The eleventh Secure South West (SSW10) event will be hosted by the University of Plymouth on the 24th October 2018 and offers six presentations delivered by experts drawn from industry and academia, and a panel session. The event is sponsored by Securious Limited; and the south west branches of BCS - The Chartered Institute for IT and the Institute of Information Security Professionals.
As companies begin their Digital Transformation and take advantage of the Cloud Services, how do they ensure that they are providing the security required? With a constantly changing environment what are the key areas that businesses need to address to keep their data secure? This talk covers the Digital Transformation and what are the key areas that businesses need to focus on to make sure that their data and their environment are secure in a constantly changing threat landscape.
Jonathan Burnett is a Partner Technology Strategist at Microsoft in the One Commercial Partner team. Jonathan recently joined Microsoft as a security strategist to help partners build security based solutions. Over the past 10 years Jonathan has worked for several of the leading security vendors providing IT security solutions and thought leadership to some of the largest global organisations. Jonathan has spent 20 years in the IT industry working for a variety of networking and security vendors such as Brocade and Symantec. His career has taken him from support & management to installation, pre-sales and strategist roles. Jonathan is a current CISSP and regularly presents at partner events.
Targeted attacks are now an established part of the threat landscape. Some of them are very sophisticated. However, they typically start by manipulating human psychology to establish a foothold in the target organisation. This presentation will outline some of the tricks they use, what we should do to reduce the chances of becoming the means by which a targeted attacker infiltrates our organisations and some thoughts on developing a corporate security culture.
David Emm is Senior Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. David joined Kaspersky Lab in 2004. He is a member of the company's Global Research and Analysis Team and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee. In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security, and is a knowledgeable advisor on all aspects of online security. David is regularly mentioned in national print press as a cyber-security expert and has a wealth of experience in being filmed for such programmes as Good Morning Britain and BBC News.
Based on Goode Intelligence’s experience of covering the development of the biometrics industry and our primary research, Alan Goode will discuss whether the hype of friction-less user authentication using biometrics will deliver a password-less world. The presentation will include an overview of current biometric adoption across a range of devices and industries, including major drivers and barriers to adoption.
Alan is the CEO and Chief Analyst of Goode Intelligence. Goode Intelligence is a leading cyber security research, analysis and consulting organisation founded in 2007 and is based in London. We specialise in innovation in cyber security and cover authentication, identity, mobile security and biometrics.
A major project, sponsored by the UK National Cyber Security Centre, is under way, with the aim of developing a substantial document offering a guide to the Body of Knowledge in Cyber Security (CyBOK). A nine-month scoping phase was undertaken through 2017, with extensive engagement of the community, and now the project is actively developing descriptions of nineteen Knowledge Areas, with international subject experts forming the group of authors and reviewers. Each Knowledge Area will also be open to public review. This presentation will describe the process so far, and the Knowledge Areas being defined, as well as soliciting input for a later phase of the project when Learning Pathways based on the CyBOK will be defined.
Prof. Andrew Martin undertakes research and teaching in the area of Systems Security, in the University of Oxford. He was instrumental in setting up the University's Cyber Security Network and helps to lead it, heading Oxford's EPSRC/GCHQ-recognised Academic Centre of Excellence in Cyber Security Research. He directs the Centre for Doctoral Training in Cyber Security, which admits 16 students each year for inter-disciplinary education and research. His recent research focus has been on the technologies of Trusted Computing, exploring how they can be applied in large-scale distributed systems, particularly cloud computing, mobile devices, and the internet of things. He has published extensively in this area, hosting several related international events in Oxford and speaking on the subject all over the world. Andrew wrote a doctoral thesis on the subject 'Machine-Assisted Theorem Proving for Software Engineering', in the early 1990s. He then worked as a Research Fellow in the Software Verification Research Centre at the University of Queensland, Australia. Returning to the UK, he was briefly a lecturer at the University of Southampton, before returning to Oxford to take up his present post in 1999. Dr Martin is a fellow of Kellogg College, Oxford, and a Trustee of Bletchley Park.
For organisations to effectively address cyber security risks we need to evolve how we work with our third party suppliers. Agile project management techniques and multidisciplinary teams offer a unique opportunity. This presentation evaluates using attack trees when working with two very different external suppliers.
Annette is the Security Architect in Met Office Business Group which has the responsibility of transitioning the Met Office commercial estate using an innovative delivery mechanism and a new cloud based architecture. She has over 14 years’ experience working in IT and is solely responsible for managing the security requirements in the change programme, providing advice and guidance to the Senior Leadership Team and ensuring that they are informed about the risk of delivery from a security perspective. In her previous role as a technical lead, Annette designed and implemented new and innovative approaches to Cyber Security and represented the Met Office at Big Data Analytics (White Hall Media 2015) on the use of analysing large data sets to deliver actionable security intelligence for the business. She is on the external advisory panel for Computing at Plymouth University and was a keynote speaker at https://www.plymouth.ac.uk/whats-on/women-in-stem.
Social Engineering should be a key aspect to any security awareness training. Trainers need to understand participants’ expectations and backgrounds, and query how can they can achieve compliance at the end of a training session. This interactive session will explore the threat posed by social engineering, and in particular the problem of phishing. Phishing emails are a cheap and easy means for attackers to target users, who are frequently presented as the weakest link. As such, the workshop will demonstrate an interactive approach to a security awareness training session, allowing delegates to directly explore their understanding of the threat and the extent to which they may be exposed to it..
Ismini Vasileiou is a Lecturer in Information Systems and Programme lead of the BSc (Hons) Digital and Technology Solutions at the University of Plymouth (including a Cyber Security Analyst pathway), with research interests including security education and technology-supported learning. She holds an EdD in Flexible Learning for Computing Degrees in Higher Education, and is a Senior Fellow of the Higher Education Academy. She is actively involved in academic delivery at both undergraduate and postgraduate levels, as well as the supervision of postgraduate research. She has previously published on topics including flexible learning, security education and technology-supported delivery, and has delivered a variety of invited presentations and keynote talks into relation to topics such as unconscious bias and stereotypes in STEM topics. Dr Vasileiou is currently the Chair of the STEM special interest group within the International Academic Peer Learning Leadership group, and is also actively involved in professional body activities for the computing sector, including current roles within the BCS South West Branch as the Chair, BCSWomen as the EDI officer, and the BCS Learning and Development Specialist Group.
Today’s technology landscape presents an ever-widening range of devices that people may use for both personal purposes and business benefits. However, security demands often mean that the technology needs to be controlled to reduce the risks in an organisational context. This can represent a barrier to staff (who wish to do things that require reducing the security) and an overhead for IT administrators (who have to manage an increasingly wider range of devices). As a consequence, we have a conflict between the inherent capabilities of the technology, the desires of its users, and needs of the business. The panel will consider how such conflicting demands can be managed and resolved!
Steven Furnell (Professor of IT Security, Plymouth University)
Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, an Adjunct Professor with Edith Cowan University in Western Australia, and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is the current chair of Technical Committee 11 (Information Security and Privacy) within the International Federation for Information Processing (IFIP), and a Board member and Fellow of the Institute of Information Security Professionals (IISP). He is the author of over 290 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society, and Computer Insecurity: Risking the System. He is also the editor-in-chief of Information & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium. Further details can be found at the CSCAN website, with a variety of security podcasts also available. Steve can also be followed on Twitter (@smfurnell).
Stuart Baker (Cyber Security Strategist, Securious Limited)
Stuart Baker is a cyber security professional specialising in digital forensics and has experience of working in both public and private sectors including Devon and Cornwall Constabulary, Consilio LLC and Sitel. His experience includes working as a mobile device examiner for Devon and Cornwall Constabulary’s Data Forensics Unit. During his time at the unit, he assisted in the implementation of ISO 17025 and helped expand the unit’s technical capabilities in mobile and vehicle examinations. Stuart holds a first-class honours degree in Digital Forensics from Staffordshire University and completed a year’s work placement at a global eDiscovery company working as a forensic technician. Stuart gained valuable experience in building, repairing and supporting computers, mobile phones and other IT equipment during his two years working in front line technical support for a large IT company.
Andrea Burns (Strategy and Culture Director, Catapult Solutions Ltd)
With a background in leading teams and business development across the IT, Training and Engineering sectors, Andrea is dedicated to improving employee engagement, driving improved human capital and business results. As a leadership and productivity expert, Executive Leadership Coach, Master Coach and Director of Catapult Solutions Ltd and Axiometrics Partners Europe Ltd, Andrea understands the pressures and dynamics facing Leadership today. A passionate advocate of Axiology – the science of value – Andrea uses its insights to help organisations create the culture required to deliver their vision through the attraction, retention and development of their people. She has successfully used the broad Axiometrics™ toolset (based on the work of Research Philosopher Dr. Robert S. Hartman) to deliver performance improvement for individuals and businesses. When Andrea is not helping organisations create the Right Culture that delivers their vision by ensuring they have the Right Values, Right Risk and Right People she can be found in the Dorset hills on her horse and occasionally competing in local show jumping competitions.
John Finch (Information Governance Manager, Plymouth City Council)
John Finch is the Information governance manager for Plymouth City Council, responsible for Data protection, security policy development and management, managing the Information Asset Register managing security incidents, providing security advice for the Council and partners, providing security awareness education for senior management. Previously John spent 7 years in a technical security role, as IT Security manager for Plymouth City Council, managing the compliance of the Council network and technical breaches. John has been chair of several regional security forums, including the SW WARP and Devon Information Security partnership, and has been a conference speaker at National Information Security conference in 2008 and 2010. He was involved with the delivery of the IA guidelines for the Public Services Network delivered by the cabinet office. John is a current CISSP, and undertook an IT masters degree at Plymouth University in 2001, with a thesis in Approaches to establishing IT security culture.