During this track, international experts will share practical insights on how to protect internet-connected systems, networks and your business data.
powered by Telekom
See the stageThe agenda is built around the concept of “effective cyber security” with a focus on how to minimize the risk of cyberattacks and how to protect your business and your customers from the unauthorized exploitation of systems, networks and technologies.
Here's what we'll be exploring on the Security Stage
During this track, international experts will share practical insights on how to protect internet-connected systems, networks and your business data.
Find out more about how companies have to rethink their security strategies and what new approaches you have to adopt in order to deal with security issues.
The exploitation of systems vulnerabilities that are responsible for cyberattacks can be avoided. The tools to predict attacks are known and our speakers will focus on them during this track.
Get knowledge from the brightest digital minds.
Senior Security Advocate
Akamai Technologies
Martin McKeay is a Senior Security Advocate at Akamai, joining the company in 2011.
Martin is a senior editor of Akamai’s State of the Internet Security Report, Akamai’s report on Security, focusing on DDoS, DNS, Bots, just to name a few of the topics. Martin has represented Akamai in Europe in the past and currently lives in Miami, Fl.
With nearly 20 years experience in the security space and five years of direct Payment Card Industry work, Martin has provided expertise to hundreds of companies. He has spoken at events in the US, Europe, Asia and Australia, including RSA, Black Hat, Defcon and FIRST. He is a member of Europol’s European Cybercrime Center Internet Advisory Committee. He frequently writes for publications such as CSO Online and IBM’s Security Intelligence blog.
The biggest danger posed by bots and botnets comes from the fact that they’re so ubiquitous. Businesses rely on search engine bots to index their sites so customers can find them. Communication between organizations is increasingly happening through APIs, with terabytes of data being exchanged every minute, no human interaction required. Site monitoring bots allow administrators to keep ahead of surges in traffic and other problems. Quite frankly, much of the current Internet relies on the information bots gather and exchange every day.
But for every benign use of a bot, there exists a darker, malign example. The spiders that index your site are great, except when the data is being used by a competitor for their own pricing. The same APIs that allow for data exchange represent a huge area of vulnerability to credential stuffing botnets. Credential abuse bots are constantly trying to use compromised logins to take over accounts from sites across the globe. And nearly any botnet can generate enough traffic to create a DDoS given the right circumstances, like a botherder who doesn’t know how to configure their own tools.
Join Martin McKeay for a global look at where botnet traffic is coming from and where it’s targeting. We’ll be looking at a year’s worth of research on some of the tools botnets are using to remain stealth, who’s being targeted and where the traffic is heaviest. This talk will examine how botnets are increasingly using Domain Generation Algorithms (DGA) to hide botnet Command and Control (C&C) infrastructures. The threat botnets pose is something all businesses should be concerned with, but retailers should be especially concerned with these often unrecognized attacks.
CEO & Chief Analyst
Goode Intelligence
Alan Goode is the founder and managing director of Goode Intelligence – a cybersecurity research and consulting company.
• 13 years of research and analysis experience
• Seventeen years of management and technology consultancy with experience of strategy and deployment
• Experienced security manager and senior technical consultant:
• Head of Information Security at T-Mobile UK
• Security Practice Manager at Atos Origin
• Head of Digital Security at De La Rue Identity Systems (including biometric passports)
• Security analyst for Citibank (Payments)
• Expert in biometrics, authentication/identity, fraud management and cyber security
• Frequent speaker and conference lead including Judge for GSMA Global Mobile Awards 2012, 2013, 2014, 2015, 2016, 2017 and 2018; speaker on biometrics at Connect ID, Biometrics & Identity Conference 2015 , MoneyConf 2016, ATM & Cyber Security 2017 & 2018 and Lendit Europe 2017.
Businesses know that passwords are insecure, inconvenient and costly to manage. This presentation looks at password replacements that enable secure, convenient and affordable authentication across a range of devices and use cases – including enterprise and consumer.
Takeaways
Chief Security Scientist
Thycotic
Joseph Carson is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls and privileged account management.
Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community frequently speaking at cyber security conferences globally, often being quoted and contributing to global cyber security publications. He is a cyber security advisor to several governments, critical infrastructure, financial, transportation and maritime industries. Joseph is regularly sharing his knowledge and experience giving workshops on vulnerabilities assessments, patch management best practices, the evolving cyber security perimeter and the EU General Data Protection Regulation.
Joseph serves as Chief Security Scientist at Thycotic and author of Privileged Account Management for dummies.
It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money. This session explains how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security and how a light bulb almost stopped Christmas from happening.
Takeaways
Security Research Manager, Intel
Intel Corporation
Mr. Barnhart-Magen is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.
He is a member of the BSidesTLV organizing team and recipient of the Cisco “black belt” security ninja honor – the highest cyber security advocate rank and has over 15 years of experience in the cyber-security industry, where he held various positions in both corporates and start-ups.
Artificial Intelligence (AI) is the newest addition to a crowded IT toolset. In this talk we will explore how intelligent systems add new attack surfaces to the organization, new attack methods and the targets attackers pursue in the AI landscape.
Takeaways
Application Security Team Leader
Ingram Micro
Denis Makrushin is Application Security Team Leader at Ingram Micro.
Formerly, with the Global Research and Analysis Team at Kaspersky Lab was focused on vulnerability research and development of targeted attacks mitigation technologies. Denis has gained diverse experience while working in the cybersecurity area. From the offensive security standpoint he’s been engaged in vulnerability research and penetration testing of corporate infrastructure, network security assessments of banking systems, and he took part in the organization and holding of an international forum on practical security aspects.
He took time to look at the industry from the defense side perspective and built information security processes for critical infrastructure and developing threat intelligence products. He graduated from the Information Security Faculty of the National Research Nuclear University MEPhI (Moscow Engineering Physics Institute).
At this time he is continuing his research project ‘Targeted Attack Detection Based on Game Theory Methods’ as PhD candidate of MEPhI. Denis has presented at many public international security conferences including Defcon, RSA Conference, CARO, BSides, Infosecurity, PHDays, ZeroNights as well as multiple closed door invite-only security events.
Nobody cares about his smart-home security, and nobody seems to care about smart-city threats that affect billions people. However, what about threats in connected medicine that are able to change the life of a patient?
Based on research of various IoT devices, this session will offer a guide which will answer the following question: how to survive in the connected world?
Head of Information Security
Bank of Ireland
A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes, in complex global organisations. Passionate about solving real industry problems, cultivating and building teams to deliver on the organisation’s mission, values and goals.
Alongside his role as a Head of Information Security at Bank of Ireland UK, Flavius is also one of the co-founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to shape behaviours and build a risk-aware cyber security culture.
With Human Errors being the #1 cause of cyber incidents and data breaches, it is now a CISO imperative to tackle behavioural change and focus on building a risk aware cyber security culture. There are multiple drivers behind the rise of behavioural and cultural change as a recognised need within organisations. It reflects the acceptance that how well an organisation performs is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cyber security. There is the recognition that traditional awareness raising campaigns (e.g. CBT, phishing simulations) are not, in themselves, affording sufficient protection against ever evolving cyber-attacks.
Takeaways
• People-related challenges and frustrations the industry is facing (Problem)
• Why a new approach to awareness and culture is required
• Innovative approaches adopted by leading organisations (Solution)
Your organisation can only be secure if you make People your strongest defence. Attend this session to learn how to turn your “weakest link” into your biggest advantage in cyber security!
Managing Security Consultant
NCC Group (CREST CCT)
Balazs Bucsay (@xoreipeip) is a Managing Security Consultant at NCC Group in the United Kingdom who does research and penetration testing for various companies.
He has presented at many conferences around the world including Honolulu, Atlanta, London, Oslo, Moscow, and Vienna on multiple advanced topics relating to the Linux kernel, NFC and Windows security. Moreover he has multiple certifications (CREST CCT, OSCE, OSCP, OSWP, GIAC GPEN) related to penetration testing, exploit writing and other low-level topics; and has degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things in life.
Hackers do not have a scope nor are interested in risk ratings. On the other hand, nobody wants to be hacked, but it could happen if our risk assessment was not properly done. It is necessary to understand how vulnerabilities are rated, what their meaning is and how could these bugs be exploited. A demo will show how three or more seemingly independent vulnerabilities can be chained together in order to have a bigger impact on a company or on an end-user.
Takeaways:
• The demo will bring the audience closer to understand how hacking works
• Will explain how it is possible to chain vulnerabilities
• Will change some minds how risk rating should be handled internally in a company
Managing Director & Co-founder
ISECOM
Pete Herzog is the shining example of a hacker trying to fix the world.
He built a career out of taking apart the security world piece by piece to figure out how it works. You can find articles and projects from him all over the place, especially at the non-profit research organization, The Institute for Security and Open Methodologies (ISECOM), he co-founded in 2001 to help make this happen. There you’ll find his work with the Open Source Security Testing Methodology Manual (OSSTMM), Hacker Highschool, and the Cybersecurity Playbook as well as work in trust metrics, authentication, social engineering, vulnerabilities, risk analysis, and so much more. Pete also teaches training classes, coaches corporations, develops security products, advises start-ups, and hacks things.
As a security analyst I’ve seen a lot of things. Internet things. Most are some cluster of apps, sensors, mobile devices, web, and cloud. All involve people, both trusted and mostly untrusted. Then they ask me how to secure it. And I do. This is how.
I need less than an hour to show you how to make security that matters for new technologies. This includes how to analyze the security of anything even if you’ve never seen it before or have no idea how it works. This is how to approach it, scope it, analyze it, and ultimately secure it. We don’t need less IoT but better security professionals willing to use their analysis skills to make sure security happens.
Takeaways
Cryptographer
NXP Semiconductors
Joppe is a cryptographic researcher in the business unit identification at NXP Semiconductors. Previously, he was a post-doctoral researcher in the Cryptography Research Group at Microsoft Research, Redmond, USA.
His research focuses on computational number theory and high-performance arithmetic as used in public-key cryptography. On the one hand, he has an interest in the various mathematical problems used in applied cryptography. Examples include the integer factorization problem and the (elliptic curve) discrete logarithm problem. On the other hand Joppe likes to investigate the different techniques to realize efficient cryptographic implementations on various exotic or embedded architectures.
The applications of machine learning seem to be endless.
In the Internet of Things era this has the capability to transform how we interact with machines. Examples include autonomous driving, ordering products with simple voice commands and authentication using your face. However, when the machine learning and internet of things combination grows mature so do the attacks against machine learning systems: an attacker can try to steal the machine learning models, circumvent the authentication mechanisms or do physical harm to the user. In this presentation I will show that it is trivial to mount attacks against machine learning models.
Finally, we will outline the consequences and present some of the techniques which can harden against such attacks. With the deployment of machine learning into our everyday life we need to be aware of the security and privacy implications and start to apply the security-by-design paradigm to make these smart machines more robust against practical attacks.
Managing Partner
Interactions
Adrian is a veteran of the direct and digital marketing industry, with more than 15 years of experience. For the last 10 years he is running Interactions, a full-service digital agency which helds an impressive past and present portfolio of brands: Telekom, Audi, Nestle, LG, Hochland, Mega Image and many others from Romania and Europe.
Before Interactions Adrian founded and led the direct and digital division of Ogilvy Group Romania and also worked for 5 years in direct marketing and international outsourcing within Hit Mail Group.
A concrete side-to-side comparison of two alternate realities: before and after marketing automation. A list of common mistakes made by marketeers and how marketing automation can better shape organizational processes. A comparison of Salesforce Marketing Cloud and other automation solutions.
Partner
Wolf Theiss
Maria Maxim is a Partner with Wolf Theiss and the coordinator of the TMT (Technology, Media, Telecom) and Data protection practice in Romania.
During her legal career of nearly 20 years, Maria has implemented numerous data privacy (EU GDPR), anti-trust and compliance programs for major companies and has conducted a number of trainings programmes in her areas of expertise.
She has extensive knowledge of the telecom industry, as prior to joining Wolf Theiss Maria was for 18 years in-house legal counsel of a major telecom company in Romania where she coordinated the litigation, data protection, compliance and Anti – Money Laundering activities. Her impressive experience includes also the position of senior manager, FIDS inside one of the “Big Four” accounting firms in Romania.
Although a major step forward and a continuing improvement process for most of the companies, digitalization brings with it a series of challenges as well as compliance requirements under the General Data Protection Regulation – GDPR.
Most of the companies have made all efforts to put in place new policies, procedures and IT solutions in order to implement the General Data Protection Regulation – GDPR by 25th of May, the date of its application in all European member states, including Romania. However, 25th of May is not an end date, as GDPR is an ongoing process. For most of the companies the challenging part is yet to come and they must ensure that their processes work in practice, otherwise to constantly adapt them. One of the main tools provided by GDPR is the “privacy impact assessment” or “PIA” that needs to be performed in certain cases, especially when the entities decide to implement new technology that involves processing of personal data.
Your organisation can only be compliant if you first prevent security and data protection incidents, and consider from the beginning the GDPR requirements and principles, provided under the umbrella of data protection by design and by default concept. Attend this session to learn how The Data Privacy Impact Assessment can be of help!
IT Security Engineer
Metro Systems
Ex-Investment Banker, Python fan and open source advocate. Constantly learning new technologies looking for breakthroughs. Fan of all things involving big data, security, IoT and human augmentation. Currently working as a Security Engineer during the day and dabbling into DIY hardware at night.
Businesses, governments and everyday people across the world have started incorporating more and more IoT devices in their activities. They are convenient and affordable, but many hide glaring vulnerabilities. This presentation highlights some of the worst and most common offenders. Some spy on you, some send your information away, some offer incriminating evidence to the police and some may even attempt to kill you. Learn how do doubt every smart device you come across and get some pointers on how to test your own devices.
Takeaways:
Cybersecurity Reporter
Moderator
Lucian Constantin is a freelance journalist who has been covering computer security and the hacker culture for over a decade. His work has appeared in many technology publications including Forbes, VICE Motherboard, PCWorld, Computerworld, The Inquirer, Security Boulevard and The New Stack.
Lucian has a bachelor’s degree in political science, but he’s been passionate about computers and cybersecurity from an early age. Before he decided to pursue a career in journalism, he worked as a system and network administrator. He enjoys attending security conferences, talking to technical people and delving into interesting research papers.
Chief Hacking Officer
XEDUCO Institute
Founder and CEO of XEDUCO Institute (formerly INTELPROF), George Dobrea is a cybersecurity expert and a well-known technical instructor delivering consultancy and training programs for military, commercial or public organizations in more than 20 countries. Awarded thirteen times by Microsoft as a Most Valuable Professional (MVP) for Cloud and Datacenter Security and by EC-Council as the ‘Instructor of The Year’ for 2016, 2017 and 2018 he’s a popular speaker at technical conferences including Microsoft Ignite, TechED and Hacker Halted USA.
APT attacks have traditionally been associated with nation-state players. But in the last few years, APT actors have devolved from “fine dining to fast food”. Techniques and tools that were once characterized by a few APT actors have been adopted by dozens of other threat actors, including freelance groups hired by government agencies and organized criminals who are using complex hacking operations to gain access and collect valuable information/intelligence, steal intellectual property, pilfer sensitive financial data and even siphon cash in attacks aimed at banks. The main reason behind this development is the commoditization of advanced toolsets. The Shadow Brokers and Vault 7 leaks, for example, included the source code for high-end tools allegedly developed by the NSA and the CIA, respectively, making them readily available to anyone.
Even if you do patch all your software, the way Equifax didn’t, or you randomize all your passwords, the way most of us don’t, bad actors are going to get past your heavily guarded gate, into your network. And once they do, they’re free to go wild.
To battle the constantly growing and ever-changing scope of threats from APT hackers, AI and machine learning are becoming vital innovations that can hold the key to combating cybercrime.
Even if you do patch all your software, the way Equifax didn’t, or you randomize all your passwords, the way most of us don’t, bad actors are going to get past your heavily guarded gate, into your network. And once they do, they’re free to go wild.
To battle the constantly growing and ever-changing scope of threats from APT hackers, AI and machine learning are becoming vital innovations that can hold the key to combating cybercrime.
Lead Network Security - Solutions Architect
Telekom
Cotiso spent over 15 years as a network security consultant (CCIE – Cisco Certified Internetwork Expert) and trainer (CCSI – Cisco Certified Systems Instructor) for various technology integrators and for various Fortune 500 companies in telco, automotive, banking and pharma industries.He has extensive experience designing, implementing and operating complex and scalable secure networks for large customers and has an in-depth experience with top Network Security vendors.
To be updated soon…
Senior Systems Engineer
Juniper Networks
Istvan Laky is Senior Systems Engineer at Juniper Networks. He started his Juniper carrier more than 10 years ago as service provider network design expert and broaden his experiences towards enterprise architectures and security solutions. He works with multiple territories across Eastern Europe countries.
Founder
Dekeneas
Cybersecurity researcher with 27 years of experience in vulnerability research, malware research, threat analysis, penetration testing and digital forensics, currently acting as security consultant for Romanian National CERT, CERT-RO, and few other entities in the governmental and financial sector, founder and developer of Dekeneas, a Romanian startup based on the idea of detecting complex cyberattacks such as watering holes and cryptojacking, using artificial intelligence in big data environments.
Orange Romania is analyzing large volumes of data using Machine Learning, detecting patterns, anomalies and Advanced Persistent Threats, enhancing resilience to cyber and cyber-physical threats.
Dekeneas is a start-up enrolled this year in Orange Fab, the start-up accelerator program developed by Orange Romania.
Using machine learning, the Dekeneas solution is able to distinguish between potentially malicious scripts and normal scripts and only the potentially malicious ones are ran in a series of sandboxes, this highly reducing the time needed to analyze a website.
Dekeneas is unique because its continuous AI training allows it to constantly learn about new and emerging threats, providing an early response to an on-going attack.
Development & Innovation Manager
Orange
Corporate innovator with over 18 years of experience in the telecom industry, leading Orange’s innovation efforts in working with startups at Orange Fab Romania and coordinating several research projects in the fields of: future internet networks, critical infrastructure security, Wi-Fi offload for cellular data networks and network’s APIs.
Orange Romania is analyzing large volumes of data using Machine Learning, detecting patterns, anomalies and Advanced Persistent Threats, enhancing resilience to cyber and cyber-physical threats
Director of Security Operations
Cybourn
Tiberiu has extensive experience in cyber security in both the public and private sector, managing technology, corporate governance and legislation. He is currently leading the operations of CyBourn’s Bucharest-based Security Operations Center, serving clients across the European Union, leading integrations, monitoring and incident response.
Prior to co-founding CyBourn, he has been part of CERT-RO, Romania’s National Computer Emergency Response team. He has also been part of ENEVO Group an Industrial Internet of Things start-up now active across 3 continents.
Tiberiu holds a MSc from University of Amsterdam on Innovation Management and International Entrepreneurship and a BSc in International Business from Academy of Economic Studies in Bucharest.
In today’s digital world, business performance is directly linked to the well-being of an organization’s cyber space. An effective SOC, either in-house or outsourced, is becoming essential for mid to large companies to ensure business continuity and high performance of their IT infrastructure. Join the session to find out the challenges, recommendations and best practices to effectively monitor and act upon the security of your infrastructure.
Security Advisor
Microsoft
Roger Halbheer is Chief Security Advisor for Microsoft in EMEA. In this role, he acts as a trusted advisor to C-level executives in the commercial and private sectors and has established relationships with industry leaders, security communities and government and intelligence agencies across the world. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and provide expert comment on security issues.
Before re-joining Microsoft in 2018 he was a Managing Director for Accenture Security working in the Austria, Switzerland, Germany region and additionally responsible for the global cybersecurity alliance between Accenture and Microsoft.
Until 2015 he was the Head of Group Security (Chief Security Officer) at Swisscom. He was responsible for the security strategy of the overall Swisscom Group in close collaboration with the group’s companies.
Before, Roger was Microsoft’s Worldwide Chief Security Advisor. He joined Microsoft as the Chief Security Advisor Switzerland and was promoted to Chief Security Advisor Europe, the Middle East and Africa (EMEA) in 2007. From 2010, Roger led Microsoft’s worldwide team of Chief Security Advisors who work with national organizations – including governments, law enforcement and intelligence agencies – on information technology issues and strategies.
To get access on the Security Stage, you need to purchase a Security PRO Pass.
Share this with your collegues.