Day 1 - 19 June 2019

Developing Security Solutions

Gartner predicts that over $75 billion will be spent worldwide on infrastructure protection and security services in 2019.  As cloud computing takes a forefront for both consumer and enterprise computing, development of cloud security solutions is due to make up a large proportion of that spending.  With so much data now being stored in the cloud, the need for secure infrastructure is imperative.  On Day 2, we then shift focus to discussing network security – hearing from industry professionals about their latest solutions, how they work and what results are being seen by the companies using them.

09:30AM

Developing security solutions: Chair’s welcome and opening comments

Hide Details

09:50AM

Paul Ducklin

Senior Technologist

Sophos

Associated Talks:

10:50AM - Day 2

View Keynote: How to win the cybersecurity arms race

02:50PM - Day 2

View Panel: How artificial intelligence and blockchain are the battlegrounds for the next security wars

09:50AM - Day 1

View Why crooks love the cloud (and what to do about it)

View Full Info

Why crooks love the cloud (and what to do about it)

  • What to do about it
  • General overview of Security Solutions
. Paul Ducklin, Senior Technologist, Sophos
Hide Details
More Details

Cloud Security – co-hosted with Cloud Security Alliance

10:20AM

Sjoerd Hulzinga

Innovation Lead

KPN

Associated Talks:

10:20AM - Day 1

View Data integrity, from IoT to cloud

View Full Info

Data integrity, from IoT to cloud

  • What is Data integrity
  • Why is this important
  • Factors affecting Data Integrity
  • Controls to assure Data integrity
. Sjoerd Hulzinga, Innovation Lead, KPN
Hide Details
More Details

10:50AM

Nir Chervoni

Senior Product Manager - Data Security

Booking.com

Associated Talks:

10:50AM - Day 1

View Fintech & Cloud Security – Leaving the Startup-Mindset Puberty

View Full Info

Fintech & Cloud Security – Leaving the Startup-Mindset Puberty

This session is about how to implement security controls in Fintech products and services running on public cloud services, within a Fintech organization, which is on one hand, a startup-kind of organization, and on the other hand, a regulated financial institution. In this session, I will discuss the people and the professional aspects involved with applying security – both from regulatory and practical risk perspectives.

Four Key Takeaways:
1. How security controls implementation in cloud environments are working in Fintech companies in practice.
2. What are the key differences between practical risks mitigation and regulatory requirements mitigation, and where one should consider to combine them.
3. How the transition from startup-minded organization to an official financial institution should look like (at least from operational and security perspective).
4. How shared responsibility of a company and cloud service provider can be a challenge.

. Nir Chervoni, Senior Product Manager - Data Security, Booking.com
Hide Details
More Details

11:20AM

Networking Break

11:50AM

Peter HJ van Eijk

Board Member, Dutch Chapter

Cloud Security Alliance

View Full Info

Senior Representative, Bitglass

.

Bitglass

Associated Talks:

11:50AM - Day 1

View Panel: Sharing responsibility for cloud security

12:50PM - Day 1

View Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure

View Full Info

Panel: Sharing responsibility for cloud security

  • Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
  • Which stakeholders throughout the business and beyond have to take responsibility for cloud security, and what education and training is required?
  • How do consumers fit into all this?
  • Discussing effective strategies for sharing this responsibility effectively from Enterprise.
Moderator: . Peter HJ van Eijk, Board Member, Dutch Chapter, Cloud Security Alliance
. Senior Representative, Bitglass, ., Bitglass
Hide Details
More Details

12:30PM

Case Study: Cloud Security

Hide Details

12:50PM

Senior Representative, Bitglass

.

Bitglass

Associated Talks:

11:50AM - Day 1

View Panel: Sharing responsibility for cloud security

12:50PM - Day 1

View Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure

View Full Info

Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure

  • What CASBs do and how they differ from more traditional cloud security solutions
  • How CASBs help with shadow IT policies and rising employee use of cloud apps
  • Combining visibility, compliance, data security and threat protection
. Senior Representative, Bitglass, ., Bitglass
Hide Details
More Details

01:20PM

Networking Break

Threat Detection & Response

02:20PM

Orlando Scott-Cowley

Principal Technology Evangelist

Amazon Web Services

Associated Talks:

02:20PM - Day 1

View Breaking Intrusion Kill Chains with AWS

View Full Info

Breaking Intrusion Kill Chains with AWS

Today, many Chief Information Security Officers and cybersecurity practitioners are looking for an effective cybersecurity strategy that will help them achieve measurably better security for their organization. One strategy that has helped many organizations accomplish this is the Intrusion Kill Chain strategy. This presentation provides background context on this framework, outlines how to mitigate attackers’ intrusion kill chains using the AWS cloud platform, and offers advice on how to measure the effectiveness of this approach.

. Orlando Scott-Cowley, Principal Technology Evangelist, Amazon Web Services
Hide Details
More Details

02:50PM

Simon Bradley

Global Head of Cyber Detection Services

Siemens

Associated Talks:

02:50PM - Day 1

View Case Study: Siemens

View Full Info

Case Study: Siemens

. Simon Bradley, Global Head of Cyber Detection Services, Siemens
Hide Details
More Details

03:20PM

Lars Putteneers

Sales Engineer

Sophos

Associated Talks:

03:20PM - Day 1

View Panel: Role of ethical hacking and penetration testing

View Full Info

Panel: Role of ethical hacking and penetration testing

  • What role white and grey hat hackers can play in developing secure systems?
  • Discussing the challenges and opportunities in this field
  • Real life examples from enterprise of how pen testing and ethical hackers are improving their organisations cyber security.
. Lars Putteneers, Sales Engineer, Sophos
Hide Details
More Details

04:00PM

Network Break

04:20PM

Senior Representative, Wasabi

Associated Talks:

04:20PM - Day 1

View Afternoon Keynote: Wasabi

View Full Info

Afternoon Keynote: Wasabi

. Senior Representative, Wasabi, ,
Hide Details
More Details

04:50PM

Endpoint Detection and Response – future directions

  • Do current EDR systems address all the problems they were created to solve such as increased visibility for networks?
  • What can solutions providers do to address current shortcomings with EDR systems?
  • Real examples from key industries.
Hide Details
More Details

05:20PM

Session Close

Day 2 - 20 June 2019

10:00AM

Developing security solutions Day 2: Chair’s welcome and opening comments

Hide Details

Network Security

10:20AM

Sander Hofman

Manager of Sales Engineering, Central Europe

Mimecast

Associated Talks:

10:20AM - Day 2

View Improve your cyber resilience strategy, also take a look at email.

View Full Info

Improve your cyber resilience strategy, also take a look at email.

  • Recent ransomware outbreaks have served as a wake-up call for organizations around the world to take the disruptive power of evolving threats more seriously
  • Email is the easiest way for threat actors to gain access to your organization, usually through a combination of social and technological engineering.
  • In this talk we will discuss the complexity of these threats and how best to deal with them.
. Sander Hofman, Manager of Sales Engineering, Central Europe, Mimecast
Hide Details
More Details

10:50AM

Paul Ducklin

Senior Technologist

Sophos

Associated Talks:

10:50AM - Day 2

View Keynote: How to win the cybersecurity arms race

02:50PM - Day 2

View Panel: How artificial intelligence and blockchain are the battlegrounds for the next security wars

09:50AM - Day 1

View Why crooks love the cloud (and what to do about it)

View Full Info

Keynote: How to win the cybersecurity arms race

  • Challenges in actually building security software
  • Interactive session focused on technical and practical use
  • Beating the crooks
. Paul Ducklin, Senior Technologist, Sophos
Hide Details
More Details

11:20AM

Ben Krutzen

Partner Risk Consulting Cyber Security

KPMG Nederland

Associated Talks:

12:00PM - Day 2

View Controlling DevOps & Shadow IT

View Full Info

Panel: Implementing DevSecOps in Enterprise

  • Discussing the need for DevSecOps for your security team?
  • Reconciling the goals and needs of your organisation with the ever shifting cyber security landscape.
  • Barriers to security: lack of security ‘culture’ in your organisation, getting C level buy in.
  • Examples of success from DevSecOps teams.
Moderator: . Ben Krutzen, Partner Risk Consulting Cyber Security , KPMG Nederland
Hide Details
More Details

12:00PM

Ben Krutzen

Partner Risk Consulting Cyber Security

KPMG Nederland

Associated Talks:

12:00PM - Day 2

View Controlling DevOps & Shadow IT

View Full Info

Controlling DevOps & Shadow IT

We live in a disruptive business environment in many industries.  Under intensifying competitive pressure, businesses are digitizing their primary processes in an agile fashion (DevOps) and are using solutions not formally sanctioned (Shadow IT).  This leaves the CIO and CISO in a challenging position to manage the risks without disrupting the business.  In this session we will present opportunities to sustainably deal with these challenges, by activating the business and the use of analytics.

. Ben Krutzen, Partner Risk Consulting Cyber Security , KPMG Nederland
Hide Details
More Details

12:30PM

Networking Break

01:30PM

Keynote: Detecting internal threats with user and entity behaviour analysis (UEBA)

According to Gartner, sales of standalone UEBA solutions are doubling each year and could top $200 million this year. In addition, many vendors are incorporating UEBA capabilities into other security tools, such as security information and event management (SIEM), network traffic analysis, identity and access management (IAM), endpoint security, data loss prevention or employee monitoring tools.

Explore this important technology and the advantages it can add to your security stack in this presentation – discussing the role of AI/ML for UEBA, the need for real time (or near real time) analytics and comparing the threats posed both externally and internally.

Hide Details
More Details

02:00PM

Panel: Breaking the static security approach to application security

Gartner’s report on the app security hype cycle states that IT managers “need to go beyond identifying common application development security errors and protecting against common attack techniques.” With the influx of cloud computing, mobile and IoT device use, breaking the ‘static security approach’ has never been more important in expanding the boundaries of the enterprise network. This panel will address:

  • Where is the perimeter? What should companies secure, and at what stage along the SDLC?
  • Security testing tools vs. application shielding products
  • The challenges of securing apps – anticipating the changing needs of the business and who is responsible for securing apps
  • Trends in application security – virtualisation, DAST and vulnerability detection
  • Recommendations for app-focused security in your business
Hide Details
More Details

02:40PM

Training and education for staff – the first line of defence

Hide Details

03:10PM

Zero Trust Security – the next phase of cloud identity

The next wave of cloud identity is through Zero Trust Security (ZTS). With more apps being used ‘as a service’ in the cloud, and more employees working remotely, traditional identity and access management (IAM) doesn’t cut it today. What’s more, ZTS assumes there will be bad actors both inside and outside your company’s network. 

 This session will explore what Zero Trust Security is, how it relates to organisations today in an IoT-heavy landscape, and how technologies such as machine learning can make an even greater impact. 

Hide Details
More Details

03:30PM

Email and messaging security

Hide Details

04:00PM

Session Close