[Speakers]
Adversary Village at
DEF CON 33

DEF CON 33 Schedule

Nebu Varghese

FTI Consulting LLP - Senior Director, EMEA Offensive Security Leader

Nebu Varghese is a Senior Director in FTI Consulting’s Cybersecurity practice and is based in London. Mr. Varghese has more than 13 years of multi-functional cybersecurity experience, blending deep technical expertise with strong academic credentials. He has led global teams and complex matters across 28 countries, in sectors including Financial Services, Private Equity, TMT, Manufacturing, and Critical National Infrastructure. Mr. Varghese specialises in executing and managing the delivery of offensive security testing (ethical hacking or penetration testing) engagements for organisations across the globe. He serves on the UK National Cyber Security Centre (NCSC) Security Testing Expert Group, collaborating with industry experts to draft practical and valuable best practice guidance that informs and guides both the NCSC and the wider ICS industry.

At FTI Consulting, he has managed and delivered several ‘insider-threat’ focused attack simulations for large private equity firms and multinational corporations. Most recently, he served as the lead technical expert on behalf of a leading law firm, to complete a hardware technology investigation for one of the world’s largest surveillance hardware manufacturing companies based in the UK.Mr. Varghese has a proven track record of leading over 50 OT/IoT/IIoT cybersecurity reviews worldwide, including APT simulations in the Middle East and threat-led penetration tests for renewable energy infrastructure in Southeast Asia and South America.

Prior to joining FTI Consulting, Mr. Varghese spent the last decade working with two of the Big 4 audit firms, leading on threat-driven offensive security engagements across network infrastructure (IT & OT) environments, cloud infrastructure, wireless infrastructure, physical security, applications (web & mobile), as well as social engineering assessments, malware analysis, and architecture design reviews. In his previous role, he led the NextGen SecOps and Response capability for a Big 4 Audit firm in the UK, overseeing large technical assessments and reviews for major clients in the EMEA region.

Talk: TotalTest 2.Oh!: Unleashing a Testing Program to Break Smarter, Measure Better, and Fund Your Fixes

Sunday | Aug 10th 2025
DEF CON Creator Stage 5 (Room 229) | Las Vegas Convention Center
Adversary Simulation

Production halted. SCADA alarms blaring. The CEO demands answers. Your theoretical cyberattack? It just became reality. Point-in-time penetration tests are fundamentally inadequate against today's advanced persistent threats. This talk outlines a framework to build an intelligence-led, integrated attack and crisis simulation program, not just a reactive security strategy.

Drawing from our extensive experience (including hundreds of red team engagements for some of the world's largest organizations, with anonymized real-world case studies), we will unveil TotalTest – a revolutionary, metrics-driven framework that transforms breach simulations from isolated exercises into a continuous, strategic program for unparalleled organizational resilience.

Detailed talk outline :

You will learn how TotalTest directly contributes to significant, quantifiable security improvements year-on-year, simplifying the communication of complex technical risks to the Board to secure sustained buy-in. We'll demonstrate how to establish robust governance, define clear roles, build definitive measurable metrics (including breach avoidance costs), and translate granular red team findings into a cohesive security ecosystem that evidently burns down high-impact risks.

We'll show you how to:

  1. Integrate Cyber Intelligence, Red Teaming, Crisis Simulations, GRC, Vulnerability Management and the SOC / Incident Response teams into a unified defense strategy.
  2. Develop hyper-realistic attack scenarios and create immediate feedback loops after each agile simulation cycle to drive rapid improvements across your security teams and processes.
  3. Implement a continuous testing program, conducting live simulations regularly to exercise your entire security apparatus against evolving threats.
  4. Leverage MITRE ATT&CK (including ICS) comprehensively to directly enhance your detection and response coverage, transitioning from mere vulnerability identification to a truly proactive posture.
  5. This isn't just about finding vulnerabilities; it's about engineering a sustainable, agile, and continuously improving security program that visibly strengthens your organization's resilience.

Attendees will walk away with a practical blueprint for building an in-house TotalTest Simulation program, complete with the following (incl. a demo of how it all works end-end) :

  1. A comprehensive governance framework for planning and executing continuous simulations.
  2. A detailed process flow and rule book clarifying roles and responsibilities.
  3. Actionable metrics to measure performance, articulate ROI, quantify breach avoidance, and drive continuous improvement.
  4. A robust framework for tracking individual team performance and demonstrating positive security trends to leadership.

Access Everywhere.


Join Adversary Village Discord Server.

Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!