View Agendas and Register
Thursday 27th June: Cracking the Code: The Role of Programming in Information Security and Why Do We Do What We Do? A Motivational Talk
Speakers: Mark Baggett and Justin Parker
17:30 – 18:00
Registration and Drinks18:00 – 19:00
Presentation: Cracking the Code: The Role of Programming in Information Security presented by SANS Fellow Instructor Mark Baggett19:15 – 20:15
Presentation: Why Do We Do What We Do? A Motivational Talk presented by SANS Certified Instructor Candidate Justin ParkerAbstracts:
Cracking the Code: The Role of Programming in Information Security
In this presentation, we'll explore an unpatched vulnerability within Windows, one that attackers can likely exploit to bypass your defenses. Through the lens of this attack, we'll address a significant question: "Are programming skills a requisite for excelling in the field of information security?"Recent research indicates that approximately 20% of entry-level positions in information security demand proficiency in programming. Yet, the ongoing debate in online forums highlights the uncertainty surrounding the necessity of coding skills. Join me as we navigate through this discussion, examining the intricate relationship between coding expertise and achieving success in the realm of information security.
Why Do We Do What We Do? A Motivational Talk
Adversaries carrying out cyber attacks can have a range of motivations. Understanding these motivations enables network defenders to prioritize their limited time and resources. The development of accurate adversary models describing their underlying motivations significantly improves threat modelling and risk assessment activities, while enhancing support to decision makers. This talk will describe analysing human and organizational motivations to support cyber threat intelligence.Thursday 4th July: Effective ICS/OT TTX Design & Facilitation and Using Machine Learning to Reduce the Alert Fatigue
Speakers: Mike Hoffman and Nik Alleyne
17:30 – 18:00
Registration and Drinks18:00 – 19:00
Presentation: Effective ICS/OT TTX Design & Facilitation presented by SANS Certified Instructor Mike Hoffman19:15 – 20:15
Presentation: Using Machine Learning to Reduce the Alert Fatigue presented by SANS Principal Instructor Nik AlleyneAbstract:
Effective ICS/OT TTX Design & Facilitation
This talk provides insights into designing and executing Tabletop Exercises (TTX) for Incident Response in Industrial Control Systems (ICS) and Operational Technology (OT) environments. It stresses the importance of testing plans, tailoring incident response strategies, and understanding the threat landscape. Key components of an ICS/OT IR plan, such as preparation, identification, containment, eradication, recovery, and lessons learned, are highlighted. Additionally, it emphasizes the significance of TTXs in testing IR capabilities, complying with regulations, and addressing specific challenges unique to ICS/OT environments. The talk covers participants, facilitation methods, scenario design considerations, and post-exercise evaluations to maximize the benefits of TTXs and enhance organizational resilience.Using Machine Learning to Reduce the Alert Fatigue
Most enterprises today have a number of security tools to support their security operations. In many cases, these tools have a view of what they think are bad and thus produce a large number of alerts. The problem is, the majority of these alerts tend to be false positives rather than true positives. Using machine learning, we can identify those alerts which are more likely to be true positives, thus expending more energy towards these alerts. In this session, we will discuss how you can leverage the SOAR, the SIEM (or any other security tool), Threat Intelligence and case management platforms, to build a machine learning model to aid with reducing the alert fatigue.