Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, April 28
 

09:15

Opening
44CON CS Opening

Speakers
avatar for Adrian

Adrian

Event Director, Sense/Net Ltd, Cortex Insight, alien8 Security, Aprire Bicycles


Tuesday April 28, 2015 09:15 - 09:45
1 - Main Speaking Track

09:30

Not following the herd – how to make your voice matter in the corporate world.
In this section Quentyn will look at how to make your voice heard and relevant to in a modern fast paced business. He will look at building a security message and making it count, challenging commonly held perceptions in risk and always being aware of the echo chamber.

Then we would cover

1, how getting in front of the board may not be the path to success some believe it to be
2, How many infosec peoples attitudes to risk are out of kilter with their business
3, How blindly following the infosec herd can be damaging
4, How taking a more business orientated approach is the path to success
5, Risk perception vs reality

Speakers

Tuesday April 28, 2015 09:30 - 10:30
1 - Main Speaking Track

10:30

Digital Shadows
Tuesday April 28, 2015 10:30 - 10:50
4 - Demonstration Area

10:30

Refreshments + Demonstration break
This is a session description

Tuesday April 28, 2015 10:30 - 11:00
Exhibition and Networking Area

11:00

Cyber Myths and Monsters: how to raise awareness and change behaviours
Cyber insecurity often feels like a horror story, and the idea of cyber security an out-of-reach myth. The last year has seen breaches that are bigger, and of a higher profile, than ever before. When we trace these breaches back to their cause, we often find that attackers took advantage of human behaviour, via social engineering, poor password management, gaps in physical security or malicious insiders.

Organisations are increasingly focused on raising cyber security awareness, and the UK government has spent millions of pounds on the Cyber Streetwise campaign, and yet we seem to be making little (if any) progress when it comes to changing behaviours.

This talk argues that, in lots of ways, we are making fundamental mistakes when it comes to our attempts to raise awareness. Combining sociological and psychological research with mythology and classic horror fiction, this talk highlights lessons we can learn in our approach to raising cyber security awareness.

Emphasising ways we can positively engage with users to change behaviours for the better, this talk aims to provoke ideas and discussions that will lead to awareness-raising programmes that are focused on what the user needs to know, and how we should be telling them, to achieve the most impact and make cyber security less of a monster.



Tuesday April 28, 2015 11:00 - 12:00
1 - Main Speaking Track

11:00

Measuring the effectiveness and demonstrating the value of security.

With the constant threat of attack, it is now widely recognized that the need to operationalize and measure the effectiveness of security is paramount in gaining control and reducing risk of exposure. Leslie will discuss best practices on effective metrics and give examples of what measures work and can be applied to your own security program.

Leslie Forbes is a Sales Engineer for Tenable Network Security, engaging with medium and large businesses to understand their requirements for vulnerability management programs and to advise on their deployment strategies. His electronic engineering background and system administration credentials help him quickly grasp the unique challenges in each enterprise. He understands how good security can work with existing processes in all types of organizations. Prior to joining Tenable, Leslie worked for two large multinational anti-virus vendors.


Tuesday April 28, 2015 11:00 - 12:00
2 - Premium Speaking Track

11:00

Breaking In: How to hack your way to a Cybersecurity career, and how to hack it if you already have one
Many people on the red side of the information security fence look at systems all the time and break them. When you walk into a room you’re checking for exits and CCTV cameras. When you get a router or a new digibox from your ISP, you’re sat there wondering what else it does and whether or not you want it on your network. We apply our mindset to most things except people, including ourselves because we’re trained to hack systems.

People are a system. You are a system. Your career is a system.

Whether your starting out or a seasoned pro, you can apply the principles of hacking to your career to raise your career profile, influence the things the matter to you and make better career judgements. From pay rises to CVs, from job applications to interviews. Everything’s open to be hacked, so let’s hack it!

Based on content from my 30 day e-mail course on how to hack your career and my upcoming book, Breaking In: The Pentester’s Hidden Handbook, this workshop will teach you the basics of hacking your career.

In this workshop you will learn how to:

* Hack your CV
* Build a targeted profile for the job you want
* Use OSINT to find the right certs and experiences
* Manage recruiters
* Hack a phone interview
* Hack a face-to-face interview

Over 700 people have learned how to hack their career on my free 30-day career hacking by email course at https://rawhex.com/hack-your-career/. Hacking your career can be the difference between an unrewarding job and the career you want. This workshop is being delivered exclusively for the first time at 44CON Cybersecurity. If you’re not hacking your career, you’re only stealing from your own potential. Book your 44CON tickets now as this workshop is expected to fill up quickly.

Speakers

Tuesday April 28, 2015 11:00 - 12:00
3 - Premium Workshop

11:40

Logically Secure
Tuesday April 28, 2015 11:40 - 12:00
4 - Demonstration Area

12:00

Lunch
Tuesday April 28, 2015 12:00 - 13:00
Exhibition and Networking Area

12:30

PQChat
Speakers

Tuesday April 28, 2015 12:30 - 12:50
4 - Demonstration Area

13:00

Essentials of Incident Response
This workshop aims to cover the three key areas required to build an effective Incident Response capability:-

1. Legal
- Contracts/NDAs/permission to call in other staff/work off site/take IP data away from the network/site.
- Noting that EU/US Privacy/SEC laws/Regulation in play here (Plus IP etc) - as in many IR companies are US based, what do we do about privacy/disclosure/Ip protection.

2. Working with the team
- What to expect when they are onsite - space/access/briefing needs
- Getting the basis together: Points of Contact, Network Schematics,
OS/App deployment info, Barrier info (AV, FW, SIEM, Logs, N/HIPS, Netflow etc).
- What to release to who, when and how - secure methods of communicating with the team, sharing files and getting legal's approval for all this.
- Getting quotes or ROMs for extras like "We will just send this back to the office for off-site malware analysis"
- What does a badly controlled engagement look like? Where does the fault lie?

3. Tech
- What to configure to improve logging fidelity
- Various new MS updates for logins exe hashes, File system journaling, prefetch enabling, shadow copy enabling etc.
- When to call it a day
- What to do afterwards - making the remediation hold
- Maintaining the momentum
- Fixing the problem to prevent the reoccurrence

Speakers

Tuesday April 28, 2015 13:00 - 14:00
2 - Premium Speaking Track

13:00

Presentation and Communication Skills for Security Professionals
How you communicate in meetings, emails, presentations and hallway talks can make the difference between running a successful security program and a struggling one.

I have spent the better part of the last 10 years working on being a better communicator and I would love to share some of the tactics that have (and haven’t) worked for me with you.

Speakers

Tuesday April 28, 2015 13:00 - 14:00
1 - Main Speaking Track

13:40

F-Secure
Tuesday April 28, 2015 13:40 - 14:00
4 - Demonstration Area

14:00

Legal drivers for cyber security
Legal Drivers in Cyber Security: Many or None?

What are the real drivers for Cyber Security? Certainly not the Data Protection legislation, which while theoretically being enforceable with a fine of up to £500,000, is rarely enforced. Most breaches of that legislation go unnoticed, let alone invoke a sanction. Most businesses will retort that they are concerned about their reputation, but does the truth match the perception? Dai explores the dangers of lack of security and what businesses can and do suffer as a result of lack of security.

Criminal sanctions in the form of the Computer Misuse Act, 1990 are examined as is the civil fining regime of the Data Protection legislation. There is also the possibility under this latter data protection legislation for an aggrieved individual to claim damages, but as Dai shows , this also is a theoretical rather than a practical remedy. Dai examines the purely economic risk of “loss of reputation” as well as the special case of businesses falling under the remit of the Financial Conduct Authority.

Dai will also examine the implications of lack of security in the Internet of things and whether there are legislative or other drivers to make the Internet of Things secure.


Speakers
DD

Dai Davis

Dai Davis is a Technology Lawyer. He holds Masters degrees in both Physics and Computer Science. He is a Chartered Engineer and Member of the Institution of Engineering and Technology. Dai has consistently been recommended in the Legal 500 and in Chambers Guides to the Legal Profession. Having been national head of Intellectual Property Law and later national head of Information Technology law at Eversheds for a number of years, Dai... Read More →


Tuesday April 28, 2015 14:00 - 15:00
2 - Premium Speaking Track

14:00

Pitfalls of Public Cyber Data
There are increasingly many data-driven cyber reports published and these are being relied upon to support strategic cyber decision-making in organisations. In order to conduct a meta-analysis of reported cyber data to support the development of a strategic cyber threat assessment at Stroz Friedberg we reviewed the quality of available data and reports. Here we will highlight some of the pitfalls inherent in these sources that should be considered when using them and make some recommendations for the publication of data-driven cyber reports.


Tuesday April 28, 2015 14:00 - 15:00
1 - Main Speaking Track

14:00

Business approach to consumer privacy & ways forward
Every web search, every app and increasingly all our devices are online and tracking where we go and what we do. Many organisations are running privacy campaigns to raise awareness amongst consumers. How do UK businesses approach this ethically? After all, data feeds intelligence and we want to know about customers and even our staff. Some monoliths of the web are waking up to a greater need for transparency about what they do and how they do it. We'll look at different examples, right and wrong ways of engaging with users of your services and try to find some conclusions that are useful for all.

Speakers
TG

Tom Gaffney

Security advisor at F-Secure | Tom has 18 years' experience in the technology sector. He has been a security advisor at F-Secure for six years, helping to contextualise security and the issues surrounding it for consumers, corporates and ISPs.


Tuesday April 28, 2015 14:00 - 15:00
3 - Premium Workshop

15:00

15:10

NCC
Tuesday April 28, 2015 15:10 - 15:30
4 - Demonstration Area

15:30

Law Enforcement and Technology, how is the future looking?
As law enforcement deals with the ever increasing complexities of technological growth; necessary skillsets, technical implementation and legislation can be a stumbling block not just for industry.

It is widely considered that law enforcement are typically well behind the curve when it comes to cyber criminality, and we will look at how that appetite has changed and how industry becomes pivotal to helping the police service fulfil its guardianship status, now that the Internet is firmly in our daily lives.

Please note : this talk will not be available online after the event.  

Speakers

Tuesday April 28, 2015 15:30 - 16:30
1 - Main Speaking Track

15:30

Security from Necessity

How working for Greenpeace has influenced my thoughts on information security.  I set out these ideas and give a small case study showing them in operation. Then open up for discussion on the pros & cons of the approach.


Speakers
JG

Joe Goodings

I am a professional problem solver in information, process, and communications areas as relates to ICT. | I started using technology at an early age as a hobby and have now made a career out of it. | | Highlights have included analysing and programming software for the British legal system; running some of the first courses on 'what is the internet and what can it do' for a further education college; and setting up some of the first internet... Read More →


Tuesday April 28, 2015 15:30 - 16:30
2 - Premium Speaking Track

16:00

CheckSec
Tuesday April 28, 2015 16:00 - 16:20
4 - Demonstration Area

16:30

The current picture (literally) of European Cyber Crime
Kevin will present data from Team Cymru that gives an insight into the current real threats against the UK in conparison to the rest of Europe.

This talk will not be available online later. You need to be there!

Speakers
KW

Kevin Williams

General Manager of TC-UK in Winchester that uses the experience, capability and data feeds of Team Cymru


Tuesday April 28, 2015 16:30 - 17:30
1 - Main Speaking Track

17:30

F-Secure Citizen4 Party & 44CON Gin O'Clock
When the talks and workshops are done it's time for 44CON Gin O'Clock! 

F-Secure have a little party planned - all attendees, speakers and sponsors are welcome! 

Tuesday April 28, 2015 17:30 - 21:30
Exhibition and Networking Area