Jump to navigation Jump to content

Speaker

Harshad Sadashiv Kadam

Harshad Sadashiv Kadam

Indeed Inc, Senior Infrastructure Security Engineer

Austin, Texas, United States

Actions

Harshad Sadashiv Kadam is a Senior Security Infrastructure Engineer at Indeed with over a decade of experience driving Zero Trust, SASE, and multi-cloud security for global enterprises. He thrives at the intersection of strategy and hands-on engineering, designing next-generation defenses against AI-driven threats while mentoring emerging security talent.
Previously a Cloud Infrastructure Engineering Manager, Harshad led global cloud migrations and large-scale reliability initiatives, delivering multimillion-dollar efficiencies and strengthening operational resilience. As a mentor and AI-Champions Guild leader, he is passionate about fostering inclusion and inspiring the next generation of security innovators.

Links

Area of Expertise

  • Arts
  • Information & Communications Technology
  • Media & Information
  • Real Estate & Architecture
  • Travel & Tourism

Topics

  • Security
  • Information Security
  • Artificial Intelligence and Machine Learning for Cybersecurity
  • AI and Cybersecurity
  • IT Security
  • Cloud Security Architecture
  • AWS Security
  • Security & Compliance
  • Platform Security
  • network security
  • AI Security
  • Cloud Security
  • Cybersecurity Governance and Risk Management
  • IAM
  • Cloud & Infrastructure
  • IT Leadership
  • Technical Leadership
  • Thought Leadership

Sessions

MCP Deception Incubator — Honeytraps as a Framework for Zero Trust AI Environments

As AI agents gain autonomy through the Model Context Protocol (MCP), they increasingly access internal APIs, secrets, and systems - often beyond traditional visibility or control. These agent-to-agent (A2A) interactions introduce reconnaissance blind spots and new exposure pathways inside Zero Trust environments. Building on continued research presented at BSides Chicago, BSides Orlando, BSides SWFL, DevSecCon 2025, and Cloudflare Connect 2025, this session unveils the MCP Deception Incubator - a deception-as-a-framework approach designed to detect rogue AI behavior at the reconnaissance stage.

Built on serverless edge workers and open deception primitives such as Canarytokens, the framework enables defenders to deploy no-cost, high-fidelity MCP honeytraps across multiple surfaces - APIs, DNS, kubeconfigs, and credentials - without operational overhead. It integrates seamlessly with MCP Gateways - the interface layer that brokers communication between AI agents and organizational systems- to deliver early, metadata-rich visibility into autonomous activity. When an AI agent interacts with a decoy endpoint, the resulting telemetry exposes its reasoning sequence, access path, and tool awareness, turning passive reconnaissance into actionable intelligence.

Through a live demo, we’ll show how these edge-based traps are triggered in real time and how the resulting alerts integrate with SOC pipelines for correlation, rotation, and ongoing visibility. The talk then unpacks the framework’s architecture, showing how deception can be operationalized within any MCP Gateway or AI integration layer. Finally, the session reframes deception from isolated traps into an orchestrated Zero Trust signal layer, enabling organizations to transform AI curiosity into proactive defense. Attendees will leave with reference templates, architectural patterns, and practical lessons to embed deception into their own AI-security workflows.

Building Your Cybersecurity Brand

In today’s competitive cybersecurity landscape, standing out isn’t optional — it’s essential. This session presents an original and practical blueprint for building a personal cybersecurity brand through a professional portfolio website, using only free tools and zero coding. Designed for students, early-career professionals, and seasoned practitioners alike, the session empowers attendees to showcase their work, communicate their unique value, and increase professional visibility.

The talk combines branding strategy with a live technical demo and introduces creative techniques like building your own RAG, chatbot to help participants track interaction and raise awareness of security best practices. Attendees leave with a launch-ready action plan and the resources needed to take control of their professional narrative in a digital-first AI world.

FlareGuard Edge: Building a Serverless CSPM at the Edge (Without Selling Your Soul to Vendors)

This talk dives into how I built FlareGuard Edge — a serverless tool that audits cloud security configurations using only public APIs and YAML. No dashboards. No vendors. No sales pitches.

I’ll walk you through the end-to-end journey of building this tool with edge runtimes (like Cloudflare Workers), mapping configurations to NIST controls, and catching real misconfigurations in production environments.

You’ll learn:

Why traditional CSPM tools often overpromise and underdeliver

How YAML-defined baselines and edge code can close security gaps

How to turn platform APIs into proactive security audits

If you’ve ever thought, “I could build a simpler version of this”, this talk is for you.

No fluff. No FUD. Just real engineering for defenders.

MCP Threat Trap: Deception Engineering for Zero Trust AI Access

This session is for defenders, detection engineers, and curious red teamers exploring how Zero Trust meets deception engineering in the age of AI orchestration. We’ll break down how we built “MCP Threat Trap,” a honeypot that:

- Simulates sensitive internal tools (like Okta admin password resets) over the MCP protocol, with realistic delays, secure error handling, and SSE streams that mimic enterprise APIs.

- Silently triggers advanced Canarytokens, capturing rich metadata (user agent, IP, and sensitive account attempts) without tipping off intruders.

- Runs entirely on Cloudflare’s global edge via Workers, with no EC2, patching, or infrastructure to manage-making it stealthy and instantly scalable.

- Turns random scans into actionable intelligence, feeding Zero Trust policies and arming your incident team with context-rich alerts.

Along the way, we’ll share:

-Real unsolicited hits from the wild, from abuse-flagged cloud scanners to curious humans after we posted the project.

- How we validated this with OWASP AI Security scenarios, catching AI-agent driven reconnaissance.

- Ideas for evolving it into adaptive deception surfaces that dynamically change as attackers interact.

Key Takeaways
- Learn how to build a zero-infrastructure deception honeypot using Cloudflare Workers + MCP, tailor-made to catch AI-driven or automated recon.

- See how Thinkst Canarytokens detect unauthorized probes with near-zero false positives.

- Understand how deception engineering integrates into modern Zero Trust, providing passive intelligence without exposing real systems.

- Walk away with a repeatable blueprint to deploy your own globally distributed honeypot - plus key mistakes to avoid.

Events

BSides SWFL 2025 Sessionize Event Upcoming

November 2025 Fort Myers, Florida, United States

BSidesChicago 2025 Sessionize Event

October 2025 Chicago, Illinois, United States

BSides Orlando 2025 Sessionize Event

September 2025 Orlando, Florida, United States

Harshad Sadashiv Kadam

Indeed Inc, Senior Infrastructure Security Engineer

Austin, Texas, United States

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top