Netherlands | Hague
October 24, 2022
India | Pune
March 4, 2022
We caught up with one of the nullcon organizers, Aseem Jakhar, to ask a bunch of questions about the nullcon conferences.
nullcon is a premier IT Security event that takes place each year in Goa, India.
The guys at nullcon are a super-friendly bunch and they always submit their events to our directory so yes, I’m always appreciative and delighted to help out the guys and gals as much as I can. There’s no doubt, nullcon is a fantastic event; mostly because they pack so much into the event which includes training, a CTF competition and of course the actual speaking events.
I’d wholeheartedly recommend everyone with an interest in Cybersecurity in India to attend nullcon.
I caught up with one of the founders, Aseem Jakhar, to ask him a bunch of questions regarding nullcon which you can read about below.
Aseem is a well-known security researcher with extensive experience stemming from programming to consulting. In India, he is a well-known personality in the hacking and security community as well as being the co-founder of null.
We run a series at InfoSec-Conferences called “Spotlight” in which we shine a torch on a conference. This week we chose nullcon. We typically contact the founder, or co-founder and ask them a bunch of questions. Here’s what Aseem had to say.
What is the origin of nullcon and what is the meaning behind the name?
In 2008 we started a non-profit security community in India called null – The open security community. The idea was simple i.e. to learn and share by having monthly meets, focused workshops. Today It is run by volunteers all around the world and had 9 chapters Pan-India and 3 chapters outside – Singapore, Dubai, Amsterdam. So, somewhere in 2009 after seeing the interest in security folks here, we decided to organize a conference.
Interestingly we had created a list of names including hacker-camp, hackfest etc. Finally we decided on nullcon as a tribute to the community. Some people to date think that nullcon is organized by null. However, it is organized by our company Payatu Technologies as mentioned on our website as well.
null on the other hand, is our principal community partner for the conference. After all, our journey started from null and it has been a great source of inspiration and an excellent teacher 🙂
I understand that you also have a bunch of other events in India and the rest of the world, can you explain a little more about them?
Oh yes, we mainly organize two different conferences nullcon and hardwear.io. In 2014, we started seeing a lot of hardware-based attacks and got interested in it. We also had a lot of interest in hardware security. When we looked in the security market there were hardly any conferences focussing specifically on hardware security from both offensive and defensive perspectives. It did not take us time to finalize that we are going to organize a hardware security conference. However, choosing a place took most of the time. We looked at most European countries and finally zeroed in on The Hague, The Netherlands.
The conference name was another challenge, we came up with a list and finally chose – hardwear. It signifies hardware protection.
What makes nullcon different to the other Cybersecurity Conferences in India?
Every event has its charm. All I will say about nullcon is that it is the place where almost all security researchers, hackers and companies meet once a year and have loads of fun, networking, learning, and hacking at the beach. We are proud to create a balanced conference that has the hacker touch and also appeals to the corporate, given the amount of HiTech knowledge that is shared at the conference. Also, I cannot find words to describe the atmosphere and vibe at nullcon, you have to come and see for yourself. So, if you are in Asia and have not been to nullcon, you are missing one of the largest security community gathering in Asia.
How do you select speakers and their research? The reason we ask is to help people that might be interested in applying to speak at nullcon in 2018.
The speakers submit their talks to our Call for Papers. We have an external review panel that reviews and scores the submissions. We then take the cumulative scoring and go through the papers ourselves to finally select the finest papers. For speakers few things to take care when submitting:
Provide as much in-depth technical details as possible.
Typically research already presented elsewhere mostly gets a little less scoring as we want the present the latest research to our attendees. Usually, submitters think that if their paper is accepted at a big conference, it is most likely going to be accepted at regional conferences. However, that’s exactly the opposite at nullcon as we prefer to have more new research than old.
Submissions that mention “we can’t disclose it in CFP due to Bla Bla” also get filtered out in the last stage.
How would you like to see nullcon evolve in the future?
The future plans for nullcon include moving to southeast Asia in addition to Goa, we are still looking at cities where we can organize nullcon. In addition to conferences, we plan to organize training-only events in Asia. For hardwear.io we are moving to the US, in addition to The Hague, in a year and then maybe Asia in another 3-4 years. If the community has any suggestions, please do let us know.
Do you see a growth in Cybersecurity in general in India?
Looking back, when we started nullcon, it was too difficult to convince corporates why they need to invest in security and convince security professionals the importance of participating in a security conference. Since then, our efforts at null, nullcon, general cyber attacks and cyber crimes around the country have changed the mindset of corporates as individuals. Many companies are now investing in opening their security centers in India.
A lot of companies come to nullcon to recruit. There is a growing demand for security products in India. Finally, there is an awesome security talent in India. We were surprised to see really good submissions from India starting from the second nullcon in 2011 onwards.
We wish the nullcon team the best of luck, especially after the turbulent 2020-2021.