Raj Samani, Vice President, Chief Technology
Officer (EMEA), McAfee
Raj Samani is an active member of the
Information Security industry, through involvement with numerous
initiatives to improve the awareness and application of security in
business and society. He is currently working as the VP, Chief
Technical Officer for McAfee EMEA, having previously worked as the Chief
Information Security Officer for a large public sector organisation in
the UK and was recently inducted into the Infosecurity Europe Hall of
He volunteers as the Cloud Security
Alliance Chief Innovation Officer, and Special Advisor for the European
CyberCrime Centre, and is on the advisory councils for Infosecurity
Europe, and Infosecurity Magazine. In addition, Raj was previously the
VP for Communications in the ISSA UK Chapter, having presided over the
award for Chapter communications programme of the year 2008, and 2009,
and was inducted into the Infosecurity Europe Hall of Fame 2012.
He previously worked across numerous
public sector organisations, in many cyber security and research
orientated working groups across Europe. Examples include the midata
Interoperability Board, as well as representing DIGITALEUROPE on the
Smart Grids Reference Group established by the European Commission in
support of the Smart Grid Mandate, and is the author of the recent
Syngress books ‘Applied Cyber Security and the Smart Grid’ and "The CSA Guide to Cloud Computing".
Speaker from Europol CyberCrime Centre (EC3)
A senior representative will speak at
the conference on the work that Europol's EC3 is doing to help combat
cybercrime in Europe and internationally. strengthen the European
Union’s law enforcement community response to cybercrime, EC3's brief
was to help protect European citizens and businesses against existing
and future cyber threats.
The creation of a European Cybercrime Centre was a priority in the EU
Security Strategy and strongly backed by European ministers. The
decision to establish EC3 within Europol has meant that existing
expertise has been reallocated and significantly expanded, and new
functions created to focus on the specific tasks given to EC3.
EC3’s specialised Focal Points (FPs) assist EU Member States in tackling
specific forms of cyber criminality: FP Cyborg focuses on cybercrime
that affects critical infrastructure and information systems in the
European Union (EU); FP Twins specialises in combating cybercrime which
causes serious harm to the victim – such as online child sexual
exploitation; and FP Terminal’s area of speciality is in issues
connected to online fraud.
Ms Francesca Bosco, Projects Officer, Emerging Crimes Unit - UNICRI
Ms. Francesca Bosco earned a law degree in International Law and joined UNICRI in 2006 as a member of the Emerging Crimes Unit. She has collaborated on different cybercrime and cybersecurity related projects, both at European and at international level. More recently, Ms. Bosco is researching and developing technical assistance and capacity building programs to counter the involvement of organized crime in cybercrime, as well as on the legal implications and future scenarios of cyberterrorism and cyber war.
Furthermore, she is researching and managing projects on hate speech online and on data protection issues related to automated profiling. She is member of the Advisory Groups on Gender and on Secure Societies in the framework of Horizon2020 and of the Internet Security Expert Group of the EC3.
Co-founder of the Tech and Law Center, advisory board member of the Cybercrime Institute, Francesca is currently a PhD candidate at the University of Milan.
Dr Jessica Barker, Director, J L Barker Ltd
Dr Jessica Barker is an independent
cyber security consultant, focusing on how individuals, institutions and
societies interact with technology and the impact of our changing
relationship with networked information. Jessica's expertise is in the
'human' side of cyber security, and her particular specialisms cover
governance, strategy and policy, compliance and learning and
development. Running her own company, which advises organisations how
they can keep their information safe while getting the most out of it,
Jessica works with a variety of organisations and is known for her
ability to engage everyone from the most senior level of the civil
service and FTSE100 companies to creative workers in small digital
In her free time, Jessica is
passionate about encouraging young people, particularly young women and
girls, to become more engaged with cyber security. She also makes
regular media appearances to discuss current cyber security issues, most
recently on The One Show, BBC Breakfast and Radio 4's Today programme,
and published in The Sunday Times.
Pygmalion versus Golem: why expectations matter in cyber security
awareness and behaviours
This presentation explores the
psychology and sociology of expectations and the ways in which our
attitude to, and expectations of, users influences their likelihood to
adopt cyber security awareness-raising messages. Exploring expectations,
group dynamics and the psychology of fear, this presentation will
discuss how and why we can frame cyber security messages to empower
rather than undermine users and encourage sustainable behaviour change.
Mr. Leon van der Eijk, Dutch Ministry of Defence
-The Honeynet Project
Leon van der Eijk works as a
malware analyst at the Dutch Ministry of Defence. He has around 15 years
of experience in information security. Leon is also heavily involved in
the Honeynet Project and acts as
the project's Chief Public Relations Office.
Honeynet Project is a leading
international non-profit security research organization, dedicated to
investigating the latest attacks and developing open source security
tools to improve Internet security.
Honeypots for DefendersLeon's talk will provide a background to
the Honey Project and details of the research it provides. His talk will
also focus on how organisations can deploy and use honeypots as a
mechanism to better defend their networks by acting as sensors to
Mr. Joshua Goldfarb, Chief Security Strategist –
Enterprise Forensics Group, Fireeye
Josh (Twitter: @ananalytical) is an
experienced cyber security analyst with over a decade of experience
building, operating, and running Security Operations Centers (SOCs).
Josh currently serves as the Chief Security Strategist of the Enterprise
Forensics Group at FireEye. Until its acquisition by FireEye, Josh
served as Chief Security Officer for nPulse Technologies. Prior to
joining nPulse, Josh worked as an independent consultant, applying his
analytical methodology to help enterprises build and enhance their
network traffic analysis, security operations, and incident response
capabilities to improve their information security postures. He has
consulted and advised numerous clients in both the public and private
sectors at strategic and tactical levels.
Earlier in his career, Josh served as
the Chief of Analysis for the United States Computer Emergency Readiness
Team (US-CERT) where he built from the ground up and subsequently ran
the network, endpoint, and malware analysis/forensics capabilities for
Security Operations: Moving to a Narrative-Driven Model
The current security operations model
is an alert-driven one. Alerts contain a snapshot of a moment in time
and lack important context, making it difficult to qualify the true
nature of an alert in a reasonable amount of time. On the other hand,
narratives provide a more complete picture of what occurred and tell the
story of what unfolded over a period of time. Ultimately, only the
narrative provides the required context and detail to allow an
organization to make an educated decision regarding whether or not
incident response is required, and if so, at what level. This talk
presents the Narrative-Driven Model for incident response.
Mr. Sean Rooney, Technical Director - Integrity Solutions
With over 16 years’ experience, Sean plays an integral part in Integrity Solutions’ strategic direction and development. Having implemented key solutions for some of the largest corporates in Ireland & the UK, Sean has a thorough understanding of the practical implications and conceptual effects of ICT security policy and procedures. His certifications include GIAC GSEC, GCED and GSNA. He is widely regarded as one of the most competent ICT Security Specialists in the industry.
Outside of the business, Sean has a keen interest in psychology and human behaviour and is a master practitioner in Neuro-linguistic programming (NLP).
Topic: The Human Element
Talking about “the Insider threat” and viewing people as the weakest link in security are common themes at the moment. But what does that say to those people? Is it empowering? Does it allow them to feel like valued employees? Or is it becoming a self-fulfilling prophesy? Are we creating an environment where the people, are on the one hand our organisation’s greatest asset, and on the other are indeed the weakest link?
In this talk Sean will explore the reasons why people are seen as the weakest link in security, and propose some alterative, more empowering ideas that could make people our greatest ally. Some of the psychological reasons we need to be aware of will be touched on, and some of the ways we can communicate with people will be assessed so we can begin to see them as part of the solution.
Mr. Andrew Hay,
Research Lead & Evangelist – OpenDNS
Andrew Hay is the Research Lead &
Evangelist at OpenDNS where he leads the research efforts for the
company. Prior to joining OpenDNS he was the Director of Applied
Security Research and Chief Evangelist at CloudPassage, Inc. Prior to
that, Andrew served as a Senior Security Analyst for 451 Research's
Enterprise Security Practice (ESP) providing technology vendors, private
equity firms, venture capitalists and end users with strategic advisory
services – including competitive research, new product and go-to-market
positioning, investment due diligence and tactical partnership, and M&A
strategy. Through his work at 451 Research, Andrew was instrumental in
securing tens of millions of dollars in equity investment for numerous
security product vendors. Before joining The 451 Group, Andrew worked in
the Information Security Office (ISO) of the University of Lethbridge,
in Alberta, Canada and, prior to that, at a privately held bank in
Hamilton, Bermuda; in each position, he was responsible for
strategically designing, driving and executing the goals and objectives
of the organization's information security programs. Prior to that,
Andrew served in various roles at Q1 Labs, including Engineering
Manager, Product Manager and finally as the Program Manager responsible
for the entire portfolio of third-party technology partner relationships
Topic: A look at threats facing
Ireland's corner of the Internet
This talk will
explore the threats facing, and originating from, Ireland's IP address
space using DNS queries logged on OpenDNS' network. The suspicious,
malicious, and auspicious traffic will be analyzed, classified, and
presented to give attendees a big picture view of the kinds of threats
affecting Ireland and its people.
Eoin Keary - BCC Risk Advisory / OWASP
Eoin is international board member and
vice chair of OWASP, The Open Web Application Security Project (owasp.org),
and during his time in OWASP he has lead the OWASP Testing and Security
Code Review Guides and also contributed to OWASP SAMM, and the OWASP
Cheat Sheet Series.
Eoin is a well-known technical leader in industry in the area of
software security and penetration testing, and has led global security
engagements for some of the world's largest financial services and
consumer products companies. He was a senior manager, responsible for
penetration testing in EMEA for a “big 4” professional services firm for
4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com)
an Irish company who specialise in secure application development,
advisory, penetration testing, Mobile & Cloud security and training.
Eoin has delivered security training and talks for OWASP to over 600
developers in the past year including events such as RSA (2013), RSA
Europe, OWASP EU (2013), OWASP Dublin 2013.
Rahim Jina - BCC Risk Advisory / OWASP
Rahim is a member of OWASP and has
contributed to many open source security projects over the past 8 years
such as the OWASP Testing and Security Code Review Guides and also OWASP
SAMM. Previously Rahim was a senior consultant at a “big 4” professional
services for and the head of security for a large VoIP/IPT company in
Los Angeles, USA and now works as the Director of information security
for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for
the security architecture of the edgescan.com vulnerability management
Paul Hogan, CTO, Ward Solutions
Paul is a co-founder
and the Chief Technology Officer
with Ward Solutions. As the CTO with Ward Solutions his role centres on
keeping the company up to date with the latest technologies and product
offerings in addition to driving new business development. Paul manages
the relationship with many of Ward Solutions partners, including Aruba,
Microsoft, Cisco, McAfee and Fortinet.
Paul acts as the
company’s ‘Identity and Access Management’ and ‘Cloud Solutions’
evangelist and is heavily involved in all aspects in hybrid, public and
private cloud deployments of IaaS, PaaS, and SaaS solutions having
worked with solutions based on Microsoft private cloud, VMware private
cloud, Amazon Web Services (AWS), Microsoft Azure, GoogleApps and
Office365 for a range of public and private sector clients.
Previous to working
with Ward Solutions, Paul was founder and CEO of Emissary Technologies,
which specialised in Web and mobile performance management solutions
based in Campbell California.
Paul also served as
Staff Officer Networking and Security with the Irish Defence Forces and
CIO of the European Union Monitoring Mission in the former Yugoslavia.
Paul holds the Data
Protection Practitioner Certificate, is a Certified Information Security
Auditor (CISA), a Systems Security Certified Practitioner (SSCP) and has
a number of technical certifications from companies such as Microsoft,
Fortinet, McAfee and Aruba.
Privacy Concerns and Cloud Computing.
One of the primary
threats in cloud computing is the disclosure of hosted data to
unauthorised parties. Unlike an on premise solution where the data owner
(data controller) and the data custodian (data processor) typically work
for the same company, the protection of data in the cloud is more of a
challenge as the ‘data controller’ is the tenant and the ‘data
processor’ is the cloud service provider. As a result Security and data
protection (privacy) are often seen as major barriers to the adoption of
data protection in the cloud the Data Protection Commissioner states
that the key issue is the security of the data. The second issue is the
location of the data – a particular aspect of data security. A related
issue is the requirement for a written contract.
working with personal data adopting a cloud computing model they need to
understand their responsibilities under law and what they can do to
ensure that personal data is safeguarded.
In addition to
technical security controls a key requirement is to have privacy level
agreement as part of, or in addition to a service level agreement.
outlines the threats, the data protection requirements and an approach
to managing the protection of personal data in cloud environments.