44CON CYBER SECURITY 2015 Presentations

Presentation and Communication Skills for Security Professionals (Alternative Title: Hacking the Conversation)

Presented By: Jerry Gamblin

How you communicate in meetings, emails, presentations and hallway talks can make the difference between running a successful security program and a struggling one.

Jerry has spent the better part of the last 10 years working on being a better communicator and will share some of the tactics that have (and haven’t) worked for him with you.

track: Technical


Law Enforcement and Technology, how is the future looking?

Presented By: Ian Maxted

As law enforcement deals with the ever increasing complexities of technological growth, necessary skillsets, technical implementation and legislation can be a stumbling block not just for industry.

It is widely considered that law enforcement are typically well behind the curve when it comes to cyber criminality. Ian will look at how that appetite has changed and how industry becomes pivotal to helping the police service fulfil its guardianship status, now that the Internet is firmly in our daily lives.


Cyber Myths and Monsters: how to raise awareness and change behaviour

Presented By: Jessica Barker

Cyber insecurity often feels like a horror story, and the idea of cyber security an out-of-reach myth. The last year has seen breaches that are bigger, and of a higher profile, than ever before. When we trace these breaches back to their cause, we often find that attackers took advantage of human behaviour, via social engineering, poor password management, gaps in physical security or malicious insiders. Organisations are increasingly focused on raising cyber security awareness, and the UK government has spent millions of pounds on the Cyber Streetwise campaign, and yet we seem to be making little (if any) progress when it comes to changing behaviours.

Jessica’s talk argues that, in lots of ways, we are making fundamental mistakes when it comes to our attempts to raise awareness. Combining sociological and psychological research with mythology and classic horror fiction, this talk highlights lessons we can learn in our approach to raising cyber security awareness. Emphasising ways we can positively engage with users to change behaviours for the better, this talk aims to provoke ideas and discussions that will lead to awareness-raising programmes that are focused on what the user needs to know, and how we should be telling them, to achieve the most impact and make cyber security less of a monster.


Not following the herd – how to make your voice matter in the corporate world

Presented By: Quentyn Taylor

First Quentyn will look at how to make your voice heard and relevant to a modern fast paced business. He will look at building a security message and making it count, challenging commonly held perceptions in risk and always being aware of the echo chamber.


Pitfalls of Public Cyber Data

Presented By: Phil Huggins & Ernest Lee

There are increasingly many data-driven cyber reports published and these are being relied upon to support strategic cyber decision-making in organisations. In order to conduct a meta-analysis of reported cyber data to support the development of a strategic cyber threat assessment at Stroz Friedberg we reviewed the quality of available data and reports. Here we will highlight some of the pitfalls inherent in these sources that should be considered when using them and makesome recommendations for the publication of data-driven cyber reports.


Legal Drivers in Cyber Security: Many or None?

Presented By: Dai Davis

What are the real drivers for Cyber Security? Certainly not the Data Protection legislation, which, while theoretically being enforceable with a fine of up to £500,000, is rarely enforced. Most breaches of that legislation go unnoticed, let alone invoke a sanction. Most businesses will retort that they are concerned about their reputation, but does the truth match the perception? Dai explores the dangers of lack of security and what businesses can and do suffer as a result of lack of security. Criminal sanctions in the form of the Computer Misuse Act, 1990 are examined as is the civil fining regime of the Data Protection legislation. There is also the possibility under this latter data protection legislation for an aggrieved individual to claim damages, but as Dai shows, this also is a theoretical rather than a practical remedy. Dai examines the purely economic risk of “loss of reputation” as well as the special case of businesses falling under the remit of the Financial Conduct Authority. Dai will also examine the implications of lack of security in the Internet of Things and whether there are legislative or other drivers to make the Internet of Things secure.


Security from Necessity

Presented By: Joe Goodings

How working for Greenpeace has influenced my thoughts on information security.  I set out these ideas and give a small case study showing them in operation. Then open up for discussion on the pros & cons of the approach.


The current picture (literally) of European Cyber Crime

Presented By: Kevin Williams

Kevin will present data from Team Cymru that gives an insight into the current real threats against the UK in conparison to the rest of Europe.