Agenda day 1
Tuesday, 25 August 2020, Sandton Convention Centre

Plenary Session

Arrival and registration

Opening remarks from the chairperson

Michael Avery , Michael Avery, Anchor, Classic Business FM

Assessing the cyber threat landscape: What are the latest threats and how can we mitigate the risks?

Charl van der Walt , Charl van der Walt, chief strategy officer, SensePost (part of Orange Cyberdefense)

Keynote Lessons from failure: How cyber security professionals can learn from analytics mistakes in other fields

George Beebe , George Beebe, vice president and director of studies, Center for National Interest (USA)

One of the most difficult challenges that cyber security professionals face is to anticipate and counter attacks by adversaries. The implications of failure are often enormous. But the odds against success are stacked by the inherent uncertainties in any complex system, the unpredictability of human behaviour and the cognitive biases to which all analysts are prone, regardless of their area of expertise. Nonetheless, there is good news: cyber specialists can learn lessons from past failures that increase their odds of success. In this eye-opening interactive talk, former CIA senior executive George Beebe explains how to apply these lessons in practical ways:

  • The process of becoming an expert in a field also makes experts less able to anticipate disruptions to the normal course of events.
  • To reduce the risk of surprise, cyber security professionals should learn lessons from mistakes made by experts in other fields.

These lessons include:

  • Seeking alternative explanations for emerging developments;
  • Looking to refute rather than support plausible analytic hypotheses; and
  • Attempting to see things through the eyes of potential adversaries.

Reserved for lead sponsor

Morning refreshments and exhibition visit

Keynote Africa, the Internet and cyber security

Dr Kenneth Geers , Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique)

Africa is a massive continent that encompasses more than 50 countries, 1 billion people and 30 million square kilometres. This presentation examines how the Internet has changed African geopolitics, from domestic elections to international relations, and considers the impact of cyber space on African crime, human rights, revolution and war. Geers will examine key technological and socioeconomic indicators to see how African nations (individually and collectively) compare with the rest of the world. There will be a special focus on Africa’s unique characteristics, challenges and contributions – to the Internet, cyber space and cyber security.

Best practice in threat intelligence collaboration and sharing

Jason Jordaan , Jason Jordaan, principal forensic analyst, DFIR Labs

When one looks at critical attacks in the physical world, such as the Japanese attack on Pearl Harbour in World War II, or the 9/11 attacks against the World Trade Centre and the Pentagon, intelligence failures were identified that could have mitigated the impact of the attacks, if not stopping them altogether. We see the same thing happening in the cyber world, where intelligence efforts are fragmented, not only within government, but also in the private sector. If you look at the South African situation, our cyber threat intelligence environment is segmented and fractured, and there is significant distrust. We are not alone in this. So how do we try and improve the situation? How do we improve our ability to share threat intelligence to protect us all, and to collaborate on common threats? This presentation will explore some of the mechanisms and frameworks currently in operation around the globe aimed at improving our ability to share cyber threat intelligence that is meaningful, as well as how we can better collaborate against a common enemy, the cyber threat actors:

  • Identifying the common problems in threat intelligence collaboration and sharing.
  • What do we actually mean by threat intelligence?
  • Uniting against a common threat.
  • Building networks of trust.
  • Intelligence frameworks and platforms. 

Panel Discussion What is needed to encourage more local collaboration in threat intelligence?

Craig Rosewarne , Craig Rosewarne, managing director, Wolfpack Information Risk
Jason Jordaan, principal forensic analyst, DFIR Labs

Keynote Security as a business enabler: making the business case for security

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)

The hardest thing a Chief Information Security Officer ever has to do is to convince the business that security is there to be both an enabler and to protect the organisation, its employees and products using the right tools, education and collaboration. Collaboration and cooperation are essential, as is forming a strong relationship with colleagues from across the business, the Board and the Risk and Assurance Committee to ensure that security is seen as an enabler to the market context that the business operates in. This often includes educating those at the highest level within the organisation using diplomacy and understanding. In this presentation, you will be introduced to the business model for Information Security as well as hearing about practical, pragmatic approaches to positioning security as an enabler in a range of industry settings from healthcare to heavy manufacturing and high-end tourism. 

Lunch and exhibition visit

Track One: Strategy and user awareness

This track takes a strategic look at how to raise awareness of cyber security throughout your business and encourage a culture shift whereby all employees take responsibility for security. Incident response at a strategic level and the changing role of security professionals will also be discussed.

Welcome by Track Chair

Craig Rosewarne , Craig Rosewarne, managing director, Wolfpack Information Risk

Case Study Increasing user awareness and developing an ongoing user training programme

Celia Mantshiyane , Celia Mantshiyane, CISO, Coca-Cola Beverages Africa

Panel Discussion How do you create a culture shift towards embracing security in your organisation?

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)
Robin Barnwell, head: security strategy, Standard Bank
Celia Mantshiyane, CISO, Coca-Cola Beverages Africa
Patrick Ryan, managing director, Mobius Consulting
Blaise Ntwali, information security analyst, Capitec Bank

Afternoon refreshments and exhibition visit

Case Study Cybersecurity incident response – development, adoption, simulation

Angela Henry , Angela Henry, business information security officer, RMB
Raymond du Plessis, senior managing consultant, Mobius Consulting

Angela Henry and Raymond du Plessis will talk about developing an effective incident management process. Worldwide cyber attacks are exponentially on the rise and many organisations are not ready to respond to an attack. Henry and Du Plessis will explain the steps to follow to improve an organisation’s readiness to respond to a major cyber security incident. The talk will focus on the fact that a cyber security incident is not only an information security issue, but an organisation-wide issue that requires the involvement of various business functions across the organisation to effectively deal with it. The talk will also include tips on developing and adopting a practical process that is applicable to your organisation, and lessons learnt from running simulation exercises.

The ongoing transformation of security’s role in the workplace: how will the role of security professionals change in the future?

Steve Jump , Steve Jump, head: Corporate Information Security Governance, Telkom

Closing remarks from the Chair and official networking cocktail function

Track Two: GRC, Privacy and Regulation

This track will provide an update on data privacy and the legislation designed to enforce it, both local and global. It also examines how to integrate cyber risk into your information risk strategy. 

Welcome by Track Chair

Update on data privacy legislation in SA: When will PoPIA come into effect?

Adv. Pansy Tlakula , Adv. Pansy Tlakula, Chairperson, Information Regulator of South Africa

  • What is the latest status of POPIA? When is it expected to become fully operational?
  • What are the challenges of implementing POPIA and how are they being overcome?
  • How will POPIA be enforced once it comes into effect?
  • What can organisations do now to start aligning their business and governance processes with the Act?

Comparing the pros and cons of data protection and privacy legislation and the need for a global response

Susi du Preez , Susi du Preez, InfoSec engineer, Impact IT & Risk Services

Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information of individuals, which can be collected by governments, public or private organisations, or other individuals. This presentation will explore why a global effort is important to make our privacy and data safe and why a silo approach is not the answer internationally. Susi will explain what the major countries have in place regarding privacy acts (e.g. GDPR, POPIA) and how they compare. She will also discuss the African continent and how we as a global community can make our privacy and data safe again.

  • Why a privacy act?
  • Why a global effort?
  • How do privacy acts compare with each other internationally?
  • Where are African countries with privacy acts?
  • Revealing a comparison study between privacy acts, which highlights the strictest act yet (released in January 2020)

Afternoon refreshments and exhibition visit

Reimagining your threat landscape in order to provide a business relevant view on your information risks

Emmerentia du Plooy , Emmerentia du Plooy, head of Information Risk Governance, Standard Bank

So often our threat landscapes are informed by the best threat intelligence we can put our hands on, or how wide our research took us. They tend to focus on threat events and threat actors and becomes a discussion topic when we want to scare our audience. Let's face it, ransomware sounds scary no matter how you look at it. But what if we are so busy analysing our threat landscape that we miss what is right in front of us? The aim of this presentation is to offer you an alternative perspective. One that starts by acknowledging what information we have in our organization because without it we cannot determine how to protect it:

  • Reimagining a list of threats facing our organisations and putting our information at risk
  • How these threats can influence or shift your risk management approach and ultimately improve your resilience

Data privacy and ethics

Yvette du Toit , Yvette du Toit, associate director, PwC

Closing remarks from the Chair and official networking cocktail function

Welcome by Track Chair

Winston Hayden , Winston Hayden, independent management consultant and advisor

Pushing the SOC left for the love of AppSec and the sake of containers

O'Shea Bowens , founder and CEOO'Shea Bowens, founder and CEO

As a defender we've seen the landscape change over the last few years. A shift to cloud, better endpoint detection capabilities and overall acceptance of leveraging threat intelligence. All these items are advantages for SOC personnel, but how are we incorporating application security? How the heck are we securing our containers? The idea of "shifting left" is based upon secure SDLC, but how do we build detection, response and monitoring of applications and containers into the SOC? The normal gambit of next-generation firewalls and antivirus products aren't applicable as applications differ from build to build. This presentation will focus on building out capabilities to help defenders identify vulnerable containers, attacks against the application, detection mechanisms and how to leverage this information for triage.

  • Understanding how to build secure containers
  • Identifying layer 7 non-traditional attacks against your application
  • Identifying attacker movement inside your container
  • Learn tactics and techniques to aid your SOC approach to ‘shifting left’

Cloud security and Cloud Access Security Brokers (CASB)

Afternoon refreshments and exhibition visit

Integrating Cloud security and Identity Governance & Administration (IGA)

DevSecOps: how to implement security into the different stages of the software development lifecycle

Closing remarks from the Chair and official networking cocktail function

Gold Sponsor

Silver Sponsors

Bronze Sponsors

Display Sponsors