Agenda day 1Tuesday 28 May 2019 - Sandton Convention Centre

Arrival and registration
Opening remarks from the Chair
Opening Keynote Address: Examining the impact of people, processes, technology and regulation in combating cyber-attacks: how much progress have we made?

Charl van der Walt, chief strategy officer, SecureData SensePostCharl van der Walt, Chief Strategy Officer, SecureData SensePost (UK)

  • What victories have been achieved from a defender point of view?
  • What advancements have been made?
  • What progress has been made in terms of the push towards better identity and authentication management/processes (MFA)?
  • What positive impact have regulation and compliance requirements such as GDPR had?
International Keynote Address: Unbelievable stories of cyber-horror

Graham Cluley, Independent computer security expert, public speaker, co-host of Smashing Security podcastGraham Cluley, Independent Security Expert (UK)

Every day we read headlines of data breaches, hacks, and malware attacks. Often they're identikit newspaper stories where you could easily just change the names of the companies involved and the number of customer records they have had stolen from them. But every now and then something extraordinary happens. Like the companies who pretended to be hacked when they weren't, or the attackers who went to extraordinary lengths to steal millions from their employers. In this presentation, computer security veteran Graham Cluley explores some of the surprising and unusual ways that companies have been hacked, and the craziest things tech companies have done to put our data at risk.

  • How hacked companies exploit the media to boost their brand
  • How to cheat at the lottery and win $14.3 million
  • Recognising the insider threat
  • You won't survive unless you're skeptical
International Keynote Address: The future of security analytics: from static lists to machine learning

TK Keanini, Distinguished Engineer, Advanced Threat Solutions, CiscoTK Keanini, Distinguished Engineer, Advanced Threat Solutions, Cisco (USA)

As we look back 20 years, what and how we defended our digital business was drastically different, yet the analytical outcome remains the same: detect and remediate threats in a timely manner. Threat actors have evolved, our environments have changed to include everything from traditional data centres to public clouds, network sessions are dark to direct inspection, and as a result, security analytics has had to innovate to keep pace. You should not have to be a data scientist to be an educated consumer of these advanced analytical techniques. In this talk, we will quickly review what machine learning is and set a foundation for talking about the different techniques, but more importantly, when to use it in certain applications and when not to use it. You will leave with six simple questions every security vendor applying machine learning should be able to answer and you will be a more educated consumer of this technology.

Morning refreshments and exhibition visit
International Keynote Address: Israel's strategic response to the cyber threat

Ofir Hason, CEO and Co-Founder, CyberGymOfir Hason, CEO & Co-Founder, CyberGym (Israel)

Israel is perceived as a world leader in cyber capabilities. In a report that examined the cyber preparedness of twenty-three countries, Israel received the highest score (4.5 stars out of 5). Israel has become a cybersecurity powerhouse at the centre of an $82 billion industry. Last year it exported $6.5 billion in cybersecurity products and convinced more than 30 multinationals to open local R&D centres. Current estimates reveal Israel has about 20% of the global private cybersecurity investment. Israel is constantly under attack. The secret to their existence is having technological superiority to their enemies. Cyber is not an exception. Developing operational capabilities in the cyber arena is essential to safeguarding Israel's national strength. Its economy and its future as a democratic and open society depend largely on the capability to protect the country's vital computer networks from any disruption of normal life. In this presentation, Ofir will discuss Israel's strategic positioning as a cybersecurity leader:

  • The government as coordinator.
  • The government as a business catalyst
  • Investing in human capital
  • Making the military a start-up incubator and accelerator
  • Innovative approach: thinking outside the (cyber) box
Total Wipe Out: What could happen if cyber criminals successfully attacked a country's critical infrastructure systems?

Veronica Schmitt, Lead Forensic Analyst, DFIR LabsVeronica Schmitt, Lead Forensic Analyst, DFIR Labs

Cyber warfare can be described as digital attacks which are aimed against a country or nation in order to cause disruption to the computer systems which are associated with critical infrastructure. The aim of a cyber war like this would be to create the most significant damage, potential death, destruction and/or total anarchy. The term "BlackOut" is used in hacker circles to refer to a plan to cause a total blackout within a country or nation of all critical infrastructure. With the ever-increasing interconnectivity of a country's critical infrastructure, it's possible that a country could experience BlackOut and be crippled within a month. This presentation will be in the format of a reenactment of a theoretical BlackOut plan on a fictional country, "Barony of Mejis", by using information and tooling that is freely available on the Internet. The presentation will be given around a set timeline indicating a high-level approach to a BlackOut plan. All targets will be applicable in real life, and based on realistic systems, but will be fictionalised.

  • Understanding the Internet of "hackable" Things
  • Understanding how critical infrastructure is connected to the Internet
  • Understanding the vulnerabilities within these systems
  • Insights into a BlackOut plan and getting into the mind of cyber war criminals
  • Using examples of real-world hacks which have taken place
Panel discussion Assessing SA's national cyber risk 'thermometer' - what is our national risk level and how prepared are we in the case of an attack?

Moderator: Craig Rosewarne, Managing director, Wolfpack Information RiskCraig Rosewarne, Managing Director, Wolfpack Information Risk
Gerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve Bank (SARB)
Kalyani Pillay, CEO, South African Banking Risk & Information Centre (SABRIC)
Mike Silber, General Counsel & Group Head: Regulatory, Liquid Telecom
Dr Kiru Pillay, Chief Director: Cybersecurity Operations, Department of Telecommunications and Postal Services
Kovelin Naidoo, Mr Robot, FNB

The probability and impact of cyber-attacks was rated as the top man-influenced risk facing countries and organisations in the recent 2018 World Economic Forum Global Risks Landscape report. The health, safety, security, economic well-being of citizens, effective functioning of government, and perhaps even the survival of the industrialised world, relies heavily upon interconnected critical systems. A country may experience widespread disruption or even loss of human life if these systems become inoperable. South African organisations responsible for critical infrastructure need to have a consistent and iterative risk-based approach towards identifying, assessing and managing cybersecurity risk. During this facilitated discussion, Craig will engage with key public and private sector stakeholders to discuss:

  • The current cyber risk challenges facing SA
  • Who are the main public and private institutions accountable at a national level?
  • What is the current state of our country's readiness to mitigate these threats?
  • Proposed initiatives and timelines and possible opportunities for joint public/private partnerships
Lunch and exhibition visit

Track One - Strategy and User Awareness

This track takes a strategic look at implementing a business-driven cyber security plan and where the responsibility for cyber security should sit within your organisation. It also examines how to raise awareness of cyber security throughout your business, from the boardroom to the shop-floor.

Case study Developing a business-driven security strategy around prevention, detection, response and recovery

Gerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve BankGerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve Bank (SARB)

    Defining the reference framework from the technical level to executive level so that everyone understands the issues
  • Balancing the need for a tactical approach to plug any immediate threats while putting in place a proactive strategy for cybersecurity
  • Thinking like a hacker: identifying the systems/data that drive your business that could be attacked
  • Understanding what tools you need and ensuring that they are operationalised properly
  • How do you ensure that your security plan demonstrates a visible increase in security after implementation?
Case study Where does cybersecurity belong in your organisation? Creating the right culture and structure to enable cybersecurity to be effective

 Alex Bowdler, IT Operations & Security Manager, Aspen Pharmacare

  • What are the pros and cons of locating cybersecurity within the following departments:
    • Risk
    • Operations
    • IT
    • Physical security
  • Who is responsible for what? Creating appropriate reporting lines specific to your organisation and separating the governance of cybersecurity from its implementation
  • Ensuring collaboration across all the different departments and encouraging the person responsible for cybersecurity to share information
  • Getting the culture right: creating an environment of openness and transparency in order to manage the organisational risk
  • Creating an agile structure for a fast response, e.g. emergency procurement processes
  • What are the pros and cons of outsourcing the CISO function and cybersecurity services?
Cybersecurity: Increasing your reputational resilience

Marina Bidoli, Partner and Head, Brunswick, South AfricaMarina Bidoli, Partner and Office Head, Brunswick South Africa

"When, not if" has long been a stark warning from cyber experts and regulators. Despite growing awareness that businesses can be brought to a standstill, too many organisations still do not take adequate steps to prepare in advance for a cyber breach or significant data incident. The reputational impact of a poor response can be severe, compounding the initial financial and operational impacts. Trust in leadership and the brand is eroded and badly handled communications can worsen the situation. It becomes a case of "You should have seen this coming. You should have been better prepared. Why did you not protect my information?" Recent Brunswick Insight research shows that, fairly or unfairly, there is much finger pointing, with the brunt of the blame for a cyber incident falling on the victim of the attack not the perpetrator. There has also been an increase in class action suits and, in significant breaches, the resignations of either their CEO, CISO and/or Head of Legal. So what does one do in such a toxic environment? In this presentation the speaker, Marina Bidoli, will look at reputational aspects of cyber breaches. She will provide some highlights of what works, and what does not.

  • Preparation pays: how can you prepare for a cybersecurity breach?
  • Toolkits, messaging, stakeholder maps and simulations matter: what should you have ready for a rapid response?
  • Case studies and tips on how best to navigate through the crisis
  • Steps needed to rebuild reputation and regain trust
Afternoon refreshments and exhibition visit
Panel discussion How do you increase user awareness and keep your workforce 'cyberfit'?

Moderator: Jenny Mohanlall, CEO, RITS-SAJenny Mohanlall, CEO, RITS-SA
Julian Ramiah, Group Chief Information Security Officer, Liberty Holdings
Kobus Pienaar, CIO, Vedanta Zinc International
Venisha Nayagar, Director: Information Security and Risk Management, CRYPT IT
Wayne Theron, Information Security Manager, BankservAfrica

  • Understanding cyberpsychology: what is the impact of human behaviour on security within your organisation?
  • How do you demonstrate to users the risks on a business and personal level, e.g. what happens if you click on a link?
  • How do you design and implement an effective, ongoing phishing awareness campaign?
  • Creating a culture of reporting security incidents based on trust and understanding rather than fear
Cyber insurance: what are the benefits and what to look out for when choosing a cyber insurance product?

Ryan van de Coolwijk, Product Champion: Cyber, ITOO Special RisksRyan van de Coolwijk, Product Champion: Cyber, ITOO Special Risks

  • Examining the benefits of cyber insurance: what does it cover?
  • Understanding how a cyber insurance policy helps to mitigate risk exposure in the case of a breach
  • What should you look out for when choosing a cyber insurance policy? What questions should you ask?
  • What do cyber insurance providers look for when deciding whether to provide coverage and what level?
Closing remarks from the Chair and End of Day One
Official event cocktail function sponsored by Cisco

Track Two - Governance, Risk, Compliance and Regulation

This track will provide an update on all the current and proposed legislation around cyber security, most notably, the Cybercrimes Bill. It also examines the need to quantify your cyber risk and how to empower your internal audit team to assist with cyber security.

Track Chair: Corien Vermaak, Cybersecurity Specialist, CiscoCorien Vermaak, CyberSecurity Specialist, Cisco

Quantifying cyber risk - bridging the divide between technology and the Board

Johan Botha, Chair, South Africa Chapter, FAIR InstituteJohan Botha, Chair, South Africa Chapter, FAIR Institute

Cybersecurity is being considered as a top-three risk by most organisations today as cyber-attacks, online fraud and internal threats make a material impact on their businesses. And, while boards and executives expect to be informed about cyber risk, they are not getting the answers they want. Too often, cyber risk reporting is filled with technical jargon and colourful but hard to understand risk registers and heat maps. Those responsible for cybersecurity - from the Board and the CEO on down - are urgently looking for better ways to measure and report risk that will enable well-informed decision-making, regarding questions such as:

  • What are the organisation's top cyber risks and how much exposure do they represent expressed in financial terms?
  • Which cyber risk management investments matter most?
  • Are they investing enough (or too much) in cyber risk management?

This presentation will provide an overview of a pragmatic solution and approach to cyber risk quantification that is based on the Open Group's Open FAIR risk quantification standard that enables Chief Information Security and Chief Risk Officers with the means to bridge the divide between IT and information security on the one side, and the Board and executive management on the other. Open FAIR provides a model for understanding, analysing and measuring information risk in financial terms, thereby addressing the current challenges of cyber risk reporting and enabling the organisation to prioritise effectively, making trade-offs and choosing cost-effective cyber risk mitigation solutions.

  • Understanding the current challenges to measuring and reporting cyber risk
  • Examining a solution to quantifying cyber risk that enables well-informed cyber risk decision-making
  • Understand how the FAIR methodology, coupled with software, can empower information security and risk professionals to improve cyber risk reporting
Developing a cybersecurity programme based on the NIST framework

Raymond du Plessis, Senior Managing Consultant, Mobius ConsultingRaymond du Plessis, Senior Managing Consultant, Mobius Consulting

The NIST Cybersecurity Framework is being adopted by many organisations because it focuses on the key capabilities required to identify, protect, detect, respond and recover from cyber related threats and incidents. However, improving cybersecurity capabilities comes with a significant investment, which is why some companies are reluctant to fully adopt the framework. During this talk Raymond will discuss using the framework to develop a risk-based approach for cybersecurity improvements that will help motivate the investment required. This presentation will include the high-level steps you can use to go from developing a threat profile, performing an initial assessment, through to developing your improvement programme. The presentation will also include some of the key aspects to consider for your improvement programme and the adoption of the framework such as operational capacity, prioritisation, budget and programme governance.

  • Using the NIST Cybersecurity Framework to assess your organisation's current capabilities and threat profile
  • The high-level steps to take when developing a cybersecurity programme
  • Aspects to consider for your improvement programme
An update on the Cybercrimes Bill

Corien Vermaak, Cybersecurity Specialist, CiscoCorien Vermaak, CyberSecurity Specialist, Cisco

  • Examining the latest version of the Cyber Crimes Bill: what does and doesn't it cover? When will it be passed into law?
  • How will the broad phrasing in the Bill impact CIOs and companies, i.e. to what extent could they become criminals based on their use and handling of data?
  • Does this legislation go far enough to address the issues that SA is currently facing in terms of cyber crime and cybersecurity? What more needs to be done from a policy/legislative point of view?
  • Comparing the Bill with equivalent international legislation – what is done globally?
Afternoon refreshments and exhibition visit
Achieving compliance with security and privacy regulations: POPIA & GDPR

Yvette du Toit, Senior Manager, EY

  • An update on GDPR and POPIA: when will POPIA come into force? What has been the impact so far of GPDR on South African-based companies?
  • Comparing GDPR and POPIA: to what extent do they overlap? If they both apply to the same information, which piece of legislation will prevail?
  • Understanding the need for your organisation's approach to PoPIA and GDPR to be driven by the Board and not IT
  • How will POPIA and GDPR be enforced?
  • If GDPR applies to your organisation, do you need to appoint an EU-based representative?
Security ratings: Enabling organisations to focus on measurable cyber risk reduction

Ewen O’Brien, VP EMEA, Enterprise Sales, BitSight Technologies

In this presentation you will learn ideas and best practice for effective conversations on risk with your security teams, board members, business partners, insurers and regulators:

  • How security ratings help organisations measure, manage and report on cybersecurity performance
  • Monitoring critical 3rd party suppliers for the identification of concentration risk (4th parties) and hidden dependencies
  • Benchmarking - How are 'we' doing... especially compared to our peers and competitors?
Closing remarks from the Chair and End of Day One
Official event cocktail function sponsored by Cisco

Track Three - Trends Impacting Security

This track will focus on the latest technology developments and the implications they have for information and cyber security. Some of the subjects covered include: AI, blockchain, cloud, IOT, containerisation, mobile devices, DevSecOps and much more.

Track Chair: Cyber security and enterprise risk management, Old MutualWinston Hayden, Independent Management Consultant and Advisor

Cloud security: how does the traditional security model need to change for cloud services?

James BrownJames Brown, Head of Product, Cloud Security, EMEAR, Cisco

We live in a cloud-first world. What's more, that world increasingly leans on multiple clouds for success. Whether it's public, private or hybrid environments, organisations are leveraging the benefits of the multi-cloud world to drive operational efficiencies, scale quickly and expand growth. Multiple clouds allow for greater flexibility, and the ability to leverage the most appropriate cloud-services from different providers. Many organizations are turning to SDWAN as a solution, but how do you deploy effective security in this model? What risks does this present? Join us as we explore how a vision of "visibility and protection everywhere" can be realized to secure access and usage of the cloud and give organisations confidence that all employees and data are protected.

Bridging points to a Cloud Access Security Broker (CASB): the roles of Web and DLP

Craig McGee, Senior Sales Engineer, ForcepointCraig McGee, Sales Engineer – Sub Saharan Africa, Forcepoint

CASB is a big discussion point in organizations and companies worldwide. There is a huge push for it, but there is still some caution to embracing CASB. Have companies understood the correct reason to deploying a CASB in their environment? Some might not know how to do it. Forcepoint believes that Web and DLP play a significant part in a CASB journey and that these two historic assets must not be overlooked as the starting points for a CASB journey. Web and DLP will support the adoption of CASB. In the presentation we will unpack Web and DLP and the roles that they should be playing in the initial phases for CASB adoption. DLP will ensure that you have your data controls in place as you start your CASB journey. Web will help ease the CASB journey by easily moving Manger Users inline into the CASB service:

  • DLP will be a determining factor in determining the pass/fail of onboarding CASB
  • Use the Web egress point to seamlessly onboard corporate personal into your CASB environment
Case study Securing your IoT architecture

Prof. Ernest Ketcha Ngassam, General Manager: Information Security Architecture & Technical Excellence, MTN

IoT is one of the biggest new developments in IT, with growth expected to reach billions of devices in the short term. There is, however, a major gap in understanding of security for IoT. Many first-wave IoT systems are showing significant security weaknesses and security is often recognized as one of the key blockers to successful IoT deployments. This presentation will provide guidance on the following:

  • Meeting the security challenges of an 'extended enterprise' construct – connected devices and systems which now form part of an organisation's infrastructure
  • What is the potential impact of a breach/failure on the business?
  • How is security being built into the back-end of IoT systems and devices?
  • Designing an end-to-end enterprise architecture to ensure the security of your IoT deployment
Afternoon refreshments and exhibition visit
Whose responsibility is cloud security?

Senior representative, Redstor

Who is responsible for cloud security? Most view it as a shared responsibility between the vendor and the business. However, the business is ultimately responsible for securing its own data. The concern over data exposure has made cloud security a priority, but the challenge has become balancing the organisation’s need for agility while boosting the security of applications and the data as it moves between the various clouds. This presentation will examine the following issues:

  • How secure is your data?
  • To what extent do SaaS vendors' native tools support backup and recovery?
  • There is a common misconception held by some IT professionals that cloud services do not need to have a backup: why this isn't the case
  • Why believing that a SaaS vendor has taken care of your backup is a dangerous assumption - particularly when data has been deleted, but it’s gone unnoticed for a while
  • Seven reasons why it’s important to have a diverse backup strategy
  • What does a diverse backup strategy look like?
Leveraging application integrity management to prevent insider threats

Maeson Maherry, Chief Technology Officer, LawtrustMaeson Maherry, Chief Solutions Officer, LAWtrust

Insider threats or employee fraud can have a devastating impact on a company's bottom line performance because of the legitimate access they have to critical functions in business systems. This presentation will cover a method of applying security technology to change the behaviour and prevent the occurrence of insider fraud in the first place. Maeson will reveal how experience built up in national security and financial applications over the years has led to the development of an approach to application integrity coupled with human integrity, through the use of biometric strong authentication, along with digitally-signed and timestamped data, which is then retained as original evidence without the risk of repudiation from the user.

Closing remarks from the Chair and End of Day One
Official event cocktail function sponsored by Cisco

Track Four - Blue team strategies

This track will focus on the defensive tools, technologies and strategies that your blue team should be considering. Topics such as EDR, incident response, threat hunting and building an SOC will be covered.

Panel discussion: Demystifying ‘Next-Generation’ security: a systematic approach

Senior representative, Networks Unlimited

Next-generation security technologies have shifted the paradigm of the industry. The need for organisations to have a systematic security posture has become a mission-critical objective. The market is saturated with solutions and services, so how do consumers choose an offering which will offer the best protection possible? Are these next-generation products really the future, or has this become a marketing ploy to differentiate themselves? Have traditional security technologies failed, leading to the emergence of next-generation solutions? In order to develop a strong security posture, this “Next-Generation” term needs to be demystified and broken down. This presentation will take a systematic approach to the following next-generation security solutions:

  • Perimeter Protection
  • Antivirus & Endpoint Detection and Response
  • Deception
  • Data Recovery
Privileged Account Management (PAM) 101: the PAM Journey for enterprise business

Joseph Carson, Chief Security Scientist and Advisory CISO, ThycoticJoseph Carson, Chief Security Scientist and Advisory CISO, Thycotic

With so many recent high-profile breaches accomplished through compromising passwords on privileged accounts, Privileged Access Management (PAM) is now everyone’s priority (Gartner places it at the top of the list for 2018/2019). But where do you start? And how do you know which PAM solution will work best to protect your organization without sacrificing productivity? This session will be a brief journey through the PAM lifecycle to get you quickly up to speed on:

  • Best practices for evaluating your current PAM practices and where to start
  • How to automatically discover and manage credentials across your network
  • How to demonstrate regulatory compliance with automated reporting
Effective breach defence through cybersecurity frameworks

Brett Skinner, Security Sales Manager South Africa, Micro FocusBrett Skinner, Security Sales Manager South Africa, Micro Focus

This presentation will expose the audience to the advantages that come from basing your enterprise security strategy on a broader framework. Why? The reason being, frameworks provide a common lexicon to consider internally, and with customers or investors, the cybersecurity risks and priorities that challenge the enterprise. A solid cybersecurity framework helps you to validate the controls and processes already in place, and identify which areas require more investing to improve technology, people or processes. In this presentation you will learn:

  • How to implement a cyber security framework
  • Why it is imperative that you have a cyber security framework
  • Case study unveiled
Afternoon refreshments and exhibition visit
Crawl, monitor, walk, detect, run like heck! Examining the stages of building and executing a threat hunting programme

O'Shea Bowens, Founder and CEO, Null Hat Security (USA) O'Shea Bowens, Founder & CEO, Null Hat Security (USA)

As organizations are forced to combat threats in numerous vectors its forced defenders to rethink our tactics. Technology such as firewall, SIEMS, and DLP are all but standard, but meant to aid in detecting attacks. Once attacks occur and have slipped past the radar it's time to enter the world of threat hunting to discover attacker motives. Let us discuss how to leverage attacker techniques coupled with threat intelligence and incident response to foster active threat hunting engagements. This session will foster examples of tracing attacker movements, edging attackers out of your network, and creating proactive countermeasures. This session will focus on important strategies, tools, techniques and planning to consider for your hunting engagements. We will highlight realities of the relationship between incident response, cyber threat intelligence and threat hunting, as well as provide real world examples of identifying attacker methodologies.

Watch this space!
Closing remarks from the Chair and End of Day One
Official event cocktail function sponsored by Cisco

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Security Survey & Executive Roundtable Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor


Endorsed by


pDBException: [1]: Database not defined