Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026
    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026

    Deception Operations: Leading the Frontline of Active Defense - Diego Staino & Federico Pacheco - DCSG2026

    Singapore 2026

    Name of Training: Deception Operations: Leading the Frontline of Active Defense
    Trainer(s): Diego Staino and Federico Pacheco
    Dates: April 26-27, 2026
    Time: TBD
    Venue: Marina Bay Sands
    Early Bird Cost (GST included): $2,558 USD / equivalent to $3,300 SGD 

    Early bird price valid until February 8, 2026.

    Short Summary:

    This course prepare participants to design deception operations using CTI and organizational knowledge to neutralize adversary behavior. Students will gain understanding of active defense, threat hunting, and implementing deception strategies to improve detection and response.

    Course Description:

    Traditional defenses often prove inadequate in preventing sophisticated cyber threats. This course delves into the application of CTI to the design of deception operations. Participants will learn how to identify opportunities to prepare a cyber deception strategy, by a methodology that includes translating TTPs into deception activities that are integrated into the cybersecurity strategy.

    The course provides understanding of active defense, threat hunting, implementing deception strategies within an organization, countering adversary techniques, enhancing traditional defenses, and leveraging threat intelligence. Designed for individuals with a solid background in cybersecurity, this course combines theoretical instruction, hands-on exercises, and collaboration in interactive sessions. The labs are defined to lead students into a compelling story, starting with a specially designed fictional organizational environment. Next, they will gain an understanding of the actions of a group of threats or Advanced Persistent Threats (APTs) relevant to the proposed environment, and the analysis of that threat actor will be incorporated into the dynamic. Finally, with the entire landscape defined, students will design different deception scenarios to be applied in the environment to improve the detection strategy.

    Course Outline:

    Day 1 - Theoretical Stage

    • Introduction to the training
    • Introduction to Active Cyber Defense 
    • Cyber Threat Intelligence 
    • Threat Hunting 
    • Cyber Deception 

    Day 2 - Practical Stage

    • Fictional Organization Scenario - A fictitious organizational scenario is established, including a specific industry, a set of services offered by it, a set of technologies associated with each service, and a proposed architecture diagram on which subsequent activities will be developed. The proposed scenario is based on a fictitious technological infrastructure that is analyzed in the context of threat detection.
    • Specific APT research - A brief investigation and analysis of a specific threat group relevant to the fictional organization is conducted. Each participant conducts independent research using relevant suggested sources and their own knowledge to gather information about the motivation, actions, tactics, techniques, and procedures primarily used by the adversary group. A set of guiding questions will be provided to assist participants in their research. Findings relevant to the proposed organizational scenario are then shared, with a particular focus on the TTPs used and how they align with the set of technologies.
    • Resources review for Threat Hunting and Cyber Deception - To align participants’ knowledge with the proposed topics, the session will explore a range of resources and tools available for performing threat hunting and cyber deception activities.
    • Threat Hunting Practice - A selected group of relevant TTPs is examined to identify their requirements and implications from a detection engineering standpoint, considering the fictional environment. Each participant is then granted access to a lab environment that includes a SIEM loaded with a curated set of events for analysis, along with a few scenario-related reports. During this phase, participants evaluate and compare the contribution and effectiveness of various event sources in the context of a cybersecurity incident or threat-hunting exercise, contrasting them with a scenario incorporating cyber deception elements.
    • Cyber Deception Practice - Participants design realistic scenarios for applying cyber deception strategies inspired by the analyzed threat actor. Guided by the MITRE Engage Operations Guide, the defined organizational context, and the developed threat actor profile, they will create potential attack vectors where deception techniques can be effectively applied. Each design should include detailed information such as requirements, strategy, activities, and storytelling elements.
    • Evaluation and Discussion - Once the scenarios are developed, participants will evaluate their effectiveness, associated risks, and operational value. The exercise concludes with a collaborative discussion aimed at analyzing the risks, potential outcomes, and overall complexity of deploying the proposed deception scenarios.

    Difficulty Level:

    Intermediate/Advanced

    Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.

    Suggested Prerequisites:

    • Familiarity with cybersecurity fundamentals.
    • Proficiency in some cybersecurity tools and techniques. (Defensive / Offensive)
    • Competence in both Windows and GNU/Linux system use and administration.
    • Understanding of Internet protocols, networks, and infrastructure.

    What Students Should Bring:

    • Laptop with RDP client available
    • Internet access allowed (the labs are cloud-based)

    What the Trainer Will Provide:

    • Supplementary materials
    • Welcome package (introductory materials to ensure the basics)

    Trainer(s) Bio:

    Federico Pacheco is a cybersecurity professional with a background in electronic engineering and several industry-recognized certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. Four published books and +15 peer-reviewed research papers. Has worked in the public and private sectors, including regional roles in global companies. He is currently Cybersecurity Services Director at BASE4 Security.

    Diego Staino is a cybersecurity professional with over 14 years of experience in IT and security consulting. He holds an ECIH (Certified Incident Handler) certification and an undergraduate degree in Security in ICTs and Communications. Author of more than six peerreviewed research papers on defense strategies, he currently serves as the R&D+i Manager at BASE4 Security.

    Registration Terms and Conditions: 

    Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.

    Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after April 21, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

     

    $2,558.00