COSAC 2023 COSAC Connect COSAC APAC 2023

Welcome to COSAC - Information Security conferencing the way it should be! Join us in Ireland this October for 4 days of innovative & participative information security value celebrating 30 years fo COSAC Security Conference.

For 30 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. The #COSAC2023 Call for Papers is now open!

Monday 3rd October 2022

Breaks COSAC Masterclasses are full-day, 09:30 - 17:30
09:00 Registration & Coffee
11:05 Morning Coffee
13:00 Lunch
15:35 Afternoon Tea

Masterclass M1

09:30 The 21st International Roundtable Security Forum Speaker(s): John O'Leary

John O'Leary

President, O'Leary Management Education (USA)

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.

For 2022, the COSAC Forum presents a room full of industrial strength, battle-hardened, reality-grounded information security veterans. They’ve seen it all, done it all, fixed it all, coped with it all and didn’t even need to get the t-shirt. Of course, you’re one of them. And like the others, you’re always learning, willing to listen to and learn from others who’ve encountered things you might not have, not too shy about sharing strategies and techniques, and committed to our strange and very necessary profession.

This full-day immersion in the COSAC way features a moderator, an ancient, grizzled if not very knowledgeable security veteran himself, who describes some actual recent events or publication or prediction or analysis of security-related activity, then comes up with a question or two about associated issues. But the real stars of the session are the participants. A described event or publication might engender wildly divergent reactions from attending professionals who experienced a similar event, but had different constraints or objectives or working tools or eventual outcomes. The moderator might prod an attendee for their take, but more likely, he’ll try to avoid getting in the way, thus allowing participants to illuminate topics, opinions and actions freely and subject their ideas to the scrutiny and analysis of all the experience in the room. And nobody charges consulting fees.

Join us and help solve the information security problems of the world.

Masterclass M2

09:30 The 6th COSAC Security Architecture Design-Off Speaker(s): Jason Kobes,

Jason Kobes

Architect, Research Scientist, Professor, Northrop Grumman (USA)

Jason Kobes works as Tech Fellow Senior Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason also is an adjunct professor for Marymount University teaching Cyber Crime and Digital Terrorism. Jason has over 24 years of experience concentrated in cyber digital transformation, information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's...
Chris Blunt

Chris Blunt

Enterprise Security Architect, Aflac NI (Northern Ireland)

Chris is a seasoned cybersecurity professional. He has recently moved to Belfast from New Zealand where he co-founded and ran a highly successful information security and privacy consultancy. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables organisations to achieve their business objectives.

In the spirit of hack-a-thons, this competition was born out of a desire to provide a venue for security architects to apply their skills in a safe environment. This is a unique competition format that uses real clients, scenarios and deliverables to see which team will reign supreme! Whether you are aseasoned enterprise architect or security architect, or just looking to try something different to build and enhance your skills, this session will provide a unique opportunity to prove and hone your architecture chops. Many practitioners come out of self-study or training armed with new skills, but struggle with applying them in complex situations and under tight time frames. Not to mention, there may be a limited number of practitioners in their organization (or region for that matter) to learn from. The primary goals for this session are to build relationships with other practitioners, to learn from each other on different ways to apply techniques to solve problems, and setup situations where we can creatively apply and adapt our skills. This is not a session where you will sit and listen to a presenter telling you how to do something.

Past attendees of the Design-Off have marked this as one of the highlights of the conference and we hope you will leave feeling the same way. Each year we feature a unique customer and problem set, so if you have attended in a previous year, be assured that this year will present a new and different challenge. Each year we incorporate feedback from past attendees in order to enhance the experience and keep the scenarios interesting and applicable to real life!

Teams are made of people with different skill sets and skill levels, and team members will be actively engaging each other and trying to find the best way to meet the challenges. This is not a competition in using a specific formal methodology or framework (although they will definitely come in handy), but is meant to be an exercise in applying these techniques in a ways that most effectively meet the client’s needs. Each year winners have proved their mettle through several challenges, demonstrating skills in listening to clients, applying risk management, demonstrating business value, and effectively communicating with the client in order to deliver architectural guidance that will address their problems. There can be only one winning team, however all participants will learn from the experience. Where else can you see how different groups of high level security practitioners apply their skills to address the same problem? That said, you will want to win this! The winning team members not only get bragging rights, but will be announced on the SABSA LinkedIn group, and each member will receive a personal acknowledgment on their LinkedInPage congratulating them on their achievement! Other spot prizes maybe awarded by the moderators in addition to this to recognize outstanding efforts of participants.

A few of the hardest problems SABSA architects face are working alone, and getting started where there are challenges. These design-off workshops not only build teams from people who may have never worked together before, they challenge the groups to quickly overcome challenges to deliver actionable architecture quickly. It can be done; this activity proves it.

Masterclass M3

09:30 CyberWar, Deception & Weaponising Disinformation

It has been suggested that we are on the verge of a digital “cold war” but recent events show that such a prospect introduces new characteristics: cyberwar is not limited to the nations in conflict, it involves hacker groups, civilians with personal computing power, corporations in third countries, digital influencers, and a battle of the algorithms to create bias and misinformation.

But what does that mean for us, for corporations, for Information Security leaders? What can we anticipate happening? How should we plan and respond? This COSAC Full-Day MasterClass examines the subject in detail and from multiple perspectives.

09:30 Part 1 - From Solar Winds to Digital Cold War Speaker(s): Lesley Kipling

Lesley Kipling

Chief Security Advisor, Microsoft (UK)

Previously lead investigator for Microsoft’s detection and response team (DaRT), Lesley has spent 16+ years responding to Microsoft customers’ largest and most impactful cybersecurity incidents. As Chief Security Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.

A look back and discussion of the most news worth cyber events over the last couple of years and a look forward to what we can anticipate in a digital cold war through the lens of history and the events in Georgia.

11:25 Part 2 - Deception, Weaponizing Disinformation and Challenges for the Future Speaker(s): Lynette Hornung,

Lynette Hornung

Security Architecture Manager, Catapult Systems (USA)

Lynette has her MS in Information Assurance from Iowa State University and her SABSA certifications. She has over 20 years of experience with security architecture and data privacy serving as a trusted advisor with customers and working on cross functional teams. She is currently a Security Architecture Manager with Catapult Systems.
Char Sample

Char Sample

Cybersecurity Principal, MTSI (USA)

Dr. Char Sample is Chief Scientist Cybersecurity at the Idaho National Laboratory and a research fellow with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.

Threat modeling and trust relationships are important tools to use with analyzing disinformation.  Trust relationships provide lessons learned that can be applied to other domains, such as military, cyber, information, public health and economic.  Trust solutions are often binary, but in reality trust is often fuzzy, cross-spectrum and can be visualized with a color spectrum.  In this session we explore various aspects of disinformation and current events in considerations of topics, including the Ukraine/Russian conflict and privacy considerations.  The Ukraine conflict offers a unique recent event to have an interactive discussion of disinformation, cyber attacks, information warfare, and the weaponization of fear.

Disinformation stories often have a grain of truth.  Part of the problem with handling disinformation is that even smart people can be fooled and that does not make them less good or credible.  The landscape of disinformation also encompasses group think, biases in algorithms and political bias. propaganda, spies and a lack of journalistic integrity.  Like many challenges with cybersecurity, disinformation is a very serious challenge that is used in nefarious ways by various political actors with various economic and geo political gains.  We will apply threat modeling and trust relationships to this and explore the challenges with disinformation and explore creative approaches to navigate disinformation and future considerations and approaches.   Disinformation is something that has been around for a long time, but made more difficult to detect with technological advancements and requires diligent understanding and analysis by diverse academic backgrounds that are part of the cyber security field of practitioners. 

14:00 Part 3 - Help, I Need a New IR Playbook! Preparing for Global Cyber Warfare Speaker(s): Lesley Kipling

Lesley Kipling

Chief Security Advisor, Microsoft (UK)

Previously lead investigator for Microsoft’s detection and response team (DaRT), Lesley has spent 16+ years responding to Microsoft customers’ largest and most impactful cybersecurity incidents. As Chief Security Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.

Title and abstract by Esther Schagen-van Luit

The first real act of cyber war was the DDoS attacks on Estonia in 2007. Over the years we saw more aggressions. Georgia in 2008, Stuxnet in 2009, Saudi Aramco in 2012, Sony in 2014, Ukraine in 2015, NotPetya and Triton in 2017. NotPetya was a novel case as it harmed global organisations as collateral damage. New in this series are the cyber attacks to help Russian physical warfare in Ukraine. This time, involvement is not limited to the conflict countries. International hacker groups such as Anonymous picked a side. Organisations with off-shoring in Ukraine and Russia cut off their networks and people. Civilians from around the globe contributed by volunteering their laptops for DDoS attacks. This is the first time we've come close to a global cyber war. But how to respond?

This session sets out the elements of cyber warfare and uses the Russia-Ukraine conflict as a case study. We take the view of an entity in a third country with operations in both conflict countries. The presenter uses her experience of managing security for an international organization. Next to incident readiness and response, she provided advice on how to engage employees in conflict countries and answer client questions on the situation. She is therefore well-placed to provide an end-2-end security perspective. She will share insights on aspects of incident readiness she had not encountered before and lessons learned on IR preparation for similar future cases. Then the floor is open for the audience to share how their organizations responded to the Russia-Ukraine conflict and how they view the future of cyber warfare.

15:55 Part 4 - Analyzing Russian Cyber Strategy in Warfare Speaker(s): G. Mark Hardy

G. Mark Hardy

President, National Security Corporation (USA)

G. Mark serves as President of National Security Corporation, an information security management consulting firm he founded in 1988. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is the author of over 100 articles and presentations on security, privacy, and leadership. A graduate of Northwestern University and Loyola University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration.

"The strong do what they can and the weak suffer what they must" -Thucydides, History of the Peloponnesian War,(431 BC),Chapter XVII

Beginning in March 2022 the world saw a broad array of Russian warfare techniques. Ukraine has been Russia's testbed for cyber, but unlike the 2008 invasion of Georgia, cyber attacks did not effectively accompany the initial militaryactivity. Why? And how doescyber align with Russia's strategy for escalation management, or intra-war deterrence, across the spectrum of conflict? What lessons have we learned about the conduct of cyberwar, and what are the implications for future conflicts whether or not they rise to the level of kinetic?What are the appropriate responses to avoid mutualdigital annihilation?What other nation states should we add to this discussionto better prepare for the future.

Drinks Reception & Dinner

19:00 Drinks Reception
19:30 Dinner