Recent News

  • Training Announced!

    Click ‘Trainers’ for more information

  • Click ‘Social’ to add yourself to our mailing list to get the latest Shakacon VI news!

  • CFP Released and Registration is Open!

    March 1, 2014

Sun, Surf, and C Shells

People from all over the world are coming to Shakacon! You should too!


Shakacon, an Information Technology (IT) Security Conference, is back and ready to invite business executives, government and military officials, security professionals, and IT enthusiasts to participant in Hawaii's only Call for Paper based IT security conference.

We decided it was time to bring some top notch technical talent back to one of the most remote locations on earth.

Sitting around somewhere freezing your a$$ off? Dreaming about warm days, rainbows, decadent tropical drinks sipped out of coconuts? Sure you could drop your 0day in Vegas, bring down the Internet in Germany, or satisfy your dark desires in Asia; however, wouldn't you rather submit your research or topics to our CFP and maybe win yourself a paid trip to Hawaii?

Call For Papers

	Shakacon VI  - Honolulu Hawaii
	"Sun, Surf, and C Shells"
Who: Shakacon Crew
What: Shakacon VI
When: June 23-25 2014
Where: Honolulu, HI
Why: World Class Speakers, World Class Location, World Class People
How: By plane, boat, canoe, yacht, hydrofoil, stand-up paddle board, jetski, long board, dolphin, whale sled, nuclear submarine...


Going into our sixth year, Shakacon offers attendees a unique opportunity to really network with some of the world's top security professionals in casual and friendly setting. At its heart the Shakacon security conference is a laid back conference where industry, government, academia and independent experts will get together to share knowledge and experience in one of the most beautiful places on Earth.

The conference committee strives to build a balanced schedule that appeals to all security practitioners with talks covering all different aspects of the information security landscape. There will be something for everyone and if sitting through talks isn't your cup of Hawaiian coffee you can step into one of the social areas and talk with our sponsors, staff, and attendees.

[Trainer Opportunities]

Don't want to speak at the Con but have an uncanny ability to teach and a proven track record for delivering quality courseware and want to come to Hawaii? We will be evaluating trainers for one day of training leading up to Shakacon (June 23rd). Submit a synopsis/class agenda, prior teaching experience, and maybe get selected to teach in Hawaii. Revenue is split 50/50 between the trainer and conference. The conference will cover all venue related costs (A/V, Food, Drinks, etc.). The trainer is expected to cover their own travel costs (unless they are also selected as a speaker). All selected trainers will receive free admission to the conference.

[CFP Details]

We have up to sixteen (16) spots and typically receive 100+ submissions to speak. If you are serious about speaking please submit your abstract as soon as possible.

(1) Abstract for papers must be submitted to the review committee by April 11, 2014
(2) Selection notification will occur by April 18 and abstracts posted to the site by April 23
(3) Full Slides for your papers must be submitted by May 31.

CFP Review Committee:

Caleb Sima - BlueBox
Katie Mossouris - Microsoft
Colin Ames - Attack Research
Matthieu Suiche - MoonSols
Vincenzo Iozzo - TiQad
Kent Backman - Independent Researcher
Jonathan Brossard - Toucan Systems
Jeremiah Grossman - Whitehat Security
Daniel Hodson - Oxin Security & Ruxcon
Kris Harms - Cylance
Mark Ryan Talabis - FireEye
Chris Potter - FireEye
Jason Martin - FireEye

As mentioned, there are a limited number of speaking sessions for which the conference organizers will provide travel and accommodations so please submit your abstract early if you are interested in speaking. Speaking slots will be 50 minutes long (45 minutes for your talk and 5 minutes for Q&A).

The audience will be a broad mix of professional, academic, and enthusiast, so we welcome both technical and non-technical submissions on all aspects of security. The key criteria are practicality and timeliness. We want to provide our attendees with up to date materials they can take away and immediately gain benefit from as well as new research or tools. Absolutely NO SALES presentations will be accepted.

Proposals should include:

Subject Line: "Shakacon CFP Submission: <paper title>, <your name>"


1. Name, address, and contact info.
2. Employer and/or affiliations.
3. Brief biography.
4. Presentation experience.
5. Topic summary.
6. Reason this topic should be considered.
7. Other publications or conferences where this material has been or will be published/submitted.

Please include plain text of all information provided in the body of your email as well as any file attachments.
The plain text information will be reviewed first to find the most suitable candidates.

Please forward the above information to cfp at in order to be considered.

More conference information, registration details, and travel partner deals will be posted to:

Follow Status on:

[Media Partners]

We are media friendly. Please email info at for inquiries about press passes.



Cost*: $300

*ISSA, ISACA, Infragard, Active Military, Federal Government Employees, and Students please contact for discount information.

Shakacon Training and Conference dates: June 23, 2014 Training 8am-5pm
June 24-25, 2014 Conference 8am-5pm

Register Here

Day 1

Monday, June 23, 2014

  • Registration for Trainings & Conference: 7:30am-8am

    Location: Galleria off of Ward Avenue

    Trainings: 8am-4pm

    Location: Hawaii Suites

Day 2 & Day 3

Tuesday, June 24, 2014

  • To be announced on or before April 23rd

Wednesday, June 25, 2014

  • To be announced on or before April 23rd


Coming Soon!

Training Sessions

Training 1: Introduction To Disassembly And Reverse Engineering, Gary Golomb

Description: You're technical, but have never had the opportunity to make the leap to static executable analysis. You understand a lot about malware, but nothing about executable structures and following disassembly (or using tools focusing on those things to make decisions about if executables are good or evil). What will be covered: the basics of executable structures, disassembly, and the machine-level instructions that matter most often to malware analysts, using the demo version of IDA to dissect unknown binaries, taking an unknown binary and determining if it’s good or malicious (frequently required, given the abysmal accuracy of existing infosec products on the market), impressing your friends by having open IDA windows on your screen - that have obviously moved beyond the entry point of the executable. While the topic sounds fun, this is actually a very serious subject and a skill desperately needed in organizations. The terrible efficacy of products across the entire industry is no secret. With at least 250,000 new malware samples discovered every day, organizations can no longer depend on vendors to keep up with identifying and creating indicators of malware for them. (Keep in mind, these samples are mostly discovered by your organizations and not vendors in the first place!) Organizations now require the ability to reverse engineer malware themselves to generate indicators and intelligence they can take action on. The goal of this training is to teach you the basics of taking sample binaries and determining (from a static analysis perspective) if they are good or malicious, even when other mainstream tools give you inconclusive results. We’ll first learn the basics of executable structures and disassembly, then apply that knowledge to examining various samples to identify when they’re malicious, then extract actionable indicators from the malicious binaries. Of course I can only teach the basics in a single day, but we'll focus on the building blocks you can utilize to move forward with this subject outside the classroom. Some subjects just take a little "kick-start" to get you going on your own. This is one of those subjects, and the class will be delivered with that goal in mind.

Biography: There comes a point in some people's careers where they have forgotten more of their accomplishments than they remember. Whether that is because of a wonderfully fortunate and eclectic career, or because of old age, Gary is approaching that point. Having spent the past 15 years mostly focused on productizable Research and Development for award winning products, doing forensics and reverse engineering in some of the world's most notorious cases, co-founding a new technology product-focused company from scratch and successfully carrying it through acquisition, doing formal competitive intelligence, and creating product architectures and tactical long-term product planning - Gary has many rich experiences to share in the classroom and on the lecture stage (which he's done at some of the most elite security conferences, including: RSA, SANS, Shakacon, CanSecWest, THOTCON, You Sh0t the Shriff, ekoparty, BlackHat, and others). With a love for both teaching and developing new solutions to difficult problems, Gary's goal is to "teach or automate himself out of a job." Fortunately (for his family), the creativity, ingenuity, and persistence of our advisories have ensured that hasn't come to fruition, yet.


Check out our sponsorship packet here: Sponsorships



th th

Subscribe to our mailing list

* indicates required

Watch, Add, Like, Follow Us!