Advertise on ITWeb         Sun, 05 Apr, 19:52:22 PM

Conference: Day 1 - 27 May Conference: Day 2 - 28 May Workshops: Day 3 - 29 May
Conference: Day 1 - 27 May


Arrival & Registration


Security Summit 2014 Intro video


Welcome address

Jeremy Maggs
journalist, radio host and television presenter



A guide to ITWeb Security Summit 2014

Jon Tullett
senior editor: news analysis, ITWeb

Charl van der Walt

Charl van der Walt
co-founder and managing director, SensePost

During this introductory session,Charl and Jon will offer an overview of the theme and direction of this year’s summit, as well as direct delegates to the tracks and sessions that will be most beneficial to them.
Jacob Appelbaum
Surveillance and privacy - a global overview

Independent computer security researcher, hacker and core member of the Tor project

In this international keynote, Jacob Appelbaum will:         
  • Review the public Snowden revelations, and contextualise these within the global arena
  • Expand on the current set of ideas for changing the status quo
  • Take questions from the audience
Christopher Soghoian
When "trust us" isn't enough: Government surveillance in a post-Snowden world

Principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union

Silicon Valley is finally improving its security. Shamed by the Snowden disclosures, many of the major tech companies have been forced to begin encrypting their customers' data in transit. HTTPS, which just a few years ago was only widely deployed by banks, is now in use by default by Google, Facebook, Microsoft, Twitter and Yahoo.

The NSA could, in the past, engage in dragnet surveillance of hundreds of million of users with the assistance of friendly backbone operators. However, in an era of default transport encryption, NSA's network intercepts will be far less useful. Massive, dragnet surveillance now requires the assistance of Silicon Valley technology companies.

Many of the big Internet companies, whose services, applications and operating systems we all use, occupy a unique position of power. To surveil us, governments need their help. However, these companies and their advertising supported business models require that we trust them with our sensitive, private data. In the wake of the NSA disclosures, that trust is vanishing. Can the companies find a way to restore user trust without destroying their advertising supported services? What happens when governments go nuclear, and demand the companies' encryption keys or the insertion of surveillance backdoors in their products?

10:40 Tea break
John McCormack
Next generation security – In what generation will we get it under control?

John McCormack
CEO, Websense

This presentation will address the following:       
  • The security issues the information security industry faces today
  • A look at the future needs as predicted by Websense Security Labs
  • The technology evolution required to deal with today and tomorrow’s threats and risks
Kevin Kennedy
The idiot's guide to destroying a Global 500 Company…for £500

Kevin Kennedy
senior director: security product management, Juniper Networks:

In a world where brilliant and evasive hacks are for sale, it takes only a Paypal account to destroy a legitimate business. Kevin Kennedy shows how to fight back by changing the economics of hacking.
Antonio Forzieri
Cyber resilience calls for strategic action. Now.

Antonio Forzieri
EMEA cyber security and ISS technology lead: technology sales and services, Symantec

Increasing visibility into cyber risk and understanding its potential impact should be an essential element of an organisation's strategy. Eliminating this risk is impossible and impedes agility. Cyber resilience is about the management—not the elimination—of risk. It recognises that security needs to go beyond systems, software or IT departments. This presentation will show how cyber resilience puts the power in the hands of people, and arms them with the ability to recognise risks, draw on the collective intelligence of others, and take preventive or corrective action.
13:10 Lunch

The various tracks at the ITWeb Security Summit 2014 cater for a wide range of infosec professionals, ranging from C-level executives right through to technical operations, and cover an extensive selection of topics.
These tracks are as follows:

Track 1: Governance and management: ‘The new normal’ (C-level)
Track 2: Privacy and data protection (C-level and technical)
  Track 1 - Governance and management: ‘the new normal’ (C level)
Changing regulatory and legal requirements, together with rapid advances in technology, the need to do more with less, evolving business drivers and an increasingly mobile workforce, sees CIOs and their information security professionals being faced with a very different infosec landscape. This track will discuss the challenges, opportunities and risks within this 'new normal'.

CHAIR: Jon Tullett
senior editor: news analysis, ITWeb

Natalie van de Coolwijk
Cyber insurance - taking the sting out of an information security breach

Natalie van de Coolwijk
managing director, Cygeist

The evolving cyber landscape is placing organisations, as well as the data that they possess, manage and process, under the spotlight. Minor breaches and the loss of seemingly harmless data could result in large repercussions for organisations and their customers alike. Cyber insurance assists in facilitating and managing the breach response process, with the aim of reducing the potential impact to organisations and their clients, in terms or consequences as well as costs.

Natalie van de Coolwijk will:
  • Walk the audience through a real world scenario, highlighting the serious repercussions a badly managed response can have
  • Demonstrate how the same scenario could play out with a cyber insurance policy in place to ensure effective breach response
  • Point out how cyber insurance fits into the response process and highlight the coverage and benefits of the policy
  • Describe the items to be considered when purchasing such a policy
  • Give an overview of the US market, where the cyber insurance offering is already mature
Current state of the art and future challenges to detect and mitigate cyber risks in a methodical and consistent way

Matteo Michelini
senior security consultant: investigations and incident response, MWR Infosecurity

Mass-malware, targeted attacks, advanced persistent threats, state-sponsored attacks, cybercrime...the threat landscape is rapidly changing and companies are facing big challenges to align their security operations strategies in order to mitigate cyber risks.

This session will cover:

  • Challenges in building an internal incident response team – the drivers to develop an internal response capacity and how to shape it correctly.
  • How to shape threat intelligence to meet the business requirements and retrieve meaningful information to drive the development of attack detection and response capabilities
  • How incident response has to evolve to ensure effectiveness against targeted and state-sponsored attacks.
  • An overview of advanced threats and how they are evolving

A case study that will cover most of the above areas will be presented to show how to address common mistakes and misunderstandings while developing the Incident Response capacity.

15:35 Tea Break
Alapan Arnab
A framework for security operations centres (SOCs)

Dr Alapan Arnab
Adjunct lecturer, Rhodes University and lead security consultant: security risk team, Barclays Africa

Pierre Jacobs

Pierre Jacobs
security architect, CSIR

There are a number of frameworks that cover SOC technology components, such as SIEM frameworks, or eGRC frameworks, or even log management frameworks. With the increased awareness of cyber security threats, many enterprises wish to either build their own SOC or outsource to a service provider. However, without a common understanding of what services a SOC should offer, or indeed what services are relevant to a specific enterprise, SOC implementations can often become simple technology implementations, where the ROI is not completely realised. This session will present a comprehensive framework for SOCs which encompasses the technical and business components.
Steve Jump
Communicating Information Security Value to business: A Security Framework using words and pictures.

Steve Jump
head: corporate information security governance, Telkom

In today's competitive world a business faces a multitude of threats every day. Many of these can pose a material risk of loss or damage to a business unless identified and managed appropriately. A majority of Boards today state that information security risk is at or close to the top of their business priorities.

However when infosec practitioners have completed their business threat assessments, and provided their analysis of how information security risks can affect the business's ability to meet its objectives, even today the Board is often left asking for a translation.

This presentation introduces a high level information security framework that allows the complexity of information security management to be explained at all levels of a business, and provides basic lexicon that may be used to translate the technical threat models used to establish the real risks, into simple, business friendly terminology readily understood by any financial or commercial manager (and even technical managers).

  Track 2 - Privacy and data protection (High level and technical)
  The challenge in data privacy is to share data while protecting personally identifiable information. The fields of data security and information security design and utilise software, hardware and human resources to address this issue. This track will provide a current scenario update, explore the myriad challenges and complexities here, and use case studies to outline successful solutions.
Jacob Appelbaum

CHAIR: Jacob Appelbaum
independent computer security researcher, hacker and core member of the Tor project

Dominique dHotman
Case study: Ensuring data privacy and protection in Software as a Service platform at Ooba

Dominique dHotman
CIO, Ooba Group

The South African home loan origination industry is a fiercely contested, 15-year-old market made up of the banks, real estate, mortgage originators and interested home buyers. Being a fairly young industry it is not yet properly regulated, a dynamic which has allowed for a plethora of complex business models to exist. ooba has been continually innovating in this space and has developed a number of technologies to support and move the industry forward. This case study outlines the dynamics which led to the evolution of the ooba SaaS platform. It explores the challenge of creating a system which has trust baked into its very core and outlines the mechanisms made available to its subscribers to test its claims of privacy and protection. It will reflect on the key architectural approaches adopted and provide insight into the industry standards employed.
Dianne Stigling
PoPI Panel Q&A: Will you be ready?

Dianne Stigling
independent IT and information security consultant

Ritasha Jethva
Ritasha Jethva
Governance, risk and compliance lead, Liberty
Ritasha Jethva
Francis Cronjé
founder & MD,, CEO at InfoSeal
Dianne Stigling, Ritasha Jethva and Francis Cronjé, together with legal experts, unpacks the legiislation, outlines what needs to be done and takes questions from the floor

Prof David Taylor
The legal obligation to report of IT security compromises

Prof David Taylor
admitted attorney, former associate professor of ICT law, and legal consultant

Privacy legislation, stock exchange rules, and contract and common law all place obligations on companies to report security compromises. The Protection of Personal Information Act, for example requires that businesses report any ‘accessing’ or ‘acquiring’ of personal Information by any ‘unauthorised person’. What does this mean and how does it work? What is ‘unauthorised access’ from a legal and technical perspective? When must companies report IT security compromises, what must they report and to whom? This presentation will explore and discuss all these questions and more.
Nader Henein
Excuse me…your phone is leaking

Nader Henein
regional director: advanced security solutions - advisory division, BlackBerry

So you’ve just purchased a brand new shinny smartphone and almost immediately you’ve put your life on it. You’ve trusted it with all your contacts, your bank details, pictures of your nearest and dearest, but would you have done the same with a person? Would you give access to the same data to a close friend? Nader Henein believes that responsible design of software and hardware should be law. He’ll take a look at what information is regularly leaving your device and how consumer apps in an enterprise context is going to contribute to your next fine under PoPi.
Cocktail function sponsored by
Cyberoam Maxtec
authorised distributor of
Networks Unlimited Trend Micro
MyDBA Spectrami SYNAQ

Palo Alto Networks


Security Summit 2014 in the news
Press office
Advisory board
Infosec insiders
Industry insiders
Security Summit 2014
View picture gallery
View Facebook album


Performanta - a global and local leader in Information Security - provides both a personalized approach and pragmatic solutions to a broad spectrum of Information Security controls. Our class-leading technologies and practical implementation approach have continually expedited effective mitigation, presenting us with ample local and international awards and accolades.
With 60 employees and over 400 amalgamated years of experience, we specialise in data privacy, endpoint management, privileged identity and access management, SIEM solutions and data centre security. Practical. Trust. Performanta.




Follow us on twitter and join the discussion at #itwebsec

Sensepost is an independent company that provides services in the Information Security Services area. Combining experience and knowledge, SensePost specialises in Information Security Consulting, Training, Security Assessment Services and IT Vulnerability Management.