Dr Jessica Barker, Director, J L Barker Ltd
Dr Jessica Barker explores how
individuals, institutions and societies interact with technology and
information. With a focus on corporate governance and the knowledge
economy, Jessica’s expertise is in the holistic, 'human' side of cyber
security. An experienced interviewer and trainer, Jessica works with a
variety of organisations and is known for her ability to engage with
everyone from the most senior civil servants and FTSE100 boards to
creative workers in small digital agencies.
Cyber Security Attitudes and Behaviours: mind the generation gaps
This presentation is based on primary research exploring the cyber
security attitudes and behaviours of different generations. The paper
explores the way different age groups understand the threats in cyber
space and the extent to which age impacts how people behave online and
are aware of cyber security. Recognising that an organisation is only as
strong as its weakest link, and that no one size fits all, this research
aims to inform those responsible for information security to be aware
of, and mitigate against, generation gaps.
Mr. Peter Warren, Chairman at Cyber Security
Peter is a freelance journalist
specialising in technology, undercover investigations and science
issues. He chairs the Cyber Security Research Institute www.crsi.info,
an independent think tank and edits the Future Intelligence technology
news website ww.futureintelligence.co.uk. His weekly radio show,
PassWord with Peter Warren, reaches an audience of 300,000 on Resonance
104.4FM in central London and can be heard worldwide at
www.resonancefm.com on Wednesdays and Sundays 1530-1600 GMT. Currently
he is working on a report about machine to machine communication (M2M)
for the EU website Netopia. The former technology editor of Scotland on
Sunday and the Sunday Express and an associate producer for BBC2 TV, he
has worked across a variety of media - including the Guardian, the Daily
Mirror, Evening Standard, the Sunday Times, the Sunday Express, Sunday
Business, Channel 4, Sky News, the BBC and specialist magazines. He has
also advised a number of PR agencies on their technology clients. In
1996 Peter was runner-up in the UK Press Gazette Business Awards for
Technology Scoop of the Year. A guest speaker on Technology Ethics to
the European Union’s Information Society Technologies conference in
Helsinki, Peter is an acknowledged expert on computer security issues.
In 2006, Peter won the BT IT Security News story of the year prize for
his work exposing the practice of discarding computer had drives
containing sensitive business and personal data.
In 2007, Peter won the IT Security News story of the year prize again
for work done with Future Intelligence showing that Chinese hackers had
broken into the UK Houses of Parliament.
In 2008 Peter won the BT Enigma Award for services to technology
Mr Gadi Evron, VP Cybersecurity Strategy at
Gadi is widely recognized for his work
in internet security operations, considered the first botnet expert. He
specializes in corporate security, cyber intelligence and cyber crime.
He previously led the PwC Cyber Security Center of Excellence, located
in Israel. Prior to that Gadi was CISO for the Israeli government
Internet operation, founder of the Israeli Government CERT and is a
research fellow at the Yuval Ne`eman Workshop for Science, Technology
and Security, at Tel Aviv University, working on cyber warfare projects.
Gadi authored two books on information security, organizes and chairs
worldwide conferences, and if a frequent lecturer.
Topic: Cyber Counter Intelligence An attacker-based approach with “honey
Eoin Keary - BCC Risk Advisory / OWASP
Eoin is international board member and
vice chair of OWASP, The Open Web Application Security Project (owasp.org),
and during his time in OWASP he has lead the OWASP Testing and Security
Code Review Guides and also contributed to OWASP SAMM, and the OWASP
Cheat Sheet Series.
Eoin is a well-known technical leader in industry in the area of
software security and penetration testing, and has led global security
engagements for some of the world's largest financial services and
consumer products companies. He was a senior manager, responsible for
penetration testing in EMEA for a “big 4” professional services firm for
4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com)
an Irish company who specialise in secure application development,
advisory, penetration testing, Mobile & Cloud security and training.
Eoin has delivered security training and talks for OWASP to over 600
developers in the past year including events such as RSA (2013), RSA
Europe, OWASP EU (2013), OWASP Dublin 2013.
Rahim Jina - BCC Risk Advisory / OWASP
Rahim is a member of OWASP and has
contributed to many open source security projects over the past 8 years
such as the OWASP Testing and Security Code Review Guides and also OWASP
SAMM. Previously Rahim was a senior consultant at a “big 4” professional
services for and the head of security for a large VoIP/IPT company in
Los Angeles, USA and now works as the Director of information security
for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for
the security architecture of the edgescan.com vulnerability management
Topic: Building a shield of security - Vulnerability Management by
the numbers and dumb robots!
This presentation discusses how builders, breakers and defenders should
look at vulnerability management when attempting to keep hackers at
We shall discuss the most common vulnerabilities which are not detected
by security tools and automation but nevertheless they are very common
and can be used to commit real fraud or financial loss.
We shall discuss real statistics and examples from the trenches in
relation to how common such vulnerabilities are found, the impact and
how we mitigate them.
Let’s discuss business logic and authorisation testing, how to approach
and why automation does not work to detect such critical issues.
Why Web Application firewalls are ineffective against such attacks and
why the only real solution is focusing on the application as a logical
The presentation leverages items such as the OWASP Top 10 and Eoin Keary
& Jim Manicos (OWASP Global Board Members) international training.
Robert McArdle EMEA Manager, Forward Looking
Threat Research - Trend Micro
Robert is currently working as the manager of Trend Micro's Forward
Looking Threat Research team in Europe, where he is involved in
analyzing the latest malware threats, specializing in researching the
future threat landscape, Open Source Intelligence (OSINT) and
coordinating investigations with international law enforcement. Robert
is a regular presenter for the press and at security conferences. He
also lectures in Malware Analysis and Cybercrime Investigations on MSc
modules at Cork IT and UCD, and is a trainer for several SANS
qualifications. He worries that his hobby and job are one and the same,
and constantly wonders if "normal" people have that problem. He enjoys
long walks on the beach, puppies, and Guinness.
Topic: Who is really attacking ICS
/ Scada devices?
ICS and SCADA have become two major buzzwords on the security landscape
over the last year or two due to Stuxnet, Flame, and several other
threats and attacks. In some ways the entire SCADA industry suddenly
woke up to the scale of insecurities in systems that are responsible
from everything from supplying our power, to protecting human lives.
As a result a lot of research has been done over the same period into
just now easily an attacker can gain controls of such systems, and the
sort of damage they can carry out when they do. Even for a control panel
of a system supplying water to a whole town, its very possible that it
is accessible from the internet with a login of admin and a password of
123456 (if there is a password at all)
In this talk we will look at some of those issues - but even more so we
will look at WHO is attacking these systems. Based on research Trend
Micro has carried out over the last number of months we have gained very
valuable insight into the sorts of people who are carrying out these
attacks, and results are often surprising.
Sean Newman, Field Product Manager, Sourcefire
Sean is the Field
Product Manager for Sourcefire, now part of Cisco, in EMEA, responsible
for bringing Sourcefire solutions to market and ensuring they meet the
regional requirements. Having worked as an Engineer and a Product
Manager in the Security and Networking industry for over sixteen years,
his extensive experience enables him to effectively address the latest
information security challenges.
It's time to think differently... about security
Dr. Andreas Moser, Senior Security Software
Engineer, Google Inc.
Andreas Moser is currently a Senior
Security Software Engineer at Google Inc. where he develops enterprise
forensics tools like the GRR Response Rig. Before his engagement at
Google, Andreas obtained a PhD in computer security from the Vienna
Technical University for his research on Internet security and dynamic
analysis of malicious code. In his free time he likes to tamper with
code and plays in the occasional capture the flag contest.
Topic: Enterprise scale live
forensics using the GRR Response Rig
In order to perform sound digital forensics investigations in today’s
environments, it is no longer sufficient to simply unplug a computer and
evaluate it later - an investigator has to know how to perform volatile
memory analysis to properly capture all available evidence. However,
acquiring memory snapshots and delivering them through the network to an
analyst is a tedious process and does not scale very well to enterprise
sized networks due to the sheer size of such images.
In this talk, I will show how GRR
Rapid Response (GRR, https://code.google.com/p/grr/) - an advanced open
source distributed enterprise forensics system - can be used to tackle
this problem by enabling an analyst to perform live digital forensics on
enterprise network scale.
I will first give an overview on how
GRR can be used to effectively analyze large networks by applying basic
digital forensics capabilities like searches for digital artifacts (i.e,
suspicious files or registry keys) concurrently to all machines in an
enterprise network. I will show some of the key forensics features we
have built into GRR like Sleuthkit integration which allows raw disk
investigation and elaborate on the system's live memory analysis
features. I will demonstrate how GRR can be utilized to run the
Volatility framework on live memory of a machine under investigation
instead of a static disk image which enables the fleet wide search for
evidence directly in memory. I will also explain some of the general
stability and performance issues that arise when large scale live
forensics systems are used and how GRR overcomes those problems.
This should give a very thorough view
of how this analysis system works and how it can be deployed to enable
those investigative capabilities in your enterprise network using only
free open source
Mr. Jared Carstensen, Enterprise Risk Services,
Jared Carstensen is an internationally
recognised Information Security professional with extensive experience
in Information Security Audits, Data Protection & Privacy, Cyber
Security, Cyber Crime, Cloud Computing, ISO 27001 (Implementation and
Auditing), Business Continuity (BS 25999), Forensic Investigations,
Technical and Security Compliance Requirements, and International Best
Jared is currently the Chairman of the (ISC)2 Ireland Chapter, and is a
regular contributor to the international Information Security community
including the International Information Systems Security Consortium
(ISC)2, Information Systems Audit and Control Association (ISACA),
British Standards Institute (BSI) and the Cloud Security Alliance (CSA).
Jared is an (ISC)2 educational item writer, and material developer for
the internationally recognized SSCP and CISSP credentials, and a regular
contributor to publications such as SC Magazine and PenTest Magazine.
Jared has spoken at over 100 events globally, including various keynote
addresses and guest panel invites.
Mr. Jon McClintock, Manager Application
Jon McClintock has spent 8 of the past
10 years at Amazon, working on various efforts to improve the security
of Amazon's software. He can teach you how to ride a motorcycle, take a
picture, climb anything, bake a pie, jump out of a helicopter, make
music, or juggle clubs. He can tell you how to take a boat to
Antarctica, a train across Sieria, or a camel to the Sahara. But the
most important thing you can learn from him is how to protect customer
Topic Amazon-Scale Application
Traditional application security
involves hands-on deep dives at multiple stages of the development
process. When properly applied, this is effective at making software
reasonably secure. But how does this approach scale to a large
enterprise where thousands of developers are innovating every day? In
this talk, we will explore the processes and approaches that work to
ensure the software that powers the world's largest online retailer is