Home
Up
About IRISS
Services
Subscribe
Sponsors
Challenge
Media Coverage
Useful Links
Contact Us
RFC_2350
Privacy
Disclaimer

IRISS Conference 2009

IRISS held its first annual conference on the 19th of November 2009 at the D4 Berkley Court hotel.  This all day conference focused on providing attendees with an overview of the cyber threats facing businesses in Ireland and what they can do to help deal with those threats.

Experts on various aspects of cyber crime and cyber security shared their thoughts and experiences while a number of panel sessions provided the opportunity to discuss the issues that mattered most. 

The agenda for the day was as follows;

Time

Speaker

Organisation

Topic

09:00 Registration IRISS Registration
09:20 Brian Honan IRISS Overview of the First Year of IRISS
09:50 Detective Inspector Paul Gillen An Garda Siochana Computer Crime Unit Cyber Crime in Ireland as Seen By An Garda Siochana
10:30 Mark Hillick IRISS

"Scareware traversing the World." - Mark will discuss how the successful exploit of Irish websites resulted in scareware being downloaded to end-user systems. He will also explain the infrastructure between this particular scareware and how IRISS were able to respond to resolve the incident.

11:00 COFFEE BREAK COFFEE BREAK COFFEE BREAK
11:20 Terry Neal The SANS Institute The Three Faces of Cyber Crime: the techniques they use, how they hurt people at home and at their jobs, and the top things you can do to keep them from hurting you.  This fast paced briefing introduces you to the organized crime groups, the terrorist groups and the nation-state military groups that are actively exploiting human and computer errors - showing what each is after and how successful they are. 

We then turn to the most interesting and damaging new types of attacks they are using - each illustrated with specific real attacks. Once you understand the attacks, we focus more directly on just how they affect individuals - their bank accounts, trading accounts, peace of mind, and their job security.

Finally we look at the three ways that these attacks can best be thwarted.

12:00 Marco Thorbruegge ENISA Overview of ENISA and CERTs in Europe
12:40 Panel Session Panel Session Panel Session
13:00 LUNCH LUNCH LUNCH
14:00 Peter Wood First Base Technologies The Social Engineering Hack
14:40 Billy Hawkes Data Protection Commissioner Data Protection
15:20 COFFEE BREAK COFFEE BREAK COFFEE BREAK
15:30 Eoin Keary OWASP "Secure development (for a secure planet)." -

Eoin shall discuss the merits of secure application development, integration of security into the development lifecycle, touching on code review and penetration testing. Examine the tradeoffs between runtime testing and static code review and the benefits of performing a 360 review. He shall also discuss at some simple solutions in order to make an application more secure.

16:10 Ian Cook Team Cymru  
16:50 Brian Honan CLOSE CLOSE
17:00 Networking Event Networking Event Networking Event

The following speakers addressed the conference;

Billy Hawkes

Billy Hawkes is the Data Protection Commissioner, having been appointed by the Government in July 2005 for a 5-year term.  Prior to his appointment, he worked as a civil servant in various government departments, most recently Finance, Enterprise, Trade & Employment and Foreign Affairs.

Peter Wood - Chief Of Operations - First Base Technologies

Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking techniques and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics. He has also been rated the British Computer Societyís number one speaker.  Peter serves on the ISACA conference committee for the Information Security Management Conference and Network Security Conference in both the US and Europe, as well as speaking at both events.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. Peterís board-level responsibilities have included sales, marketing and technical roles, giving him a broad industry view.

Peter founded First Base Technologies in May 1989 as a services-only consultancy, providing security testing and audit services to clients including B&Q, Bradford & Bingley, Co-operative Group, the Learning & Skills Council, Skipton Building Society and Xchanging. Peter has hands-on technical involvement in the firm on a daily basis, working in areas as diverse as penetration testing, social engineering and skills transfer.

Peter is a Fellow of the British Computer Society and a Chartered IT Professional. He is a member of the BCS Register of Security Specialists and a CISSP. He is also a member of ACM, IEEE, IISP, IMIS, ISACA, ISSA and Mensa.

Detective Inspector Paul Gillen - Head National Computer Crime Unit - An Garda Siochana

Detective Inspector Paul Gillen is the head of the Computer Crime Investigation Unit (CCIU), a specialised unit within the Garda Bureau of Fraud Investigation charged with investigating computer-related crime. Paul is also head of the Garda National Fraud Assessment Unit at the Garda Bureau of Fraud Investigation. A member of the force since 1983, he has been working in the area of Computer Crime investigation since 1996.  Paul holds a Master of Science degree from the School of Computer Science & Informatics at UCD.

He is the head of delegation for Ireland on the Interpol Working party on IT crime - Lyon and also head of delegation for Ireland on the Europol expert group on cybercrime - The Hague. Paul has been nominated as chair of the Europol Cybercrime Training sub group which develops policy on training of hi-tech crime investigators across all EU member states.

Paul was the project manager on a Falcone Project co-funded by the EU Commission and the Irish Department of Justice of Equality and Law reform. This project published three reports; one of which outlined the requirement for the development of cybercrime training for specialist investigators within the EU.

Paul is currently also the project manager on a further AGIS co-funded project which has developed and delivered academically accredited training for cyber crime investigators across the EU.

Paul is also the chairman of the academic advisory board for a newly founded MSc degree for law enforcement cybercrime investigators internationally at University College Dublin.

Paul is the chairman of the Europol Cyber Crime Experts training Sub Group in The Hague in 2006.

Marco Thorbruegge - Senior Senior Expert Computer Security and Incident Response  - ENISA

Marco Thorbruegge is Senior Expert for Computer Security and Incident Response at ENISA. Before joining the agency he was the team-leader at DFN-CERT, the emergency response team for the German research network.

Before that time he worked as a freelance IT security journalist and as a system administrator for a big German computing centre.

Marco Thorbruegge served his country as an officer for twelve years before that; during this time he absolved a study of computer science at the University of the Federal Armed Forces in Munich.

Ian Cook - Lead Security Evangelist - Team Cymru

Ian Cook is renowned worldwide as a leader in the field of Information Technology Security and as a security research and intelligence analyst.  He has worked, among others, for Barclays Bank, Citigroup, Saudi American Bank, Pentest Ltd, and Merrill Lynch, where he set up a Cyber Intelligence Unit to pioneer the application of Government intelligence procedures in the corporate sector.

Ian is Team Cymruís lead security evangelist, and has responsibility for extending partnerships, creating and distributing news feeds, orchestrating the Teamís conference participation, and introducing new ideas to its suite of community services.

Team Cymru was founded by Rob Thomas as an Internet Security think-tank in 1998, and officially incorporated in 2004. Team Cymru is dedicated to making the Internet more secure. Team Cymru tracks malicious Internet activity worldwide in order to help organisations identify and eradicate problems in their networks. Team Cymru also delivers select security consulting services in areas such as network architecture and design, forensics, intrusion investigations, and specialised training.

Mark Hillick - Incident Handler - IRISS

Mark Hillick has 9 years experience in relation Internet, networking, systems administration and security engineering. He is the team lead of AIB's Internet team, where he is responsible for designing, building and securing the Internet Infrastructure. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS, Ireland's first national CSIRT, where he is also a Volunteer Incident Handler.

Through his SANS certifications, Mark has become a member of the SANS GIAC Alumni and GIAC Advisory Board and used the knowledge gained there to design and build HackEire, Ireland's first Cyber Security Challenge.

Eoin Keary - OWASP

Eoin Keary is lead technical senior manager for Ernst & Young's Attack and Penetration team for EMEIA. He is chair of the Irish Chapter of OWASP (The Open Web Application Project), lead author of the OWASP Code Review Guide and active contributor to the OWASP Software Assurance Maturity Model  (SAMM) and the OWASP Application Security Verification Standard (ASVS).

Eoin has over 12 years experience in relation to application development and security focusing on secure development practices and application penetration testing.

In parallel to the above speaking sessions Ireland's first Cyber Security Challenge, HackEire, was held to identify Ireland's top cyber security experts.  HackEire saw 10 teams, up to a maximum of four people per team, compete against each other in a controlled environment to see which team would be the first to exploit weaknesses in a number of systems and declare victory.  The purpose of the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.

The conference was open to anyone with the responsibility for securing their business information assets.  There was no charge for those who wished to attend.

The IRISS Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.


Home ] Up ] About IRISS ] Services ] Subscribe ] Sponsors ] Challenge ] Media Coverage ] Useful Links ] Contact Us ] RFC_2350 ] Privacy ] Disclaimer ]