Ireland's first CERT (Computer Emergency Response Team)



Details for IRISSCON 2017 coming soon!


Registration for IRISSCON 2016 is now closed.


The 8th IRISSCERT Cyber Crime Conference was held this year on Thursday the 24th of November 2016 in the Ballsbridge, Pembroke Road, Dublin.  This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats.


Experts on various aspects of cyber crime and cyber security share their thoughts and experiences with attendees, while attendees will also have the opportunity to network with likeminded individuals.


The conference is open to anyone with responsibility for securing their business information assets. There is a nominal fee of €25 per person attending to cover the costs of catering and other organisational expenses.


The IRISSCERT Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment. Here is a video giving an overview of IRISSCON.



In parallel to the conference, IRISSCERT also hosts Ireland's premier Cyber Security Challenge. The Cyber Security Challenge allows Ireland's top cyber security experts to compete against each other in a controlled environment to see who will be the first to exploit weaknesses in a number of systems and declare victory. The purpose of the competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.


Registration for IRISSCON 2016 is now closed.


Checkout the IRISSCON 2016 Speaker Lineup, Agenda and Conference Sponsors below.













Brian Honan


IRISSCERT Year in Review & Key Threats to Ireland


Marie Moe

Research Scientist at SINTEF

Embodied vulnerabilities - Why I am hacking my own heart


Christopher Boyd

Malware Intelligence Analyst, Malwarebytes

Always read the EULAAARGH


Dr. Grigorios Fragkos

Head of Offensive Cybersecurity, DeepRecce

All aboard, next stop; Cyber Resilience.






Dr. Jessica Barker

Independent Cybersecurity Consultant, J L Barker Ltd

Cybersecurity vs Infosec: why language matters


Craig Balding

Head of Barclays Cyber Security Assurance and Innovation Centre



Andy Whelan

Computer Security Incident Response Team (CSIRT) | US Bank Information Security Services

Sharing is good.






Richard Costelloe

Information Risk Officer, the KBC Group CERT team

Irish Financial Cyber-Scams: 2016 in Review


Dave Lewis

Global Security Advocate, Akamai Technologies

Barbarians at the Gate(way)


Robert McArdle

Manager Threat Research Team , Trend Micro

The differences and niches in the different major criminal undergrounds






David Rook

Senior Security Engineer at Riot Games



Richard Flanders

EMEA Sales Manager vSEC at Checkpoint Software

Protecting digital assets in a Software-defined world


Conference Close & Networking Event

Conference Close & Networking Event

Conference Close & Networking Event


Go to Top>>



Andy Whelan, Computer Security Incident Response Team (CSIRT) | US Bank Information Security Services

Title: Sharing is Good


Abstract: Sharing is good. Particularly for incident response teams. There are a number of platforms and organisations that can enable response teams develop and share information. This brief talk documents the reasons and benefits U.S. Bank CSIRT saw for joining one such organisation, FIRST (


Bio: Andy has been working in Information Security for 15 years. In the past few years, he has been focused solely on incident handling and response. In that time he has helped a number of incident response teams mature their capabilities. He holds 6 SANS/GIAC certs and is one of the original members of IRISS-CERT.


Go to Top>>


Christopher Boyd, Malware Intelligence Analyst, Malwarebytes

Title: Always read the EULAAARGH


Abstract: Free mobile games are often a trade off in advertising for content, and this presentation looks at the increasingly lengthy nature of privacy policies device owners are expected to read before playing. If you could play a game for free in return for having to read 59 advertiser privacy policies and 14 from analytics services alongside those, would you? How many words are we talking? How many hours would it take to read them all? Do any of them have opt-outs?


I explore exactly where your data is going, and which advertisers globally are benefiting from the freemium craze. How much is too much? What should a consumer reasonably be expected to process in return for ten minutes entertainment? What is the minimum reading level for the privacy policies of the most popular apps?


In an age where parents handing their children tablets to keep them busy for 5 minutes is now the norm, it's more essential than ever to understand exactly what's happening behind the scenes when hitting the “Install Now” button. The latest mobile ad techniques even seek to move their adverts from popups to unavoidable built-in game mechanics. Without a proper understanding of the hundreds – or even thousands – of words seen at install, the exposure of your data to otherwise unknown marketers will only increase.


This presentation aims to shed light on a mostly ignored aspect of privacy, and give you a fresh insight into the world of incredibly upfront (yet surprisingly ignored) mobile advertising.


Bio: Chris is a 7 time Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon, VB, and SecTor, and has been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent and the first DIY Twitter Botnet kit.


Go to Top>>


Craig Balding, Head of Barclays Cyber Security Assurance and Innovation Centre

Title: TBD


Abstract: TBD


Bio: In his role at Barclays, Craig Balding is responsible for Security Architecture, Security Engineering, Security Assurance, Red Team and Innovation. He joined Barclays in April 2014 as Managing Director and Head of Group Cyber Risk where he was responsible for Group wide Cyber Risk Management.

Prior to joining Barclays, Craig worked at GE for 17 years - most recently as Red Team Director – in which he led a team of offensive security specialists in delivering a companywide Threat Simulation service.

Craig has 20 years experience in the IT industry. He is co-author of “Maximum Security: A Hackers Guide to Protecting Your Network”, CISSP and formerly CISA certified and British Computing Society Chartered IT Professional (MBCS CITP). He specialises in cyber capability assessment, cloud and mobile security, penetration testing, incident response, forensics, UNIX/Linux and ORACLE security. He has previously presented at Black Hat Europe, eCrime London, the World Cloud Computing Summit, Brucon, RSA Europe and SecureCloud.


Go to Top>>


Dave Lewis, Global Security Advocate, Akamai Technologies

Title: Barbarians at the Gate(way)


Abstract: This talk will examine the tools, methods and data behind the DDoS and web attacks that are prevalent in the news headlines. Using information collected, I will demonstrate what the attackers are using to cause their mischief and mayhem and examine the timeline and progression of attackers as they move from the historical page defacers to the motivated attacker. I will look at the motivations and rationale that they have and try to share some sort of understanding as to what patterns to be aware of for their own protection.


Bio: Dave has almost two decades of industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for CSO Online and Forbes.


Twitter: @gattaca


Go to Top>>


David Rook, Application Security at Riot Games



Abstract: In this talk David will talk about the Riot Games bug bounty program, why Riot decided to launch a bug bounty program three years ago and the journey we've been on since then. This will include our philosophy on payments and researcher relationships, our transition from a stealth program to a hybrid private/public program, how the focus of the program has changed over time, the mistakes we've made, lessons we've learned along the way and how we actually manage our program on a day to day basis.


Bio: David Rook leads Application Security at Riot Games. He has held various application security roles in the financial services industry since 2006 before moving into the computer games industry in early 2014. He has contributed to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON and RSA Europe


Go to Top>>


Dr. Grigorios Fragkos, Head of Offensive Cybersecurity, DeepRecce

Title: All aboard, next stop; Cyber Resilience.


Abstract: The ever evolving threat landscape in the fifth domain of warfare has become a realisation for those have been breached and for those who haven’t detected it yet. In evolutionary terms, all of this happens because it is simply how nature works; where there is an attack there will be a need for defence, and while you advance and evolve in order to defend against the emerging threats, the threats will also continue to counter-evolve. The umbrella terms of cybersecurity and cyber defence, are simply two pieces of a puzzle that is called cyber resilience. In order to be able to survive this technological era, we need to embrace the change, welcome new technologies and services, understand the business needs, and evolve in the way that we perceive security and privacy. In other words, our cyber resilience against fast evolving threats, is to strengthen by constantly adapting to these threats. Our adaptation to threats is what drives the threat actors to aim for the “lowest hanging fruit” and shift to their next stage of their evolution.


An effective cyber resilience strategy needs to be adaptable and capable of assessing the security posture of a business, an organisation, an enterprise, even a country’s critical infrastructure, beyond physical borders and geographically confined sectors, even across the whole globe. Adding to this, the rapid interconnection of numerous devices, aka Internet of Things (IoT) and SCADA-controlled systems, increases exponentially the complexity of the systems to be protected. The required efforts involved in protecting these systems, will only increase further while smart cities start becoming a reality, and this is part of the inevitable evolution, as it was discussed above. Threat actors are mainly opportunists, and it is also inevitable not to see them try to take advantage of this technological evolution, and themselves counter-evolve as well. Hence, today is the time that we need to realise and accept that cybersecurity will become far more complicated in the context of today’s emerging threat landscape, that is not only constantly changing, but is also expanding at an increasingly fast rate. Based on this, the need to start thinking outside-the-box when it comes to security is not only deemed as necessary, but it is the only way if we really want to face the most problematic element of cybersecurity, which is having a dynamic and equally evolving resilience plan that is capable of responding to evolving threats.


It is imperative to understand that the unfortunate event of being compromised is an unpredictable but real state of operations for any entity. However, the ability to predict, detect, respond and successfully recover from a cyber breach is the essence of Cyber Resiliency, that sets the foundation for the new era of defence against Cyber warfare. Cyber resilience puts us in a stage where we are going to be able to run plausible attack scenarios across the current security posture of a small organisation all the way up to a whole smart city, allowing the results to be measured, act upon factual data, and fine tune our predictions for taking the next steps.


Readiness is defined by the speed of the threats being detected, while responding in a timely manner is what defines a proper cybersecurity strategy in place. Your cyber resilience strategy though, is measured on how effectively you have allowed yourself to recover.


Bio: Dr. Grigorios Fragkos is the Head of Offensive Cybersecurity for DeepRecce, leading the team that offers advanced attack and penetration services. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information Security, including studies on applied CyberSecurity at MIT, along with his experience in the CyberDefense department of the Greek military, is invaluable when it comes to safeguarding mission critical infrastructures. Worked with the military, the police and various well-known organisations on their cyber defense strategy. Written the next generation SIEM as part of his PhD research with “notional understanding” of network event. Public speaker and presenter to various InfoSec related conferences worldwide (MasterCard GRMC, SnoopCon, SteelCon, BSides London, BSides Manchester, etc) with the characteristic "Think outside the box" being the moto.

More at:

Twitter: @drgfragkos


Go to Top>>


Dr Jessica Barker, Independent Cybersecurity Consultant, J L Barker Ltd

Title: Cybersecurity vs Infosec: why language matters


Abstract: The language of security is something which divides and delights us. ‘Cyber’ is rejected and ridiculed as a buzzword by many in the industry whilst being increasingly embraced by the media, the public and the Board. If it works for the people we are desperately trying to reach, does it really matter if you don’t like it and it had an altogether different meaning 20 years ago? And, when we look at the lexicon of security, aren't there far more damaging terms which we use without hesitation?


In this talk I will unpick the language of security, to encourage debate about terms we take for granted and ones we love to hate. The aim of this talk is to explore whether definitions matter, with the hope of breaking down some barriers in communication.


Bio: With a background in sociology and civic design, Dr Jessica Barker specialises in the human side of cyber security. As an independent consultant, Jessica is engaged by FTSE100 companies, central government and SMEs across the defence, health, financial and retail sectors to advise organisations how they can keep their information safe while getting the most out of it. Jessica’s consultancy work involves leading and delivering information security audits, from which she develops roadmaps which take organisations on a journey of improved cyber security maturity. Jessica also specialises in learning and development packages which raise cyber security awareness and improve behaviours.


Go to Top>>


Marie Moe PhD, Research Scientist at SINTEF

Title: Embodied vulnerabilities - Why I am hacking my own heart


Abstract: This talk will be about medical device security and privacy, in particular for connected medical devices like implanted cardiac devices with remote monitoring functionality.


Gradually we are all becoming more and more dependent on machines. We will be able to live longer with an increased quality of life due to medical devices and sensors integrated into our bodies. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device may cause patient harm and have fatal consequences. Marie's life depends on the functioning of a medical device, a pacemaker that generates each and every beat of her heart. This talk is about Marie's personal experience with being the host of a vulnerable medical implant, and why she decided to start a hacking project, investigating the security of her own personal critical infrastructure.


Bio: Marie Moe cares about public safety and securing systems that may impact human lives, this is why she joined the grassroots organisation “I Am The Cavalry". Marie is a research scientist at SINTEF, the largest independent research organisation in Scandinavia, and has a PhD in information security. She is also an associate professor at the Norwegian University of Science and Technology, where she teaches a class on incident response and contingency planning. She has experience as a team leader at the Norwegian Cyber Security Centre NorCERT, where she did incident handling of cyberattacks against Norway’s critical infrastructure. She is currently doing research on the security of her own personal critical infrastructure, an implanted pacemaker that is generating every single beat of her heart. Marie loves to break crypto protocols, but gets angry when the weak crypto is in her own body.


Go to Top>>


Richard Costelloe, Information Risk Officer, the KBC Group CERT team

Title: Irish Financial Cyber-Scams: 2016 in Review


Abstract: ‘CEO fraud’, deceptive websites, fake mobile apps and countless waves of phishing scams… 2016 has been a busy and certainly profitable year for the scammers, phishers, cyber-fraudsters and money-mules targeting Irish banking customers, private businesses and the general public. From simple scam emails to complex plots involving fake online banks, the motivations, skills and successes of cyber-fraud actors aiming for our bank accounts have remarkably increased this year. With the aim of raising awareness, understanding and resistance, this presentation will highlight and explore several examples of the Irish-specific online scam and fraud campaigns which have been hitting our email inboxes in 2016.


Bio: Richard Costelloe is an Information Risk Officer with the KBC Group CERT team. His background includes information security consulting and over twelve years focused on technical security and risk within financial services.


Go to Top>>



Richard Flanders, EMEA Sales Manager vSEC at Checkpoint Software

Title: Protecting digital assets in a Software-defined world


Abstract: This presentation will be about how companies that are looking at moving to the Cloud must be aware of the potential security issues and how they can employ various techniques to avoid data loss and malware attacks. The presentation will focus on the various ways attackers have compromised systems in the past and how these methods of intrusion can be closed off to potential hacks.


Bio: Richard has been involved in the IT business for 30 years, and has held a number of senior roles at organisations such as Computacenter, MTI, Fujitsu-Siemens, and VMware. He has also been long-standing contributor  to the Coleman Research Group, consulting with a wide variety of businesses to advise them on Cloud and Virtualisation strategy. He has been involved with significant projects across a wide range of vertical markets and is well-known as a speaker who provides insight into the key issues faced by companies who are adapting to the ever-changing nature of the IT landscape.


Go to Top>>


Robert McArdle, Manager Threat Research Team , Trend Micro

Title: The differences and niches in the different major criminal undergrounds


Abstract: Back in 2012 Trend Micro’s FTR team (Forward Looking Threat Research) put out our first criminal underground paper focusing on the cybercrime underground in Russia. Since then we are now on our 3rd Russian paper and have added analysis for China, Brazil, US, Japan, Germany and the Deepweb as well. Recently we looked back over our underground research over the years, and while certain things are common pretty much everywhere (hint – you’d need to be pretty poor at internet searching to not be able to buy a stolen credit card these days) - there are certain things that are unique to each country. Whether its goods for sale, business models, how criminals operate, culture or even just the way the undergrounds are laid out – in this talk we’ll look over each one and show what sets them apart, and what people in each region should bear in mind when defending themselves.


Bio: Robert is the manager of Trend Micro's Forward Looking Threat Research team in Europe, where he is involved in analyzing the latest cybercrime threats, specializing in researching the future threat landscape, Open Source Intelligence (OSINT) and coordinating investigations with international law enforcement.

Robert is a regular presenter for the press and at security conferences. He also lectures in Malware Analysis and Cybercrime Investigations on MSc modules at Cork IT and University College Dublin (UCD). He worries that his hobby and job are one and the same, and constantly wonders if "normal" people have that problem.


Go to Top>>




Thanks to the generosity of our sponsors IRISS is able to host this event. The following organisations kindly lent their support to our conference.


Help Net Security has been a prime resource for information security news since 1998. The site is updated daily with fresh content including interesting articles, information on new product releases, latest industry news and more. Besides reading daily news coverage, you can download all of the issues of our digital (IN)SECURE Magazine.


Should you or your company be interested in sponsoring the upcoming event or sponsoring IRISS please send an email for for our sponsorship pack.


Go to Top>>



ISI TI-Accredited WARP