Nebu Varghese is a Senior Director in FTI Consulting’s Cybersecurity practice and is based in Dubai. Mr. Varghese has over 14 years of multi-functional cybersecurity experience, blending deep technical expertise with strong academic credentials and elite industry recognition. He has led global teams and complex engagements across 34 countries, impacting sectors including financial services, private equity, TMT, manufacturing, and critical national infrastructure. He serves on the UK National Cyber Security Centre (NCSC) Security Testing Expert Group, collaborating with government and industry experts to develop frameworks that guide national and European offensive security standards.
Mr. Varghese is an internationally recognised expert in offensive security. A DEF CON 33 OT CTF winner – one of only three globally to breach a simulated OT facility – he has presented original research at DEF CON (US), the European MITRE ATT&CK Conference (Belgium), and the Global OT-ISAC Summit (Singapore), where he was also selected to train industry experts on penetration testing for operational technology environments.
At FTI Consulting, Mr. Varghese has managed and delivered several insider-threat focused attack simulations for large private equity firms and multinational corporations. He served as the lead technical expert on behalf of a leading law firm in a high-profile hardware technology investigation involving one of the world’s largest surveillance hardware manufacturers. His work in complex investigations spans intelligence-led assessments, insider threat operations, and forensic hardware analysis for matters with significant legal and reputational implications.
Mr. Varghese developed TotalTest, a proprietary attack simulation framework rooted in his research at Oxford University that stress-tests organisations from tactical engineering to C-Suite decision-making. His team has developed proprietary tooling for AI safety and evaluation testing, providing auditable evidence for EU AI Act compliance and addressing the “integration gap” that organisations face when deploying AI at scale.
Mr. Varghese has a proven track record of spearheading hundreds of large-scale OT/IoT/IIoT cybersecurity programs and technical assessments globally. His experience includes orchestrating complex APT simulations across the Middle East, leading threat-led penetration tests for large renewable energy infrastructure entities across Southeast Asia and South America, and delivering comprehensive OT cyber transformation reviews for global asset managers and supermajor energy operators throughout EMEA.
Prior to joining FTI Consulting, Mr. Varghese spent a decade with two of the Big 4 audit firms, leading threat-driven offensive security engagements across network infrastructure (IT & OT), cloud and wireless environments, physical security, web and mobile applications, social engineering, malware analysis, and architecture design reviews.
You must be logged in to post a comment.