Transform your organization and stay secure
Maak tot 15 december gebruik van de Early Bird korting:
van € 1.195 voor € 950. Gebruik bij het boeken de actiecode: EARLYBIRDCSS
2018 Cyber Security sessions:
Digitizing without compromising on security? Discover how during The Cyber Security Sessions on 1st and 2nd February 2018.
Digitization is now increasingly becoming a condition for success. This fact has been proven time and again by technology-driven companies like Uber, Coolblue and Airbnb. Certainly a sufficient reason for many organizations to also initiate a digital transformation, allowing them to instantly react to trends, meet specific customer requirements and launch new business models.
But there is one aspect which is often overlooked during the digitization process: data security. Is data security adequately developing along with these digital transformations? This is absolutely crucial, especially as digital processes generally make use of all kinds of personal data. Not merely customer and supply data from business systems, but also big data from sensors and the Internet of Things.
How can security start forming a fixed part of your digital transformation? This question is going to be a central focus point during the 2018 Global Knowledge Cyber Security Sessions – ‘Transform your organization and stay secure’. The following strategic and technical themes will be addressed during the event:
- Cyber security
- Capture the Flag
- Bug Bounty & Responsible Disclosure
- Social Engineering & Security Awareness
- Hacking the IOT
- Securing Suppliers
- Monitoring the internal and external environment
The programme will include speakers from KPN, CGI, Cqure, Zerocopter, Insite Security and the National Police..
Make sure your organization’s data is secure during its digital transformation and register on www.globalknowledge.nl/css.
Er is geen vooropleiding vereist om aan dit evenement deel te nemen.
The truth about responsible disclosure and bug bounty – Edwin van Andel, CEO Zerocopter
In the ever changing security landscape we are slowly seeing a shift from labelling hackers per default as 'bad and malicious individuals', to accepting them more often as 'useful and potentially friendly’. We see more and more companies starting a bug bounty program and/or a Responsible Disclosure (Coordinated vulnerability disclosure) program.
In this interactive and mostly humorous talk Edwin will start with defining security (in a grotesque way), followed by the ‘real’ definition of hackers, the way hackers think and work, and how they can be used instead of feared by companies. He’ll show how bug bounties and the Responsible Disclosure processes can work, but also how they sometimes do not. Edwin will take the audience with him along the path to these fails, and discuss the way we can –or could have- improve(d) these processes. His final ‘calculation’ will even try to open the door to a safer online world! (from a hacker’s point of view that is.) ;)
Securing DevOps teams is challenging - Ruben van Vreeland, CEO RedSocks
With DevOps, there is a higher return on investment in code by making it possible to release new features to production in real-time. This can be done by automating tests, which is something that is hard to do for security. Now, you have to choose: lower returns on investment in features and losing customers by delaying deployments, or risking data breaches in functionality that went live untested. With real-time instrumentation you can isolates attackers from actual customers transparently, moving the attack traffic to the audited version of an application while actual customers have access to the latest features.
Track 1: Cyber Security as a Strategy
Continuous Red Teaming - Henk Boot, Security Operations Center lead
The term “computer fraud” was used before cybercrime became common. In the course of the 40 years I have been active in IT, I have seen a great deal of computer fraud, and now cybercrime. I will provide a few examples of computer fraud and cybercrime through the decades. With the increased threat level - criminals have exchanged a mouse for the old crowbar - defenses must keep pace. Actually - defenses should anticipate the threat. Of course we have set up an SOC or CSIRT to monitor our IT environment and respond to an incident when it occurs. But this is a reactive response, and not nearly efficient enough to protect against current threat levels. What about pen testing? That is not enough either. The scope is too narrow and it provides only a momentary snapshot. What is really needed is Continuous Red Teaming where a distinct team is assigned to attack the IT environment and the Blue Team on a 24/7 basis, because that is what cybercriminals do. What are the advantages of this approach? How do you set it up, and are the costs acceptable?
Supplier security - Ralf Willems, Senior Security Officer KPN
Businesses are already struggling to protect their digital supply chain from the dynamic cybercrime organisations that continue to grow in sophistication and efficiency. How do you translate your security standard in an effective manner to concrete requirements for your suppliers?
The actionable psychology of social engineering, how knowledge empowers and wisdom liberating! - Andres Rutkens, Adviseur social engineering Insite Security
This talk will take you on a journey to the dark side of global networks, where it comes down to access, connectivity and in the end money and power. Hackers find themselves at a fairly young age in the wild west called internet where it is unclear if someone is an unwitting spectator, participant, manipulator or being manipulated.
Security Awareness - Wilbert Pijnenburg Aware24
It is considered common knowledge: “humans are the weakest link”. We have made great strides in managing our technology, but know that when digital transformation occurs we also have to focus on our employees. However, this area is much less concrete and many organizations struggle to determine what an effective awareness program should look like. This presentation describes the successful aspects of an effective security awareness program. Why is it a bad idea to call our employees “the weakest link”? How can we empower our employees and bring them back into focus?
Transform your organization and stay secure - Eelco Stofbergen
Digital transformation of the governance and enterprise market is causing an increase in dependency on technology and data and an increase the vulnerability for cyberattacks. This demands a different approach on information security and the way it is embedded in an organisation.
Cybersecurity and ransomware - Eward Driehuis, Chief Research Officer Securelink
Ransomware has been a tool for organised cybercriminals for a few years now, however there's more than meets the eye. As an automated extortion tool it's seen some moderate successes, but as a weapon of destruction it has grown a notorious reputation. As criminals put effort in finding new ways extort businesses, these include the use of IoT devices. Cyber is becoming a safety issue, and Eward Driehuis, SecureLink CRO, will guide you, and finds the common denominators in the evolution of these threats.
Track 2: Cyber Security as a Technical Challenge
The anonymity of a cyber-attack - Mark de Groot teamlead REDteam KPN
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? In this session we make a deep on how hackers combining the physical, human and cyber element into the perfect attack. With some tangible examples you will know there secrets and how you can manage and mitigate the risk.
Cryptography & telcos: the impact on society - Oscar Koeroo security strategist KPN
Cryptographic solutions are a fundamental part of society. Our society relies heavily on a functional digital trust system. How does ‘trust’ work, how do tools establish trust, and what does it mean to lose it? In this talk, the severity of the problem will be addressed and solutions proposed on how to solve or mitigate risks and prevent a crisis.
CSI windows - Mike Jankowski-Lorek, solution architect, developer, data scientist and security expert CQURE
An attacker got into your infrastructure, used server’s misconfiguration, created themselves an account and… This is the moment that we wonder what else could happen except for what we see and if it is possible to trace back hacker’s activities in our systems. By performing several analysis, we are able to get enough evidence of performed malicious actions. This type of monitoring can also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective. This session is a deep-dive into the monitoring world. Be prepared for a hard-core technical ride.
Adventures in Underland: Is encryption solid as a rock or a handful of dust? - Greg Tworek, Director CQURE
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when!
Stretching your database beyond datacentre: deep-dive into features of hybrid environment - Mike Jankowski-Lorek
Hybrid IT infrastructure is the feature of IT environments. It provides both security of your data on premise with the high availability and resiliency provided by cloud solutions. In this session you will learn how to securely integrate your on premise SQL Servers with Azure SQL Database and SQL Servers on Azure VM’s. We will focus especially on new feature SQL Server stretched database which makes warm and cold data available to users at low cost. This will be intense, demo full session with strong focus on data security at all times.
Explore Adventures In The Underland: Forensic Techniques Against Hackers Evading The Hook Greg Tworek
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened.
Security awareness escape room
If you live in the world of securing bits and bytes, take a moment to learn the other side of security, the human world. When you enter the escape room you will gain insight in different aspects of cyber security like secured networks, encryopted passwords, viruses and worms and counter hacking. You have to make some safe and unsafe choices based on real life situations. Whether you will make the right choices or not, you will gain more knowledge on how make your organization more secure. The escape room can be entered by 3-6 people. After you have registered you will get the option to book a time slot for the escape room.