SACON 2019

International Security Architecture Conference & Training

15-16 February | Bangalore | Conference & Training

Register & Get Access to Special Discount Vouchers, Speakers, Talks & more! *

1 +
1 +
1 +
1 +

SACON Vision

We have a lot of competence in hacking but we have a very limited community for the defenders, security architects …etc. So we started SACON – India’s 1st Security Architecture Conference, to solve this competency gap. SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribers. 

2019 SACON Speakers

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : LINUX & windows forensic
(1 Day)

Topic Brief :

Have you ever wanted to investigate a Windows and/or Linux breach but could not justify the 8 lakh rupees in software ? This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.

Detailed Agenda :

1. Introduction – what is forensics; what is digital forensics; building a toolkit 

2. Live response – talking to users; collecting data; analyzing collected data; determining if there was an incident 

3. Preparing for dead analysis – shutting down; creating a memory image; creating filesystem images 

4. Basics of FAT Filesystems – how it works; timestamps; deleted files 

5. Basics of NTFS Filesystems – how it works; timestamps; deleted files 

6. File analysis – file signatures – slack space; recovery from page file etc. 

7. Registry – how it is organized – where it is stored; location of important information; tools to make it easy 

8. Windows artifacts – recycle bin; AppData files; prefetch files – misc. 

9. Memory analysis – getting an image; basic Volatility commands

Attendee Requirements :

Workshop participants will need a laptop running a recent 64-bit version of Linux and should have at least 8GB of RAM & 200 GB free space. VirtualBox with extension pack preinstalled. Basic Linux knowledge at the user level

Dr. Phil Polstra


Author of ‘Linux Forensic’, Frequent speaker at DEFCON, Blackhat, BSides, GrrCON, ShakaCON

Dr. Phil Polstra is currently the professor at bloomsburg university of pennsylvania. He is the author of ‘Windows Forensic’ and ‘Linux Forensic’. He is a frequent speaker and trainer at Blackhat, Defcon, BSides, Grrcon, Shakacon and many more. You can check a compiled list of his past talks at some conferences here

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Practical security architecture (1/2 Day)

Topic Brief :

My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment. My method of designing a security architecture brings together the following: Sherwood Applied Business Security Architecture (SABSA), Intel’s Threat Agent Risk Assessment (TARA), Lockheed Martin’s Cyber Kill Chain and threat driven approach, Mandiant’s M-Trends report, Verizon’s Data Breach Investigations Report, ASD Essential 8 and Mitre’s Adversarial Tactics, Techniques & Common

Knowledge. The structured use of all of these techniques and methodologies (whole and in parts) will allow security practitioners to design a security architecture that addresses the threat actors and adversaries most likely to launch attacks and mitigate their specific tactics and procedures that will be used.


Detailed Agenda :

1.List the tools and techniques available to design a pragmatic and practical security
architecture, their purpose, use and why they’re relevant. What are the core aspects of a
security architecture that must be considered?

2. Not all security controls are created equal. Describe and apply a methodology to select the most effective controls to address an organisation’s key risks. How can you tell if your
security architecture is fit for purpose?

3. Understand the controls that make up basic cyber security hygiene and offer the best return on investment based on industry reports and an analysis of real world cyber-attacks. Have you got the basics covered?

4. Understand the security investment portfolio and how it supports an organisation’s defensive posture. Spread your risk and diversify your security investments.

5. How to effectively reduce an attacker’s dwell time. Simply because your organisation’s
defences have been penetrated does not mean that data loss or system destruction is a
given. Assume breach and put in place effective security measures to restrict your
adversaries from actioning on their objectives.

Theory will be reinforced through the use of practical examples and exercises where you can put the tools and techniques into practice.

Attendee Requirements :

Attendees should have a least 1-2 years’ experience in information security architecture or
information security management along with a good understanding of frameworks such as NIST SCF and ISO 27001. No time will be spent explaining information security and risk management basics. No special equipment is required. Session materials will be provided on the day.

Wayne Tufek
Director, CyberRisk

Frequent Speaker at RSA APJ, ISC2 & more

Wayne Tufek is currently a Director of CyberRisk ( For over 20 years he has formulated pragmatic, business driven strategies to establish, execute and improve cyber risk management in ASX listed companies and some of Australia’s largest organisations across the public sector, Big 4, financial services, consumer products, education and retail sectors. Wayne is a member of Chartered Accountants Australia and New Zealand and holds the SABSA SCF, CISSP, CRISC, CISM, CISA, ISO/IEC 27001 Lead Implementer and PCI QSA qualifications. He is frequently asked to present at security conferences and events in Australia and internationally including the Australian Cyber
Security Centre Conference, AusCERT, ISC2 Security Congress, ISACA Oceania CACS, RSA APJ and

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Active Deception for red and blue teams (1 Day)

Topic Brief :

Defending an enterprise network is increasingly challenging. With various components and integrations, implicit trusts, third party applications, various operating systems, backward compatibility and legacy applications present in a network, often an adversary just need to go for a weak default misconfiguration or feature to get a foothold. Once a foothold is available, adversaries can laterally move and abuse features and trusts to gain access to key information and data. This can be done by “living off the land” and using only the built-in tools of an operating system.

The days of reacting to an attack are past. Defenders and Blue Teams must exploit the attacker mind-set of going for “the lowest hanging fruit”. Deception provides capabilities of detecting and shaping the path an adversary with less chances of false positives, increased certainty and reveal what an adversary wants to get from your network. Deception definitely increases the costs for an adversary.

In this training, we will understand, learn, implement and design different types of deceptions and use of decoys, lures, canaries, accounts, tokens and a lot more. We will use built-in OS tools and scripts to quickly deploy deception techniques enterprise-wide with and without agents on computers. We will see some unique deception techniques and also use existing ones.

Deception for Red Teams will also be practiced. Red Teams have been using deception more effectively – Social engineering, phishing, fake documents and more attacks. We will practice some of the attacks but focus more on identifying deception by Blue Team and counter-deception. We will also see case studies of stopping advanced adversaries using deception techniques.


Detailed Agenda :

Some of the deception techniques, used in the course:

  • Documents – MS Office and others
  • Files – Trusted executables, scripts and more
  • Active Directory – Groups, SPNs, ACLs and more
  • Credentials – Windows, SSH, AD
  • Databases – data, credentials and more
  • Host and Enterprise applications
  • Designing deception
  • Wireless Deception
  • Identification
  • Rapid deployment at scale using WMI and PowerShell

Attendee Requirements :

People who should attend include Network administrators, security researchers, red-blue teams, pentesters. Attendee should have basic understanding of Windows domains. Participant should bring system with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Attendees will get free one month access to a lab mimicking an Enterprise network, during and after the training & one month subscription to Pentester Academy

SAhir Hidayatullah
CEO, SMOkescreen

Trainer at blackhat USA

Sudarshan Pisupati
Principal Consultant, SMOkescreen

TRainer at Blackhat usa

Sahir Hidayatullah is the CEO of Smokescreen, one of the industry’s leading deception technology companies. He developed one of the first commercial memory forensics solutions for rootkit and stealth malware detection, and has delivered workshops on deception, red-teaming, and digital forensics for numerous premier institutions. He is a regular speaker on cyber deception strategy, including a keynote session at RSA Abu Dhabi 2016. Sahir is a serial cybersecurity entrepreneur whose past ventures have undertaken red team assessments and performed incident response for multiple data breaches. His work has been a cover story in Fortune Magazine, India, and he’s often quoted on cybersecurity in print and television media.

Sudarshan has been a red-team specialist for 8 years, his previous stint was at Ernst & Young, USA, handling red-team assessments for select Fortune 100 companies. He has been a trainer
on offensive security at Black Hat USA, 2018. At Smokescreen, he runs a team of some of the industry’s best redteam and incident response professionals. He also researches deception defences for our IllusionBLACK product. Sudarshan specialises on Windows domain security, and has a 99% successful track-record of breaching high-security environments (ask him about the 1% where he failed)! In his free time he listens to and plays heavy metal.

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Extreme Web Hacking using cyber range (1 Day)

Topic Brief :

Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed (you can use your hacker name instead of real name) and the top three scorers will get super cool prizes.

Detailed Agenda :

  • Introduction to CyberRange
  • Introduction OWASP top 10
  • Cross-Site Scriting Attacks
  • XML Injection
  • Cross-Site Request Forgery
  • SQL Injection Attacks, error based, time based and data exfiltration using SQL Injection
  • Insecure File Upload Attacks
  • Privilege Escalation
  • XPath Injection


Attendee Requirements :

Attendees must have a laptop with min 4 GB RAM.
Software needed:
Any web browser.
Proxy tool such as OWASP Zap ( or Burp Proxy Free (

Aditya Kakrania
Director, Security Innovation

Security technology expert

Aditya Kakrania is the director at Security Innovation. This session might be taken by other speakers from Security Innovation. Details will be updated soon

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Workshop : Practical threat hunting using open source tools (1/2 Day)

Topic Brief :

Threat hunting can seem intimidating at first. How can you come to grips with threats that
don’t use known malware or indicators of compromise? How can you deduce the
presence of “fileless” attacks that leave no files or malicious tools on a hard drive?
This workshop will uncover the art of threat hunting, looking for what gets missed using
automated tools and use cases leveraging open source hunting tools and techniques, including hunting in memory, hunting on the cheap and hunting for persistence.
We will begin with an overview of threat hunting, then introduce techniques you can use today to stop unknown suspicious activity in your network. You will learn how to find ongoing attacks by proactively searching for signs of fileless attacks, persistence mechanisms, evidence of lateral movement, and credential theft.In this practical session, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the session. This workshop will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.

Detailed Agenda :

  • Threat Hunting Models and Hypothesis Building
  • Threat Hunting using input from Threat Intelligence
  • Indicators of Compromise
  • Knowing how to find bad – Log Analysis, Web Application Logs, Network Forensics and Packet Analysis, DNS and DHCP Log analysis and real time packet sniffing
  • Data collection methods
  • Logstash
  • Elasticsearch basics
  • Kibana basics
  • Building Visualizations
  • Building Dashboards
  • Data enrichment
  • Real-time data collection
  • Machine Learning for Threat Hunting
  • Final Exercise – 3 Use Cases to Hunt

Attendee Requirements :

  • Attendees must have windows 10 laptop / Mac OS with atleast 16GB RAM and atleast 100gb of free disk space
  • Virtualization software capable of running VMDKs and OVA files (Preferred Kali)

Chandra Prakash Suryawanshi
SVP, AUjas

SOC, DLP, IR Expert

Chandra Prakash has completed several MDPs from ISB, Harvard, Stephen Covey institutes. 

Specialties: Managed Services – NG-SOC, DLP, DAM, EDR, IR and Forensics, Deployment- SIEM Platform (Security Analytics/ Threat Intelligence/Full packet capture, EDR and IR automation ) Technology Risk Consulting, IT GRC, Data Protection and Cyber Security Strategy Management.


SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

Call For Speakers

Call For Papers Date: 21st August to 15th October, 2018. (Closed Now)

SACON is the only conference on Security Architecture & the largest security conference in India of Senior Security Executives, Chief Information Security Officers, Security Architects, Developers, Engineers & more The 2 day conference & training will host over 1000+ attendees with the most celebrated global Security professionals along with the top Chief Security officers in India with over 50+ sessions and 30+ International Speakers from different countries sharing their insights and experiences with the CISOs working to secure businesses of all sizes in various innovative ways.

Conference & Training

Deep Dive Training "Hands-on Workshop"

Technical Workshops would be hands on and would be presented by foremost technology experts to help you for deep-diving & informed decision making through live demos and training

Best of the World "Turbo Sessions"

This series shall invite the top speakers & security researchers across the world who made significant contribution in the field of security in recent past who would share knowledge through 18 minute "Turbo Sessions"

CISO Decision Tools "Frameworks"

Tools, Frameworks & Checklists shall be presented to help Senior Security Decision Makers for better & structured decision making (strategy, implementation of successful projects & practical hands-on insights)

What Are Attendees Saying?

If I hadn't come, it would take another 2 to 3 years to learn and understand these tools
The principles .. gives a structure to the thought process and to the approach .. a very critical element for everything...
Manoj Kuruvanthody
Very insightful, will definitely help us create a very effective security architecture
Anil Kumar K K

Who Covered US

Meet Our Previous Speakers

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *

TOP talks

1000+ Organizations Attended

SACON - India's only Security Architecture Conference & training

Pre-Register & Get Access to Special Discount Vouchers! *