Advertise on ITWeb         Sat, 21 May, 23:47:27 PM


New strategies and tactics: Lessons from the battlefield

Agenda: Day 1 - 7 May Agenda: Day 2 - 8 May Workshops: Day 3 - 9 May SANS Training: 9 & 10  May

Misha Glenny, investigative journalist, author and broadcaster, will open our 2013 Summit. His most recent book, the acclaimed Dark Market, led to his recent TED talk on the subject of cyber security. Misha is joined by other experts who will present an overview of the current landscape and comment on current trends. They will share practical advice on the way forward for senior business decision-makers, highlighting successful approaches to improved security and reduced breaches.

07h30 Registration and exhibition opens
08h30 Security Summit 2013 video

Jeremy Maggs
journalist, radio host and television presenter

A guide to ITWeb Security Summit 2013

Charl van der Walt
co-founder and managing director, SensePost and


Jon Tullett
senior editor: news analysis, ITWeb

During this introductory session, Charl and Jon will offer an overview of the theme and direction of this year’s summit, as well as direct delegates to the tracks and sessions that will be most beneficial to them.
The struggle for the Internet: Web control, crime, commercial espionage, and spying and warfare

Misha Glenny
investigative journalist, author and broadcaster

A mighty battle has broken out for the soul of the Internet. At its heart lie the three great sectors of ‘malfeasance’ on the Web: cyber crime, cyber industrial espionage and cyber warfare.

Based on extensive interviews with active cyber criminals, cyber policemen and government strategists, and featuring riveting audio and video footage, the presentation reveals how the worlds of the state and crime have fallen into an evolving relationship that is simultaneously symbiotic and antagonistic.

As the amount of data stored becomes incomprehensible, as our dependency on network systems becomes irreversible and extreme, we have to ask: WHAT exactly are we facing?

The ‘struggle for control of the Internet’ presentation tells you.
  An underground education: Lessons in counterintelligence from history's underworld

The Grugq

The underworld of 20th century America was forced to develop deep practical counterintelligence knowledge in the pursuit of their chosen profession. This underworld tradecraft (the skills and methodologies for avoiding detection, arrest and prosecution) has been partially preserved in literature. Based on information extracted from the literature, this talk aims to update those skills and methodologies for the modern hacker.

This presentation is informed by literature on the historical criminal underworld of the late 19th and early 20th century, as well as source material provided by the manuals of insurgent and terrorist groups (as well as their known/uncovered CI techniques).

These are refined and combined with the modern principles of CI, and then applied to hackers, building a more solid foundation for "The Ten Hack Commandments". This presentation will be significantly more focused on practical "how to attack the intelligence process of the adversary", ie, how to avoid LEO.

Finally, the presentation will include The Grugq’s build of the RaspberryPi set-up as a transparent Tor gateway, doubling as a WiFi hacking station to both access bandwidth and reduce the potential to accidentally reveal the real IP address.

10h40 Tea break
Cybercrime kill chain vs. effectiveness of defense layers

Francisco Artés
research director, NSS Labs

An in-depth look at the trends that are emerging in the world of cyber-crime, cyber-security, and the threat landscape. Can we use what we know about our adversaries in order to create a more effective response?

Mike Armistead
vice president and general manager, Enterprise Security Products, Fortify, Hewlett-Packard

Cyber threats are maturing and outpacing our traditional defences, to be effective in this new world, enterprises need to look to disrupt more points within the "cyber threat ecosystem". application security and threat intelligence share are key to making this happen.


  1. Can the cybercrime battle ever be won?
  2. What can be done about the Defenders Dilemma? An attacker only has to be successful once, defenders have to succeed continuously.
Bringing Down the House – Are South African Organisations Really At Risk?

Gordon Love
regional director for Africa, Symantec

In 2012 attackers breached one of the world’s largest oil companies. Since then enterprises and governments the world over have been exposed, breached, had websites taken down and more. As the security threat landscape continues to evolve, so organisations and government are becoming more cognisant to the risks and how to mitigate these. Are South African organisations really at risk and how effective are we at reducing these risks?

The three questions this presentation will answer:
  1. What are the key risk mitigation steps enterprises need to take this year?
  2. What is the biggest information security weak spot in the enterprise?
  3. What are cyber criminals targeting now, and what will they target in future?
13h10 Lunch
  Track 1 - Defence in depth
Defence in depth refers to the coordinated use of multiple security countermeasures and diverse defensive strategies to manage risk. If one layer of defence turns out to be inadequate, another layer of defence should prevent a full breach. This is based on the idea that a full attack occurs over a chain of events, and not a single, isolated event. During this track you will understand this chain, and how to develop innovative ways of tracking who is attacking them, and build in controls beyond the perimeter.

Key questions this track will answer include:

  • What is the best strategy to respond to the new security environment for corporate networks (with mobility in mind)?
  • What key questions should I ask when assessing the security of my organisation?
  • What security controls should I be considering?
Cyber threat combating initiatives planned for Africa

Craig Rosewarne
managing director, Wolfpack and founder and chairman, ISG

Cyber incidents and more notably cyber crime attacks have increased against private companies and governments across Africa. Other stakeholder nations have expressed concerns that we have been slow to respond to this increasing threat.

What is being done in South Africa and other African nations to deal more strategically with the complex topic of cyber security?
This talk will reveal highlights from the 2012/3 Cyber Threat Barometer research, as well as give you an update on key initiatives taking place on the continent.


  1. What is the current state of cyber threat management readiness in major African nations?
  2. What initiatives are planned for the African continent?
  3. How should we be responding to increased cyber attacks?
Rethinking defence strategies

Marinus van Aswegen
security architect, Telic Consulting

Despite their best efforts, organisations continue suffer intrusions, intellectual property theft and very public data leaks. New and evolving agile adversaries, not to mention disruptive technologies like mobile and BYOD, are posing real challenges to organisations, forcing them to rethink defence strategies to protect not just their own infrastructure and information assets, but also that of the customer. This presentation will explore the challenges, weaknesses and possible remedial solutions to meet the challenges.


  1. What strategies and controls are available to organisations, what are their strengths and weaknesses?
  2. What is the role and purpose of security architecture and engineering?
  3. What practical steps can be taken to meet the challenge?
15h35 Tea break

DDoS, the silent thunder

Vernon Fryer
chief technology security officer, Vodacom SA

An in-depth discussion on the DDOS attack landscape facing South African based organisations, this discussion will provide an analysis of the types of attacks, finger printing, exploit scanning activities and Global attack techniques including but not limited to the new trends in mobile device DDOS attacks.


  • Is command and control Botnets detected as DDOS.
  • Are Security Operation Centres taking DDOS activities serious.
  • How are we protecting mobile devices application DDOS attacks.

Cyber Amber: A zero-interaction honey-pot system with modular intelligence

Adam Schoeman
information security officer, First National Bank Private Clients

For the greater part, security controls are based around the principle of decision through behaviour. The exception to this is a honey-pot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. Because honey-pots are not located on productive information resources, any interaction to it can be assumed to be non-productive.

This allows the honey-pot to make decisions based on the presence of data, and not the more complex behaviour of the data. But due to limited resources in human capital, honey-pots’ uptake in the local market has been underwhelming.
Amber attempts to change this by being a zero-interaction security system, which will use decision through presence to generate a blacklist of third parties that can be passed to a network enforcer. Empirical testing has been done proving the usefulness of this approach in defending networks in a different and low-cost manner.

Functionality of the system has also been extended by installing distributed nodes in different geographical locations, which will stream their detections into the central Amber hive.


  1. What are the advantages of using a Decision through Presence model, opposed to a Decision through Behaviour model?
  2. Can honey-pot-like systems be used effectively in the business environment, without a team of malware analysts?
  3. What bearing does the international TCP/IP noise have on South African networks?
  Track 2 - Know your enemy
  Insiders pose a sizeable threat to organisations. Desperate or disgruntled employees may try to exploit their current or previous companies. Equally worrying would be an incident that was a result of negligence – employees without security awareness are security liabilities. During this track you will learn more about the potential threats from employees and outsiders. In addition, businesses need to be aware of the national approach to cyber security, in order to ensure they are adequately prepared for risk.

Key questions this track will answer include:

  • What can I do to counter insider threats?
  • What are the external threats I am most likely to face?
  • What cyber security threats should I be prepared for?
Internet censorship and the Tor Project

Runa Sandvik
developer, security researcher and translation co-ordinator, The Tor Project

This presentation will introduce The Tor Project, and will talk about who censors the Internet, how they do it, and to what lengths they go in order to prevent users from communicating safely with the outside world.

The presentation will also include real world examples of Internet censorship and attempts to block the Tor network, as well as an introduction to deployed solutions to circumvent these blocks.


  1. How does Tor offer a solution to ensure confidential business activities and relationships?
  2. What effect did the Arab Spring have on online anonymity?
  3. What are some ways to circumvent some of the attempts to block Tor?
Offence-oriented defence

Dominic White
chief technology officer, SensePost


Jeremy du Bruyn
senior penetration tester, SensePost

Information security has attempted to answer the question: "How do we prioritise our security activities?" for decades.

Answers relating to risk management, compliance and best practice are the ones most frequently accepted. But, attackers never seem to stick to the checklist. Dominic White’s presentation will look at the massive disconnect between how attackers attack systems, and how we defend systems.

After this analysis, White will suggest some ways to get closer to an attacker-aligned defence.
15h35 Tea break
Socially engineered Trojans: How to defend your organisation from targeted attacks with Trojans and social engineering

Beza Belayneh
chief executive officer and chief information security officer, South African Centre for Information Security

Socially engineered Trojans provide a significant method of attack to corporate networks. Executives must defend their networks from threats that are crafted in a complex manner, where end-users are easily deceived by trusted and compromised Web sites to run malicious software.

In today’s world of personal computing, socially engineered “Trojan horse” attacks include malware that successfully exploit commonplace user activities such as downloading mobile phone applications and accessing online content through popular social media sites. Inherently sophisticated and tricky, such attacks can dupe even the most experienced users.

Socially engineered Trojans are context-relevant messages that lure users to click on malware-bearing attachments and URLs. These attacks are the most common attack vectors used today that cause computers to download Trojans.

Socially engineered Trojans are responsible for hundreds of millions of successful hacks each year. Against those numbers, all other hacking types are just noise.

The presentation will guide the audience about how socially engineered Trojans are crafted and how they attack corporate networks, and it will recommend methods of implementing systematic defence mechanisms to defend innocent users who install and run Trojans – malicious software.


  1. How can a well-engineered and defended system be broken into by a socially engineered Trojan attack?
  2. How are context-relevant and targeted attacks formed and evolved to be lethal exploits?
  3. What makes socially engineered Trojans hard to defend against, and what are the countermeasures for detection and mitigation of this threat?
Lesson learned from the trenches of targeted attacks

Robert McArdle
senior advanced threat researcher / manager: Forward Looking Threat Research Team, Trend Micro

Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.

In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.


  1. What is the reality (not the hype) of a modern targeted attack
  2. You will understand the Modus Operandi of a two main types of Cybercriminals
  3. You will understand how investigators and security companies investigate these high profile attacks
  Track 3 - C-level security update
  When corporate security is at risk, the entire organisation is at risk. It is necessary for CIOs, CISOs, and other C-Suite executives with a security mandate to be up to date on how to optimise their corporate security, and be informed about key threats. This track will alert the C-Suite to key security concerns they don’t know about, but should. Delegates will be equipped to keep their organisations secure against ever-evolving security threats.

Key questions this track will answer include:

  • What points can I action in the next fortnight to tighten my organisation’s security?
  • How can my organisation better defend itself, its staff and key assets?
  • How can I identify ‘obvious’ gaps in my security policies?

Integrating information security with world-class physical security: What can we learn

Johann van der Merwe
global head of information security, De Beers Group

This presentation will address how to deal with a strong threat model, as it relates to insider threats from security strategy through to a practical defence approach. What makes this talk unique is that it deals with the integration between information security and physical security.

There is a lot we as “information security practitioners” can learn from physical security in high-risk environments. Over the past two years, De Beers has successfully integrated information security with the physical security function that is globally responsible for the protection of its diamonds. This presentation shares that integration experience, from strategy formulation through to practice.


  • How do I practically integrate information security with physical security?
  • What lessons can I learn from world-class physical security and how do I incorporate these lessons in my approach to information security?
  • How do I plan and execute information security aligned with a strong threat model?
  • In the context of the above, the presentation will explore further questions under the themes of “defence in depth” and “know your enemy”.
The paper peril - thinking outside the hard drive

Duncan Waugh
managing director, DSSS

Corporates and the Government Sector spend billions of Rand each year to protect data, product information and personal information contained in computer hard drives and servers.  How many pay any attention to the printed matter generated by computers, which often contains the very information and data they spend so much money on protecting?  How many consider the threat of discarded hand written correspondence?  There are more perils from handwritten and printed matter than previously thought.


  1. We deploy shredders.  How effective are they and what guarantee to we have that employees use shredders effectively?
  2. We operate a paperless business, how can we be at risk?
  3. What sort of information is commonly found on desktop correspondence?
  4. What is the information contained in printed and written correspondence used for and by whom?
  5. How do I identify problems within my organisation?
  6. How do I manage potential information leaks through irresponsible disposal of ‘waste’ paper?
  7. If I do not implement any external procedures to monitor waste paper, what would the effects be?
15h35 Tea break
Enterprise fraud: Are you battle ready?

Vinod Vasudevan
chief operations officer, Paladion

How organisations can build an effective mechanism to detect and prevent technology fraud and implement a comprehensive fraud risk management practice. This talk will offer:
  • A look at significant fraud incidents over the last two years
  • An understanding of the types of fraud in different industry sectors, with emphasis on banking and financial services
  • A look at the different technology controls for managing fraud.
  • An understanding of the role of transaction analytics
  • An overview of the different techniques to detect fraud
  • A discussion on the role of security analytics in fraud detection
  • An overview of a fraud risk management framework and related best practices


  1. How serious is the current fraud landscape?
  2. What are the different technologies and techniques to manage fraud risk?
  3. What is the process framework required to manage fraud?
Transforming your security organisation to be next generation and business enabling

Jason Clark
chief information security and strategy officer, Websense

Cocktail function sponsored by
Operators monitor for attacks
17 Apr 2013 – Distributed denial of service strikes can cause major traffic headaches for cellphone companies.
Desperately seeking cyber security skills
17 Apr 2013 – Skills training in SA is on par with international standards, but the country does not have enough experts to prevent cyber attacks, says UJ’s Basie von Solms.
Spending needed to thwart attacks
11 Apr 2013 – Most security issues can be contained to some extent, if companies are prepared to invest.
SA fails on forensic readiness
4 Apr 2013 – Forensic readiness is crucial to successful investigations and prosecutions, yet few South African firms are prepared, says Cyanre.
Cyber security risk cannot be eliminated
25 March 2013 – In the past two years, there has been remarkable development and spread in organised hacking of corporates, says expert.
IT-based fraud on the increase
25 March 2013 – The ease with which fraudsters can acquire tools needed to commit fraud and the explosion in data are contributing to the growth, says Paladion.
BYOD - no turning back
20 March 2013 – For most organisations, it's too late to stop BYOD, but it's not too late to manage it, says a security expert.
Formulating an attack-focused security plan
26 Feb 2013 – To successfully formulate an attack-focused plan, start with an assessment to find live attackers on the network, says MANDIANT.
Info security needs new focus
12 Feb 2013 – Information security has to shift beyond perimeter protection to understanding the attacker, says De Beers.
SA progresses in cyber crime fight
8 Feb 2013 – Moves are afoot to get SA’s cyber crime policing up to speed with the rest of the world, says ISG.
Understanding "bad guys" key in cyber warfare
6 Jan 2013 – Offence-oriented defence has become key in the battle against cyber crime, according to a security expert.
For the latest headlines visit our Security Summit news portal
in partnership with

in partnership with

in partnership with
in partnership with
in partnership with
in partnership with             
in partnership with



About our speakers
About our sponsors
View the post-event video
View picture gallery
Cyber Readiness Challenge


in partnership with
Established in 2009, Performanta specializes only in the discipline of Information Security. The company provides technology, services and consulting solutions allowing them to give customers an end to end information security service. Their focus on pragmatic solutions is reflected in their motto: Practical Trust Performanta.

Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world.

Unified security management key to rapid response
24 Apr 2013 - Visibility of the entire ecosystem, and immediate access to necessary information, is key to effectively managing information security, says McAfee.
Consolidation: a new infosec imperative
17 Apr 2013 – Addressing multiple security areas with a variety of solutions can result in weak points and areas being overlooked, says McAfee.
Security certificates 'an infosec weak spot'
12 Apr 2013 – Malware with embedded digital security certificates can easily penetrate enterprise systems, says Venafi.
For the latest headlines visit our Security Summit news portal

Fees listed below exclude VAT 
Conference only 7 & 8 May
Standard delegate fee R 6,210.00
Conference (7 & 8 May) plus full day workshop - 9 May
Standard delegate fee R 7,590.00
Workshop only 9 May
Workshop 1: Governance of information security
Workshop 2: Digital forensics
Workshop 3: Information Security Incident Response - A Survival Workshop
Standard delegate fee R 2,720.00
Delegates who attended a previous ITWeb's Security Summit qualify for VIP status. Should you qualify please contact Maggie Pienaar on (011) 807-3294 for more details .
Group bookings:
4 for the price of 3
7 for the price of 5
12 for the price of 8
To register a group please contact Maggie Pienaar
on 011 807 3294 or email . Please note that in order to qualify for group discounts all delegates must be registered at the same time. Group bookings do not apply to workshops.

Follow us on twitter and tweet about your thoughts around this event, #itwebsec

Do you want to join other leading security vendors and firmly position your company, brand, products and services to a high-level business decision maker audience at southern Africa’s only business focused information security event?
Don’t miss out on the opportunity to capitalise on the valuable marketing opportunities ITWeb’s annual Security Summit offers and 
click here to learn about available sponsorship options or contact Debbie Visser, for a customised proposal designed to meet your objectives and budget.

Sensepost is an independent company that provides services in the Information Security Services area. Combining experience and knowledge, SensePost specialises in Information Security Consulting, Training, Security Assessment Services and IT Vulnerability Management.


Tweet about the ITWeb Security Summit