125+ countries.

I currently serve as Head of Cybersecurity Research at SquareX (Browser Detection-Response). Prior to that I served as the VP of Labs, R&D at INE, Head of R&D at Pentester Academy (acquired by INE) and as MTS at Mojo Networks (acquired by Arista Networks), where I contributed to cutting-edge products and cybersecurity-focused initiatives.

Professional Skills

Cybersecurity Research
Master
Team Building & Management
Expert
DevSecOps Practices
Advance
Browser, WiFi & Cloud Security
Master
Architecture & Code Security Review
Expert
Startup Operations and Operation Optimization
Expert

Work Experience

Head of Cybersecurity Research at SquareX
June, 2025 - Present
  • Leading groundbreaking research into browser-native threats.
  • Bridging offensive research and defensive innovation to redefine enterprise browsing security.
    • Vice President of Lab, Research, and Development at INE.com
    Jan, 2025 - May, 2025
  • Led initiatives in capacity expansion and efficiency improvement for multi-cloud infrastructure.
  • Served as a Cybersecurity Subject Matter Expert and provided leadership in engineering and R&D.
  • Developed/Maintained highly scalable infrastructure and led research projects to drive innovation.
    • Director, Lab Platform at INE.com
    Oct, 2021 - Dec, 2024
  • Working closely with Senior Leadership Team to set objectives to create and deliver development/content roadmap.
  • Managing hiring and daily operations for 12+ people Technical team remotely working from India.
  • Adopting DevSecOps practices.
  • Guiding team to create cutting edge labs on Supply Chain Attacks, Windows Active Directory and Azure Active Directory topics.
  • Reduced operational cloud expenses of the lab platform by 25%.
  • Led multiple initiatives to build in-house monitoring, marketing and analystics portals.
  • Conducted 8+ presentations/trainings/workshops in Blackhat, DEF CON, RootCon and OWASP Seasides to promote brand visibility.
  • Led team in development and release of 4 open source tools to community.
  • Led team to create 200+ labs for Azure, GCP and AWS cloud training.
  • Increased engineering team size 4x (i.e. from 4 to 16 members) within 4 months of Pentester Academy by INE.
  • Coded Azure Playground Labs and Azure based GNS3 Networking Labs.
  • Migrated 200+ old eLS legacy labs to PTA lab platform improving uptime and reduced failures/errors by 80%.
  • Conducted knowledge transfer/sharing sessions with instructors and cross developer teams.
    • Head, Research and Development at Pentester Academy (Acquired by INE.com)
    Nov, 2015 - Oct, 2021
  • Played pivotal role in Pentester Academy's growth by contributing in all aspects ranging from Products Development, Sales, Marketing directly working with Founder/CEO Mr. Vivek RamaChandran and eventually in its acquisition by INE.
  • Lead multiple initiatives like Hacker Arsenal, PA YouTube channel, and AttackDefense
  • Lead 6 member content creation team to build 2000+ challenges in 125+ infosec sub-topics for AttackDefense
  • Delivered 6+ paid training, 15+ tools/talks in top conferences (Blackhat, DEF CON, HiTB, RootCon, OWASP NZ), and 10+ live boot camps online.
  • Developed and released 6 open source tools.
  • Developed course content and labs for courses.
    • Member of Technical Staff at Mojo Networks (Acquired by Arista Networks)
    June, 2014 - Oct, 2015
  • Developed upgrades/patches for WIPS and Mojo Networks WiFi Access Point platform.
  • Developed following Access Point features:
  • -- IPSec/EoGRE tunnels
  • -- IPv6 communication and QoS
  • -- 802.11r Fast BSS Transition Roaming
  • -- Client reporting feature and NTP time sync
    • Cyber Forensics Intern at KPMG, India
    May, 2013 - July, 2013
  • Recovered various digital pieces of evidence (in form of files, images, emails) as member of Data Evidence Recovery team.
  • Seized evidence, maintained Chain of Custody, recovered deleted data, submitted meaningful information to lawyers.
    • Technical Assistant at IIIT Delhi
    Aug, 2012 - May, 2014
  • Helped professors in conducting hands-on labs, evaluating assignments and conducting exams.

    • Trainings

  • Attacking and Defending AWS Cloud Environment, Blackhat USA 2022
  • Introduction to Azure Security, DEF CON 30 Workshops
  • Advanced WiFi Exploitation, Blackhat USA 2021
  • Advanced WiFi Exploitation, BSides Canberra 2021
  • Advanced Real-World Penetration Testing, BlackHat Asia 2020
  • Introduction to WiFi Security, Radio Frequency Village, DEF CON 28 (Recorded Video)
  • 1-day in-person workshop for ISEA and IIT Guwahati, 2020
  • 2-day virtual workshop for 350+ Govt. of India officials, 2020
  • Advanced WiFi Exploitation, Blackhat USA 2019
  • Advanced Real-World Penetration Testing, RootCon Philippines 2019
  • Advanced Real-World Penetration Testing, HiTB GSEC Singapore 2019
  • Advanced Real-World Penetration Testing, HiTB Amsterdam 2019
  • Advanced Real-World Penetration Testing, OWASP NZ Day 2019
  • Information Security Awareness (Private clients)
  • WiFi Pentesting Online Bootcamp (5 Batches)
  • Container Security Beginners Online Bootcamp (5 Batches)
  • DevSecOps Online Bootcamp (2 Batches)

    • Tools and Presentations

    Open Source Tools
    Research Presentations
  • AWSGoat: A Damn Vulnerable AWS Infrastructure, Blackhat USA 2022 Arsenal and DEF CON 30 Demolabs
  • AzureGoat: A Damn Vulnerable Azure Infrastructure, Blackhat USA 2022 Arsenal and DEF CON 30 Demolabs
  • ReconPal: Leveraging NLP for Infosec, RootCon Philippines 2020
  • Wi-Bear: Intelligent Autonomous Wi-Fi Honeypot Detection, BSides Canberra, 2019 (Contribution) (Recorded Video)
  • AD VoIP Toolkit: VoIP Analysis Wireshark Plugins, Blackhat Asia 2019 Arsenal
  • WiCy: Monitoring 802.11ac Networks at scale, HiTB Amsterdam Haxpo 2019 (Recorded Video)
  • VoIPShark: Open Source VoIP Analysis Platform, DEFCON China main stage and Demolabs 2019 (Recorded Video)
  • Developing Access Point Rootkits, Wireless Village, DEF CON 27 (Recorded Video)
  • Writing Wireshark Plugins for Security Analysis, Radio Frequency Village, DEF CON 28
  • Writing Wireshark Plugins for Security Analysis, Infosec In The City 2020, Singapore (Recorded Video)
  • Writing Wireshark Plugins for Security Analysis, Radio Frequency Village, DEF CON 27
  • Hunting Threats with Wireshark Plugins, RootCon Philippines 2019 (Recorded Video)
  • BLEMystique: Affordable Custom BLE Target, Blackhat USA 2018 Arsenal and DEFCON 26 Demolabs
  • PA-Toolkit: Wireshark Plugins for Pentesters, Blackhat USA 2018 Arsenal and DEFCON 26 Demolabs
  • Deceptacon: Deception in WiFi, Radio Frequency Village, DEFCON 25
  • Wimonitor: OpenWRT package for remote sniffing, DEFCON 25 Demolabs
  • IIDS: IoT Intrusion Detection System, IoT Village, DEFCON 25
  • WiDy: WiFi 0wnage under $5, Blackhat Asia 2017 Arsenal and DEFCON 25 Demolabs
    • Podcasts
    Discovered Vulnerabilities/Issues
  • CVE-2020-24263, Score: 8.8 HIGH
  • CVE-2020-24264, Score: 9.8 CRITICAL
  • AV evasion vulnerability on Bitdefender's flagship complete PC protection "Bitdefender Total Security 2018" product.
  • Security and Privacy issues in Ola's in-cab WiFi offering (OLA play). Problem was not in the implementation but with the design/architecture.
    • Academic Research

    Professional Chronicles

    Blackhat Arsenal Presentation 2022 Blackhat AWS Training 2022 Pentester Academy Booth RSA Singapore DEF CON Radio Frequency Hacking Village HiTB Amsterdam WiCy Pentester Academy Booth Blackhat Asia DEF CON China Mainstage RootCon Philippines Mainstage Pentester Academy Booth RootCon Philippines
    ×

    Research Talk Playlist

    Education

    Master of Technology (Information Security) from IIIT Delhi
    2012 - 2014
  • Member of Student Council
  • Top 10 Finalist of Infosys Hashers (National Coding Competition) 2012, over 450+ teams from premier colleges participated.
  • Member of Cryptology group
  • Grade: 9 (out of 10)
    • Bachelor of Technology (Computer Science) from Himachal Pradesh University
    2008 - 2012
  • Member of Organizing committee of Technical festival
  • Grade: Hons (Ist Division)
    • Secondary and Senior School Education from Jawahar Navodaya Vidyalaya (CBSE)
    2001 - 2008
  • Scored 87.8% in 10th and 82.3% in 12th (PCM)