The 9th IRISSCERT Cyber Crime Conference (IRISSCON) will be held this year on Thursday the 23rd of November 2017 in the Ballsbridge Hotel, Pembroke Road, Dublin. This is an all-day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats.
Experts on various aspects of cyber crime and cyber security share their thoughts and experiences with attendees, while attendees will also have the opportunity to network with likeminded individuals.
The conference is open to anyone with responsibility for securing their business information assets. There is a nominal fee of €30 per person attending to cover the costs of catering and other organisational expenses.
An annually held conference, IRISSCON is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment. Here is a video giving an overview of IRISSCON.
In parallel to the conference, IRISSCERT also hosts Ireland's premier IRISSCON Cyber Security Challenge. The challenge allows Ireland's top cyber security experts to compete against each other in a controlled environment to see who will be the first to exploit weaknesses in a number of systems and declare victory. The purpose of the competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.
Date: Thursday, 23rd November 2017
Venue: Ballsbridge Hotel, Pembroke Road, Dublin
Go to Top>>
Christopher Boyd, Malware Analyst, Malwarebytes
Title: Mahkra ni Orroz
Abstract: In 2008, I went head-to-head with a collective of malicious trolls and had MySpace patch up an exploit, breaking the group’s tools and tactics in the process. After a series of takedowns, they took it personally and went on the offensive, until a mysterious figure joined the fight, promising to bring me down in the most drawn out, comprehensive way possible. Unforeseen happenings and poor decisions resulted in a dedicated forum spreading my logins and data across hundreds of users, all of which was given to them by their one-step-ahead benefactor.
For many months, I was forced to jump through an increasingly dubious set of hoops, with the promise of one final, grand, devastating reveal at the end of it all.
In this talk, you will see:
- The price paid for public-facing research
- How easily your social graph will betray you for a get out of jail card
- A meticulously planned out piece of forum compromise, laced with unforeseen consequences
- A bank heist, overlaid with a smattering of blackmail
- The retroactive fallout that occurs when the single most devastating piece of information that can be dropped, is.
This in-the-trenches style account of a piece of research gone horribly awry is filled with wrong turns, social engineering, fakeouts, and a threaded message that nothing is ever quite what it seems. What happens when you put Mahkra ni Orroz?
Bio: Chris is a 7 time Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon, VB, and SecTor, and has been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent and the first DIY Twitter Botnet kit.
Dr Jessica Barker, Co-Founder, Socio-Technical Lead, Redacted Firm
Title: Would the real imposter please stand up?
Abstract: This talk explores imposter syndrome in cyber security, with findings based on primary research. Imposter syndrome is the internal feeling of being inadequate – of expecting to be ‘found out as a fraud’ – no matter how qualified, experienced or externally successful you may be. In the discussion, I will explore:
Exploring common challenges and difficult emotions which can be exacerbated by the stresses and culture of cyber security, the aim of this talk is to open a dialogue in which we feel more comfortable discussing personal insecurities and anxieties.
- Causes of imposter syndrome
- The high rate of imposter syndrome in cybersecurity
- Why it is seemingly so prevalent in the cybersecurity industry
- What you can do to overcome the negative elements of imposter syndrome and channel any such feelings into positive thoughts and behaviours
- What it means if you don’t have it.
Bio: Dr Jessica Barker is a leader in the human nature of cyber security, specialising in cybersecurity awareness, behaviour and culture. She recently co-founded Redacted Firm, a vendor agnostic security consultancy. Jessica is known for her clear communication style and for making cyber security accessible to all. Her consultancy experience, technical knowledge and sociology background enable her to translate technical messages to a non-technical audience. She has made many appearances on TV and radio and she presents at global conferences on the psychology and sociology of cybersecurity.
Javvad Malik, Security Advocate, AlienVault
Title: Three security professionals walk into a bar
Abstract: Three security professionals walk into a bar: ‘A’ security pro, ‘THAT’ security pro, and ‘THE’ security pro. You're a fantastic, talented, security professional that’s full of potential. But maybe your boss doesn't remember your name. Or maybe anyone outside of Ireland just doesn’t care about you unless your surname is Honan. I used to only be ‘A’ security pro. As a result, I didn't get any of the recognition or reward I worked towards. Not even my mother used to visit my blog. In this talk, I distil some of the key skills and traits taken from personal experience as well as industry professionals to present strategies you can employ to increase your value internal to your organisation as well as in the industry. For most, simply putting in the hours isn't enough to move up from being ‘A’ security person to becoming ‘THAT’ – or even ‘THE’ – security person.
Bio: The man, the myth, the blogger; Javvad Malik is a London-based IT security professional and security advocate at AlienVault. An active blogger, event speaker and industry commentator, he is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Quentyn Taylor, Director of Information Security, Canon Europe Ltd.
Title: The sights, the sounds, the smells of a hard working CISO on the road
Abstract: 17 years in infosec and not a day is the same; where are we now, and where are we going?
Bio: Quentyn Taylor is Director of Information Security for Canon Europe. He has a wealth of experience in both the IT and information security arenas and has driven Canon’s strategy to highlight the importance of document security and help business customers to minimise their security risk. Quentyn strongly believes in educating users about the importance of a comprehensive, overall security framework that will allow Canon’s business customers to improve security in a cost- effective way.
FC, Co-Founder, Head of Ethical Hacking
Title: How I rob banks
Abstract: A light-hearted trip through security failures, both physical and electronic, that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will take you through the lessons to be learned from an ethical hacker with a penchant for breaking into the impossible. Let me take you on a rollercoaster ride of epic fails and grandiose plans and my James Bond-like adventures including lockpicking, kidnap, police chases and multi-million pound bank heists.
Bio: FC is a well-known ethical hacker and social engineer. He has worked in infosec for over 20 years and excels at circumventing access controls. As an ethical hacker and social engineer, FC ‘breaks into’ hundreds of banks, offices and government facilities in the UK and Europe. His work demonstrating weaknesses in physical, personnel and digital controls helps organisations to improve their security. He is motivated by a drive to make individuals, organisations and countries more secure and better able to defend themselves from malicious attack. Now Co-Founder and Head of Ethical Hacking at Redacted Firm, he continues to perform valuable research into vulnerabilities.
Thom Langford, CISO, Publicis Groupe
Lee Munson, Senior Associate for information security, Publicis Groupe
Getting into the infosec industry from different directions
Abstract: In this panel discussion, Thom Langford and Lee Munson discuss entering the infosec industry from non-traditional backgrounds, focusing on the employer/employee angle.
Bio: As Chief Information Security Officer of Publicis Groupe, Thom Langford is responsible for all aspects of information security risk and compliance as well as managing the Groupe Information Security Programme. Lee Munson previously worked in retail but he changed direction completely and entered the field of information security through dedication and hard work. Along the way, he gained passion for the subject through research, self-education and writing, giving him a unique insight into the security discipline.
Linda NiChualladh, Regulatory and Competition Counsel, An Post Group
Title: to be announced soon
Abstract: to be announced soon
Ciarán McMahon, Director, Institute of Cyber Security
Title: Protecting what matters: cyber security lessons from surviving an earthquake
Abstract: : Not a week passes these days without another major cybersecurity event occurring. Yet some companies manage to handle these events well, and thrive, whereas others handle them poorly, and struggle to survive. In this talk, I try to provide some insight into how cybersecurity incident response can improve by applying some lessons from my own experience. But not professional or technical experience. A couple of months ago, while on honeymoon on the Greek island of Kos, my wife and I experienced a 6.7 magnitude earthquake. In this talk, I will attempt to explain how some life lessons from this event can be applied to cybersecurity incident response. I will talk about back-up procedure, crisis communications, and corporate culture. I'll also talk about dealing with the media, coping with aftershocks and what to do when things go feral. In sum, if we survived an earthquake, you should be able to survive your next breach.
Bio: Dr Ciarán Mc Mahon is a director of the Institute of Cyber Security and an award-winning academic psychologist from Ireland. A former Government of Ireland Scholar, he has published research on the cyberpsychology of online organised crime, the psychology of social media, digital wellness and the social impact of cybercrime. Dr Mc Mahon has extensive media experience and regularly offers measured opinion on many psychological aspects of information technology to local and international media.
Bob Jamieson, Chief Information Security Officer, Mallinckrodt Pharmaceuticals
Title: Digital Barbarians at the Gate: Winning at Cybersecurity in the Age of Cyber
Abstract: What we are doing right now is not working. We are continually being exploited by criminal elements, state sponsored actors, and insiders and are unable to stop them using our current cybersecurity practice/technologies. It is time that we change that practice to something different; we need to use offensive countermeasures to win in our digital age. Offensive countermeasures include how we rethink everything; our networks, our applications, our supply chains, our relationships, our processes, and our endpoints to aggressively solve cyber-attacks at the root level. This goes beyond technology and is focused on a complete strategic paradigm shift.
This presentation will look at the overall concept of offensive cyber-countermeasures and then focus on one of the biggest attack areas, identity theft. The three key takeaways for the session are:
- Why implementing a unified (physical and logical) Multifactor Authentication for the enterprise is an essential step in winning in this area
- Why implementing a unified (physical & logical) Identify and Access Management system that is extensible across all applications and manages both authentication and authorization further enables effective countermeasures.
- Why using a single capability in this space is an essential success factor in eliminating back doors into your systems
Bio: Dr. Robert (Bob) Jamieson is currently the Chief Information Security Officer for Mallinckrodt Pharmaceuticals and is responsible for leading a global effort to provide a secure information/digital environment for Mallinckrodt’s clients and internal users. Prior to this he was the Information Security Director for UL, LLC. Before working within the private sector, Bob served 22 years in the US Marine Corps where his primary focus was on Information/Data Security. His final assignment within the Marines was as the Commanding Officer of the Marine Corps School for Electronics. Bob holds a Bachelor’s of Business Information Systems from National University, a Masters of Business Administration from University of Redlands, and a Doctor of Education in Organizational Leadership from Argosy University.
David Stubley, CEO, 7 Elements
Title: Incident Response: Lessons from the trenches
Abstract: Over the past eighteen years, David Stubley has successfully managed security incidents that cover a broad spectrum of threats. These range from highly capable advanced persistent threats, through to opportunistic and untargeted attacks using commonly available exploit code. While all incidents are their own unique creations and the true nature of the incident only becomes clear during the course of the investigation, through those years of hands on experience, David has identified key lessons that will make the management of incidents easier and more effective.
Bio: Founder and CEO of 7 Elements, David brings over 18 years of experience within the technical security market, where he has gained a wealth of knowledge and expertise through the delivery of security testing and in the provision of technical expertise to high profile incidents. His specialist skill is bridging the gap between technical teams, senior management and C-level executives, to improve the understanding, use and development of security testing and incident response. David is an active member of the wider security industry, regularly presenting on the subject of information security and its many facets.
Maria Hyland, Security Program Director, IBM
Title: Gamification: And how it applies to you
Abstract:There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.~ Donald Rumsfeld
We have a responsibility to try to illuminate as best we can the unknown unknowns that may be threatening our business – these are zero days in security. The challenges associated with cyber defence, employee upskilling and hiring will not be solved with traditional methods alone. This talk explains a journey IBM has taken to build its employee and client cyber awareness, and presents a methodology for others to emulate and bring back to their organisations. Only through successful collaboration and information sharing can we hope to have a cyber secure future.
Bio: Maria operates in the cyber security space at IBM. She is a program director with responsibilities overseeing the resilience of IBM solutions to attack. She manages a large team of RED operators that are tasked with exploit identification and vulnerability mitigation. Her work involves product suites that operate across the full gambit of digital solutions from cloud, hybrid, on-premise and mobile offerings. Maria has a strong belief in the power of education through gamification. She orchestrates IBM's contributions to the Irish cyber Blue/Red team community. This work takes many forms including well known CTFs, cyber ranges and educational workshops. Maria recognises that the challenges associated with cyber defence and blue team upskilling will not be solved with traditional methods.
Thanks to the generosity of our sponsors IRISS is able to host this event. The following organisations kindly lent their support to our conference.