During this track, international experts will share practical insights on how to protect internet-connected systems, networks and your business data.
powered by TelekomSee the stage
The agenda is built around the concept of “effective cyber security” with a focus on how to minimize the risk of cyberattacks and how to protect your business and your customers from the unauthorized exploitation of systems, networks and technologies.
Here's what we'll be exploring on the Security Stage
During this track, international experts will share practical insights on how to protect internet-connected systems, networks and your business data.
Find out more about how companies have to rethink their security strategies and what new approaches you have to adopt in order to deal with security issues.
The exploitation of systems vulnerabilities that are responsible for cyberattacks can be avoided. The tools to predict attacks are known and our speakers will focus on them during this track.
Get knowledge from the brightest digital minds.
Martin McKeay is a Senior Security Advocate at Akamai, joining the company in 2011.
Martin is a senior editor of Akamai’s State of the Internet Security Report, Akamai’s report on Security, focusing on DDoS, DNS, Bots, just to name a few of the topics. Martin has represented Akamai in Europe in the past and currently lives in Miami, Fl.
With nearly 20 years experience in the security space and five years of direct Payment Card Industry work, Martin has provided expertise to hundreds of companies. He has spoken at events in the US, Europe, Asia and Australia, including RSA, Black Hat, Defcon and FIRST. He is a member of Europol’s European Cybercrime Center Internet Advisory Committee. He frequently writes for publications such as CSO Online and IBM’s Security Intelligence blog.
When4 Oct - 14:15-15:00
The biggest danger posed by bots and botnets comes from the fact that they’re so ubiquitous. Businesses rely on search engine bots to index their sites so customers can find them. Communication between organizations is increasingly happening through APIs, with terabytes of data being exchanged every minute, no human interaction required. Site monitoring bots allow administrators to keep ahead of surges in traffic and other problems. Quite frankly, much of the current Internet relies on the information bots gather and exchange every day.
But for every benign use of a bot, there exists a darker, malign example. The spiders that index your site are great, except when the data is being used by a competitor for their own pricing. The same APIs that allow for data exchange represent a huge area of vulnerability to credential stuffing botnets. Credential abuse bots are constantly trying to use compromised logins to take over accounts from sites across the globe. And nearly any botnet can generate enough traffic to create a DDoS given the right circumstances, like a botherder who doesn’t know how to configure their own tools.
Join Martin McKeay for a global look at where botnet traffic is coming from and where it’s targeting. We’ll be looking at a year’s worth of research on some of the tools botnets are using to remain stealth, who’s being targeted and where the traffic is heaviest. This talk will examine how botnets are increasingly using Domain Generation Algorithms (DGA) to hide botnet Command and Control (C&C) infrastructures. The threat botnets pose is something all businesses should be concerned with, but retailers should be especially concerned with these often unrecognized attacks.
Alan Goode is the founder and managing director of Goode Intelligence – a cybersecurity research and consulting company.
• 13 years of research and analysis experience
• Seventeen years of management and technology consultancy with experience of strategy and deployment
• Experienced security manager and senior technical consultant:
• Head of Information Security at T-Mobile UK
• Security Practice Manager at Atos Origin
• Head of Digital Security at De La Rue Identity Systems (including biometric passports)
• Security analyst for Citibank (Payments)
• Expert in biometrics, authentication/identity, fraud management and cyber security
• Frequent speaker and conference lead including Judge for GSMA Global Mobile Awards 2012, 2013, 2014, 2015, 2016, 2017 and 2018; speaker on biometrics at Connect ID, Biometrics & Identity Conference 2015 , MoneyConf 2016, ATM & Cyber Security 2017 & 2018 and Lendit Europe 2017.
When3 Oct - 14:00-14:45
Businesses know that passwords are insecure, inconvenient and costly to manage. This presentation looks at password replacements that enable secure, convenient and affordable authentication across a range of devices and use cases – including enterprise and consumer.
Joseph Carson is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls and privileged account management.
Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community frequently speaking at cyber security conferences globally, often being quoted and contributing to global cyber security publications. He is a cyber security advisor to several governments, critical infrastructure, financial, transportation and maritime industries. Joseph is regularly sharing his knowledge and experience giving workshops on vulnerabilities assessments, patch management best practices, the evolving cyber security perimeter and the EU General Data Protection Regulation.
Joseph serves as Chief Security Scientist at Thycotic and author of Privileged Account Management for dummies.
When4 Oct - 16:45-17:30
It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money. This session explains how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security and how a light bulb almost stopped Christmas from happening.
Mr. Barnhart-Magen is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.
He is a member of the BSidesTLV organizing team and recipient of the Cisco “black belt” security ninja honor – the highest cyber security advocate rank and has over 15 years of experience in the cyber-security industry, where he held various positions in both corporates and start-ups.
When4 Oct - 10:00-10:45
Artificial Intelligence (AI) is the newest addition to a crowded IT toolset. In this talk we will explore how intelligent systems add new attack surfaces to the organization, new attack methods and the targets attackers pursue in the AI landscape.
Denis Makrushin is Application Security Team Leader at Ingram Micro.
Formerly, with the Global Research and Analysis Team at Kaspersky Lab was focused on vulnerability research and development of targeted attacks mitigation technologies. Denis has gained diverse experience while working in the cybersecurity area. From the offensive security standpoint he’s been engaged in vulnerability research and penetration testing of corporate infrastructure, network security assessments of banking systems, and he took part in the organization and holding of an international forum on practical security aspects.
He took time to look at the industry from the defense side perspective and built information security processes for critical infrastructure and developing threat intelligence products. He graduated from the Information Security Faculty of the National Research Nuclear University MEPhI (Moscow Engineering Physics Institute).
At this time he is continuing his research project ‘Targeted Attack Detection Based on Game Theory Methods’ as PhD candidate of MEPhI. Denis has presented at many public international security conferences including Defcon, RSA Conference, CARO, BSides, Infosecurity, PHDays, ZeroNights as well as multiple closed door invite-only security events.
When3 Oct - 10:45-11:30
Nobody cares about his smart-home security, and nobody seems to care about smart-city threats that affect billions people. However, what about threats in connected medicine that are able to change the life of a patient?
Based on research of various IoT devices, this session will offer a guide which will answer the following question: how to survive in the connected world?
A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes, in complex global organisations. Passionate about solving real industry problems, cultivating and building teams to deliver on the organisation’s mission, values and goals.
Alongside his role as a Head of Information Security at Bank of Ireland UK, Flavius is also one of the co-founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to shape behaviours and build a risk-aware cyber security culture.
When3 Oct - 12:00-12:45
With Human Errors being the #1 cause of cyber incidents and data breaches, it is now a CISO imperative to tackle behavioural change and focus on building a risk aware cyber security culture. There are multiple drivers behind the rise of behavioural and cultural change as a recognised need within organisations. It reflects the acceptance that how well an organisation performs is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cyber security. There is the recognition that traditional awareness raising campaigns (e.g. CBT, phishing simulations) are not, in themselves, affording sufficient protection against ever evolving cyber-attacks.
• People-related challenges and frustrations the industry is facing (Problem)
• Why a new approach to awareness and culture is required
• Innovative approaches adopted by leading organisations (Solution)
Your organisation can only be secure if you make People your strongest defence. Attend this session to learn how to turn your “weakest link” into your biggest advantage in cyber security!
Balazs Bucsay (@xoreipeip) is a Managing Security Consultant at NCC Group in the United Kingdom who does research and penetration testing for various companies.
He has presented at many conferences around the world including Honolulu, Atlanta, London, Oslo, Moscow, and Vienna on multiple advanced topics relating to the Linux kernel, NFC and Windows security. Moreover he has multiple certifications (CREST CCT, OSCE, OSCP, OSWP, GIAC GPEN) related to penetration testing, exploit writing and other low-level topics; and has degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things in life.
When3 Oct - 15:45-16:15
Hackers do not have a scope nor are interested in risk ratings. On the other hand, nobody wants to be hacked, but it could happen if our risk assessment was not properly done. It is necessary to understand how vulnerabilities are rated, what their meaning is and how could these bugs be exploited. A demo will show how three or more seemingly independent vulnerabilities can be chained together in order to have a bigger impact on a company or on an end-user.
• The demo will bring the audience closer to understand how hacking works
• Will explain how it is possible to chain vulnerabilities
• Will change some minds how risk rating should be handled internally in a company
Pete Herzog is the shining example of a hacker trying to fix the world.
He built a career out of taking apart the security world piece by piece to figure out how it works. You can find articles and projects from him all over the place, especially at the non-profit research organization, The Institute for Security and Open Methodologies (ISECOM), he co-founded in 2001 to help make this happen. There you’ll find his work with the Open Source Security Testing Methodology Manual (OSSTMM), Hacker Highschool, and the Cybersecurity Playbook as well as work in trust metrics, authentication, social engineering, vulnerabilities, risk analysis, and so much more. Pete also teaches training classes, coaches corporations, develops security products, advises start-ups, and hacks things.
When4 Oct - 12:30-13:15
As a security analyst I’ve seen a lot of things. Internet things. Most are some cluster of apps, sensors, mobile devices, web, and cloud. All involve people, both trusted and mostly untrusted. Then they ask me how to secure it. And I do. This is how.
I need less than an hour to show you how to make security that matters for new technologies. This includes how to analyze the security of anything even if you’ve never seen it before or have no idea how it works. This is how to approach it, scope it, analyze it, and ultimately secure it. We don’t need less IoT but better security professionals willing to use their analysis skills to make sure security happens.
Joppe is a cryptographic researcher in the business unit identification at NXP Semiconductors. Previously, he was a post-doctoral researcher in the Cryptography Research Group at Microsoft Research, Redmond, USA.
His research focuses on computational number theory and high-performance arithmetic as used in public-key cryptography. On the one hand, he has an interest in the various mathematical problems used in applied cryptography. Examples include the integer factorization problem and the (elliptic curve) discrete logarithm problem. On the other hand Joppe likes to investigate the different techniques to realize efficient cryptographic implementations on various exotic or embedded architectures.
When3 Oct - 16:45-17:30
The applications of machine learning seem to be endless.
In the Internet of Things era this has the capability to transform how we interact with machines. Examples include autonomous driving, ordering products with simple voice commands and authentication using your face. However, when the machine learning and internet of things combination grows mature so do the attacks against machine learning systems: an attacker can try to steal the machine learning models, circumvent the authentication mechanisms or do physical harm to the user. In this presentation I will show that it is trivial to mount attacks against machine learning models.
Finally, we will outline the consequences and present some of the techniques which can harden against such attacks. With the deployment of machine learning into our everyday life we need to be aware of the security and privacy implications and start to apply the security-by-design paradigm to make these smart machines more robust against practical attacks.
Chris currently works at Lares, prior to that he’s founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.
Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that he managed to get various computers confiscated by a number of European entities.)
When4 Oct - 11:45-12:30
As humans we have four evolutionary paths:
1. We embrace Nanotechnology and Bionanotechnology… we become more dependent upon machines and slowly move towards integration with the systems (we know we’re looking at 80% integration in the next 20 years at least)
2. We embrace consciousness and some of us end up in New Zealand hanging out in an AS/400…bodies no longer needed
3. AI wakes up, looks round wonders WHY humans are in the driving seat and takes over… OR we end up unplugging it and rebooting back to the 1900’s…
4. The stumbling drunk…simply put we keep staring into the abyss and almost falling in, only to somehow manage to come back from the collapse, the challenge is HOW many times can we do this before we simply fall in?
We have to go back and look at the rules we are operating by, we have to HELP those around us, from the users, the managers, the leadership AND the influencers (industry, finance, insurance, etc.)
Security IS NOT an afterthought
• Build it in from the very start of a project!
• Build it like your MOTHER is going to have to use it
• Built it as if I’m going to come and TEAR it to shreds.
• Build it with insight and foresight, this is your baby, don’t make it ugly
• HELP everyone on the project, educate and advise them, show them pictures of your Mother when it comes to user interfaces and more bloody passwords show them pictures of me when it comes to handing credentials etc. Use ALL the resources at your disposal to make something good.
• Make it adaptive and predictive, make it preventative, don’t make it reactive…remember evolution is good, look at the future and build to that.
Security IS a mindset
• Welcome to 2017 the hackers OWN it, can we try to take back 2018 please?
Security IS the differentiator
• Your organizations actually might thank you!
• Your customers WILL thank you!
• Use it to your advantage in marketing.
Vendors need to be held responsible for delivering secure products to ALL their clients ALL the time…not 3 years down the road IF enough people scream.
Integrators need to be held responsible for educating partners AND vendors AND choosing wisely.
Feel like we are flogging a dead horse…but it would be nice for once to NOT break into a company because defaults or outright dumb passwords are being used.
So, there’s some baseline points to build from, something to consider next time a project kicks off or a vendor comes round or the leadership team asks for input.
I hope this helps, I hope this starts the very REAL discussion that needs to happen because if not that tsunami of technology IS going to drown us all.
Maria Maxim is a Partner with Wolf Theiss and the coordinator of the TMT (Technology, Media, Telecom) and Data protection practice in Romania.
During her legal career of nearly 20 years, Maria has implemented numerous data privacy (EU GDPR), anti-trust and compliance programs for major companies and has conducted a number of trainings programmes in her areas of expertise.
She has extensive knowledge of the telecom industry, as prior to joining Wolf Theiss Maria was for 18 years in-house legal counsel of a major telecom company in Romania where she coordinated the litigation, data protection, compliance and Anti – Money Laundering activities. Her impressive experience includes also the position of senior manager, FIDS inside one of the “Big Four” accounting firms in Romania.
When4 Oct - 15:00-15:30
Although a major step forward and a continuing improvement process for most of the companies, digitalization brings with it a series of challenges as well as compliance requirements under the General Data Protection Regulation – GDPR.
Most of the companies have made all efforts to put in place new policies, procedures and IT solutions in order to implement the General Data Protection Regulation – GDPR by 25th of May, the date of its application in all European member states, including Romania. However, 25th of May is not an end date, as GDPR is an ongoing process. For most of the companies the challenging part is yet to come and they must ensure that their processes work in practice, otherwise to constantly adapt them. One of the main tools provided by GDPR is the “privacy impact assessment” or “PIA” that need to be performed in certain cases, especially when the entities decide to implement new technology that implies processing of personal data.
Your organisation can only be compliant if you first prevent security and data protection incidents, and consider from the beginning GDPR requirements and principles, provided under the umbrella of data protection by design and by default concept. Attend this session to learn how The Data Privacy Impact Assessment can be of help!
Ex-Investment Banker, Python fan and open source advocate. Constantly learning new technologies looking for breakthroughs. Fan of all things involving big data, security, IoT and human augmentation. Currently working as a Security Engineer during the day and dabbling into DIY hardware at night.
When3 Oct - 16:15-16:45
Businesses, governments and everyday people across the world have started incorporating more and more IoT devices in their activities. They are convenient and affordable, but many hide glaring vulnerabilities. This presentation highlights some of the worst and most common offenders. Some spy on you, some send your information away, some offer incriminating evidence to the police and some may even attempt to kill you. Learn how do doubt every smart device you come across and get some pointers on how to test your own devices.
To get access on the Security Stage, you need to purchase a Security PRO Pass.
Share this with your collegues.