Tuesday 18th September 2018

Theme. 'Remove the blind spots then think like a hacker; don't become another what
went wrong case study.'

Meeting called by: Mel Turner

Type of meeting: IISP Branch meeting

Facilitator: BT Adastral Park. Ipswich.

Event Sponsor: Local Branch

Branch: East Anglia

Attendees: IISP Members + IISP guest none members.

Meeting Agenda

• 15:00 Initial meet and greet and Welcome

Introductions from, (Mel Turner, Alan King)

• 15:05 Agenda

Welcome guest speakers and Sponsor for participation

• 15:10 IISP brief and housekeeping information.

Mel Turner, Alan King

• 15:20 Introduction from our sponsor Ixia Solutions Group - Keysight Technologies opening this meeting Ixia present their expert Xavier .

• 15:30 Xavier Rousseau a consultant from Ixia Solutions presents. Eliminate your blind spot!. This is often an area that organisations graple with to gain the correct level of expertise and understanding and as such this should be an extreamly valuable talk. Ixia have delivered excellent talks to the IISP in the past and this will on par with those.

“Eliminate your blind spots, the latest versions of SSL/TLS might be your worst enemy.

This presentation will delve deep, and explore existing network infrastructure blind spots, as well as the impact and benefits of adopting TLS1.2/TLS1.3.”

Abstract :

The adoption of robust technical solutions has led to an increase in confidence and enhanced levels of security. Nevertheless, blind spots can still remain undetected, and allow for new threats targeted at business, regardless of any and all network investments already made. From a security perspective, these new threats may have a detrimental impact on company systems and processes implemented to enhance level of security, and in some cases, render them obsolete. The key requirements for a robust cyber security solution are more complex from a delivery standpoint. From an attacker’s perspective, and the ability to carry out attacks on companies with ease continues to evolve, as will the need for them to adapt their tools.

An introduction to our second speaker Sam Gold from Hackerone

• 16:20 Russell Coleman and Laurie Mercer from Hackerone present. Gamifying Security.Testing to Drive Security Culture.

This will be very topical and a growing area of security validation indusrty is now using to give additional insight to their security posture.

Teaser. Security professionals engage in a notoriously epic battle to recruit different audiences to the cause of safer products and lower risk. A former pentester and a security startup leader share their stories of understanding intrinsic motivations and applying a marketing mentality to cultivate security champions

Last but not least Andy Young senior SE from Digital Shadows

• 17.10 Digital Shadows present,Digital Truth or Dare: Disturbing Threats with Extraordinary Risk

I have attended one of Andy Youngs talks before and they are extreamly informative backed by a wealth of experiance.

Misconfigured Amazon S3 Buckets are in the news most weeks for exposing data, but is that the full story? Digital Shadows found 1.5 billion business and consumer files exposed online just one month before businesses face GDPR legislation. Vast exposure of data – some 4000 times larger than the Panama Papers – includes documents spanning payroll data, tax return information, medical records, credit card data and intellectual property.

All

• 17:45 Networking (Refreshments)

All

• 18:45 Close

---

Please note:

For those non BT IISP members and guests travelling to Adastral Park please report to the BT reception at the side of the main gatehouse. At the reception you will receive a name badge and directions to the venue. (Please leave yourself 15 minutes to obtain a pass and get to the Crucible venue).If you have registered via Eventbrite will have your names. Anyone having problems registering please email myself prior mel.f.turner@bt.com with IISP event in the email title.

Directions below

http://adastral.co.uk/how-to-find-us/

Please bring:

BT ID badge (BT Employee), Confirmation email (None BT Employee)

---

Bio's provided.

Xavier Rousseau a consultant from Ixia Solutions

Xavier has 16 years of experience in cybersecurity. Starting off as a penetration tester for the French Department of Defense, he later spent eight years working in Security System Integration for Orange Business Services. It was here that he gained vast experience in the areas of IPS, WAF, DLP, Honeypot, Security Operation Center, Penetration Testing, and ISO-27001. He also gained experience as a beta-tester for various IPS vendors, as well as working with the Orange R&D department. He is currently working for a Network Test/Visibility company as a Security Consultant and Researcher (Keysight Application and Threat Intelligence). Xavier's position involves evaluating security controls including IPS, Sandboxes, WAF and NGFW, as well as many others, and he is in charge of developing new methodologies and products to test technologies' performance, stability and engine maturities. He also works with various IT security vendors' R&D departments, Governments, as well as defense agencies and contractors with a focus on Cyber Range.

Andy Young, Senior Systems Engineer, Digital Shadows

Andy Young, Senior SE at Digital Shadows, has been application and security testing for over 16 years. He evangelises the need for digital risk management beyond the perimeter. For the last 18 months in his current role at Digital Shadows, Andy has been responsible for technical pre-sales activities, helping customers discover the extent of their online exposure.

Andy began his career in the Royal Air Force, before embarking on a career in application and security testing. As cloud-based deployments have pushed perimeter security further away, Andy has focussed on finding the digital risk posed by the inevitable data leakage, and threats posed by threat actors targeting organisations.