Yasser I. G. Sukkar has held several IT leadership roles over his career where he helped transform organizations by modernizing their IT infrastructure and processes. At Regional Information Technology Institute, he helped establish dedicated infrastructure and technical support. As IT General Manager at Deminex, he led a successful migration to Microsoft platforms and improved network infrastructure. As Head of IT at RWE Dea Egypt, he helped centralize standards and link IT activities across multiple sites. Currently as Director of Shared Services Technology Group at National Bank of Egypt, he has helped mature operations through documentation, skills training, and launching an IT Service Management program.
One of the most strongest and demanding field in the IT industry. Government as well as private sectors looking for skilled professionals who can protect their company from the cyber attacks.
There appears to be lot of confusion around what security based certifications should one opt for. Which one is affordable? Will that be worth doing w.r.t career path in security. Will that cost and time devoted be justified on achieving that certification? Is it in tune with the trends in the market?
This presentation will drill down to present a solution based approach in identifying and choosing the right certification track based on your interest area of specialization in information security field. Open discussion will be done on what to do once you have achieved your dream certification.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
One of the most strongest and demanding field in the IT industry. Government as well as private sectors looking for skilled professionals who can protect their company from the cyber attacks.
There appears to be lot of confusion around what security based certifications should one opt for. Which one is affordable? Will that be worth doing w.r.t career path in security. Will that cost and time devoted be justified on achieving that certification? Is it in tune with the trends in the market?
This presentation will drill down to present a solution based approach in identifying and choosing the right certification track based on your interest area of specialization in information security field. Open discussion will be done on what to do once you have achieved your dream certification.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
OpenStack in the Enterprise - Interop Las Vegas 2014Seth Fox
OpenStack has been making tremendous progress, with production deployments proliferating globally. But is OpenStack hardened and ready for the Enterprise? Is it mature enough to run production and mission critical workloads? Does it adequately address security and compliance requirements? We believe that the
answer is a resounding “yes”.
This session will deliver the insights you need to fully embrace OpenStack by addressing:
Common Pitfalls - common reasons why OpenStack deployments typically fail in enterprise environmentsInterop_Las_Vegas
Economics - total cost of ownership of a typical OpenStack footprint within the enterprise, and highlight the areas where benefits are primarily achieved
Ecosystem - the importance of the OpenStack ecosystem, and why this helps the enterprise in the short and long-term
Private, Public or Hybrid - where to deploy one of the models, and explain why OpenStack is the right choice for all of them
Real world enterprise case studies - successful deployment models
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
OpenStack in the Enterprise - Interop Las Vegas 2014Seth Fox
OpenStack has been making tremendous progress, with production deployments proliferating globally. But is OpenStack hardened and ready for the Enterprise? Is it mature enough to run production and mission critical workloads? Does it adequately address security and compliance requirements? We believe that the
answer is a resounding “yes”.
This session will deliver the insights you need to fully embrace OpenStack by addressing:
Common Pitfalls - common reasons why OpenStack deployments typically fail in enterprise environmentsInterop_Las_Vegas
Economics - total cost of ownership of a typical OpenStack footprint within the enterprise, and highlight the areas where benefits are primarily achieved
Ecosystem - the importance of the OpenStack ecosystem, and why this helps the enterprise in the short and long-term
Private, Public or Hybrid - where to deploy one of the models, and explain why OpenStack is the right choice for all of them
Real world enterprise case studies - successful deployment models
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Regional Information Technology Institute (RITI)
May1992 till April1995
Title: Technical officer and support engineer
Was
◦ Established with no who’s who
◦ No dedicated infrastructure
◦ Outsourced for other’s training
◦ Public events handling
◦ Limited organization
◦ Shared resources
◦ No technical support for other OU’s
Became
◦ Who’s-who built, filled & tracked
◦ Increased customer base
◦ RITI activities awareness increased
◦ Fully equipped laps and infrastructure
◦ Adopting others and self training
◦ Initiating First distance learning systems
◦ Perform resource & material rescue solely in
several event
◦ Global technical support for many OU’s in RITI,
RITSEC & IDSC
3. Microsoft Egypt
May1995 till December1996
Title: ECU “Enterprise consultant unit”
Microsoft Was
◦ Being under initiation and legalization
◦ 6 staff members + 6 interims
◦ Depending on Reps
Microsoft Became
◦ Support in closing major deals.
◦ Participate in Microsoft Middle-east act
◦ Third certified MCSE in Middle-east
◦ First certified MS-Networking essentials
◦ Documented for 2 winning stories (replacing
Microsoft back-end SNA) with Mainframe
terminal services)
◦ Installing 2nd major MS-Exchange server
4. American Chamber of Commerce (Egypt)
Jan1996 till June1997
Title: MIS Manager
AmCham Was
◦ Acquisition platform for AMCHAM, IT
◦ Limited technical support office
◦ No Web-Security
◦ No Financial transactions enabled
◦ Manually fed Databases
◦ Non-layered infrastructure / Networks
AmCham Became
◦ High performance platform established
◦ Internal and external support provisioned
◦ Matchmaking & web interfaces designed
◦ Event related electronic announcements
◦ Enabled Web security and signatures
◦ Enabled Web with financial transactions
◦ Databases are fully interfaced and automated
◦ Networks & infrastructure redesigned and
layered.
5. Deminex (Before RWE)
June1997 till December1999
Title: IT General Manager
Deminex Cairo offices Was
◦ Legacy (Vax) platform
◦ GroupWise mail system
◦ Very old LAN / WAN infrastructure
◦ Poor tie lines ( 64 KB) over X25
◦ Initial process of RWE Acquisition
◦ No standards sets
◦ Old Voice systems (Meridian mail)
◦ Poor end users’ service provisioning thus
personalized
◦ IT limitations for business strategies and expansions
Deminex Offices Became
◦ Successful and smooth Migration to MS-DC
◦ Legacy system total shutdown
◦ Smooth migration to MS-Exchange 5.5
◦ LAN innovation to UTP CAT 6 / better switches
◦ Upgrading WAN to Frame-relay / Orange Hub
◦ Upgrading / speeding round trips for traffic (100 MS)
◦ Securing lines between sites (Cairo / GMBH)
◦ Initiating the (German Oil and Gas) Brand for acquisition
◦ Setting mutual standards for global objects sets with head
offices
◦ Integrating Voice systems (Meridian mail with Alcatel
systems GMBH)
◦ Initiating New Building setup, coo working with
electromechanical acts
◦ Finalizing central DC, and licenses contracts for clients and
applications
◦ Global participating in Year 2000 shifting plan successfully
6. (GEOGE) RWE Dea , Egypt
Jan, 2000 till October, 2010
Title: Head of IT integration and strategic planning
GEOGE Was
◦ Not an active member in IT DSS in Main offices
◦ Domestically running its projects and IT standards
◦ No linkage with main office global agreements
◦ Running its local services processes successfully
◦ Initiating documentation for all its standards
◦ Initial phase of transfer to RWE Dea, Egypt instead
◦ Running temporary standards, yet not globalized
◦ Only one building with very advanced infrastructure
◦ Only one data center with simple layout and low security
GEOGE Became RWE Dea, Egypt
◦ Initiating the first Global IT manager semi-annual meeting in GMBH
◦ Exchange and coordinate IT experiences (Cairo / Germany)
◦ Integrated project along the whole RWE Branches
◦ Considering Cairo standards as more expressing sets
◦ IT Centralization for all IT management systems among sites
◦ Unified standards deployment for all IT layers and procedures
◦ GEOGE, became RWE Dea Egypt Branches officially
◦ Merging and unifying all IT contracts along the whole sites
◦ Participating in infrastructure, fields plans, drilling activities, contracts, and
supply chain projects along all sites
◦ Yasser I. G. Sukkar became Head of IT sector in Egypt
◦ Yasser I. G. Sukkar elected, participated in the focus leadership program
with remarkable announcement and success rates
◦ Initiating projects for saving man-day time at a specific operational layer
successfully, and globally deployed.
◦ Linking more 4 buildings to the main building including infrastructure
(power / data / voice)
◦ Finalizing full security, access, inventory using RFID applications
◦ Finalizing the second online / mirror data center with full documentation
and infrastructure mapping and life tests.
7. National Bank of Egypt (NBE)
Nov. 2010 till Present time
Title: Director, Shared services technology group (SSTG)
NBE Was
◦ SSTG activities was newly established
◦ NBE was at transition of IT organization
◦ No fixed scopes, no fixed procedures & processes
◦ Many functional conflict of interests
◦ Yasser I. G. Sukkar received an aggressive plan for renovating IT
environment
◦ Some dead projects for long years blocking innovation activities
◦ Cross cultural conflicts was on the ground
◦ Huge legacies and as-is operations for last many years
◦ Issues with staff skills and knowledge inventory
◦ Many Silos in operations layers.
◦ No written procedures for each operation pillar
◦ No fixed compliance or valid reports to rely on.
SSTG Became
◦ Better matured after re-organization and segregation of authorities
◦ Link functions and creating full procedures documents for each pillar of IT
operations
◦ Re-building knowledge at the service desk activities
◦ Initiating knowledge transfer sessions for all staff in IT
◦ Rebuilding the mission and vision of IT services at the top management level
◦ Increase the communication amongst pillars and enforce openness
◦ Handling one of the biggest dead projects in NBE till its officially closed and
delivered after 13 years of malfunction @ 0 cost
◦ Splitting the huge org-chart and map it to the actual operations
◦ Handling the pillar of sstg Job description and review individual scope
◦ Set KPI’s and measurement for performance, and rewarding methodology to
comply with IT business nature
◦ Build a link between pure business directions and IT practices.
◦ Link IT activities with other compliances and non-IT functioning OU’s
◦ Initiating the concept of IT Decision support systems
◦ Formulating the project of ITSM / IT-DSS in NBE and owned the project
planning and maturity roadmap.
8. National Bank of Egypt (NBE)
Nov. 2010 till Present time (Continued)
Title: Director, Shared services technology group (SSTG)
Initiating ITSM Pillar as an independent OU
◦ Proposed and gain acceptance for building the ITSM organization chart
within NBE OU’s
◦ Initiating and successfully delivering the enterprise log collection system in
NBE IT environment as a core foundation for user’s / system activities
◦ Generate Straight Through processed reports and near real time
monitoring instead of 24 yours after fact reporting
◦ Recharged the teams and initiate motivation plans to increase their skill
sets on both technical and soft skills aspects
◦ Deploy all self based obtained soft and technical skills to share knowledge
and vision with other coworkers and pears to increase the buy-in for the
renewed approaches
◦ Encourage coworkers to provide more efforts and worked on increasing
their awareness via initiating group meeting and presentation and brain
storming sessions
◦ Participate in Graduate School of Banking technology program in
Wisconsin / Madison
◦ Coordinate and shorten the ITSM – IT/DSS project initiation time line by >
70% by optimizing the project workforce and framework.