Plenary Session

Arrival and registration

Open remarks from the chair

Winston Hayden , Winston Hayden, independent management consultant and advisor

Keynote Assessing the cyber threat landscape: what are the latest threats and how can we mitigate the risks?

Charl van der Walt , Charl van der Walt, head of security research, Orange Cyberdefense

Keynote Africa, the Internet and cybersecurity

Dr Kenneth Geers , Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique)

Africa is a massive continent that encompasses more than 50 countries, 1 billion people and 30 million square kilometers. This presentation examines how the Internet has changed African geopolitics, from domestic elections to international relations, and considers the impact of cyberspace on African crime, human rights, revolution and war. Kenneth will examine key technological and socio-economic indicators to see how African nations (individually and collectively) compare with the rest of the world. There will be a special focus on Africa’s unique characteristics, challenges, and contributions - to the Internet, cyberspace and cybersecurity.
Keynote Security as a business enabler: making the business case for security

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)

The hardest thing a Chief Information Security Officer ever has to do is to convince the business that security is there to be both an enabler and to protect the organisation, its employees and products using the right tools, education and collaboration. Collaboration and cooperation are essential, as is forming a strong relationship with colleagues from across the business, the Board and the Risk and Assurance Committee to ensure that security is seen as an enabler to the market context that the business operates in. This often includes educating those at the highest level within the organisation using diplomacy and understanding. In this presentation, you will be introduced to the business model for Information Security as well as hearing about practical, pragmatic approaches to positioning security as an enabler in a range of industry settings from healthcare to heavy manufacturing and high-end tourism.
Morning refreshments and networking

Reserved for lead sponsor

Keynote How to fix the humans: Cybersecurity and human factors

Suelette Dreyfus , Suelette Dreyfus, academic specialist, School of Computing and Information Systems, University of Melbourne (Australia)

You’ve built the biggest, strongest cybersecurity wall ever. Then your organisation’s staff unlocks the front door to welcome in the intruders. AI is touted as the magic fix for solving the weakness of human factors in the cybersecurity chain. But the technology is seen as immature relative to need and is perceived as taking more time and budget to implement than is worth the pay off. Most of all, there is no ‘press a button and problem’s solved’ solution here – there is no replacement for human IT managers understanding what such systems recommend and why. Trust and transparency in AI platforms handling cybersecurity are essential - but will vendors provide this?

This keynote will look at what the international academic research finds about human factors in cybersecurity. What are they and what approaches can be used to address them? This isn’t just about understanding human behaviour, it’s also about how organisations can make their security responses fit with the humans, instead of demanding the humans fit security programmes and protocols. Some IT security experts recommend putative measures against employees who repeatedly don’t attend to cybersecurity – but is it realistic to punish the busy C-suite exec? Are there better ways to win security for your organisation? 
Keynote Quantum Reckoning: The coming day when quantum computers break cryptography

Roger A. Grimes , Roger A. Grimes, data-driven defense evangelist, KnowBe4 (USA)

Quantum computing is getting ready to break all traditional public key crypto, like RSA and Diffie-Hellman, and every secret it protects. This means that digital certificates, PKI, TLS, VPNs, Wi-Fi networks and even most crypto-currencies are left unprotected in an instant. The only question is when it will happen. Many experts think it’s sooner than you think. The digital day of reckoning is coming. Will you be prepared? In this eye-opening presentation, Roger will explain:

  • How Quantum computers are breaking today’s crypto
  • When it’s likely to happen
  • And what you can do to start preparing for it today

Lunch and networking

Track One: Strategy, privacy and user awareness

This track takes a look at the latest research into the state of cyber security and best practice in threat intelligence sharing. It will also focus on user awareness and creating a culture shift in your organisation. It closes with an update on privacy legislation, both local and global

Welcome by Track Chair

Winston Hayden , Winston Hayden, independent management consultant and advisor

Cyber everywhere. Ready or not, it’s here - the future of cyber survey 2019

Eric Mc Gee , Eric Mc Gee, associate director: Risk Advisory Southern Africa, Deloitte

As the world becomes smaller, cyber is getting bigger. With every new connected device, digital discovery, or automated process comes new vulnerabilities and cyber concerns. In the burgeoning era of “cyber everywhere,” are organisations positioned to embrace the opportunities that cyber will create? Or is there a stark disconnect between an organisation’s transformational goals and the reality of disparate agendas and finite resources?

Deloitte conducted a survey in conjunction with Wakefield Research among 500 C-level executives who oversee cybersecurity at companies with $500 million or more in annual revenue including 100 chief information security officers, 100 chief security officers, 100 chief technology officers, 100 chief information officers, and 100 chief revenue officers. This survey enabled us to gain deep insight into what our customers are thinking about cyber and how they are integrating it into their organisations.

• Cyber requires more executive attention, budget, prioritisation, people, tools, processes, governance and overall collective thought

  • Cyber needs a leader with the authority to drive change
  • Cyber will require organisations to become more nimble, more flexible and more collaborative as they work to secure their organisations, their employees, their customers and partners
  • Data complexities will continue to challenge many organisations
  • Automation, speed and insights will power the future of cyber

Best practice in threat intelligence collaboration and sharing

Jason Jordaan , Jason Jordaan, principal forensic analyst, DFIR Labs

Afternoon refreshments and networking

Case Study Increasing user awareness and developing an ongoing user training programme

Celia Mantshiyane , Celia Mantshiyane, general manager: technology security, MTN

Panel Discussion How do you create a culture shift towards embracing security in your organisation?

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)
Celia Mantshiyane, general manager: technology security, MTN

Comparing the pros and cons of data protection and privacy legislation and the need for a global response

Susi du Preez , Susi du Preez, InfoSec engineer, Impact IT & Risk Services

Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information of individuals, which can be collected by governments, public or private organisations, or other individuals. This presentation will explore why a global effort is important to make our privacy and data safe and why a silo approach is not the answer internationally. Susi will explain what the major countries have in place regarding privacy acts (e.g. GDPR, POPIA) and how they compare. She will also discuss the African continent and how we as a global community can make our privacy and data safe again.

  • Why a privacy act?
  • Why a global effort?
  • How do privacy acts compare with each other internationally?
  • Where are African countries with privacy acts?
  • Revealing a comparison study between privacy acts, which highlights the strictest act yet (released in January 2020)

Closing remarks from the Chair and official networking cocktail function

Welcome by Track Chair

Pushing the SOC left for the love of AppSec and the sake of containers

O'Shea Bowens , founder and CEOO'Shea Bowens, founder and CEO

As a defender we've seen the landscape change over the last few years. A shift to cloud, better endpoint detection capabilities and overall acceptance of leveraging threat intelligence. All these items are advantages for SOC personnel, but how are we incorporating application security? How the heck are we securing our containers? The idea of "shifting left" is based upon secure SDLC, but how do we build detection, response and monitoring of applications and containers into the SOC? The normal gambit of next-generation firewalls and antivirus products aren't applicable as applications differ from build to build. This presentation will focus on building out capabilities to help defenders identify vulnerable containers, attacks against the application, detection mechanisms and how to leverage this information for triage.

  • Understanding how to build secure containers
  • Identifying layer 7 non-traditional attacks against your application
  • Identifying attacker movement inside your container
  • Learn tactics and techniques to aid your SOC approach to ‘shifting left’

Cloud security and Cloud Access Security Brokers (CASB)

Afternoon refreshments and networking

AI, machine learning and automation: how can they be used to enhance cyber security?

Managing third party/supply chain risk

IoT security: how are organisations adopting IoT and what are the security implications?

Closing remarks from the Chair and official networking cocktail function

Bronze Sponsor

Display Sponsors