SECURITY ARCHITECTURE 

10-11 NOVEMBER, 2017   |   BANGALORE   |   INDIA 

Security Architecture Conference started as a simple idea to grow the Information Security builder community. The 4th edition of SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribers Join the largest security architecture conference in the region. | 10 - 11 November | Bangalore | India. Learn Security Architecture, Application Security Architecture, SecDevOps, Threat Modeling, Incident Response, IoT Security & More.

REGISTER

© Copyright 2017 CISO Platform

International Conference on

“If I hadn't come, it would take another 2 to 3 years to learn and understand these tools”

“Very insightful, will definitely help us create a very effective security architecture”

“The principles .. gives a structure to the thought process”

Visit The Himalayas, Taj Mahal, The Great Indian Dessert & Palaces, The Western Ghats & many more places

SACON sells out very fast, register and book your passes before it's sold out. If you register but do not purchase, that will allow you to get insider content from SACON and you can catch up when we are hosting one near you!

REGISTER NOW

Lalit Ashok, Bengaluru, India

10 & 11 November, 2017

All talks will happen in the main or parallel track, detail of which will be mentioned in emailed agenda

All talks will happen in the main or parallel track, detail of which will be mentioned in emailed agenda

CALL FOR SPEAKERS

SACON 4th edition - International Conference on  Security Architecture. Here are some points to keep in mind while submitting the form:


  • We are looking for highly technical talks (demonstrations,code-level examples..etc are always welcome)
  • The CXO track can have some high level strategic talks which can include Real Case Studies


SUBMIT PAPER

Submit asap. Submission may close if enough good papers are received

SPREAD THE WORD

Don't Forget The Deadline For Submission Is 30th June

SACON VISION

WHO COVERED US

WHAT ARE THEY SAYING

YOU'll FALL IN LOVE WITH INDIA

REGISTER FOR SACON 2017

Moshe Ferber

Renowned Cloud Security Expert

Dr. Phil Polstra

Author of "Linux Forensic"

Gregory Pickett

Renowned Security Expert

Murray Goldschmidt

Renowned DevSecOps Expert

International Keynotes

We brought together best of the minds in the Security Industry

CALL FOR SPEAKERS

SACON 4th edition - International Conference on  Security Architecture. Here are some points to keep in mind while submitting the form:


  • We are looking for highly technical talks (demonstrations,code-level examples..etc are always welcome)
  • The CXO track can have some high level strategic talks which can include Real Case Studies


SUBMIT PAPER

“The principles .. gives a structure to the thought process”

“If I hadn't come, it would take another 2 to 3 years to learn and understand these tools”

“Very insightful, will definitely help us create a very effective security architecture”

Don't Forget The Deadline For Submission Is 30th June

Overview of AI & Machine Learning for CISOs and how they're impacting the security landscape

Summary of Top Talks from prominent security conferences like RSAC, BlackHat, Defcon etc.

Overview of Deception Technology, Architecture & Key Components, Deployment Guidelines

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

AI & Machine Learning for CISOs

Top talks from global conferences

Deception

Cybersecurity Reference Architecture Design 

Understanding Business / Management

 & Communicating with the Board

Understanding key management concepts so that you can align your security program with business priorities & Creating a reference board presentation template which you can use for 2018

Managing insider threats using behavioural analytics

Insider Threats

Security Threats Landscape for 2017

Evolution of Security Threats landscape & top 10 threats that were new in 2017

Top 10 Security Predictions for 2018

Based on our research, we'll be presenting top 10 predictions for 2018 for you to consider when making your plans

SOC

Reference architecture and overview of key components of a SOC, e.g.: SIEM, Honeypots, Data Sources, Integrations, Threat Intelligence, EDR, Forensics Tools etc.

IR - Incident Response

Building a framework & processes for managing cybersecurity incidents

Security  Architecture Workshop

Designing Multiple layers of Security Architecture, from Business Architecture to Technical Security Architecture

Cyber Range Drills

Wargame on responding to various types of security incidents at a strategic and operational level

Threat Hunting

Here we'll discuss the Key Components, Tool Set, Learning "Hunter" Skills and a Case Study

Cloud Security

Overview of Amazon’s approach to cybersecurity

AppSec

Creating a scenario of an organization and then use controls from OpenSAMM and BSIMM to choose the right elements of the AppSec program

Security Tech Landscape

Overview of new & emerging security technologies in the market and how the security tech landscape is shaping up

Overview of the IoT technology architecture and modelling threats & controls against different components (e.g.: Gateway)

Forensics

Workshop on how to do a comprehensive forensics examination post an incident, at endpoint & network level

SecDevOps

Leveraging the opportunity provided by DevOps to embed & automate security in the CI/CD processes

Startup Security

Startup Security Stack: Using 80-20 rule to build effective security strategy for a startup

Who Should Attend: CISO, CRO, Information Security Experts,  IT Risk Professionals, Appsec Professionals ....

AGENDA AT A GLANCE

IOT

PRE- REGISTER NOW

Do You Have An Interesting Security Technology To Showcase?

TECHNOLOGY DEMO ZONE

CONTACT FOR OPPORTUNITY

TECHNOLOGY DEMO ZONE

Do You Have An Interesting Security Technology To Showcase?

CONTACT FOR OPPORTUNITY

MEDIA PARTNERS

LINUX & WINDOWS FORENSIC WORKSHOP

Speaker : Dr. Phil Polstra - 

About Speaker : Author of 'Linux Forensic', Frequent speaker at DEFCON, Blackhat, BSides, GrrCON, ShakaCON

Description : Have you ever wanted to investigate a Windows and/or Linux breach but could not justify the 8 lakh rupees in software ? This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.

Agenda :

1. Introduction - what is forensics; what is digital forensics; building a toolkit 

2. Live response - talking to users; collecting data; analyzing collected data; determining if there was an incident 

3. Preparing for dead analysis - shutting down; creating a memory image; creating filesystem images 

4. Basics of FAT Filesystems - how it works; timestamps; deleted files 

5. Basics of NTFS Filesystems - how it works; timestamps; deleted files 

6. File analysis - file signatures - slack space; recovery from page file etc. 

7. Registry - how it is organized - where it is stored; location of important information; tools to make it easy 

8. Windows artifacts - recycle bin; AppData files; prefetch files - misc. 

9. Memory analysis - getting an image; basic Volatility commands 

Requirement : Workshop participants will need a laptop running a recent 64-bit version of Linux and should have at least 8GB of RAM & 200 GB free space. VirtualBox with extension pack preinstalled. Basic Linux knowledge at the user level


REGISTER NOW

CLOUD SECURITY WORKSHOP

Speaker : Moshe Ferber

About Speaker : Frequent Speaker at DEFCON, Blackhat, RSAC APJ, Royal Society London 

Agenda : 

1. Understanding IaaS · Cloud service level (IaaS/PaaS/SaaS) · Cloud deployment models (Private/Public/Hybrid/Community) · Understanding services level security challenges · Understanding the Shared responsibility model 

2. Threats and risks of cloud computing · Threats, risks, attack vectors (Emphasizing IaaS) · Examples of cloud incidents and what can we learned from it 

3. Securing IaaS platform (lectures will include demos on Amazon Web Services) · Securing IaaS dashboard – 2FA, roles, cross account permissions. · Understanding IaaS networking (VPC, segmentation, routing, direct-connect) · IaaS fundamentals: API Keys / Logging, monitoring 4. Securing IaaS instances · Encryption in IaaS/PaaS – KMS, HSM, S3 encryption, data in motion · Securing IaaS instances - configuration management / Patches / Firewalling / WAF · SSDLC – integrating dynamic / static analysis, · Understanding emerging technologies: containers, SDN, Serverless, IRM and their security aspects


REGISTER NOW
PRICING TABLE

 

Discount Periods
Time
Price
Early Bird Discount                
17th July to 16th Aug      
INR 6,500
Special Bird Discount                
17th Aug to 16th Sep      
INR 8,000
Regular Price                        
17th Sep to 16th Oct          
INR 10,000
Late Price
17th Oct onwards
INR 15,000


*Special Discount May Be Available For Pre-Registrants & Past Event Attendees (Email invite only). 

REGISTER NOWREGISTER NOW

AGENDA AT A GLANCE

SACON - Day 1

Time

Tech Track 1

Tech Track 2

Tech Track 3

8 to 8:30 AM
Registration
Registration
Registration
8:30 to 10:30 AM
 
Cloud Security Workshop (by Moshe Ferber)
 
  • Understanding IaaS · Cloud service level (IaaS/PaaS/SaaS) · Cloud deployment models (Private/Public/Hybrid/Community) · Understanding services level security challenges · Understanding the Shared responsibility model
  • Threats and risks of cloud computing · Threats, risks, attack vectors (Emphasizing IaaS) · Examples of cloud incidents and what can we learned from it
 
Windows & Linux Security Workshop (by Dr. Phil Polstra)
  • Introduction
- what is forensics
- what is digital forensics
- building a toolkit
 
Security Architecture Workshop (by Arnab Chattopadhyay & Bikash Barai)
Enterprise Security Architecture Design
Overview of Google’s BeyondCorp Approach to Security
Overview of NIST CyberSecurity Framework
Threat Modeling in Context of Security Architecture
10:30 to 10:45 AM
BREAK
BREAK
BREAK
10:45 to 12 PM
 
Cloud Security Workshop (by Moshe Ferber)
  • Securing IaaS platform (lectures will include demos on Amazon Web Services) · Securing IaaS dashboard – 2FA, roles, cross account permissions. · Understanding IaaS networking (VPC, segmentation, routing, direct-connect) · IaaS fundamentals: API Keys / Logging, monitoring 4. Securing IaaS instances · Encryption in IaaS/PaaS – KMS, HSM, S3 encryption, data in motion · Securing IaaS instances - configuration management / Patches / Firewalling / WAF · SSDLC – integrating dynamic / static analysis, · Understanding emerging technologies: containers, SDN, Serverless, IRM and their security aspects
 
Windows & Linux Security Workshop (by Dr. Phil Polstra)
  • Live response
- talking to users
- collecting data
- analyzing collected data
- determining if there was an incident
  •  
  • Preparing for dead analysis
- shutting down
- creating a memory image
- creating filesystem images
 
Stack Workshop (by Ravi Mishra & Bikash Barai)
Developing a Cyber Security Products Stack
Live Wargaming : Building context specific security stacks
Scientific Approach to Building a Security Portfolio
12 to 1 PM
LUNCH
LUNCH
LUNCH
1 to 3 PM
API Security Workshop (by Suhas Desai)
API Economy trends are the enablers in adaption of API Management Platforms and Open APIs technologies. Increase in security risks due to API security governance and integrations flaws in B2B and B2C channels causing monetary losses. This session is to discuss risks and mitigation strategies around secure API monetization.
Windows & Linux Security Workshop (by Dr. Phil Polstra)
  • Basics of FAT Filesystems
- how it works
- timestamps
- deleted files
  •  
  • Basics of NTFS Filesystems
- how it works
- timestamps
- deleted files
  • File analysis
- file signatures
- slack space
- recovery from page file, etc.
Cyber Range & CTF (by Nilanjan De & TBD )
  • Test your hacking skills with capture the flag competition
3 to 3:15 PM
BREAK
BREAK
BREAK
3:15 to 5:15 PM
API Security Workshop (by Suhas Desai)
API Economy trends are the enablers in adaption of API Management Platforms and Open APIs technologies. Increase in security risks due to API security governance and integrations flaws in B2B and B2C channels causing monetary losses. This session is to discuss risks and mitigation strategies around secure API monetization.
Windows & Linux Security Workshop (by Dr. Phil Polstra)
  • Registry
- how it is organized
- where it is stored
- location of important information
- tools to make it easy
  •  
  • Windows artifacts
- recycle bin
- AppData files
- prefetch files
- misc.
  •  
  • Memory analysis
- getting an image
- basic Volatility commands
Cyber Range & CTF (by Nilanjan De & TBD )
  • Test your hacking skills with capture the flag competition
5:15 to 5:45 PM
CLOSING
CLOSING
CLOSING

SACON - Day 2

Time

Tech Track 1

Tech Track 2

Tech Track 3

8 to 8:30 AM
Registration
Registration
Registration
8:30 to 10:30 AM
Automating SecDevOps Workshop (by Murray Goldschmidt)
  • Learn some simple ways you can integrate automation for security in a DevOps pipeline today.
  • Understand the need to secure the entire DevOps stack of tools, as well as the production output.
  • Gain much-needed visibility into a DevOps environment through continuous monitoring and other tools.
SecOps Workshop (by Gregory Pickett & TBD)

  • Adaptive Network Protocol (ANP): How it shares events between systems, requirements for installing the agent, configuring the agent, various features, peering systems and Example federations 
  • Interfaces for Adaptive Network Protocol (ANP): How interfaces work, types of interfaces, how interfaces pass on events to each system for its use, several interfaces already built and what else is possible
Automotive Security Workshop (by Aditya)
  • How IoT devices function
  • IoT Security aspects
  • Attack examples  1
  • Complexity of Cars
10:30 to 10:45 AM
BREAK
BREAK
BREAK
10:45 to 12 PM
Automating SecDevOps Workshop (by Murray Goldschmidt)
  • Adapt your strategy to "shift left" in software development and understand why this is critical, enabling you to improve security at the source.
  • See an example of a real-world end to end Attack on a DevOps environment in AWS and see how you can stop it.
SecOps Workshop (by Gregory Pickett & TBD)

  • Use Cases: Simple to complex for both external and internal threats 
  • Demonstrations: Attackers automatically added to a threat feed you share with partners, Attackers failing logins on one system are automatically blocked from logging into others, Web site attack automatically gets the attacker moved over from your website to a honey pot 
  • Needed Improvements and Future Directions
Automotive Security Workshop (by Aditya)
  • Attack examples 2
  • Lab session where attendees can attempt attacks on IoT devices/Car Simulators.
12 to 1 PM
LUNCH
LUNCH
LUNCH
1 to 3 PM
Application Security Architecture Workshop (by Nilanjan De)
  • Immutable Application infrastructure
  • Serverless architecture
Threat Hunting Workshop (by Sachin Deodhar)
  • Incident Response & Threat Hunting
  • Detection & Response Program
  • Breach detetction & response (Case Study)
IoT Security Workshop (TBD)
  • Hardware Teardown
  • Architectural layers
  • Components
  • Testing
  • Control design
3 to 3:15 PM
BREAK
BREAK
BREAK
3:15 to 5:15 PM
Application Security Architecture Workshop (by Nilanjan De)
  • Immutable Application infrastructure
  • Serverless architecture
Threat Hunting Workshop (by Sachin Deodhar)
 
 
  • Incident Response & Threat Hunting
  • Detection & Response Program
  • Breach detetction & response (Case Study)
IoT Security Workshop (TBD)
  • Hardware Teardown
  • Architectural layers
  • Components
  • Testing
  • Control design

To watch past talks from speaker click here

WHO IS COMING ? (Sneak Peek)

REGISTER & JOIN YOUR PEER

SECOPS WORKSHOP

Speaker : Gregory Pickett

About Speaker : Renowned Security Expert, Frequent speaker at DEFCON, Blackhat

Description : Adaptive Network Protocol (ANP) allows systems to share events with each other.  When one system sees a threat, they all see it and can respond in a coordinated fashion.  Your network can, quite literally, respond to a threat all on its own.  In this session, we’ll show you how ANP works, how to install it, and cover all the use cases from generating your own Threat Intelligence feed, to sharing fail2ban jails across clouds, to automatically NATing threats to honeypots, and many more.  To show you how it works, I will even demo some of these scenarios.

Agenda :

1. Adaptive Network Protocol (ANP): How it shares events between systems, Requirements for installing the agent, Configuring the agent, Various features, Peering systems, and Example federations 

2. Interfaces for Adaptive Network Protocol (ANP): How interfaces work, Types of interfaces, How interfaces pass on events to each system for its use, Several interfaces already built, and What else is possible 

3. Use Cases: Simple to complex for both external and internal threats 

4. Demonstrations: Attackers automatically added to a threat feed you share with partners, Attackers failing logins on one system are automatically blocked from logging into others, Web site attack automatically gets the attacker moved over from your website to a honey pot 

5. Needed Improvements and Future Directions 



REGISTER NOW
REGISTER NOW

APPLICATION SECURITY WORKSHOP

Speaker : Murrey Goldschmidt

About Speaker : Renowned DevSecOps Expert, Frequent Speaker at RSAC, AusCERT

Description :  Dynamic, high-velocity DevOps production environments deliver impressive results to enterprises. Security Teams now need to catch-up and be effective immediately. This 4-hour lab, on Security Automation for DevOps teaches ways improve security at the source and manage a secure environment across the lifecycle. Understand the DevSecOps stack and how to protect it by gaining visibility using automation, across development, applications, operating systems and the cloud covering SAST, DAST, 3rd party library scanning, continuous monitoring, vulnerability management and self-healing. Attendees will learn how start with simple security automation to protect DevOps environments - without becoming a bottle-neck in the process. 


Agenda : 

1. Learn some simple ways you can integrate automation for security in a DevOps pipeline today. 

2. Understand the need to secure the entire DevOps stack of tools, as well as the production output. 

3. Gain much-needed visibility into a DevOps environment through continuous monitoring and other tools. 

4. Adapt your strategy to "shift left" in software development and understand why this is critical, enabling you to improve security at the source. 

5. See an example of a real-world end to end Attack on a DevOps environment in AWS and see how you can stop it. 


REGISTER NOW
REGISTER NOW
Fix the following errors:
Hide