I can also be found writing on BH Consulting as Brian Honan's Social Media manager as well as appearing on Naked Security.




Storm Troopers, Milk And No Beer – Cyber Security Expo 2014

They say there is a first time for everything and yesterday they were right. Thrice.

Despite only living a few miles away from Excel London, I’ve never been to the venue. I’ve also never been to IP Expo either, and I’ve certainly never tried combining such an event with a full day (or evening in my case) at work.

But yesterday I rolled all three into one.

After dropping my kids at school I drove to work (a performance in itself at that time in the morning), dumped the car and jumped on the tube/DLR and headed on over to Custom House.

I arrived too late for the Sir Tim Berners-Lee keynote but was plenty early enough for the first talk I really wanted to see so all was well.

With a few minutes to spare, I had a quick walk around what appeared to be a scaled down version of InfoSec, complete with semi-booth babes and the usual swag, bumping into John Leyden on the way. With John being bogged down with the trappings of fame (actually, I think that rucksack just has a million pens and a notepad in it) we elected to bump knuckles (I was going to describe this in another way but my kids are far more savvy than I and said it could be misinterpreted) instead of going with the more traditional handshake.

Next, a keynote from Brian Honan and Amar Singh entitled “Preventing the Lethal Breach : The initiative supporting Charities in Cyberspace” which served as an introduction to GiveADay, a great initiative that hopes to see a number of security professionals give up some time to support rather than merely help charities which do, of course, face the same challenges as traditional businesses in terms of protecting ‘customer’ data.

I’ll be writing more on that later and elsewhere so, for now, I’ll leave you with an image of Mr Honan who I know will hate the exposure, despite the fact that I captured his good side (if such a thing exists):

good side

During the course of Brian and Amar’s keynote I bumped into another familiar face in the form of Sarah Clarke, who is also involved in GiveADay, along with Jane Frankland who’s Twitter bio I remember well.

I also had the displeasure of my first interaction with notorious conference fiend Mr Andrew Anges who sneakily sat behind me and snapped an image of my full head of hair.

Here he is trying to look all sweetness and innocence, a look those of us who know him will never, ever buy into:

sweetness and innocence

In the aftermath of the keynote, during which I failed to supply a promised beer to the normally teetotal Mr Honan (sorry Brian – next time), I was able to quickly catch up with Ms Sweetie for the first time in too long.

I still haven’t gotten used to kisses and hugs at conferences (but I could learn I’m sure) but it was great to catch up with Neira whose knowledge and accent are a combination I could listen to all day.

Next up was a quick trip outside the main venue to solicit some dinner seeing as I would later have to travel directly to work without the merest possibility of passing Go. Captured audience and London prices were evident but by golly it was a nice bit of Chicken Masala.

After filling my face the next talk of interest was good to go. I’ve known Jitender Arora for some time now and know him to be a great guy with a huge passion for infosec and someone who is more than happy to give up his valuable time to help others. I’ve never seen or heard him talk though.

That changed yesterday though as I caught his “Have cyber security professionals lost their touch?” keynote. I sat alongside the aforementioned Mr Anges, we had previously promised to heckle Jitender if his talk was a bit, you know, substandard.

Fortunately though, all was well. No, not well, very bloody good actually.

strengths and weaknesses

In what I later learned was a change of direction, the master planner went with a fluid presentation that referred back to the previous talk from a pop star called Mikko (is that a girl band?) as well as picking up on Mr pint-size and the fact that his daughter may be making an early move into the industry.

Overall I thought Jitender’s talk was excellent, looking at the likely future skills shortage in the industry, the role universities may have to play in addressing that, and the problems associated with promoting technical experts out of their chosen field and into management.

I was left with unanswered questions (my curiosity, not Jitender’s lack of information) but they’ll be answered later :-)

With Jitender being swamped by groupies I considered my next move. I saw an upgrade from Mr pint-size in the form of 2-litre man Mo Amin who I seem to have bumped into a lot lately.

As Mo has signed up to help GiveADay, and I have an interest in the same (no tech skills to offer but I think the initiative is great) we went on a magical mystery tour that led us to an obscure room upstairs that was so out of the way I think many people missed it.

There we saw Neira kick off a four part introduction to GiveADay by talking about security awareness, something of interest to both Mo and myself for differing reasons.

sweetie

Neira’s presentation was flawless, thanks to her Skype contacts not initiating a conversation at an inappropriate time, and covered an informative video on the Target and other breaches, a 3-legged stool, QR codes and her awesome 10 commandments of your digital life.

Next, and lastly, the talk I’d been waiting all day for – Sarah Clarke on people in security. I’ve known Sarah for a short while but only previously met her at the Rant Conference earlier this year. I hope she doesn’t mind me saying this but she seemed to be a little lacking in confidence at the time. Not in her ability mind, she certainly knows her stuff, but I think her location had made it difficult to attend such events in the past.

So, seeing her give a talk, albeit in front of a relatively small audience, was great and I thought she did exceptionally well too, talking about risk, human error, breaching a military institution and offering up some interesting formulas that I’m now keen for her to share with me (hint, hint).

After that, Mo and I made our exit, via a confuddled Mr Singh who probably wondered why we were ejecting half way through the 4 talks (it was a question of time, nothing else).

After a brief encounter with a Storm Trooper (why is it never Princess Leia?) who reminded me of Leia’s comment to Luke about being a little on the short side for the costume he was wearing –

short

– as well as a real-life parking enforcement bust –

parking ticket

– it was time for lucky Mo to head home while I headed off to work and a stark yank back down to reality.

Survey: 80 Percent Of IT Security Professionals Say They Can Detect A Data Breach On Critical Systems Within A Week

Tripwire, Inc. today announced the results of a survey of 215 attendees at the Black Hat USA 2014 security conference in Las Vegas, Nevada. Industry research shows most breaches go undiscovered for weeks, months or even longer. Despite this evidence, 51 percent of respondents said their organisation could detect a data breach on critical systems [...]

Continue

Heartbleed Research Shows Top Companies Are Slow To Mitigate Threat

According to Venafi, 97% of Global 2000 organisations’ public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL. Undiscovered for over two years, Heartbleed is an OpenSSL vulnerability that allows attackers to [...]

Continue

Emmental, The Swiss Cheese Of Banking Security

Researchers at Trend Micro have discovered a new attack centred around a hole in Android-based two factor authentication systems used by some banks in Austria, Japan, Sweden and Switzerland. The attack begins in a familiar way – the prospective victim will receive a phishing email that will appear to be from a well-known and reputable site. [...]

Continue

Brits Abroad: Workaholic Holidaymakers Take Their Insecure Practices And Devices With Them

With the schools out for summer, it’s time for Brits to pack up their suitcases and jet off to sunnier destinations, and a new July 2014 survey from ESET in conjunction with One Poll has revealed most people won’t be forgetting their work-enabled mobile device in their luggage this year, with the anticipation of having to [...]

Continue