#IICSG2019 CONFERENCE
BUSINESS & COMMUNITY (BIZCOMM) TRACK

Experience cybersecurity industry leaders, professionals, practitioners, and enthusiasts share their knowledge, insights, tools and techniques in an open, conversational environment.

Available to all #IICSG2019 full conference and exhibitions pass holders at the BizComm Theatre located in the Exhibition Foyer.

 

Day 0 (18 Jun 2019)

10.30am—11.15am

INCOGNITO WAR STORIES
BY MIKE MONNIK, PRIVASEC

Privasec has built a phenomenal reputation for helping our clients keep the bad guys out. We are so successful because of what we do best - breaking into these companies first and retrieving their highly classified information. Don’t worry, we have good reasons to do it. 

Have you ever wondered what it’s like to break into a building? Would you like to access the hidden world of a rogue intruder? You are in for a treat as Privasec’s Managing Consultant, and leader of the Red Team, reveals some surprising discoveries from actual Red Team attacks. Come and meet the hacker who attacks to protect.

1.30pm—2.15pm

GLOBAL CISO INSIGHTS
BY SHAMANE TAN

Hear the story behind the first-ever published compilation of insights from some of the greatest leaders we know.


Meet 50 industry leaders from all over the world, CEOs, CIOs, CISOs, (yes, the unsung C-suite), from the US, Europe, Singapore, Israel, and Australia, all captured in these pages.

Get up close and personal with Shamane Tan as she shares the story behind this book, which was birthed from the hundreds of coffees she has had with the different C-suite from her 9 years of being in this industry.


In this session, she unpacks her key learns in her journey of writing this book. You will hear some insights, including some funny encounters revealed by C-suite across the globe 

For security professionals, upcoming or current CISOs, you will not want to miss out on the top 3 tips from CISOs around the world. They have learnt it the hard way.

The introduction of her bonus chapter which brings you into the minds of the CISOs and what they have learnt to look for in their security partners

2.30pm—3.15pm

STARTUP KOPI CHAT (PANEL DISCUSSION)
BY DIVISION ZERO (DIV0)'S STARTUP QUARTER (SUQ)


3.30pm—4.15pm

LEARNING CAR SECURITY FROM AN "EASEL"
BY DIVISION ZERO (DIV0)'S CAR SECURITY QUARTER (CSQ)
— ALINA TAN, TAN PEI SI, SOLOMON TAN

The Automotive Cybersecurity landscape is ever-changing and threats towards the industry are constantly evolving. Due to the sensitivity of the domain, we know it’s hard to learn about cars based on the limited information made available to the public.

In this talk, we will address the basics communication protocols such as the Controller Area Network (CAN) bus and how we built a prototype to learn more about Automotive Cybersecurity. We will also address the logistics on finding the right parts and resources, and include time-saving techniques to reverse engineer CAN IDs without using the proprietary tools as well as methodologies to compile a CAN database. We will also address the misconceptions when building a test bench with limited resources that consist of only an Engine/Electronics Control Unit (ECU) and Instrument clusters.

 

Day 1 (19 Jun 2019)

10.00am—10.45am

LET'S TALK CYBERSECURITY
BY OMNICOM PUBLIC RELATIONS GROUP


11.00am—11.45am

B2B STORY TELLING: COMMUNICATIONS & CONTENT
BY OMNICOM PUBLIC RELATIONS GROUP


2.00pm—2.45pm

MARKETING IN THE NEW AGE OF MEDIA
BY OMNICOM PUBLIC RELATIONS GROUP


3.00pm—3.45pm

SHIFTING LEFT: SCALABLE DEVSECOPS
BY LUCAS KAUFFMAN, EY

My talk aims to provide insight into what DevSecOps is and why, after moving to Agile/DevOps this is the next natural progression. One of the biggest issues I realized when implementing DevSecOps is with regard to scalability and culture change. I want to highlight some practical issues that are present in large organizations which hamper moving to DevOps or DevSecOps and how to tackle them. It will look at People, Processes and Technology and what the practical approaches are to tackle these issues. The talk will present the viewpoints from both development, business and security, how they differ from each other and how to overcome them (what do you provide to each stakeholder to make them buy-in). It will provide a list of lessons learned, common pitfalls and how security can become an enabler for an organization to move faster. This talk is not focusing on tools, rather looking more into the people and process aspect.

4.00pm—4.45pm

MALWARE FORENSICS TO ZERO-DAY DISCOVERY
BY MICHAEL ART REBULTAN

Behavior extraction used often time in both malware analysis and threat hunting to identify unique dynamic features from portable executable file and gather IOC. What if with the same approach you will be able to find a gem that no million-dollar EDR and AV security solutions have never detected yet – zero-day exploit.


Utilizing free and open source software in applied digital forensics would change the game of the blue teamers in defending their organization and tracking adversaries that attacking them and be able to attribute to a threat actor.

Demystifying zero-day malware hunting and analyzing malware behavior within the stipulated time are the key takeaways of this talk.

5.00pm—5.45pm

CONTINUOUS ASSET DISCOVERY: MONITORING AN EVER-CHANGING LANDSCAPE
BY ISAAC DAWSON, LINKAI

If an exploit was released in a popular web server or framework, would you know if it affected any your web sites? How about that marketing campaign site that was setup two years ago and everyone forgot about? How long would it take for you to find an answer to those question? Asset discovery and management assists in solving these problems. Knowing what you own, and what dependencies it has is critical to securing your infrastructure.

 

Day 2 (20 Jun 2019)

11.30am—12.15pm

WHEN THE LIGHTS TURN RED: PROVIDING RAPID, SECURE ACCESS TO THINGS THAT MATTER
BY IAN SCHMETZLER, DISPEL

Our world is full of sensors and applications that analyze their data feeds. But, when it comes to acting on information from systems that truly impact our lives, our response continues to involve either driving to the machine or working through a 5 to 10-minute login process. What happens when you don’t have that time? In this session, Ian Schmertzler, President of Dispel, will cover how his firm has solved the problem of rapidly accessing critical systems remotely in the United States and Europe.

2.00pm—2.45pm

IOT PRODUCT SECURITY IN PANASONIC 
BY YUKI OSAWA & CHEN PO YAO, PANASONIC

Cybersecurity issues have affected computers, smartphones and now IoT devices. Not surprising is that traditional hardware manufacturers who simply made products "smart" by adding networking functions into products without security considerations, are now facing a tough time handling IoT security issues. This presentation will introduce how Panasonic ensures the security of its IoT devices as an electronics corporation.

3.00pm—3.45pm

RIOT — RESPONDING INCIDENTS IN OPERATIONAL TECHNOLOGY (OT)
BY LUCAS KAUFFMAN, EY

Information Technology (IT) is never been equal to Operational Technology (OT) even the beginning of Gen4 and so an incident response to industrial control systems would not be the same; both the methodologies, approach and even the policies.

An IT security expert should work closely with the control engineering with the mindsets that are aligned to the ICS-NIST framework that supports SRP triad instead of the CIA from the information system.


This talk aims to bridge the digital and industrial divide on IT and ICS/OT which will showcase the practical ways to form a solid IR team to combat cybersecurity threats and firefight when an incident occurs in most effective ways.


Key Take Away

  1. IT incident response team preparation for OT environment

  2. Bridge IT/OT knowledge gap

  3. Playbook designing

  4. Strategic policy creation

  5. Use cases for defense-in-depth

 

Contact Us

Terms of Use | Code of Conduct

All rights reserved.

IIC Productions (Pte. Ltd.) © 2017-2020.