Nishant Sharma

Nishant Sharma

Product Builder | Cybersecurity Researcher and Trainer | Project Manager

About Me

Hello! I'm Nishant Sharma. I am an experienced team leader with proven track record in building and managing cost-effective, efficient remote technical teams.

With over a decade of experience in Cybersecurity Research and Product Development, I have dedicated my career to advancing the field through innovation and education. As a seasoned Cybersecurity expert, I have had the privilege of presenting my research at prestigious conferences such as DEFCON, Blackhat, HITB, and RootCon, reaching and impacting thousands of students and professionals across 125+ countries.

I currently serve as Head of Cybersecurity Research at SquareX (Browser Detection-Response). Prior to that I served as the VP of Labs, R&D at INE, Head of R&D at Pentester Academy (acquired by INE) and as MTS at Mojo Networks (acquired by Arista Networks), where I contributed to cutting-edge products and cybersecurity-focused initiatives.

Professional Skills

Cybersecurity Research
Master
Team Building & Management
Expert
DevSecOps Practices
Advance
Browser, WiFi & Cloud Security
Master
Architecture & Code Security Review
Expert
Startup Operations and Operation Optimization
Expert

Work Experience

Head of Cybersecurity Research at SquareX
June, 2025 - Present
  • Leading groundbreaking research into browser-native threats. Some of our research findings include:
  • Bridging offensive research and defensive innovation to redefine enterprise browsing security.
  • Leading research team on various initiatives:
    • Year of Browser Bugs initiative to highlight architeure and design absed flaws in modern and AI browsers
    • Browser Extension Analyzer: Industry leading approach to analyze browser extensions for malicious intent
    • AttackVault: Attack Testing Range
  • Overseeing operations, hiring, and capability building for India team.
    • Vice President of Lab, Research, and Development at INE.com
    Jan, 2025 - May, 2025
  • Led multi-cloud capacity expansion and major efficiency improvements.
  • Served as Cybersecurity SME providing leadership across engineering and R&D.
  • Built and maintained scalable infrastructure and drove key innovation projects.
  • Automated platform change and lab release processes, reducing effort by 80%.
  • Streamlined workflows to cut turnaround times by 70%.
  • Built DevSecOps pipelines with GitHub Actions and dashboards for quality and security checks.
  • Developed regional performance testing and logged-in flow automation to surface critical issues.
  • Drove security scanning and application security posture improvements.
  • Hired, developed, and retained a fully remote engineering team of 12+ across India.
    • Director, Lab Platform at INE.com
    Oct, 2021 - Dec, 2024
  • Working closely with Senior Leadership Team to set objectives to create and deliver development/content roadmap.
  • Managing hiring and daily operations for 12+ people Technical team remotely working from India.
  • Adopting DevSecOps practices.
  • Guiding team to create cutting edge labs on Supply Chain Attacks, Windows Active Directory and Azure Active Directory topics.
  • Reduced operational cloud expenses of the lab platform by 25%.
  • Led multiple initiatives to build in-house monitoring, marketing and analystics portals.
  • Conducted 8+ presentations/trainings/workshops in Blackhat, DEF CON, RootCon and OWASP Seasides to promote brand visibility.
  • Led team in development and release of 4 open source tools to community.
  • Led team to create 200+ labs for Azure, GCP and AWS cloud training.
  • Increased engineering team size 4x (i.e. from 4 to 16 members) within 4 months of Pentester Academy acquisition by INE.
  • Coded Azure Playground Labs and Azure based GNS3 Networking Labs.
  • Migrated 200+ old eLS legacy labs to PTA lab platform improving uptime and reduced failures/errors by 80%.
  • Conducted knowledge transfer/sharing sessions with instructors and cross developer teams.
    • Head, Research and Development at Pentester Academy (Acquired by INE.com)
    Nov, 2015 - Oct, 2021
  • Played pivotal role in Pentester Academy's growth by contributing in all aspects ranging from Products Development, Sales, Marketing directly working with Founder/CEO Mr. Vivek RamaChandran and eventually in its acquisition by INE.
  • Lead multiple initiatives like Hacker Arsenal, PA YouTube channel, and AttackDefense
  • Lead 6 member content creation team to build 2000+ challenges in 125+ infosec sub-topics for AttackDefense
  • Delivered 6+ paid training, 15+ tools/talks in top conferences (Blackhat, DEF CON, HiTB, RootCon, OWASP NZ), and 10+ live boot camps online.
  • Developed and released 6 open source tools.
  • Developed course content and labs for courses.
    • Member of Technical Staff at Mojo Networks (Acquired by Arista Networks)
    June, 2014 - Oct, 2015
  • Developed upgrades/patches for WIPS and Mojo Networks WiFi Access Point platform.
  • Developed following Access Point features:
  • -- IPSec/EoGRE tunnels
  • -- IPv6 communication and QoS
  • -- 802.11r Fast BSS Transition Roaming
  • -- Client reporting feature and NTP time sync
    • Cyber Forensics Intern at KPMG, India
    May, 2013 - July, 2013
  • Recovered various digital pieces of evidence (in form of files, images, emails) as member of Data Evidence Recovery team.
  • Seized evidence, maintained Chain of Custody, recovered deleted data, submitted meaningful information to lawyers.
    • Technical Assistant at IIIT Delhi
    Aug, 2012 - May, 2014
  • Helped professors in conducting hands-on labs, evaluating assignments and conducting exams.

    • Trainings

  • Plug and Prey: Scanning and Scoring Browser Extensions, Recon Village, DEF CON 33 (Recorded Video)
  • Serverless but Not Defenseless: A Security Deep Dive into Cloud Run, Cloud Village, DEF CON 33
  • No Radios, No Problem - Hacking WiFi in a Virtual World, Radio Frequency Village, DEF CON 33
  • Attacking and Defending AWS Cloud Environment, Blackhat USA 2022
  • Introduction to Azure Security, DEF CON 30 Workshops
  • Advanced WiFi Exploitation, Blackhat USA 2021
  • Advanced WiFi Exploitation, BSides Canberra 2021
  • Advanced Real-World Penetration Testing, BlackHat Asia 2020
  • Introduction to WiFi Security, Radio Frequency Village, DEF CON 28 (Recorded Video)
  • 1-day in-person workshop for ISEA and IIT Guwahati, 2020
  • 2-day virtual workshop for 350+ Govt. of India officials, 2020
  • Advanced WiFi Exploitation, Blackhat USA 2019
  • Advanced Real-World Penetration Testing, RootCon Philippines 2019
  • Advanced Real-World Penetration Testing, HiTB GSEC Singapore 2019
  • Advanced Real-World Penetration Testing, HiTB Amsterdam 2019
  • Advanced Real-World Penetration Testing, OWASP NZ Day 2019
  • Information Security Awareness (Private clients)
  • WiFi Pentesting Online Bootcamp (5 Batches)
  • Container Security Beginners Online Bootcamp (5 Batches)
  • DevSecOps Online Bootcamp (2 Batches)

    • Tools and Presentations

    Open Source Tools
    Research Presentations
  • AWSGoat: A Damn Vulnerable AWS Infrastructure, Blackhat USA 2022 Arsenal and DEF CON 30 Demolabs
  • AzureGoat: A Damn Vulnerable Azure Infrastructure, Blackhat USA 2022 Arsenal and DEF CON 30 Demolabs
  • ReconPal: Leveraging NLP for Infosec, RootCon Philippines 2020
  • Wi-Bear: Intelligent Autonomous Wi-Fi Honeypot Detection, BSides Canberra, 2019 (Contribution) (Recorded Video)
  • AD VoIP Toolkit: VoIP Analysis Wireshark Plugins, Blackhat Asia 2019 Arsenal
  • WiCy: Monitoring 802.11ac Networks at scale, HiTB Amsterdam Haxpo 2019 (Recorded Video)
  • VoIPShark: Open Source VoIP Analysis Platform, DEFCON China main stage and Demolabs 2019 (Recorded Video)
  • Developing Access Point Rootkits, Wireless Village, DEF CON 27 (Recorded Video)
  • Writing Wireshark Plugins for Security Analysis, Radio Frequency Village, DEF CON 28
  • Writing Wireshark Plugins for Security Analysis, Infosec In The City 2020, Singapore (Recorded Video)
  • Writing Wireshark Plugins for Security Analysis, Radio Frequency Village, DEF CON 27
  • Hunting Threats with Wireshark Plugins, RootCon Philippines 2019 (Recorded Video)
  • BLEMystique: Affordable Custom BLE Target, Blackhat USA 2018 Arsenal and DEFCON 26 Demolabs
  • PA-Toolkit: Wireshark Plugins for Pentesters, Blackhat USA 2018 Arsenal and DEFCON 26 Demolabs
  • Deceptacon: Deception in WiFi, Radio Frequency Village, DEFCON 25
  • Wimonitor: OpenWRT package for remote sniffing, DEFCON 25 Demolabs
  • IIDS: IoT Intrusion Detection System, IoT Village, DEFCON 25
  • WiDy: WiFi 0wnage under $5, Blackhat Asia 2017 Arsenal and DEFCON 25 Demolabs
    • Podcasts
    Discovered Vulnerabilities/Issues
  • CVE-2020-24263, Score: 8.8 HIGH
  • CVE-2020-24264, Score: 9.8 CRITICAL
  • AV evasion vulnerability on Bitdefender's flagship complete PC protection "Bitdefender Total Security 2018" product.
  • Security and Privacy issues in Ola's in-cab WiFi offering (OLA play). Problem was not in the implementation but with the design/architecture.
    • Academic Research

    Education

    Master of Technology (Information Security) from IIIT Delhi
    2012 - 2014
  • Member of Student Council
  • Top 10 Finalist of Infosys Hashers (National Coding Competition) 2012, over 450+ teams from premier colleges participated.
  • Member of Cryptology group
  • Grade: 9 (out of 10)
    • Bachelor of Technology (Computer Science) from Himachal Pradesh University
    2008 - 2012
  • Member of Organizing committee of Technical festival
  • Grade: Hons (Ist Division)
    • Secondary and Senior School Education from Jawahar Navodaya Vidyalaya (CBSE)
    2001 - 2008
  • Scored 87.8% in 10th and 82.3% in 12th (PCM)

    • Professional Chronicles

    Blackhat Arsenal Presentation 2022 Blackhat AWS Training 2022 Pentester Academy Booth RSA Singapore DEF CON Radio Frequency Hacking Village HiTB Amsterdam WiCy Pentester Academy Booth Blackhat Asia DEF CON China Mainstage RootCon Philippines Mainstage Pentester Academy Booth RootCon Philippines
    ×

    Research Talk Playlist