Infosec In the City (IIC)
SINCON 2021 CXO Workshop
Date/Time: 01 Dec 2021 (Wed), 2pm—4pm
SINCON 2021 CXO Workshop features in-depth sessions on the latest cybersecurity skillset C-suites, leaders, and senior officers must know and must have.
Equip yourselves with cutting-edge cybersecurity practices to combat advanced cyber threats. Join SINCON's and ITrainSec's experts in an insightful and educational session.
Welcome & Opening Address by Adrian M. & Emil Tan, Organisers & Founders, Infosec In the City (IIC), SINCON
OPSEC for C-Levels
by Zigor Zumalde, Director of Security, Thought Machine
The world is changing. The line between the physical and digital worlds has blurred, with most activities by companies and individuals occurring online. Technology is progressing, but users are not adapting to a new world in which cyber threats and risks grow exponentially.
A lack of understanding of operational security (OPSEC) and proper practice is exploited by attackers of all kinds on a daily basis, allowing them to abuse companies and individuals in a variety of different ways. C-level executives are particularly vulnerable as their roles make them one of the most common targets. This is not only a problem for their employers – it also affects their personal life.
Awareness is the first step to mitigation and should be followed up by a clear set of measures from both the company and the individual. However, OPSEC goes beyond the professional environment and the implementation of healthy practices to mitigate any potential problems.
Crisis Communication Strategy: The Last Line of Cybersecurity Lifecycle
by Denis Makrushin, Security Research Consultant
Every organisation with IT infrastructure is a target of cyber-attack. According to public statistics, more than 80% of the business is affected by cybersecurity incidents, and it doesn’t matter what the industry or level of the business is. Incident response procedures are necessary for any security programme, but when an attack starts, communication is the baseline for mitigation strategy to reduce the cost of the incident.
A crisis will happen, and mitigation costs rely only on the strategy of its communication and containment. The session is aimed to enable organisation leadership to perform the right decisions and actions during cyber security incidents.
Detecting and Handling Supply Chain Cyber Attacks by Vladimir Dashchenko, VP, Threat Intel, DeNexus
Supply Chain is becoming one of the most dangerous and increasingly popular attack vectors. According to Accenture, as much as 40% of cybersecurity attacks are now occurring indirectly through the supply chain. Fair to say that these attacks are not that common compared to classical attack vectors, but the complexity and impact associated with them are significantly higher. At the moment it is likely there are more ongoing 'SolarWinds'-like attacks yet to be unearthed.
This talk covers a set of essential procedures, tools and technologies, contract requirements and general awareness that proved to be the best angle to minimise the risk of becoming a victim and to spot&stop supply chain attacks.
Buying Threat Intel? Well, You Cannot by Vincente Diaz, Threat Intelligence Strategies, VirusTotal
The most common mistake companies make is thinking that threat intelligence is something you can just buy from the cybersecurity market. Although threat intel uses data from the IT security industry, each individual case is unique because their goals are different.
Developing an approach when it comes to threat intelligence can be compared to military tactics. You need to know your enemy, learn their behaviour and know their weaknesses. Together, this information can help to build a very strong defence strategy, reduce the attack surface and keep your assets safe.
Zigor Zumalde, Director of Security, Thought Machine
ZIgor has been working in the field of information security for the last 16 years. He is currently working as Director of Security for Thought Machine. He also worked as Principal Security Engineer in the Skype Product Security team at Microsoft, and Senior Security Engineer for Betfair. Zigor has been exposed to a broad range of information security disciplines including penetration testing, security architecture and product security. In his current tenure with a UK unicorn fintech, he has designed and led a modern security practice reconciling DevOps engineering agility and global financial service high assurance security requirements.
Denis Makrushin, Security Research Consultant
Denis Makrushin is a security researcher and consultant focusing on vulnerability assessment and product security. Denis formerly worked for Ingram Micro as the Head of Application Security. He built and implemented a product security program for an enterprise-scale platform used by companies from the Fortune 100 list.
More recently, as a Security Researcher with the Global Research and Analysis Team at Kaspersky, he focused on vulnerability research and security assessment of emerging technologies.
Denis has trained and presented at many international conferences, including DEF CON, RSA Conference, Security Analyst Summit, and Infosecurity, as well as at multiple closed-door industry events. He holds a master’s degree in Information Security from the National Research Nuclear University.
Vladimir Dashchenko, VP, Threat Intel, DeNexus
Vladimir Dashchenko is a VP of Threat Intelligence at DeNexus. He has 10+ years of offensive and defensive security experience in different roles: penetration tester, vulnerability researcher and security analyst.
Vladimir started his career at the Federal Space Agency in Russia as a security engineer. He was also leading the Kaspersky ICS CERT Vulnerability Research team and doing various projects on ICS/IoT/automotive security.
You might see his name mentioned in security advisories or ‘Halls of Fame’ by different world-known vendors, such as Siemens, Schneider Electric, Rockwell Automation, Gemalto, BMW, etc
Vincente Diaz, Threat Intelligence Strategies, VirusTotal
Vicente Diaz recently joined the VirusTotal team in Google as Security Engineer and Threat Intelligence Strategist. Previously, Vicente worked in Kaspersky’s Global Research & Analysis Team for almost 10 years as Principal Security Analyst and Deputy Director for EU, leading and co-creating Kaspersky's APT Intelligence Reporting Service. Previously, he was an E-crime manager in S21sec for almost 5 years. Vicente holds a degree in Computer Science and MSc in Artificial Intelligence from the UPC.