Event Recording

Panel | Overcoming vulnerabilities around Human Factors

Show description
Speakers
Warwick Ashford
Senior Analyst
KuppingerCole
Warwick Ashford
Warwick Ashford is a Senior Analyst who researches cybersecurity and identity-related topics, including emerging technologies and trends. He has been writing IT news and analysis as a journalist and editor since 2003, specialising in cybersecurity and privacy since 2012. Warwick has also...
View profile
Boris Beuster
Cyber Security - Head of Governance, Risk & Compliance
E.ON SE
Boris Beuster
Boris studied economics with a wholesale/resale focus and gained experience as project manager for process optimisation and IT. Since 2011 he has been working on cyber security topics and made it his profession 2014 at innogy. After leading the Information Security Officers at innogy, Boris...
View profile
Enrico Frumento
Cybersecurity Senior Domain Specialist
Cefriel
Enrico Frumento
Dr. Enrico Frumento is a Cybersecurity Senior Domain Specialist in the cybersecurity team at Cefriel a European and privately funded research and innovation project on ICT Security. He is the author of subject-related publications and books and member of the European CyberSecurity Organisation....
View profile
Sven Lurz
Head of Business Development
Cyber Samurai GmbH
Sven Lurz
Sven Lurz has been working in IT for almost 20 years. His focus is on security awareness, network detection & response, deep web monitoring and access rights management. As a passionate evangelist, the human factor within a holistic IT security strategy is particularly close to his heart....
View profile
Connie McIntosh
Head of Security - Market Area
Ericsson
Connie McIntosh
Named top 100 women in Cybersecurity worldwide by Cyber Defense Magazine. An International speaker, presenter, CTF judge and mentor in cybersecurity. Connie is a Product Security Leader in Ericsson and has over 20 years’ experience in Network and Cyber Security. Connie is passionate about...
View profile
Johannes Steger
Managing Editor - Cybersecurity
Tagesspiegel Background Cybersecurity
Johannes Steger
Johannes Steger is the managing editor of Tagesspiegel Backgrounds Cybersecurity, a daily briefing for decision makers focused on digital security from a political, economic and societal perspective. Johannes started is journalistic career as an editor for German and Israeli startup ecosystem...
View profile
Playlist
Cybersecurity Leadership Summit 2022
Event Recording
Lessons Learned: Responding to Ransomware Attacks
Nov 09, 2022

The last year has seen almost two-thirds of mid-sized organizations worldwide experiencing an attack. Managing ransomware attacks requires significant patience, preparedness and foresight – Stefan shares his experience managing the ransomware attack on Marabu Inks, his key learnings from the attack and how they have shaped the organization’s response capabilities.

Event Recording
Zero Trust Journey, How We Moved from an Immature Organization to Zero Trust
Nov 09, 2022

This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust implementation we were able to overcome these and also solve some unforeseen problems and offer major security also through Human Factors and Risk Management. The aim of this talk is to inspire security leaders on what is a Zero Trust Architecture (which is not an off-the-shelf solution and desn't require massive initial investments) and how they can reuse their internal knowledge and tools to deliver it.

Event Recording
Security Automation Strategies to Succeed or Fail: You Choose
Nov 10, 2022

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.

Event Recording
Model to Quantify Cyber Security Risks
Nov 09, 2022

Get a model and recommendations to quantify cyber security risks including the costs of fines, contractual compensations, service credits, and loss of income. The use of heatmaps with qualitative criteria and arbitrary cocktails of threat and control efficiency data prevents the secure planning of IT services and corporate defense. Learn from a demo on Monte Carlo Simulations in a native MS Excel model. It can be used from comparing service providers to calculating the coverage of cyber insurance. This session will not only allow you to avoid money holes in consultancy but also justify cyber security investments.

Event Recording
Rethinking Cybersecurity From the Human Element Point of View
Nov 10, 2022

Over simplifying, IT security means defending the IT systems from threats procured by cybercriminals. Their targets are, for example, the manipulation of systems, the extorsion or exfiltration of data, and the interruption or alteration of services. However, what happens if we have humans instead of IT systems? Given that the scope of an attacker is always the same, as aforementioned, attacking a human is an entirely different process, and the attack tactics must change. This well-known fact involves social engineering and human sciences (e.g., psychologists or behavioural sciences instead of informatics). However, from the cyber security side of the coin, what does it imply dealing with humans? What does it mean, for example, to perform convincing penetration testing or vulnerability scanning to deeply test human weaknesses: it is not merely a problem of sending a phishing email and waiting for clicks. How can be done a threat analysis or threat intelligence on humans? Moreover, how can a company calculate the cyber risk that a human represents and how many effective ways to reduce it? If we fully put humans (either as employees or IT security operators) at the centre of cybersecurity, the questions become several.

The problem is complex because, by its nature, it is multicultural and requires different non-technical competencies. It includes experts in philosophy, political science, cyber sociology, pedagogy, acting performance, etc., collaborating with cybersecurity experts. Facing the human element of security is a genuinely multicultural and interconnected approach. Furthermore, humans are coincidentally “human” and not machines: there are also ethical and legal issues to consider, and their reactions change during the day. The talk will explore and present a comprehensive view of what happens when there are not the IT systems but the humans at the centre of cybersecurity.

Event Recording
Exercising Your Cyber Crisis Plans
Nov 10, 2022
Event Recording
The European Cybersecurity Competence Center (ECCC) and the Future of Cybersecurity in Europe
Nov 09, 2022
Event Recording
Only Those Who Know the Dangers Can Protect Themselves
Nov 10, 2022

How do cyber criminals go about a hacking attack and how easy is it to capture sensitive data? As the saying goes, "Keep your friends close, but your enemies closer," we take a look at how hackers and social engineers work with social pentester Graham Stanforth.

Event Recording
Welcome to CSLS 2022
Nov 10, 2022
Event Recording
Managing the Cyber Security Technical Debt: How did we get there? And what to do about it?
Nov 10, 2022

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.

Event Recording
Learn How SD Worx Turned Its Cybersecurity Strategy Into a Business Enabler
Nov 09, 2022
Event Recording
NIS2 Directive – What It Is and Why You Need to Prepare
Nov 10, 2022