Secure South West 8: 7th February 2017

The eighth Secure South West (SSW8) event was hosted by Plymouth University on the 7th February 2017 and offers six presentations delivered by experts drawn from industry and academia, and, a panel session. The event was sponsored by Securious Limited; and the south west branches of BCS - The Chartered Institute for IT and the Institute of Information Security Professionals.


Challenges of deploying IoT virtual private networks
Graham Bartlett (Technical Leader, Cisco Security Services)

In this session the speaker will describe common VPN architectures and describe why the IKE protocol, which was developed nearly 20 years ago can lead to insecure IoT VPN architectures if thought and care is not practiced. We shall describe and demonstrate (live demos!) performing a MiTM and a DoS against a commonly designed IoT VPN architecture. Mitigations to counter these exploits will be described along with tips and tricks to securely connect IoT devices.

Biography

Graham has designed some of the largest and most complex virtual private networks within the UK and worked with customers throughout the world using IKEv2 and next generation encryption. Within this space he has discovered zero-day vulnerabilities, has contributed to numerous IETF RFCs, and has intellectual property patented and published as prior art. He is a CiscoLive speaker, CiscoPress author and has developed Cisco security exam content (CCIE/CCNP). He is a CCP (senior) IA architect, CCP (practitioner) security & information risk advisor, CCIE, CCNP, CISSP, Cisco security ninja black belt and holds a BSc (Hons) in Computer Systems and Networks from the University of Plymouth.

Graham Bartlett


Developing Cyber Skills: A Job Role Centric Approach
Jane Dickinson (Academy Program Lead, CompTIA)

Download slides

As our world becomes ever more interconnected, security readiness is increasingly front and centre.

But security isn't just the responsibility of the cyber professional, it's everyone's job.

Jane Dickinson will talk about CompTIA's approach to supporting individuals and businesses with security readiness:

  • Discover how you can benefit from CompTIA research and resources for you and your business, much of which is available free of charge
  • Hear how CompTIA CyberSecure empowers individuals to keep themselves – and the organisations they work for – safe online.
  • Meet the new CSA+ certification and learn how the CompTIA Cybersecurity Pathway fosters and supports development of the security skills each IT professional requires, according to job role. Certification is great news for IT Pros, the business and your customers – find out more!

Biography

Jane Dickinson is the Academy Program Lead within the Western European team at CompTIA, a not for profit, global IT trade association working to advance the industry through advocacy, education, certification, networking and philanthropy.

Jane is passionate about attracting young people into IT careers and helping educators incorporate industry relevant content and certification in their programmes.

Prior to CompTIA, Jane has many years of sales and marketing experience in IT content publishing/distribution.

Now retired from her beloved sailing and netball, she volunteers at her local ATC squadron in her spare time.

Jane Dickinson


The cyber crime landscape
Samantha Dowling (Office for Security and Counter-Terrorism Research and Analysis Unit, Home Office)

Download slides

A review of recent developments in our understanding of the scale and nature of cyber crime, identifying evidence gaps and future areas of research.

Biography

Samantha Dowling is head of the Cyber Crime Research Team in the Office for Security and Counter-Terrorism Research and Analysis Unit, at the Home Office. Samantha is a social researcher, with a background in psychology and research methods. Publications include: Cyber Crime: A review of the evidence and The nature of online offending.

Samantha Dowling


Industrial Security - Red Team Operations
Thomas Hackner (CEO, HACKNER Security Intelligence GmbH)

Download slides

The increasingly networked industry comes with new chances, but also with new risks. In order to be able to evaluate the actual risk, so-called Tiger Team assessment can be used. Those assessments, specifically tailored to the company's threats, encompass IT security, physical security and social engineering and reflect the actual risk for the company. In this talk, all three areas are discussed and experiences and typical vulnerabilities, like phishing, attacks on doors, video surveillance and alarm systems are demonstrated practically. For every vulnerability discussed, a possible solution will be presented in order to enable the listener to further secure their own company.

Biography

Thomas Hackner, MSc is CEO of HACKNER Security Intelligence GmbH, a company dedicated to high-quality security assessments encompassing every attack possibility, including IT security, physical security and social engineering. Thomas Hackner graduated with honors in Secure Information Systems at the University of Applied Sciences in Hagenberg, Austria. Since then he was supporting the security community in Austria by creating the "Hacking Group" for students in Hagenberg and by founding OpenLocks.at, an organization to support physical security in Austria. He also gives several lectures, including "Advanced Penetration Testing", "Physical Security" and "Windows Security" at the University of Applied Sciences in Hagenberg, Upper Austria and at the University of Applied Sciences Joanneum in Styria. Thomas Hackner is actively engaged in various security projects for corporations in Central Europe focusing on so-called Tiger Team Assessments and securing critical infrastructure, like power plants.

Thomas Hackner


Enhancing the baseline cyber security posture for UK PLC
Robin King (MD, SC2)

Download slides

There is an established acknowledgement that cyber security is critical to UK PLC - particularly in the context of enabling business to prosper in an environment that is a safe place to do business. This is consistent with the objectives of UK Government.

The UK Defence supply chain is an example of how risk is shared as a matter of course throughout collaborating organisations and there is a need for a baseline set of mandatory controls that are critical to its success. The extent of this success stretches beyond the sustainability of the commercial organisations involved as the impact on failure is directly linked to the ability for the nation to provide military capability to defend and protect both at home and in support of overseas operations. The concepts here are similar for most other industry sectors although the impact is potentially less extreme when things go wrong but nonetheless critical to those businesses.

This presentation will consider the various elements key to the ability for the UK to step forward with an enhanced, nationally embraced improvement in baseline cyber security that takes advantage of the opportunity to extend adoption of the UK Government Cyber Essentials Scheme. It will explore the key drivers with views shared from a collection of organisations who are directly addressing the challenges of supply chain assurance.

Biography

Robin is an experienced business manager with specialism within the Cyber Security market. He has held a number of senior roles within a range of companies, bringing together the skills of highly experienced teams to solutions and services to range of markets, notably the Defence and Security sectors in the UK and overseas.

His roles have included senior product management positions within the IBM and Computer Associates business partner communities, Client Management positions with QinetiQ and more latterly Sales and Marketing Director and CEO positions with private equity backed software technology specialist Deep-Secure.

He has overseen market expansion geographically into key regions beyond the UK including the Middle East, Australia and North America along with non-defence markets to include the Critical National Infrastructure (CNI) sector in the UK and Europe.

He has represented the interests of the UK SME sector within UK and International trade organisations to include UKTI, UK Council for Electronic Business (UKCeB), UK ADS Group (as a member of the Defence Small Medium Enterprise Committee) and the internationally recognised Transglobal Secure Collaboration Program (TSCP), with particular interest in secure supply chain interoperability. He was an invited member of the UK Prime Ministerial Trade Delegation to the US in 2015 to represent UK SME Cyber Security interests.

Robin is currently MD of SC2 , a small consultancy business working in the cyber security sector on innovation and supply chain security.

Robin King


Developing a cyber workforce
Rob Partridge (Head of The Security Academy, BT)

Download slides

Rob Partridge will talk about how employers and employees (and those looking for a career in cyber security) can develop skills for themselves and in their workforce using innovative approaches to learning and education, specifically in the security environment. He will also talk about dispelling myths around cyber skills and challenging employers to change their recruitment practices to find talented security professionals.

Biography

Rob Partridge is the Head of The Security Academy at BT, which has three main objectives; Developing the workforce of today, Developing a workforce of the future, and creating a skills pipeline in Cyber Security across the entire industry – this latter element demands that the head of the Security Academy is intrinsically involved in ensuring learning interventions for Cyber Security take place at all levels from Key Stage One through to Higher Education. Creating a cadre of individuals who have the right skills to be employed by organisations like BT is critical to commercial success, and that of UK PLC – and as such is a key part of the role.

Rob has held the position of Head of The Security Academy for two years. Educated in business studies at Leeds Metropolitan University and the University of Kent, Rob has worked for BT for 27 years. He is a member of various employer panels for development of learning solutions (specifically apprenticeships) and is also responsible for hosting Cyber Security Challenge Master Class events on behalf of BT. Rob is also a fire fighter with Devon and Somerset Fire and Rescue service, and in his spare time enjoys running half marathons and marathons, competing in triathlons and, more peacefully, scuba diving.

Rob Partridge


PANEL: Cybercrime: Can we keep up?

In a landscape characterised by hacking, malware, phishing and other online attacks, how is cybercrime affecting trust and confidence in the technologies we now depend upon? What should we be most concerned about, and how much can technology protect us? Who's responsible for responding? Are we keeping pace, or perpetually playing catch-up?

Moderator

Steven FurnellSteven Furnell (Professor of Information Systems Security, Plymouth University)

Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, an Adjunct Professor with Edith Cowan University in Western Australia, and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) - namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 250 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). He is also the editor-in-chief of Information Management & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium. Further details can be found at the CSCAN website, with a variety of security podcasts also available. Steve can also be followed on Twitter (@smfurnell).

Panelists

Nathan ClarkeNathan Clarke (Professor of Cyber Security and Digital Forensics, Plymouth University)

Nathan Clarke is a Professor of Cyber Security and Digital Forensics at Plymouth University. Prof Clarke is also an adjunct Professor at Edith Cowan University, Western Australia. His research interests reside in the area of information security, biometrics, forensics and intrusion detection and has over 180 outputs consisting of journal papers, conference papers, books, edited books, book chapters and patents. He is the Chair of the IFIP TC11.12 Working Group on the Human Aspects of Information Security & Assurance. Prof Clarke is a chartered engineer, a fellow of the British Computing Society (BCS) and a senior member of the IEEE and the author of Transparent Authentication: Biometrics, RFID and Behavioural Profiling published by Springer. Further details can be found at www.cscan.org/nclarke.

Victoria StoneVictoria Stone (South West Police Regional Organised Cyber Crime Unit)

Cyber Protect Officer Victoria Stone is currently a member of the South West Police Regional Organised Cyber Crime Unit in the South West. Victoria has performed a variety of roles within the Police, including a Serious Organised Crime Investigator in the Criminal Finance Team, the lead for Anti-Social Behaviour in Bath and North East Somerset and a Special Constable for 5 years. Victoria has been in her current role for 6 months and is part of a team that investigates cyber dependent criminality and promotes messaging designed to protect businesses, emergency services and critical infrastructure from the effects of Cyber Crime.

Peter WoodwardPeter Woodward (Chief Information Officer, Securious Limited)

Pete Woodward is the founder and Chief Information Officer at Securious Limited. He is a security expert and has a wealth of knowledge around cyber security, system architecture and networks.

Pete comes from a military background, and has worked on security projects in the public and private sectors for organisations including Devon and Cornwall Police, Met Office, Capita, BP, HP and some of the UKs largest retailers.

Pete’s experience is backed up with leading security and network accreditations, such as CISSP, CEH, RSA Security, and IPv6, along with TOGAF v9 certification.

He is also a PCI-DSS Qualified security assessor, and works on many compliance projects.

Pete cemented his passion for cyber security and founded the South West Cyber Security Cluster with the vision to establish a ‘Centre for Cyber Excellence’ in the South West.