Image by israel palacio

#IICSG2019 CONFERENCE
BUSINESS & COMMUNITY (BIZCOMM) TRACK

Experience cybersecurity industry leaders, professionals, practitioners, and enthusiasts share their knowledge, insights, tools and techniques in an open, conversational environment.

Available to all #IICSG2019 full conference and exhibitions pass holders at the BizComm Theatre located in the Exhibition Foyer.

 

Day 1 (19 Jun 2019)

10.00am—10.45am

LET'S TALK CYBERSECURITY
BY OMNICOM PUBLIC RELATIONS GROUP


11.00am—11.45am

B2B STORY TELLING: COMMUNICATIONS & CONTENT
BY OMNICOM PUBLIC RELATIONS GROUP


2.00pm—2.45pm

MARKETING IN THE NEW AGE OF MEDIA
BY OMNICOM PUBLIC RELATIONS GROUP


3.00pm—3.45pm

SHIFTING LEFT: SCALABLE DEVSECOPS
BY LUCAS KAUFFMAN, EY

My talk aims to provide insight into what DevSecOps is and why, after moving to Agile/DevOps this is the next natural progression. One of the biggest issues I realized when implementing DevSecOps is with regard to scalability and culture change. I want to highlight some practical issues that are present in large organizations which hamper moving to DevOps or DevSecOps and how to tackle them. It will look at People, Processes and Technology and what the practical approaches are to tackle these issues. The talk will present the viewpoints from both development, business and security, how they differ from each other and how to overcome them (what do you provide to each stakeholder to make them buy-in). It will provide a list of lessons learned, common pitfalls and how security can become an enabler for an organization to move faster. This talk is not focusing on tools, rather looking more into the people and process aspect.

4.00pm—4.45pm

MALWARE FORENSICS TO ZERO-DAY DISCOVERY
BY MICHAEL ART REBULTAN

Behavior extraction used often time in both malware analysis and threat hunting to identify unique dynamic features from portable executable file and gather IOC. What if with the same approach you will be able to find a gem that no million-dollar EDR and AV security solutions have never detected yet – zero-day exploit.


Utilizing free and open source software in applied digital forensics would change the game of the blue teamers in defending their organization and tracking adversaries that attacking them and be able to attribute to a threat actor.

Demystifying zero-day malware hunting and analyzing malware behavior within the stipulated time are the key takeaways of this talk.

5.00pm—5.45pm

CONTINUOUS ASSET DISCOVERY: MONITORING AN EVER-CHANGING LANDSCAPE
BY ISAAC DAWSON, LINKAI

If an exploit was released in a popular web server or framework, would you know if it affected any your web sites? How about that marketing campaign site that was setup two years ago and everyone forgot about? How long would it take for you to find an answer to those question? Asset discovery and management assists in solving these problems. Knowing what you own, and what dependencies it has is critical to securing your infrastructure.

 

Day 2 (20 Jun 2019)

11.30am—12.15pm

WHEN THE LIGHTS TURN RED: PROVIDING RAPID, SECURE ACCESS TO THINGS THAT MATTER
BY IAN SCHMETZLER, DISPEL

Our world is full of sensors and applications that analyze their data feeds. But, when it comes to acting on information from systems that truly impact our lives, our response continues to involve either driving to the machine or working through a 5 to 10-minute login process. What happens when you don’t have that time? In this session, Ian Schmertzler, President of Dispel, will cover how his firm has solved the problem of rapidly accessing critical systems remotely in the United States and Europe.

2.00pm—2.45pm

IOT PRODUCT SECURITY IN PANASONIC 
BY YUKI OSAWA & CHEN PO YAO, PANASONIC

Cybersecurity issues have affected computers, smartphones and now IoT devices. Not surprising is that traditional hardware manufacturers who simply made products "smart" by adding networking functions into products without security considerations, are now facing a tough time handling IoT security issues. This presentation will introduce how Panasonic ensures the security of its IoT devices as an electronics corporation.

3.00pm—3.45pm

RIOT — RESPONDING INCIDENTS IN OPERATIONAL TECHNOLOGY (OT)
BY LUCAS KAUFFMAN, EY

Information Technology (IT) is never been equal to Operational Technology (OT) even the beginning of Gen4 and so an incident response to industrial control systems would not be the same; both the methodologies, approach and even the policies.

An IT security expert should work closely with the control engineering with the mindsets that are aligned to the ICS-NIST framework that supports SRP triad instead of the CIA from the information system.


This talk aims to bridge the digital and industrial divide on IT and ICS/OT which will showcase the practical ways to form a solid IR team to combat cybersecurity threats and firefight when an incident occurs in most effective ways.


Key Take Away

  1. IT incident response team preparation for OT environment

  2. Bridge IT/OT knowledge gap

  3. Playbook designing

  4. Strategic policy creation

  5. Use cases for defense-in-depth