Home
About IRISS
Services
Subscribe
Sponsors
IRISSCON
Challenge
Media Coverage
Useful Links
Contact Us
RFC_2350
Privacy
Disclaimer

IRISSCERT Cyber Crime Conference

The 6th IRISSCERT Cyber Crime Conference will be held this year on Thursday the 20th of November 2014 in the D4Berkley Court Hotel, in Ballsbridge Dublin.  This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats.

Experts on various aspects of cyber crime and cyber security share their thoughts and experiences with attendees, while a number of panel sessions will provide the opportunity to discuss the issues that matter most.

The conference is open to anyone with responsibility for securing their business information assets. There is a nominal fee of €25 per person attending to cover the costs of catering and other organisational expenses

The IRISSCERT Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.

In parallel to the conference, IRISSCERT also hosts Ireland's premier Cyber Security Challenge. The Cyber Security Challenge allows Ireland's top cyber security experts to compete against each other in a controlled environment to see who will be the first to exploit weaknesses in a number of systems and declare victory. The purpose of the competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.

Registration is now open here.

 

Speaker Lineup

Raj Samani, Vice President, Chief Technology Officer  (EMEA),  McAfee

Raj Samani is an active member of the Information Security industry, through involvement with numerous initiatives to improve the awareness and application of security in business and society.  He is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK and was recently inducted into the Infosecurity Europe Hall of Fame (2012).

He volunteers as the Cloud Security Alliance Chief Innovation Officer, and Special Advisor for the European CyberCrime Centre, and is on the advisory councils for Infosecurity Europe, and Infosecurity Magazine.  In addition, Raj was previously the VP for Communications in the ISSA UK Chapter, having presided over the award for Chapter communications programme of the year 2008, and 2009, and was inducted into the Infosecurity Europe Hall of Fame 2012.

He previously worked across numerous public sector organisations, in many cyber security and research orientated working groups across Europe.  Examples include the midata Interoperability Board, as well as representing DIGITALEUROPE on the Smart Grids Reference Group established by the European Commission in support of the Smart Grid Mandate, and is the author of the recent Syngress books ‘Applied Cyber Security and the Smart Grid’ and "The CSA Guide to Cloud Computing".

Speaker from Europol CyberCrime Centre (EC3)

A senior representative will speak at the conference on the work that Europol's EC3 is doing to help combat cybercrime in Europe and internationally. strengthen the European Union’s law enforcement community response to cybercrime, EC3's brief was to help protect European citizens and businesses against existing and future cyber threats.

The creation of a European Cybercrime Centre was a priority in the EU Security Strategy and strongly backed by European ministers. The decision to establish EC3 within Europol has meant that existing expertise has been reallocated and significantly expanded, and new functions created to focus on the specific tasks given to EC3.

EC3’s specialised Focal Points (FPs) assist EU Member States in tackling specific forms of cyber criminality: FP Cyborg focuses on cybercrime that affects critical infrastructure and information systems in the European Union (EU); FP Twins specialises in combating cybercrime which causes serious harm to the victim – such as online child sexual exploitation; and FP Terminal’s area of speciality is in issues connected to online fraud.

 

Ms Francesca Bosco, Projects Officer, Emerging Crimes Unit - UNICRI

Ms. Francesca Bosco earned a law degree in International Law and joined UNICRI in 2006 as a member of the Emerging Crimes Unit. She has collaborated on different cybercrime and cybersecurity related projects, both at European and at international level. More recently, Ms. Bosco is researching and developing technical assistance and capacity building programs to counter the involvement of organized crime in cybercrime, as well as on the legal implications and future scenarios of cyberterrorism and cyber war.

Furthermore, she is researching and managing projects on hate speech online and on data protection issues related to automated profiling. She is member of the Advisory Groups on Gender and on Secure Societies in the framework of Horizon2020 and of the Internet Security Expert Group of the EC3.

Co-founder of the Tech and Law Center, advisory board member of the Cybercrime Institute, Francesca is currently a PhD candidate at the University of Milan.

Dr Jessica Barker, Director, J L Barker Ltd

Dr Jessica Barker is an independent cyber security consultant, focusing on how individuals, institutions and societies interact with technology and the impact of our changing relationship with networked information. Jessica's expertise is in the 'human' side of cyber security, and her particular specialisms cover governance, strategy and policy, compliance and learning and development. Running her own company, which advises organisations how they can keep their information safe while getting the most out of it, Jessica works with a variety of organisations and is known for her ability to engage everyone from the most senior level of the civil service and FTSE100 companies to creative workers in small digital agencies.

In her free time, Jessica is passionate about encouraging young people, particularly young women and girls, to become more engaged with cyber security. She also makes regular media appearances to discuss current cyber security issues, most recently on The One Show, BBC Breakfast and Radio 4's Today programme, and published in The Sunday Times.

Topic: Pygmalion versus Golem: why expectations matter in cyber security awareness and behaviours
This presentation explores the psychology and sociology of expectations and the ways in which our attitude to, and expectations of, users influences their likelihood to adopt cyber security awareness-raising messages. Exploring expectations, group dynamics and the psychology of fear, this presentation will discuss how and why we can frame cyber security messages to empower rather than undermine users and encourage sustainable behaviour change.

 

Mr. Leon van der Eijk, Dutch Ministry of Defence -The Honeynet Project

Leon van der Eijk works as a malware analyst at the Dutch Ministry of Defence. He has around 15 years of experience in information security. Leon is also heavily involved in the Honeynet Project and acts as the project's Chief Public Relations Office.  

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.

Topic: Honeypots for Defenders

Leon's talk will provide a background to the Honey Project and details of the research it provides. His talk will also focus on how organisations can deploy and use honeypots as a mechanism to better defend their networks by acting as sensors to potential attacks.

Mr. Joshua Goldfarb, Chief Security Strategist – Enterprise Forensics Group, Fireeye

Josh (Twitter: @ananalytical) is an experienced cyber security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as the Chief Security Strategist of the Enterprise Forensics Group at FireEye. Until its acquisition by FireEye, Josh served as Chief Security Officer for nPulse Technologies. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels.

Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT
 

Topic: Security Operations: Moving to a Narrative-Driven Model

The current security operations model is an alert-driven one.  Alerts contain a snapshot of a moment in time and lack important context, making it difficult to qualify the true nature of an alert in a reasonable amount of time.  On the other hand, narratives provide a more complete picture of what occurred and tell the story of what unfolded over a period of time.  Ultimately, only the narrative provides the required context and detail to allow an organization to make an educated decision regarding whether or not incident response is required, and if so, at what level.  This talk presents the Narrative-Driven Model for incident response.

Mr. Sean Rooney, Technical Director - Integrity Solutions

With over 16 years’ experience, Sean plays an integral part in Integrity Solutions’ strategic direction and development. Having implemented key solutions for some of the largest corporates in Ireland & the UK, Sean has a thorough understanding of the practical implications and conceptual effects of ICT security policy and procedures. His certifications include GIAC GSEC, GCED and GSNA. He is widely regarded as one of the most competent ICT Security Specialists in the industry. Outside of the business, Sean has a keen interest in psychology and human behaviour and is a master practitioner in Neuro-linguistic programming (NLP).

Topic: The Human Element

Talking about “the Insider threat” and viewing people as the weakest link in security are common themes at the moment. But what does that say to those people? Is it empowering? Does it allow them to feel like valued employees? Or is it becoming a self-fulfilling prophesy? Are we creating an environment where the people, are on the one hand our organisation’s greatest asset, and on the other are indeed the weakest link? In this talk Sean will explore the reasons why people are seen as the weakest link in security, and propose some alterative, more empowering ideas that could make people our greatest ally. Some of the psychological reasons we need to be aware of will be touched on, and some of the ways we can communicate with people will be assessed so we can begin to see them as part of the solution.

Mr. Andrew Hay, Research Lead & Evangelist – OpenDNS

Andrew Hay is the Research Lead & Evangelist at OpenDNS where he leads the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. Prior to that, Andrew served as a Senior Security Analyst for 451 Research's Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through his work at 451 Research, Andrew was instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors. Before joining The 451 Group, Andrew worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda; in each position, he was responsible for strategically designing, driving and executing the goals and objectives of the organization's information security programs. Prior to that, Andrew served in various roles at Q1 Labs, including Engineering Manager, Product Manager and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships

Topic: A look at threats facing Ireland's corner of the Internet

This talk will explore the threats facing, and originating from, Ireland's IP address space using DNS queries logged on OpenDNS' network. The suspicious, malicious, and auspicious traffic will be analyzed, classified, and presented to give attendees a big picture view of the kinds of threats affecting Ireland and its people.


Eoin Keary - BCC Risk Advisory / OWASP

Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series.
Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training.
Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.

Rahim Jina - BCC Risk Advisory / OWASP

Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.
 

Paul Hogan, CTO, Ward Solutions

Paul is a co-founder and the Chief Technology Officer with Ward Solutions. As the CTO with Ward Solutions his role centres on keeping the company up to date with the latest technologies and product offerings in addition to driving new business development. Paul manages the relationship with many of Ward Solutions partners, including Aruba, Microsoft, Cisco, McAfee and Fortinet.

Paul acts as the company’s ‘Identity and Access Management’ and ‘Cloud Solutions’ evangelist and is heavily involved in all aspects in hybrid, public and private cloud deployments of IaaS, PaaS, and SaaS solutions having worked with solutions based on Microsoft private cloud, VMware private cloud, Amazon Web Services (AWS), Microsoft Azure, GoogleApps and Office365 for a range of public and private sector clients.

Previous to working with Ward Solutions, Paul was founder and CEO of Emissary Technologies, which specialised in Web and mobile performance management solutions based in Campbell California.

Paul also served as Staff Officer Networking and Security with the Irish Defence Forces and CIO of the European Union Monitoring Mission in the former Yugoslavia.

Paul holds the Data Protection Practitioner Certificate, is a Certified Information Security Auditor (CISA), a Systems Security Certified Practitioner (SSCP) and has a number of technical certifications from companies such as Microsoft, Fortinet, McAfee and Aruba.

Topic: Data Privacy Concerns and Cloud Computing.

One of the primary threats in cloud computing is the disclosure of hosted data to unauthorised parties. Unlike an on premise solution where the data owner (data controller) and the data custodian (data processor) typically work for the same company, the protection of data in the cloud is more of a challenge as the ‘data controller’ is the tenant and the ‘data processor’ is the cloud service provider.  As a result Security and data protection (privacy) are often seen as major barriers to the adoption of cloud computing.

When considering data protection in the cloud the Data Protection Commissioner states that the key issue is the security of the data. The second issue is the location of the data – a particular aspect of data security. A related issue is the requirement for a written contract.

For organisations working with personal data adopting a cloud computing model they need to understand their responsibilities under law and what they can do to ensure that personal data is safeguarded.

In addition to technical security controls a key requirement is to have privacy level agreement as part of, or in addition to a service level agreement.

This presentation outlines the threats, the data protection requirements and an approach to managing the protection of personal data in cloud environments.

Éireann Leverett, Senior Security Researcher, IOActive Inc.

Éireann Leverett hates writing bios in the third person. He once placed second in an Eireann Leverett impersonation contest. He likes teaching the basics, and learning the obscure. He is sometimes jealous of his own moustache for being more famous than he is. If he could sum up his life in one sentence; he wouldn't. That would be a life-sentence!

He is primarily known for smashing the myth of the air-gap in industrial systems with his master's thesis, finding authentication bypasses for industrial ethernet switches, and working with incident response teams to improve their understanding of industrial control systems security. He believes security takes an awful lot more than penetration-testing and speaks often about the wider effects of embedded system insecurity.

Topic: Not Safe For Work

Conference Sponsors

Thanks to the generosity of our sponsors IRISS is able to host this event. The following organisations kindly lent their support to our conference;

MEDIA SPONSORS


Help Net Security has been a prime resource for information security news since 1998. The site is updated daily with fresh content including interesting articles, information on new product releases, latest industry news and more. Besides reading daily news coverage, you can download all of the issues of our digital (IN)SECURE Magazine.

 

Should you or your company be interested in sponsoring the upcoming event or sponsoring IRISS please send an email for info@iriss.ie for our sponsorship pack.


Home ] About IRISS ] Services ] Subscribe ] Sponsors ] [ IRISSCON ] Challenge ] Media Coverage ] Useful Links ] Contact Us ] RFC_2350 ] Privacy ] Disclaimer ]