Infosec in the City 2019, Marina Bay Sands Level 5, Singapore

Infosec in the City 2019, Marina Bay Sands Level 5, Singapore
18 - 20 June, Exhibition | 19 - 20 June, Conference

Overview Event Highlights Sponsors and Partners Conference Training BizComm Theatre CXO Luncheon
Infosec in the City, Singapore 2019 is organised in response to calls for a more techno-centric conference in Singapore from the industry, community and government agencies. The event will focus on sharing and discussions of deep-technical knowledge and insights, cybersecurity capabilities and capacity building.

A premier techno-centric cybersecurity event that brings together top cybersecurity leaders and experts from the East and the West, Infosec in the City, Singapore 2019 is set to build the next-generation cybersecurity capabilities and capacity around the globe.

To visit IICSG exhibition area including Villages, Business Theater & Lounge please register for a free NXTAsia @ Marina Bay Sands exhibition pass at the register button below.

For all students who are interested in registering for the conference, contact Junshu.Ong@ubm.com.

For all registrants who will be making payment via telegraphic transfer, contact Junshu.Ong@ubm.com if you require an invoice.

First 300 paid delegates will receive an exclusive IICSG 2019 electronic badge
Registration Fees

The 2-day conference will be held from 19 - 20 June 2019 at Marina Bay Sands Singapore. Topics covered include:

For registration enquiries, please contact Jun Shu at Junshu.Ong@ubm.com
For sponsorship enquiries, please contact Leon Kwek at leon.kwek@ubm.com

Co-located with:

CTA-logo

Held in:

SG-logo
Exhibition Foyer/ Cutting-edge Services & Solution Showcase Exhibition Foyer/ Cutting-edge Services & Solution Showcase

Experience cutting-edge cybersecurity products & solutions offered by our sponsors.

Community Night Community Night

In support of the local community, it's #IICSG tradition to host Singapore Cybersecurity Community's mini-conference. The Community Night features fun and insightful talks by leaders and experts from the cybersecurity community

CXO Luncheon Brief CXO Luncheon Brief

A by-invitation event for C-suites and senior officers from both the public and private sectors. Leaders and experts of various cybersecurity domains will come together to share and discuss cutting-edge techniques and solutions, and real-life scenarios and considerations when securing the critical information infrastructure (CII) and business cyberspace.

Thought Leadership / Lightning Stage Thought Leadership / Lightning Stage

On top of the main conference/premium talks and workshops, #IICSG2019 will be featuring 2 additional tracks, made available to all conference and exhibition ticket holders, at the exhibition foyer, spread over 3 days (18-20 Jun 2019).

Networking Lounge Networking Lounge

The central destination for #IICSG2019 attendees to network, enjoy food and beverages during breaks and conduct meetings and discussions in a relaxed setting within this sleek and fully furnished lounge.

Capture-the-Flag Capture-the-Flag

Whether you've just started your cybersecurity journey or you're looking for new, challenges, #IICSG2019 CTF competitions have something for you.

Relax in the City Relax in the City

Refreshments served at “that time in the afternoon” when ice-cold refreshment is needed.

Local Delights Local Delights

Irresistible tasty biscuit served throughout the conference.

Coffee in the City Coffee in the City

No more bad coffee to keep you going through the day. In #IICSG, we serve specially selected coffee and tea to keep you fresh and energised throughout the day.

VXCON (Variety Exploitation) Village VXCON (Variety Exploitation) Village

VXRL is founded by a group of passionate cybersecurity researchers and white-hat hackers in Hong Kong. The VXCON Village will be powering an in-depth hands-on playground.

Car Hacking Village Car Hacking Village

Singapore Cybersecurity Community — Division Zero (Div0)'s Car Hacking Quarter (CHQ)'s annual flagship showcase for car hacking enthusiasts.

Startup Village Startup Village

Singapore Cybersecurity Community — Division Zero (Div0)'s Startup Quarter's annual flagship showcase on how the community can support startups and small businesses with their cybersecurity challenges, and provide a platform to grow cybersecurity innovation and startups in Singapore.

Electronic Badge Village Electronic Badge Village

1st 300 conference registrants will be given an #IICSG2019 electronic badge. Learn all the fun stuff you can do with your new card-sized electronics.

Learning Lab Village Learning Lab Village

Cybersecurity range/lab which attendees can get their hands on learning offensive and defensive cybersecurity technique.

Career Village Career Village

Featuring Career Consultation, CV workshops, mentorship chat sessions, and more!

Interested in featuring your own village? Interested in featuring your own village?

Contact us here

Gold Sponsor

Silver Sponsor

Bronze Sponsors

Additional Sponsors

CXO Luncheon Sponsors

Lounge Sponsors

Community Night Sponsors

Student Scholarship Sponsors

CTF / Village Sponsors

After Party Sponsors

Supporting Government Agencies

Supporting Organisations

Supporting Events



Interested in Sponsoring? Kindly contact Leon at leon.kwek@ubm.com.

Day 1 Opening Keynote

Wednesday, 19 June 2019,
Sands B 5201/5202, Level 5

10:30am - 11:00am
WELCOME ADDRESS & OPENING ADDRESS

Adrian M. & Emil Tan

11:00am - 11:45am
OPENING KEYNOTE

SPLINTERNET & THE CASE FOR TRANSPARENCY

Oleg Abdurashitov, Kaspersky Lab

‘Deep Tech’ Track

Wednesday, 19 June 2019
Sands B 5201/5202, Level 5

1:00pm - 1:45pm
EXPLOITING WINDOWS VISTA RESOURCE VIRTUALIZATION

James Forshaw, Google

2:00pm - 2:45pm
REAL HARDWARE HACKING FOR S$30 OR LESS

Joe FitzPatrick, SecuringHardware.com

3:00pm - 3:45pm
THE ART OF PERSISTENCE: LURKING BEHIND THE BROWSER

Samuel Pua, MWR InfoSecurity

4:00pm - 4:45pm
CLOUDY CLUSTERS CATASTROPHE

Rory McCune, NCC Group

5:00pm - 5:45pm
PWNING AWS CLOUD SERVICES

Mohammed Aldoub

‘Insights’ Track

Wednesday, 19 June 2019
Sands B 5301, Level 5

1:00pm - 1:45pm
BODY LANGUAGE BEHIND SOCIAL ENGINEERING ATTACKS

Sarka Pekarova

2:00pm - 2:45pm
RESKINNING THE ROBOT: THINGS I WOULD LOVE TO TELL MY YOUNGER SELF

Quentyn Taylor, Canon

3:00pm - 3:45pm
DATA BREACHES: BARBARIANS IN THE THRONE ROOM

Dave Lewis, Cisco

4:00pm - 4:45pm
MACHINE LEARNING & SECURITY

Clarence Chio

5:00pm - 5:45pm
DESIGNING SECURE SYSTEMS: VALUE DRIVEN THREAT MODELING

Avi Douglen, Bounce Security

'Workshop' Track

Wednesday, 19 June 2019
Sands B 5302, Level 5

1:00pm - 2:45pm
AN INTRODUCTION TO SAP FORENSICS

Jordan Santarsieri, Vicxer

3:00pm - 3:45pm
CATCH ME IF YOU CAN — SEEING THE RED THROUGH THE BLUE

Owen Shearing & Will Hunt, in.security

5:00pm - 6:45pm
LINUX-KERNEL RESEARCH FOR KERNEL-NEWCOMERS: WHERE TO START FROM?

Ron Munitz, The PSCG

Community Night

Wednesday, 19 June 2019
Sands B 5201/5202, Level 5

6:45pm - 9:00pm
COMMUNITY NIGHT WELCOME ADDRESS

Emil Tan & Fadli Sidek, Division Zero (Div0)

7:00pm - 7:30pm
COMMUNITY NIGHT OPENING KEYNOTE

Dhillon 'L33tdawg' Kannabhiran, Hack in the Box (HITB)

7:30pm - 8:15pm
FINDING A BIG SUPPLY CHAIN ATTACK

Vitaly Kamluk, Kaspersky Lab

8:15pm - 9:00pm
OLD-SKOOL COPY PROTECTION: DRM IN THE AGE OF MARIO

Aliz Hammond, MWR InfoSecurity

Day 2 Opening

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

10:15am - 10:30am
WELCOME BACK ADDRESS

Emil Tan

‘Deep Tech’ Track

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

10:30am - 11:15am
YOU ARE NOT HIDING FROM ME .NET!

Aden Chung, MWR InfoSecurity

11:30am - 12:15pm
A RED TEAM PERSPECTIVE TO RESEARCH

Vincent Yiu, SYON

1:30pm - 2:15pm
GARGOYLE HUNTING IN-DEPTH: DETECTING 'GARGOYLE' CODE-HIDING VIA AUTOMATED WINDOWS KERNEL ANALYSIS

Aliz Hammond, MWR InfoSecurity

2:30pm - 3:15pm
ANALYZING KONY MOBILE APPLICATIONS

Terry Chia, Centurion Information Security

3:30pm - 4:15pm
NATIVE MOBILE BOTNET & ANTI-BOTNET SOLUTIONS

Ron Munitz, The PSCG

‘Insights’ Track

Thursday, 20 June 2019
Sands B 5301, Level 5

10:30am - 11:15am
ATTACKING OFFENSIVELY FOR DEFENSE

11:30am - 12:15am
SPEED-UP RECON & PWN ON BUG BOUNTY? BUILD YOUR OWN TOOL!

Igor Lyrchikov & Egor Saltykov

‘Fix It’ Track

Thursday, 20 June 2019
Sands B 5301, Level 5

1:30pm - 2:15pm
OFFICE IOT: THE ELEPHANT IN THE ROOM

Quentyn Taylor, Canon

2:30pm - 3:15pm
DO YOU SEE WHAT THEY SEE? ASSET DISCOVERY IN THE AGE OF SECURITY AUTOMATION

Isaac Dawson, Linkai

3:30pm - 4:15pm
P@SSWORD MAKING & BREAKING

Will Hunt, in.security

'Workshop' Track

Thursday, 20 June 2019
Sands B 5302, Level 5

10:30am - 12:15am
ATTACKS ON GSM-ALARMS, SMART HOMES & SMARTWATCHES FOR KIDS

Aleksandr Kolchanov

1:30pm - 3:15pm
MACHINE LEARNING & SECURITY

Clarence Chio

3:30pm - 4:15pm
REAL HARDWARE HACKING FOR S$30 OR LESS (HANDS-ON)

Joe FitzPatrick, SecuringHardware.com

Closing Address

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

4:40pm - 5:00pm
CLOSING ADDRESS, PRIZE GIVING & LUCKY DRAW

Adrian M. & Emil Tan

After Party

Thursday, 20 June 2019
Venue: DALLAS RESTAURANT & BAR (SUNTEC CITY)

6:00pm - 10:00pm
All training and conference pass holders are welcome to attend

PRE-CONFERENCE EDITION TRAINING

Monday & Tuesday, 18 – 19 June 2019,
Peony, Level 4, Marina Bay Sands

9:00am - 6:00pm
ATTACKING & SECURING APIs

Mohammed Aldoub

9:00am - 6:00pm
LINUX-KERNEL RESEARCH FOR KERNEL-NEWCOMERS: BUILDING, DEBUGGING, FUZZING & FORENSICS TOOLS

Ron Munitz, The Premium Software Consulting Group (PSCG)

9:00am - 6:00pm
BUILDING SECURE SYSTEMS WITH THREAT MODELLING

Avi Douglen, Bounce Security

POST-CONFERENCE EDITION TRAINING

Monday to Thursday, 24 – 27 June 2019,
ICE71, 71 Ayer Rajah Crescent, 02-18, Singapore 139951

9:00am - 6:00pm
ARM EXPLOITATION (AARCH64 EXPLOITATION)

Ron Munitz, The Premium Software Consulting Group (PSCG)

CXO Luncheon Brief

Level 5, Sands B 5201/5202, Marina Bay Sands, Sands Expo & Convention Centre

A by-invitation brief event for C-suites and senior officers from both the public and private sectors.

Leaders and experts of various cybersecurity domains will come together to share and discuss cutting-edge techniques and solutions, and real-life scenarios and considerations when securing the critical information infrastructure (CII) and business cyberspace.

Join the leaders and experts in an insightful session over an exquisite lunch, and learn how to manage the next-generation risks, threats and vulnerabilities.

12:00pm - 12:35pm
REGISTRATION & LUNCH

12:30pm - 12:35pm
WELCOME & OPENING ADDRESS

Adrian M. & Emil Tan, Organisers & Founders, Infosec in the City

12:35pm - 1:30pm
CYBERSECURITY BRIEFS

More than 5 insightful briefs by industry leaders and experts from cutting-edge cybersecurity companies, Product Security Incident Response Team (PSIRT) and fellow Chief Information Security Officers (CISOs).

WHY ARE THE BASICS SO HARD

Quentyn Taylor, Canon

Why it's always easier to chase new infosec technology rather than fix the basic issues that surround us. If we look at some of the massive issues from botnets to cyberwar – the roots of the solution are the infosec basics.

ASSET DISCOVERY & MONITORING IS AN ORGANISATIONAL PROBLEM

Isaac Dawson, Linkai

Coordination between security teams and IT operations is mandatory for any successful information security program. Nowhere is that more poignant than continuously discovering and monitoring your external attack surface.

DRIVING SECURITY VALUE WITH THREAT MODELING

Avi Douglen, Bounce Security

How secure is secure enough? We’ve all been there – we’ve spent too much time and resources on security, but 3 months later we still get breached anyway. “But we followed all the ‘Best Practices’!” your developers cry. In this flash intro to secure software design, Avi Douglen will show why every software development process should start with Threat Modelling, and how this can get security to contribute to the bottom line.

WHAT'S PSIRT (PRODUCT SECURITY INCIDENT RESPONSE TEAM) & WHY IS IT IMPORTANT?

Yuki Osawa, Panasonic

The number of cyber attacks has increased dramatically, and many large scale incidents have occurred around the world. Many organizations operate an incident response team called CSIRT (Computer Security Incident Response Team) to protect their PCs and servers in their networks. In recent years, the industry has also begun to recognize the importance of another type of incident response team, PSIRT, for their products. ​ Panasonic has operated PSIRT for more than 10 years to protect all of its products, such as TVs, network cameras, air-conditioners, etc. This presentation will introduce how Panasonic handles incidents targeting IoT devices.

BRIDGING THE ATTACK-DEFENSE SKILLS GAP Vivek Ramachandran, Pentester Academy

Vivek Ramachandran, Pentester Academy

Vivek Ramachandran is the Founder, CEO of Pentester Academy, AttackDefense.com and Hacker Arsenal. Pentester Academy now trains thousands of customers from government agencies, Fortune 500 companies, and smaller enterprises from over 90 countries. It has physical offices in Silicon Valley, USA, Singapore and Pune-Kolkata in India. Vivek is a book author and a regular speaker/trainer at top security conferences such as Blackhat USA, Europe, and Abu Dhabi, DEFCON, Brucon, HITB, Hacktivity, and others.

DAY 1 BIZCOMM TRACK (Free to attend)

1:30pm - 2:15pm
INCOGNITO WAR STORIES

Mike Monnik, Privasec

1:30pm - 2:15pm
GLOBAL CISO INSIGHTS

Shamane Tan

Hear the story behind the first-ever published compilation of insights from some of the greatest leaders we know. Meet 50 industry leaders from all over the world, CEOs, CIOs, CISOs, (yes, the unsung C-suite), from the US, Europe, Singapore, Israel, and Australia, all captured in these pages. ​ Get up close and personal with Shamane Tan as she shares the story behind this book, which was birthed from the hundreds of coffees she has had with the different C-suite from her 9 years of being in this industry. In this session, she unpacks her key learns in her journey of writing this book You will hear some insights, including some funny encounters revealed by C-suite across the globe For security professionals, upcoming or current CISOs, you will not want to miss out on the top 3 tips from CISOs around the world. They have learnt it the hard way. The introduction of her bonus chapter which brings you into the minds of the CISOs and what they have learnt to look for in their security partners

2:30pm - 3:15pm
STARTUP KOPICHAT (PANEL DISCUSSION)

Division Zero (Div0)'s Startup Quarter

3:30pm - 4:15pm
LEARNING CAR SECURITY FROM AN "EASEL"

Division Zero (Div0)'s Car Security Quarter (CSQ)

The Automotive Cybersecurity landscape is ever-changing and threats towards the industry are constantly evolving. Due to the sensitivity of the domain, we know it’s hard to learn about cars based on the limited information made available to the public. ​ In this talk, we will address the basics communication protocols such as the Controller Area Network (CAN) bus and how we built a prototype to learn more about Automotive Cybersecurity. We will also address the logistics on finding the right parts and resources, and include time-saving techniques to reverse engineer CAN IDs without using the proprietary tools as well as methodologies to compile a CAN database. We will also address the misconceptions when building a test bench with limited resources that consist of only an Engine/Electronics Control Unit (ECU) and Instrument clusters.

DAY 2 BIZCOMM TRACK (Free to attend)

BizComm Theatre, L5, Infosec in the City

10:00am - 10:45am
Let’s talk cybersecurity

Petar Milijkovic

Technology continues to revolutionize the way we live and conduct business, but it has also made our information more vulnerable. To survive in the digital age, organizations must have a robust crisis communications protocol in place because a data security incident is not an “if” but “when”. This session will uncover the key tenets for an effective response in the event of a data breach and shed light on best practices for navigating the complex digital communications landscape of today.

11:00am - 11:45am
B2B story telling: Communications and content

Lim Tsu Ern

Customer engagement is about making an emotional connection, but how do we do it with a subject as abstract as cybersecurity? The session will explore the need for authenticity in communication, which requires human-to-human-connection rather than human-to-product-connection, offering tips on how brands can shift the conversation from products to real experiences.

2:00pm - 2:45pm
Marketing in the new age of media

Kelvyn Foo

Marketing in the new age of media The media landscape has changed remarkably with the advent of digital and social channels. Almost everyone with an internet connection can be an influencer now and brands understand how important it is to engage with influencers. So what exactly is influencer and advocate marketing? Which strategy is right for the brand? The session will shed light on influencer marketing and how brands can strategize influencer engagement to help add value and drive awareness for themselves.

3:00pm - 3:45pm
SHIFTING LEFT: SCALABLE DEVSECOPS

Lucas Kauffman, EY

My talk aims to provide insight into what DevSecOps is and why, after moving to Agile/DevOps this is the next natural progression. One of the biggest issues I realized when implementing DevSecOps is with regard to scalability and culture change. I want to highlight some practical issues that are present in large organizations which hamper moving to DevOps or DevSecOps and how to tackle them. It will look at People, Processes and Technology and what the practical approaches are to tackle these issues. The talk will present the viewpoints from both development, business and security, how they differ from each other and how to overcome them (what do you provide to each stakeholder to make them buy-in). It will provide a list of lessons learned, common pitfalls and how security can become an enabler for an organization to move faster. This talk is not focusing on tools, rather looking more into the people and process aspect.

4:00pm - 4:45pm
MALWARE FORENSICS TO ZERO-DAY DISCOVERY

Michael Art Rebultan

Behavior extraction used often time in both malware analysis and threat hunting to identify unique dynamic features from portable executable file and gather IOC. What if with the same approach you will be able to find a gem that no million-dollar EDR and AV security solutions have never detected yet – zero-day exploit. Utilizing free and open source software in applied digital forensics would change the game of the blue teamers in defending their organization and tracking adversaries that attacking them and be able to attribute to a threat actor. Demystifying zero-day malware hunting and analyzing malware behavior within the stipulated time are the key takeaways of this talk.

5:00pm - 5:45pm
CONTINUOUS ASSET DISCOVERY: MONITORING AN EVER-CHANGING LANDSCAPE

Isaac Dawson, Linkai

If an exploit was released in a popular web server or framework, would you know if it affected any your web sites? How about that marketing campaign site that was setup two years ago and everyone forgot about? How long would it take for you to find an answer to those question? Asset discovery and management assists in solving these problems. Knowing what you own, and what dependencies it has is critical to securing your infrastructure.

DAY 3 BIZCOMM TRACK (Free to attend)

BizComm Theatre, L5, Infosec in the City

11:30am - 12:15am
WHEN THE LIGHTS TURN RED: PROVIDING RAPID, SECURE ACCESS TO THINGS THAT MATTER

Ian Schmetzler, Dispel

Our world is full of sensors and applications that analyze their data feeds. But, when it comes to acting on information from systems that truly impact our lives, our response continues to involve either driving to the machine or working through a 5 to 10-minute login process. What happens when you don’t have that time? In this session, Ian Schmertzler, President of Dispel, will cover how his firm has solved the problem of rapidly accessing critical systems remotely in the United States and Europe.

2:00pm - 2:45pm
IOT PRODUCT SECURITY IN PANASONIC

Yuki Osawa & Chen Po Yao, Panasonic

Cybersecurity issues have affected computers, smartphones and now IoT devices. Not surprising is that traditional hardware manufacturers who simply made products "smart" by adding networking functions into products without security considerations, are now facing a tough time handling IoT security issues. This presentation will introduce how Panasonic ensures the security of its IoT devices as an electronics corporation.

3:00pm - 3:45pm
RIOT — RESPONDING INCIDENTS IN OPERATIONAL TECHNOLOGY (OT)

Michael Art Rebultan

Information Technology (IT) is never been equal to Operational Technology (OT) even the beginning of Gen4 and so an incident response to industrial control systems would not be the same; both the methodologies, approach and even the policies. ​ An IT security expert should work closely with the control engineering with the mindsets that are aligned to the ICS-NIST framework that supports SRP triad instead of the CIA from the information system. This talk aims to bridge the digital and industrial divide on IT and ICS/OT which will showcase the practical ways to form a solid IR team to combat cybersecurity threats and firefight when an incident occurs in most effective ways.

ConnecTechAsia

Incorporating

 

 

Organiser

Supported by

Held in

Join Mailing List

For information on exhibitors and products, registration details, activities and conference updates, and more!