CRESTCon UK Streams

With a focus on penetration testing, incident response and threat intelligence, there are 3 streams at the event and delegates are free to move between them.

  • Stream 1 will focus on penetration testing (techniques, tools and war stories)
  • Stream 2 will focus on threat intelligence
  • Stream 3 will focus on incident response & awareness

Tickets to this year’s event are free. To register please click here: https://crestcon2020.eventbrite.co.uk

Book CRESTCon UK 2021 Tickets

Stream 1  Penetration Testing

09:00 – 09:40    Welcome and overview: Ian Glover, President, CREST

09:45 – 10:15    Keynote: A UK Government Perspective on Cyber Security, Tracy Buckingham, Deputy Director Security and Cyber Security Exports, Department for International Trade. UKDSE

 Tracy will give the audience the perspective of someone working in central government on the UK Government’s approach to cyber security and provide some insight into the UK’s approach to cyber policy.

 

Tracy Buckingham joined the Ministry of Defence in 1985 and spent her early career covering a  range of roles including Assistant Private Secretary to MOD’s Permanent Under Secretary; developing the ‘Policy for People’ and developing and implementing new performance management and corporate governance regimes based on use of the Balanced Scorecard.  In 2003 she became responsible for military operations in support of the UK’s civil emergency services, and in 2006 she moved to the Defence Equipment and Support organisation where she helped to set up the Future Submarines (now Dreadnought) Programme.

Tracy joined the UKTI Defence and Security Organisation (DSO) in 2011 where she has undertaken a range of roles including leading on exports to North America, Australia and New Zealand.  She is currently a Deputy Director in DIT Defence and Security Exports leading on Security and Cyber Security Exports.

10:20 – 11:05  SCADA/ICS Security AD 2020 – Do We Learn From Our Mistakes? : Aleksander Gorkowienko, Senior Managing Consultant, Spirent Communications

Aleksander Gorkowienko will discuss a threat landscape and up to date technical and procedural vulnerabilities associated with Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition). ICS is used in power generation, plants, transport systems, aircrafts and other places where some of the most critical systems are running. Securing control systems is a significant challenge as many vulnerabilities in ICS/SCADA are not only associated with core protocols but also specific to products, network architecture and also weak processes. Sometimes a seemingly minor pitfall could lead to relatively quick and easy exploitation and, in effect, potentially disastrous consequences. During the talk, the speaker will provide an overview of techniques used for attacking ICS/SCADA (protocols, vulnerabilities related to PLCs, network components, servers and workstations, applications).

Aleksander Gorkowienko is a qualified IT professional with over 20 years of practice in business, working in numerous industry sectors. During the last 10 years his primary focus has been on cybersecurity, cyber resilience and ethical hacking. Aleksander is also a practitioner, delivering penetration testing services and cybersecurity training for many years. He is a senior consultant and a part of the Spirent SecurityLabs team, developing their services and capabilities in the UK and across the EMEA region. He is also conducting cybersecurity research projects in areas of industrial control systems (ICS/SCADA), IoT and medical devices. Aleksander believes that cybersecurity is never a one-time action – it is a continuous process which engages the whole organisation on all levels and requires all employees to be confident of dealing with modern cyber threats.

11:05 – 11:20    Coffee Break

11:20 – 12:05    Click Here for More Information: Matt Lorentzen, Principal Consultant, Cyberis

This presentation demonstrates how modern communication has evolved to be fast paced and emotive. The constant demands on our time mean that we don’t always have the space to fully evaluate things that appear in front of us, and on that basis quickly appraise the legitimacy of things, often unconsciously. Understanding how language effects these decisions can help to slow some of that appraisal down and ultimately, whether we chose to interact with what we see in our inbox.

Matt Lorentzen has over twenty years IT industry experience working within government, military, finance, education, and commercial sectors. He is a principal consultant at Cyberis and the adversary simulation lead delivering simulated attack services and penetration testing to a diverse range of clients. Previously Matt worked for Trustwave SpiderLabs as the EMEA red team lead and worked across Europe and ASIA delivering simulated attacks into the financial sector. He delivered training and cyber range simulation projects to the commercial and financial sectors in the UK and ASIA.
Prior to Trustwave, Matt was a CHECK team leader and part of the security division within HP Enterprise Services delivering into global HPE accounts and partners. Early on in his career Matt ran his own IT consultancy company for seven years which delivered network infrastructure projects to the commercial and education sectors.
Matt has spoken about security challenges and open-source projects at CRESTCon ASIA, CRESTCon UK, 44CON London, OWASP chapter meetings, RSA and has presented at various university and IT events.

12:10 – 12:55    The Whistle stop tour of aviation security – Ken Munro, Partner, Pen Test Parters

The presentation will focus on a whistle stop tour of aviation security, covering security issues in aeroplanes, avionics, IFE and the various connected systems that pilots, planes and ground operators interface with.

Ken Munro is a security entrepreneur and industry maverick that has worked in infosec for over 15 years. After studying Applied Physics he tried his hand in the hospitality industry but soon discovered a talent for hacking, persuading a till to print out mortgage amortisations. He went on to cut his teeth in the anti-virus industry before founding SecureTest, a penetration testing business that quickly established a reputation for delivering high spec services using a boutique business model. NCC Group recognised the value of the proposition and acquired SecureTest in 2007. But Ken had found his calling and his penchant for pen testing saw him set up Pen Test Partners in 2010 which now boasts some of the best ethical hackers in the business, each of whom has a stake in the firm.

12:55 – 13:30    Lunch

13:30 – 14:15    The value of continuous auditing in Zero Trust architecture and risk-based situational awareness: Keith Driver, CTO, Titania

Penetration testing has matured over the years from its beginnings as an ad hoc process to become a vital component in assuring Applications, Data, and Networks meet compliance and security standards.  Security architectures have become more sophisticated, adapting to the business environments and technology advancements.   The ubiquity and heterogeneous nature of network equipment, hybrid cloud environments and externally hosted SaaS applications complicate the security model and provide an increased attack surface.  The presentation will explore the role of continuous audit as a foundational component of penetration testing and its value underpinning the Zero Trust architecture and providing a risk-based situational awareness to network owners.

Keith Driver joined Titania as CTO in 2019 from his position as Engineering Fellow and CTO Cyber at Raytheon UK. He has a distinguished career in the telecommunications and security industry as a technology leader and board member in a variety of SME and large organisations, delivering revenue growth and technical advantage though strategy definition and innovation. He has worked with commercial, defence and government sector customers globally, spoken at global conferences and founded his own consultancy

14:20 – 14:50  The pitfalls, gotchas and recipes for success in building high quality Red Team Exercises: Rupert Collier, VP Sales EMEA/APAC, RangeForce

Rupert Collier will chair an expert panel of industry specialists who have spent a lot of time scoping, creating and operationalising red team focussed exercises. Training ethical hackers is a complex process with a lot of grey areas. RangeForce technical gurus Ben Langrill, Daniel Limanowski and Kert Ojasoo will explain how they have typically gone about putting together individual training modules and group exercises in the realm of penetration testing and vulnerability scanning.

14:50 – 15:05    Coffee Break

15:05 – 15:35    Data Centric Security: Nigel Thorpe, Technical Director, Secure Age

The world of cybersecurity is still very centred on the real world. We check everyone’s identity; we watch entry points for attacks; we monitor activity for illicit behaviour; we put fences around information; and we try to identify the most important data to store in secure vaults. But still, there’s almost daily reports of successful cyberattacks. It’s time to stop simply putting up more barriers and to focus security on the data. Encryption has been around a long time and is well suited to building security right into information itself. But the likes of Full Disk Encryption or Transparent Data Encryption don’t protect all of the data all of the time. And using data classification across an enterprise to pick important information is always going to leave gaps. Building security right into data using encryption should be the last line of defence.

This session will look at the merits of a data-centric approach for security and how penetration testing must extend into scenarios where data is successfully stolen. It will also look at some recent breaches and explore how they could have been mitigated with security built into the data itself.

Nigel Thorpe is technical director at SecureAge and from a software development background, started his career in IT security with Entrust Technologies in the early days of PKI. His mission at SecureAge is to help organisations take a data-centric approach to information security. 

15:40 – 16:40    apt-get CREST CPSA/CRT: Costas Senekkis, Penetration Testing Team Lead, ICSI Ltd

This session we will take the stress out of exam preparation by showing you how to approach the subject and tackle the material in a systematic way that will optimise your studying process and help you achieve the best possible results.

Costas Senekkis leads the Penetration Testing team at ICSI Ltd, a CREST accredited training provider.

He is passionate about digital security in general and Linux security in particular. As an experienced pen tester and security consultant, his excellent track record includes pen tests in several countries from the UK to Singapore.

He is currently cooperating with various corporate clients, helping the management understand the risks associated with a lack of cybersecurity awareness among their own non-technical computer users. Given that human vulnerability is the weakest link in any data security infrastructure, he helps companies develop a culture of security awareness to minimise the ever-growing risk of a potential data breach.

16:50 – 17:00    Closing Address: Ian Glover, President, CREST

CRESTCon UK 2021 Tickets

Stream 2  Threat Intelligence

09:00 – 09:40    Welcome and overview: Ian Glover, President, CREST

09:45 – 10:15    Keynote: A UK Government Perspective on Cyber Security, Tracy Buckingham, Deputy Director Security and Cyber Security Exports, Department for International Trade. UKDSE

 Tracy will give the audience the perspective of someone working in central government on the UK Government’s approach to cyber security and provide some insight into the UK’s approach to cyber policy.

 

Tracy Buckingham joined the Ministry of Defence in 1985 and spent her early career covering a  range of roles including Assistant Private Secretary to MOD’s Permanent Under Secretary; developing the ‘Policy for People’ and developing and implementing new performance management and corporate governance regimes based on use of the Balanced Scorecard.  In 2003 she became responsible for military operations in support of the UK’s civil emergency services, and in 2006 she moved to the Defence Equipment and Support organisation where she helped to set up the Future Submarines (now Dreadnought) Programme.

Tracy joined the UKTI Defence and Security Organisation (DSO) in 2011 where she has undertaken a range of roles including leading on exports to North America, Australia and New Zealand.  She is currently a Deputy Director in DIT Defence and Security Exports leading on Security and Cyber Security Exports.

10:20 – 11:05    Intelligence-Enriched Threat Hunting and Incident Response: Ana Pereu, Intelligence Consultant, Julia Buckingham, Intelligence Consultant; Ailsa Wood, Digital Forensics and Incident Response Senior Consultant, AON

The key benefits of intelligence-gathering include: helping to determine an initial attack vector and point of entry; identifying indicators of compromise via proactive research and pivoting; determining attack attribution and threat actor analysis; and understanding the threat landscape in a certain industry or country overall. These details can guide and focus the threat hunter’s or IR investigator’s work on certain types of activity and indicators, making the process far more efficient and effective.

Ana Pereu is a Consultant in the Intelligence Group of Aon’s Cyber Solutions, focusing largely on investigative research relating to financial crime, identity resolution and sanctions exposure, as well as threat intelligence. Prior to joining Aon’s Intelligence team, Ana was part of the Due Diligence and Strategic Research at Stroz Friedberg, which was subsequently acquired by Aon.

Ana holds a bachelor’s degree from NYU and a master’s degree from University of Cambridge. She is a Certified Money Laundering Specialist and has also completed various threat intelligence and open source research trainings, including QA’s five-day OSINT bootcamp. She speaks English, Romanian, Russian and Spanish, and has a working knowledge of French and Portuguese.

Julia Buckingham is a Consultant in the Intelligence Group of Aon’s Cyber Solutions, providing threat intelligence, due diligence and investigative research. During her time at Aon, her experience focused largely on conducting analysis across the open, deep and dark web to identify active and potential risks to clients.

Prior to joining Aon, Julia was a university lecturer and a translator for clients including the United Nations and businesses in the legal, financial, pharmaceutical and energy sectors. She holds a bachelor’s degree from the University of Oxford and a master’s from the University of Westminster. She holds the CREST Practitioner Threat Intelligence Analyst and the GIAC Information Security Fundamentals certifications. She speaks English, French, Spanish and German and has a working knowledge of Italian.

Ailsa Wood is a Senior Consultant in the Digital Forensics and Incident Response team at Aon’s Cyber Solutions. She commonly works as a technical consultant on digital investigations for a variety of civil litigations, criminal matters, internal and regulatory investigations, and cyber crime response efforts.

While she is active in all aspects of this work, Ailsa has a particular interest in malware and reverse engineering. She holds a bachelor’s degree in Mathematics from the University of Edinburgh and a master’s degree in Mathematics of Cryptography and Communications from Royal Holloway, University of London. She is a GIAC certified GCFE, GCFA, GCIH, and GREM.

11:05 – 11:20    Coffee Break

11:20 – 12:05    The Inner Workings of Cyber Defenders: Mark Vaitzman, Cyber Threat Analyst & Nethaniel Ribco, Senior cyber threat intelligence analyst, Cyberproof

In this presentation, we will go through key scenarios of top attacks we’ve seen and how different security teams across CTI, IR, Threat Hunting and Engineering worked together to mitigate these. We’ll also share key attacker techniques that relate to the incident lifecycle for each scenario and share some take away points on what other security teams can learn from this to better improve their threat detection and response processes.

Mark Vaitzman has a degree in Computer Science and Management and is a senior cyber security analyst at CyberProof, located in Israel, and is heavily involved in investigating and countering nation-state threat actors. He is also a lecturer in Israel’s national cyber program for teenagers before their military service. Mark has deep understanding of information technology, and specializes in investigating and reporting on targeted attacks. Before CyberProof, Mark was the security services manager and CSIRT team lead at Nyotron, an innovative EDR vendor.

Nethaniel Ribco is a senior cyber threat intelligence analyst, located in Israel, where he monitors the clear, deep and dark web sources to detect threats to clients around the world. With deep experience in fighting cyber crime, Nethaniel specializes in getting access to closed forums and black markets for intel gathering and communicating, mitigating and remediating vulnerabilities that clients need to fix before they’re compromised. Nethaniel can speak multiple languages including Spanish, Hebrew and English and has more than 5 years of experience in dark web and threat intel research .

12:10 – 12:55    I Can’t Get No Stakeholder Satisfaction – Optimising Feedback in the Intelligence Lifecycle: Dr Jamie Collier & Rebecca Simpson, FireEye Mandiant

Cyber threat intelligence (CTI) can be utilised by stakeholders across an organisation, ranging from security operation centre analysts to senior leadership. This is no easy task and few CTI functions will realistically satisfy the needs of all their stakeholders from day one. With time, however, a CTI function can provide essential insight across the entire security function. Active and regular engagement with those consuming intelligence represents one of the most effective ways to increase the value of CTI. This talk will explore the role and value of feedback before offering actionable advice to help security functions optimise feedback within the intelligence cycle.

Dr Jamie Collier is a Cyber Threat Intelligence Consultant at FireEye. He was previously the Cyber Threat Intelligence Team Lead at Digital Shadows and has completed a Ph.D. in cybersecurity at the University of Oxford where he remains active as a research affiliate with the Centre for Technology and Global Affairs. Jamie was previously based at MIT as a Cyber Security Fulbright Scholar and has experience working with the NATO Cooperative Cyber Defence Centre of Excellence, Oxford Analytica, and PwC India.

Rebecca Simpson is a Senior Intelligence Enablement Manager at FireEye. She helps clients to consume relevant threat intelligence and understand the intelligence requirements and needs of different business units. Rebecca originally joined iSIGHT Partners in 2015 to look after their Intelligence subscribers. Since the merge with FireEye & Mandiant took place, Rebecca has looked after the EMEA customer base for nearly 6 years. In her personal time, Rebecca is an Open University student, in her penultimate year of a degree in Forensic Psychology.

12:55 – 13:30    Lunch

13:30 – 14:15    TBC

14:20 – 14:50    The use of Threat Intelligence in Incident Response – a case study on how TI can help support a more effective IR process and help speed up recovery: Bence Horvath,  Leanne Salisbury & Sergiu Sechel, EY

This presentation aims to present an anonymised case study the EY Team has recently worked on and to discuss the use of Threat Intelligence within the Incident Response process. Bence, Leanne & Sergiu will discuss how TI can be used to – predict infection patterns, assess the possibility of re-infection and how the analysis provided by TI providers can help with containment and to accelerate recovery.  A key focus of the presentation will be a showcase on how simplifying telemetry information helped cut through the initial confusion of the early response process, and avoided the risk of forming incorrect conclusions. A demo of part of a toolset for central daily reporting and risk mitigation, and show how they pulled together information from all relevant parties (e.g. external providers, incident managers, legal, business units, technology, and 3rd parties) to a “single source of truth”, to provide a quick, easy, flexible and visual representation of the current state to key stakeholders.

Bence Horvath is a seasoned cybersecurity executive focused on next-generation cyber defense and intelligence-led offensive operations. Bence works currently as a Director at EY based in the UK, leading the Next-Gen Security Operations, Response & Advanced Testing Pillar of the firm’s Cybersecurity Consulting division. He has an MBA from ie Business School, an M.Sc. in business information systems from the Corvinus University, and holds CRTIA, CISSP and CISM certifications. His background includes working in telecommunication, aerospace and defense, financial services and consulting.​

Leanne Salisbury is an experienced threat intelligence professional focused on intelligence-led cybersecurity. Leanne is currently a Senior Manager in the EY EMEIA Technology Consulting practice based in the UK, leading the development of the threat intelligence strategic offering for financial services clients. Her background includes defence intelligence, UK government, London 2012 and critical national infrastructure both in Europe and Oceania. She holds a Master of Arts (MA) in English from City University, Prince 2, Institute of Leadership and Management (ILM) and various HM Forces accredited intelligence qualifications.

Sergiu Sechel is a cybersecurity researcher focused on cyber resilience. Sergiu works as a Manager at EY-Parthenon based in UK, helping clients deal with cybersecurity at a strategic level. He worked as a subject matter expert in +25 large scale incidents ranging from big-game ransomware to APTs (Lazarus, APT28, APT29, APT31 and SilverFish). He has a PHD in computer sciences, and holds the CISA, CISM, CRISC, CFE, CEH, CBP, CSSLP, CDPSE, GICSP, GPEN, GWAPT, GCFA, GNFA, GASF, GCTI, GREM and PMP certifications.

14:50 – 15:05    Coffee Break

15:05 – 15:35    Open Source Intelligence (OSNIT) and its use in incident investigation: Laveena Shetty, Cyber Threat Detection & Response Analyst, BDO UK LLP

OSNIT is about uncovering and processing vast amounts of publicly available information and converting that information into actionable intelligence. For Blue Teamers, this intelligence is vital to detecting threats to their environment, and responding by deploying appropriate mitigation techniques. This presentation focuses on how the often underestimated, yet valuable OSNIT, could add value in the incident investigation process.

Laveena Shetty is a Cyber Threat Detection & Response Analyst at BDO UK LLP. She works in the Detect and Response team of the CISO office, and is responsible to ensure timely and effective management of security events and incidents, investigate cyber incidents, identify root cause, follow up actions to avoid recurrence and ensure all identified incidents are managed to a satisfactory conclusion.

15:40 – 16:10    The importance of threat intelligence in monitoring your third party risk: Karla Reffold, COO, Orpheus Cyber

Third-party risk is gaining more attention as we see more attacks originating within the supply chain. Almost all the solutions for managing this risk ignore threat intelligence. Karla will talk about how to integrate threat intelligence as part of the solution and the importance of doing so.

Karla Reffold is an experienced business owner and leader. Karla has experience running businesses in recruitment, ecommerce and cybersecurity. With an international network in cybersecurity, Karla is passionate about values-led leadership and people development.

Karla founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. As a Director for Nicoll Curtin, she expanded the company further before moving to the US to accelerate growth of the American business. In 2020 she joined Orpheus Cyber as COO. Orpheus are a threat intelligence company with a SAAS platform that helps organisations manage their own risk, and that of their third parties, with an easy to understand cyber risk score.

Karla is a judge for The Cyber Security Awards, The National Cyber Awards and The American Cyber Awards. She is the host of industry interviews on the Cyber Talks media platform and the Zero Hour Podcast. She is also an experienced speaker, on the topic of cyber security and women in technology. Her views are often sought and published on this subject, as well as entrepreneurship.

Karla was included in SC Magazine’s Top 50 Women in Security in 2019. She was a finalist at the Women of the Future awards in 2016, for Entrepreneur of the Year and a finalist in The Future Ladies Awards for Mentor of the Year in 2019. Under her leadership, BeecherMadden have won the Cyber Security Recruitment Company of the Year in 2019, and been shortlisted for a number of awards for their recruitment services.

16:15 – 16:45    The threat lurking in the shadows: Robert A. Moody, cyber threat intelligence and digital forensics expert Home Depot

In the ever changing cyber threat landscape, the topic of ransomware has always been a threat lurking in the shadows. For those who have experienced the harassing and offensive ransom demands made by the organized crime groups, this topic is something that will take priority in designing and deploying security functions. To address the scourge of ransomware it requires multiple security teams to work in a coordinated fashion. It also requires buy in from an organization’s senior leadership. In this presentation, Robert will discuss best practices in using cyber threat intelligence to guide the conversation around ransomware and ransomware preparedness. He will also discuss his experience in collaborating with security teams such as vulnerability management, Blue, and Red Teams to identify how susceptible an organization is to ransomware. Robert will detail his process for identifying software vulnerabilities leveraged by ransomware gangs and then discuss utilizing vulnerability scans to create strategic plans for remediation. Robert’s presentation will conclude by discussing how a Ransomware Susceptibility Assessment can provide a basis for predicting where within an organization a ransomware attack may occur.

Robert A. Moody is a cyber threat intelligence and digital forensics expert, currently working as System Engineering Manager overseeing the Cyber Threat Intelligence team at The Home Depot. Robert leads a team charged with monitoring the Threat Landscape for all of North of America. Robert holds the Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Data Privacy Solutions Engineer (CDPSE), and Crest Registered Threat Intelligence Analyst (CRTIA) certifications, and has a Master’s degree in Cybersecurity from ie University. He has a background working in critical infrastructure sectors including manufacturing, banking, finance, telecommunication, retail, and energy.

16:50 – 17.00    Closing Address: Ian Glover, President, CREST

CRESTCon UK 2021 Tickets

Stream 3  Incident Response Stream & Awareness

09:00 – 09:40    Welcome and overview: Ian Glover, President, CREST

09:45 – 10:15    Keynote: A UK Government Perspective on Cyber Security, Tracy Buckingham, Deputy Director Security and Cyber Security Exports, Department for International Trade. UKDSE

 Tracy will give the audience the perspective of someone working in central government on the UK Government’s approach to cyber security and provide some insight into the UK’s approach to cyber policy.

 

Tracy Buckingham joined the Ministry of Defence in 1985 and spent her early career covering a  range of roles including Assistant Private Secretary to MOD’s Permanent Under Secretary; developing the ‘Policy for People’ and developing and implementing new performance management and corporate governance regimes based on use of the Balanced Scorecard.  In 2003 she became responsible for military operations in support of the UK’s civil emergency services, and in 2006 she moved to the Defence Equipment and Support organisation where she helped to set up the Future Submarines (now Dreadnought) Programme.

Tracy joined the UKTI Defence and Security Organisation (DSO) in 2011 where she has undertaken a range of roles including leading on exports to North America, Australia and New Zealand.  She is currently a Deputy Director in DIT Defence and Security Exports leading on Security and Cyber Security Exports.

10:20 – 11:05    Flying by the seat of your Pants! Alan Melia, Principal Investigator & Mehmet Mert Surmeli, Senior Incident Response Consultant,  F-Secure

The focus of this session is to provide an overview with real-life examples of incident response investigations that required some ‘outside the box’ creative thinking to reach tangible implementation remediation actions across industries.

Learn about the key techniques and tools that were used at the outset to follow the breadcrumbs of evidence to identify the entry vector leading on to the establishment of a containment plan and finally culminating in a remediation and recovery of the client’s estate. Hear where lessons were learnt along the way to reach a solution and where certain tools and methodologies were implemented including an outline of their capabilities and how you can leverage them alongside exploring new tooling insights.

This will include investigating ‘out of support’ systems and sites.  Take away a step-by-step guide to an IR investigation when the client estate is falling down around you.

Alan Melia, Principal Investigator, F-Secure, who manages investigation and incidents for a wide range of international and domestic clients from medium sized business to government agencies.  This includes investigations into APT attacks, data breaches and ransomware attacks developing live response to rapidly evolving solutions. Previously a manager at EY and before that Alan held a number of technical positions across Microsoft including in 2009 developing an alert-based application for mobile detection devices for a special equipment manufacturer. Alan holds an MSc in Forensic Computing, documenting how to convert Microsoft PE into a forensically sound platform for investigators, and most significantly, proving how and why it works so successfully.

Mehmet Mert Surmeli, Senior Incident Response Consultant, F-Secure, who since joining F-Secure a year ago has been leading on the company’s Linux Cat-Scale script tool project and helping companies recover more efficiently and effectively from attacks. Prior to Mehmet’s time with F-Secure he has worked in various roles at Vodafone Group including as CERT Specialist/Cyber Defence CERT, E-Discovery and Forensics specialising in malware, memory analysis and Windows/Linux forensics.  Mehmet holds an MEng in Software and Electronics Engineering. He also has a personal interest in the social sciences outside of his engineering work including philosophy, psychology and sociology.

11:05 – 11:20    Coffee Break

11:20 – 12:05   2020 – A Year of Ransomware: Andy Snowball, Head of Incident Response, BAE Systems

2020 – A Year of Ransomware examines what happened during 2020 regarding the global ransomware scene, and then delves into the detail of three anonymised incidents that the BAE Systems Incident Response team worked on in 2020. The presentation will conclude with recommendations that can help organisations prepare for and prevent becoming a victim of ransomware.

Andy Snowball is the Head of Incident Response at BAE Systems where he and his team respond to complex cyber incidents for our customers. Andy has worked in IT and security for 19 years and draws on his technical and project management skills from previous roles to respond effectively to a wide variety of security incidents, ensuring that attackers are evicted and normal operations are resumed quickly.

12:10 – 12:55    Cybersecurity Survivorship Bias – Avoiding it and where to put your armour: David Gray, Director, Security Consulting – Global DFIR, Security Operations Consulting.           

In cybersecurity we are always talking about threats and how to detect them (mainly with signatures or Use Cases). Things can get a bit crazy when we have to respond to zero-day exploits, but shouldn’t we be flipping our thinking and ALWAYS looking for what we don’t know? The threat actors certainly are! This session is to give you a different perspective on the threats we all face and how to avoid falling into the trap of purely reacting to the expected risks.

David Gray has over a decade experience in the IT security industry. He joined NTT in 2018, having previously worked in cybersecurity technical roles for the MoD, Leonardo and RSA. As the Global Director for Digital Forensics and Incident Response, he is responsible for the UK’s professional services engagements for incident response planning, global incident response and discovery, planning and consulting.

In his spare time, David enjoys spending time with his family, mountaineering, golf and making home brew beer.

12:55 – 13:30    Lunch

13:30 – 14:15    How purple teaming can prepare an organisation for ransomware breaches: Tom Hall, Head of Blue Team, 6point6

Ransomware continues to become an even greater issue for organisations in 2021, we look at the trends in Ransomware operations and understand some of the common techniques used in breaches. Tom will discuss how organisations can effectively use purple team engagements to identify weaknesses in detection capabilities, and reduce the effective attack surface for ransomware operators.

Tom Hall is the head of Blue Team at 6point6, leading the Incident Response, Cyber Defence, and Threat Intelligence practices. He is an experienced Incident Response practitioner with nearly ten years of experience in the industry, assisting organisations with preparing for, and defending against complex incidents.

14:20 – 14:50  SOC to IR, am I ready? : Luke Price, Senior Technical Consultant & Sean O’Connor, Senior Technical Consultant & CYSIAM

  • So you want to move into an IR team?
  • Unsure whether you have the skills?
  • What kind of work will I do outside of incidents?
  • Will I work every weekend and Friday afternoon?
  • What if I freeze during an incident?

Like many Analysts within a traditional SOC, you may be wondering what the next progression step is for you?

Naturally most people start to think about Incident Response Teams, the people on the ground running around trying their best to put out fires and stop the blood pressure of clients becoming critical.

Fear not, the jump from world threat screen maps from within a SOC to imaging an entire server estate is not as daunting as you might think.

Over the next half hour, we will try to put any fears or questions you have about transitioning from a SOC Analyst to an Incident Response Ninja to rest.

To quote a popular meme, “Everything is fine”.

Luke Price is a highly motivated professional with a strong desire to learn and evolve coupled with a tenacious work ethic to go the extra mile for clients. Experienced working with private and public sector environments ranging from UK Health, UK MOD and private entities across varying industries. Luke spent 8 months as an analyst within a security function, set up specifically to safeguard and monitor the TTCE project  (NHS response to Covid). Luke was responsible for building threat maps and security content for the monitoring tools used by the function, delivering a threat led capability.

Sean O’Connor is a results-focused individual with strong information and cyber security expertise.  Experienced in working at the leading edge of technology on high value information assets.  Proven experience in managing and developing cyber security resilience programs both in the UK and overseas, Sean is a problem solver that delivers effective and robust solutions to help secure high value information assets.  He has a propensity for self-study and has built most of his skills from the ground up, this makes him an excellent trainer as he can adapt his style to suit the audience. He also knows what works practically and has the technical expertise to build both training material and labs from scratch to suit the client. Sean has developed his knowledge and expertise, and gained valuable experience, over 15 years in specialist military and secure government roles; both in the UK and overseas. He is passionate about helping others and will always go the extra mile.

14:50 – 15:05    Coffee Break

15:05 – 15:35    Cybercrime.com – The Org Chart: Richard Hollis, CEO, Risk Crew

Cybercrime is big business. Traditional organised crime groups such as the Cosa Nostra, Yakuza, Chinese Triads, as well as Russian and Nigeria gangs have all opened “cyber” divisions. Additionally, new transnational syndicates like the Russian Business Network, ShadowCrew and Superzonda have risen to capture the

opportunities in next generation crime. The World Economic Forum estimates that transnational organised cybercrime gangs rake in more than $2 trillion a year in profits. The content of this presentation is based on over 20 years of open-source and dark web available material along with publicly available law enforcement case documentation. The presentation is devoid of commercial content.

Richard Hollis is the Chief Executive Officer for Risk Crew Limited a unique London-based information security governance, risk, and compliance (GRC) management consulting firm specialising in providing creative, cost effective, independent cyber risk management and security awareness training solutions. Richard possesses over 25 years of “hands on” skills and experience in designing, implementing, managing, testing, and auditing enterprise level information security programs.

Over the course of his career, Richard has served as Director of Security for Phillips, in Paris, France and Deputy Director of Security for the US Embassy Moscow Reconstruction Project as well as a variety of sensitive security positions within the US government and military. In addition to his work with Risk Crew, Richard serves on several security technology company boards and security industry advisory councils.

15:40 – 16:10  Changing Times, Changing Behaviours: Melanie Oldham, Founder & CEO, Bob’s Business 

The last 18 months have significantly impacted organisations and the individuals in those organisations. This talk focuses on previous habits, influences, and the fundamental shifts in our working environment brought about by Covid. It is imperative now that we empower individuals, both digitally and mentally to be resilient in the event of a cyber attack.

Melanie Oldham is the founder and driving force behind Bob’s Business, an award-winning and leading cyber security awareness training and phishing simulations provider, helping to reduce human-related risk.  Melanie has racked up over 10 years of experience in the cyber security sector and has become a reputable and well-respected force within the industry, having recently been awarded a Fellowship, the highest level of attainment by the Chartered Institute of Information Security.

Bob’s Business has delivered awareness campaigns to organisations of all shapes and sizes, from 10 users through to 70,000 users.  Last year, they educated 210,000 users.

Melanie is also the founder of the Yorkshire Cyber Security Cluster, a collaborative group that works together to reduce cyber security within the region. The cluster brings together local businesses, academics, the police, and experts to discuss, collaborate and educate on the key issues facing the region.

16:15 – 16:45    From Compliance to Culture Change: how a little bit of science goes a long way: Sarah Janes, Owner & Founder, Layer 8

Ever felt like you’re in a constant loop of advising on best security practices only to witness incidents caused by people? Understanding a little about how and why people do what they do can go a long way to creating a proactive security culture.  From what triggers our ‘feeling’ brain to act before our ‘rational’ brain has processed information to things you can do as an influencer to set the right tone from the top. We’ll look at a model that puts conversations about security at the heart of the decision making process.

Sarah Janes has spent her career managing, delivering and creating security behaviour change programmes. Both from the inside, as BT’s Security Communications Manager to consulting and running programmes for large international businesses. Sarah has developed new methods for changing behaviour putting conversation back at the heart and executing successful long-lasting Champions Programmes.

Sarah is now owner and founder at Layer 8 Ltd, a business dedicated to enabling every person and every organisation to be Champions of Security, where she continues to focus on developing practical methods businesses can use to create secure cultures. Since founding the business in 2015 Sarah has delivered programmes for some of the world’s most prestigious brands and is a regular speaker and contributor on security culture, behaviour, and awareness.

16:50 – 17:00    Closing Address: Ian Glover, President, CREST

CRESTCon UK 2021 Tickets
Eventbrite Logo

Last year’s event in the UK welcomed over 450 delegates from the security industry in a wide range of positions that ranged from CISOs and senior managers, through to senior penetration testers, threat intelligence analysts and brand new entrants to the industry.

Be a part of this years event by clicking below, or contact marketing@crest-approved.org for further details.

CRESTCon UK 2021 Tickets