SECURE London | 2022

Apr 7, 2022 ‐ Apr 7, 2022



Sessions

Concurrent Sessions (Select One)

Apr 7, 2022 8:30am ‐ Apr 7, 2022 9:30am

Identification: 001


CNI Security Benefits from Modern Practices: How-to Guide for Success

Apr 7, 2022 8:30am ‐ Apr 7, 2022 9:30am

Identification: SL2202

The goals of SRE, DevSecOps and security are well-aligned with reliability and protection. Both aim to avoid as many incidents as possible by creating resilient secure systems. DevSecOps and SRE practices and tools can help compliment security objectives. Join this 6point6 and AWS session to find out how you can succeed with CNI security and modern practices

Learning Objectives:
  • How modern practices can improve site reliability engineering (SRE).
  • How to protect and monitor critical national infrastructure (CNI).
Speaker(s):

Find It Before They Do: Being Proactive About IOT Risk Mitigation

Apr 7, 2022 8:30am ‐ Apr 7, 2022 9:30am

Identification: SL2201

In this session, we will discuss techniques for understanding and coping with the increase in attack surface introduced by IOT. We will touch on device-specific techniques such as protocol fuzzing and vulnerability assessment, validation of surrounding defensive systems, and the applicability of digital twins in validation scenarios.

Learning Objectives:
  • Learn some proactive steps to uncover vulnerabilities of IOT devices of unknown OS, provenance, and security levels
  • Adapt the "defense in depth" practice to a post-laptop world with continuous validation of security infrastructure
Speaker(s):

Welcome & Opening Keynote - Unpicking Cyber Security Skills

Apr 7, 2022 9:40am ‐ Apr 7, 2022 10:40am

Identification: SL2203

Speaker(s):

London Chapter Update iconLondon Chapter Update

Preview Available

London Chapter Update

Apr 7, 2022 10:40am ‐ Apr 7, 2022 11:00am

Identification: SL2204

An update from the London Chapter

Learning Objective:
  • To provide an update on the London Chapter's mission, ethos, membership and our vision for the future.
Speaker(s):

Concurrent Sessions (Select One)

Apr 7, 2022 11:30am ‐ Apr 7, 2022 12:20pm

Identification: 002


AWS, Azure and GCP Security iconAWS, Azure and GCP Security

Preview Available

AWS, Azure and GCP Security

Apr 7, 2022 11:30am ‐ Apr 7, 2022 12:20pm

Identification: SL2206

AWS, Azure or Google Cloud Platform? Using live demonstrations, we'll compare security services and features for Identity, Private Networking and Content Delivery Networks - across all three clouds:

Identity: cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralised source of identity be architected?

Private Networking: security conscious cloud customers use private networking as part of a defence in depth strategy - how can this be achieved with cloud services such as storage or serverless functions which are Internet facing by default?

Content Delivery Network: how can a web application be presented to global users with low latency and a high level of security?

And we'll wrap up by looking at the implications for organisations thinking about a multi-cloud approach to security.

Learning Objectives:
  • Develop knowledge of practical implementation of cloud security principles learnt studying for the (ISC)² CCSP certification
  • Compare security services and features across AWS, Azure and GCP with real world practical examples
  • Demonstrate an understanding of centralised identity architectures across multiple AWS accounts, Azure subscriptions and GCP projects
Speaker(s):

Security Awareness: Planning and Delivering a Successful Program

Apr 7, 2022 11:30am ‐ Apr 7, 2022 12:20pm

Identification: SL2205

Human is the weakest factor in information security, building their awareness and training them to be able to detect and appropriately respond to threat should be one of the top priorities of every CISO and company. This presentation will help you define your training and awareness needs, to identify and plan awareness raising and knowledge building activities, and will give you some tips, from my personal practice, to develop memorable content.

Learning Objectives:
  • to define your training and awareness needs
  • to identify and plan awareness raising and knowledge building activities
Speaker(s):

Supply Chain - Is It the Tail that Wags the Dog?

Apr 7, 2022 12:30pm ‐ Apr 7, 2022 1:20pm

Identification: SL2208

We all know that supply chains are getting longer and more complex - the world relies heavily on them and when someone in the chain catches a cold we all sneeze. Industries and businesses has seen them as a way of reducing cost, building efficiency and getting access to goods and services, cybersecurity professionals have seen them as another threat surface. In this session we will explore some of the recent developments and impacts and how they have changed in face of Covid.

Speaker(s):

How Should We Deal with Users Causing Cyber Breaches?

Apr 7, 2022 12:30pm ‐ Apr 7, 2022 1:20pm

Identification: SL2207

People make mistakes. We can train them, we can write policies and procedures, we can run phishing tests, … and we still won’t have wiped out all the person-induced cyber risk from our organisations, because eventually someone will do something they shouldn’t.

So how should we act when this happens? Accept that we can’t stop all attacks all the time, and brush it off as “one of those things”? Go zero-tolerance on cyber error and call it gross misconduct by default? Can we, for that matter, even have a set policy on how we deal with someone doing something wrong?

Learning Objective:
  • To show, by way of real-world examples, the benefits of working with users who make mistakes rather than using policies as blunt instruments and punishing by default.
Speaker(s):