JOHANNESBURG
21 - 25 May 2018

CAPE TOWN
28 & 29 May 2018

CONFERENCE DAY 1Tuesday 22 May – Vodacom World, Midrand

Arrival and Registration
SS2018 Opening
Welcome and scene setting

Ryan Hogarth, speaker, writer and podcasterRyan Hogarth, speaker, writer and podcaster

International keynote speaker and cyber security luminary

Mikko Hypponen, chief research officer, F-SecureMikko Hyppönen, chief research officer, F-Secure

Opening Address The state of cyber security 2018 and beyond

Charl van der Walt, chief strategy officer, SecureData SensePostCharl van der Walt, chief strategy officer, SecureData SensePost

The purpose of this talk to offer a view on South Africa's "Security State of the Nation". As participants in a global economy that is technically and politically inter-connected in every possible way, how ready are we as a small emerging player to protect our digital assets, government and commercial, and thus maintain our competitiveness and ultimately our sovereignty as a nation?
The talk will seek to lay a foundation of reasoned awareness regarding our digital strengths and weaknesses and thereby also create a backdrop against which other talks and panels at the Summit can be viewed.
Insights will be drawn from an analysis of global trends in cyber security, both technical and policy, our own direct insights gleaned from operating on multiple continents for over a decade now, recent breach cases in South Africa and elsewhere, as well as various surveys and technical studies benchmarking South Africa against other countries in the world.

  • A high-level of understanding of what "cyber" state-of-the-art is in the world's leading nation
  • A high-level of understanding of where South Africa stands in that regard, and how that manifests in terms of our policies and technical levels of security
  • Some thoughts on what to expect from the Security Summit and how to get their time spent at the event
International Keynote Speaker You're right, this talk isn't really about you!

 Jayson Street, infosec ranger, Pwnie Express

"Stupid user clicked on a link", "Social engineering, because there's no patch for human stupidity" and "Make it simple enough that the CEO can understand it". Blaming users is not helpful. Instead of hiding our failures behind simplified excuses and jokes, let's address the elephant in the room. We need to find a solid way to approach and rectify the issues at hand. Technology is not our problem, human behaviour is! In this presentation, we will discuss topics related to human behaviour, which need to be modified for the sake of better security.

  • A mirror will be held up to our industry as we inspect how we can better teach and interact with others
  • Examine some important questions head-on and walk away with a better path for understanding the true issues we are facing
Networking, Business Matchmaking and Refreshments
International keynote speaker Orange is the new purple – how and why to integrate development teams with Red/Blue Teams to build more secure software

April C. Wright, senior security and compliance manager, Verizon WirelinApril Wright, senior manager: information security and compliance, Verizon (USA)

Introducing a new paradigm for integrating developers with offensive and defensive teams to enhance SDLC. Utilising Red, Blue, and now Yellow (Development) Teams in a structured way to provide knowledge sharing, strengthening of defences, coverage, and response, and ultimately the development of a high level of security maturity over time. This new concept of "Red + Yellow == Orange && Blue + Yellow == Green" focuses on the role of Developers as a critical piece of security assurance activities when combined with Offensive and Defensive Teams. Orange Teams add value when they have been integrated into SDLC by creating a cycle of perpetual offensive testing and threat modelling to make software more secure over time through a high level of dedicated interaction. Green teams add value when they help ensure software is capable of providing good DFIR information. This talk will evaluate how different Team combinations can lead to more secure software.

  • Understanding why software is built un-securely
  • The value in combining teams with different purposes but shared goals
  • Ways to elicit change revealed, ie, tips for getting management buy-in
Everything you need to know about the expected impact of artificial intelligence in cyber crime

Eleanor Weaver, Country manager Africa, DarktraceEleanor Weaver, commercial director Middle East & Africa, Darktrace

This presentation will cover the upcoming and prominent changes in cyber security as a result of the rise of automation, self-learning machines and improving artificial intelligence.

  • How artificial intelligence has impacted profoundly the future Internet and how this has paved the way for digital criminal activity
  • Why these technologies have changed the complexity of business and protection, and how current defenders are being outpaced
  • How machine learning and advanced mathematics act as tools for handling this complexity
  • Real-life examples and applications of attacks unveiled
  • How you can best protect your organisation from such attacks
Lunch, Networking and Business Matchmaking
Break into Tracks

Track one starts

Chairman

Information has value: the art and science of information security law compliance

David Luyt, associate, MichalsonsDavid Luyt, associate, Michalsons

Information has value. It's worth something to you and your customers. But, criminals also want to get their hands on it. In the same way that you protect your equipment and other valuable company assets against theft, you need to protect the personal information in your care against unauthorised access. It makes business sense, and more importantly – the law demands it. Data protection laws generally require you to take 'appropriate, reasonable technical and organisational measures' to secure personal information. Does that mean encryption, video surveillance, and policies? Let's explore the art and science of information security law compliance.

  • Get an introduction to the art and science of information security law compliance
  • Understand the main rules, codes, and standards that form the body of information security law
  • Expand your understanding of what you think of as information security measures
  • Learn how to comply with information security law in your organisation at a high level
Cyber security governance in SA: regulatory developments explained

Pria Chetty, Regional director, EndCodePria Chetty, regional director, EndCode

Delve into the complex framework that is cyber security regulation in South Africa. In a situation where existing legislation has proven impractical to implement, a draft national governance framework and a draft cyber crime law, the landscape remains uncertain. Add to this a host of pending regional and international regulation that will further influence the direction SA takes in forthcoming regulatory interventions. This presentation will deconstruct the regulatory developments that are invaluable to security professionals who need to ensure organisational security is consistent with regulatory compliance pressures.

  • Uncover existing cyber crime offences, proposed cyber crime offences as well as institutional structures that impact the governance of cyber security as evident in existing and proposed regulation
  • Extension of governance and oversight from critical data to critical infrastructure discussed
  • Debate the current compliance environment in SA
  • Unwrap the contents of The Budapest Convention on Cybersecurity, the African Union Convention on Cybersecurity, and the SADC Model Law on Cybercrime
Ensure global regulatory compliance with regards to privacy laws through electronic handshakes and signatures

Gideon Petrus Bouwer, Cyberlaw and Criminal law forensics specialist, CYBERLAW FORENSICS (PTY) LTDGideon Bouwer, cyber law and criminal law forensic specialist, Cyber Law Forensics

The full implementation date for the GDPR and POPIA is May 2018. Global compliance is therefore essential for any multinational company, or any company that transfers privacy data over the Internet. Two universal rules apply when considering international and local compliance, encryption and/or pseudonymisation. Both solutions must apply to data in transit and to data in storage. The implementation of effective electronic handshake solutions and electronic signature solutions will be presented and discussed.

  • The practical implementation of cyber security tools to obtain transborder data flow compliancy
  • A simplified view of global regulatory compliancy as it applies to cyber securityy
  • A view of working legal/IT integrated solutions
Networking, Business Matchmaking and Refreshments
The Cybercrime and Cybersecurity Bill in the private sector unpacked

Corien Vermaak, Independent IT law specialistCorien Vermaak, independent IT law specialist

Companies are becoming increasingly aware of the impending Cybercrime and Cybersecurity Bill. However, in most cases, businesses are ill-informed about the proposed effects on the private and public sectors respectively. The Bill not only aims at criminalising digital offences in a more mature manner than its predecessor, it also places certain cyber security obligations on identified business sectors. The Bill's obligations are aimed at certain focus areas for the cyber security framework.

  • Unpack the identified and affected industries; find out if your business will be affected
  • Find out what obligations are placed on businesses
  • What are the minimum qualifying factors and priorities?
Importance of cyber security

Nkosana Mbokane, CEO, TechnoChange SolutionsNkosana Mbokane, CEO, TechnoChange Solutions

Understanding the risks and prevention strategies for cyber attacks: management and personnel understanding and awareness; basic cyber security terminology that every employee should know and the reason why this is imperative.
Going deeper and discussing the reasons why some companies are attacked and others are not; how to avoid cyber attacks and why it is important for companies to have a cyber security strategy and plan; what are the most important components of the cyber security strategy; and who are the most important role players in ensuring success in the implementation of the cyber security strategy and plan.
The presentation concludes by highlighting the risks associated with cyber attacks for companies, what programmes are effective for creating cyber security personnel awareness and the difference between and importance of understanding the technical versus cultural aspects of cyber security, as well as dealing with and creating effective cyber security programmes that are key to preventing cyber attacks.

  • When you are at risk of a cyber attack and how to build cyber security aware personnel
  • How you can counter cyber attacks and build cyber resilient systems
  • Important cyber security terminologies
Sponsored Cocktail Function
Track two starts

Chairman

Mini-Workshop Personality traits meet cyber security

Anna Collard, Founder and MD, Popcorn TrainingAnna Collard, founder and managing director, Popcorn Training and
Richard Bailey, IT director, Virgin Active

The art of "people hacking", or social engineering, uses psychological techniques to trick people into revealing information, installing malicious software or participating in scams. Research has shown that certain personality traits make people more (and less) likely to fall prey to specific attacks or scams. This talk explores the above hypothesis, based on actual research carried out, which combines personality traits and security knowledge and behaviour.

  • Deeper understanding of how personality traits influence online behaviour
  • How to use this data in security culture and awareness programmes
  • Security awareness best practices
Practical tactics to change user behaviour and create a secure culture

Dr Bright G Mawudor, PhD, Head of cyber security services, ISDr Bright G Mawudor, head of cyber security services, IS

The human element of any attack is the most predominant vector hackers take today when compromising a system or organisation. Cyber security awareness is lacking in most organisations, and even with some of the most intelligent systems in place, they still fall prey to a hack.

  • Mawudor's presentation will show practical examples of how an attack happens using social engineering, with live hacking demonstrations to break down the hacking methodology and how to create a secure culture.
Networking, Business Matchmaking and Refreshments
Are you thinking as a myopic specialist or a business opportunity creator?

Keith de Swardt, CEO, 4IR Consulting

  • Are you seen as a cost like insurance (unseen value) or a critical investment in your business future?
  • Looking at the expression "more is better" or is it?
  • Fear or passion, do we understand the human dynamic and how to lead it
  • It is not only about the technology, but the people we lead and the culture we shape to achieve our strategic map of the digital landscape

  • Putting security at the bedrock of your organisation – how and why
Digital transformation: visibility and compliance in a transitional World

Darron Gibbard, chief technical security officer, EMEA, QualysDarron Gibbard, chief technical security officer, EMEA, Qualys

With an increasing pace of change and adoption of new technologies such as the Internet of Things, new platforms on which we deploy including public cloud, and new ways and places of working, brought about by the transitional and evolving nature of businesses, security visibility becomes ever-more critical, yet more challenging.
Gaining a clear understanding of IT infrastructure, hosts and critical applications, vulnerabilities to which they may be susceptible and the ability to demonstrate compliance against regulatory and organisational mandates is a task made more difficult by the transitional nature of business and underlying technologies.

  • In this session we look at some of those challenges and the changing response to adapt and regain visibility in order to respond in a timely manner to critical events such as Wannacry, and wide-ranging initiatives such as GDPR.
Sponsored Cocktail Function
Track Three starts

Chairman

A security opportunity against advanced persistent threats

Risk-X

Many organisations still rely on anti-malware/virus protection systems for protection against APT attacks.

  • Gain insight into the latest on anti-malware and anti-virus
  • Recent statistics unveiled
  • Detail the anatomy of APT attacks
  • ARM and the role of IoT
Catch an intruder in his tracks – advanced threat hunting

Jeremy Matthews, Regional manager, Panda Security AfricaJeremy Matthews, regional manager: Africa, Panda Security

The threat landscape has evolved significantly over the past twenty plus years, this presentation will highlight these changes and reveal how these threats have advanced. Attack types will be explained, examples discussed and possible preventative measures considered. Secondly, the latest security paradigm for the endpoint detection and response will be brought to light and the implications for organisations debated.

  • Anatomy of a cyberattack detailed
  • Practical examples of how an attack happens and preventative measure available
  • Live demonstration will delve deeper into EDR, threat hunting with forensic data
Case Study: Evade the traditional cyber defences deployed by enterprises and government agencies worldwide

Helge Husemann, product marketing manager EMEA, MalwarebytesHelge Husemann, product marketing manager EMEA, Malwarebytes

Find out how local organisations have identified and eliminated Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber defences deployed by enterprises and government agencies worldwide.

  • Identify current APTs and other Malware currently plaguing business and society alike
Networking, Business Matchmaking and Refreshments
How to train your security team cyber defence tactics

Nimrod Kravicas, security and testing sales directorNimrod Kravicas, security and testing sales director, Ixia

There is no need to explain the damage of a successful attack against any type of organisation, finance, government etc. Vendors training is all about operating their solutions, however, stopping a real-world threat requires security knowledge, research abilities and an understanding of the infrastructure and architecture to ensure that you make the right decision about how to mitigate an attack. You better send a soldier to the range before sending him to combat. In our session we will discuss the challenges of setting up a training room, what type of exercises need to be considered, how to maintain knowledge base over time

  • What is CyberRange
  • How CyberRange save you money and help you keep your reputation
  • Why training your security team and employees is important to you, how to manage it as an on-going process
Thought-leadership Cyber security threats and mitigation techniques for multifunctional devices

Muyowa Mutemwa, RAD: senior cyber security specialist, CSIRMuyowa Mutemwa, RAD: senior cyber security specialist, CSIR

Every small, medium or enterprise organisation makes use of printers, copiers, scanners, faxes and multifunctional devices for day-to-day operational functions of the organisation. These devices are either purchased outright or obtained on a lease contract. When the device's end-of-life is reached, the devices are either disposed of through donations to non-profit organisations or retuned back to the original equipment manufacturer at the end of a lease agreement contract. Unknown to most IT operations personnel and information security personnel, these devices carry an inherent vulnerability. These devices have secure and unsecure network communications protocols, hard disk drives, volatile memory, and non-volatile memory. All these device specifications are vulnerable to cyber threats and attacks.

  • Determine the extent to which your organisation is expose to the threat of sensitive information belonging to either an organisation or its employees being accessed
  • Gain insight into research that was conducted on such devices
  • Get guidelines on how to safely use and decommission such devices to circumvent the loss of sensitive information
Sponsored Cocktail Function

Sponsors

Gold sponsor

Silver sponsor

Bronze sponsors

Display sponsors

Sponsors

Endorsed by

Media Partners