Interested in getting your own thought leader profile? Get Started Today.

Anant Shrivastava

Founder / Chief Researcher at Cyfinoid Research Private Limited

Bhopal, India

Researcher | Trainer | Security Professional

Available For: Advising, Authoring, Consulting, Speaking
Travels From: Bhopal
Speaking Topics: Information Security, Linux, Android

Anant Shrivastava Points
Academic 0
Author 16
Influencer 54
Speaker 27
Entrepreneur 50
Total 147

Points based upon Thinkers360 patent-pending algorithm.

Thought Leader Profile

Portfolio Mix

Company Information

Company Type: Company
Minimum Project Size: N/A
Average Hourly Rate: N/A
Number of Employees: N/A
Company Founded Date: Undisclosed

Areas of Expertise

Cloud 30.15
Cybersecurity 34.93
DevOps 55.75
Digital Disruption 30.05
Digital Transformation
Emerging Technology 30.20
Entrepreneurship 30.25
Leadership 30.31
Lean Startup 30.22
Mobility 31.36
Open Innovation
Security 30.69
Social 30.24
Startups 30.26
Supply Chain 31.16
Diversity and Inclusion 31.51
National Security 30.59
Management 30.20
EdTech 30.36
AI 30.03
Careers 30.74
Personal Branding 30.26
IT Operations 35.53
Generative AI 30.48
SportsTech 30.22

Industry Experience

Consumer Products
Financial Services & Banking
High Tech & Electronics
Higher Education & Research
Oil & Gas
Primary Metal & Steel
Professional Services
Travel & Transportation
Wholesale Distribution


10 Article/Blogs
Big Fish or Bigger Pond? Rethinking the Future of Tech Companies
June 24, 2023
Challenging the status quo in tech: Could a future with numerous smaller, cooperative organisations be more beneficial than a handful of giants dominating the scene? Unity in diversity - perhaps it's time for a change

See publication

Tags: Lean Startup

Mastering the Essential Skills for the Digital Age
May 29, 2023
Uncover the power of four essential digital-age skills: variable speed reading, enhanced typing speed, sustained focus, and critical thinking. Learn practical tips for honing these abilities, driving productivity and success in the rapidly-evolving digital landscape.

See publication

Tags: Careers, Personal Branding, Social

PrivateGPT and CPU’s with no AVX2
May 24, 2023
Venturing into AI with older CPUs. My journey to run LLM models with privateGPT & gpt4all, on machines with no AVX2.

See publication

Tags: AI, Emerging Technology, Generative AI

My thoughts on the new and emerging world of GPT, AI, LLM
May 20, 2023
Exploring the fascinating new world of GPT, AI, and LLM. Discussing search engines, education, privacy, prompt engineering, and our perception of intelligence

See publication

Tags: AI, Generative AI

Life as a Lefty in a Right-Handed World
May 04, 2023
As a lefty, or southpaw, my perspective of the world has always been different from the majority. Right from being looked upon differently whenever I eat or do things with left hand to being suggested that its not the right way of doing things (pun intended). To inform those uninformed we the leftie

See publication

Tags: Social

OSINT on Decentralised / Federated Softwares (Mastodon, Pixelfed and more)
November 23, 2022
Decentralized federated social medium (aka fediverse) is the talk of the town especially with the twitter drama that’s unfolding right now. To know more about fediverse softwares is the best list of softwares. I was curious about OSINT activities that

See publication

Tags: Cybersecurity, Digital Disruption, Emerging Technology

Individual Contributors in corporate world: my observations
Anantshri Blog
December 24, 2021
In this article I would like to explore the idea of Individual contributors and various notes and references I was able to collect so far. Continuing my observations from Richard Hamming’s “You and Your Research” . There is a section where a specific personality defect is explained termed “ego assertion“. We will explore that today.

See publication

Tags: Diversity and Inclusion, Leadership, Management

Cybersecurity: Passion or Profession
Anantshri Blog
December 21, 2021
This blog post takes notes from an excellent talk by “Richard Hamming” called “You and Your research”. Its interesting how some talks leave a mark and you derive your own conclusions and way forward when you spend enough time thinking about the topic. Over a period of time my thought’s have changed on this particular discussion and I have tried to outline those points below. A large number of people have talked about this talk in various manners so i would not like to do that again but rather point you to this and this.

There was a time when I used to refer to this to almost anyone of my fellow colleagues in the information security industry that this is a must read / watch and look at what he is talking about: It made so much sense. However, I have stopped doing that now or rather i have started to caveat it a lot before i ask people to go through it.

There are some points about that talk which I kept missing:

See publication

Tags: Cybersecurity, Leadership

Semgrep: scanning unusual extensions
May 14, 2021
Last few months I have been spending time with semgrep tool. As much as it has features its still a growing tool and does needs a bit of handholding. Here I will quickly explain how to hack the base code of semgrep to make it work against your specific language even though input file extension ̷

See publication

Tags: Cybersecurity, Supply Chain

My experiments with Game Capture Card
April 04, 2021
I have been playing on my Nintendo switch for a long time now and have thought about recording my gameplay for reference. Past few days I have been reading about how to do game streaming and / or recording. I found a lot of interesting things and a simplified way to achieve my goal. This … My

See publication

Tags: SportsTech

1 Board Membership
Secretary Null Community
Null Community
October 30, 2018
Secretary for Null community.

null is one of the most active, open security communities. Registered as a non-profit society in 2010. One of the main objectives for null is spreading information security awareness. In a calendar year, null chapters host about 100+ events across security domains and impact about 8000-10000 security professionals, enthusiasts, and beginners with their initiatives. null is open, professional, inclusive, responsible, and most importantly completely volunteer-driven.

Responsible for
1. Helping with managing the society operations.
2. Helping drive newer directions

See publication

Tags: Cybersecurity

1 Founder
Cyfinoid Research Private Limited
December 24, 2021
We are a boutique research and training firm. We focus on innovative research and we bring all of our research in public via our training programs

See publication

Tags: Cybersecurity, DevOps, Supply Chain

1 Keynote
My 2 Paisa’s on Infosec World
November 14, 2021
I have delved into my experience and tried to summon my internal thought leader and speak to all sections of infosec industries


Hopefully everyone will have something to take away from this.

See publication

Tags: Cybersecurity, Diversity and Inclusion, Leadership

5 Media Interviews
Quantifying Defence (Ask A CISO SE03EP09)
Horangi Cybersecurity Podcast
April 06, 2023
Join us on this episode of the Ask A CISO podcast as we discuss how to quantify defence with Anant Shrivastava, an information security professional with over 15 yrs of corporate experience and expertise in Network, Mobile, Application, and Linux Security. Along with host Mark Fuentes, he discusses looking at the big picture, why DevSecOps as a term should not exist, and the value of investing in cybersecurity.

See publication

Tags: Cybersecurity, IT Operations, Leadership

Podcast with Anant
February 09, 2023
In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps. He shared his numerous open source projects, such as: code vigilant:, TamerPlatform : and HackingArchivesOfIndia

See publication

Tags: Cybersecurity, DevOps, Supply Chain

Podcast with Miho
January 26, 2023
Discussion around how to convert offline trainings to online trainings.

See publication

Tags: Cybersecurity, EdTech, Entrepreneurship

How to Start Your Career in Cybersecurity : Red Teaming / Pentesting
Prabh Nair
September 09, 2022
In this Session we have covered some great topics around
1) How to start your career in cybersecurity
2) What is Penetration Testing and how its different from Red Teaming ?
3) What skills are required for becoming an Pentester and Red Team Expert ?

Useful Links
Null Discord :
Adversary village :
Red Team Village :
Recon village :
Cloud village :

See publication

Tags: Cybersecurity, Security, Supply Chain

Chat with Anant
IT Chat with Abhi
December 30, 2020
a light hearted discussion around cybersecurity and how I got involved and my journey through it.

See publication

Tags: Cybersecurity, Leadership, Management

5 Panels
Security Then vs Now
Null Community
June 11, 2022
discussing the security scenario a decade ago and how things have evolved in the security landscape.

The panel we have are -
Anant Shrivastava (
Prashant Mahajan (
Hosted by Kumar Ashwin (

See publication

Tags: Cybersecurity, Security

Discussion- Citizen confidence on his mobile device is crucial for businesses as well as governance
January 17, 2022
Citizen confidence on his mobile device is crucial for businesses as well as governance
Satyendra Verma, Head - Indian Citizens Assistance for Mobile Privacy & Security (I-CAMPS), IAMAI
Pani Prasad, Director, NCCS, Department of Telecommunications ( DOT ), Government of India
Sumit Monga, Head - Government Affairs, Lenovo
Subho Halder, Co-Founder & CISO, Appknox
Anuj Bhansali, Head - Trust & Safety, PhonePe
Anant Shrivastava, Project Leader - Androidtamer & Android Security Researcher

See publication

Tags: Cybersecurity, Mobility, National Security

Panel on Shift Level with CISO's Part - 1 with Anant Shrivastava and Patrick Pitchappa
August 31, 2021
Focused discussion around practicality of Shifting left from a CISO's point of view.

See publication

Tags: Cybersecurity, DevOps, Leadership

Panel discussion: Adversary simulation, emulation or purple teaming - How would you define it?
Adversary Village @ Defcon
August 07, 2021
A deep dive discussion around emerging field of adversary emulation, purple teaming. what fits in which bucket and how things are evolving.

See publication

Tags: Cybersecurity, Emerging Technology, Supply Chain

RTV Panel: Pre-empting Attacks - Relevance Of Red Teaming In Enterprises
RedTeam Village @ Hack in the Box
February 04, 2021
Discussion around how Red Teaming is evolving

See publication

Tags: Cybersecurity, Emerging Technology, Supply Chain

3 Speaking Engagements
RTV: Attacking Storage Services: The Lynchpin Of Cloud Services
Red Team Village @ Hack in the Box
February 04, 2021
We all agree that most organizations have some or the other service leveraged over cloud environments. To add to it, there are assets that are not linked directly to the public and not easily spotted. When it comes to Red Team Engagements it boils down to a simple statement. “Are you able to find something that wasn’t supposed to be visible in the first place ?”. Storage services by the cloud providers are usually not visible directly to the end user and are often overlooked by pentesters and Red Teamers. In this talk we will be leveraging the possibility of Storage Services of different cloud vendors and how if not properly configured could lead to a lot of Damage to the organization.
Storage services are almost always the second service started by cloud vendors after IaaS, it is done in that order for a reason. Cloud Storage irrespective of how simple it looks, is a complex deeply integrated component for cloud services. The primary purpose of storage services is to hold data of all kinds, besides its primary function it also performs multiple other actions. Storage allows building higher abstraction services on top of the it such as:
Static file hosting,FaaS or PaaS code hosting and Log storage
Due to its versatility storage is an area which should be looked at with a fine tooth comb. However the situation is far worse than what we can imagine. From exposing buckets to public, to leaking api keys or ssh keys in public. Things go from bad to worse when buckets also are leaking write access to source code leading to full account takeover scenarios. This talk will cover the following aspects around Cloud Storage Services.

1. Basics of Cloud Storage Services and why to target them
2. Attack Methodology to be followed
3. Various attack scenarios from real and bug bounty world
4. What are cloud vendors doing to protect this
5. What the developers or admins have to keep in mind
6. Question and Answer
Note: Case studies will be interspersed throughout the slides

See publication

Tags: Cloud, Cybersecurity, DevOps

DevSecOps: What why and How
BlackHat USA
August 08, 2019
Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. Having a DevSecOps pipeline enables an organization to:

* Create a security culture amongst the already integrated “DevOps” team.
* Find and fix security bugs as early as possible in the SDLC .
* Promote the philosophy “security is everyone’s problem” by creating Security champions within the organization.
* Integrate all security software centrally and utilize the results more effectively.
* Measure and shrink the attack surface.

In this talk, we shall focus on how a DevOps pipeline can easily be metamorphosed into a DevSecOps and the benefits which can be achieved with this transformation. The talk (assisted with various demos) will focus on developing a DevSecOps pipeline using free/open-source tools in various deployment platforms, i.e. on-premise, cloud native and hybrid scenarios. We will then dive into cultural aspects of DevSecOps and the changes needed to get tangible benefits. The talk will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.

See publication

Tags: Cybersecurity, DevOps, Startups

When the Internet Bleeded
RootConf by HasGeek
June 05, 2014
The talk will talk about various TLS / SSL related bugs that are identified in past year.

Apple SSL Bug
Lucky 13
These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as

How secure are secure Socket Libraries?
Is opensource code really secure?
Is it really true that “given enough eyeballs, all bugs are shallow”?
Should we move towards higher abstract languages?
and most important.

What it really means for a Administrator / DevOps person

See publication

Tags: Cybersecurity, DevOps, Supply Chain

1 Training
Attack and Defend Android Applications
BlackHat USA 2022
August 06, 2022
Begineer / Intermediate level course covering tips and tricks around android application attack and defense.

Details are available at or publication page.

See publication

Tags: Cybersecurity, DevOps, Mobility

2 Whitepapers
Security Issues in Android Custom ROM’s
October 16, 2011
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.

See publication

Tags: Cybersecurity, Mobility

Web application finger printing
July 17, 2011
This Paper discusses about a relatively nascent field of Web Application finger printing, how automated web application fingerprinting is performed in the current scenarios, what are the visible shortcomings in the approach and then discussing about ways and means to avoid Web Application Finger Printing.

See publication

Tags: Cybersecurity, DevOps

Thinkers360 Credentials

14 Badges



Contact Anant Shrivastava

Book Anant Shrivastava for Speaking

Book a Meeting

Media Kit

Share Profile

Contact Info


Anant Shrivastava

Latest Activity