SACON 2020

International Security Architecture Conference & Training

21 & 22 February | Bangalore | Conference & Training

* Register for 2 for 1 code and claim the best seats for your friend and you

1 +
Attendees
1 +
Speakers
1 +
CISO/CIO
1 +
Trainings

SACON VISION
Conference & TrainingS

Security Architecture Conference started as a simple idea to grow the Information Security builder community. The 5th edition of SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribersJoin the largest security architecture conference in the region. | 18 – 19 May | Pune | India. Learn Security Architecture, Application Security Architecture, OSINT, Darkweb & More.

Speakers sacon 2020

SIGN UP FOR 2for1 PASS

Attendee Speakout

“If I hadn’t come, it would take another 2 to 3 years to learn and understand these tools”

Vijaykumar Reddy

Vijay Kumar Reddy, Engineer, L&T Infotech

Agenda

Downloadable agenda here (SACON Part)

Blackhat & Defcon Workshops

  • IoT Workshop [Blackhat USA 2019 Training]
  • Reverse Engineering Workshop [DEFCON Training]
  • Darkweb Workshop [Industry Expert Training]
  • Building SOC Using Open Source Tools Workshop [Industry Expert Training]
  • SDN Security & 5G Workshop [Industry Expert Training]
  • Building Privacy For Your Organization [Industry Expert Strategy]
  • API Security Workshop [Industry Expert Training]
  • Threat Hunting Workshop [Industry Expert Training]
  • Web Hacking & Cyber Range Workshop [Industry Expert Training]
  • Thinking Like An Attacker Workshop [Industry Expert Training]

Short Strategy Talks

  • Evolution Of Artificial Intelligence
  • Zero Trust Architecture
  • Living In A World Of Zero Trust
  • DevSecOps Tools & Demo
  • Quantum Computing and Security Impact
  • Radio Communication & Wireless Attacks
  • Threat Modeling For Secure Software Development
  • Attack Vectors Of Kubernetes
  • Kubernetes Hacking Demo

Featured Trainings

Gregory Pickett

Intrusion Analysis Expert

Adventures in SDN Security

Introduction: Based on a recent talk of mine on SDN and 5G, this will be a deep dive into the Software Defined Network (SDN) side of things. We will hit SDN and hit it hard. After a rundown of recent work in SD-WAN, I will return to where it all started with the Software Defined Data Center (SDDC). Briefly reviewing my previous work with open source controllers and white box switches, we will take a look at my recent work with Cisco’s APIC and Big Switch Network’s Big Switch Fabric. This will be a deeply technical talk where we will cover the risks, the threats, and the attacks useful against SDN. Most importantly, we will talk about how to secure it. Because if your network isn’t safe, neither are you

Agenda: 

•Software Defined Networks – Influencers, Market Segments, and Realized Benefits
• SD-WAN (Risks) – Operational and Security
• SD-WAN (Threats) – Vulnerabilities and Attacks
• SD-WAN (Securing) – General Approaches and Case Study
• SDDC (Risks) – Operational and Security
• SDDC (Threats) – Vulnerabilities and Attacks
• SDDC (Securing) – General Approaches and Case Study

 

Attendee Requirements: Attendees should have a basic understanding of the network, of network protocols especially SSL/TLS, of network architecture, and of common attack vectors such as Cross-Site Scripting (XSS), Command Injection, etc. No special equipment will be required. Most of the workshop will be covered using demonstrations and discussions around the scenarios.

About Speaker: Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them.

Andrea Marcelli

Frequent Speaker at DEFCON, BSides

Windows Malware 101: Reverse Engineering and Signature Generation

Introduction: The workshop will cover some key topics of Windows malware reverse engineering, starting from the basics of the Windows executable file format up to the modern techniques and FOSS services to analyze malware samples at scale. Finally, it will cover the basics of malware signatures, and it will present a tool, YaYaGenPE, to automatically generate them. During the workshop, Python notebooks and other FOSS tools will be used to show an interactive analysis of some recent Windows malware samples.

Agenda : 

  • Basics of Windows malware reverse engineering
    The Portable Executable (PE) file format
    Dissecting Windows malware PE files with Python.

     

  • Malware analysis at scale:
    The role of automation
    Function recognition with FIRST
    Binary decompilation with Ghidraaas and GhIDA

     

  • Signature generation:
    The basics of a malware signature
    Automatic signature generation with YaYaGen.

     

Attendee Requirement : Participants will need a laptop with a recent 64-bit version of Linux, Python 3.7, Jupyter, the freeware version of IDA 7.0, and Docker installed. Internet access may be required to download additional Python packages.

 

About Speaker : Andrea Marcelli is a Malware Research Engineer at Cisco Talos Intelligence Group and a PhD candidate in Computer and Control Engineering at Politecnico di Torino in Italy. In his PhD, he studied the large-scale processing of Android malware, proposing a semi-automated system to provide fast coverage and detect new malware variants. He presented part of his research at BSidesLV and DEFCON26. Currently his research interests include automated malware analysis, semi-supervised modeling, and graph isomorphism.

Harshit Agrawal

Past RSA USA Speaker

ON THE WINGS OF TIME: PAST, PRESENT, AND FUTURE OF RADIO COMMUNICATION

Introduction: Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Today, cyber threats have grown not just in its depth (more sophisticated) but also in its breadth (expanded scope). It has grown from threats in Enterprise IT systems to Operation Technologies (OT) and Industrial Control Systems (ICS).

Agenda : 

    • Detailed usage guide of wireless security tools

    • Security issues in various kind of wireless system: short distance 433/315MHz communication, ADS-B, GSM, satellite communication, etc

    • Various Analytical matrices to compare the designed wireless security algorithm 

Part A: Overview, Ideas, and Prospectus of the attack and defense in the field of wireless security (Objective is to ensure everyone has clarity of Wireless Hacking and why is it different)

1. Joys of the Past: History of Attack: From hijacking communication in 1903 to breaking the Enigma during WWII, Wireless Attacks have evolved significantly over the years. While these attacks have attempted to cripple cities, they also provide an opportunity for our attendees to learn from such incidents and appropriately build security controls to safeguard against them. We would be discussing what might have possibly gone wrong with a few case studies.

2. Current State of Industry & Sutra for Mitigation:

  • Detailed usage guide of wireless security tools

  • Security issues in various kind of wireless system: short distance 433/315MHz communication, ADS-B, GSM, satellite communication, etc

  • Various Analytical matrices to compare the designed wireless security algorithm

3. A glimpse of the Future: Hackers have a new way to profit off our security cameras, smart lighting, and even our fancy new coffee pot: crypto-jacking, we will discuss how can one detect and prevent such crypto-jacking attacks.

Part B: Learned theory will be reinforced through the use of practical examples and exercises where you can put the tools and techniques into practice.  

  • What is Software Defined Radio (SDR)

  • SDR Architecture, DSP, Sampling

  • The Breadth and Depth of DSP

  • Phases of SDR Hacking

  • Setting up and using RTL-SDR, HackRF

  • Decoding Digital Data

  • Customizing and Retransmitting Radio Signals

  • Capturing Signals and Analyzing a Waterfall Plot

  • Reverse Engineering Transmissions

  • Case Study and Demos

Attendee Requirements:

The participant should bring the system with 4 GB RAM that supports booting from a USB drive with at least two free USB ports. One port will be required to boot a Live USB flash drive, and the other will be used to connect to an SDR device (preferably a USB 3 port).

Attendees should come with SDR devices such as Hackrf or RTL-SDR with them.

About Speaker: Harshit Agrawal is a Security Researcher and does Volunteering for NULL and OWASP Community. Harshit loves to travel and Presented at RSA Conference USA, Cyberweek UAE, ICS Security Singapore, Hack In Paris, HITB Amsterdam, Securityfest Sweden, Nanosec Malaysia, HAKON, as well as various Universities. He is President for CSI chapter, and Vice President for Entrepreneurship Cell at MIT Pune. Currently, he is leading a team of security enthusiasts at MIT which gave him a good insight into cyber-security and helped to emerge as a creative leader. On the other hand, it also increased his thirst to explore more in this field. He is a Student, Programmer, Developer, Security Researcher, and Believer! He believes in providing something out of the box!  

Shivangi Nadkarni

Privacy Expert, Founder @Arrka

Sandeep Rao

Principal Consultant @Arrka

Ramkumar Narayanan

Practice Partner, Data Privacy @Wipro Ltd

Aaron Kamath

Leader
International Commercial Law and Technology Law Practice  @Nishith Desai Associates

Gauri Vishwas

Privacy Program Head @Aditya Birla Group

Apurva Mankad

Founder & CEO @ECFY

Srinivas Poosarla

Vice President, Chief Privacy Officer @Infosys

Sameer Anja

COO @Arrka

An introduction to Data Privacy

Introduction:  Data Privacy & Personal Data Protection has become a key driver today in dialogues involving data. India is at the cusp of getting its own law in place – one of the last few countries in the world to do so. However, the reality on the ground is that few people really understand what Data Privacy is all about. It is often confused with Data Security. This session seeks to de-mystify Data Privacy, giving an overview of the domain and how it is different from Data Security.

Agenda: 

  • An Introduction to Data Privacy
  • Understanding Personal Data
  • An overview of Privacy Principles & Rights
  • An overview of Privacy Implementation Frameworks – used to implement Privacy Programs in Organizations

Attendee Requirement: Anyone with an interest in the topic and who wants to understand basics of Data Privacy

About Speaker: 

Shivangi Nadkarni has over 20 years of experience in the domains of information risk & privacy, e-commerce & networks. She has handled multiple roles over the years at Sify and Wipro – which include heading the global application security & identity management practice at Wipro, setting up India’s first licensed certifying authority for digital signatures in collaboration with Verisign at Sify, launched and managed the first enterprise IP network services in India at Sify, etc. She set up Arrka Consulting – her own venture – a few years ago. Arrka provides consulting, advisory and training services in the information risk & privacy domain, Nadkarni has recently authored the first book on Data Privacy in India for DSCI, as part of their new privacy certification program – DCPP.

Sandeep Rao has over 18 years of Management Consulting experience in the areas of Business Transformation, Post Merger Integration, Process Reengineering, Organizational Change Management, Shared Services Design and Privacy Design & Implementation. He has worked with Startups as well as Fortune 100 organizations like GE, Philips, Wells Fargo & General Motors. Sandeep has had over a decade of International exposure, having been based out of the US, Europe and Singapore. He has managed complex cross functional projects and multicultural teams across over 15 countries. He has also trained over 2000 employees globally on Operational Excellence. Sandeep holds a Bachelor’s degree in Engineering from SPCE, Mumbai; a Master’s Degree in Management from SP Jain, Mumbai and a Post Graduate Diploma in Software Technology from NCST (CDAC). He is also a certified Privacy Practitioner(DCPP) and Lead Assessor (DCPLA) as well as a Certified Lean Six Sigma Black Belt and Trainer. He is an avid triathlete having completed over 20 Ironman 70.3, Marathons, Ultras and Swimathons.

PERSONAL DATA DISCOVERY & MAPPING - CHALLENGES FACED, METHODOLOGIES & TOOLS EMPLOYED ​

Introduction: To implement any privacy program in any organization – big or small – the foundational step is to understand what Personal Data an organization deals with, where it lies, how it flows (within & outside the organization), who does what with that data, what are the underlying assets involved, etc. Without this foundation, the organization cannot build the necessary controls required to implement and manage Privacy. However, this is not an easy probem to address. This session does a deep dive into the challenges faced, the methodologies used and tools that can be employed to build AND sustain an organization’s data map

Agenda: 

  •  Challenges in building a Data Map
  • Approach & Methodologies used
  • Some tools that can be deployed in specific situations
  • Now that you have built the initial Data Map
  • How do you sustain this, given that Data keeps changing in An organization?
  • Some real-life case studies

Attendee Requirement: An understnding of the basics of Data Privacy & Privacy implementation frameworks – so that the attendee understands the relevance and criticality of this session.

About Speaker: Ramkumar is a seasoned Cybersecurity Advisor, with over 20 years of experience in advising many of the fortune 500 companies in defining their data privacy and data security strategy. As Practice Partner at Wipro Limited, he heads the data privacy practice globally that provides consulting and advisory services around data privacy to Wipro’s clients and is also heading the Privacy Center of Excellence that builds data privacy and data risk governance platforms that can accelerate the privacy journey. Ram holds a Bachelor of Engineering degree in Computer Science and Master of Science degree in Cyber Forensics & Information Security; he also holds several certifications which includes CISM, CISSP, CHFI & DCPLA.

India's Personal Data Protection Bill - an overview

Introduction: India’s Personal Data Protection Bill (PDPB) has been in the news for a while now. One of the most awaited legislations around the world, the bill has intoduced many new ideas which are different from other legislations like the EU GDPR,etc. The bill has also raised many controversies and debates both in India and globally. This session focuses on what the India PDPB is all about

Agenda: 

  • An overview of the India PDPB
  • Some issues & concerns around the bill
  • Organizational impact from the bill

Attendee Requirement: A genuine interest in what the Personal Data Protection Bill is all about – as it impacts almost anything and anyone working in a field related to technology.

About Speaker: Aaron is a lawyer and integral member of the International Commercial Laws and Technology-Media- Telecommunication Laws Practice Group at the multi-skilled, research based international law firm Nishith Desai Associates. Aaron is qualified to practice law in India and is enrolled as an Advocate with the Karnataka State Bar Council. He is also a member of the Inter-Pacific Bar Association and winner of the IPBA Annual Scholarship for Young Lawyers 2019.

Aaron advises clients on complex cross-border transactions including technology deals, mergers and acquisitions, private equity investments, regulatory matters & commercial transactions across various sectors, with special focus on IT, e-commerce, retail and fin-tech. He advises a number of multi-national corporations on various legal and regulatory aspects including privacy-related compliances and documentation; IP structuring, strategy and prosecution. He has also done extensive research and assisted clients in relation to cutting areas of technology such as AI, IoT, cloud computing, fin-tech, med-tech and ed-tech.

 

Implementing a Privacy Program in a large Conglomerate: Challenges & Learnings

Introduction: It is one thing to understad what the various applicable Privacy laws & standards require an organization to do and another thing to actually implement a program to deliver on this requirement within the organization. Data Privacy programs cut across almost all functions & teams in an organization – all of whom need to work in sync to ‘make it all happen’. When it is a large conglomerate spanning multiple countries and entities, this challenge is further amplified. This session discusses these real life issues and challenges.

Agenda: 

  • Implementing Privacy in a large conglomerate – The Approach
  • Challenges faced on the ground
  • Key learnings

Attendee Requirement: An basic understanding of Data Privacy

About Speaker: Gauri Vishwas is Privacy program head at Aditya Birla Group. Designing the data privacy framework for all ABG companies in line with privacy best practices, the expected Indian Data Privacy and Protection Act, GDPR and other privacy laws. Leads the central information security user awareness initiatives for all businesses including the skill and capability building all the entire ABG security community (over 150 professionals). Designing a central risk assessment framework to assess security risks across all businesses and define a group security and risk benchmark. This includes a framework based on best practices such as ISO 31000, ISO 27001 etc. Managing the complete brand protection portfolio for key ABG brands at a central level. Managing the CISO operations for ABMCPL to protect centrally aggregated information knowledge capital.

Implementing a Privacy Program in an SME Organization: Challenges & Learnings

Introduction: Most discussions around Privacy & its implementation focus on large organizations. However, small organizations also need to implement Data Privacy. And their challenges are very different. Small Teams, limited budgets & other constraints are a reality. This session has the founder & CEO of one such organization share his experience & learnings

Agenda: 

  • Implementing Privacy in a small organization – The Approach
  • Challenges faced on the ground
  • Key learnings

Attendee Requirement: An basic understanding of Data Privacy

About Speaker:  Apoorva Mankad Founder Director & CEO Engineer and MBA in Finance 18 yrs in emerging market logistics technology.

Apurva is an Electronics Engineer with an MBA in Finance from University of Mumbai. He has over 10 years of experience in the fields of E-Commerce, ISP infrastructure, Data Centers and software development. Apurva has worked with following organizations : Infosys Technologies Satyam Computers Satyam Infoway Global Telesystems PCS Industries Apurva is also a Certified Information Systems Auditor (CISA) from ISACA, Chicago. Apurva is a visiting faculty at Welingkar Institute of Management for last 7 years and teaches E-business and Telecom.

Challenges & Approach

Introduction: ISO 27701 is a new standard for privacy protection, built as an extension to ISO 27001 & 27002. Released as recently as August of 2019, organizations and practitioners are still trying to understand the standard and its intricacies & implications. Infosys is the first Indian company to have been 27701 certified – a result of a long-running Privacy Program with a team having the necessary expertise and experience of many years in the domain. In this session, the Infosys Chief Privacy Officer shares their journey and offers key insights and learnings to organizations on their paths to achiecing 27701

Agenda: 

  • A brief overview of ISO 27701
  • What is takes to implement the standard.
  • What can be leveraged from an existing 27001 implementation and what needs to be done ground-up
  • Challenges & Road blocks one can anticipate and how they can be overcome
  • Key learnings

Attendee Requirement:An understanding of 27001 and Data Privacy

About Speaker: Srinivas Poosarla is Vice President, Chief Privacy Officer and DPO for Infosys globally, responsible for Infosys’ Privacy Compliance to Data Protection Regulations in over 40+ countries. In his career span of 30 years, he was associated with diverse set of enterprise functions, and has been playing the CPO role since last 10 years. In addition to his job, Srinivas has been playing active role in privacy initiatives both in India and the international fora where he: – Is designated expert in the Data Privacy working group of ISO’s SC27 committee, involved as one of the key players in shaping up standards on data privacy:

  • Co-editor for recently published ISO 27701 – Privacy Information Management Standard
  • Co-editor for ISO 29184 – Guidelines on Online Privacy Notice and Consent
  • Co-rapporteur for Study on Privacy Engineering Framework
  • Co-rapporteur for Study on Impact of Artificial Intelligence on Privacy 

Drives Privacy-by-design for Infosys IT Solutions – Widely travelled to over 30 + countries, regularly speaks at conferences on data privacy topics and contributes to publish articles Srinivas is a B.Tech. from IIT (Indian Institute of Technology), Post-graduate Diploma in Cyber Law and Cyber Forensics from National Law School, India and has data privacy certifications such as CIPP/E, CIPP/US, Honorary CIPP/Asia, CIPT, FIP, DCPLA, Honorary DCPP.

Privacy in Technology: Kickstart of the Hackathon

Introduction: Just like in the case of Security, building Privacy at the design stage itself ensures privacy gets baked into the specific application/ process/ initiative. There is a formal Privacy By Design (PbD) framework available and it has been incorporated into several laws & regulations as well. To actually implement PbD into specific applications needs the translation and application of this framework and its principles into specific, detailed, step by step guidelines/ standards. This Hackathon endeavours to do exactly that

Agenda: 

  • Participants would be required to form teams of two. Each team would be given a specifc use case to work on and will have to develop the Privacy By Design guideline for that particular use case

Attendee Requirement: Attendees would need to bring their own laptops

About Speaker:

Sandeep Rao 

Sameer Anja has over 21 years of experience in the domains of Information Security, Risk and Compliance, IT Governance, IT Strategy, IT Service Management and Business Continuity Management. He has earlier worked with organizations like KPMG & Wipro and worked on a variety of engagements in the above areas. Sameer is widely known in his circle for his work and his contributions to the field of Information Risk. He is an active participant in various forums and has contributed to framing of standards & methodologies in multiple domains. Sameer holds a B.Sc. (Statistics) from the University of Bombay and has a Diploma from NIIT. He is also a CISSP, ISO27001 Lead Auditor & Implementor and a certified ISM from VeriSign.

Security vs Privacy - A Zero-Sum Game?

Introduction: Globally, one of the long standing debates has been around the fact that Security & Privacy are in direct conflict with each other and that security often overrides Privacy for national interests. Privacy activists & advocates have a different point of view – believing that nothing can really override the right of an individual to her privacy. Is this really the case? Do the two issues really contradict each other? Or is it a result of a lack of understanding or a lack of going into the details to work out a way that doesnt impact outcomes? This panel discussion discusses this issue, bringing in different points of view.

Agenda: 

  • Understanding the context-why are Security & Privcy seen to be a Zero Sum Game
  • What are key issues that lead to a perception that the two are in direct opposition
  • Some examples which can bust this above perception
  • Areas where the world is yet to find answers – ongoing debates & discussions
  • Where is all this leading to – in today’s rather polarised world?

Attendee Requirement: A basic understanding of Data Privacy and a genuine interest in this debate.

Rohit Srivastwa

Advisor @Clubhack, Cyber Security StartUps

Muslim Koser

Head – Products & Technology @ Volon Cyber Security

Darkweb workshop

Introduction: Dark Web has become a big buzz word in the last few years. A lot is being written and spoken about it. Dark web is also being used as a ‘FUD’ factor to run businesses.

Agenda : 

Learn and understand the difference between Clearnet and Darknet

  • Darknet, Deepweb , Darkweb – What do they mean
  • Operational security before entering the darker side of internet
  • Understand Darknet entry points
  • Setting and configuring the Darknet Entry Points (Tor, I2P, Zeronet etc)
  • Tor Hidden Services – Using Tor Web Proxies
  • Darknet /Deepweb Search Engines
  • Exploring the Darknet – Darknet Economies
  • Cyber Crime Markets
  • Drug and Arms Markets
  • Counterfeit and Fake Currency Markets
  • Terrorist and Jihadist Presence
  • Persona Management (Creating and Maintaining Persona to interact with Darknet actors) 
  • Actor Engagement
  • Utilizing Darknet as definitive source for Threat Intelligence

Attendee Requirement : Laptop having ability to access 802.11 b/g/n Wi-Fi network in an unrestricted / unfiltered nature. – Enough memory (>=8GB) to run a VM. – VirtualBox or VMWare hypervisor as per availability – A fresh VM of windows/linux (best if both are available)

About Speaker :

Rohit Srivastwa is a well known security evangelist and entrepreneur in this domain. He has an expertise in cyber security and IT infrastructure management. Rohit is actively involved advising several military agencies, law enforcement, corporate and Government bodies in these fields. Since Jan 2012 Rohit is awarded by prestigious Microsoft Most Valuable Professional award for eight consecutive years in the domain of “Enterprise Security”. In June 2016, one of his company got acquired by Quick Heal Technologies. In the international cyber domain, Rohit is of a liaison member at FIRST.org which is a consortium of Computer Emergency Response Teams (CERTs) from across the globe.

Muslim Koser has over 20 years of Information Security Experience with core focus on Cyber Threat Intelligence, Cyber Risk Management and Cyber security consulting.Before Volon, he worked at FireEye Inc (US listed Cyber Security Firm) where he headed their Cyber Threat Intelligence Research team. Muslim also worked at iSIGHT Partners (later acquired by FireEye Inc) as one of the initial employees and set up their Cyber Threat Intelligence research team from scratch.Previously, Muslim was based in Malaysia where he led the information security consulting practice for Network Security Solutions. Muslim is also credited with establishing national level CERT (and also a foreign) and consulting for various corporate CSIRTs.

Nitin Lakshmanan

Speaker @Blackhat USA 2019

Sanjay V

Trainer  @Blackhat USA 2019

Practical Exploitation of IoT Networks and Ecosystems workshop

Introduction: The Internet of Things (IoT) market today is defined by product manufacturers pushing a broad spectrum of computing devices out to the hands of consumers at an ever-increasing pace, and connecting them to the Internet. They are in a rush to hit the market shelves before their competitors and they often marginalize security. In this workshop, we offer hands-on training for pentesting and hardening IoT ecosystems, with special focus on popular communication protocols such as Zigbee, Bluetooth & BLE, as well as Device – Mobile – Cloud security topics. Students will learn about weaknesses in consumer IoT devices (wearables) paired with mobile ecosystems (Android & iOS) — how information theft is scarily easy, and what steps can be taken to harden these designs.We conclude with defensive security best practices and next generation SDLC for the products of tomorrow.

Agenda : 

  • Introduction to IoT – Discussion on basics of Internet of Things (IoT) – industrial and consumer IoT as the commonly seen categories of IoT platforms.We explain the traditional architectures for IoT and use cases
  • Security for IoT — why you should care? – We discuss actual attacks on IoT platforms, and what steps companies can take to mitigate these kinds of risks
  • Attacks on & Weak links for IoT products – This section dives into technical details of the attacks on IoT platforms. IoT ecosystems are comprised of the building blocks (See bullet 2) as well as numerous wireless channels, intra-cloud communication paths, IPC within mobile operating systems, etc. We spend time on those hard-to-reach areas in the IoT ecosystems and examine where the weak links lie, and how they may be exploited.
  • Hacking an IoT Wireless Sensor Network – Deep dive into IEEE 802.15.4, Zigbee and differences, Open Source tools and market hardware, Packet capture, analysis and manipulation using scapy, Packet injection into a WSN and Simple cryptographic techniques to protect against practiced attacks
  • Eavesdropping on an Activity Tracker – Deep dive into Bluetooth and BLE Security topics, Open Source tools and market hardware, Packet capture and analysis of shared pcap files, Sniffing BLE packets and cracking BLE security and best practices
  • Breaking Bluetooth adaptations on Android and iOS – Bluetooth service model on Android and iOS, walkthrough of a malware application on Android that eavesdrops on active wearable communication channels.
  • Security and Privacy Development Life Cycle (SDLC) for IoT – In this section, we cover the shortcomings of traditional SDLC models when applied to IoT platforms. We review a new/revamped framework that supports Agile development models, and Continuous Integration/Continuous Deployment.
  • Summary – Review theoretical and practical topics, Q&A, revisiting specific practical assignments based on student demand.

Attendee Requirement :

  • Kali Linux (Preferable)  or Anyother flavours of Linux.
  • Python 2.7.X
  • Wireshark
  • Scapy 2.4.2

About Speaker :
Trainer – Nitin Lakshmanan is a Senior Security Analyst at Deep Armor. He is skilled in SDLC methodologies and security assessment of IoT platforms, web applications, mobile solutions and thick client applications. He has developed advanced tools for infrastructure security assessment of modern cloud platforms, with special focus on AWS. Nitin regularly speaks at security conferences and a trainer at BLACK HAT USA 19

Trainer – Sanjay is a Security Analyst at Deep Armor. He is skilled in vulnerability assessment and penetration testing of web application and cloud security. He has advanced knowledge of AWS, and has developed advanced tools for security assessment of modern cloud platforms in python. Prior to his current role at Deep Armor, Sanjay worked for Deloitte India. Sanjay regularly speaks at security conferences and conducts trainings/workshops on IoT and Cloud topics. Sanjay is a speaker at the FIRST Technical Colloquium, India. He also played an instrumental role in designing and developing the content for Deep Armor’s Practical IoT Exploitation training delivered at Black Hat USA 2019

Jim Hietala

VP, Business Development and Security   @ The Open Group

Zero Trust Architecture: From Hype to Reality

Introduction: Zero Trust Architecture rethinks strategies to secure corporate assets. ZTA may allow us to create more enduring security architectures, with less entropy vs. today’s security architectures. However, lack of enabling standards is causing confusion about what ZTA is and vendor hype isn’t helping either. This session will describe the current state of ZTA, and standards initiatives that may help bring clarity and reduce barriers to adoption.

Agenda : 

  • Introduction – what are Zero Trust Architectures, and what security architecture and security operations challenges have led to Zero Trust Architectures as a potential path forward?  
  • History of Zero Trust Architectures. We will discuss the origins of ZTAs
  • Basics of ZTAs. What foundational standards and components currently comprise ZTAs?  
  • Where is the industry actually at in embracing ZTAs? What broad categories of ZTA solutions exist?
  • What does the standards landscape for ZTA look like? Which standards organizations are doing work here?
  • What is lacking, in terms of standards, reference code, solution components, and industry initiatives, to really drive ZTAs as security architectures of the future, and to ensure adoption and uptake?
  • Concluding thoughts, including how we might engage interest and energy from India and APAC to help drive ZTAs forward.

Attendee Requirement : Session participants will need basic understanding of security architecture.

About Speaker : Jim Hietala, is Vice President, Security for The Open Group, where he manages security and risk management programs and standards activities. He has participated in the development of several industry standards including O-ISM3, O-ESA, and the Open FAIR Body of Knowledge. An IT security industry veteran, he has held leadership roles at several IT security vendors, and he is a holder of several security and risk certifications, including Open FAIR, CISSP, and GSEC.

Dr. James Stanger

Chief Technology Evangelist @CompTIA

Surfing today’s emerging tech: A policy-based approach

Introduction: This talk focuses on managing cybersecurity issues that surround today’s implementations of emerging technology, including shadow IT

Agenda : 

  • Today’s ambient computing world, emerging tech, and the 4th industrial revolution.
  • Issues that occur when we use emerging technology to create our ambient computing world.
  • How to manage shadow IT issues.
  • Essential skills.

Attendee Requirement : 

This presentation is ideal for individuals who manage IT security solutions, or who also implement them.

About Speaker :  Dr. James Stanger has consulted with corporations, governments and learning institutions worldwide about cybersecurity, Linux and open source, Web technologies and emerging tech for over 20 years. Organizations such as DBS Bank India, IBM, NTT, the United Arab Emirates Cultural Division, Symantec, the UK Royal Army, the U.S. Navy, General Dynamics, and Northrop Grumman have consulted with him for security solutions. He is currently Chief Technology Evangelist at CompTIA, the world’s largest IT tech industry association.

Satish Sreenivasaiah

CoE – Security @Tata Consultancy Services

DevSecOps Tools and Beyond

Introduction: This session will provide details on the usage of OSS tools to secure your dev and ops lifecycle. It covers tools used in application, host and network security assessments for both monolithic and Microservices based architectures. The session also covers usage of OSS tools for runtime application self-protection. Apart from tools in development phase, the session provides insights on building secure design into the product via threat modeling tool.

Agenda : The agenda of the session is to equip product /project development teams to adopt OSS tools for building a secure and robust product for a faster Go-To-Market. It covers OSS tools used in security assessments during DevSecOps as detailed herein, Design via Threat Modeling tool Source code scan (SAST) Run time application scan (DAST) Third party library vulnerability (CVC) Technology stack vulnerability scan Vulnerability assessments and penetration testing (VAPT) It also looks at IAST and RASP and remediation approach to resolve the above identified vulnerabilities would be discussed.

Attendee Requirement : Attendees should have an understanding of Software Development / DevOps / DevSecOps. The session will be covering OSS tools for security assessments and their demonstration and hence no equipment is needed by the participants.

About Speaker : Satish Sreenivasaiah is the Head of Product Trustworthy CoE at TCS and works with product development units across TCS to build robust security, high performance with optimal infrastructure.He has more than 20 years of industry experience and holds the title of Master Certified IT Architect by The Open Group, a Chartered IT Professional (CITP) from British Computer Society (BCS). He also holds the Stanford Advanced Computer Security certification and is a Data Security Privacy professional from DSCI and a CEH. He is a frequent speaker at various conferences viz., IIMB- FICCI conference on Data protection in 2019, DSCI Conference on Product Security in 2019, The Open Group, CMGI and SACON 2016.

Dr. Monojit Choudhury

Principal researcher @Microsoft Research Lab India

Evolution Of AI : Past, Present, Future

Introduction: AI has revolutionized almost every aspect of human lives – from healthcare to agriculture, and from fashion to political campaigns. There is a lot of excitement as well as fear around the future promises of AI. Yet, speculations abound that we are soon going to hit the third AI winter. In this talk, I will try to address some these questions and speculations. I will use examples from the domain of Natural language processing (NLP) – allegedly one of the hardest areas of AI – to illustrate what we have achieved, what are the promises offered by the recent advances in deep learning and why there are certain problems that are too difficult for any of the current approaches to handle. I will also highlight the non-AI aspects of AI system building (aka data creation and engineering) which are the unsung foundations of most practical AI systems.

Agenda : 

  • What is AI? 
  • A brief history of AI – from rule-based systems to deep learning
  • How does deep learning work?
  • What are some of the advantages and disadvantages of deep learning?
  • Where do we stand today with respect to various AI tasks?
  • Why are some problems (e.g., common sense reasoning) extremely hard for AI to solve, but occurs naturally to humans?
  • Given that AI can solve many problems and is unlikely to solve many others, how should we reimagine human+AI systems?
  • What are some of the ethical concerns of AI?
  • Why data creation is an ever more important and challenging problem today?
  • What does developing an AI system entail?

Attendee Requirement : Students considering AI as a career, AI-enthusiasts, users of AI, technology leaders and thinkers, arm-chair philosophers. and anybody bitten by the AI-bug! 

About Speaker : Dr. Monojit Choudhury is a principal researcher in Microsoft Research Lab India. His research spans many areas of Artificial Intelligence, cognitive science and linguistics. In particular, Dr. Choudhury has been working on technologies for low resource languages, code-switching (mixing of multiple languages in a single conversation), computational sociolinguistics and conversational AI. He has more than 100 publications in international conferences and refereed journals. Dr. Choudhury is an adjunct faculty at International Institute of Technology Hyderabad and Ashoka University. He also organizes the Panini Linguistics Olympiad for high school children in India, and is the founding chair of the Asia-Pacific Linguistics Olympiad. Dr. Choudhury holds a B.Tech and PhD degree in Computer Science and Engineering from IIT Kharagpur.

Suhas Desai

Industry Principal @Infosys Cyber Security unit

The Power of APIs – API Economy Trends & Market Drivers, Security Risks and Mitigation Strategies

Introduction: The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.

Agenda : This session aims to discuss on trends in APIs , API Management Platform technologies and how it is driving API economy. Wide acceptance of APIs in Industry 4.0, Connected Devices , Cloud computing and payments industries are driving digital growth and helping organizations with secure data communications and business growth through API economy. Detailed discussions on top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IOT/OT devices integrations and integrations with third party applications/aggregators and gateways. We will focus on need of implementation of the API security governance framework and how to measure API security programme’ s success through this governance framework.

Attendee Requirement : Security Consultants, Security Architects, Digital Banking Professionals, IOT & OT Security, API Security Consultants, Cloud Security Professionals

About Speaker : Suhas is the Industry Principal in Infosys Cyber Security unit. Prior to Infosys, Suhas was the Vice President of Digital Security Services at Aujas. Prior to Aujas , he was an Associate Director in the Cyber Security Advisory of. He has delivered notable sessions at many global conferences and summits including RSA Singapore, CommunicAsia Singapore, OWASP Malaysia and ISACA, Dubai.

Pradyumn Nand

Senior Security Analyst @Makemytrip

Mrinal Pande

Senior Security @Makemytrip

Metron & Blitz - Building and scaling your own Open Source SIEM & SOAR

Introduction:

Open Source technologies are being widely adopted to help SOC / DevSecOps teams in day to day operations. We’ll be showcasing how we’ve built our SIEM using Apache Metron with a custom SOAR layer – Blitz over it to alert and respond to threats in real time. We’ll deep dive into the architecture of both platforms and demonstrate various use cases covering cloud infra, endpoint devices, outbound traffic and perimeter security threats. We’ll also present how to automate remediation to alerts and scale the setup for orchestration and threat hunting.

Agenda :

  • Challenges of using a proprietary SIEM – transition to Open Source.
  • Metron architecture – pipelining and scaling use cases.
  • Blitz architecture – SOARing over threats.
  • Use case demonstrations with response actions.
  • Leveraging the platform for threat hunting

 

Attendee Requirement : Please bring your laptops and charger for any hands on activities (as required)

 

About Speaker :

We are security framework developers/architects working with MakeMyTrip. We specialise in building scalable SOC & SOAR frameworks using open source tools and services with emphasis on statistically modelling behaviour anomaly in infrastructure. We’re skilled in AWS, Python, Web Frameworks, workflow automation, data modelling and OSINT. We love building data lakes and anomaly detection models with a thrust on extending our capabilities to detect business process abuse as well.

Dr. Soumya Maity

Principal Engineer @Dell Technologies

Lokesh Balu

Senior Principal Engineer @Dell Technologies

A scalable, control-based, developer-centric Threat Modeling for secure software development

Introduction:

A comprehensive application threat model demands specialized skills and expertise which might be difficult to avail considering the increasing resource gap in software security market. Making a scalable threat model framework is difficult even for big enterprises. Even the tools that help to manage the threat modeling process have limitations. In this talk, we will present control-based threat modeling to explore the possibilities of moving from a traditional threat-library based threat model to a more developer-centric threat model and how this paradigm change may add value towards developing secure software.

Agenda : 

Introduction:

What is the state of art of threat models, Threat Library based approach pretty much everywhere

  • What is the problem with threat-library based approach :

-To solve the problem, there are automated tools. They have limitations,Proposal to solve the problem , a control-based translation of threat library

-Moving with security controls

-Background of controls, ISO 27034

-Concept of controls and its relevance to Secured S/w development

-How is it going solve the challenge

-Applicability of controls in threat model

-a novel approach to developer centric control based threat model

-How is it solving the discussed problem

-Case study

-With example, Future work, Key Takeaways

About Speaker :
Dr. Soumyo Maity is an SDL Consultant to several product teams in Dell Technologies. He has over 6 years of experience in product security including SDL Adoption, security architecture, and incidence response. He is a PhD in information security and published over twenty peer-reviewed international research articles and book chapters.

Lokesh Balu is a Senior Principal Engineer in Product Security arm of Dell’s Product and Application Security organization. He has 15+ years of experience in driving proactive / reactive aspects of Secure Software Development Consultancy, Product Security Incident Response, Threat Intelligence Management, Vulnerability management and remediation guidance for products, software & IT systems. He has bachelor’s in Electronics and Communication engineering and has gained CISSP, CSSLP, GCIH, GCTI, (GCFA), CSIRA, CSTE certifications.

Anand Tapikar

Principal Product security Leader             @GE healthcare

Attack vectors of Kubernetes infra. Are we on right path of securing it?

Introduction:Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. K8s groups containers that make up an application into logical units for easy management and discovery. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. As organizations accelerate their adoption of containers and container orchestrators, they will need to take necessary steps to protect such a critical part of their compute infrastructure.

How this topic is relevant 1 out of 5 organization going for container installation Container security attack vectors are rising Recently major vulnerability discovered in containers and got good media attention Duration (Mentioned on sacon.io, if not as per program committee call).

Agenda :

  • Container security challenges: Common attacks on Container infra – Like cross container attacks, data snooping, rogue containers.
  • Kubernetes architecture and processes.
  • Pattern of application deployment on k8s.
  • Security concerns with Typical K8s deployment.
  • Strategies to build good Kubernetes and container infrastructure Data encryption, authentication and RBAC within K8s.
  • Common security tools that can be leveraged.

About Speaker : 20+ years’ experienced security leader working as Product security Leader with GE healthcare CGEIT, CISA, PMP, ISO27001 Lead Auditor, AWS security certified Earlier worked with Oracle, Genpact, Philips and Ramco systems Worked at global level and handled network security of all major Indian banks, financial institutes and currently handling security for healthcare organizations.

Satish S

Senior Security Team Lead @Security Innovation

WEB HACKING USING CYBER RANGE

Introduction: Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.

Agenda :

  • Introduction to CyberRange
  • Introduction OWASP top 10
  • Cross-Site Scripting Attacks
  • Cross-Site Request Forgery
  • SQL Injection Attacks, error based, time based and data exfiltration using SQL Injection
  • Insecure File Upload Attacks 
  • Privilege Escalation

Attendee Requirement : Laptop and Laptop Charger. Any web browser, Proxy tool such as OWASP Zap (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) or Burp Proxy Free (https://portswigger.net/burp/communitydownload).

About Speaker : Satish S is a Senior Security Team Lead working with Security Innovation India. He has 6+ years of experience in Web Application , Thick Client, Mobile application and Network Security Assessments.

Nilanjan

Co-founder of FireCompass

Jitendra chauhan

Principal Architect @FireCompass

Abhisek Datta

Head of Technology @ Appsecco

How does an attacker know everything about your organization? - Know the Unknowns

Introduction:

  • Key Insights

It is possible to create a comprehensive attack surface of any organizations just with open data available on the public internet It is possible to search vulnerable targets and compromise the targets. The organizations can be compromised without any RCE vulnerability. It is possible to create inhouse team to continuously monitor your attack surface and fix flaws before attackers find them.

  • Audience:

1. You are a Red Teaming / SOC Analyst and want to build OSINT Engine for your internal organization security.

2. You are a bug bounty hunter/Security Researcher and you want to find new potential targets to attack

3. Finally, You are a OSINT enthusiast

Agenda : 

Data Collection

OSINT tools and techniques using which it is possible to

1. Perform asset discovery against a target organization.

2. Identity potential attack surfaces without active scanning We will free and open source tools to practically demonstrate various OSINT workflows.

Data Indexing and Storage

Use Big Data Technologies such as Hadoop/BigQuery and HBase/Big Table to index TBs of data within a few hours. This index will be quaried to find information against target organizations.

Data Analysis and Vulnerable Targets Discovery

Searching TBs of data for potential vulnerable targets.

This is where we will demonstrate basic threat hunting by correlating collected information and planning potential attacks.

Attendee Requirement :

  • Google Cloud Account with Free Tier Access Basic
  • Hands on BigQuery and BigTable/HBase.

About Speaker :

Nilanjan is the co-founder of FireCompass. Earlier he had co-founded iViZ and served as its Chief Technology Officer till its acquisition by Cigital Inc.

Vandana Verma

OWASP Board Of Directors, Women In Security

Living In A World of Zero Trust

Introduction: 

As now everything is moving to cloud, all the applications are accessible from anywhere and everywhere. However, No one wants their private information to be compromised and openly available for the world. We have been taking so many precautions, however breaches continue to happen. How should we fix this?

Organisations have been talking about Zero Trust lately and this has become a buzzword. The talk will explore Zero Trust beyond the buzzword and describe what exactly is Zero Trust and why it is so important to keep organisations safe. How can we implement or deploy Zero Trust in an organisation while keeping the current and future state of an organization in mind. What should be the business model to move any organisation towards Zero Trust Architecture and what all policies need to be implemented to achieve the same.

In the end, certain recommendations will be shared with the participants as a takeaway from my own experiences while working towards implementing the Zero Trust.

About Speaker :

Vandana is a seasoned security professional with over a decade worth of experience ranging from application security to infrastructure and now dealing with DevSecOps. 

She is a global speaker and Women in Cyber Security Advocate. She received Global cybersecurity influencer among IFSEC Global’s “Top Influencers in Security and Fire” Category for 2019. She recently received Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

She works with various communities (InfoseGirls, OWASP, WoSec and null) and is passionate about increasing female participation in Infosec space. She has trained over 1000+ Diversity Participants around the globe on Web Application Security. She has been a Keynote speaker at OWASP Global AppSec DC2019,  spoken and trained at various conferences AppSec Europe, AppSec USA, NullCon, Defcon (AppSec Village), Security Guild 2019, BSides Delhi, Diana Initiative, c0c0n (Kerala Police Conference), Global AppSec Tel Aviv and Blackhat US 2019. She is part of the crew for OWASP SeaSides and Bsides Delhi conferences. She also does CFP Reviews for AppSec Europe, Global AppSec Tel Aviv, Global AppSec DC and Grace Hopper US 2019 (Security/Privacy Review Track).

 

 

 

 

 

Haragopal Mangipudi

Founder of guNaka 

leadership - the power of influence

Key Points:

  • How to Self-assess your individual styles of influence.
  • Strategize methods to influence your stakeholders
  • Identify ways in which the concept of persuasion applies to your role

About Speaker :

Haragopal (aka Hara) is the founder of guNaka®  ,co-creator of finUNO® and an adjunct faculty at Indian Institute of Management, Bangalore. He consults / mentors many software product companies as well as startups. 

Hara grew up with Finacle® (at Infosys) for two decades (till October 2014), from its inception to leadership across six continents. He was the Global Head of Finacle and was a member of the Executive Council of Infosys.

Hara is a member of the global board of ISPMA (International Software Product Management Association), the global Software Product Management tribe. He was also on the governing board of IIML – SCIFI (Indian Institute of Management, Lucknow) 

Hara is a recipient of the Distinguished Alumnus Award in 2016 from the prestigious IIMB (Indian Institute of Management, Bangalore).

Wasim Halani

Heads the R&D unit @Network Intelligence (NII)

Arpan Raval

Senior Threat Analyst @Optiv Inc

Practical Threat Hunting - Developing and Running a Successful Threat Hunting Program

Introduction:

The workshop is intended to demonstrate how to develop and run a threat-hunting program in an organization. It starts with understand the concepts of threat-hunting and how it fits into an organization’s BlueTeam. The workshop will cover hands-on sessions on running a structure and unstructured hunt using different log sources commonly available in an IT environment

Agenda : 

  • Introduction to Threat Hunting
  • Different Approaches and Methodology for Threat Hunting
  • MITRE ATT&CK
  • Data Governance and Quality
  • Threat Hunting Hypothesis Generation Process
  • Hands-on Hypothesis creation
  • Hands-on Hunt Execution
  • Data Transformation Methods for Spotting Anomalies
  • Post Hunt Activities
  • Threat Hunting Program Documentation

Attendee Requirement : Laptops fully charged for hands on activities

About Speaker :

Wasim Halani currently Heads the R&D unit at Network Intelligence (NII). He is responsible for software solutions developed by NII.After working on offensive security for about 8 years, he ventured into defensive security for the past few years. His exposure to the Elastic stack (previously ELK) drove him into the fascinating domain of threat hunting and he is now working to build a platform for enterprise threat hunters.

Wasim has been a past presenter at SACON and other cybersecurity conferences in India (OWASP, BSides, Malcon, SecurityBytes).

Arpan Raval works at Optiv Inc as a Senior Threat Analyst. Arpan started his carrier as a Digital Forensics and Incident Response Analyst back in 2016 at Network Intelligence where he worked with some of the brightest minds in the industry to unfold some of the biggest cyber breaches in India. In his current role, he works in Optiv’s Advanced Fusion Center team and leads Threat Hunting engagements. He spends most of his time in understanding how attacks and adversaries work and how they can be detected. Understanding how adversaries work is what he loves to do.

 

Venkatesh Murthy K
 
Director @Data Security Council of India 

Cybercrime Response - Legal & Technical perspectives

Introduction: 

When Cyber incidents occurs, many organisations do not have the right tools, systems or knowledge to conduct a suitable investigation. Organisations need to identify quickly when the scope and severity is beyond in-house skills, before decisions are made that may adversely affect an investigation. It is very important for companies to have the right policies, procedures and communications ready in place. An effective Cyber incident response plan can prove critical in  minimizing the resulting damage and expediting recovery. The best time to plan such a response is now, before an incident occurs.

Agenda :

  • Present state of cybercrime incident handling by Corporate & Law enforcement….Need of Incident response team in organizations
  • Legal challenges faced in dealing with the internal investigations- best practices that would allow admissibility of the findings
  • Core competencies and Standards of practice for handling Cyber Security breach incidents.
  • Building an effective Incident Response Management team- legal, technical & managerial skills.
  • Few case studies

About Speaker:

Venkatesh Murthy has over 14 years’ experience in Cybercrime Investigation training and Digital forensics. He is currently managing a program for capacity building of Law Enforcement Officials by training through the Digital Forensics initiative of DSCI.

He was deeply involved in the setting up of country’s unique public-private partnership initiative “Cyber Crime Investigation Training & Research (CCITR)” at the Cyber Crime Police Station, CID Headquarters, Bengaluru in partnership with Karnataka Police, Infosys Foundation and DSCI.

Mr. Murthy has conducted exclusive cybercrime training programs for Police, Prosecution and Judiciary of India. He has edited several publications for law enforcement including the Cybercrime investigation manual, Pocket Guide for Investigators etc.,.

He is an alumnus of IVLP program of US Department of State on the topic “Linking Digital Policy to Cybercrime Law enforcement” in Feb 2017.

He holds a Bachelor’s of Engineering degree in Telecommunication from Visvesvaraya Technological University, Karnataka.

M T Karunakaran 

CTO @Qunulabs

Quantum safe Networks

 

Key Points:

  • Quantum computers are becoming a reality.
  • The classical key distrbution algorithms,based oncomputational complexity are under threat.

 

 

About Speaker :

M T Karunakaran , BTech IIT-Madras, Ex TIFR-CDOT, Serial enterprenuer, now CTO Qunulabs

Apoorv Raj Saxena

Red Team Researcher @Fire Compass

Hacking and Securing Kubernetes and Dockers in Cloud - Hands-on

Introduction: Based on recent research of mine this will be a Hands-on demonstration of Docker and Kubernetes exploitation and a deep dive on how to achieve remote code execution through low hanging fruits of docker and Kubernetes.

Agenda : 

  • Basics of Docker
  • Docker related vulnerability
  • Docker hacking Demo
  • Basics of Kubernetes
  • Kubernetes hacking Demo
  • Mitigations 

Attendee Requirement : Basic Understanding of containerized systems and docker orchestration frameworks.

About Speaker : Apoorv Raj Saxena is a Red Team Researcher at Fire Compass having a mixed background of development and security in WebApps, Networking, and NLP area. He likes to do bug bounty hunting in his free time. He is a programmer, a hacker and loves to automate things. As a security professional, his primary area of research is containers, Docker, and sister services and other interest area includes Smart contracts and GraphQL.

 
Vikas Yadav 
 
CISO @Nykaa

Bhowmik Shah

Cofounder and CTO @CyberNX

Ensuring Effective AWS Security on a Budget

Introduction: 

This session will focused on helping participants understand  and implement security on AWS Cloud on a tight budget using AWS Cloud Native Controls, following security best practices and using open source tools. We will cover some of the key challenges in  ensuring security of AWS Cloud environments and how to deal with them. This session will also share best practices for auditing AWS environments to better assess and secure it. 

About Speaker:

Vikas Singh Yadav is an experienced Information Security professional with 20 years of leadership experience in various sectors.  He has done his B Tech (Telecom and IT) from Army and M Tech (Computer Science) from IIT Kharagpur. He is an SME with both COMPTIA and EC Council for their certification programs. Currently he is CISO of Nykaa,  India’s leading E Commerce portal for Beauty and Fashion products. He has been CISO of Max Life Insurance and also has had a distinguished career in the Indian Army. 

Bhowmik Shah has an extensive hands-on background in DevOps and Security. With more than a decade and a half spent designing, implementing and securing systems, applications and infrastructure he has seen most sides of the security landscape. Bhowmik is currently a Co-Founder at CyberNX Technologies where he also functions as the CTO and Cloud Security subject matter expert.  CyberNX is a specialised niche cyber security advisory firm which works extensively within the BFSI and other sectors to help clients strengthen and mature the complete security layout for their environments. Apart from these activities he also has a keen interest in Digital Forensics and Threat Modelling.

SACON Trailer

2019 SACON Speakers

Call For Speakers

Call For Papers Date: Closed For 2019, Open For 2020

SACON is the only conference on Security Architecture & the largest security conference in India of Senior Security Executives, Chief Information Security Officers, Security Architects, Developers, Engineers & more The 2 day conference & training will host over 1000+ attendees with the most celebrated global Security professionals along with the top Chief Security officers in India with over 50+ sessions and 30+ International Speakers from different countries sharing their insights and experiences with the CISOs working to secure businesses of all sizes in various innovative ways. If Call For Speakers ends for a current year, we consider them for the next time

Past Workshops

Dr. Phil Polstra

AUTHOR OF ‘LINUX FORENSIC’, FREquent speaker at defcon, blackhat

Workshop : LINUX & windows forensic
(1 Day): This workshop will introduce attendees to Windows & Linux forensics using 100% free and open source software. Python and shell scripting will be used to easily analyze both Windows & Linux systems at deep level.

Wayne Tufek

FREQUENT SPEAKER AT RSA APJ, ISC2 & MORE

My session will show how to design a security architecture that guides an organisation on what safeguards must be implemented in order to address real world risks and threats. Organisations have a limited budget, the question is, how does the security architect determine what to spend their limited time and budget on in order to obtain the best outcome and return on investment. 

Madhu Akula

Frequent Trainer at blackhat usa

In this workshop, we will learn how to defend our cloud infrastructure using Serverless and Elastic Stack. Elastic Stack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.

Venue

Join 600+ SACONites here in Bangalore @ Taj Yeshwantpur

Conference Days

21st February, Friday: 8:00-18:00 Hrs 22nd February, Saturday: 8:00-17:30 Hrs

Pricing Table

Pass Type Pass Includes  24 Oct   25 Oct - 6 Jan   7 Jan - 22 Jan   23 Jan - 31 Jan   1 Feb - 15 Feb   16 Feb - 22 Feb Status
Member Pass

2 Day Attendance Pass

2 Lunch Coupons

 4,000 + Tax            Sold Out
Single Pass

2 Day Attendance Pass

2 Lunch Coupons

   5,700 + Tax   6,700 + Tax   8,000 + Tax  10,000 + Tax   12,000 + Tax   Few Left 
2 FOR 1 Pass  2 Passes for 2 people (Attendance + Lunch)    10,000 + Tax   10,000 + Tax   13,000 + Tax   15,000 + Tax   15,000 + Tax   Few Left 
Special VIP Pass  2 Day Attendance Pass

2 Lunch Pass

1 VIP Networking Dinner

   15,000 + Tax   15,000 + Tax   15,000 + Tax   15,000 + Tax   15,000 + Tax   Few Left 

SIGN UP FOR 2for1 PASS

What Are Attendees Saying?

If I hadn't come, it would take another 2 to 3 years to learn and understand these tools
SACON
VIJAY KUMAR REDDY​
L&T INFOTECH​
The principles .. gives a structure to the thought process and to the approach .. a very critical element for everything...
Manoj Kuruvanthody
Infosys
Very insightful, will definitely help us create a very effective security architecture
Anil Kumar K K
DTDC

Who Covered US

SIGN UP FOR 2for1 PASS

2019 AGENDA & PRICING

For detailed agenda click here

For pricing details click here

1000+ Organizations Attended

TOP talks

SIGN UP FOR 2for1 PASS