Skip to main content
HashnodeNirmal Dahal

Command Palette

Search for a command to run...

From PyCon JP 2024 Speaker to PyCon JP 2026 Organizer

A Python Powered Cybersecurity Journey

Updated
7 min read
From PyCon JP 2024 Speaker to PyCon JP 2026 Organizer
N
Nirmal Dahal
Cybersecurity consultant and co-founder of Cryptogen Nepal, specializing in offensive security, defensive operations and GRC. Focused on building resilient digital ecosystems and mitigating emerging threat vectors through advanced security strategies. Recognized among the Top 250 MSSPs globally, with a track record of delivering high impact security outcomes and driving innovation in the cybersecurity landscape.

Background

My journey into cybersecurity has been closely tied to programming from the outset. I started with C/C++, transitioned into web development with PHP and eventually standardized on Python as my primary toolset in offensive security.

While each language played a role in building my foundation, Python proved to be the most operationally efficient. Its simplicity, extensive ecosystem and strong community support make it well suited for rapid development in high pressure environments.

In penetration testing, automation is not optional, it is a necessity. Tasks such as reconnaissance, exploitation and post-exploitation demand speed and repeatability. Over time, I increasingly leveraged Python to build scripts, custom tooling and exploits which significantly enhanced both efficiency and depth in engagements. Python effectively became a core component of my offensive security workflow.

Speaking at PyCon JP 2024

Sometime in 2024, I received a message from Madhav Dhungana, someone I have known for a long time and who currently serves as a Cyber Security Program Manager at Rakuten, the parent company of Viber.

He suggested that I consider speaking at PyCon JP. Drawing from his experience as part of the organizing team, he shared an interesting perspective: during a previous PyCon JP event, he had interacted with a speaker who was already aware of Nepal’s cybersecurity community and even recognized me and a few others by name.

His point was direct "there is growing external visibility of the work coming out of Nepal but limited representation on global platforms". He encouraged me to step forward, contribute and ensure that our ecosystem is not underrepresented in forums like PyCon.

That conversation became a trigger. It reframed participation not merely as an opportunity but as a responsibility to represent and contribute at a global level.

At that point, however, I did not have a defined topic. While I had prior experience speaking at local events, presenting on an international stage introduced a different level of complexity. Language was an immediate consideration because "I do not speak Japanese" and while conversational English is manageable, delivering a structured technical talk to a global audience requires a different level of precision and confidence.

Despite these constraints, I made a deliberate decision to move forward. With a clear sense of purpose, I committed to the process refining a topic, preparing the content and navigating the challenges. That decision marked the beginning of my journey as a speaker at PyCon.

What I Presented

Following that initial push, I revisited the work I had been doing with Python across various security engagements. A clear pattern emerged "Python has significantly influenced cybersecurity across both defensive and offensive domains".

From security automation to exploit development and even within platforms like Kali Linux, a substantial portion of modern security tooling is built using Python. Despite this, Python is still predominantly associated with areas such as AI/ML, web development and data science, while its role in cybersecurity remains underrepresented.

This gap became the foundation of my talk.

I decided to highlight how the cybersecurity community actively leverages Python across the entire attack and defense lifecycle. The objective was not just to present concepts but to demonstrate practical, real world applications.

As part of the session, I showcased how Python can be used to automate attack workflows from initial reconnaissance to exploitation. One of the demonstrations included a streamlined process where, with minimal input (such as a target URL), multiple stages of an attack chain could be orchestrated programmatically, ultimately leading to controlled post-exploitation access.

This led to the title of my talk: “Python Powered Cybersecurity”.

Speaker Grant

As part of my participation in PyCon JP 2024, I applied for the conference’s travel grant program and was awarded financial support. The grant program is designed to lower the barrier for global participation by supporting travel and accommodation costs, particularly for speakers and contributors.

For international participants in 2024, the support was provided up to ¥200,000, depending on individual circumstances, with any additional expense covered personally. (The grant amount is subject to change in future editions of PyCon JP, including 2026.)

Receiving this grant was not just logistical support but it was an enabler. It made it practically feasible to represent Nepal’s cybersecurity community on an international stage and participate in a global technical forum like PyCon.

More importantly, it reflects a broader initiative by the PyCon ecosystem to prioritize diversity, accessibility and global representation within the Python community.

Travel

Traveling to Japan for PyCon JP 2024 was a new experience in itself. While the primary objective was to speak at the conference, the journey also provided exposure to a different level of organization, culture and precision.

Although I had prior experience traveling internationally, this was my first time traveling solo. However, that changed unexpectedly. Through coordination by Madhav Dhungana, I connected with Robin Panthee, a PyCon contributor who had been voluntarily supporting the conference remotely from Nepal.

Interestingly, he had not applied for the travel grant, yet chose to participate and contribute. What started as a logistical connection quickly evolved into a strong professional and personal bond.

Throughout the week in Japan, we explored the city, navigated the experience together and shared a common purpose around the conference. His presence had a tangible impact not only in making the journey more manageable but also in providing motivation and support throughout the process. This experience added an unexpected dimension to the trip.

Beyond the conference itself, it reinforced the value of community — how shared intent and collaboration can turn an individual journey into a collective experience.

I would also like to give shoutout to both Madhav and Robin for their role in making this experience more meaningful.

Key Learnings

Participating in PyCon JP 2024 provided more than just a speaking platform — it offered a clear view into how global communities are evolving at the intersection of software engineering and cybersecurity.

Several key observations stood out.

  1. Security is Becoming a Core Engineering Concern
    Security is no longer treated as a specialized or isolated domain. Across sessions and discussions, there was a clear trend toward integrating security directly into development workflows. This aligns with the broader shift toward secure-by-design systems rather than reactive security models.

  2. Python’s Role Extends Beyond Its Perception
    While Python is widely associated with AI/ML and data science, its role in cybersecurity is both significant and underrepresented. The ecosystem already relies heavily on Python for automation, tooling and infrastructure, yet this narrative is not strongly reflected in mainstream discussions. This gap presents an opportunity for deeper alignment between developer and security communities.

  3. Emphasis on Engineering Discipline and Quality
    One of the most noticeable differences was the level of precision in how solutions are built. There is a strong focus on clean architecture, maintainability and long-term scalability even in tooling and scripts. This contrasts with the often ad-hoc nature of security tooling and highlights an area for improvement.

  4. Community Driven Innovation at Scale
    The openness of the community stood out. Knowledge sharing, collaboration and contributions to open-source projects are deeply embedded in the ecosystem. This accelerates innovation and reduces duplication of effort across teams and organizations.

  5. Representation Matters
    Perhaps the most important takeaway was the importance of visibility. There is clear global awareness of emerging cybersecurity ecosystems like Nepal but participation is still limited. Being present, contributing and sharing work at platforms like PyCon is critical not just for individual growth but for ecosystem level recognition.

What’s Next

Following my experience at PyCon JP 2024, I am now contributing as part of the organizing team for PyCon JP 2026.

This transition from speaker to organizer reflects a deeper level of involvement not just participating in the ecosystem but actively shaping it.

This is also a continuation of my long term contributions to communities such as Pentester Nepal and previously OWASP Nepal.

The direction is intentional. Python plays a critical role in modern cybersecurity from automation and tooling to offensive and defensive operations and contributing to PyCon aligns with the same objective: supporting a community that sits at the core of technologies driving cybersecurity forward.

Going forward, the focus is on scaling contribution beyond individual work strengthening community collaboration, increasing global representation and aligning local expertise with international standards.

#pycon#pyconjp#cybersecurity

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Nirmal Dahal

12 posts

I’m a cybersecurity enthusiast committed to strengthening digital ecosystems against evolving threats.