Dan Sarel has been a cyber security expert during the last 2 decades. Dan co-founded Demisto in 2015 where he served as the VP of Product. Together with his partners he sold Demisto to Palo Alto Network in 2019, after 3 1/2 years of successfully creating a new product, a new product category (SOAR) and revolutionizing the way SOCs work. Today Dan is VP Product Management at Palo Alto Networks. Dan spent the last 20 years building successful products in several cyber security domains including endpoint security, network security, database security and VPN in various companies including McAfee, Sentrigo and Check Point Software. Dan sees himself as a customer advocate and makes sure he spends at least half of his time meeting customers in all industries – financial, retail, government and others – to better understand what challenges they have to overcome.
Cyber Operations & Response
Using SOAR Technology to Enable Efficient Incident Response Collaboration
Over the last few years some of us have become better at sharing information so we can combat cyber attacks together. But while we have made progress mostly in one area (IOC sharing), there is a lot more we need to do to truly face our adversaries together. The presentation discusses the potential that SOAR technology brings to the table – sharing not only small pieces of data, but striving to, and achieving what we believe is crucial to make collaboration a success – joint interactive investigations. What does SOAR have to offer? What challenges does it overcome? What will a future collaborative interactive investigation look like? The presentation will pose and answer these questions as well as show mockups of a future collaborative platform.
Dr Ori Sasson is a director at S2T, a leading supplier of cyber intelligence solutions for Government customers.
S2T's solutions enhance the capabilities of organisations and analysts in areas of web and cyber collection, collation, analysis and generating insights and reports. These solutions leverage powerful collection capabilities spanning web sites, social media networks, darknet, and end-user devices and harness big data analytics, machine learning, robotic process automation, and powerful visualisation tools.
Ori holds a Ph.D. in Computer Science from the Hebrew University of Jerusalem, with specialisation in Machine Learning. He has over a quarter of century of experience in the domains of cyber intelligence including hands on development of a variety of cyber-collection tools using multiple attack vectors. Formerly he was an Assistant Professor at the Singapore Management University. He is also the author of numerous books and research papers.
Darkweb, Cybercrime, Cyberwarfare.
Automated Attribution of Cybercrime Using Bitcoin Distributed Ledgers
Cyrptocurrencies are increasingly used as the payment method of choice for cyber-criminals collecting proceeds from ransomware or for sales of cyber-weapons. Cryptocurrencies such as Bitcoin are based on distributed ledgers. In other words, all Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see both the balance and transactions of any Bitcoin address. Bitcoin addresses are often published online in Darknet forums or other platforms, or in ransom demands for ransomware.
We present a methodology for automated attribution of cyber-criminals and ransomware campaigns to Bitcoin addresses and identifying clusters of collaborating Bitcoin addresses used as intermediaries.
Through real-world examples, we demonstration how such automatic attribution methods can triangulate cybercrime actors and provide early warning on cybercriminal activity in distributed ledgers.
Nick Savvides is responsible for Symantec’s Cyber Security Strategy across Asia Pacific and Japan. In this role, Savvides’ charter is to provide local market insights that influence global strategic planning and product development. Savvides works also with organisations and governments to develop their cyber security strategies and solve complex business problems. He has worked on some of the largest business information security projects in Australia, affecting the way many Australian’s interact with their employers, banks and governments.
An information security expert, with more than 20 years’ experience, Savvides has spent the last 11 years at Symantec in various product and sales engineering roles. He has presented at more than 60 conferences, contributed to many high profile panel discussions and regularly appears in the media on cyber security related topics.
Prior to joining Symantec, Savvides worked for The University of Melbourne in various IT related roles. Most notably, Savvides managed the computing technologies at the Centre of Excellence for Quantum Computing and was responsible for developing nuclear microprobe analysis and diagnostic tools.
Savvides is an active member of the IT Security community and a member of a number of industry bodies. He is a Science graduate of The University of Melbourne majoring in Physics and Computer Science.
Supply Chain Cyber Security
DevOps and Supply Chain Security In The Modern World
Supply chain attacks have always been a concern, and when combined with DevOps, that has transformed how we build and operate our applications an entire new threat surface has appeared.
The use of cloud, complex 3rd party software-as-service widgets have all conspired to make our code bases more complex, less auditable, less understandable and less catalogable. With developers now needing to manage the lifecycle of these components, security has taken a secondary role.
Regular GRC tools and processes have let organisations down, with many organisations falling victim to supply chain attacks, their systems and applications compromised via their trusted paths. A complex landscape has developed with the key concern of software supply chain related to cloud services, API services and others that are quickly adopted and consumed by developers.
Many risk officers, CSOs and developers are unable to accurately assess, quantify and remediate their supply chain and DevOps risks.
This talk examines the complexities, commercial aspects and the practicality conducting and detecting of DevOps risks and supply chain attacks in the modern enterprise.
Dr Alexander Schellong has extensive experience in strategic consulting, business development, general management, business unit leadership and mission critical international project and operations management in Europe, Middle East, Africa and Asia for the U.S. government, German government and other commercial clients. His domain expertise covers among others eGovernment, Cybersecurity, Cloud, BPO or digital transformation. As a member of the management board of Infodas, he heads all international business activities of the firm. He has authored one book on CRM in the public sector and over 60 articles on a variety of topics at the intersection of technology, society and organizations. He served in Germany’s mountain infantry and remains active in the reserve. He holds a Masters and Phd. He studied and taught at Goethe-University Frankfurt am Main, Harvard Kennedy School and The University of Tokyo.
Enterprise Security and Data Protection: Trends & Technologies
Cross Domain Solutions Quo Vadis?
As data grows exponetially and organizations become more digitized, protecting and sharing sensitive data and systems remains a challenge for many organizations. In particular, military, government, intelligence and critical infrastructure organizations are looking at or using so called cross domain solutions to address these challenges. The talk will give a primer on core ideas, insights from different use-cases and trends within this rather overlooked topic in Cybersecurity.
Mike Sentonas is Vice President, Technology Strategy at CrowdStrike. Reporting directly to the Co-Founder and CTO, Mike’s focus is on driving CrowdStrike’s APAC go-to-market efforts and overseeing the company’s growing customer and partner network. With over 20 year’s experience in cybersecurity, Mike’s most recent roles prior to joining CrowdStrike were: Chief Technology and Strategy Officer and Vice President and World Wide Chief Technology Officer, both at McAfee (formerly Intel Security).
Michael is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats. He is highly-sought after to provide insights into security issues and solutions by the media including television, technology trade publications and technology centric websites. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security.
Michael holds a bachelor’s degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.
Cybersecurity Ops Centre: Methodologies & Operations
Building a World Class Threat Hunting Team
Threat Hunting is the identification of the unknown not covered by passive-monitoring capabilities. Imagine taking every possible scrap of information of every single system in your environment, parsing through that and finding hands on keyboard activity. Sounds painful right? Not if you bring in the right talent, right tools and good processes. With the increasing number of tools populating the Endpoint Detection and Protection space, improving data visibility into core processes, detailed command lines and process trees, Threat Hunting has become a niche career space for Information Security Analysts. The speaker will share experiences about real-world use cases, tools, technology, processes and people.
The speaker works with one of the worlds largest threat hunting teams in the industry in an environment where over 1 trillion events are analyzed each week. Through the use of visualization tools, tribal knowledge and experience as well as flexibility in operations to allow Hunters to focus on things of interest, the team consistently delivers in rapidly finding adversary activity. Building a team whose mission is to find adversary activity across a global threat landscape is no small feat. It is not just about hiring the right talent, it is also making sure that data is available, and actionable in a way that allows the Hunters to operate at maximum efficiency while still allowing freedom and time for in-depth investigations.
Senior business leader with over 15 years’ experience in technology, focused on large organisations and government agencies. Successful in supporting organisations to build cyber security defence strategies and Home Land Security.
Responsible for managing the India and Asia Pacific Region of Telesoft Technologies, supporting large organisations, governments, CNI providers and data centres to identify, mitigate and respond to the increasing complexities and occurrences of cyber threats due to the exponential growth in data due to IOT, 5G, edge/fog/cloud, super computers, ICS/SCADA.
Cybersecurity and 5G
Protecting our National Networks and CNI
We are all becoming more reliant on connected devices for our personal and business lives and whilst there is end point protection, we need to ensure that the huge scale networks interconnecting our devices remain always on, always available. But sifting through Terabits of data for threats isn’t easy and existing enterprise cyber tools do not work. This becomes increasingly important with 5G, smart everything, IoT and autonomous devices.
In this session we look at some of the threats to our large scale national networks and the techniques we can use to massively scale up cyber operations.
Ken Soh holds concurrent appointments as Group CIO of mainboard listed maritime supply chain company BH Global Corporation Limited since 3 Mar 2014 and as the founding CEO of the group subsidiary cyber security company Athena Dynamics Pte Ltd.
Ken has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Ken held various senior positions in the public and private sectors at CxO and business leader levels with ICT Master Planning and P&L responsibilities.
Ken has been an avid industry speaker and writer, contributed to more than 120 speaking and featured articles since 2015. He holds a Master of Science in Computer Studies from the University of Essex, UK; and a Master of Business Administration (eMBA) from the Nanyang Business School, a Nanyang Technological University (NTU) and University of California, Berkeley (UCB) joint programme.
Industrial Control Systems (ICS): Vulnerabilities & Resiliency
Cyber Security in Perspective: The Intertwined Disciplines of SecOps, DevOps and ITOps.
Be it DevSecOps, Security by Design or Defence in Depth, we are not short of such similar “slogans” and standard security frameworks in the industry. While these jargons are often quoted as rule-like references, it is important to re-examine if they truly live up to the rigour and dynamism of today’s IT and cyber security landscapes.
In this presentation, the speaker will share his opinions with regard to the naturally intertwined disciplines of SecOps, DevOps and ITOps in a highly pragmatic manner from a operation practitioner point of view.
Thorsten Stremlau is a Senior Engineering Staff Member and CTO within Lenovo’s Intelligent Devices Group PC & Smart Devices business. He is responsible for technical strategies for devices, software and cloud services globally. In this role, Thorsten identifies and drives integration of current and future technologies, integrating them into the product development processes, and specifically drives innovation into the security capabilities of Lenovo’s commercial portfolio.
Thorsten has been part of TCG (Trusted Computing Group) from its inception and has helped drive acceptance of the TPM products for security in EMEA and many parts of AP.
Thorsten’s career has been dedicated to identifying solutions and strategic implementations for Lenovo’s customers in all aspects of IT. As an engineer in both IBM and Lenovo for nearly 25 years, his broad experience enabled him to assist thousands of our customers to digitally transform their environments using Lenovo technology.
Thorsten holds a Bachelor in Industrial Manufacturing/Finance and Electrical Engineering. Thorsten lives in Morrisville, North Carolina with his family.
Supply Chain Cyber Security
The Hidden Threat: Compromised Supply Chains
Supply Chain Cyber Security and the Compromised Supply Chain
The presentation will share examples of previous compromised supply chains and will discuss how transparent supply chain has changed the game. We'll bring to light the various threat areas, explaining how can a system be compromised prior to receipt.
Key learnings and takeaways will include, but are not limited to: