OWASP Cambridge Christmas Meeting – Tuesday 4th December 2018

Hosted by the Cyber Security Networking & Big Data Research Group, Anglia Ruskin University, and OWASP (Open Web Application Security Project) Cambridge Chapter.

Speaker Biographies & Abstracts
Guest Speaker: Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs

Bio:

Matt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a principal security consultant and penetration tester at Trustwave SpiderLabs with a focus on red team engagements.

Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list.

Abstract: “Red Teaming : From Battlefield to Bunker”

Red Teaming is a fairly recent approach to delivering digital security assessments within the Information Security sector but the ethos of Red Teaming stems from the military and a successful operation is organized in the same way. In this talk I will be covering some aspects of Red Teaming to give an insight into how an operation is performed from the initial planning and preparation through to the delivery of the outcomes for the operation. I also introduce ways in which operators can maintain a constantly evolving skillset.

A high level summary will introduce:
¥ Operational Infrastructure and organization
¥ Open Source Intelligence
¥ Attacking a target
¥ The importance of Reporting
¥ Skills evolution

Guest Speaker: Etienne Greeff, CTO, SecureData

Bio:

Etienne Greeff is one of the early pioneers of the information security industry. He has spent over 20 years promoting the innovative use of technology and services to solve complex customer issues: founding, growing and successfully exiting a number of information security businesses. As CTO of SecureData, Etienne is passionate about cementing its status as a complete security services provider. He is a graduate of the University of the Witwatersrand in South Africa with a BSc in Electrical Engineering.

Abstract: “Machine Learning, Cyber & Application Security”

This talk isn’t a detailed technical talk and does not require prior knowledge of Artificial Intelligence (Al) & Machine Learning (ML). After introducing core AI & ML concepts this presentation takes a high level look at the state-of-the-art in machine learning and AI with respect to Cybersecurity. We will examine where ML is effective and where it isn’t effective in protecting us against those pesky hackers. I will share some practical insights in how my business uses Machine Learning to detect threats that would be difficult to detect in other ways. This presentation does not pull any punches however in debunking some myths around wild claims of how AI will automatically defend us by somehow becoming “smarter” on their own. The presentation finishes by predicting where all this may lead and the impact on application security.

Guest Speaker: Michael Koczwara - Associate Director, SecOps:Purple Team , CLS Group.

Bio:

Michael is a Senior Cyber Security professional, involved in various Cyber Security projects, managing teams and engaging with senior management to meet objectives and maximising defences against sophisticated APT cyber attacks. He has conducted penetration tests/red/purple team engagements and cybercrime investigations.
(incident response) in various FTSE100 companies/Financial Services.

Agenda

17:30 – 18:15 Registration & Refreshments (LAB109)
18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director Cyber Security Research Group, ARU
18:30 – 19:15 "Red Teaming : From Battlefield to Bunker”- Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs
19:15 – 20:00 “Machine Learning, Cyber & Application Security” – Etienne Greeff, CTO, SecureData
20:00 – 20:45 “Hedge Fund Investigation Case Study” - Michael Koczwara - Associate Director, SecOps:Purple Team (Monitoring & Incident Response), CLS Group
20:45 – 21:00 Q & A & Close