Nebu Varghese has black hair and wears dark-framed glasses, a short beard, and a black jacket over an open collar oxford

Nebu Varghese

Senior Director, FTI Consulting

Nebu Varghese is a Senior Director in FTI Consulting's Cybersecurity practice and is based in London. Mr. Varghese has more than 10 years of multifunctional experience, deep technical expertise, and strong academic credentials in the field of cybersecurity. He has worked in more than 23 countries, serving a wide range of global organizations spanning across multiple sectors, including critical national infrastructure, financial services, consumer products, private equity, telecom, and media.

Mr. Varghese specializes in executing and managing the delivery of offensive security testing (ethical hacking or penetration testing) engagements for organizations across the globe.

Prior to joining FTI Consulting, Mr. Varghese spent the last decade working with two of the Big 4 audit firms, leading on threat-driven offensive security engagements across network infrastructure (IT & OT) environments, cloud infrastructure, wireless infrastructure, physical security, and applications (Web & mobile), as well as social engineering assessments, malware analysis, and architecture design reviews.

In his previous role, he led the Next-Gen SecOps and Response (intelligence-led attack simulations, OT/IoT product security reviews, breach response, purple team testing and advisory, and scenario-based technical security assessments) capability where he helped drive development of the business and took responsibility to execute technically demanding engagements that focused on enhancing threat detection and response capabilities for large businesses.

Mr. Varghese holds several certifications including the CRTE, OSCP, CPSA, CRT, AZ-500, CCSK, CEH, CISA, and CHFI. He also holds an MSc in software and systems security from the University of Oxford, and a bachelor's in computer science engineering from the Vellore Institute of Technology (VITU).


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.