Ireland COSAC Connect Melbourne

Welcome to COSAC - Conferencing the way it should be!


For 27 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Due to the ongoing global pandemic, COSAC 2020 in Ireland has been postponed. COSAC will return in 2021.

Thursday 1st October 2020

09:00 - 09:30 Delegate Registration & Coffee

09:30 15S: From an Inside-out View to an Outside only View: the Security Architect Profession after 2 years of Sabbatical. Speaker(s): Marc Verboven

Marc Verboven

Security Architect, ING (Belgium)

Marc Verboven is an experienced IT Security Architect with over 30 years of experience. After working for Dow Chemical, IBM and startups in Belgium, always in the area of IT Security, he joined ING Belgium in 2003. Since then he mainly worked on projects in the area of Retail & Commercial Banking Channels, acting both as a security & application architect. Since 2006 Marc is member of the Enterprise Architecture group of ING with continued focus on the area of Risk & Security.
X
 

This talk is about the experience and lessons learned of a seasoned and highly qualified enterprise security architect after being put on hold by the organization that you have devoted so much of your creative energy to.

In the spirit of Cosac the talk will be highly interactive, challenging both the audience and the speaker, by giving the rollercoaster of emotions and ideas that you go through when you are more or less forced into ‘early retirement’. The goal is not to tell a negative story but give valuable insight and reflections on what happens to you when you have no longer an outlet for your professional creativity as a security professional.

Some of the topics that will be put forward are:

- What is your real value for the company, why did the company hired you in the first place?

- Should you try to find a comparable function in another company or try to reuse your experience in a complete other domain; maybe really make the world more secure & safe?

09:30 15A: Dealing with BS: Adversity and the Security Practitioner Speaker(s): William Schultz

William Schultz

Associate Director, Vanderbilt University Medical Centre (USA)

Bill Schultz is a practicing security architect who has worked in the Information Technology field for over 16 years, with the past 12 focused on Enterprise Architecture, Security Architecture, Risk Management, and Compliance. Bill has built security programs, risk management programs, and developed strategic organizational architectures and technical system architectures. Bill has led multiple risk management and security architecture initiatives.
X
 

Let’s face it, things don’t always go the way we plan. Being a security practitioner is difficult enough with the constant evolution of threats and attackers, and an everchanging IT landscape. It also doesn’t help that there are so many other ways that things can go wrong. Budget cuts, personnel changes, organizational changes, competing agendas, simple miscommunications. Shit happens. We also deal with other challenges like figuring out where to start, getting organizational buy in, training up teams, and working with others who are involved in or control other parts of the process. These are a few examples of adversity that we face, and that as Security professionals we must be prepared and able to deal with if we want to be successful. In this session we will discuss strategies for coping when things don’t go as planned. We will discuss several real scenarios, including what worked and didn’t work, and we will engage as a group to discuss other approaches and experiences.

09:30 15B: Digital Twins – Architecture and Security Implications Speaker(s): Hugh Boyes

Hugh Boyes

Principal Engineer, University of Warwick (UK)

Hugh Boyes is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology (IET) and holds the CISSP. He divides his time between working as a Principal Engineer at the University of Warwick and undertaking cyber security consultancy assignments. Hugh is a Member of the Register of Security Engineers and Specialists (RSES).
X
 

The concept of creating a digital twin of a cyber-physical entity is gaining considerable coverage, with significant hype regarding the potential benefits a digital twin can offer. This session will explore the concept and history of digital “twins”. They are not as new or novel as the media coverage suggests. However, Gartner reports that leading digital governments are exploring the concept of digital twins at the whole-of-government level.

This session will examine the information and architecture issues relating to the creation of a digital twin and the prerequisites for ensuring that in implementing the digital twin there is close alignment the reality of the physical twin’s behaviour. It will also discuss the privacy and security implications that arise from the creation and use of digital twins that are connected to operational assets. The session will conclude by identifying a set of criteria for establishing the trustworthiness of a digital twin in comparison with the real thing.

10:20 16S: The Challenges of Cybersecurity Challenges Speaker(s): Andrew S. Townley

Andrew S. Townley

Founder & CEO, Archistry (South Africa)

Andrew is an international speaker, published author and thought leader on business execution, security, risk and technology who has extensive practical, hands-on experience working in the US, Europe, Middle East, Africa and Brazil. His Enterprise and Security Architecture experience includes leading SABSA adoption organizational change initiatives for Fortune Global 300 customers and is built on not only SABSA certification but personal mentoring by two of SABSA’s principal authors.
X
 

Every year, everyone in the cybersecurity industry goes crazy postulating the “next big issues” everyone needs to look out for in the coming year. And it’s all backed by survey data…

…and it’s all presented with sexy materials, charts and graphs...

…and it basically ends us telling us exactly the same thing. Year. After. Year.

What I want to explore in this session is why this happens. What is it that we’re doing (or not doing) that causes “the basics” like Identity & Access, Data Loss and Cybersecurity skills/Awareness to top the list for YEARS.

Either we’re a) fundamentally incompetent as an industry, or b) we just haven’t figured out the right way to look at the problem.

What we’ll do in this hybrid session is the following:

Part 1 will frame the issues, looking at some “top trends” over the last few years to highlight the fundamental drivers of what we’re worried about.

Part 2 will be an open discussion on what might be causing this, what we’re doing wrong, and some ways we might fix it.

Part 3 will be some SABSA-based ideas, grounded in the fundamental theory of domains, that will possibly give us a new perspective to actually solve these problems instead of just hand-wringing about them on surveys year after year…after year…after year.

10:20 16A: Wisdom of Insecurity – Thinking out of the Box of Security – a Way to Do Security Better? Speaker(s): Helvi Salminen

Helvi Salminen

Security Advisor, (Finland)

Helvi Salminen has worked in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development. Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA, CISSP & SABSA & was awarded as CISO of the year in Finland 2014.
X
 

We are used to looking at security through the lenses of rules and discipline. This is often useful – even necessary – and we find solutions of many problems in this way. However, purely rule-based security is no longer sufficient in the business which operates in an increasingly complex technical reality and rapidly changing society.

Our methods, standards, guidebooks and countless rules prepare us to resolve known problems – answer questions to which they are designed to answer. But if we rigidly stick to the predefined rules we don’t develop the capability to understand issues which are not included in our recipe books.

This session is designed to discuss the limits of the applicability of standard and rule based way of doing security. What do we miss when limiting our thinking to this type of approach? What we can learn from other areas of knowledge – e.g. social psychology and philosophy - and apply this knowledge in our security work? How can for instance the principles of creative idleness and reversed effort help us to resolve complex problems better?

Welcome to the adventurous journey which is inspired by thinkers whom we usually don’t see in the context of security. Alan Watts says that it is only by acknowledging what we do not—and cannot—know that we can learn anything truly worth knowing. Aldous Huxley states that the harder we try with our conscious will to do something, the less we shall succeed. Proficiency and results come only to those who have learned the paradoxical art of doing and not doing, or combining relaxation with activity. With the concept of creative idleness Domenico De Masi embeds elements of pleasure to the hardness of duty. And many others help us to get out of the box.

Also in security.

10:20 16B: Anchoring the Software Supply Chain: A Case Study Speaker(s): Mike Broome

Mike Broome

Senior Software Engineer, Tanium (USA)

Mike is a Senior Software Engineer at Tanium, developing large-scale enterprise IT security and IT operations software. He spent two decades in networking and low-level embedded software, including writing code for the fastest-ramping mid-range router at Cisco. After a stint in embedded industrial control systems, he has spent the past 5 years working on threat response and business application mapping solutions to help with visibility across enterprise solutions.
X
 

Last year, we discussed software supply chain vulnerabilities. This year, let’s go a step further and look at how one software company has tried to implement a software supply chain strategy.

It's not one size fits all, but by unpacking and examining this example from one specific company, we can find concepts that can be applied by anyone who is managing and trying to secure a software supply chain – and lessons for anyone who consumes software.

Questions for review will include:

- What was the motivation for this strategy?

- What are the tradeoffs?

- What has worked well vs. not so well?

- What impact has this had on the software developers?

- What impact has this had on the customers?

We will also talk about possible alternative strategies, as well as what steps your companies may have taken – either as creators or consumers of software.

This talk will be under Chatham House Rule.

11:05 - 11:25 Morning Coffee

11:25 17S: SABSA Open Forum - Part 1 Speaker(s): Maurice Smit

Maurice Smit

Principal Security Architect, David Lynas Consulting (Netherlands)

Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals. Maurice delivers accredited SABSA training in Europe, India, Africa and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
X
 

This open session covers SABSA, The SABSA Institute and the latest goings on in the Enterprise Security Architecture world. If you want to support a SABSA Institute project or the Institute itself, this is the session to join. Meet the Board of Trustees and ask them anything. The Institute will also present an overview of current activities and initiatives.

We would like to discuss what you believe the future of SABSA and the SABSA Institute should be. Let us know what areas the SABSA Institute should focus on.

We propose the following agenda, and are completely open to adjust this to the needs of the SABSA Institute Members:

- Meet the Board of Trustees

- Current Projects

- The future of TSI

- The future of SABSA

- Emerging topics for projects

11:25 17A: Entering the Friend Zone Speaker(s): Karel Koster

Karel Koster

Manager IT - Information Security, FedEx Express Int (Netherlands)

Karel Koster is an information security professional with over 15 years of experience is various information security roles. He currently manages an international team of security analyst for FedEx Express, owning and executing various GRC process for FedEx international. Prior to FedEx Karel fulfilled positions as Head of information security, information security officer, security architect and operational risk manager within financial services companies.
X
 

Within every corporation, no matter how small or big you will find people or departments that are outright hostile towards Infosec. They oppose, challenge, criticize and will frustrate anything that infosec requires them to do. They tend to advocate that infosec does not understand the business, that our cyber security controls and policies are only there to entertain the auditors, and that they don’t need our help in securing their systems / departments, they know better than us.

Issues with these departments and people can be escalated through management and you may gain proper enforcement by having marching orders distributed from the top. However, this approach impacts your ability to execute quickly. It also has you relying on management for support and the successful execution of your agenda, while management would like to rely on you for this.

How do you win these people and departments over and gain their trust?

In this talk I will share proven tactics I use to overcome this very situation and I hope you can share your experience as well. How do our teams go from animosity to the friendzone, building a partnership that enables us to support these departments, help them achieve their business objectives, while they support us in securing the enterprise?

11:25 17B: Penetration Testing: Doing the Job and Staying Out of Jail Speaker(s): John O'Leary

John O'Leary

President, O'Leary Management Education (USA)

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.
X
 

If you’re not doing it, someone else is doing it for you, and they’re not delivering final reports or checklists (though the final cost might be much higher). Even those innocent souls and naïve managers who haven’t yet been hit (or think they haven't been it) have heard enough horror stories from us and their contemporaries that they're almost convinced that penetration testing is a necessity. But they don’t know what effective penetration testing in 2020 requires and entails. They're uneasy about the concept, don’t really know where to start, and have no reality-based ideas about what to expect for an outcome. You, a grizzled veteran and COSAC delegate, know why and how and what to expect. But Ransomware, Spear phishing, nation-state hacking, massive breaches, IoT, GDPR, Big Data Analytics, Cloud computing and BYOD, even Corona virus scams, have opened up new avenues for probing defenses. Calling on the experiences of COSAC delegates in the room, we’ll lay out some absolutes rules for pen testing, analyze driving forces, examine realistic testing options, and pinpoint focus areas for testing. We’ll then identify pitfalls to avoid (e.g., going to jail) and finish with recommendations to help organizations get maximal return from this complex, expensive, but valuable, probably even mandatory security measure.

12:15 18S: SABSA Open Forum - Part 2 Speaker(s): Maurice Smit

Maurice Smit

Principal Security Architect, David Lynas Consulting (Netherlands)

Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals. Maurice delivers accredited SABSA training in Europe, India, Africa and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
X
 

This open session covers SABSA, The SABSA Institute and the latest goings on in the Enterprise Security Architecture world. If you want to support a SABSA Institute project or the Institute itself, this is the session to join. Meet the Board of Trustees and ask them anything. The Institute will also present an overview of current activities and initiatives.

We would like to discuss what you believe the future of SABSA and the SABSA Institute should be. Let us know what areas the SABSA Institute should focus on.

We propose the following agenda, and are completely open to adjust this to the needs of the SABSA Institute Members:

- Meet the Board of Trustees

- Current Projects

- The future of TSI

- The future of SABSA

- Emerging topics for projects

12:15 18A: Social Engineering in Healthcare Speaker(s): Kathleen Mullin

Kathleen Mullin

CISO, Healthmap Solutions, Inc. (USA)

Kathleen Mullin CISSP, MLSE, CCSFP is an influential information security practitioner with more than 30 years of experience. She has been a CISO at various publicly traded, private, not-for-profit organizations, and governmental entities including HealthMap Solutions, WageWorks, Healthplan Services, Adventist Health, and Tampa Airport. She has a BSBA from St Joseph’s College Maine and an MBA from Florida Metropolitan University.
X
 

This original presentation was supposed to be given at HIMSS2020 which was canceled due to COVID-19. This discussion provides a perspective that looks for other security professionals to assist in a better framework for healthcare.

Malicious hacking using social engineering against healthcare has multiple goals; the most obvious ones are to steal money, data, or deliver ransomware. Healthcare systems are particularly susceptible because basic critical security controls are not in place within highly integrated systems. This presentation discusses how targets are selected, the delivery methods, and why social engineering is effective. Let’s discuss the effective methods to protect organizations and the options when social engineers succeed.

Seasoned professionals recognize hackers’ motivations, why they are a threat and why they use social engineering, but this needs to be communicated to those in Healthcare

Detect the common methods used by social engineers to victimize healthcare organizations

How do we assist those in healthcare to prepare for the impacts of malware including ransomware when they have limited funds and the manufacturers of their equipment provide it on obsolete operating systems?

How do we construct a plan to reduce the likelihood of social engineers being successful using training, testing and technical controls?

12:15 18B: Ransomware Response - A Lawyer’s Perspective Speaker(s): Mark Rasch

Mark Rasch

Chief Counsel, National Security Corporation (USA)

Mark Rasch is an internationally recognized cyber attorney and technology risk executive, with a distinguished record establishing and leading world-class data privacy and resiliency, security consulting, incident response and investigations practices for commercial and government organizations. More than 30 years’ in information security, and high-technology litigation and advisory across the critical infrastructure. Highly sought as one of the world’s leading legal (cyber) experts.
X
 

Your company is hit with a ransomware attack. You have to decide whether to try to decode the bitlocker, rebuild the database, or pay the ransom. Who makes the decision? IT? CISO? Legal? Your insurance company? If you decide to pay, how do you do this as a practical matter? Are the costs of paying ransomware covered by insurance? What about the costs of NOT paying ransomware? Are you subject to criminal prosecution for the mere act of paying to release your funds? This session will focus on the legal and practical aspects of ransomware including violations of international sanctions, aiding and abetting terrorists or other criminals, operating as an unlicensed money transfer agent, money laundering and other KYC regulations, providing material support to criminal activities, and other potential liability sticking points.

13:00 - 14:00 Lunch

Workshop W1

14:00 Gamifying Security Architecture – A Board Game Perspective Speaker(s): Esther Schagen-van Luit,

Esther Schagen-van Luit

Specialist Security Architecture, Deloitte (Netherlands)

Esther is a Specialist in Security Architecture at Deloitte Cyber Risk Services. Her ambition is to be a Leading Lady In Cyber, who is the best in her craft (security architecture) and makes societal impact as a role model through making girls & women feel they (could) belong in world of cybersecurity. For her work on getting more women into Cyber, Esther has been awarded prizes and nominations such as the Cybersecurity Award, Techionista Award, VIVA400 and Change in Business Award.
X
Roland Schagen-van Luit

Roland Schagen-van Luit

Junior Architect, ZJA Architecture (Netherlands)

Roland is a Junior Architect at ZJA Architecture. His focus on parametric design and fascination with 3D-printing has his portfolio span architecture, graphic and jewelry design. A broad interest in systems and mathematics in general has sparked a desire to convey this thinking outside of parametric design, spreading from the design of buildings into the design of boardgames.
X
 

Security Architecture is a complex topic, yet we depend on being able to explain it simply, elegantly and effectively to our stakeholders. In the vein of gamifying many aspects of our life to make them more appealing, we believe that building a security architecture game may be an effective way of communicating the value and working of security architecture to a variety of audiences.

The session starts of by explaining the benefits of a security architecture game and gamification in general. We will discuss the characteristics of what makes a good game and how these have informed us in designing a security architecture game. We then explain the rules of the game and participants will have the majority of the session to play test the game. At the close of the session we retrieve observations and feedback from the participants to improve the game. After the conference all the game component printable files will be shared so COSAC attendees can reproduce the game and play it with their community and organizations.

Thursday afternoon workshop sessions tend to be challenging for both hosts and participants, as they already have 3.5 intensive days of COSAC behind them. The inspiration for this session was taken from the success of Chris Blunt’s COSACopoly game some years ago, where we once again seek to combine the informative (how to design a good game) with the pleasant (connecting through the power of play). This should make for an appropriately balanced and entertaining session to close the COSAC conference on a positive note.

Workshop W2

14:00 An Immersion in Securing the Digitally Transformed World Speaker(s): MZ Omarjee,

MZ Omarjee

Enterprise Security Architect, Standard Bank (South Africa)

Muhammed Zubair (Mz) Omarjee is an Enterprise Security Architect within the Group IT Plan function of Standard Bank Group South Africa. He is instrumental in defining the security technology strategy and plays a pivotal role in shaping the information security practice as a transformative business driven and risk oriented discipline.
X
Siân John MBE,

Siân John MBE

Chief Security Advisor, Microsoft (UK)

Siân John MBE is EMEA/APJ Director of Cybersecurity Strategy at Microsoft. She leads a team of chief security advisors in EMEA and APJ who work with Microsoft’s customers as they evolve their security strategy to support digital transformation and cloud adoption. Siân has worked in Cybersecurity for nearly 25 years across strategy, business risk, privacy, and technology. Siân is a recognised thought leader in the industry. She is Chair of both techUK’s CyberSecurity Management committee and...
X
Diana Kelley,

Diana Kelley

Field CTO, Microsoft (USA)

Diana Kelley is the Cybersecurity Field Chief Technology Officer for Microsoft where she provides guidance to C-level executives at large, global companies. She is a Faculty Member with IANS Research, an Industry Mentor at the CyberSecurity Factory and a Guest Lecturer at Boston College’s Master of Science in Cybersecurity program. Previously, she was the Global Executive Security Advisor at IBM Security and a GM at Symantec.
X
Lesley Kipling

Lesley Kipling

Chief Security Advisor, Microsoft (UK)

Previously lead investigator for Microsoft’s detection and response team (DaRT), Lesley has spent 16+ years responding to Microsoft customers’ largest and most impactful cybersecurity incidents. As Chief Security Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.
X
 

Part 1 - A Digital Transformation Immersion

The digital transformation immersion session is a aimed to address both the shift in thinking and provide a cursory overview of concepts and competencies required to be relevant in the Digital Transformation age.

A synopsis of what the session will entail:

- The rationale as to why are we doing Digital

- The thinking required for a Digital Transformation

- The disruptive business models at play for a Digital Transformation

- The organizational shift required for a Digital Transformation (some SABSA applied here)

- The technologies at play that enable a Digital Transformation

- Interactive practical activities and case studies on how to digitize something that’s highly physical and manual in nature.

Part 2 - Securing the Digital Transformed World

As organisations go through digital transformation Cybersecurity practices need to evolve to keep up. This half day session will explore some of the challenges and approaches to evolving security risk management to unlock the opportunity of digital transformation by managing and mitigating some of the threats.

Topics will include:

- Changing control and risk frameworks – and reporting on risk to support digital transformation

- Identity as a perimeter and Zero Trust Networks

- Forensics and threat hunting in the hybrid cloud world

- Incident response, triage and remediation.

- Securing the intelligent cloud and the intelligent edge – IoT, machine learning and hybrid cloud solutions

Workshop W3

14:00 Ask us anything: A Q&A session with a SABSA Master’s panel Speaker(s): Chris Blunt,

Chris Blunt

Security Architect, Aflac NI

Chris is a seasoned cybersecurity professional. He has recently moved to Belfast from New Zealand where he co-founded and ran a highly successful information security and privacy consultancy. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables organisations to achieve their business objectives.
X
Maurice Smit,

Maurice Smit

Principal Security Architect, David Lynas Consulting (Netherlands)

Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals. Maurice delivers accredited SABSA training in Europe, India, Africa and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
X
William Schultz

William Schultz

Associate Director, Vanderbilt University Medical Centre (USA)

Bill Schultz is a practicing security architect who has worked in the Information Technology field for over 16 years, with the past 12 focused on Enterprise Architecture, Security Architecture, Risk Management, and Compliance. Bill has built security programs, risk management programs, and developed strategic organizational architectures and technical system architectures. Bill has led multiple risk management and security architecture initiatives.
X
 

In your security architecture quest have you come across a question about how to use SABSA that seems to have no answer, or a challenge that seems insurmountable? Welcome to the club! Many good practical questions often have an answer that ultimately resolves to the response, “it depends”. This is because most of the time it is true, the answer to your problem depends on the question you are trying to answer. However, there are often simple answers to complex questions that can be reached by simply following the methodology. The challenge is often in knowing which part of the methodology to use, and where to start with the situation you are in.

In this session attendees will be able to pose questions and challenges to a panel of people who have spent a significant amount of time and energy learning, teaching, and applying the SABSA methodology. Last year this session ran at COSAC and COSAC APAC and we covered a wide range of topics with a group that ranged a wide spectrum of experience and proved useful for all. Any SABSA Master’s in attendance at COSAC will be welcome and encouraged to participate as they are available. Input from attendees will essentially build the agenda for the conversation and we will attempt to cover as many topics and questions as possible. Of course in the COSAC way there will be plenty of group debate and interaction, and no shortage of experts in the room. While we may not solve every problem, perhaps as a group we can find ways to overcome some of the challenges and questions that we face, and possibly begin to look at some of the new challenges heading our way.

Workshop W4

14:00 Sorting Through Artificial Intelligence Hype Speaker(s): Diana Kelley,

Diana Kelley

Field CTO, Microsoft (USA)

Diana Kelley is the Cybersecurity Field Chief Technology Officer for Microsoft where she provides guidance to C-level executives at large, global companies. She is a Faculty Member with IANS Research, an Industry Mentor at the CyberSecurity Factory and a Guest Lecturer at Boston College’s Master of Science in Cybersecurity program. Previously, she was the Global Executive Security Advisor at IBM Security and a GM at Symantec.
X
Lori Murray,

Lori Murray

Systems Engineer, Lowa State University (USA)

Lori Murray is a Senior Advanced 3 Information Assurance Systems Engineer, currently enrolled at Iowa State University as a PhD student studying Computer Engineering. She has her Masters of Science degrees in Information Assurance and Business Analytics from Iowa State University, along with her CISSP. Lori has 15 years of experience between Systems Engineering as a Cyber Security SME building security architecture from requirements definition to design.
X
Char Sample

Char Sample

Chief Scientist Cybersecurity Cybercore, Idaho National Laboratory (USA)

Dr. Char Sample is Chief Scientist Cybersecurity at the Idaho National Laboratory and a research fellow with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.
X
 

Security professionals are confronting the emergence of artificial intelligence (AI) in the security industry. There are many different topics within AI that intersect with security and most discussions are either too high-level or so detail-oriented that they security professional has to determine the applicability to their own environment. This discussion opens with the general discussion of AI and machine learning (ML) along with defining the differences between the two. Next a discussion of how to spot vendor deception (snake oil) and questions to ask vendors that will assist in architectural decision-making and planning.

The second section of the talk discusses the gaps between human learning and decision-making and machine learning and decision-making. This section describes the importance of data, classifiers, and the AI algorithms. In this section of the talk we will discuss ways in which manipulation can occur.

The third sections shows examples using datasets that will illustrate how the manipulations discussed in section 2 can be applied to some real-world examples that are frequently encountered. We will examine threat intelligence data and insider threat data. Both will be mapped showing the differences that can occur when the data manipulation occurs.

Plenary Session

17:15 19P: Tony Sale Lecture: Living in a World of Covert Channels Speaker(s): Andy Clark

Andy Clark

Director, Primary Key Associates (UK)

Prof Clark is an acknowledged expert in Cryptography, I.S. Security, Systems Engineering, Information Forensics & Cyber Security. He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with 20+ years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases. He is a co-author of the SABSA Blue Book & was the first recipient of the COSAC award.
X
 

On 24 February 2020 Terence Michael Whall was found guilty by a unanimous verdict of the murder of 74-year-old pensioner Gerald Corrigan, who was shot outside his rural home in Anglesey on Good Friday 2019.

Whall thought he had committed the perfect murder, there was no forensic evidence, no direct eye witness to the shooting and no one saw him travelling to and from the murder scene.

During the trial the jury heard evidence of telematics data provided by Jaguar Land Rover showing the location of a suspect vehicle the day before when Whall was reconnoitring the scene of the crime, the boot being opened at 23:11:04 and closed 39 seconds later when he removed the murder weapon.

Evidence provided by Sky proved that Mr Corrigan’s satellite TV system was present at 00:08 at his home on the night he was murdered, at 00:28 he stopped a pre-recorded programme and the satellite signal was no longer present. When he went outside to investigate the problem, he was shot dead.

Again, telematics provided valuable evidence of vehicle movement, the opening and closing of the boot following the murder and Whall making his escape from the scene.

It is a credit to the hard work of those prosecuting this case that they were able to retrieve a body of critical evidence and present it clearly to the jury during the five-week trial.

To many people it was a revelation that such levels of technical data were transmitted to third party companies routinely and without their understanding of the full scale of the activity.

In this talk we will focus on how this example is only one of many instances of such data transfers. In new work we will detail how malicious actors might take advantage of an emerging standardised environment for vehicle to vehicle and vehicle to infrastructure communications to undermine efforts to monitor their activities.

THIS SESSION WILL REQUIRE DELEGATES TO COMPLETE A FULL NDA.

Conference Close

18:15 Conference Close - COSAC Chairman Speaker(s): David Lynas

David Lynas

Chairman, COSAC (Northern Ireland)

David Lynas is currently enjoying his thirty-eighth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.
X