VIRTUAL Agenda day 2
Wednesday, 26 August 2020

Plenary Session

Opening address from the Chair

Michael Avery , Michael Avery, Anchor, Classic Business FM

Keynote International keynote address: How to fix the humans: Cyber security and human factors

Suelette Dreyfus , Suelette Dreyfus, academic specialist, School of Computing and Information Systems, University of Melbourne (Australia)

You’ve built the biggest, strongest cyber security wall ever. Then your organisation’s staff unlocks the front door to welcome in the intruders. AI is touted as the magic fix for solving the weakness of human factors in the cyber security chain. But the technology is seen as immature relative to need and is perceived as taking more time and budget to implement than is worth the pay-off. Most of all, there is no ‘press a button and problem’s solved’ solution here – there is no replacement for human IT managers understanding what such systems recommend and why. Trust and transparency in AI platforms handling cyber security are essential – but will vendors provide this?

This keynote will look at what the international academic research finds about human factors in cyber security. What are they and what approaches can be used to address them? This isn’t just about understanding human behaviour, it’s also about how organisations can make their security responses fit with the humans, instead of demanding the humans fit security programmes and protocols. Some IT security experts recommend punitive measures against employees who repeatedly don’t attend to cyber security – but is it realistic to punish the busy C-suite exec? Are there better ways to win security for your organisation?

Keynote News from the kingdom and tales from the colonies

Uri Rivner , Uri Rivner, chief cyber officer & co-founder, BioCatch (Israel)

Major attacks have rocked the online shores of the UK and US! In the UK, a tsunami of social engineering scams is encouraging thousands of victims to move their entire account's worth to criminal hands. Meanwhile, the US is fighting two tidal waves: a steep increase in account opening fraud due to identity data hacks and synthetic ID scams, and massive campaigns targeting its new real-time P2P money transfer scheme. Can these new threats be stopped? In this uniquely interactive keynote, Uri will ask the audience’s help by going through a series of real-world cases and ask delegates to make a difficult call: is this is a fraudster or a genuine user?

Break and exhibition visit

Best practice in threat intelligence collaboration and sharing

Jason Jordaan , Jason Jordaan, principal forensic analyst, DFIR Labs

When one looks at critical attacks in the physical world, such as the Japanese attack on Pearl Harbour in World War II, or the 9/11 attacks against the World Trade Centre and the Pentagon, intelligence failures were identified that could have mitigated the impact of the attacks, if not stopping them altogether. We see the same thing happening in the cyber world, where intelligence efforts are fragmented, not only within government, but also in the private sector. If you look at the South African situation, our cyber threat intelligence environment is segmented and fractured, and there is significant distrust. We are not alone in this. So how do we try and improve the situation? How do we improve our ability to share threat intelligence to protect us all, and to collaborate on common threats? This presentation will explore some of the mechanisms and frameworks currently in operation around the globe aimed at improving our ability to share cyber threat intelligence that is meaningful, as well as how we can better collaborate against a common enemy, the cyber threat actors:

  • Identifying the common problems in threat intelligence collaboration and sharing
  • What do we actually mean by threat intelligence?
  • Uniting against a common threat
  • Building networks of trust
  • Intelligence frameworks and platforms

Panel Discussion What is needed to encourage more local collaboration in threat intelligence?

Craig Rosewarne , Craig Rosewarne, managing director, Wolfpack Information Risk
Susan Potgieter, head: Strategic Services and acting CEO, SABRIC
Kiru Pillay, chief director: Cybersecurity Operations, Department of Communications and Digital Technologies
Adv Paul Louw, senior deputy director public prosecutions, National Prosecuting Authority of South Africa
Jason Jordaan, principal forensic analyst, DFIR Labs

Keynote Alliance power for cyber security

Dr Kenneth Geers , Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique)

Cyber security, like global warming or the coronavirus pandemic, is an international problem that requires an international solution. In the global domain of cyber space, individual nations are surprisingly limited in what they can do to defend against digital crime, espionage, terror and war. Technical expertise and professionalism are required, but strategic cyber security demands collaboration with allies. Today, the European Union (EU) and North Atlantic Treaty Organisation (NATO) leverage the combined power of dozens of governments and hundreds of first-class network security, law enforcement and intelligence agencies to share information, conduct investigations and publish attack attribution. Together, they build trust and isolate adversaries. Authoritarian regimes offer short-term help on cyber security that neglects economic development, democracy, the rule of law and human rights. The only credible cyber superpower is an international alliance whose military capacity is surpassed by that of its political, economic and social domains.

Break and exhibition visit

Welcome by Track Chair

Winston Hayden , Winston Hayden, independent management consultant and advisor

Pushing the SOC left for the love of AppSec and the sake of containers

O'Shea Bowens , founder and CEOO'Shea Bowens, founder and CEO

As a defender, we've seen the landscape change over the past few years. A shift to cloud, better endpoint detection capabilities and overall acceptance of leveraging threat intelligence. All these items are advantages for SOC personnel, but how are we incorporating application security? How the heck are we securing our containers? The idea of "shifting left" is based on secure SDLC, but how do we build detection, response and monitoring of applications and containers into the SOC? The normal gambit of next-generation firewalls and anti-virus products aren't applicable as applications differ from build to build. This presentation will focus on building out capabilities to help defenders identify vulnerable containers, attacks against the application, detection mechanisms and how to leverage this information for triage.

  • Understanding how to build secure containers.
  • Identifying layer 7 non-traditional attacks against your application.
  • Identifying attacker movement inside your container.
  • Learn tactics and techniques to aid your SOC approach to ‘shifting left’.

Case Study BDO South Africa’s journey to EDR, advanced endpoint security and machine visibility

Nico Fourie , Nico Fourie, national ICT director, BDO South Africa
Matthew Stevens, CTO, Panda Security Africa

Ensuring your organisation can stand up to inevitable and increasingly sophisticated cyber attacks is critical. By changing perspective and focusing on a proactive approach, based on 360-degree visibility, BDO South Africa has been able to build a robust security strategy, supported by advanced technology. The presenters will discuss what led BDO to re-evaluate their cyber security stance and the challenges they faced. They will delve into the technical detail behind the advanced EDR, telemetry dashboards and patch management technology BDO has implemented and discuss its impact on BDO’s security posture and business processes.


Open source software and the implications for security

Deon Venter , Deon Venter, senior IT infrastructure and cyber security engineer, SA Taxi

Case Study How leading financial company uses SIEM for management, reporting and real time alerts

Hendrik Voordewind , Hendrik Voordewind, infrastructure specialist, Direct Transact
Harish Sekar, business development manager, ManageEngine (Zoho Corporation)

  • How to overcome IT security challenges in the financial services industry
  • How financial services company DirectTransact uses SIEM to comply with PCI DSS
  • Current organisational ecosystem
  • Breaking down POPIA and where to start
  • Attacks across the globe – pointers to strengthen
  • Understanding the hybrid set-up

Closing remarks from the chair and close of Day Two

Track Two: Blue/red team strategies

This track will focus on the offensive and defensive tools, technologies and strategies that your blue and red teams should be considering. Topics such as incident response, threat hunting and vulnerability management.

Welcome from the Track Chair

Wicus Ross , Wicus Ross, senior security researcher, Orange Cyberdefense

Endpoint detection and response; Preparing your organisation for a cyber attack

Warren Hero , Warren Hero, CIO and CDO, Webber Wentzel
Christo Erasmus, principal consultant, F-Secure Consulting South Africa

Most modern-day cyber attacks start with an endpoint compromise. Deployment of an endpoint detection agent before a cyber attack is therefore crucial but by no means the silver bullet for detection and response as a whole; problems can and do arise from an over-reliance on EDR-aligned solutions. As will be demonstrated in this talk, EDR technology requires the insights and understanding of a highly skilled security team. The information and data it generates is indeed powerful, but alone this technology cannot defeat a skilled attacker’s ability to contextualise and circumvent complex situations and environments. In response to this contention, Warren Hero, Webber Wentzel’s Chief Information Officer will discuss the then and now of preparing his organization for a cyber attack while Roy Fisher, F-Secure’s Consulting Director, provides context regarding the sophisticated nature of modern attackers and why equal insight and skills are required to counter such threats. You will learn:

  • Practical examples of how sophisticated attackers bypass modern technology
  • How to balance technology with human insight
  • Tips for building a resilient defence team

Incident Response bloopers: When IR goes wrong

Veronica Schmitt , Veronica Schmitt, director: Incident Response, DFIR Labs; assistant professor, DFIR, Noroff University (Norway)

In the digital age, we are moving more progressively to an interconnected world. This leads to more incidents taking place and the spotlight being placed on how an incident is handled. Instead of highlighting how it should be done, Veronica will show how it should not be done and the reasons why. The presentation will draw from her personal experiences within the industry and cases that she has investigated. Veronica will also focus on the volatile nature of the incident response evidence available.

  • Understand some fundamental errors made during an incident
  • Understand the effect that making errors will have on digital evidence
  • Gain a better understanding of the overall pitfalls of Incident Response when not done right
  • Learn the correct way to handle Incident Response

Break and exhibition visit

Case study: Living through a Data Breach

Cyril Baloyi , Cyril Baloyi, group chief technology officer, City of Johannesburg

Effective vulnerability management

Kudakwashe Charandura , Kudakwashe Charandura, director – Cybersecurity, SNG Grant Thornton

The rise of cyber attacks requires greater focus and investment into cyber security. A common thread in all cyber attacks is the exploitation of a vulnerability or a weakness in existing systems. It is thus imperative for businesses to assess their systems and processes to identify any vulnerabilities and plug them, before cyber criminals exploit them. The session will unpack vulnerability management and offer practical solutions to effectively identify, prioritise and resolve vulnerabilities and protect businesses from cyber attacks.

  • What are vulnerabilities? What is vulnerability management?
  • What solutions can we use to identify vulnerabilities?
  • How can organisations identify, prioritise and effectively resolve vulnerabilities?

Closing remarks from the chair and close of Day Two

Track three: Breakout sessions

Welcome from the Track chair

Matthew Burbidge , Matthew Burbidge, Writer, Online Editor, ITWeb

Insider threats, why you should care

Ran Pugach , Ran Pugach, Chief Product and Development Officer, Ava Security

Examining the importance of insider risk and how human-centric cyber security with video support can help give your company the best defence. 

The role of SIEM in POPIA

Harish Sekar , Harish Sekar, global speaker and business development manager, ManageEngine/Zoho Corporation

  • How to orchestrate SOAR and leverage artificial intelligence to protect an organisation.
  • The importance of Hybrid Active Directory and how ML helps in predicting user behaviour.
  • Understand the attack surface – how ML and AI can detect internal and external attacks.
  • How can you secure your network devices?
  • The importance of data security and the need for data loss prevention (DLP).

Break and exhibition visit

Other people’s platforms: defeating online fraud outside your virtual jurisdiction

Dr Sam Small , Dr Sam Small, chief security officer, ZeroFOX

With a low-cost barrier to entry, online fraudulent activity and digital risks across the Internet are more ubiquitous and persistent than ever, while the status-quo for preventing, identifying and remediating such threats is often cumbersome, costly and insufficient. In this session, we present results from our year-long effort to measure the reach of today’s threats and detail some new twists on the classics. In addition, we will review a digital threat taxonomy to help practitioners more rigorously evaluate their programs, playbooks and priorities. Finally, we will dissect a handful of real-world examples and share proven identification and mitigation strategies that any organization can adopt.

How to approach business continuity in terms of the current security threat landscape and the challenges from Covid-19

Chris Adam , Chris Adam, solutions engineer, Cloudflare
Chad Toerien, customer development manager SSA, Cloudflare

We live with a rapidly changing Internet that is constantly under threat from malicious entities that want to damage your business and your reputation. Join us for a discussion on how the security threat landscape has changed in recent months and how you protect internal applications from people working remotely and not overloading VPNs. 

Cloud migration; exchanging old practices for comprehensive solutions

Paul Williams , Paul Williams, country manager, SADC and IOL

Closing remarks from the chair and close of Day Two

Demo Lab

Ensuring business continuity by securing your remote workforce

Yassin Watlal , Yassin Watlal, system engineering manager, CrowdStrike

The traditional on-premises security perimeter has dissolved and legacy security stacks are unable to secure a remote workforce and cloud-hosted applications. Today, the Internet is the new corporate network. How are you making sure that IT administrators have the proper visibility into user activity and can minimise attack surfaces in this cloud-first world? How do you provide users with an optimal experience without the struggle of a traditional VPN approach? How do you scale your security services and detect advanced threats more effectively?

Join Yassin Watlal, manager of System Engineering META, as he offers insights into how CrowdStrike Falcon Host Platform has addressed these issues and helps companies transform their security stacks.

In this session, you will learn:

    • How the Falcon Host Platform is able to respond to incidents from anywhere and at any time;
    • How the team gains visibility into endpoints and is able to contain systems outside the corporate network; and
    • How you can recover your environment from advanced threats and attacks and establish a maximised security posture.
Splunk Attack Range – Keeping up with evolving security threats

Herman Lourens , Herman Lourens, senior sales engineer, Splunk South Africa

The Splunk Attack Range framework allows the use of adversarial simulation engines – along with tools for measurement, translation, verification and recording in defence technologies that help streamline the process of creating defence artefacts (signatures, detection, investigation, analytics, playbooks and so on). This framework enables an enterprise defender to keep up with the rapidly evolving threat landscape and allows an analyst to produce data and to:

  • Visualise and record attacks;
  • Translate attacks into measurable data;
  • Drive defence artefacts based on produced data (firewall, endpoint, Snort, etc);
  • Test malicious/exploit code in a safe and isolated environment;
  • Translate defence artefacts into the Splunk environment (detection, investigation, analytics, SOAR playbooks); and
Share artefacts (detection/investigation using Splunk Search Processing Language, Splunk apps and data models, both within the enterprise and within the community).
An overview of Cybereason Mobile – Protecting Android & iOS endpoints in an increasingly perimeter-less environment

Roberto Arico , Roberto Arico, senior technical sales engineer, Cybereason

With the recent launch of Cybereason Mobile, we wanted to invite you to learn more about the value Cybereason Mobile’s solution may offer your security teams. In this session, Roberto Arico will demonstrate the solution’s ability to stop Android and iOS threats, and correlate traditional and next-gen endpoints to a single malicious operation.

Join the discussion to explore the current mobile security environment and be introduced to Cybereason Mobile.

  • Current mobile security environment
  • Business issues arising from mobile attacks
  • Previous and current mobile defence solutions
  • Cybereason’s lightweight autonomous mobile protection and real-time prevention
  • Mobile endpoint detection and response with Cybereason
  • Correlation between mobile and traditional attacks with Cybereason Mobile
  • Cybereason Mobile MDR overview

Harness EDR telemetry to gain control and insight

Matthew Stevens , Matthew Stevens, CTO, Panda Security Africa

A growing number of businesses are implementing EDR technology, but they aren't necessarily taking advantage of the insights the telemetry has to offer. In this demo, Matthew Stevens will illustrate how your security data can be visualised to gain insights into your organisation.

- Track document and application usage

- Monitor user behaviour

- Detect activity of malicious insider threats

Key takeaways:- Visualise your security data to get insights into your organisation:- Track document and application usage- Monitor user behaviour- Detect activity of malicious insider threats
Routopsy: Routing Protocol Vulnerability Analysis and Exploitation

Szymon Ziolkowski , Szymon Ziolkowski, security analyst, Orange Cyberdefense
Tyron Kemp, security analyst, Orange Cyberdefense

In this demonstration, Tyron Kemp and Szymon Ziolkowski will be showcasing Routopsy, a new open source network attack toolkit that leverages a "virtual router" in a Docker container to scan for and attack various networking protocols and misconfigurations. Common vulnerabilities in these protocols include overly broad network statements within routing protocols, unauthenticated or plain-text authentication for protocols such as OSPF and HSRP, and the lack of passive interface usage within routing protocols. Routopsy was designed in a way that will allow users to trivially perform attacks without requiring extensive networking knowledge. Attacks include the injection of new routes, discovery of new networks and gateway takeover attacks which ultimately could lead to person-in-the-middle attacks. Additionally, a fully-fledged router interface is also available for more experienced users and for more advanced attacks. Internally, Routopsy leverages a "virtual router" which has been around for a number of years, is well maintained and supports a variety of protocols. Once the scan phase of Routopsy is complete, a simple configuration is loaded within the virtual router and used to attack the target protocol.
Witness a live DDOS attack being mitigated with Magic Transit

Vincent Barida , Vincent Barida, Magic Transit solutions engineer, Cloudflare

Starting a test attack against Cloudflare’s own network. During this session, Cloudflare will showcase how Magic Transit mitigates the attacks and show the results in our network analytics dashboard.
Close of Day Two

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsor

Display Sponsors

Endorsed by