OWASP Cambridge & ARU CSNRG Tuesday April 9th Chapter Easter Meeting 2019

This is a past event

16 people went

Anglia Ruskin University

East Rd · Cambridge

How to find us

How to find the campus http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/ca mbridge_campus/find_cambridge.html

Location image of event venue

Details

Hosted by the Cyber Security & Networking Research Group, ARU and OWASP (Open Web Application Security Project) Cambridge Chapter.

Speaker Biographies

Ian Glover, Presdient – CREST, “Building a Universal Cyber Security Maturity Modelling System”

Abstract:

• An update on the universal cyber security maturity modelling system scheduled for release this year
• How will this system be used to accurately model your organisation’s cyber threat intelligence maturity level?
• Understanding how your cyber maturity level will impact your threat intelligence and incident response requirements and capabilities

Bio

Ian Glover has thirty six years’ experience in information technology and has specialised in professional services for the last twenty eight years. Ian is the President of the CREST (GB). CREST is a not for profit organisation that promotes research and development in standards for professional technical Information Assurance practices. CREST serves the needs of an information security marketplace that requires the services of regulated and professional security professionals.

Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs “Sheepl – Automating People for Red and Blue Team Tradecraft”

Abstract

While there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer network is more than a collection of connected computer resources, it is a platform for communications and productivity between people. So the focus becomes how do you properly emulate people within a network environment? In this presentation Matt will share his research into developing more realistic user behaviour and how it can be used to improve red team and blue team tradecraft.

Bio:

Matt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a principal security consultant and penetration tester at Trustwave SpiderLabs with a focus on red team engagements. Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Prior to HPE, Matt ran his own IT consultancy company for 7 years.

Christopher Cherry - Information Security Officer Digital Investigations & Forensics, BBC, “Social Media as part of Security Operations”

Discussing how Chris defined Social Media Incidents (SMI) and what they mean to the BBC and how they respond. How the BBC went from doing almost nothing at all to almost industry-leading in the sector in terms of Social Media monitoring and incident response. Sharing real examples of use-cases within the BBC and where the BBC are going with their solution in the coming months. Lastly, Chris will recommend what the next steps should be for your organisation and sign post where to go to acquire the knowledge and power to inspire the brass at the top to see the risk.

Bio:

Conducting Digital Investigations on behalf of the BBC Investigation Service and the Information Security team, in line with policy and legislation; ensuring BBC values are upheld

Provisional Agenda

17:30 – 18:15 Registration & Refreshments (COS313)
18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University (COS310)
18:30 – 19:15 Ian Glover, Presdient – CREST, “Building a Universal Cyber Security Maturity Modelling System”
19:15 – 20:00 Nou Matt Lorentzen ~ Principal Security Consultant @ SpiderLabs “Sheepl – Automating People for Red and Blue Team Tradecraft”
20:00 – 20:45 Christopher Cherry - Information Security Officer Digital Investigations & Forensics, BBC, “Social Media as part of Security Operations”
20:45 – 21:00 Roundup & Close

Registration

To register: https://bit.ly/2HYfuCv

The meeting is in the Coslett Building