Videos for InfoSec Awareness

sans

It was another fantastic event by SANS. This time, apart from a regular line up of great speakers, there were some interactive workshops.

Javvad Malik facilitated one of them and challenged the participants to create their own awareness videos.

javvad

It felt like we covered the entire production cycle in under two hours: we talked about brainstorming, scripting, filming styles, editing and much more! But the most important part was about putting the ideas into practice and we actually got to create out own security awareness videos.

The audience was split into several groups, each tasked with producing an engaging clip with only one requirement: it shouldn’t be boring.

Javvad’s tips certainly helped and with a bit of humour, my team’s video won the first prize!

snip20190111_1

If you would like to learn more, check out Summit Archives for presentation slides, including Javvad’s workshop deck and past events.


Vienna Cyber Security Week 2018

energypact_oranizers_version-eventmeldung

I’ve spend last week in Vienna at the annual intergovernmental conference focused on protecting critical energy infrastructure.

The first two days were dedicated to the issues of security and diplomacy.

A number of panel discussions, talks and workshops covered the following topics:

  • Implementing the EU strategy for safe, open and secure cyberspace
  • Cyber-threats to critical energy infrastructure
  • Operational resilience
  • Reducing the risks of conflicts stemming from the use of cyber-capabilities
  • Cyber-diplomacy: developing capacity and trust between states

JkVjIud6Si2cm1Ws687l6Q_thumb_3f22

For the rest of the conference we moved from the Diplomatic Academy of Vienna to Tech Gate, a science and technology park and home to a number of local cyber startups.

We’ve discussed trends in technology and cyber security, participated in Cyber Range simulation tutorial and a scenario-based exercise on policy development to address the growing cyber-threat to the energy sector.

UNADJUSTEDNONRAW_thumb_3f40

AIT Austrian Institute of Technology together with WKO Austrian Economic Chambers, ASW Austrian Defence and Security Industry, and the Austrian Cyber Security Cluster hosted a technology exhibition of latest solutions and products as well as R&D projects.

Participants had an opportunity to see state-of-the-art of next generation solutions and meet key experts in the field of cyber security for protecting critical infrastructures to fight against cyber-crime and terrorism.

Talks continued throughout the week with topics covering:

  • Securing the energy economy: oil, gas, electricity and nuclear
  • Emerging and future threats to digitalised energy systems
  • Cyber security standards in critical energy infrastructure
  • Public sector, industry and research cooperation in cyber security
  • Securing critical energy infrastructures by understanding global energy markets

UNADJUSTEDNONRAW_thumb_3f5e

The last day focused on innovation and securing the emerging technologies. The CIO of City of Vienna delivered an insightful presentation about on cities and security implications of digitalisation.  A closing panel discussed projected trends and emerging areas of technology, approaches and methods for verifying and securing new technologies and the future of the cyber threat.


IoT Security Foundation

IoT

It’s the second year I’m attending the IoT Security Foundation conference and it continues to be a great event.

Strategic and technical tracks run in parallel with vendor showcases and means that there’s something interesting for everyone.

It’s great to see industry practitioners and academics coming together to discuss the ethics of IoT, challenges with design and development and the direction of travel of security.

Some of recorded talks are available on the IoTSF website.

Best practice guidance on vulnerability disclosure, connected consumer products and security compliance framework are available to download.


I’ve been shortlisted for Security Serious Unsung Hero award

https-cdn.evbuc.comimages34832967976773616111original

I’ve been nominated for a Security Serious Unsung Hero award in the Best Educator category. This will be awarded to a professor, lecturer or teacher who leads by example to inspire and motivate the next generation of cyber security professionals. I’m humbled to be considered. Thank you!

Join me at the event.


Sharing views on security culture

Talk01

I’ve been invited to talk about human aspects of security at the CyberSecurity Talks & Networking event.  The venue and the format allowed the audience to participate and ask questions and we had insightful discussions at the end of my talk. It’s always interesting to hear what challenges people face in various organisations and how a few simple improvements can change the security culture for the better.


Presenting at SANS European Security Awareness Summit

It’s been a pleasure delivering a talk on the psychology of information security culture at the SANS European Security Awareness Summit 2016. It was the first time for me to attend and present at this event, I certainly hope it’s not going to be the last.

The summit has a great community feel to it and Lance Spitzner did a great job organising and bringing people together. It was an opportunity for me not only to share my knowledge, but also to learn from others during a number of interactive sessions and workshops. The participants were keen to share tips and tricks to improve security awareness in their companies, as well as sharing war stories of what worked and what didn’t.

It was humbling to find out that my book was quite popular in this community and I even managed to sign a couple of copies.

All speakers’ presentation slides (including from past and future events) can be accessed here.


Presenting at the IT & Security Forum

ITSF

I was invited to speak at the IT & Security Forum in Kazan, Russia. The conference spanned over three days and combined technical and non-technical talks, round table discussions and vendor presentations.

I spoke about the friction between security and productivity in the Oil & Gas sector. The participants shared their issues, after which we discussed potential solutions.

It was great to see that security managers in the audience recognised the potential negative impact to the business of poorly implemented security policies and controls and that they are willing to tackle such challenges.