Find It Before They Do: Being Proactive About IOT Risk Mitigation
Apr 7, 2022 7:30am ‐ Apr 7, 2022 8:30am
Identification: SL2201
In this session, we will discuss techniques for understanding and coping with the increase in attack surface introduced by IOT. We will touch on device-specific techniques such as protocol fuzzing and vulnerability assessment, validation of surrounding defensive systems, and the applicability of digital twins in validation scenarios.
- Learn some proactive steps to uncover vulnerabilities of IOT devices of unknown OS, provenance, and security levels
- Adapt the "defense in depth" practice to a post-laptop world with continuous validation of security infrastructure
CNI Security Benefits from Modern Practices: How-to Guide for Success
Apr 7, 2022 7:30am ‐ Apr 7, 2022 8:30am
Identification: SL2202
The goals of SRE, DevSecOps and security are well-aligned with reliability and protection. Both aim to avoid as many incidents as possible by creating resilient secure systems. DevSecOps and SRE practices and tools can help compliment security objectives. Join this 6point6 and AWS session to find out how you can succeed with CNI security and modern practices
- How modern practices can improve site reliability engineering (SRE).
- How to protect and monitor critical national infrastructure (CNI).
Welcome & Opening Keynote - Unpicking Cyber Security Skills
Apr 7, 2022 8:40am ‐ Apr 7, 2022 9:40am
Identification: SL2203
London Chapter Update
Apr 7, 2022 9:40am ‐ Apr 7, 2022 10:00am
Identification: SL2204
An update from the London Chapter
- To provide an update on the London Chapter's mission, ethos, membership and our vision for the future.
AWS, Azure and GCP Security
Apr 7, 2022 10:30am ‐ Apr 7, 2022 11:20am
Identification: SL2206
AWS, Azure or Google Cloud Platform? Using live demonstrations, we'll compare security services and features for Identity, Private Networking and Content Delivery Networks - across all three clouds:
Identity: cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralised source of identity be architected?
Private Networking: security conscious cloud customers use private networking as part of a defence in depth strategy - how can this be achieved with cloud services such as storage or serverless functions which are Internet facing by default?
Content Delivery Network: how can a web application be presented to global users with low latency and a high level of security?
And we'll wrap up by looking at the implications for organisations thinking about a multi-cloud approach to security.
Identity: cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralised source of identity be architected?
Private Networking: security conscious cloud customers use private networking as part of a defence in depth strategy - how can this be achieved with cloud services such as storage or serverless functions which are Internet facing by default?
Content Delivery Network: how can a web application be presented to global users with low latency and a high level of security?
And we'll wrap up by looking at the implications for organisations thinking about a multi-cloud approach to security.
- Develop knowledge of practical implementation of cloud security principles learnt studying for the (ISC)² CCSP certification
- Compare security services and features across AWS, Azure and GCP with real world practical examples
- Demonstrate an understanding of centralised identity architectures across multiple AWS accounts, Azure subscriptions and GCP projects
Security Awareness: Planning and Delivering a Successful Program
Apr 7, 2022 10:30am ‐ Apr 7, 2022 11:20am
Identification: SL2205
Human is the weakest factor in information security, building their awareness and training them to be able to detect and appropriately respond to threat should be one of the top priorities of every CISO and company. This presentation will help you define your training and awareness needs, to identify and plan awareness raising and knowledge building activities, and will give you some tips, from my personal practice, to develop memorable content.
- to define your training and awareness needs
- to identify and plan awareness raising and knowledge building activities
Supply Chain - Is It the Tail that Wags the Dog?
Apr 7, 2022 11:30am ‐ Apr 7, 2022 12:20pm
Identification: SL2208
We all know that supply chains are getting longer and more complex - the world relies heavily on them and when someone in the chain catches a cold we all sneeze. Industries and businesses has seen them as a way of reducing cost, building efficiency and getting access to goods and services, cybersecurity professionals have seen them as another threat surface. In this session we will explore some of the recent developments and impacts and how they have changed in face of Covid.
How Should We Deal with Users Causing Cyber Breaches?
Apr 7, 2022 11:30am ‐ Apr 7, 2022 12:20pm
Identification: SL2207
People make mistakes. We can train them, we can write policies and procedures, we can run phishing tests, … and we still won’t have wiped out all the person-induced cyber risk from our organisations, because eventually someone will do something they shouldn’t.
So how should we act when this happens? Accept that we can’t stop all attacks all the time, and brush it off as “one of those things”? Go zero-tolerance on cyber error and call it gross misconduct by default? Can we, for that matter, even have a set policy on how we deal with someone doing something wrong?
- To show, by way of real-world examples, the benefits of working with users who make mistakes rather than using policies as blunt instruments and punishing by default.