WorkshopThursday 30 May 2019 - Sandton Convention Centre

From the Boardroom to the War Room – managing a successful business-aligned cybersecurity programme

Cisco Threat Response Clinic: Leveraging the network for end-to-end security

Find what lurks inside – a quick and dirty dive into event log analysis

Hacker Highschool

Workshop 1 - From the Boardroom to the War Room – managing a successful business-aligned cybersecurity programme

Craig Rosewarne, Managing director, Wolfpack Information Risk

Craig Rosewarne, managing director, Wolfpack Information Risk

The probability and impact of cyber-attacks was rated as the top man-influenced risk facing countries and organisations in the recent 2018 World Economic Forum Global Risks Landscape report. If cybersecurity has become a top risk facing organisations then why does it not receive the appropriate level of support from senior management, IT and users of a company? Based on the experience gleaned from overseeing 45+ cybersecurity projects and engagements with senior management teams, Craig believes a number of common themes stand out:

  • Senior management's business priorities, concerns and projects are rarely incorporated into the organisation's security strategy and programme
  • Proper buy-in and engagement from other support functions such as IT, HR, Marketing and Facilities Management are not incorporated
  • Awareness campaigns lack the impact and momentum to ensure that users REALLY understand the risks and take an active part in protecting the organisation
  • Incident response teams are not properly equipped or trained to effectively deal with incidents

If you are involved in Security, IT, Risk, Audit or executive management and want a better understanding of the complex and exciting world of cybersecurity then this workshop is for you. Craig will share valuable lessons learnt working with companies of all sizes across different sectors. This is a pragmatic and engaging workshop that offers real-world tried and tested insights, demonstrations and case studies - twist his arm and he may even share valuable tools or methodologies.

Registration will begin at 08:00. The workshop will run from 08:30 – 13.00 with appropriate intervals for refreshments. Lunch will be served afterwards.

Workshop 2 - Cisco Threat Response Clinic: Leveraging the network for end-to-end security

Greg Griessel, consulting systems engineer & Paul Beyleveld, consulting systems engineer, Cisco

In the real world, it's no longer a matter of if an attacker will get in, but when. Security professionals need to evolve their strategy from a point-in-time approach to pervasive protection across the full attack continuum – before, during and after an attack. Network professionals need to understand how their network infrastructure can be used as a sensor and enforcer to help improve network security and prevent data breaches.
In this workshop, security and network professionals will experience a day in the life of a malware attack and how to respond to it. It will also cover steps you can take before a breach to minimise attacks. In this session, you will:

  • Explore Cisco's threat-centric approach to security that provides unmatched visibility, consistent control, and advanced threat protection;
  • Experience live policy and attack responses that illustrate solutions to real-world problems; and
  • View a live demonstration on Cisco Firepower Threat Defence, Cisco Advanced Malware Prevention and StealthWatch tools that enable you to identify, diagnose and respond to threats quickly and accurately.

Who should attend:

The Cisco Cyber Threat Response (CTR) Clinic is designed for the average engineer. This course is primarily targeted to engineers, analysts and managers of security operations and network infrastructure. Customers with a basic understanding of networking will be able to follow the workshop.

Registration and refreshments
Welcome and introduction
Scenario 1: – overview
Scenario 2: Target Reconnaissance: gathering information about vulnerabilities for a future attack
Scenario 3: Smash and Grab: attacking your public network services through the front door
Scenario 4: The Ransomware Scenario
Morning refreshments and networking
Scenario 5: Insider Threats: moving within to obtain and export your data
Scenario 6: Compromised Hosts: controlling access and monitoring for malicious threats
Scenario 7: Cyber threat response challenge
Conclusions & Q&A
Close of workshop and lunch

Workshop 3 - Find what lurks inside – a quick and dirty dive into event log analysis

Jason Jordaan, Principal Forensic Analyst & Veronica Schmitt, Lead Forensic Analyst DFIR Labs

Once an incident has taken place in your organisation, it is important to respond to it and hunt for clues as to what happened within your environment. The importance of understanding how the adversary has moved around within your environment is of vital importance. For every action in an environment there is an equal but opposite reaction. This means that every step taken by a malicious process or adversary is leaves behind a footprint in the form of logs within the event logs of an operating system.

Knowing these logs exist allows for the hunting of the unexpected or the abnormal within them. Understanding what is normal for your network allows you to solve the puzzle of what does not belong. In this half day workshop, emphasis will be placed on the examination of system-generated logs, the process of tracking events, reviewing of security event logs and the use of additional open source logging which can be added to your environment. This enhanced logging will enable you to significantly enhance your visibility of illicit or malicious movement in your environment.

We will also deep-dive into the examination of additional file system artifacts which enhance your event log analysis for incident response. These include (but are not limited to) the examination and recovery of registry and event logs files if they have been deleted. Log analysis is a very important part of forensics and incident response. Whilst conducting an Incident Response exercise it is important to understand which logs are relevant to the incident that has taken place and to not examine everything. The success of any examination depends on being precise, concise and knowing where the evidence will be located. This workshop is given at both a high level and a technical one, with a good balance between theory and practice. This is a workshop like no other and will be fast paced and feel quite similar to drinking from a proverbial fire hydrant!

By attending this workshop you will gain:

  • An understanding of the format of event logs and the examination of them
  • An understanding of incidents and their events triggered
  • The ability to set up of event log recordings to ensure that all needed logs are collected within your environment
  • Understanding the collection of event logs for analysis and the preservation of these logs
  • Understanding the examination of event ids associated with specific types of incidents.
  • The ability to build your capacity to examine event logs and the underlying support system needed

N.B. you will need to bring with you a laptop with the Windows 10 operating system and have a basic understanding of the Windows environment.

Who should attend?

  • Security professionals wanting to learn more about incident response
  • Red team members wanting to learn what their actions on a system leave behind
  • Blue team members wanting to learn how to identify what has taken place using event logs
  • Incident response and forensic professionals wanting to catch up on the latest identification techniques using a new approach
  • CISOs /security management staff hoping to understand incident response and how it can be used in their organisation
Lunch and registration
Session One: Lab setup to examine event logs
Session Two: Introduction to event log management
Session Three: Examination of event log types and structure
Session Four: Remote Access scenarios and associated events
Session Five: Remote Execution scenarios and associated events
Afternoon refreshments and networking
Session Six: Unauthorised access and events associated with logon
Session Seven: Failure and critical service error reports
Session Eight: Bringing it all together and closure
Session Nine: Practical team challenge: 'solve the incident'
Close of workshop

Workshop 4 - Hacker Highschool

Pete Herzog, Managing Director, The Institute for Security and Open Methodologies (ISECOM) (USA)

Pete Herzog, Managing Director, The Institute for Security and Open Methodologies (ISECOM) (USA)

Hacker Highschool (HHS) is a project that creates a series of textbooks written to the teen audience and covering specific cybersafety and cybersecurity subjects that are timely, interesting and important for teens. The nonprofit ISECOM researches and produces the Hacker Highschool Project as a series of lesson workbooks written and translated by the combined efforts of volunteers worldwide. The result of this research are books based on how teens learn best and what they need to know to be better hackers, better students and better people.

Today's teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the main reason for Hacker Highschool. This workshop is aimed primarily at parents, teachers and anyone else who has an interest in understanding how to explain cybersecurity to teenagers.

Each HHS lesson is designed as self-contained learning, no teaching required. Why? Because hacking is about discovery and that needs to be learned, not taught. The lessons are all technically correct, promote good moral behavior, resourcefulness, technical know-how and empathy. Teachers can proctor and guide the students in their learning through traditional means of quizzes and tests or through project collaboration and "gradeless" learning.

Arrival and registration
Session One: Why Teach Hacking
Session Two: Setting up HHS in your School for parents, teachers and hackers
Refreshments and Networking
Session Three: How to teach HHS
Session Four: Decoding the technical parts of the HHS lessons
Close of workshop; lunch and networking

Event Sponsor

Diamond Sponsor

Platinum Sponsor

Security Survey & Executive Roundtable Sponsor

Gold Sponsor

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor



pDBException: [1]: Database not defined