Agenda day 1Tuesday 28 May 2019 - Sandton Convention Centre

Arrival and registration
Opening remarks from the Chair

Nastassia Arendse, Host, ClassicFM and Business Day TVNastassia Arendse, Host, ClassicFM & Business Day TV

Opening Keynote Address: South Africa has a security problem

Charl van der Walt, chief strategy officer, SecureData SensePostCharl van der Walt, Chief Strategy Officer, SecureData SensePost (UK)

  • What victories have been achieved from a defender point of view?
  • What advancements have been made?
  • What progress has been made in terms of the push towards better identity and authentication management/processes (MFA)?
  • What positive impact have regulation and compliance requirements such as GDPR had?
International Keynote Address: Unbelievable stories of cyber-horror

Graham Cluley, Independent computer security expert, public speaker, co-host of Smashing Security podcastGraham Cluley, Independent Security Expert (UK)

Every day we read headlines of data breaches, hacks, and malware attacks. Often they're identikit newspaper stories where you could easily just change the names of the companies involved and the number of customer records they have had stolen from them. But every now and then something extraordinary happens. Like the companies who pretended to be hacked when they weren't, or the attackers who went to extraordinary lengths to steal millions from their employers. In this presentation, computer security veteran Graham Cluley explores some of the surprising and unusual ways that companies have been hacked, and the craziest things tech companies have done to put our data at risk.

  • How hacked companies exploit the media to boost their brand
  • How to cheat at the lottery and win $14.3 million
  • Recognising the insider threat
  • You won't survive unless you're sceptical
International Keynote Address: The future of security analytics: from static lists to machine learning

TK Keanini, Distinguished Engineer, Advanced Threat Solutions, CiscoTK Keanini, Distinguished Engineer, Advanced Threat Solutions, Cisco (USA)

As we look back 20 years, what and how we defended our digital business was drastically different, yet the analytical outcome remains the same: detect and remediate threats in a timely manner. Threat actors have evolved, our environments have changed to include everything from traditional data centres to public clouds, network sessions are dark to direct inspection, and as a result, security analytics has had to innovate to keep pace. You should not have to be a data scientist to be an educated consumer of these advanced analytical techniques. In this talk, we will quickly review what machine learning is and set a foundation for talking about the different techniques, but more importantly, when to use it in certain applications and when not to use it. You will leave with six simple questions every security vendor applying machine learning should be able to answer and you will be a more educated consumer of this technology.

Morning refreshments and exhibition visit
International Keynote Address: Israel's strategic response to the cyber threat

Ofir Hason, CEO and Co-Founder, CyberGymOfir Hason, CEO & Co-Founder, CyberGym (Israel)

Israel is perceived as a world leader in cyber capabilities. In a report that examined the cyber preparedness of twenty-three countries, Israel received the highest score (4.5 stars out of 5). Israel has become a cybersecurity powerhouse at the centre of an $82 billion industry. Last year it exported $6.5 billion in cybersecurity products and convinced more than 30 multinationals to open local R&D centres. Current estimates reveal Israel has about 20% of the global private cybersecurity investment. Israel is constantly under attack. The secret to their existence is having technological superiority to their enemies. Cyber is not an exception. Developing operational capabilities in the cyber arena is essential to safeguarding Israel's national strength. Its economy and its future as a democratic and open society depend largely on the capability to protect the country's vital computer networks from any disruption of normal life. In this presentation, Ofir will discuss Israel's strategic positioning as a cybersecurity leader:

  • The government as coordinator.
  • The government as a business catalyst
  • Investing in human capital
  • Making the military a start-up incubator and accelerator
  • Innovative approach: thinking outside the (cyber) box
Total Wipe Out: What could happen if cyber criminals successfully attacked a country's critical infrastructure systems?

Veronica Schmitt, Lead Forensic Analyst, DFIR LabsVeronica Schmitt, Lead Forensic Analyst, DFIR Labs

Cyber warfare can be described as digital attacks which are aimed against a country or nation in order to cause disruption to the computer systems which are associated with critical infrastructure. The aim of a cyber war like this would be to create the most significant damage, potential death, destruction and/or total anarchy. The term "BlackOut" is used in hacker circles to refer to a plan to cause a total blackout within a country or nation of all critical infrastructure. With the ever-increasing interconnectivity of a country's critical infrastructure, it's possible that a country could experience BlackOut and be crippled within a month. This presentation will be in the format of a reenactment of a theoretical BlackOut plan on a fictional country, "Barony of Mejis", by using information and tooling that is freely available on the Internet. The presentation will be given around a set timeline indicating a high-level approach to a BlackOut plan. All targets will be applicable in real life, and based on realistic systems, but will be fictionalised.

  • Understanding the Internet of "hackable" Things
  • Understanding how critical infrastructure is connected to the Internet
  • Understanding the vulnerabilities within these systems
  • Insights into a BlackOut plan and getting into the mind of cyber war criminals
  • Using examples of real-world hacks which have taken place
Panel discussion Assessing SA's national cyber risk 'thermometer' - what is our national risk level and how prepared are we in the case of an attack?

Moderator: Craig Rosewarne, Managing director, Wolfpack Information RiskCraig Rosewarne, Managing Director, Wolfpack Information Risk
Gerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve Bank (SARB)
Susan Potgieter, Head: Strategic Services, SABRIC
Mike Silber, General Counsel & Group Head: Regulatory, Liquid Telecom
Dr Kiru Pillay, Chief Director: Cybersecurity Operations, Department of Telecommunications and Postal Services
Kovelin Naidoo, Cyber Security Officer, First Rand Group

The probability and impact of cyber-attacks was rated as the top man-influenced risk facing countries and organisations in the recent 2018 World Economic Forum Global Risks Landscape report. The health, safety, security, economic well-being of citizens, effective functioning of government, and perhaps even the survival of the industrialised world, relies heavily upon interconnected critical systems. A country may experience widespread disruption or even loss of human life if these systems become inoperable. South African organisations responsible for critical infrastructure need to have a consistent and iterative risk-based approach towards identifying, assessing and managing cybersecurity risk. During this facilitated discussion, Craig will engage with key public and private sector stakeholders to discuss:

  • The current cyber risk challenges facing SA
  • Who are the main public and private institutions accountable at a national level?
  • What is the current state of our country's readiness to mitigate these threats?
  • Proposed initiatives and timelines and possible opportunities for joint public/private partnerships
International Keynote Address: Increase your security posture using cloud-driven visibility

Henrik Johansson, Principal – Office of the CISO, Amazon Web ServicesHenrik Johansson, Principal – Office of the CISO, Amazon Web Services

Learn how cloud technology can super charge your security by providing visibility into your entire infrastructure and everything going on. Understand why that old server under the desk that no one knows about is no longer a threat since you can’t hide unwanted resources in the cloud.
We will cover areas like:

  • Why visibility is fundamental for secure workloads
  • What is visibility vs auditability
  • Understanding the role of managed services in offloading your security team
Lunch and exhibition visit

Track One - Strategy and User Awareness

This track takes a strategic look at implementing a business-driven cyber security plan and where the responsibility for cyber security should sit within your organisation. It also examines how to raise awareness of cyber security throughout your business, from the boardroom to the shop-floor.

Track Chair:

Craig Rosewarne, Managing director, Wolfpack Information RiskCraig Rosewarne, Managing Director, Wolfpack Information Risk

Case study Developing a business-driven security strategy around prevention, detection, response and recovery

Gerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve BankGerhard Cronje, Head: Cyber and Information Security Unit, South African Reserve Bank (SARB)

    Defining the reference framework from the technical level to executive level so that everyone understands the issues
  • Balancing the need for a tactical approach to plug any immediate threats while putting in place a proactive strategy for cybersecurity
  • Thinking like a hacker: identifying the systems/data that drive your business that could be attacked
  • Understanding what tools you need and ensuring that they are operationalised properly
  • How do you ensure that your security plan demonstrates a visible increase in security after implementation?
Case study Where does cybersecurity belong in your organisation? Creating the right culture and structure to enable cybersecurity to be effective

 Alex Bowdler, IT Operations & Security Manager, Aspen Pharmacare

  • What are the pros and cons of locating cybersecurity within the following departments:
    • Risk
    • Operations
    • IT
    • Physical security
  • Who is responsible for what? Creating appropriate reporting lines specific to your organisation and separating the governance of cybersecurity from its implementation
  • Ensuring collaboration across all the different departments and encouraging the person responsible for cybersecurity to share information
  • Getting the culture right: creating an environment of openness and transparency in order to manage the organisational risk
  • Creating an agile structure for a fast response, e.g. emergency procurement processes
  • What are the pros and cons of outsourcing the CISO function and cybersecurity services?
Afternoon refreshments and exhibition visit
Cybersecurity: Increasing your reputational resilience

Marina Bidoli, Partner and Head, Brunswick, South AfricaMarina Bidoli, Partner and Office Head, Brunswick South Africa

"When, not if" has long been a stark warning from cyber experts and regulators. Despite growing awareness that businesses can be brought to a standstill, too many organisations still do not take adequate steps to prepare in advance for a cyber breach or significant data incident. The reputational impact of a poor response can be severe, compounding the initial financial and operational impacts. Trust in leadership and the brand is eroded and badly handled communications can worsen the situation. It becomes a case of "You should have seen this coming. You should have been better prepared. Why did you not protect my information?" Recent Brunswick Insight research shows that, fairly or unfairly, there is much finger pointing, with the brunt of the blame for a cyber incident falling on the victim of the attack not the perpetrator. There has also been an increase in class action suits and, in significant breaches, the resignations of either their CEO, CISO and/or Head of Legal. So what does one do in such a toxic environment? In this presentation the speaker, Marina Bidoli, will look at reputational aspects of cyber breaches. She will provide some highlights of what works, and what does not.

  • Preparation pays: how can you prepare for a cybersecurity breach?
  • Toolkits, messaging, stakeholder maps and simulations matter: what should you have ready for a rapid response?
  • Case studies and tips on how best to navigate through the crisis
  • Steps needed to rebuild reputation and regain trust
Panel discussion How do you increase user awareness and keep your workforce 'cyberfit'?

Moderator: Jenny Mohanlall, CEO, RITS-SAJenny Mohanlall, CEO, RITS-SA
Julian Ramiah, Group Chief Information Security Officer, Liberty Holdings
Kobus Pienaar, CIO, Vedanta Zinc International
Venisha Nayagar, Director: Information Security and Risk Management, CRYPT IT
Wayne Theron, Information Security Manager, BankservAfrica

  • Understanding cyberpsychology: what is the impact of human behaviour on security within your organisation?
  • How do you demonstrate to users the risks on a business and personal level, e.g. what happens if you click on a link?
  • How do you design and implement an effective, ongoing phishing awareness campaign?
  • Creating a culture of reporting security incidents based on trust and understanding rather than fear
Cyber insurance: what are the benefits and what to look out for when choosing a cyber insurance product?

Ryan van de Coolwijk, Product Champion: Cyber, ITOO Special RisksRyan van de Coolwijk, Product Champion: Cyber, ITOO Special Risks

  • Examining the benefits of cyber insurance: what does it cover?
  • Understanding how a cyber insurance policy helps to mitigate risk exposure in the case of a breach
  • What should you look out for when choosing a cyber insurance policy? What questions should you ask?
  • What do cyber insurance providers look for when deciding whether to provide coverage and what level?
Closing remarks from the Chair and official networking cocktail function

Track Two - Governance, Risk, Compliance and Regulation

This track will provide an update on all the current and proposed legislation around cyber security, most notably, the Cybercrimes Bill. It also examines the need to quantify your cyber risk and how to empower your internal audit team to assist with cyber security.

Track Chair: Corien Vermaak, Cybersecurity Specialist, CiscoCorien Vermaak, CyberSecurity Specialist, Cisco

Case study Integrated Risk Management - automating peace of mind

Alec Davis, Chief Information Officer, Growthpoint Properties
Lee Bristow, Chief Technology Officer, Phinity Risk Solutions

This case study presentation will examine how the implementation of integrated risk management at Growthpoint allowed them to identify, manage and remediate high risk third parties and provided them with the process, automation and evidence required to achieve compliance to their standards.

Developing a cybersecurity programme based on the NIST framework

Raymond du Plessis, Senior Managing Consultant, Mobius ConsultingRaymond du Plessis, Senior Managing Consultant, Mobius Consulting

The NIST Cybersecurity Framework is being adopted by many organisations because it focuses on the key capabilities required to identify, protect, detect, respond and recover from cyber related threats and incidents. However, improving cybersecurity capabilities comes with a significant investment, which is why some companies are reluctant to fully adopt the framework. During this talk Raymond will discuss using the framework to develop a risk-based approach for cybersecurity improvements that will help motivate the investment required. This presentation will include the high-level steps you can use to go from developing a threat profile, performing an initial assessment, through to developing your improvement programme. The presentation will also include some of the key aspects to consider for your improvement programme and the adoption of the framework such as operational capacity, prioritisation, budget and programme governance.

  • Using the NIST Cybersecurity Framework to assess your organisation's current capabilities and threat profile
  • The high-level steps to take when developing a cybersecurity programme
  • Aspects to consider for your improvement programme
Afternoon refreshments and exhibition visit
An update on the Cybercrimes Bill

Corien Vermaak, Cybersecurity Specialist, CiscoCorien Vermaak, CyberSecurity Specialist, Cisco

  • Examining the latest version of the Cyber Crimes Bill: what does and doesn't it cover? When will it be passed into law?
  • How will the broad phrasing in the Bill impact CIOs and companies, i.e. to what extent could they become criminals based on their use and handling of data?
  • Does this legislation go far enough to address the issues that SA is currently facing in terms of cyber crime and cybersecurity? What more needs to be done from a policy/legislative point of view?
  • Comparing the Bill with equivalent international legislation – what is done globally?
Achieving compliance with security and privacy regulations: POPIA & GDPR

Yvette du Toit, Senior Manager, EY

  • An update on GDPR and POPIA: when will POPIA come into force? What has been the impact so far of GPDR on South African-based companies?
  • Comparing GDPR and POPIA: to what extent do they overlap? If they both apply to the same information, which piece of legislation will prevail?
  • Understanding the need for your organisation's approach to PoPIA and GDPR to be driven by the Board and not IT
  • How will POPIA and GDPR be enforced?
  • If GDPR applies to your organisation, do you need to appoint an EU-based representative?
Security ratings: Enabling organisations to focus on measurable cyber risk reduction

Russell Budworth, Sales Director, BitSight Technologies

In this presentation you will learn ideas and best practice for effective conversations on risk with your security teams, board members, business partners, insurers and regulators:

  • How security ratings help organisations measure, manage and report on cybersecurity performance
  • Monitoring critical 3rd party suppliers for the identification of concentration risk (4th parties) and hidden dependencies
  • Benchmarking - How are 'we' doing... especially compared to our peers and competitors?
Closing remarks from the Chair and official networking cocktail function

Track Three - Trends Impacting Security

This track will focus on the latest technology developments and the implications they have for information and cyber security. Some of the subjects covered include: AI, blockchain, cloud, IOT, containerisation, mobile devices, DevSecOps and much more.

Track Chair: Cyber security and enterprise risk management, Old MutualWinston Hayden, Independent Management Consultant and Advisor

Cloud security: how does the traditional security model need to change for cloud services?

James BrownJames Brown, Head of Product, Cloud Security, EMEAR, Cisco

We live in a cloud-first world. What's more, that world increasingly leans on multiple clouds for success. Whether it's public, private or hybrid environments, organisations are leveraging the benefits of the multi-cloud world to drive operational efficiencies, scale quickly and expand growth. Multiple clouds allow for greater flexibility, and the ability to leverage the most appropriate cloud-services from different providers. Many organizations are turning to SDWAN as a solution, but how do you deploy effective security in this model? What risks does this present? Join us as we explore how a vision of "visibility and protection everywhere" can be realized to secure access and usage of the cloud and give organisations confidence that all employees and data are protected.

Bridging points to a Cloud Access Security Broker (CASB): the roles of Web and DLP

Craig McGee, Senior Sales Engineer, ForcepointCraig McGee, Sales Engineer – Sub Saharan Africa, Forcepoint

CASB is a big discussion point in organizations and companies worldwide. There is a huge push for it, but there is still some caution to embracing CASB. Have companies understood the correct reason to deploying a CASB in their environment? Some might not know how to do it. Forcepoint believes that Web and DLP play a significant part in a CASB journey and that these two historic assets must not be overlooked as the starting points for a CASB journey. Web and DLP will support the adoption of CASB. In the presentation we will unpack Web and DLP and the roles that they should be playing in the initial phases for CASB adoption. DLP will ensure that you have your data controls in place as you start your CASB journey. Web will help ease the CASB journey by easily moving Manger Users inline into the CASB service:

  • DLP will be a determining factor in determining the pass/fail of onboarding CASB
  • Use the Web egress point to seamlessly onboard corporate personal into your CASB environment
Afternoon refreshments and exhibition visit
Combatting today’s advanced attacker: key trends, predictions and the need for speed

Yassin Watlal, Regional System Engineering Manager, META, CrowdStrike Yassin Watlal, Regional System Engineering Manager, CrowdStrike

Nation state and e-crime attackers are getting much faster in breaking out inside the most protected environments and living “off-the-land” with malware-free attacks.
In this presentation you will learn about the latest tools and techniques to combat the planet’s most advanced attackers, including:

  • Real-world examples of how cybercriminals combine advanced, targeted attack techniques with ransomware to cause massive financial loss
  • Insights into global ‘breakout time’ metrics and achieving the “1-10’60” rule to defeat the adversary and prevent a mega breach
  • Hear about the most favoured TTPs observed over the last 12 months to predict what you should expect to see in 2019
Whose responsibility is cloud security?

Shaun Searle, Country Manager - Africa Regions, RedstorShaun Searle, Country Manager - African Regions, Redstor

Who is responsible for cloud security? Most view it as a shared responsibility between the vendor and the business. However, the business is ultimately responsible for securing its own data. The concern over data exposure has made cloud security a priority, but the challenge has become balancing the organisation’s need for agility while boosting the security of applications and the data as it moves between the various clouds. This presentation will examine the following issues:

  • How secure is your data?
  • To what extent do SaaS vendors' native tools support backup and recovery?
  • There is a common misconception held by some IT professionals that cloud services do not need to have a backup: why this isn't the case
  • Why believing that a SaaS vendor has taken care of your backup is a dangerous assumption - particularly when data has been deleted, but it’s gone unnoticed for a while
  • Seven reasons why it’s important to have a diverse backup strategy
  • What does a diverse backup strategy look like?
Leveraging application integrity management to prevent insider threats

Maeson Maherry, Chief Technology Officer, LawtrustMaeson Maherry, Chief Solutions Officer, LAWtrust

Insider threats or employee fraud can have a devastating impact on a company's bottom line performance because of the legitimate access they have to critical functions in business systems. This presentation will cover a method of applying security technology to change the behaviour and prevent the occurrence of insider fraud in the first place. Maeson will reveal how experience built up in national security and financial applications over the years has led to the development of an approach to application integrity coupled with human integrity, through the use of biometric strong authentication, along with digitally-signed and timestamped data, which is then retained as original evidence without the risk of repudiation from the user.

Closing remarks from the Chair and official networking cocktail function

Track Four - Blue team strategies

This track will focus on the defensive tools, technologies and strategies that your blue team should be considering. Topics such as EDR, incident response, threat hunting and building an SOC will be covered.

Track Chair:

Martin Potgieter, Technical Director, NCloseMartin Potgieter, Technical Director, NClose

Panel discussion: Demystifying ‘Next-Generation’ security: a systematic approach

Moderator: Stefan van de Giessen, General Manager - Cyber Security, Networks Unlimited
Panelists: Paul Williams, Country Manager, SADC & IOI, Fortinet
Ray Kafity, Vice President, META, Attivo Networks
Cas Liddle, Senior Solutions Architect, Thales eSecurity
Sam Linford, Regional Director, Carbon Black

Next-generation security technologies have shifted the paradigm of the industry. The need for organisations to have a systematic security posture has become a mission-critical objective. The market is saturated with solutions and services, so how do consumers choose an offering which will offer the best protection possible? Are these next-generation products really the future, or has this become a marketing ploy to differentiate themselves? Have traditional security technologies failed, leading to the emergence of next-generation solutions? In order to develop a strong security posture, this “Next-Generation” term needs to be demystified and broken down. This presentation will take a systematic approach to the following next-generation security solutions:

  • Perimeter Protection
  • Antivirus & Endpoint Detection and Response
  • Deception
  • Data Protection
Privilege: A matter of trust

Daniel Comarmond, Sales Engineer, Thycotic

While new malware often makes headlines, corporate credential phishing via e-mail increased over 300% between Q2 and Q3 of 2018. Privileged Identity and Access Management is still a challenge for many organisations. However, in the meantime that makes things easier for threat actors and malware to efficiently harvest privileged credentials, which could allow access to sensitive systems – and possibly fraud, if those sensitive systems are financial applications. This session will describe how the Privileged Account Management (PAM) journey helps keep your Privileged Accounts safe, and:

  • How to start identifying Privileged Accounts in your infrastructure
  • The stages of the PAM Maturity Model
  • How PAM can highlight trust between senior leadership and the workforce
Afternoon refreshments and exhibition visit
Effective breach defence through cybersecurity frameworks

Brett Skinner, Security Sales Manager South Africa, Micro FocusBrett Skinner, Security Sales Manager South Africa, Micro Focus

This presentation will expose the audience to the advantages that come from basing your enterprise security strategy on a broader framework. Why? The reason being, frameworks provide a common lexicon to consider internally, and with customers or investors, the cybersecurity risks and priorities that challenge the enterprise. A solid cybersecurity framework helps you to validate the controls and processes already in place, and identify which areas require more investing to improve technology, people or processes. In this presentation you will learn:

  • How to implement a cyber security framework
  • Why it is imperative that you have a cyber security framework
  • Case study unveiled
Crawl, monitor, walk, detect, run like heck! Examining the stages of building and executing a threat hunting programme

O'Shea Bowens, Founder and CEO, Null Hat Security (USA) O'Shea Bowens, Founder & CEO, Null Hat Security (USA)

As organizations are forced to combat threats in numerous vectors its forced defenders to rethink our tactics. Technology such as firewall, SIEMS, and DLP are all but standard, but meant to aid in detecting attacks. Once attacks occur and have slipped past the radar it's time to enter the world of threat hunting to discover attacker motives. Let us discuss how to leverage attacker techniques coupled with threat intelligence and incident response to foster active threat hunting engagements. This session will foster examples of tracing attacker movements, edging attackers out of your network, and creating proactive countermeasures. This session will focus on important strategies, tools, techniques and planning to consider for your hunting engagements. We will highlight realities of the relationship between incident response, cyber threat intelligence and threat hunting, as well as provide real world examples of identifying attacker methodologies.

The role of orchestration in incident response

Ashraf Abdelazim, Manager, MEA Threat Management Portfolio, IBM SecurityAshraf Abdelazim, Manager, MEA Threat Management Portfolio, IBM Security

Faced with an avalanche of alerts, insufficient staffing and a bewildering regulatory environment, it's no wonder that most organizations struggle to respond effectively to cyber attacks. Successfully resolving attacks requires fast, intelligent and decisive action - organizations need to have an orchestrated plan in place before an attack occurs. Indeed, the best organizations leverage an orchestrated response capability to achieve cyber resilience, the ability to weather the inevitable cyber attacks, as just another part of doing business. In this presentation we will explore the latest incident response methodology and technology. Can automation really save the day? Or are the naysayers correct that the automation cure is worse than the disease itself? From instant escalation, to automatic enrichment, to guided mitigation, Ashraf will explore the latest incident response techniques and share what works and what doesn't. Attendees will gain a framework for understanding their incident response capability and a maturity model for evaluating opportunities for orchestration/automation.

Closing remarks from the Chair and official networking cocktail function

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Security Survey & Executive Roundtable Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor


Endorsed by