Agenda day 2Wednesday 29 May 2019 - Sandton Convention Centre

Arrival and registration
Opening address from the Chair
International Keynote Address: Politics and power in cybersecurity: how cyber operations are intimately linked with geo-strategy

Pukhraj Singh, Security Operations and Threat Intelligence Practitioner/WriterPukhraj Singh, Security Operations & Threat Intelligence Practitioner (India)

  • Examining the collapsing precepts of nation-state sovereignty in cyberspace
  • A 'contested territory': 20 years of anxiety around the paradox of control in cyberspace
  • Understanding the structural dominance of offence: why offensive A-teams have a political architecture
  • Examining offensive mathematics and political lineage: exploitation as a technology tree
  • On opcodes and ontology
  • Analysing the gradual shift from declaratory to escalatory dominance
International Keynote address: Business and cybersecurity: the codependency

Pete Herzog, Managing Director, The Institute for Security and Open Methodologies (ISECOM) Pete Herzog, Managing Director, The Institute for Security and Open Methodologies (ISECOM) (Spain)

There is something quietly unsettling about cybersecurity. There is something pathetically optimistic about cybersafety. There's something nauseously helpless about being breached. Let's face it, cybersecurity is made from human suffering. We didn't know this when we got into it. With wide, shiny eyes we jumped in to do good. And like growing into adulthood, it slowly ate away our naïve joy. Your job is to secure operations. But nobody listens to you. There's no budget. Management keeps making bad security decisions that seem to sabotage your efforts. The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we're trying to protect. And that's where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse - shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new-found stance. This is how we get the thrill back from our jobs while lessening the pain: the technical, the managerial and the emotional.

International Keynote Address How to create proper cyber hygiene within your organisation – and why doing so is critical across all industries

Shira Rubinoff, President, SecureMySocial; President and Co-Founder, Prime Tech Partners (USA)Shira Rubinoff, President, SecureMySocial; President & Co-Founder, Prime Tech Partners (USA)

Over the past few years we have witnessed major data breaches – compromising billions of confidential records – at some of the most recognised brands around the world. Nearly all of these breaches shared one major contributing factor: human error. Human error that, in many cases, might have been preventable had all relevant people throughout the targeted organisation been practising proper cyber hygiene.
This keynote will explore how to dramatically reduce the likelihood of human error/insider threats both malicious and non-malicious - and the cybersecurity nightmares that it can create - and will cover four major components of establishing proper cyber hygiene: continuous training for all employees, global awareness and education, maintaining up-to-date security and patching and implementing a zero-trust model. It will also cover various aspects of employee demographics, will explore the difference – and conflict between - security culture vs compliance culture and examine the human dynamics ramifications for security of different management styles. Providing the right training and having your employees understand that they are part of the solution and not the problem when it comes to overall strong cyber hygiene in your organisation will lead to a secure environment and happy and loyal employees.

Morning refreshments and networking
International Keynote Address Levers of human deception: the science and methodology behind social engineering

Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4 (USA)Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4 (USA)

Over the past few years we have witnessed major data breaches – compromising billions of confidential records – at some of the most recognised brands around the world. Nearly all of these breaches shared one major contributing factor: human error. Human error that, in many cases, might have been preventable had all relevant people throughout the targeted organisation been practising proper cyber hygiene.
This keynote will explore how to dramatically reduce the likelihood of human error/insider threats both malicious and non-malicious - and the cybersecurity nightmares that it can create - and will cover four major components of establishing proper cyber hygiene: continuous training for all employees, global awareness and education, maintaining up-to-date security and patching and implementing a zero-trust model. It will also cover various aspects of employee demographics, will explore the difference – and conflict between - security culture vs compliance culture and examine the human dynamics ramifications for security of different management styles. Providing the right training and having your employees understand that they are part of the solution and not the problem when it comes to overall strong cyber hygiene in your organisation will lead to a secure environment and happy and loyal employees.

Case study living through a data breach (and how to make sure it doesn't happen again)

Henry Denner, Information Technology Security Officer, Gautrain Management AgencyHenry Denner, Information Technology Security Officer, Gautrain Management Agency

No matter how much security technology we purchase, we still face a fundamental security problem: people. This talk will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding. Perry Carpenter will provide fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers, to sophisticated social engineering and online scams. Additionally, he will look at how to ethically use the very same levers when educating your users:

  • The perception vs. reality dilemma
  • Understanding the OODA (Observe, Orient, Decide, Act) Loop
  • How social engineers and scam artists achieve their goals by subverting the OODA Loop's different components
  • How we can defend ourselves and our organisations
Lunch and networking

Track One - Blue team strategies

This track will focus on the defensive tools, technologies and strategies that your blue team should be considering. Topics such as EDR, incident response, threat hunting and building an SOC will be covered.

Understanding the different approaches to EDR – which one is right for you?

Jeremy Matthews, Regional manager, Panda Security AfricaJeremy Matthews, Regional Manager, Panda Security

EDR (Endpoint Detection & Response) is the new buzz word in endpoint security but what does it really mean? According to Gartner, most EDR tools are not capable of replacing endpoint protection platforms entirely so it's important to understand the relationship between EDR and traditional EPP solutions. How do you go about choosing the best technology for your business in a landscape where endpoint security has become so integral to your cybersecurity strategy? This presentation will help you answer these questions as well as look at some of the added benefits EDR can offer.

  • What is EDR? EDR vs EPP
  • Understanding the different technology approaches to EDR and how to choose the right one for your business
  • Examining the value of EDR Telemetry and the role of EDR when implementing a Security Information & Events Management (SIEM) solution
Is incident response broken? Why traditional incident response is not stopping cyber breaches

Jason Jordaan, principal forensic scientist and MD, DFIRLABSJason Jordaan, Principal Forensic Analyst, DFIR Labs

The news is filled with stories of massive data breaches and other cyber-attacks directed at organisations, in both the public and private sectors. When organisations discover that they have been attacked or are currently under attack, they often respond to the incident using a variety of incident response and digital forensic strategies, most often designed to try and stop the attack and prevent it happening again. However, despite the incident response process, many of the organisations attacked are rapidly reattacked and compromised again and again, often by the same threat actors. So, what is going wrong? Is there a problem with how we do incident response? The harsh reality is that traditional incident response is failing us, and we need to have an honest reflection of why it is failing.
Traditional incident response was developed in an era where the adversaries were not the same ones that we face now; the threat landscape was in many ways simpler and easier to address. The threats have changed and so too must our approach to incident response. Using data from some of the large incidents happening around the globe, Jason will explore the disjoint between what you need to do when responding to an incident versus how you actually respond to and deal with an incident. He will also examine the conflict between security and business operations when it comes to responding to an incident and highlight the real business risks of current incident response practices.

  • Understanding the purpose of incident response and how to be effective in responding to an incident
  • Identifying the actual risks to an organisation through current incident response practices
  • How to bring security and management together for effective incident response
  • Understanding the relationship between incident response and threat hunting
Afternoon refreshments and networking
Building a cost-effective cybersecurity Security Operations Centre for threat hunting and incident handling

Muyowa Mutemwa, Senior Cyber Security Specialist, CSIRMuyowa Mutemwa, Senior Cyber Security Specialist, CSIR

In order to secure an IT environment against cybercrimes, there is a need to setup a Security Operations Centre (SOC). SOCs are critical to all organisations when it comes to detecting, analysing and reporting on various malicious activities that could occur. Implementing and operating a SOC is an expensive exercise, therefore in order to realize the desired ROI, a fine balance must be realised between the people, processes and technologies involved. This presentation will explain an architectural design of a cost-effective SOC using open-source tools, the different threat hunting models, listing the SOC maturing levels, listing of the required personnel skills, defining processes and procedures, defining the incident lifecycle and threat intelligence tools. Finally, this presentation will examine two examples of incidents that could occur in a SOC and how responders would handle the incident from identification to reporting and learning

  • Building a SOC for SMEs on a low budget
  • Requirements for SOC staff: what are the minimum skills needed?
  • What technology should be used?
  • What processes need to be put in place for successful running of a SOC?
Creating a purple team
Threat Hunting: seek and you "might" find?

Andrew Lam, Head of Detections, SecureDataAndrew Lam, Head of Detections, SecureData

Threat hunting has become an item on many CISO's or CTO's wish list as part of their cybersecurity armoury alongside managed detections and response. Threat hunting, however, is relatively immature, with a heavy reliance on the skills of individuals and the very nature of the activity makes it difficult to quantify the success and productivity of these individuals. This makes it hard for businesses to justify the spend on the resource, or even asking existing members of their MDR, SOC or Security Analysts to pursue threat hunting.
Starting small with concentrated hunts and strong hypotheses will form a basis for any threat hunting activity. The metrics and outcomes may not always be apparent, but you will discover things about your network which could become issues in the future. We have taken the approach of looking at hunting activities which are straight forward, such as evaluating IP addresses scanning your network perimeter, anomalous user login activity and DNS requests analysis which provides great insights into an environment. These are clear and directed routine hunts which are achievable in a timely manner. We have now expanded to specific features mapping detections to kill chain phases and hunting in the gaps where we do not have current capability. This in turn builds better detections which are easier to quantify. We have also progressed into use of automation and "I'll say it once only, machine learning". The main point is that there are different levels, time requirements and skills which can be used to start threat hunting and this activity can be quantified and measured to convince the powers to be that this is a worthwhile activity.
This talk seeks to provide some practical steps into how one can start conducting threat hunting and to quantify tangible outcomes for threat hunting teams. We will take the example of how this was implemented within an MSSP and how threat hunting can be mapped to established frameworks to provide useful security insights in any IT environment.

Closing remarks from the Chair and End of Summit

Track Two - The latest threats and how to respond

This track looks at what methods threat actors are currently using and how best to mitigate these threats. Hear the latest on ransomware attacks, phishing, software and hardware supply chain compromises, industrial control system threats and more.

The latest developments in ransomware attacks and how to protect your business
Combating phishing: the latest trends and best practices
Afternoon refreshments and networking
Software and hardware supply chain compromises and how to deal with these

Tamara Mkula, Information Security Risk Manager, Telkom SATamara Mkula, Information Security Risk Manager, Telkom SA

Industrial control system threats and vulnerabilities
Do you have an Incident Response Plan ready?

South Africans have very little respect for a fire alarm and fire drills. Very few people know what to do when the fire alarm goes off. The same applies to when a business gets hacked. Some businesses don't even know that they have been compromised. Don't figure out what to do after you have been hacked. An Incident Response Plan should involve the whole business. Everyone including the executive team, Board, PR, sales and marketing must be well briefed. This presentation will address the following key questions:

  • What are the main components of a well-prepared incident response plan?
  • What does a comprehensive communications plan look like?
  • What is the impact on service levels and operations?
  • Understanding who is impacted in terms of customers and how to communicate with them
Closing remarks from the Chair and End of Summit

Track Three - Trends impacting security

This track will focus on the latest technology developments and the implications they have for information and cyber security. Some of the subjects covered include: AI, blockchain, cloud, IOT, containerisation, mobile devices, DevSecOps and much more.

Data security: how to ensure the protection of your data across complex legacy and modern IT systems

 Lizelle van der Klashorst, Head: iDnA Governance, Risk & Compliance, FNB

The use of data and information has become the lifeblood of any business, organisation and or large enterprise for business performance and competitive advantage. However, the pervasive availability and access to data, including very sensitive, privileged, contextualised information, has become a concern and definite area of focus for Boards and Executives alike. In addition, large organisations are faced with a mix of legacy and new systems with a high probability of duplication, including huge historical archives of data across the enterprise.
This reality poses significant risk and consequence from a regulatory compliance perspective and hefty fines, reputational impact, including business sustainability, as data can be misused for fraudulent and or malicious objectives. An integrated and holistic approach towards protecting data and data security must be formalised across business structures, products and services, people and culture, process, data/ information, technology and systems. Engagement, decision-making and governance structures are critical in ensuring that data protection strategy execution and operationalisation is achieved and data protection resilience maturity is optimised. This presentation will explore how to:

  • Simplify a complex problem using a structured, systems approach
  • Identify the core components required to drive a data protection programme
The security aspects of AI and machine learning
Afternoon refreshments and networking
Cyber analytics: how to use analytics to detect potential security risks
  • What is cyber analytics? How is data currently being used to protect/defend the organisation, rather than to react and contain?
  • Examining how to implement cross-competency analytics, i.e. bringing disparate sets of data together, to assist in developing your cyber security plan
  • Analysing examples of using analytics for situational awareness, driving security improvements and for facilitating a breach response
Security considerations and innovations in the Blockchain ecosystem

 Adele Jones, Lead Architect: Information Security and Blockchain, Nedbank

Blockchain technology has evolved significantly since the first genesis block was mined in the Bitcoin network in 2009. People have recognised that the underlying technology platform of the Bitcoin network offers disruption opportunities to a number of industries. The introduction of smart contracts in the Ethereum network opened up yet another host of business opportunities. As with any new and cutting-edge technology, security considerations are still being discovered and developed. In this presentation Adele will explore:

  • The different security considerations that solutions need to address in the blockchain ecosystem
  • How privacy concerns are being addressed with some new developments in the blockchain ecosystem
  • The identity management evolution that is happening on blockchain platforms
  • Smart contract security best practice
DevSecOps: how to implement security into the different stages of the software development lifecycle
Closing remarks from the Chair and End of Summit

Event Sponsor

Diamond Sponsor

Platinum Sponsor

Security Survey Sponsor

Bronze Sponsor

Silver Sponsor

Display Sponsors

Sponsor

 

pDBException: [1]: Database not defined