I was invited to deliver a lecture on ethical hacking to the graduate students at the University of Bradford. We started off by discussing basic principles and approaches and concluded covering specific tools and techniques.
The students, with various backgrounds ranging from mobile application development, to communications and networks actively participated in the discussion. I was also very happy to share some case studies and real-world examples around vulnerability, threat and risk management.
To expand on my research on the human aspect of security, I created a simplified model to highlight the relationship between productivity and security. The main hypothesis, is that there is a productivity cost associated with the security controls.
The interactive simulation was created and is available at http://www.productivesecurity.org. It allows users to implement their own security policies and observe the relationship between risk reduction and impact on productivity cost. Easy to understand visual feedback is available immediately for the users. This helps to understand security managers’ perspective when implementing security controls in a company.
The creation of the model was inspired by research conducted by Angela Sasse and her colleagues at the University College London.
Please get in touch if you have any feedback or would like to discuss the underlying research findings.
We am delighted to invite you to the NextSec Cyber Security Conference ‘The Changing Face of Cyber Security’ on 11 December 2014 at EY, 1 More London Place, SE1 2AF, London.
The conference will provide an opportunity for you to hear senior cyber security leaders, from a range of industries, share their cyber security experiences and insights through presentations following three main themes:
1) the changing cyber threat landscape,
2) the diverse techniques that have been adopted in response to the threat, and
3) the range of cyber security roles across different sectors.
The second half of the conference will address the changing dynamics required for leadership in cyber security including gender diversity and inclusiveness.
An open Q&A panel discussion will close the conference sessions.
- Date: 11 December 2014
- Time: 5.00pm – 8.30pm followed by networking and drinks
- Location: Mulberry Restaurant, EY, More London Place
- Cheryl Martin, Partner, EY
- Leron Zinatullin, NextSec Committee Member and Information Security Advisor, KPMG
Confirmed speakers and panellists:
- Cheryl Martin, Partner, EY
- Sian John, Security Futurologist, Symantec
- Robert Coles, Chief Information Security Officer, GlaxoSmithKline
- Elena Cinquegrana, Associate Director, Navigant
- Lucy Chaplin, Assistant Manager, KPMG
- Freddie Hult, Senior Cyber Resilience Adviser, Cyber Resilience Ltd
Please visit the website to register for free.
NextSec is a networking group of young professionals working in cyber security and information risk management in the UK. The group exists since January 2012 and currently has over 290 members. These 290 members work for over 59 organisations in the UK. We have a diverse representation of young professionals working in financial services, oil and gas industry, industrial goods and retail, marketing, telecommunications, software, technology, professional services, and public sector. For more information about NextSec, please visit our website and LinkedIn group.
During the 8th and 9th of October 2014, I attended the Cyber Security EXPO in London. It was co-located with IP EXPO Europe and presented the participants with an opportunity to partake in knowledge sharing discussions, various talks, trade stands and many more.
(ISC)² London chapter were running their regular community meeting. Everyone could also participate in the RANT event
The selection of presentations was great, ranging from fairly technical to business-oriented.
Bruce Schneier also took part in the event delivering a talk on incident response. It was an interesting discussion on economics and psychology of information security in the context of modern trends.
Finally, it was a great opportunity to finally catch up with my friends, including Javvad Malik, Jitender Arora, Mo Amin and many others.
Major changes frequently introduced by security projects might be seen as necessary evils without delivering value to the business. To change this perspective, a project manager should proactively manage benefits and make sure they are achievable and verifiable.
The key objectives of benefits management is to ensure that benefits are identified, defined, and linked to the company’s business strategy.
Realistic planning of benefits is the first step to achieve project success. It is, however, an ongoing activity and requires many iterations. In order to drive the realisation of benefits, the following template can be used to capture potential benefits and measure its impact on the organisation
|Benefit||Expected benefit outcome||Benefit Type||Where will the benefit occur?||Who will be affected?|
Image courtesy of ddpavumba / FreeDigitalPhotos.net
The 2014 Cyber Careers Fair event registration is now open.
If you are thinking about a Career in Cyber Security or Technology then why not come along and meet prospective employers and training providers. This is a great opportunity for you to find out what employers are looking for in the graduate market, ask questions in a relaxed environment to HR and junior professionals recently hired by these employers, and to grow your network!
Exhibitors confirmed: KPMG, PWC, Citi Group, Morgan Stanley, Lloyds Banking Group, BP, Microsoft, HP, BAE Systems, Royal Signals – British Army, Cyber Security Challenge and (ISC)2.
Exhibitors invited and to be confirmed soon: EY, Goldman Sachs, AXA, Shell, Royal Bank of Scotland, BT, Lockheed Martin UK, HMGCC, and GCHQ.
Date: 30 October 2014 from 10:30 to 16:30 (GMT)
Location: University of Westminster, 115 New Cavendish St, London W1W 6UW
Visit our website www.nextsec.org and watch a short video of last year’s event.
Please use the link below to register for a free ticket to attend and meet employers and HR teams from the participating organisations.
In what ways are you personally using technology to advance your business sector?
I am an information security specialist: Technology is at the very core of my business sector with innovation as its driving force. I help companies manage their constantly changing IT risks. I enable organisations to do business securely while protecting their assets from cyber threats.
It is important to bring innovative technology products and services that are secure enough to use in today’s interconnected world.
In what ways are you personally using technology to create positive social change?
I am promoting an information security culture regardless of a person’s age or occupation.
Just as people know how to protect themselves, their belongings and information in the real world, they must know how to do the same in the virtual world.
I’m teaching people to extrapolate their secure practices from the physical world into cyberspace to ensure that everyone can live free of fear that they or their children might be the prey of a cyber criminal.
How do you envision your work impacting the world over the next ten years?
I envision a future where my bathroom scale sends my weight to the doctor, my refrigerator tells the store when I’m low on milk, my car notifies my house when I’m away so that it saves energy, etc. My life is interconnected and doesn’t put me at risk of a break-in or identity theft.
In promoting a security culture and technology innovation, I see a community that lives comfortably and does business to its fullest capacity, knowing that they are secure.