Summary
John Bergbom is a security researcher with eight years focused on discovering and weaponizing 0-day and n-day vulnerabilities in the Android/Linux kernel for enterprise-grade exploitation. Based in Helsinki, he builds fully operational exploits (not just PoCs) and extends his reverse-engineering skills across secure boot, ARM TrustZone, encryption breaking and Android userland. His background spans malware analysis, infrastructure and web-app penetration testing, and long-term work developing security tooling and Linux-centric solutions. At MSAB he produces commercial-grade kernel exploits, and previously contributed advanced reverse engineering and incident research at Forcepoint. He also serves on the SANS/GIAC advisory board, reflecting a blend of practical offensive expertise and community-level influence. Colleagues describe him as a pragmatic operator who turns deep binary-level insight into repeatable, production-ready attack chains.
8 years of coding experience
11 years of employment as a software developer
Masters, Computer Science, Masters, Computer Science at KTH Royal Institute of Technology
Park Center Highschool, Minneapolis, USA
Hjalmar Lundbohmsskolan, Kiruna, Sweden
Swedish, English, Finnish