HK
kvprashant
Nandan Gupta
Arif
In March 2025, a critical supply chain attack struck the popular GitHub Action tj-actions/changed-files, used by more than 23,000 repositories. The attacker slipped in a malicious version that silently exfiltrated CI/CD secrets by printing them to workflow logs—everything from Personal Access Tokens to private SSH keys was suddenly at risk. This incident (CVE-2025-30066) revealed just how easy it is for a trusted third-party action to turn into a threat vector, especially when security controls around CI/CD workflows are lacking.
We built Flowlyt as a static analysis and policy-as-code tool that scans GitHub Actions workflows for signs of malicious behavior, hardcoded secrets, and insecure patterns. With support for Open Policy Agent (OPA), it lets security teams define and enforce custom rules that align with their CI/CD security standards.
HK
Product Security Engineer with passion for cybersecurity drives to excel in various areas, specialized in conducting penetration testing and code reviews.
Hare Krishna Rai is a passionate cybersecurity professional with experience in software supply chain security. Currently serving as a Product Security Engineer at a fintech company, they also co-contribute to the SCAGoat open-source project. With over three years of experience in software supply chain security, their expertise spans code review, penetration testing, and GenAI LLM penetration testing.
Hare is an active speaker, having presented at prestigious events such as DEF CON Demolabs, AppSec Village Arsenal, Black Hat, c0c0n, and Null Hyderabad. Beyond their professional pursuits, they enjoy listening to music, watching sci-fi movies, and reading books for personal growth. Always eager to take on new challenges, Hare is committed to advancing their career in cybersecurity and contributing to the broader infosec community.
kvprashant
Prashant Venkatesh, Product Security Leader
Prashant Venkatesh is an information security expert with over 20 years of experience. He presently works as a Product security Leader
Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including at Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and he is co-founder of annual Seasides Conference.
Nandan Gupta
Principal Application Security Engineer @ Fintech
Nandan Gupta is an Application Security Engineer with a strong passion for cybersecurity. He focuses on penetration testing, secure code reviews, and threat modeling to identify and mitigate vulnerabilities early in the development lifecycle.
Arif
Seasides Research Team
Senior Security Engineer with 5+ years of experience helping companies build and ship secure products without slowing down innovation. I specialize in Web, API, and Mobile Pentesting, Cloud Security, Threat Modeling, and embedding scalable SSDLC practices. My security journey began with curiosity and evolved into real-world impact—during an audit, I uncovered a critical flaw that could’ve exposed sensitive internal data. At Poshmark, I’ve led third-party library risk assessments, performed architecture reviews for key features, and rolled out secure coding practices across engineering. My threat modeling work improved early risk detection by 40%. Outside of work, I run hands-on security workshops, organize CTFs, and speak at conferences like c0c0n and Seasides. I'm open to the chance to solve real-world security challenges. Let’s connect and build secure systems that scale.