VIRTUAL Agenda day 1
Tuesday, 25 August 2020

Plenary Session

Opening remarks from the chairperson

Michael Avery , Michael Avery, Anchor, Classic Business FM

Keynote The impact of Covid 19 on cybersecurity

Charl van der Walt , Charl van der Walt, head of security research, Orange Cyberdefense

  • How has the threat landscape changed since the crisis started? What type of threats are on the increase?
  • How have organisations responded? What new response measures have been implemented? What lessons have been learned?
  • To what extent are organisations’ remote working infrastructures and endpoints protected? What risks do companies need to be aware of?
  • How have companies educated their remote workers/implemented awareness campaigns?
  • What lessons about cybersecurity can be learned from the virus itself?

Keynote Security as a business enabler: Making the business case for security

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)

The hardest thing a chief information security officer ever has to do is to convince the business that security is there to be both an enabler and to protect the organisation, its employees and products using the right tools, education and collaboration. Collaboration and co-operation are essential, as is forming a strong relationship with colleagues from across the business, the board and the risk and assurance committee to ensure security is seen as an enabler to the market context in which the business operates. This often includes educating those at the highest level within the organisation using diplomacy and understanding. In this presentation, you will be introduced to the business model for information security, as well as hearing about practical, pragmatic approaches to positioning security as an enabler in a range of industry settings, from healthcare to heavy manufacturing and high-end tourism.

Break and exhibition visit

Keynote Stopping ‘living off the land’ attackers in their tracks

Roland Daccache , Roland Daccache, team leader – sales engineering META, Crowdstrike

According to the latest CrowdStrike threat report, more than 50% of modern attacks are file-less and leverage existing tools and legitimate software on the endpoint to easily fly under the radar of the traditional security stack, such as the anti-virus, the firewall or the sandbox. With threat actors getting increasingly potent and sophisticated, Daccache will cover the kill chain of the modern cyber attack, and how to stop it in its tracks at each stage of the life cycle. Join the session to learn more about modernising your defence arsenal and properly leveraging endpoint detection and response technology so you stack the deck in your favour against your cyber adversaries.

Keynote Alliance power for cybersecurity

Dr Kenneth Geers , Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique)

Cybersecurity, like global warming or the coronavirus pandemic, is an international problem that requires an international solution. In the global domain of cyberspace, individual nations are surprisingly limited in what they can do to defend against digital crime, espionage, terror and war. Technical expertise and professionalism are required, but strategic cybersecurity demands collaboration with allies. Today, the European Union (EU) and North Atlantic Treaty Organization (NATO) leverage the combined power of dozens of governments and hundreds of first-class network security, law enforcement, and intelligence agencies to share information, conduct investigations and publish attack attribution. Together, they build trust and isolate adversaries. Authoritarian regimes offer short-term help on cybersecurity that neglects economic development, democracy, the rule of law and human rights. The only credible cyber superpower is an international alliance whose military capacity is surpassed by that of its political, economic and social domains.

Keynote Lessons from failure: How cyber security professionals can learn from analytic mistakes in other fields

George Beebe , George Beebe, vice president and director of studies, Center for National Interest (USA)

One of the most difficult challenges that cyber security professionals face is to anticipate and counter attacks by adversaries. The implications of failure are often enormous. But the odds against success are stacked by the inherent uncertainties in any complex system, the unpredictability of human behaviour, and the cognitive biases to which all analysts are prone, regardless of their area of expertise. Nonetheless, there is good news: Cyber specialists can learn lessons from past failures that increase their odds of success. In this eye-opening interactive talk, former CIA senior executive George Beebe shows how to apply those lessons in practical ways:

  • The process of becoming an expert in a field also makes experts less able to anticipate disruptions to the normal course of events.
  • To reduce their risks of surprise, cyber security professionals should learn lessons from mistakes made by experts in other fields.
  • These lessons include:
  •  Seeking alternative explanations for emerging developments;
  • Looking to disconfirm rather than to support plausible analytic hypotheses; and

Attempting to see things through the eyes of potential adversaries.

Break and exhibition visit

Track One: Strategy and user awareness

This track takes a strategic look at how to raise awareness of cyber security throughout your business and encourage a culture shift whereby all employees take responsibility for security. Incident response at a strategic level and the changing role of security professionals will also be discussed.

Welcome by Track Chair

Craig Rosewarne , Craig Rosewarne, managing director, Wolfpack Information Risk

Case Study A board conversation on cyber security risk management

Itumeleng Makgati , Itumeleng Makgati, CISO, SASOL

For years, cyber security was an issue that boards of directors took for granted; we are in a different position today, as it has become a business problem of the highest level, featuring frequently on the board’s agenda. Communications between the board and CISO have taken on added importance. Cyber security is no longer a matter of spending on defence for IT. It has become clear that the stakes are even higher than that: cyber security is the bedrock of tomorrow’s digital business. Whether you are “low, medium or high” on compliance scores does not tell you and the board enough about the risk to the business. In this presentation, Itumeleng Makgati will discuss how the CISO can help the board and management team “get on the same side of the table” when it comes to cyber security.

Panel Discussion How do you create a culture shift towards embracing security in your organisation?

Prof Elmarie Biermann , Prof Elmarie Biermann, director, Cyber Security Institute
Robin Barnwell, head: security strategy, Standard Bank
Blaise Ntwali, information security analyst, Capitec Bank
Patrick Ryan, managing director, Mobius Consulting

Break and exhibition visit

Carpe diem – Seizing the security advantage! How to benefit from the ongoing transformation of security’s role in the workplace

Steve Jump , Steve Jump, founder & director, Custodiet Advisory Services

f you overhear someone talking about how they plan to address digitisation in their business, or they show you their plan for when 4IR happens, don’t laugh until you have thought about your own plans. The reality today is that if your business is not online, it is in trouble. If your customers cannot buy from you 24x7, they are already buying from your competitors.

The old way of thinking was to build your IT to support your business needs. The same applied to Web sites and databases to collect and mine your customers’ data. In this old world, security was often (always?) an afterthought, and probably included adding a password. But in today’s business environment, if you do plan on staying in business long enough to see what tomorrow actually looks like, you will have considered how the role of information security has made your business more agile, helped you prevent cyber-related outages and kept fraudsters away from both your own data, and from your customers’ data.

You haven’t? Then you really need to hear this. Security is not an add-on, it is a foundation for safe business, ensuring your new ideas can be published and accessed instantly, without concern; ensuring your customers can not only see that you are trustworthy, but you can prove it; making sure that your data stays your data, that your products stay yours until sold, and that your customer data remains just that – the data of your customers. And here is the part that your competitors do not want you to hear – the way you invest in security influences every other aspect of any technology you use, and it makes it better and cheaper to run.

Cybersecurity incident response – development, adoption, simulation

Angela Henry , Angela Henry, business information security officer, RMB
Raymond du Plessis, senior managing consultant, Mobius Consulting

In this talk Angela Henry and Raymond du Plessis will present on developing an effective incident management process. Worldwide cyberattacks are exponentially on the rise and many organisations are not ready to respond to an attack. Angela and Raymond will present on the steps you can follow to improve your organisations readiness to respond to a major cybersecurity incident. The talk will focus on the fact that a cybersecurity incident is not only an Information Security issue, it is an organisational-wide issue that requires the involvement of various business functions across the organisation to effectively deal with a cybersecurity incident. The talk will also include tips on developing and adopting a practical process that is applicable to your organisation, and lessons learnt from running simulation exercises.

Closing remarks from the chair and close of conference Day One

Track Two: GRC, Privacy and Regulation

This track will provide an update on data privacy and the legislation designed to enforce it, both local and global. It also examines how to integrate cyber risk into your information risk strategy. 

Welcome from the Track chair

Carolynn Chalmers , Carolynn Chalmers, director, Candor Governance; non-executive director, IITPSA

Update on data privacy legislation in SA: When will PoPIA come into effect?

Adv. Pansy Tlakula , Adv. Pansy Tlakula, Chairperson, Information Regulator of South Africa

  • What is the latest status of POPIA? When is it expected to become fully operational?
  • What are the challenges of implementing POPIA and how are they being overcome?
  • How will POPIA be enforced once it comes into effect?
  • What can organisations do now to start aligning their business and governance processes with the Act?

Comparing the pros and cons of data protection and privacy legislation and the need for a global response

Susi du Preez , Susi du Preez, InfoSec engineer, Impact IT & Risk Services

Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information of individuals, which can be collected by governments, public or private organisations, or other individuals. This presentation will explore why a global effort is important to make our privacy and data safe and why a silo approach is not the answer internationally. Susi will explain what the major countries have in place regarding privacy acts (e.g. GDPR, POPIA) and how they compare. She will also discuss the African continent and how we as a global community can make our privacy and data safe again.

  • Why a privacy act?
  • Why a global effort?
  • How do privacy acts compare with each other internationally?
  • Where are African countries with privacy acts?
  • Revealing a comparison study between privacy acts, which highlights the strictest act yet (released in January 2020)

Break and exhibition visit

Reimagining your threat landscape in order to provide a business relevant view on your information risks

Emmerentia du Plooy , Emmerentia du Plooy, head of Information Risk Governance, Standard Bank

So often our threat landscapes are informed by the best threat intelligence we can put our hands on, or how wide our research took us. They tend to focus on threat events and threat actors and becomes a discussion topic when we want to scare our audience. Let's face it, ransomware sounds scary no matter how you look at it. But what if we are so busy analysing our threat landscape that we miss what is right in front of us? The aim of this presentation is to offer you an alternative perspective. One that starts by acknowledging what information we have in our organization because without it we cannot determine how to protect it:

  • Reimagining a list of threats facing our organisations and putting our information at risk
  • How these threats can influence or shift your risk management approach and ultimately improve your resilience

Data privacy and ethics

Yvette du Toit , Yvette du Toit, associate director, PwC

Closing remarks from the chair and close of Day One

Track Three: Breakout sessions

Welcome from the Track chair

Adam Oxford , Adam Oxford, Journalist and Media Consultant

Adapting effective cyber security strategies in today’s age of radical digital transformation

Yassin Watlal , Yassin Watlal, system engineering manager, CrowdStrike

As organisations pivot to the cloud, and remote work moves from a novelty to the new reality, digital transformation is occurring more rapidly than ever. This presentation will focus on how to remain nimble and secure in this era of continuous change. In this session, we will address these crucial topics:

  • What is digital transformation and what is its effect on cyber security in organisations?
  • Why is it critical for organisations of all sizes to have a cyber security strategy that adapts rapidly?
  • What strategy, products and services can help reduce the risk of a breach as companies pivot to the cloud and embrace remote work?
  • What trends and challenges are on the horizon that will drive the next wave of change?

Make your SOC work smarter, not harder

Dimitris Vergos , Dimitris Vergos, sales engineering director for emerging markets, Splunk

The volume and complexities of today’s security incidents can tax even the largest security teams. This leaves big gaps in incident detection and response workflows that can put organisations at great risk. Your team can’t scale to manually catch and address every incident, so which ones should you focus on and which ones should you ignore? You shouldn’t be forced to make a choice. In this session, find out how to deliver security analytics, machine learning and automation capabilities to increase the efficiency of security teams and reduce the enterprise’s exposure to risk. Learn how to achieve big results from intelligently streamlined incident detection and response workflows—accelerating your actions, scaling your resources and optimizing your security operations.

Break and exhibition visit

Phase III: Advanced persistent threats and returning to the office

Sam Curry , Sam Curry, chief security officer, Cybereason

Virtually private networks (are they virtually good enough?)

Charl van der Walt , Charl van der Walt, head of security research, Orange Cyberdefense
Wicus Ross, senior security researcher, Orange Cyberdefense

Enterprise businesses equip staff with mobile devices such as laptops and smartphones to perform daily tasks. This makes the workforce much more mobile but places an implicit burden on the staff to ensure they are always online. Security is handled by the underlying operating system and supporting solutions, for example, a virtual private network (VPN). Commercial VPN technology has been around since at least 1996 when Microsoft created the Peer to Peer Tunnelling Protocol (PPTP). OpenVPN and similar open source VPN technologies have advanced this tech from highly specialised to near commodity.

However, enterprise VPN solutions can be complicated and nuanced. One case involves remote workers that connect to complimentary Internet hotspots typically offered by coffee shops, airports, hotels, etc. Hotspots are WiFi access points that offer free Internet bandwidth. Most hotspots today feature a captive portal that require either a password, voucher code, or some form of consent that involves agreeing to terms of use. A robust VPN implementation should not allow a user to interact with a network resource that bypasses the VPN tunnel. What then happens in the time between connecting to the WiFi hotspot and activating the VPN? How vulnerable is the user during this time? Surely the WiFi hotspot securely isolates guests and surely the local firewall on the laptop will protect the user from any attacker, but does this assumption hold even if the hotspot is fully under the control of an attacker?

In this presentation, we will reveal research we conducted into the efficacy of modern commercial and open source VPN solutions in the face of modern mobile worker use cases, typical endpoint technologies and contemporary threat models. In short: VPNs – are they enough?

Closing remarks from the chair and close of Day One

Demo Lab

Crowdstrike Demo Lab

Roland Daccache , Roland Daccache, team leader – sales engineering META, Crowdstrike

Axiz & Citrix Demo Lab

Microsoft Demo Lab


Strengthen your cyber security posture with Log360 UEBA (user and entity behaviour analytics)

Harish Sekar , Harish Sekar, global speaker and business development manager, ManageEngine/Zoho Corporation

Log360 uses machine learning to detect behaviour anomalies, strengthening your defences against insider threats and data breaches and meeting POPIA compliance.
Nclose Demo Lab

Demo Lab

Close of Day One

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsor

Display Sponsors

Endorsed by