The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
As technology has evolved IT has transitioned from a background support function to a core driver of value creation and competitive edge. This shift has placed senior technologists at the heart of the organisation where they are increasingly critical to decision making, strategy and leadership.
The DIGIT Leader Summit will explore the evolution of the IT & Digital profession, considering the key technology and business trends and the profound impact they are having on the role. The programme will also examine the crucial components of leadership, looking at culture; team building, upskilling and communication.
The Summit is geared for senior IT & Digital leaders, and designed to provide an opportune forum for practitioners to share their experiences, learn from their peers and discuss best-practice approaches to leadership.
Core topics
Trends: Key technology trends and business trends
IT Evolution: How the IT and Digital role is changing and evolving
Leadership: Empowering, engaging, motivating and inspiring teams
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of innovation, improvement and problem solving
IT Management: Investment, ITAM, cost control, vendor management
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Technology is completely changing the face of financial services, driving disruption, displacement and disintermediation within the sector. This has lowered the barriers to entry, opened the door to new market entrants and created fertile ground for innovation and growth.
These market disruptions have also forged new alliances between start-ups and incumbents, blurring the lines of distinction between finance and technology and creating a wave of cross-sector collaboration.
Fintech 2018 will explore technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics will include:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
As technology has evolved IT has transitioned from a background support function to a core driver of value creation and competitive edge. This shift has placed senior technologists at the heart of the organisation where they are increasingly critical to decision making, strategy and leadership.
The DIGIT Leader Summit will explore the evolution of the IT & Digital profession, considering the key technology and business trends and the profound impact they are having on the role. The programme will also examine the crucial components of leadership, looking at culture; team building, upskilling and communication.
The Summit is geared for senior IT & Digital leaders, and designed to provide an opportune forum for practitioners to share their experiences, learn from their peers and discuss best-practice approaches to leadership.
Core topics
Trends: Key technology trends and business trends
IT Evolution: How the IT and Digital role is changing and evolving
Leadership: Empowering, engaging, motivating and inspiring teams
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of innovation, improvement and problem solving
IT Management: Investment, ITAM, cost control, vendor management
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Technology is completely changing the face of financial services, driving disruption, displacement and disintermediation within the sector. This has lowered the barriers to entry, opened the door to new market entrants and created fertile ground for innovation and growth.
These market disruptions have also forged new alliances between start-ups and incumbents, blurring the lines of distinction between finance and technology and creating a wave of cross-sector collaboration.
Fintech 2018 will explore technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics will include:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
This conference will contextualise the evolution of IT, examining the changing role of technology within the business and the inherent implications for IT personnel. The event is geared for senior IT, business and finance leaders, providing a unique forum for knowledge exchange, discussion and high-level networking.
Core topics
• IT Evolution: the changing role of IT within the business
• Leadership: strategy, culture and collaboration
• XaaS: the shift from asset to service-based consumption
• ITAM: IT Asset Management and procurement
• Managed Services: vendor management and Service Level Agreements
• Governance: information security, GDPR and data protection
• DevOps: Agile process, faster delivery, greater collaboration
Whether you’re embracing the hype or eagerly waiting to see how things evolve, there’s no question the “Internet of Things” is creating excitement from living room to C- Suite
Of course, as with every new technology wave, there are those on the front lines shaping the discussion, influencing decision making, and charting the course for what the Internet of Things will mean to each of us in the not-too-distant future.
And these IoT thought leaders come from diverse industries and disciplines. There are the analysts, authors, and speakers who help us understand the opportunities and implications, senior executives that champion enterprise and startup initiatives, and those responsible for turning the Internet of Things into a daily reality.
But who are these people and what’s influencing their own perspective on IoT?
This is where social insights come in... as social media activity can give us a truly unique lens through which to gain insights into the people leading the conversation about the Internet of Things.
That’s why we’re excited to collaborate with Neustar to develop a social insights report analyzing these IoT thought leaders. What did we discover in researching and preparing this report?
Here’s what we learned.
Infographic | The Growing Need for Fast, Secure TelehealthInsight
Could telehealth be the way patients are triaged in the future? Let’s explore the current landscape, the benefits of telehealth and what’s needed for it to gain widespread traction across the industry.
Data Has A Shelf Life: Why You Should Be Thinking About Real-Time AnalyticsBernard Marr
Real-time analytics enable companies to see, understand, and work with data as soon as it arrives, which helps companies make better business decisions and create smarter products. Find out how your company can get ready to work with data in real-time.
Jayesh Navin Shah, from Ipsos MORI Public Affairs, presented our findings on cyber skills gaps and shortages in the UK at the SC Digital Congress 2021. The findings are taken from Ipsos MORI’s report, Understanding the UK Cyber Security Labour Market 2021 study, carried out on behalf of the UK Department for Digital, Culture, Media and Sport.
https://www.sccongressuk.com/digital-congress/
Should I Choose Machine Learning or Big Data?Bernard Marr
Big Data and Machine Learning are two exciting applications of technology that are often mentioned together in the space of the same breath. In reality, there are important distinctions that need to be understood when we are making decisions about our business data strategy.
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
Chief Risk Officers and CISOs from 25 of our customers & friends debated their SMART objectives for 2020. Here's the results, showing who to involve and how to report progress on cyber risk across 3rd parties during 2020.
Cyber Resilience: managing 3rd Party Risks in Financial ServicesKevin Duffey
Presentation given to Chief Risk Officers, Heads of Operational Resilience and CISOs at the annual Marcus Evans conference on Operational Resilience and Business Continuity in Financial Services.
Includes how to measure, mitigate and manage cyber vulnerabilities at outsourcing firms and other suppliers of critical ("material") services, as expected by regulators like the Bank of England / Prudential Regulatory Authority, European Banking Authority, and Financial Stability Board.
The Amazing Ways Retail Giant Zalando Is Using Artificial IntelligenceBernard Marr
Zalando is not only a retail giant but a prominent technology company that uses its leadership in the European AI community to inform policies and ethics considerations as well as support other businesses with AI. They use machine learning and artificial intelligence to provide better customer experience, fashion recommendations, improve business operations, and more.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
This conference will contextualise the evolution of IT, examining the changing role of technology within the business and the inherent implications for IT personnel. The event is geared for senior IT, business and finance leaders, providing a unique forum for knowledge exchange, discussion and high-level networking.
Core topics
• IT Evolution: the changing role of IT within the business
• Leadership: strategy, culture and collaboration
• XaaS: the shift from asset to service-based consumption
• ITAM: IT Asset Management and procurement
• Managed Services: vendor management and Service Level Agreements
• Governance: information security, GDPR and data protection
• DevOps: Agile process, faster delivery, greater collaboration
Whether you’re embracing the hype or eagerly waiting to see how things evolve, there’s no question the “Internet of Things” is creating excitement from living room to C- Suite
Of course, as with every new technology wave, there are those on the front lines shaping the discussion, influencing decision making, and charting the course for what the Internet of Things will mean to each of us in the not-too-distant future.
And these IoT thought leaders come from diverse industries and disciplines. There are the analysts, authors, and speakers who help us understand the opportunities and implications, senior executives that champion enterprise and startup initiatives, and those responsible for turning the Internet of Things into a daily reality.
But who are these people and what’s influencing their own perspective on IoT?
This is where social insights come in... as social media activity can give us a truly unique lens through which to gain insights into the people leading the conversation about the Internet of Things.
That’s why we’re excited to collaborate with Neustar to develop a social insights report analyzing these IoT thought leaders. What did we discover in researching and preparing this report?
Here’s what we learned.
Infographic | The Growing Need for Fast, Secure TelehealthInsight
Could telehealth be the way patients are triaged in the future? Let’s explore the current landscape, the benefits of telehealth and what’s needed for it to gain widespread traction across the industry.
Data Has A Shelf Life: Why You Should Be Thinking About Real-Time AnalyticsBernard Marr
Real-time analytics enable companies to see, understand, and work with data as soon as it arrives, which helps companies make better business decisions and create smarter products. Find out how your company can get ready to work with data in real-time.
Jayesh Navin Shah, from Ipsos MORI Public Affairs, presented our findings on cyber skills gaps and shortages in the UK at the SC Digital Congress 2021. The findings are taken from Ipsos MORI’s report, Understanding the UK Cyber Security Labour Market 2021 study, carried out on behalf of the UK Department for Digital, Culture, Media and Sport.
https://www.sccongressuk.com/digital-congress/
Should I Choose Machine Learning or Big Data?Bernard Marr
Big Data and Machine Learning are two exciting applications of technology that are often mentioned together in the space of the same breath. In reality, there are important distinctions that need to be understood when we are making decisions about our business data strategy.
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
Chief Risk Officers and CISOs from 25 of our customers & friends debated their SMART objectives for 2020. Here's the results, showing who to involve and how to report progress on cyber risk across 3rd parties during 2020.
Cyber Resilience: managing 3rd Party Risks in Financial ServicesKevin Duffey
Presentation given to Chief Risk Officers, Heads of Operational Resilience and CISOs at the annual Marcus Evans conference on Operational Resilience and Business Continuity in Financial Services.
Includes how to measure, mitigate and manage cyber vulnerabilities at outsourcing firms and other suppliers of critical ("material") services, as expected by regulators like the Bank of England / Prudential Regulatory Authority, European Banking Authority, and Financial Stability Board.
The Amazing Ways Retail Giant Zalando Is Using Artificial IntelligenceBernard Marr
Zalando is not only a retail giant but a prominent technology company that uses its leadership in the European AI community to inform policies and ethics considerations as well as support other businesses with AI. They use machine learning and artificial intelligence to provide better customer experience, fashion recommendations, improve business operations, and more.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Many business leaders in the Caribbean believe that cyber-attacks are not imminent and do not pose a direct threat to their business. On the contrary, many Caribbean companies are exposed to malicious exploitation as testing has revealed their vulnerabilities. This webinar is an opportunity for business leaders to engage the experts as they discuss the cyber threats within the region and their implications.
With the right kind of cyber protection, Caribbean business leaders can empower their businesses on digital platforms and allow for safe spaces for their employees, customers, and stakeholders.
In this latest edition of Insights Success India's Leading Cyber Security Companies, celebrates the growth story by showcasing the exhilarating achievements of the Leaders in this space.
Why security is the kidney not the tail of the dog v3Ernest Staats
Security is sometimes thought of being the tail that wags the Dog. A better analogy is that Cyber Security should be the Kidneys of the organization taking out the waste while allowing the useful information to pass.
The Next Great Challenge for CISOs
I am honored to be recognized! Cybersecurity is truly a team effort at a strategic level, either we all work together or the threats will tear us down piecemeal! Every person, no matter their role, can play an important part in making digital technology trustworthy and keeping the Internet secure, private, and safe.
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!DIGITALCONFEX
Dive into the dynamic world of innovation with inaugural edition of iTech Magazine, where cutting-edge technology meets insightful storytelling. Explore the latest trends, uncover groundbreaking advancements, and connect with the forefront of the tech landscape.
Elevate your tech journey with in-depth features, expert perspectives, and a spotlight on the innovations shaping our digital future. Welcome to iTech Magazine – Where Tomorrow's Tech Unfolds Today!
Visit to know more: https://digitalconfex.com/itech-magazine/
In this webinar we will cover the latest cybersecurity trends and discuss how startups can help addressing them. The cybersecurity market is booming – companies are forecasted to spend up to $ 1 trillion by 2021. Hackers are getting smarter, developing more and more sophisticated ways to take down companies’ IT infrastructure. These new threats and the upcoming regulations require companies to implement ”state- of-the-art” security, which should be any corporate’s number one priority.
During the webinar, we will discuss the latest cybersecurity trends and answer two key questions: Why startups need to be part of the equation and how can they help companies to secure their IT infrastructure?
We invited Jan C. Wendenburg, CEO of certgate, as a guest to share his knowledge from over 20+ years of experience in the industry.
Mobility and security are important factors that need to be prioritized by fintech startups in building user trust.
This presentations shares how to build, develop, and improve these two things so that your business can grow.
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
Internet of Things “IoT” can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. According to industry estimates, machine-to-machine communications
alone will generate approximately US$900 billion in revenues by 2020.
Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019. Modern organisations innovate through the massive use of Open Source Software. However open source software can introduce security vulnerabilities. Here we show trends in the use of Open Source Software across Modern Software Supply Chains.
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon
Cameron Townshend
Today’s pace of innovation and need to out “innovate” competitors can often cause developers to bypass key portions of Gene Kim’s Three Ways of DevOps - specifically to never pass a known defect downstream and emphasize performance of the entire system.
As we embrace movements like CI, CD and Devops to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title. Traditional methods do not cut it anymore – it’s time for DevSecOps.
Instinctively, we understand how critical this is. In Sonatype’s recent 2018 DevSecOps Community report, where 2,076 IT professionals were surveyed, 48% of respondents admitted that developers know application security is important, but they don’t have the time to spend on it.
Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build breaks, down the road. By creating automated governance and compliance guardrails that are embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down. These instant feedback loops detailing good or bad components have been shown to increase developer productivity by as much as 48%.
Over time, this approach ensures developers procure the best components from the best suppliers, while continuously tracking components across the entire lifecycle.
Attendees of this session will walk away with:
Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness to risks
Key insights from 2,076 of their peers who participated in the 2018 DevSecOps community report - including where most mature DevOps practices are focusing their security efforts
A walkthrough of how security principles have been embedded in a CICD pipeline and what standards for implementation are beginning to follow suite
The Summit will consider the role of leadership within the technology domain. Amidst a backdrop of uncertainty and disruption, the conference will discuss how you can help your organisation navigate change, overcome problems and accelerate innovation.
The programme will feature insights from an impressive array of technologists, founders, researchers and transformation specialists; contextualising the biggest challenges facing the industry and sharing practical advice, guidance and best-practice on how you can maximise your impact within your team.
Now in its seventh year, the Summit has established itself as the largest annual leadership event for Scotland’s Technology community, and an invaluable forum for knowledge exchange, discussion and high-level networking.
Core themes:
Trends: Digitalisation, agility, disruption and hybrid teams
Evolution: The changing nature of technology as a discipline
Leadership: Strategy, empowerment, communication, motivation and empathy
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of growth, innovation and improvement
The North of Scotland is in the midst of a full-scale transformation. Building on a well-established reputation as a global energy hub, the North is fast becoming a key destination for emerging innovation across an increasing range of sectors.
The DIGIT North Summit is designed to bring IT and Digital leaders together and drive practical innovation through shared learning. The event will facilitate cross pollination between key industries, from traditional sectors like Oil & Gas and Agriculture to high-growth fields like: Life Sciences, Biotech, Gaming, Fintech and Space.
The programme will contextualise the key emerging technologies and industry disruptors, and consider the vital role that IT and Digital leaders will play in ensuring organisations can thrive amid a backdrop of market change and economic volatility.
Organisations are changing, the rapid pace of the digital world has necessitated a fundamental shift in mindset. Digital has disintermediated markets; disrupted organisational structures, created new risks and new revenue streams and fundamentally altered the way businesses engage with their customer.
The most influential companies of our age share a common ability to understand two things effectively: people and technology. In these turbulent times, success is increasingly defined by the ability to respond to the fast-changing landscape, and exceed the expectations of the people we serve.
DT 2021 will contextualise the key technology trends and industry disruption amidst a backdrop of significant socio-economic upheaval. The event will also consider the role of IT and Digital leaders in driving positive transformation, exploring how we can help support operations, drive innovation, overcome challenges, and deliver tangible business benefits.
Core themes:
• Landscape: Uncertainty, Recovery, Sustainability, Remote Teams
• Process: Strategy, Structure, Optimisation, Agile, DevOps
• Design: Customer Centricity, UX, Functionality, Simplification
• Technology: Remote Tools, Data Analytics, AI, ML, RPA, Cloud
• People: Culture, Collaboration, Leadership, Diversity, Empowerment
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers include: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers included: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
Emerging technology is having a profound impact on the Financial Services sector; from mobile payments, APIs and Open Platforms to Machine Learning, Robo Investment and AI Chatbots.
The Summit will explore technological innovation across the financial services sector, from developments in established institutions to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
The modern enterprise is becoming an increasingly automated environment: technological advancements in AI, Machine Learning and RPA are allowing organisations to strip out layers of inefficiency, optimise process and enhance productivity. Right across the enterprise, operations are changing in line with new automation tools, from low-level administrative tasks to self-regulating Industrial IoT systems and customer service chatbots.
This conference will contextualise the role of intelligent automation within the enterprise, looking at how the increasing sophistication of AI, RPA and IoT technologies are transforming operations. The conference is geared towards senior IT and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, engagement and high-level networking
The Conference
The Energy sector is changing: the challenging economic landscape has forced businesses to scrutinise their operations in pursuit of greater productivity and asset efficiency. Meanwhile, the market is growing increasingly diverse as renewables mature and new entrants emerge.
Against this backdrop, digital is becoming increasingly pervasive as companies turn to technology to modernise processes and deliver competitive advantage; from remote monitoring and automation, to data analytics, Machine Learning, asset visualisation and HPC.
Now in its 6th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brings together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme will explore the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Core Themes
Landscape: maximising economic recovery and cross industry collaboration
IT & Digital as a driver of efficiency, business improvement and problem solving
Analytics, data-driven decision making and business intelligence
Asset visibility: performance, conditioning, remote monitoring
Digitising processes and innovating on top of legacy systems
Emerging technologies, AI, IoT, Robotics, Drones, Blockchain
Infrastructure: SCADA, Cloud, hybrid architecture, managed services
Cyber Security, information governance, GDPR
Business is changing: digital technology has permeated every facet of the enterprise, completely transforming the way we work. Digital has disintermediated markets, disrupted organisational structures, created new risks and new revenue streams, while fundamentally altering the way businesses engage with their customer.
There is no coincidence that the most influential companies of our age share a common ability to harness technology effectively. In these exciting and turbulent times, success is increasingly defined by the ability to respond to the fast changing digital landscape, it has become a key distinguisher between growth and obscurity.
DT 2019 contextualised key digital trends and explored the underlying process of organisational change. The conference was geared towards senior technologists and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, discussion and high-level networking.
This is the largest annual Digital Transformation conference held in Scotland - with over 300 attendees in 2018. The event is supported by ScotlandIS and is free for qualifying delegates to attend.
Big Data & Analytics continues to redefine business. Data has transitioned from an underused asset to the lifeblood of the organisation, and a critical component of business intelligence, insight and strategy.
Big Data Scotland is the largest annual data analytics conference held in Scotland: it is supported by ScotlandIS and The Data Lab and free for delegates to attend. The conference is geared towards senior technologists and business leaders and aims to provide a unique forum for knowledge exchange, discussion and cross-pollination.
The programme will explore the evolution of data analytics; looking at key tools and techniques and how these can be applied to deliver practical insight and value. Presentations will span a wide array of topics from Data Wrangling and Visualisation to AI, Chatbots and Industry 4.0.
Key Topics
• Tools and techniques
• Corporate data culture, business processes, digital transformation
• Business intelligence, trends, decision making
• AI, Real-time Analytics, IoT, Industry 4.0, Robotics
• Security, regulation, privacy, consent, anonymization
• Data visualisation, interpretation and communication
• CRM and Personalisation
Service Managers strive to continually deliver better services but the day to day job can mean that they don't have the opportunity to keep up with the latest developments in technology and best practice thinking. Customer journey management, Smart advisors and chatbots, Team collaboration, Robotic Process Automation, Artificial intelligence, Multichannel digital experiences, Pervasive Technologies, Resource Scheduling, Swarming, BRM, DevOps, VeriSM, ITOM, SIAM ... What will give them an advantage?
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. GDPR is a hugely important piece of legislation designed to replace antiquated data protection rules with a new framework which accounts for recent technological advancements.
Fundamentally, GDPR is about protecting people: in this digital age, our world is awash with data and individuals are generating a continuous flow of personal information. This data can hold huge socio-economic value, from individual preference and personalisation, to understanding national health trends and global business insights. But while the digital age has brought forth huge possibilities and benefits, it also carries inherent dangers.
Some of the most powerful companies in the world have established a business model predicated on the basis of data capture. Increasingly, services like email, search and social media have become available free of charge, but this often involves a trade-off where user access comes at the cost of relinquishing control of data. As the value of this information has become clear, there has been growing recognition that a new framework is needed to police this delicate balance and restore ownership and control.
GDPR will significantly raise the bar of obligation and accountability, ensuring that all organisations which handle personal data adhere to strict regulations around privacy, security and consent. This conference will contextualise the changing regulatory landscape, explain the significance of incoming rules, and define the key areas that organisations need to be aware of.
Core conference topics include:
Key legal issues and obligations
Privacy Impact Assessments
Data security and breach notification
Privacy by design
DPO requirements
Practical strategy implementation
This Summit explored technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market. The summit was geared for senior technologists, business leaders, innovators and investors, and will bring these key stakeholders together for knowledge exchange, discussion and cross-pollination.
Core conference topics included:
• Landscape: Social, Geo-political & Financial
• Regulation: GDPR, PSD2, Open Banking & APIs
• Customer Strategy: UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI & Payments
• National Strategy: Skills, Funding, Collaboration & Cyber Security
• Infrastructure: IT, Digital, Cloud & Mobile
This Summit explored technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market. The summit was geared for senior technologists, business leaders, innovators and investors, and will bring these key stakeholders together for knowledge exchange, discussion and cross-pollination.
Core conference topics included:
• Landscape: Social, Geo-political & Financial
• Regulation: GDPR, PSD2, Open Banking & APIs
• Customer Strategy: UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI & Payments
• National Strategy: Skills, Funding, Collaboration & Cyber Security
• Infrastructure: IT, Digital, Cloud & Mobile
Cloud has proved to be one of the most transformative technologies of the modern age, it has signalled a fundamental shift from large on-site IT estates to Cloud based solutions which deliver greater agility, elasticity and predictability. Cloud has also served as an important enabler of many of the core emerging technology trends, particularly: Big Data, IoT and the shift to Mobile.
For many businesses this shift has given rise to a profound cultural revolution within the organisation and a core change in the nature of IT as a discipline. In this regard, IT has evolved from a background technical role and become much more central, business-focussed and service orientated.
At a market level, Cloud has also enabled the facilitation of rapid development and scalability of high growth businesses. Many start-ups simply would not have been able to grow at the same pace if it had not been for Cloud technology. The elasticity of the Cloud has served as a springboard to rapid testing, and the fail-fast culture, which have proved to be a crucial element of recent market disruptions.
Whilst Cloud technology has brought a lot of valuable attributes to the table, Cloud services come with an array of contractual complications and distinctions. IT leaders must navigate an increasing range of options, balance the benefits of public, private and hybrid options, while still ensuring overarching culpability for their organisations data security and compliance requirements.
This conference will bring senior technologists together to discuss the business impact of Cloud, and provide a valuable forum for knowledge exchange, discussion and cross-pollination. The programme will contextualise the evolution of Cloud technology, with presentations spanning trends, research, solutions, challenges and practical use cases.
The conference is organised by DIGIT with support from ScotlandIS and will be free for IT Leaders to attend.
Technology increasingly permeates every facet of modern business, from communications to CRM systems and customer analytics. IT and Digital have been drawn from a background support function and re-positioned as a core driver of strategy, value creation and competitive edge. This tectonic shift has placed senior technologists at the heart of the organisation, making them integral to decision making and leadership.
The DIGIT Leader Summit will explore this evolution of Information Technology as a discipline, discussing the increasing role of senior technologists in driving innovation and efficiency and shaping business strategy within their organisation. The programme will also consider some of the crucial components of leadership, looking at culture, vision, team building, up-skilling and communication.
The Summit is geared for senior IT and Digital leaders and is designed to promote knowledge exchange, best practice and collaboration in a friendly open forum. The event will be held at Dynamic Earth in Edinburgh on 24th May 2017 and will be free for delegates to attend.
Oil & Gas ICT Leader 2017 - Day 2 April 20thRay Bugg
The industry is changing: against a challenging backdrop with a ‘lower for longer’ economic forecast, Oil & Gas companies are turning to technology to modernise and improve their operations. This transformation has seen IT repositioned as a core business technology, drawn from a background support function to a crucial centre of value creation and innovation. This tectonic shift places IT leaders in a vital position within their organisation, ensuring existing assets and emerging technology are effectively harnessed to deliver tangible business outcomes.
Cost reduction is still the primary mandate for most organisations, with ongoing efforts to strip back overheads and address key areas of inefficiency to cope with tightening budgetary restraints. But while the pursuit of ‘more for less’ has become a fundamental necessity, it is important that the strategy employs sufficient safeguards to avoid stifling long term progress. Organisations need to retain the personnel, the skills and the tools to ensure they still have the capacity to innovate.
One of the most prevalent trends of recent years has been a concerted move towards greater automation. Organisations are increasingly incorporating sensors, robotics and live data feeds to enhanced remote operations. But this digitisation of process is not just taking place in far flung fields; across the operation, digital technologies are being applied to enable improved visibility and insight. And data analytics is increasingly being used to evaluate asset performance, and enhance predictability, forecasting and decision making.
Whilst operators have made strides to address inefficiencies and create faster, more agile processes, there are still several barriers to progress. Organisations need to adapt their structure, break down internal silos and allow more cohesive and collaborative engagement. This collaboration also needs to extend to the wider supply chain and external partners across the industry. Skills and leadership is also a key barrier to progress, while cultural inertia still poses a problem for the industry and needs to be tackled head-on if digital transformation ambitions are to be achieved.
This conference will bring together IT leaders from across the world for knowledge exchange, thought leadership and collaboration. Now in its 4th year, the conference has established itself as the must-attend event for IT leaders working in Oil & Gas. The programme will explore the use of Information Technology in driving tangible business benefits, with topics spanning: data analytics, cloud, cyber security, automation, leadership and culture.
Oil & Gas ICT Leader 2017 - Day 1 April 19th Ray Bugg
The industry is changing: against a challenging backdrop with a ‘lower for longer’ economic forecast, Oil & Gas companies are turning to technology to modernise and improve their operations. This transformation has seen IT repositioned as a core business technology, drawn from a background support function to a crucial centre of value creation and innovation. This tectonic shift places IT leaders in a vital position within their organisation, ensuring existing assets and emerging technology are effectively harnessed to deliver tangible business outcomes.
Cost reduction is still the primary mandate for most organisations, with ongoing efforts to strip back overheads and address key areas of inefficiency to cope with tightening budgetary restraints. But while the pursuit of ‘more for less’ has become a fundamental necessity, it is important that the strategy employs sufficient safeguards to avoid stifling long term progress. Organisations need to retain the personnel, the skills and the tools to ensure they still have the capacity to innovate.
One of the most prevalent trends of recent years has been a concerted move towards greater automation. Organisations are increasingly incorporating sensors, robotics and live data feeds to enhanced remote operations. But this digitisation of process is not just taking place in far flung fields; across the operation, digital technologies are being applied to enable improved visibility and insight. And data analytics is increasingly being used to evaluate asset performance, and enhance predictability, forecasting and decision making.
Whilst operators have made strides to address inefficiencies and create faster, more agile processes, there are still several barriers to progress. Organisations need to adapt their structure, break down internal silos and allow more cohesive and collaborative engagement. This collaboration also needs to extend to the wider supply chain and external partners across the industry. Skills and leadership is also a key barrier to progress, while cultural inertia still poses a problem for the industry and needs to be tackled head-on if digital transformation ambitions are to be achieved.
This conference will bring together IT leaders from across the world for knowledge exchange, thought leadership and collaboration. Now in its 4th year, the conference has established itself as the must-attend event for IT leaders working in Oil & Gas. The programme will explore the use of Information Technology in driving tangible business benefits, with topics spanning: data analytics, cloud, cyber security, automation, leadership and culture.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
ScotSecure 2020
1. WELCOME TO DIGIT’S 6th ANNUAL
SCOT-SECURE
EDINBURGH - DYNAMIC EARTH - 19TH & 20TH FEBRUARY 2020
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
2020
Part of Orange Cyberdefense
DAY 1
6. Global reach
12 markets
`
Offering choice
240,000 Restaurant Partners, serving over 100 different cuisine types
Diversified customer base
28m active customers, placing over 221 million orders in 2018
A fantastic team
Over 3,600 employees globally
*data correct at 13 July update 2019
A LEADING GLOBAL
HYBRID
MARKETPLACE FOR
ONLINE FOOD
DELIVERY
9. 9
Hacker, security, team builder, function
creator
Father
Sports - cycling, crossfit, crossfit
coaching….
Cars, bikes, cars...
Constantly learning
Wonders how I got here!
Maryland cookies and unicorns….
19. 19
Building our team
• Being realistic in our expectations
• Hiring people with the right mindset - this is often more valuable
than ‘knowledge’
• Looking internally…
We have successfully moved people from other teams into the
security team!
• Remember security is everyone's responsibility!
We engage with other teams to work with us and deliver our
goals
Providing and awesome working environment and career
progression
Use your imagination!
20. 20
Creating a Space to be Awesome!*
PURPOSE
AUTONOMY
MASTERY
INCLUSION
NEGATIVE factors that detract
*Credit Mark Williams - ChromeRose
21. 21
Embrace cognitive diversity
- Challenge conventions
- Build a team that treats everyone
fairly*
- Be open to differences
- Encourage open conversations
- Be open and welcome challenges!
- Embrace change and actively engage
with people who have different
viewpoints or ways of thinking
*But avoid the trap of being overly ‘PC’
24. 24
Have a coffee*
- Build connections
- Listen to people
- Not every conversation needs to be
about security…
*not by yourself...*Thanks Little black duck for image!
25. 25
Engage with the business
- Not that sort
- But seriously get involved
- Be part of the team
- Be partof the conversation
- Always think
- ‘how can we help
deliver better, faster
AND safer’
- NEVER
- ‘Security says no’
*not that sort...
26. 26
How can I make you an advocate?
- Make every interaction positive
- Never blame
- How can we do better next time
- Genuine no blame culture
- ‘Security is helpful’
- ‘They helped me succeed’
*Thanks The Childhood League Center for image!
27. 27
Be an enabler
Security must enable the business if it ever wants to become part of the business
To provide appropriate security and risk guidance at the speed of the business
To be flexible and able to pivot to meet changing requirements
- Evolving threat landscape
- Changing business needs and priorities
28. 28
Finally… The public
• The trust of your customers and partners is
paramount
• They don’t care about tech
• They care how you treat them
• Perfection
• Appropriate and honest
• Don’t be the unlocked house!
*Thanks Maple Moon Web Design for image!
29. 29
• We are all in this Together
• Engage Engage Engage
• Understand how people work and their goals
• Be an agent of change... Drive organisational improvements
• Make people care, not just aware!
Culture Culture Culture
Leverage the wider teams in your business
Be a business enabler
Takeaways*
1
*Pun Intended ;)
51. Social normalization of deviance
“People within the organization become so much
accustomed to a deviant behavior that they don't
consider it as deviant, despite the fact that they far
exceed their own rules for elementary safety.”
Diane Vaughan
52. Breaches increased 71%
24%
suspect or have verified a
breach related to open source
components in the 2019 survey
14%
suspect or have verified a
breach related to open source
components in the 2014
survey
source: DevSecOps Community Survey 2014 and 2019
53. The speed of exploits has compressed 93%
Sources: Gartner, IBM, Sonatype
56. source: 2019 DevSecOps Community Survey
Quickly identify who is faster than their adversaries
57.
58. March 7
Apache Struts releases
updated version to
thwart vulnerability
CVE-2017-5638
Today
65% of the Fortune 100
download vulnerable
versions
3 Days in March
March 8
NSA reveals Pentagon
servers scanned by
nation-states for
vulnerable Struts
instances
Struts exploit published
to Exploit-DB.
March 10
Equifax
Canada Revenue Agency
Canada Statistics
GMO Payment Gateway
The Rest of the Story
March 13
Okinawa Power
Japan Post
March 9
Cisco observes "a high number
of exploitation events."
March ’18
India’s AADHAAR
April 13
India Post
December ’17
Monero Crypto Mining
Equifax was not alone
@llkkaT
59. Complete software bill of materials (SBOM)
2019 No DevOps Practice 2019 Mature DevOps Practices
19%
50%
Source: 2019 DevSecOps Community Survey
61. 1.3 million vulnerabilities in OSS components
undocumented
No corresponding CVE advisory in the public NVD database
62. At what point in the development process does your
organization perform automated application analysis?
2019 No DevSecOps Practice 2019 Mature DevSecOps Practices
63. Automation continues to prove difficult to ignore
Source: 2019 DevSecOps Community Survey
2019 No DevOps Practice 2019 Mature DevOps Practices
64. Trusted software supply chains are x2 more secure
Source: 2018 State of the Software Supply Chain Report
65. I see no see no prospect in the long run for
avoiding liability for insecure code.”“
Paul Rozenzweig
Senior Fellow, R Street Institute
2018
67. 1. An up to date inventory of open-source components
utilized in the software
2. A process for identifying known vulnerabilities within
open source components
3. 360 degree monitoring of open source components
throughout the SDLC
4. A policy and process to immediately remediate
vulnerabilities as they become known
January 2019
source: https://blog.pcisecuritystandards.org/just-published-new-pci-software-security-
standards
68. Solve your supply
chain problems
1 Solve your own
quality problems
– trust but verify
2 Create discipline
and continue to
do it(4)!
3(4)
69.
70. 2/21/2020 70
WICUS ROSS
SENIOR SECURITY RESEARCHER
@WICUSROSS
INTELLIGENT SECURITY
Why understanding your attack surface matters
74. 2/21/2020 75
Equifax has confirmed that attackers entered its system in
mid-May through a web-application vulnerability that
had a patch available in March. In other words, the
credit-reporting giant had more than two months to
take precautions that would have defended the personal
data of 143 million people from being exposed. It didn't.
https://www.wired.com/story/equifax-breach-no-excuse/
75. 2/21/2020 76
WE’RE DEALING
WITH MASSIVE
COMPLEXITY,
FLUIDITY &
ASSYMETRY
How do attain an advantage
over the threat in a chaotic
reality where the odds are so
heavily stacked against us?
78. 2/21/2020 79
Recon plays a major role while hacking on a program. Recon
doesn’t always mean to find subdomains belonging to a
company, it also could relate to finding out how a company is
setting up its properties and what resources they are using“
80. 2/21/2020 81
WE’RE DEALING
WITH MASSIVE
COMPLEXITY,
FLUIDITY &
ASSYMETRY
How do attain an advantage
over the threat in a chaotic
reality where the odds are so
heavily stacked against us?
81. 2/21/2020 82
Intelligence led security is the collection, aggregation,
correlation and analysis of both internal and external data to
understand risks, identify threat actors, discover and minimize
attacks or losses already underway, and understand and predict the
methods and actions of likely adversaries.
83. 2/21/2020 84
TRADITIONAL ‘INTELLIGENCE’
Given that a specific IP is given to be acting
suspiciously by a Threat Intelligence source,
what is the probability that the IP will be
observed acting suspiciously again later?
“Less than 10% of all the IPs we produced
as ‘intelligence’ were involved in other
suspicious behavior. For actual Threat Lists
and for all practical purposes, the
performance was much worse than that”.
Threat Intelligence
Lab
Our T.I. petri dish
environment
Honeynet Lab
Our honeynet petri dish
environment
3.59%
14.73%
86. 2/21/2020 87
1. information concerning an
enemy or possible enemy or
an area
2. the ability to learn or
understand or to deal with
new or trying situations
87. 2/21/2020 88
Observe the Landscape
SD Labs
Detect attacks and
compromise
MTD
Understand where
you’re vulnerable
MVS
INTELLIGENCE LED SECURITY
Know your enemy
Know yourself
88. 2/21/2020 89
Observe the
Landscape
Understand
where you’re
vulnerable
Detect attacks
and
compromise
Collect Correlate
Triage Analyse
Strategize Execute
Measure
INTELLIGENCE & PROCESS
=
AGILITY & CONSISTENCY
=
MEASURABLE CHANGE
89. 2/21/2020 90
WHY MANAGED INTELLIGENCE?
1 FOUR P’S
Do we want to spend
our time and effort
doing the basics
when modern
security needs to
be agile?
People, Process,
Platform and
Project
Management are
tedious and
expensive if not
core business.
2 SKILL
Do we have the
resources, experience
and environment to
retain our own set
of capabilities?
Appropriate skills
are incredibly
difficult to
identify, hire,
equip and retain
in a competitive
market.
3 AGILITY
Do we have the
environment to
continuously extend
and adapt our
scanning capability?
VM is not plug-
and-play and
continuous
investment is
required to
respond to new
bugs.
90. 2/21/2020 94
IN SUMMARY
• We face overwhelming odds
• Intelligence Led Security can help tip the scales in our favour
• Intelligence is as much about understanding oneself as about understanding
the adversary
• All intelligence must start with understanding the Threat, and understanding
the Attack Surface
• Intelligence cannot be commoditized – it requires methodical collection of
data fed into a disciplined process
• Vulnerability data is one of the key elements of intelligence every business
needs
• Intelligence Led security requires a balance between consistency and agility
• For most organisations, this lends itself strongly to outsourcing… to the right
partner
• The ideal partner must deliver on the basics led by solid intelligence, in a
principled, skilled & transparent way.
93. Aligning the
Cybersecurity
Function with
Organisational
Strategy
1) How to build a forward looking security architecture capability
2) Embedding strategic threat intelligence in product
development
3) Choosing security standards and moving the bar
4) Managing security change in an impatient world
5) Agile? DevOps? No problemo!
98. What is
StrategicThreat
Intelligence
INFORMING DECISIONS information
+ analysis
+ inferences
a tool for
decision making
=
Our mission: to provide forewarning of
security threats toTSB to minimise harm to
our customers, staff, and business
102. Interlinked
Frameworks
TELLINGSTORIES
1) Control Framework
o Functional and Non-Functional Requirements
o Technical Controls
o Gap analysis
2) Program Framework
o Establish maturity
o Communicate roadmap objectives
o Compare quantitively against peers
3) Risk Framework
o Identify key risks
o Prioritise remediation
o Articulate security posture in real terms
111. SECURITY AWARENESS IN PRACTICE
Garry Scobie
Deputy Chief Information Security Officer
112. • Identifying the challenges to overcome when
introducing a security awareness program
• An overview of real-life attacks on the
organisation, which help to shape our
thinking on awareness training
• Suggested solutions using the current
awareness program at The University of
Edinburgh as an example
Agenda
This Photo by Unknown Author is licensed under CC BY-ND
113. • Security breaches are announced almost weekly
• Users may rightly ask why bother with security?
• Some believe it doesn’t apply to them.
• “I’m going to be hacked anyway.”
• “I’ve nothing important to lose.”
• “Mandatory security training? But I’m a ….”
• “We have clever people. They won’t be phished.”
Why bother?
This Photo by Unknown Author is licensed under CC BY-NC-ND
114. • I see a lot of good practice.
• Others, however…
• “Do I have to ask suppliers about their
security?”
• “Are there any loopholes in GDPR that I can
use to get around it?”
• “Can we just not bother?”
• This makes for a challenging environment.
A challenging environment
This Photo by Unknown Author is licensed under CC BY-SA-NC
115. • The environment is complex
• Connecting everybody with everything
• Who reads terms and conditions, and
understands what it actually does?
• InfoSec remit covers a huge area of policy,
tech and guidance
• A common support call is “I’ve found this
piece of software. Is it okay to use from an
InfoSec perspective?”
Challenge 1 - Complexity
This Photo by Unknown Author is licensed under CC BY-NC
116. • The sheer volume of data,
messages, things for people to click
on and access.
• How is our message going to stand
out, let alone get through?
Challenge 2 - Overload
This Photo by Unknown Author is licensed under CC BY-NC-ND
117. • Everyone is important in helping all of us to
be more secure. Fostering awareness cannot
lose sight of this.
• The message must appeal and be
understood by all. Be wary of jargon.
• Is the awareness training you provide
accessible and achievable by all your users?
• Different audiences – message may have to
be modified. Tech v non-tech
Challenge 3 - Diversity and Accessibility
This Photo by Unknown Author is licensed under CC BY-SA-NC
118. • Security awareness must add value.
• Not just be a drain on resources.
• Competing against all other priorities.
• Security awareness is not a one-off.
• Whatever you do has to be ongoing.
• It’s a continual process of revisiting, revising
and reinforcing.
Challenge 4 - Justifying budgets
This Photo by Unknown Author is licensed under CC BY
119. • The image of Information Security needs to
change
• Pictures of hoodies with dark glasses in
basements is dated and turns people off
• InfoSec needs to be approachable
Challenge 5 – Image
This Photo by Unknown Author is licensed under CC BY
120. • How do you know if your message is
getting across?
• Are you making a difference?
• How can you tell?
Challenge 6 - Measuring Effectiveness
This Photo by Unknown Author is licensed under CC BY-NC
121. • Ensure security awareness is embedded
and becomes the norm for the
organization.
• Rapid turnover of staff and students is a
challenge
• Long serving staff
• Not just being aware, but understanding.
Challenge 7 – Cultural Change
This Photo by Unknown Author is licensed under CC BY
122. • An internationally-acclaimed
seat of learning.
• Reputation for research and as a
pioneer of discoveries and
scientific breakthroughs.
• A major employer.
The University of Edinburgh
123. • Data theft – PII of staff and students.
• Financial gain – handling of student fees;
large employer; contracts with third
parties; Research grants.
• Espionage – centres for research hold
valuable intellectual property – you
name it, it’s probably being researched.
• These are highlighted in our awareness
program.
The University is a target
This Photo by Unknown Author is licensed under CC BY
124. • Lack of awareness
• Phishing
• Malware/Ransomware
• These are linked together
• Helps to shape our thinking on
awareness training
• Relate advice to incidents helps to
make it real
Top Cyber Threats
This Photo by Unknown Author is licensed under CC BY
125. • There are deliveries everyday and emails
informing users of them
• Phishing is typically Ransomware or grab of
credentials
• Don’t pay. Restore from backups
• No reading of email and browsing the web
while logged in with a privileged account
• Evidence suggests top targets for phishing
attempts are research/medical
Phishing
This Photo by Unknown Author is licensed under CC BY-NC
126. • Academics concerned over phishing attacks which
they spotted, but how did they get that personal
data about them?
• Academic on-line profile is full of useful data.
• Biography, teaching and PhD Supervision,
research, projects, publications.
• Social engineering using social media.
• We can’t hide away. Just be aware of what you put
out and be on guard whenever someone new
approaches you.
Spear and Whale Phishing
This Photo by Unknown Author is licensed under CC BY
127. • A fake conference with website
• A real conference with fake website
• A real conference and an email spoof claiming
delegate hasn’t paid
• Problem with the registration process
• Fill in an attachment
• Offer a discount on hotels, transport
• Announcing on social media
Conferences
This Photo by Unknown Author is licensed under CC BY
128. • Disk full alerts, email account upgrade
or suspended, doing a routine
maintenance and you need to provide
your credentials
• IT Services would never do this
• Phone scams on increase
• Texts
• Watering hole sites/fake domains
• Fake pages linked to library systems
Other Phishing attacks
129. • Spear Phishing - targeting key personnel for
urgent payments
• Mandate fraud – change of supplier bank details
using fake website to spoof bank details. Receive
payment to fake supplier bank account.
• Spoofed invoices
• All the above prevented due to internal controls
• Students giving money to “money advisers.”
Lottery scam. Accommodation scams.
Fraud
This Photo by Unknown Author is licensed under CC BY-SA
130. • System compromises due to lack of or
delay in patching.
• Bitcoin miner code searches for other
computers on the network and attempts
to compromise.
• Failure to patch can impact on everyone.
Bitcoin Miners
This Photo by Unknown Author is licensed under CC BY
131. • Legal requirement for public sector
• We have developed an understanding of
what we can say in respect of security
• You don’t want to map out your tech
• We are often asked how many cyber
attacks have we had?
• We have also been asked how many
University properties are haunted?
Freedom of Information
This Photo by Unknown Author is licensed under CC BY
132. • The University dates from 1583. Has a
sprawling mix of buildings. We are proud
of our estate and encourage openness.
• Physical thefts do occur.
• Clean desk policy.
• Wear lanyard, be prepared to challenge.
Physical Security
133. • Seven focus groups across a range of schools and
business units.
• The themes of Empowerment, Awareness, Values,
Behaviours, Adherence, Accountability,
Responsibility, and Cultural Norms were discussed
• Helped to benchmark and reinforce the direction
we were taking.
• Staff want the information to enable them to do
the right thing.
Cyber Security Cultural Assessment
This Photo by Unknown Author is licensed under CC BY
134. • Users are our best defence.
• A no blame culture that encourages people to speak
up, point out, challenge.
• Consensus on what is important and aligned to the
business with a common language.
• Stress the need for users to handle their own
personal data in the same way.
The way forward
This Photo by Unknown Author is licensed under CC BY-SA
135. • Don’t be afraid to try different things and fail
• Buy-in from the top
• GDPR Champions network - Use those who do
get it to help others get on-board
• InfoSec Champions network
• Make it fun - Don’t turn your users off
• Enthusiasm can’t be faked. Enjoy your subject.
The way forward
This Photo by Unknown Author is licensed under CC BY-NC-ND
136. • Working with the Digital Skills Program
• Security Awareness Week
• Fraud Awareness Week
• New staff welcome sessions
• Creative Learning Festival
– Medieval Castles
– Victorian Fan Language
The University of Edinburgh
137. • The Internet Survival Guide
• Fraud, Phishing and Social Engineering
• Why is InfoSec important to me and you?
• Practical encryption for staff and
students
• Mobile phone security
• Ransomware
• Introduction to the InfoSec team
• Choosing software from an InfoSec view
• How Hackers Attack
• Hacking, Cybercrime and the Movies
Awareness Sessions
138. • Massive Open Online Courses
• Digital footprint initiative
• 3 week online course which includes
developing an effective online
presence, managing your privacy,
creating opportunities for networking,
balancing and managing professional
and personal presences
(eprofessionalism).
MOOC
139. • On-line training
• Embedding security in projects
– Question sets for procurement
• Top Tip Flyers
• Phishing Simulation
• Merchandise and Branding
• Podcasts
The University of Edinburgh
140. • Increase in take up of training and support calls.
• Increased reports of phishing emails.
• Engagement at project initiation.
• Requests for vulnerability scans and pen tests.
• Invitations to visit schools and colleges.
• One school now starting their own internal
security awareness program.
• We are working with one College to develop
bespoke information security training for senior
managers to help them understand local risks.
KPI’s
This Photo by Unknown Author is licensed under CC BY-ND
144. - Former Anonymous
- Former Military Intelligence (SIGINT ELINT)
- Penetration Tester
- Threat Intelligence
- “Cyber-Terrorist” -2016 International Business
Times
Mike Jones
155. WELCOME TO DIGIT’S 6th ANNUAL
SCOT-SECURE
EDINBURGH - DYNAMIC EARTH - 19TH & 20TH FEBRUARY 2020
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
2020
Part of Orange Cyberdefense
DAY 2
156. GREG VAN DER GAASTHead of Information Security
@SalfordUni
@digitfyi #scotsecure
University of Salford
DAY 2 SESSION 1
158. Greg van der Gaast
-22 years in “Cyber”
-Milw0rm
-Investigator with FBI/DoD
-Architecture, CGI 250k endpoints, NATO KFOR & ISAF
-Creation of “clean sheet” InfoSec programmes
-Head of Information Security @ UoS
-CMCG, Security advisory
-Legal portfolio work: M&A, assessments, contracts
-InfoSec leadership/proactivity evangelist, lecturer,
trainer, author, and general loudmouth
-PowerPoint flunkie
#whoami
162. -4,070,000 people “information
security skills gap.”
-Growing complexity, standards,
models, metrics.
-Spiralling security costs/budgets.
-Ever-increasing number of breaches.
But why?
InfoSec “Pains”
163. Why is this happening? Why isn’t InfoSec catching these?
-A disengaged technical culture. Lacking people/business alignment.
-Tunnel vision, refusal to step back. E.g. Zero Day vs Every Day.
-Industry indoctrination, standardisation, no fitted holistic approach. We’ve
standardised people and thinking out of the process.
-Spiraling complexity, models, metrics, etc.
-Lack of business visibility, accountability, and proactive leadership.
People & Culture
164. Do you/Does your InfoSec have:
-Awareness of, and thorough engagement with, IT and the business?
-Effective input into others’ processes?
-Initiative in communication with senior management?
-Identify root causes beyond the technical and “user error”?
-Clear, holistic, long term strategy/programme? (Not just tools!)
Finally… “The English Test”
*Free Advice - What to Check?
165. Client with data on 40M+ UK individuals. Address, financial, and more.
What did I find?
-SIEM hilarity.
-Almost every server (hundreds) and desktop had multiple (old!)
critical vulnerabilities.
-Inaccurate reporting about patching effectiveness.
-Vulnerabilities (from scans) often dismissed as false positives with no
investigation, removed from reports to client.
-45,000 undocumented firewall rules.
-Live data mixed in Test environment, DR DBs without controls, etc.
But… ISO 27001, PCI, CAS(T) certified.
A Real Example?
166. One day the MSP decided to “upgrade” the client’s web server.
It was vetoed.
After much discussion at the upper echelons, the OK was given provided the
updated website could pass a vulnerability scan.
The scan found no “major” issues and the site updates went live.
Guess What Happened Next?
Don’t Worry, It’s Fine.
168. The vast majority of large breaches have something in common:
InfoSec failed to be proactive in securing the business.
Missing the Obvious
-British Airways
-Marriott
-Equifax
-Capital One
-Travelex
170. Have a cat meme instead.
The Funny Slide Formerly Titled
“Testimonials” (Not Allowed)
171. What have you got to lose? What could you gain? You might just be
the one stopping this from happening to your organisation.
Be a hero. Have a look.
Engage!
Chin Up.
172. Enjoy Scot-Secure, and please reach out!
Greg van der Gaast
linkedin.com/in/gregvandergaast
greg@cmcg.it
www.cmcg.it
Thank You!
191. Quorum Cyber
Get the Board On-board
• Enable them to measure the
performance of security investment
• By building them a board-focused cyber
security risk framework
• Using Threat Modelling to drive risk
understanding and appetite
192. Quorum Cyber
25 Threat actors
50 TTPs, 150 IOCs
7 SOC staff (560K OPEX)
9x5 Detect capability
External support for IR
7 Controls (750K CAPEX)
4 Controls (350K OPEX)
We can Detect 45 (30%)
IOCs
We can respond to 70%
of incidents
Residual risk:
- 70% IOCs
- 30% Incidents
Benefit of Investment
• 910K OPEX
• 750K CAPEX
193. Quorum Cyber
We need YOU! to take extreme ownership and arm
the The Board with the right tools to measure your
own performance
196. 2
What was once a finite and
defendable space is now a boundless
territory ─ a vast, sprawling footprint
of devices, apps, appliances, servers,
networks, clouds and users.
197. 3
Explore SonicWall’s exclusive
threat intelligence to help
you better understand how
cybercriminals think — and be fully
prepared for what they’ll do next.
198. 4
GLOBAL CYBER ARMS RACE
SonicWall recorded
9.9 billion malware attacks
in 2019, a 6% dip to the
record-breaking 10.52
billion recorded in 2018.
INSIDE CYBERCRIMINAL INC.
Cyberattacks were more targeted
and evasive with higher degrees of
success, particularly against the
healthcare industry, and state,
provincial and local governments.
199. 5
1.1 MILLION +
Global Sensors
215 +
Countries & Territories
24 x 7 x 365
Monitoring
< 24 HOURS
Threat Response
100,000 +
Malware Samples Collected Daily
27 MILLION +
Attacks Blocked Daily
SONICWALL CAPTURE LABS THREAT NETWORK
201. 7
Security Advances Criminal Advances
Web App Attacks
Double
Phishing Down
for Third Year
Cryptojacking
Crumbles
Fileless Malware Spikes
in Third Quarter
Encrypted Threats
Growing Consistently
IoT Attack
Volume Rising
Advancements in
Deep Memory Inspection
Momentum of
Perimeter-Less Security
Faster Identification of
‘Never-before-Seen’ Malware
Ransomware Targets State,
Provincial & Local Governments
KEY FINDINGS FROM 2019
203. 9
New intelligence suggests that some
security vendors — and respective
innovative technology — are setting new
standards for protection against ‘never-
before-seen’ malware variants.
FASTERIDENTIFICATIONOF‘NEVER-BEFORE-SEEN’MALWARE
Speed and accuracy are critical
attributes in identifying and
mitigating new or emerging threats.
SonicWall is identifying
‘never-before-seen’
malware variants a full
1.9 days before samples
are submitted to
VirusTotal.
1.9
Days
Faster
204. 10
ADVANCEMENTS IN DEEP MEMORY INSPECTION
‘Never-Before-Seen’ Malware Variants Found by RTDMITM
RTDMITM
discovered 153,909
‘never-before-seen’
malware variants in
2019 — attacks
traditional sandboxes
likely missed.
205. 11
ADOPTION OF PERIMETER-LESS SECURITY
For decades, protecting networks was entirely focused on defining
perimeters and setting up defensive layers to keep threats out.
That approach doesn’t scale anymore.
In response, the adoption of zero-trust security models began to gain
traction in 2019. Secure access service edge (SASE), a new network
security model coined by Gartner, received the most notoriety.
SASE — and solutions like it — help shape how organizations secure
their networks and data. SASE platforms combine software- and
service-based networks to unify different security solutions via
flexible pricing models.
Zero-Trust Network Access | Secure Access Service Edge | Secure Network as a Service | Firewall as a Service | Secure SD-WAN as a Service
“Designing a new way forward —
a future without network
perimeters — was the only way to
properly manage and mitigate
tomorrow’s most innovative
cyberattacks.”
Sagi Gidali
Co-Founder, Perimeter 81
Solution Naming Conventions
206. 12
Mirroring how malware is being leveraged,
cybercriminals are being more targeted
with phishing, too. This means less volume,
but more sophistication.
PHISHING DOWN FOR THIRD STRAIGHT YEAR
SonicWall Capture Labs threat researchers
recorded a 42% decline in overall phishing volume,
the third straight year the attack vector declined.
42%
207. 13
Despite a late surge in
December, cryptojacking
malware finished with 64.1
million total hits in 2019,
a 78% drop since July.
CRYPTOJACKING CRUMBLES
2019 Cryptojacking Signature Hits
210. 16
SonicWall found that
incidents using highly
evasive fileless
malware increased in
the second and third
quarters of 2019.
FILELESS MALWARE SPIKES IN Q3
2019 Fileless Malware Attack Volume
211. 17
ENCRYPTED THREATS GROWING CONSISTENTLY
SonicWall
recorded 3.7
million malware
attacks sent
over TLS/SSL
traffic, a 27.3%
year-over-year
increase.
2019 Encrypted Malware
212. 18
SonicWall
discovered a
moderate
5% increase in IoT
malware, with total
volume reaching
34.3 million attacks.
IOT ATTACK VOLUME RISING
But with a deluge of new
IoT devices connecting
each day, increases in IoT
malware attacks should
not only be expected, but
planned for.
Global IoT Malware
213. 19
SonicWall Capture Labs
threat researchers recorded a
52% year-over-year increase
in web app attacks.
WEB APP ATTACKS DOUBLE
SonicWall recorded spikes across the final
seven months of the year to push total web
app attack volume past 40 million.
52%
214. Download the complete 2020 SonicWall
Cyber Threat Report for critical threat
intelligence to better understand how
cybercriminals think — and be fully
prepared for what they’ll do next.
SonicWall.com/ThreatReport
PREPARE FOR
WHAT’S NEXT
215. FREHA ARSHAD
Senior Manager
Accenture
Val Mann
CSO Supplier Assurance
Lloyds
IAN CHISHOLM
Director, Information Security
@ChisInfosec
Charles River
DAY 2 SESSION 2
STREAM 1 MAIN HALL
@Freha_25
@digitfyi #scotsecure
236. What do we
have here?
18000 staff
50000 IT-connected assets
Doubled in size in 4 years
Frequent acquisition and integration
110 sites worldwide – Los Angeles to Tokyo
Growing in China
237. Threat
Landscape
•Pre-clinical drug testing and research
•Including animal testing
•Data Integrity is main part of “CIA”
My environment:
•Nation states (accelerate research, Panda)
•Animal rights activists
•Huntingdon “SHAC”
•PETA
•Anti-USA (Kitten, Chollima, Bear APT’s)
•Opportunistic (ransomware, CEO fraud)
Specific threat actors
238. Common
Challenges
What
assets/networks/remote
access points do you
have in your environment?
Active
vulnerability
scanning of *ALL*
possible ranges
(10.0.0.0/8)
Every acquisition is
different – many have little
or no InfoSec
Rip and replace
Inherited, and legacy environments
Siemens delivered BRAND NEW Server
2000 driven device
239. Preparing for
a major
incident
Write your incident response plan. Socialise
and exercise it with your team
Share your plan with stakeholders
Don’t forget Marketing, Board, Legal, HR, DP
Do you need/want to retain external legal
advisors?
240. Mid-incident
Do you have your essential
roles filled?
Have your IR leads been
trained?
Remember your scribe, and
handovers
Keep the circle small
244. Skills Gap?
What Skills gap?
•Global IT security
skills shortages
have now
surpassed four
million,
according
to (ISC)2.
“4 million
unfilled
positions”
245.
246. Stress and
burnout
Average tenure of a CISO is
Just 26 Months
88%: "moderately or tremendously stressed"
48%: detrimental impact on their mental
health
40%: affected their relationships with their
partners or children
32%: repercussions on their marriage or
romantic relationships
32%: affected their personal friendships
23%: turned to medication or alcohol
https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-
high-stress-and-burnout/
249. Classification: Limited
Helping Britain prosper is our purpose and includes the
way in which we interact with our suppliers.
Our portfolio of brands gives us a presence in nearly
every community in Britain and this reach is
complemented by our network of suppliers.
Our suppliers are an essential part of Lloyds Banking
Group and play a vital role in supporting the Group’s
purpose and vision of Helping Britain prosper, to remain
the best bank for customers and deliver sustainable
growth.
Supplier Assurance is about protecting the networks,
systems and data of Lloyds Banking Group and our
suppliers from ever evolving malicious threats and
attacks. These attacks could be made on our supply chain
potentially giving the intruder a way into LBG.
Add a Footer 236
Started in Intelligent Finance just as it launched in 2001 working as
the IT Resource Manager
• Supported Government by writing the National occupational
Standards for IT and Project Management
• Encouraged young women to consider IT as a career by IF
sponsoring “Computer Clubs 4 Girls”
Moved into Change Management and led the operations and risk
function for the newly created Lloyds Banking Group Change
function.
2015 saw me move into Supplier Assurance, starting with a small
team which has rapidly expanded.
250. Classification: Limited
SUMMARY
Cyber security is increasingly a priority issue for
organisations. 78% of businesses (vs. 74% in 2018) and 75%
of charities (vs. 53% in 2018) now rate it as a high priority.
This year, 32% of businesses and 22% of charities have
identified breaches or attacks. Among these organisations,
the most common attacks are:
• phishing emails (80% of businesses and 81% of
charities experiencing breaches or attacks)
• others impersonating their organisation online (28%
and 20%)
• viruses or other malware, including ransomware
(27% and 18%).
Businesses and charities are taking action on cyber security
as a result of the General Data Protection Regulation (GDPR)
introduced in May 2018. However, many could still take a
more holistic approach around staff engagement and
training.
Many could also review their risk management approaches.
Only 58% of businesses and 53% of charities have taken
action towards 5 or more of the Government’s 10 Steps to
Cyber Security.
Add a Footer 237
32% 22%
Of businesses/charities
identified cyber
security breaches or
attacks in the last 12
months
Is the average annual cost for
businesses/charities that lost
data or assets after breaches
£4,180/£9,470
Key: UK BUSINESSES
UK CHARITIES
EXPERIENCE OF BREACHES OR ATTACKS
Among the 32%/22% identifying breaches or attacks:
32%
29%
Needed new
measures to
prevent future attacks
27%
32%
Took up staff
time dealing with
breaches or attacks
19%
21%
Had staff stopped
from carrying out
daily work
48%
39%
Identified at least
one breach or
attack a month
Data taken from the Department for Digital, Culture, Media and Sport 1 Cyber Security Breaches Survey 2019:Statistical Release
251. Classification: Limited
Dealing with Breaches
or Attacks
Add a Footer 238
57
33
5
62
27
6
UK CHARITIES
% immediately
% within 24 hours
% within a week
% longer than a week (2% for
businesses and5% for charities)
% don’t know (3% for
businesses and 1% for charities)
UK BUSINESSESTIME TAKEN TO IDENTIFY THE MOST
DISRUPTIVE BREACH OR ATTACK OF THE
LAST 12 MONTHS
Q. How long was it, if any time at all,
between this breach or attack occurring
and it being identified as a breach?
62 57
27 33
6 5
Bases: 616 businesses that recalled their most disruptive breach or attack in the last 12 months; 185 charities
252. Classification: Limited
What are Lloyds
Banking Group doing to
improve the security
posture of the supplier
community?
Add a Footer 239
Lloyds Banking group Chief Security Office (CSO) 3rd
Party strategy for 2020 is to “enhance the supplier
assurance end-to-end journey, to improve the
context, understanding and risk management of the
supplier”.
7% 2%
2018
2019
Key:
49
10
HPFs Raised
126
26
OFs Raised
2.7
1.25
Avg HPF per review Avg OF per review
7
2.25
% of 2018 / 2019
findings raised
associated with
Law Firms
We continue to see a decrease in findings when we compare
2018 / 2019
1877 / 2118
Is the total findings
raised for all suppliers
throughout 2018 / 2019
Criticality Assessment Tool:
Segments the supplier based on four key domains:
• Cyber
• Resilience
• Data Privacy
• Conduct
Tailored Test plan:
Based on the segmentation, intelligence findings and
previous reviews.
Assurance Reviews:
One to four days onsite
Cyber SMEs conduct the review
Remediation:
Security SME to Supplier interaction to ensure all
findings are suitably evidenced and closed out
timeously.
Our bespoke E&A programme is already paying dividends. When we look at specific supplier
groups, we have seen a decrease in the number of findings being raised year on year.
The graph below demonstrates the improved position with Law Firms in respect of issues raised
against DLP from 2018/2019.
253. Classification: Limited
SECURITY APPRAISAL SCORECARD
Add a Footer 240
STRIDE
Spoofing Identity
Impersonating something or someone else
Tampering
Modifying data or code
Repudiation
Claiming to have not performed an action
Information Disclosure
Exposing information to someone not authorised
to see it
Denial of Service
Deny access to or degrade service to users
Elevation of Privilege
Gain capabilities without proper authorisation
254. Classification: Limited
EDUCATION & AWARENESS
Add a Footer 241
It is my Team’s
responsibility to provide
specialist security
knowledge to aid in
reducing supply chain risk,
and we have created a
bespoke engagement site
to provide our suppliers
and supplier managers with
the best Education &
Awareness modules we
can.
Throughout the year we
run face to face sessions
with suppliers, refresh
previous learning modules
to keep them current and
run internal online sessions
for our supplier managers.
255. Classification: Limited
HELPING BRITAIN PROSPER
The management of our supply chains remains to be one of the
highest risks for the Group. Suppliers play an important role in
the IT operations of every organization, and Lloyds Banking Group
is no exception. Whether it's the purchasing of hardware or
software, the commissioning of Cloud services, or perhaps
working with law firms or external consultants, our suppliers are
fundamental to
Our third-party assessments helps to improve supplier's security
posture and improve the financial services supply chain whilst
Helping Britain Prosper.
Add a Footer 242
257. PAUL PATRAS
Associate Professor, The School of Informatics
The University of Edinburgh
MALCOLM GRAHAM
Deputy Chief Constable
Police Scotland
HANNAH RUDMAN
Strategic Transformation Director
@hannahrudman
Wallet.Services
@paulpatras
@wallet.services
@DCCMGraham
DAY 2 SESSION 3
STREAM 6 MAIN HALL
@digitfyi #scotsecure
263. We need to share data to complete
shared goals
Building systems for sharing data is
expensive
BUSINESSES
NEED DATA
264. WHY HAVE
WE NOT SOLVED
THIS?
• We are starting at the wrong place
• We keep building walls
• Walls work until the threat changes
• We keep changing what we do
265. OUR LAST LINE
OF DEFENSE SHOULD
BE OUR FIRST
• You cant lose what you don’t have
• We should adopt the strategy of “when” not “if”
• Data should be stored in a method that if it gets
breached it is beyond use
• Everything should be protected unless it is
classified as non sensitive
266. Dr Hannah Rudman
There are significant IT,
trust, transparency and
security dangers
The Internet and organisational IT is not
designed for sharing sensitive data
267. Dr Hannah Rudman
DLT means you can securely share data with
confidence
Even if it’s stolen or
intercepted, data cannot
be viewed or altered
269. Permissioned DLT via wallet services makes the network
cybersecure
Wallet services facilitate highly granular access permissions across multiple organisations
Name
Big Org Ltd.
Registration #
15474821
Registered Address
3 Lady Lawson Street
Name
Small Org Ltd.
Registration #
453657684
Registered Address
156 Bread Street
270. Wallet services
SICCAR’s wallet services give granular
access permissions verifying
organisations onto the network and
validating the delegates via
authorised ID data
Active Directory
Delegates of orgs bring own ID
(e.g. email username, password,
biometric ID validated by org
AD)
271. Cybersecurity Value
• Authentication and authorisation to access SICCAR is using the
latest industry standards
• All data that is added to a SICCAR process is encrypted by default
• Permissioning to this data is agreed by all the parties, and written
to the ledger as part of publishing a process
• Data can only be decrypted if a user is a member of a wallet that
data was sent to
• Access to the wallets is controlled by the owning organization by
adding and removing employees from the wallets which can be
managed using the organizations pre-existing user directory. (AD).
272. Anonymously reporting
cybersecurity breaches in oil
and gas sector
• More cyber attacks on Industrial Control
Systems
• Joint ventures = complex ecosystems of
computing, networking and physical
systems
• Little intersection of IT and OT
• Low sector cyber maturity
• Reputation and brand matters
273. ASSURING ANONYMITY & SENDING CYBER-ATTACK DATA
VALIDATING & ADVISING
WORKFLOW
PROCESS
Operator Tier 1 Operator Tier 1
274. CLAIM: I AM A
VERIFIED DELEGATE
[DEVICE ID + SECURITY
CERTIFICATE] + ORG
[AUTH ID]
Org 1
ATTESTATION:
IS VALID ORG
Org 2
ASSURING CLAIMS & ATTESTATIONS FOR GUARANTEEING
ANONYMITY
CLAIM: I AM A
VERIFIED DELEGATE
[DEVICE ID + SECURITY
CERTIFICATE] + ORG
[AUTH ID]
ATTESTATION:
IS VALID ORG
DELEGATED
DISCLOSURES
275. THANK YOU
FOR JOINING
DIGIT!
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
See you at the next event…
www.digit.fyi/digit-scotland-events
Part of Orange Cyberdefense