Farzan Karimi is a seasoned cybersecurity leader who has built and led offensive security programs at organizations including Google, Microsoft, Electronic Arts, and Moderna. He is a four-time Black Hat and DEFCON speaker, most recently presenting at DEFCON 2025 on Recursive Request Exploits (RRE), a new web hacking technique that garnered broad industry attention and was nominated as one of the Top Web Hacking Techniques of 2025 by PortSwigger.

Presentations

23x

Keynote - United Against the Exploit

In this keynote, Farzan Karimi draws on nearly two decades of experience leading offensive and defensive security teams at organizations including Google, Microsoft, Electronic Arts, and Moderna to explore what happens after the exploit, when human behavior matters more than technical skill. From red team operations that triggered internal friction, to incidents that escalated into arrests through cross-functional trust, this talk explores why the most dangerous zero-day in modern enterprises is not always found in code.

See Presentation