Event Recording

What if your digital twin misbehaves?

Show description
Speaker
Dr. Silvia Knittl
Director Cyber & Privacy
PwC GmbH WPG
Dr. Silvia Knittl
Dr. Silvia Knittl is Director at PwC Germany in the Cyber & Privacy domain with a strong focus on  Enterprise Security Architecture as well as Identity & Access Governance. She supports clients in enabling their cyber capabilities and manages security transformation projects. She...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Inside the Mind of a Hacker – From Initial Access to Full Domain Admin
May 13, 2022

Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their tracks.

Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber threats. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This session is about helping you get started with hacking gamification to strengthen your security team.

In this session Joseph Carson Chief Security Scientist and Advisory CISO at Delinea will select two systems from Hack the Box and walk through each of them in detail explaining each step along with recommendations on how to reduce the risks. Going from initial enumeration, exploitation, abusing weak credentials to a full privileged compromise.

What will I learn?

  • How attackers gain access to IT environments and systems and escalate privileges
  • What a real-world hack looks like in a use-case demonstration
  • Best practices for combating attackers by establishing multiple layers of security to minimize risk

Get answers to these important questions:

  • How has moving to the cloud affected cyber security from a PAM perspective?
  • What are the most common types of attacks that criminal hackers use to compromise cloud environments?
  • What are common misconceptions that lead to cyber security “blind spots” of vulnerability?
Event Recording
Panel | CIAM and Customer Data Platforms
May 12, 2022
Event Recording
How organizations can make and save money with decentralized identity
May 11, 2022

In this talk John will present one way of modelling the potential value propositions for the parties (people and organisations) in decentralised identity models. Using real world examples of products and systems, he’ll use the model to consider their value propositions, and whether we need a “value exchange” ecosystem to enable the decentralised identity market to thrive. 

Along the way the talk will consider the risk of false prophets and fake profits, where the residual value will remain,  as well as why (in John’s opinion) decentralised identity is following the story arc of “gradually, then suddenly” (E. Hemmingway, The Sun Also Rises).

Event Recording
Key Requirements for Next Generation MFA
May 11, 2022

In this talk you will learn how MFA can be a foundation for your Zero Trust Initiative

Event Recording
Signing in the Rain: HTTP Message Signatures and Web Security
May 12, 2022

HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if you want to be sure the sender is the right sender, and what you see is what they sent? What if you've got a more complex deployment, with proxies and gateways in between your endpoints that mess with the contents of the message? What if you need assurances on the response as well as the request, and to tie them together? People have been trying to sign HTTP messages in various ways for a long time, but only recently has the HTTP Working Group picked up the problem. Come hear about the HTTP Message Signatures work from the draft specification's authors and see how it works, how to apply it, and talk about how it could change how we use the web.

Event Recording
The SolarWinds Hack and the Executive Order on Cybersecurity Happened - It Is Time to Prepare
May 12, 2022

Again and again, I am asked how one can start with the topic of security in an agile project environment. What are the essential first steps, and what should you focus on at the beginning? Of course, this raises the question of suitable methodologies and tools. At the same time, the strategic orientation of the company must be included in this security strategy. We have also learned in the recent past that attacks like the “Solarwinds Hack” are becoming more and more sophisticated and that the attackers now focus on the entire value chain. What tools are there, and where should they be used? How can I start tomorrow to prepare myself for the future against the challenges of cyber attacks? And that’s exactly what you will get an answer to here.

Event Recording
Advocating for Decentralised Identity in Europe: 7 Lessons Learnt
May 10, 2022
Event Recording
Connecting 10.000+ mobility companies and multi million customers
May 12, 2022
Event Recording
Drone Pilot Credentialing for Air Safety
May 11, 2022

Drone operations are estimated to bring €10bn/yr to the EU economy by 2035. A critical e-Government issue is the ability to fly drones in regulated airspace around airports. Unauthorised drone operations in the flightpath of passenger aircraft can endanger lives and cause huge financial loss for airport operators. Heathrow Airport has invested >£10M in security systems to track and destroy unauthorised drones. Digitising the entire drone flight approvals process will involve many steps, but the major one we are addressing is verifying pilot training credentials. SSI could radically improve this currently cumbersome and low-trust process. In an Innovate-UK grant funded project (Fly2Plan), we developed an SSI PoC for a drone pilot training company to issue training certificates as verifiable credentials to drone pilots, which can be verified by Heathrow Airport. In this talk we present our learnings and future work.

Event Recording
Enabling Digital Identity Ecosystems
May 13, 2022
Event Recording
Identity is the New Perimeter: How to Discover, Mitigate and Protect Identity Risks
May 12, 2022

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.

Event Recording
Panel | Assessing the Cybersecurity Impact of Russia’s Invasion of Ukraine
May 11, 2022

Russia’s invasion of Ukraine has tectonic consequences for citizens and businesses across the world. An expectation of normalcy post the pandemic has been replaced with fears of increased gas prices and supply chain disruptions. Attackers are expected to leverage the context to carry out advanced cybercrime intrusions, leaving businesses susceptible to attacks that could have potential second and third-order effects on their operations. A cyber problem immediately becomes a business problem that requires effective business continuity contingency plans built around defensible, risk-informed choices.  

In this panel session, you’ll hear from security leaders who will provide a pragmatic assessment of organizational dependencies to improve your odds of identifying and mitigating cyber attacks, while addressing the increasingly challenging risk environment organizations find themselves in