11.00 - 12.00
Topic: Developing and implementing a playbook to respond to a ransomware attack Synopsis: During this workshop participants would actively participate in developing incident response plan on strategic tactical levels, covering impact assessment, response team assembling and coordinating, Public Relations and communication plan, containment measures, payment considerations (insurance, legal, ethical), recovery. All aspects would be illustrated with case studies. The main takeaway would be a complete playbook ready to be implemented in participants' organizations. Target Audience: Information security analysts, data protection professionals, IT security professionals, security awareness specialists. In a wider sense it would be valuable for those with both technical and non-technical responsibilities within the information security areas of competence.
Workshop leader

Jelena Zelenovic CISO of the year Europe and winner of The Global Cyber Sentinel Award Winner for immense contribution to cybersecurity domain globally

Dr. Viktor Polic CISO, Head of Information Security and Assurance Services, International Labour Organization

12.15 - 13.15
Topic - 360 Degree cybersecurity roadmap for the organizations Synopsis: Step-by-step process and methodology for Cybersecurity Roadmap. Way Forward to ensure a 360-degree view of an organization's cybersecurity posture that provides a strategic plan for their Boards and Senior Leadership Target Audience: Boards and CEOs, CxOs of Organisations, Cybersecurity Professionals
Workshop leader

Syed Abdul Qadir Executive Director | Technology Consulting and Cyber Risk Assurance A. F. Ferguson & Co. Chartered Accountants (a member firm of the PwC network)

13.30 - 14.30
Topic: Cybersecurity for connected & Autonomous vehicles
Synopsis: Cybersecurity for autonomous vehicles is a critical concern because of the sensitive information and threat of hacking, it is important to secure the connected infrastructure. Learn in this workshop smart solutions to mitigate risk and evolve your cybersecurity landscape
Target Audience:
  • Autonomous Connected car professionals - Software Developers.
  • Product and Business Development Executives.
  • Information Security Specialists.
  • Business Intelligence Analysts/Specialists.
  • Data Analytics Specialists.
Workshop leader

Prof. Muhammad Khurram Khan Professor of Cybersecurity, King Saud University

14.45 - 15.45
Topic: Paradigms of Forensic Intelligence in Cyber Ecosystem Synopsis: The rapid growth of emerging technologies not only opened formidable opportunities, but it has also extended the cyber-threat and attack landscape. This session will discuss the overview and importance of intelligence in digital forensics for investigating & attributing different threat adversaries along with the emerging cyber threats in information security and how these can be countered and analyzed with the help of digital footprints & forensics. A simple approach with the case study perspective which can emphasize the area of cyber security. Government Officials, CISOs, Law Enforcement Agencies, Investigating Agencies, Forensics Services and Threat Intelligence Service Providers, SOC professionals, etc.
Workshop leader

Dr. Deepak Kumar Sr. Cyber Intelligence & Digital Forensics Expert, India

16.00 - 17.00
Topic: Your facility must be correctly prepared for a Cyber Attack Synopsis:During this workshop participants would learn how to protect facilities from Cyber Attacks. It will cover the below points:
  • Introduction on the main ICS-OT applications
  • External & Internal attacks: MitM, DOS, DDoS, GPS
  • Step by step attack on industrial plants
  • Use of IDS, UGW, Sensor level inspection
  • Conducting Secure Maintenance for ICS
  • Principal Introduction to BCP, DRP and IR
  • Cyber-attacks on ICS operations in past decade
Target Audience: Cybersecurity professionals from energy, oil & gas, utilities, manufacturing industries
Workshop leader

Daniel Ehrenreich Consultant and Lecturer – Cyber Security, Secure Communications and Control Experts, Israel

11.00 - 12.00
Topic: Securing the Banking Institutions with Next Generation Technologies. Synopsis: Financial institutions have a particular set of challenges when it comes to cyber security since hackers frequently target them. To their right, a lot of citizens are concerned about exposing their business to a security breach as well as the larger financial system. Because of these worries, some people are hesitant to adopt new technologies that will help them maintain their competitiveness. However, I don't think financial institutions should have to pick between security and innovation. For them to keep ahead of banking innovation and enhance their security, a strong strategy and robust system would be developed to safeguard current financial cyber security risks. Below are some suggestions I have for improving how financial institutions manage their risk from cyber-attacks.
  • Financial Institutions Cyber security Regulatory, which evaluates current regulatory and oversight procedures, including cyber security laws, rules, guidelines, and other important process on cyber security for the financial Institutions.
  • Establishing coordination mechanisms, similar to those in place for financial stability, between organisations involved in regulating and monitoring cyber-risk and the financial sector authorities.
  • In order to make the appropriate business choices, several countries require financial institutions to adopt an ICT strategy, New Technology (SOC ,SOAR)and risk management framework, including incident response plans with a clear chain of command. An information security officer must be appointed in some nations.
  • Encryption and key management can get complicated quickly, It is the final layer of your defence. if you have a data breach, in many cases if you can prove the data was properly encrypted and the keys were not compromised, you may not be required to worry about the breach.Options for database encryption include column level, tablespace or dataspace level, and file level. Another option for data at rest is whole disk encryption .
  • Defence of Financial Institutions networks and the creation of offensive tools to combat cyber threats have been the Financial Institutions main priorities. However, the global economy is still quite susceptible to cyberattacks from outside threat actors.
  • Cyber insurance is a crucial component of a cyber security strategy since it ensures that a company will be financially safe in the case of a cyberattack. Cyber insurance brokers not only alert clients of violations to keep legal expenses in check but also to ensure that businesses abide by data breach laws. Additionally, cyber insurance will assist in covering the cost of repairing broken systems and restoring lost data.
  • Consumer awareness is one of the crucial elements in which the customer must be made aware of the need of keeping user credentials private. In the event of any suspicious developments in their business or bank account, they should provide testimony to the cyber security unit as soon as feasible.
Target Audience: LEA’s(Law Enforcement Agencies), Critical Infrastructure, Para Military, Defence Personal & Strategic areas professionals
Workshop leader

Dr.(Prof.) Nishakant Ojha Chief Strategic Officer, Broadcast Engineering Consultants India - A Govt. of India Enterprise under Ministry of Information & Broadcasting, India

12.15 - 13.15
Topic: Cyber Intelligence: A Force Multiplier Synopsis: With cyber intelligence, organizations have a powerful tool in their arsenal. This workshop provides an understanding and appreciation of cyber intelligence to support organizational missions, decision-making, and posturing organizations to discover and defend against current and emerging threats. Emphasis is placed on collection methodologies, information sharing, collaboration, and tailoring of intelligence products. Dr. Paul de Souza will work with the audience to answer and grasp the following question: What are the benefits of using cyber intelligence for cyber defenders?

You will learn the following:
  • The value of cyber intelligence in supporting organizational missions and decision-making.
  • Familiarity with collection methodologies used in cyber intelligence (Active and Passive collections operations).
  • The role of cyber intelligence in discovering and defending against current and emerging threats.
  • The use of cyber intelligence in incident response and threat hunting.
  • The importance of intelligence dissemination.
  • The importance of intelligence in the cyber security field.
  • Human Intent
Workshop Methodology: The participatory methodology focuses on networking, clustering, and team-building among participants, innovation through interaction and creativity techniques, sharing of information, knowledge generation, engagement of the stakeholders, and fostering of working groups. Target Audience:
  • Information security professionals
  • Intelligence analysts
  • Law enforcement officers
  • Government officials
  • Business executives and managers
  • I.T. personnel
  • Students and academic researchers in relevant fields.
Workshop leader

Dr. Paul de Souza President & Founder, Cyber Security Forum Initiative (CSFI) USA

13.30- 14.30
Topic: Preventing Privacy By Design to Become A Privilege Synopsis: Privacy is a theme that has remained consistent throughout history across all human societies regardless of culture, religion, or ethnicity. It has been an area professed by religious scriptures and the human intelligentsia. However, with an increased transformation of societies alongside the digital sphere, we are observing increased privacy risks caused by the overcollection and processing of personal data. The privacy subject matter experts have advocated the need to bake privacy into the design as a fundamental ingredient rather than dressing it up on an established product or service. However, organizations are still battling with the challenges of adequately embedding privacy into the design aspects of the developed product or service. Baking Privacy into the design is much more than just integrating privacy into the different phases of the systems’/software development lifecycle. It is more about performing a thorough assessment of the possible privacy violations that can take place and how they can harm individuals in regard to their well-being and social liberty. Currently we are collectively standing at crossroads where the abstract nature of privacy controls and principles create cushion for threat actors to circumvent the privacy. There is therefore a dire need to add more nuance to the privacy controls which are verifiable and capable of being objectively assessed otherwise we may run into a territory where Privacy by Design may be reduced to a privilege. Short synopsis With an increased digital transformation of societies alongside the digital sphere, we are observing increased privacy risks caused by the overcollection and processing of personal data. Privacy subject matter experts have advocated the need to bake privacy into the design as a fundamental ingredient rather than dressing it up on an established product or service. However, organizations are still battling with the challenges of adequately embedding privacy into the design aspects of the developed product or service. The objective of today’s workshop is to understand the challenges around baking privacy into personal data processing and how it can culminate into situations where Privacy by design may only remain a privilege to be exercised by specific organizations. Software Developers, Product and Business Development Executives, Information Security Specialists, Business Intelligence Analysts/Specialists, Data Analytics Specialists.
Workshop leader

Muneeb Imran Shaikh Data Privacy Manager, Saudi Credit Bureau

14.45 - 15.45
Topic: Threat modeling exercise: a one-hour ransomware risk assessment workshop Synopsis: This workshop will help participants understand the risks associated with ransomware and take a proactive approach to mitigate those risks. By focusing on the assets they want to protect, the threats they face, and the controls they have in place, participants can develop a more comprehensive and effective strategy for protecting their organizations from ransomware attacks. Each table of participants will develop their own list of below 7 items. Groups will be given 35 minutes to come up with ideas for the 7 important topics below. Afterward, we will be taking it up and concluding on the most important points brought up.
  • Identify assets
  • Identify threats
  • Identify controls
  • Prioritize assets
  • Evaluate controls
  • Develop mitigation strategies
  • Group discussion
Target Audience: Information security analysts, data protection professionals, IT security professionals, security awareness specialists. In a wider sense it would be valuable for those with both technical and non-technical responsibilities within the information security areas of competence
Workshop leader

Jelena Zelenovic CISO of the year Europe and winner of The Global Cyber Sentinel Award Winner for immense contribution to cybersecurity domain globally

Dr. Viktor Polic CISO, Head of Information Security and Assurance Services, International Labour Organization

16.00 - 17.00
Topic: Understanding SMBs in Your Supply Chain Overview: The small businesses in your supply chain are gateways to your critical data. Are you aware of the policies and procedures your suppliers have when dealing with cyber incidents? Do you have methods of verifying that they do indeed follow these policies and procedures? This workshop will walk you through how the Cyber Readiness Institute has worked with large corporations to set and verify base level cybersecurity requirements for the small and medium sized businesses in their supply chain. We will cover lessons learned, best practices, and how to create these standards for your organization. Methodology: Presenters will walk through how to understand the level of security they have within their supply chain, how to create frameworks, how to educate, and why re-assessment is critical. This workshop will primarily be focused on how a larger organization can assess their supply chain security, but will have a unique first hand SMB perspective provided by both CRI and partners. Top 3 key takeaways from the workshop:
  • Fundamental Cyber Security
  • Importance of Frameworks
  • Setting Reasonable Goals and Expectations
Target Audience: Larger organizations (private and public sector)
Workshop leader

Lessie Longstreet Global Director of Outreach and Partner Engagement, Cyber Readiness Institute(US)

Dragan Ninić Member of Board of Directors, BIT Alliance, Sarajevo, Bosnia and Herzegovina

09:00 - 13:00
JOE GRAND'S HARDWARE HACKING BASICS – SESSION 1 LAPTOP: Attendees are required to bring a laptop containing Windows 7 or greater w/ administrator access and at least one USB type A socket. The following software will be installed: ABSTRACT: Interested in hardware hacking, but don't know where to start? This workshop covers the basic techniques you'll need for hacking modern embedded systems, including soldering/desoldering, circuit board modification, signal monitoring/analysis, and memory extraction. It is a shortened version of Joe Grand's 2-day training class, which premiered in 2005 and is the longest-running hardware hacking training of its kind (http://www.grandideastudio.com/portfolio/hardware-hacking-training/). No prior hardware, electronics, or security experience is required. OUTLINE: * Overview/Introduction
- Workshop Goals
* Soldering/Desoldering
- Soldering through-hole resistor
- Desoldering surface mount component
* Circuit Board Modification
- Cut circuit board trace to fix problem
* Signal Monitoring/Analysis
- Capture/analyze UART communication from MCU using logic analyzer
- Interact with target device through the UART interface
* Memory Extraction
- Extract memory contents of EEPROM device
* Open Lab
Workshop leader

JOE GRAND USA Joe “Kingpin” Grand a legend in the cyber community

13:00 - 17:00
JOE GRAND'S HARDWARE HACKING BASICS – SESSION 2
Workshop leader

JOE GRAND USA Joe “Kingpin” Grand a legend in the cyber community