I’ve spend last week in Vienna at the annual intergovernmental conference focused on protecting critical energy infrastructure.
The first two days were dedicated to the issues of security and diplomacy.
A number of panel discussions, talks and workshops covered the following topics:
- Implementing the EU strategy for safe, open and secure cyberspace
- Cyber-threats to critical energy infrastructure
- Operational resilience
- Reducing the risks of conflicts stemming from the use of cyber-capabilities
- Cyber-diplomacy: developing capacity and trust between states
For the rest of the conference we moved from the Diplomatic Academy of Vienna to Tech Gate, a science and technology park and home to a number of local cyber startups.
We’ve discussed trends in technology and cyber security, participated in Cyber Range simulation tutorial and a scenario-based exercise on policy development to address the growing cyber-threat to the energy sector.
AIT Austrian Institute of Technology together with WKO Austrian Economic Chambers, ASW Austrian Defence and Security Industry, and the Austrian Cyber Security Cluster hosted a technology exhibition of latest solutions and products as well as R&D projects.
Participants had an opportunity to see state-of-the-art of next generation solutions and meet key experts in the field of cyber security for protecting critical infrastructures to fight against cyber-crime and terrorism.
Talks continued throughout the week with topics covering:
- Securing the energy economy: oil, gas, electricity and nuclear
- Emerging and future threats to digitalised energy systems
- Cyber security standards in critical energy infrastructure
- Public sector, industry and research cooperation in cyber security
- Securing critical energy infrastructures by understanding global energy markets
The last day focused on innovation and securing the emerging technologies. The CIO of City of Vienna delivered an insightful presentation about on cities and security implications of digitalisation. A closing panel discussed projected trends and emerging areas of technology, approaches and methods for verifying and securing new technologies and the future of the cyber threat.
I am delighted to invite you to the NextSec Cyber Security Conference ‘The Changing Face of Cyber Security’ on 11 December 2014 at EY, 1 More London Place, SE1 2AF, London.
The conference will provide an opportunity for you to hear senior cyber security leaders, from a range of industries, share their cyber security experiences and insights through presentations following three main themes:
1) the changing cyber threat landscape,
2) the diverse techniques that have been adopted in response to the threat, and
3) the range of cyber security roles across different sectors.
The second half of the conference will address the changing dynamics required for leadership in cyber security including gender diversity and inclusiveness.
An open Q&A panel discussion will close the conference sessions.
- Date: 11 December 2014
- Time: 5.00pm – 8.30pm followed by networking and drinks
- Location: Mulberry Restaurant, EY, More London Place
- Cheryl Martin, Partner, EY
- Leron Zinatullin, NextSec Committee Member and Information Security Advisor, KPMG
Confirmed speakers and panellists:
- Cheryl Martin, Partner, EY
- Sian John, Security Futurologist, Symantec
- Robert Coles, Chief Information Security Officer, GlaxoSmithKline
- Elena Cinquegrana, Associate Director, Navigant
- Lucy Chaplin, Assistant Manager, KPMG
- Freddie Hult, Senior Cyber Resilience Adviser, Cyber Resilience Ltd
Please visit the website to register for free.
NextSec is a networking group of young professionals working in cyber security and information risk management in the UK. The group exists since January 2012 and currently has over 290 members. These 290 members work for over 59 organisations in the UK. We have a diverse representation of young professionals working in financial services, oil and gas industry, industrial goods and retail, marketing, telecommunications, software, technology, professional services, and public sector. For more information about NextSec, please visit our website and LinkedIn group.
During the 8th and 9th of October 2014, I attended the Cyber Security EXPO in London. It was co-located with IP EXPO Europe and presented the participants with an opportunity to partake in knowledge sharing discussions, various talks, trade stands and many more.
(ISC)² London chapter were running their regular community meeting. Everyone could also participate in the RANT event
The selection of presentations was great, ranging from fairly technical to business-oriented.
Bruce Schneier also took part in the event delivering a talk on incident response. It was an interesting discussion on economics and psychology of information security in the context of modern trends.
Finally, it was a great opportunity to finally catch up with my friends, including Javvad Malik, Jitender Arora, Mo Amin and many others.
I’m happy to announce that the registration for the NextSec June 2014 Conference is still open.
Location: Investec Bank plc, 2 Gresham Street, London, EC2V 7QP, United Kingdom
Date: 5th June, 2014
18:00 – The role of a CISO in a cloud, mobile and social world
Speaker: David Cripps, Investec CISO
David is the Information Security Officer for the Investec Group and is responsible for the Group’s information security programme; ensuring that the risks to their information assets are identified and appropriately managed. He has a strong technical and networking back- ground in the finance and telecommunications industry. David has also worked as an elec- tronics instructor in Sri Lanka.
David has been awarded a master’s degree in Internet and Telecommunications Law (LLM). He is a Certified Information Security Manager (CISM), Information Systems Auditor (CISA) and Information System Security Professional (CISSP). David has also been awarded an Ad- vanced Professional Certificate in Investigative Practices (APCIP).
18:25 – The rule of three: cyber resilience in a fast-changing world
The rule of three: cyber resilience in a fast-changing world
- Three walls to structure controls and contingencies against cyber attack
- Three principles to drive the design of practical and focused cyber defences
- Three strategies to maintaining agile, adaptive and sustainable counter-measures to meet the cyber challenge
Speaker: Daniel Barriuso, BP CISO
Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cyber security across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contribu- tor at security forums and events. Prior to joining BP, Daniel was CISO at Credit Suisse and coordinated a number of security initiatives across the financial services sector including the ‘Waking Shark’ response exercise. Daniel also dedicates his time as a Professor at the ‘Universidad Politecnica de Madrid’, where he lectures and researches in the areas of IT governance and information security investment.
18:50 – From Graduate to VP: My journey in the realm of Network Security
Speaker: Raghu Nandakumara , Citi Network Security Manager
Following completion of his MSc, Raghu joined Citi in 2004 as part of the UK Technology Graduate Programme and was placed in the EMEA Information Security Services team. Initially working in Operational Support he was part of a team that were responsible for the maintenance and stability of all perimeter security infrastructure in EMEA, including firewalls, proxies and remote access. He moved into the Network Security Engineering organisation in 2008 and was initially responsible for security service delivery on business projects (including handling large scale divestitures and acquisitions) as well as build out of security infrastructure in Citi’s new strategic data centre in the region. Having spent the last few years being the SME for a few Network Security products he now runs the Net- work Security Engineering Tools and Automation team.
19:10 – ISACA’s Cyber security Nexus (CSX) Program
Overview of ISACA including Cybersecurity Nexus (CSX), ISACA’s recently launched pro- gram that provides insights and resources for cybersecurity professionals.
Speaker: Allan Boardman, ISACA International Vice President
Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, is a risk officer at Morgan Stanley and International Vice President at ISACA. He began his career with Deloitte in Cape Town and has over 30 years experience in IT assurance, risk, security and consultan- cy roles at organizations including JPMorgan, Goldman Sachs, KPMG, PwC, Marks and Spencer, and the London Stock Exchange. He is a past president of ISACA London Chapter and has served on the BCS’ Information Risk Management and Audit Committee. He is a member of ISACA’s International Board of Directors, currently chairing its Credentialing and Career Management Board, and is a member of ISACA’s Strategic Advisory Coun- cil. He has served on ISACA’s Leadership Development Committee and chaired ISACA’s CISM Certification Committee. He was a volunteer at the Paralympics in London 2012 and Sochi 2014, and is a school governor where he chairs the Finance Committee.
Join us on our first 2014 conference focused on sharing knowledge of cyber security for the energy sector. We have a mixture of senior security leaders and NextSec members delivering a rich content to help you on your professional development
Attend this event, to meet and talk with technical experts, and network with like minded professionals from several industries
Information Security – Who is accountable?
Emma Leith BP IST CISO.
This session will discuss the role of Information Security teams in managing information security risks and who is truly accountable for the risks. It will cover some real-life example from BP in how they approached this whilst providing an insight into how they are starting to achieve their goal to ‘make security part of everyone’s job’.
The Importance & Limitations of Cross-Company Collaboration in the Infosec Industry
Adam Wood, National Grid and Michael Ramella, AstraZeneca.
This talk is aimed at covering what it means to truly collaborate within the Infosec industry. Expanding on lessons learned, guidance for successful collaboration will be presented, allowing the audience members to leave with next steps: The ability to understand and clarify their individual and their team levels of collaboration, and how to increase said levels if they so choose.
Securing Industrial Control Networks
Ian Henderson, BP Lead PCN Security Architect.
Ian will introduce Industrial Automation systems explaining how these critical systems have become a security issue. He will explain what can be done to secure these systems and highlight approaches that work. He will also explore the cultural and human aspects related to securing these systems and the perceived divide between the IT security and Engineering communities.
Securing data flows in the Energy sector with an API Gateway
Mark O’Neill, VP Innovation and Antoine Rizk, VP Vertical Markets, Axway.
The energy sector faces new challenges in governing all types of data flows with un-precedent volumes and security requirements. These data flows include; mobile device access for employees and field personnel, customer access for smart meter monitoring and bill payment, public access for locating charging stations and smart grid data exchanges. The speaker will illustrate technical security features and case studies of work with the energy sector.
The impact of major data losses on corporations and individuals
Yiannis Chrysanthou, Cyber Security Analyst.
The recent Adobe data breach exposed account information for 153 million users. This session will describe the means by which an attacker can leverage the Adobe leaked information to launch attacks against corporations and individuals.
Time & Date: 7th March, 2014 15:15 to 19:45
Location: KPMG – Canary Wharf, London
To sign up please complete the form.
Sign up early, limited places are available!
Image courtesy of kongsky / FreeDigitalPhotos.net
I’ve recently joined the NextSec committee to help deliver opportunities to young professionals, so that they can meet and support each other through the first years of their career. We aim to bridge the gap between employers and students, and offer insight to inspire the next generation to join our profession.
NextSec is a networking group for junior professionals working in Information Security and students aspiring to begin a career in this industry.
NextSec’s Aims and Objectives
- Networking and Collaboration. We aim to enable networking, drive active participation and collaboration of junior professionals in cyber security coming from a vast range of industry sectors.
- Education. Facilitate educational events, seminars and workshops delivered at parent organisations by industry experts and leaders, passionate in preparing today’s “next generation” to be tomorrow’s information security workforce.
- Inspiration. Mentor students by providing them with networking opportunities, career advice, job fairs and real insight into the industry to enable them to make informed decisions about their career aspirations.
I’m going to help organise the next event in the first quarter of1 2014. The conference would be hosted by KPMG and be dedicated to information security trends in the oil and gas industry.