Workshops

Choose from a range of workshops which delve into topics like blockchain, using deception to detect cyber attacks, and engaging research and industry in cyber security.


When

Friday 29 September 2017
Morning Workshops: 9:00am – 12:00pm
Afternoon Workshops: 1:00pm – 4:00pm
Full Day Workshops: 9:00am – 4:00pm

Venue

UNSW CBD Campus
Level 6, 1 O’Connell Street
Sydney NSW 2000

Cost

Morning/afternoon Workshop: $450 | $350 with Summit registration
Full Day Workshop: $850 | $700 with Summit registration


  • Inclusions: All workshop materials, morning tea/afternoon tea and lunch.
  • Registering for the Summit and a workshop will entitle you to discounted registration.
  • All prices shown include GST and are Australian Dollar amounts.

Automating security for DevOps

Workshop Leaders: Murray Goldschmidt, Chief Operating Officer, Sense of Security
Duration: Half-Day Morning (9:00am – 12:00pm)

The rise of DevOps is marginalising security, but there are ways to integrate security into Agile environments. With the rise of DevOps (Agile development and deployment environments) a chasm has emerged as it becomes evident that superfast and continuous software development is marginalising “traditional” security teams. Security teams need to catch-up with this disruption, and fast. Security automation is vital, and this workshop discusses practical solutions that make sense.

In this workshop, we’ll discuss security automation techniques that can overcome the challenge of implementing security in an Agile environment. This two-hour learning lab is designed to cover several high-level topics relevant to the implementation of security in a DevOps environment, and with a focus on the role that automation can play. The interactive nature of this learning lab means it is designed to encourage active participation and feedback from the audience so that the discussion is productive, inventive and enjoyable.

This workshop will cover topics including:

  • an overview of a DevSecOps stack (that we have used in a lab environment as a typical understanding of a generic model)
  • Defining a common understanding of the modern Service Delivery Life-Cycle (SDLC)
  • Why DevSecOps matters, and how automation is a central theme to its success
  • Key concepts such as the need to need to “shift left” and identify issues and defects earlier in the SDLC cycle
  • Practical solutions available – achieving automation with continuous scanning, static and dynamic code analysis
  • Emerging technologies such as run-time application self-protection techniques (RASP) and behaviour driven development (BDD)
  • A live demo of an attack scenario
  • Low-cost self-healing controls to identify attacks and automatically defeat them

Automating Security for DevOps is designed to teach security automation techniques that can be used in a modern software engineering “DevOps” environment. This workshop is aimed at ensuring security teams remain relevant in their enterprise by providing practical knowledge to achieve it – for example, by using automation wherever possible, freeing up brilliant security minds to tackle the “higher-hanging-fruit” problems. Attendees will learn to implement and automate security in Agile production environments – without becoming a bottleneck in the process.

While this workshop is directly relevant to IT managers and security professionals, it may well be of interest to stakeholders representing the broader interests of developers and operational teams looking to embrace security.

Murray Goldschmidt is an information security specialist with over 17 years’ commercial IT experience and co-founder and Chief Operating Officer at Sense of Security.

Murray is an industry recognised expert for achieving security in a DevOps environment (putting the “sec” into DevSecOps), having developed, enhanced and presented on this topic at several events with the objective of rapidly enhancing the capability within our region.

Frequently invited to present at conferences, workgroups and seminars and asked to provide expert comment for editorials and publications. Murray has presented on security topics to many audiences at conferences including AusCERT, the Australian Cyber Security Centre (ACSC), RSA Conference, and the Australian Information Security Association (AISA).

Along with a degree in Electrical Engineering, Murray is a Certified Information Systems Security Professional (CISSP), IRAP Assessor and a Payment Card Industry Qualified Security Assessor (PCI QSA) and an active member of the Australian Information Security Association (AISA).

Blockchain security: understanding and securing the new disruptive force

Workshop Leader: Ajit Hatti, Founder, SecurityMonx
Duration: Half-Day Morning (9:00am – 12:00pm)

The technology which is set to disrupt the entire world of finance and economics is Blockchain.

This workshop is especially designed for fintech organisations, and will introduce you to the technical base of Blockchain in an accessible way. We will examine how the world has been adopting it so far, as well as its potential innovations, developments and future opportunities. We will also explore the security challenges of this technology and how we can address them.

The workshop will incorporate the following:
1. Introduction to the principal and philosophy of Blockchain
2. How it started: history of Blockchain
3. Cryptography and building blocks of BlockChains: a demonstration
4. Blockchain in action: executing smart contracts
5. The present and the future of the Blockchain
6. Security threats applicable to Blockchain

Ajit Hatti is a founder of SecurityMonx, a 100% open source company working on securing Blockchain-related technologies. He is the author of LAMMA and GibberSense tools which help in securing crypto and PKI Implementations.

He also co-founded Null Open Security Community and has worked with Symantec, Emerson, ZScaler, IBM and Bluelane as a security researcher in the past. Ajit has also presented his work at conferences including BlackHat, DEFCON and Nullcon.

Team Health Monitor

Workshop Leader: Dom Price, Atlassian, Head of R&D and Work Futurist, Atlassian
Duration: 1 hour – special event (8:00am – 9:00am)
Price: This is complimentary for Summit delegates. Please note: registration for this workshop is only available to those also registering for the Summit.

This one-hour workshop will take you immediately into an immersive team health exercise, where Atlassian’s “Dr Dom” will help you understand your team’s health, identify plans to improve, and share themes from running over 1,000 sessions with teams of all shapes and sizes. Not for the faint-hearted!

Born in the harsh Manchester Winter of ’77, Dominic Price has a career that has reached far and wide through Europe, US and Asia PAC. Today Dom is proud to work at Atlassian, a leading provider of team collaboration and productivity software, as the head of R&D and Work Futurist, where his responsibilities span eight global R&D centres.

Dom was previously the general manager of program management for a global gaming company. He has also been a director at Deloitte, where he provided assurance and consulting services across the areas of project management, product management, IT systems and change management, and he’s worked across businesses in beverage, telco, manufacturing, software development and gaming.

A keen traveler, Dom has traversed over 50 countries so far, but after 13 years on these shores, he calls Australia home.

Detecting cyber-attacks with deception

Workshop Leader: Sahir Hidayatullah, Co-founder and CEO, Smokescreen Technologies
Duration: Half-Day Afternoon (1:00pm – 4:00pm)

Deception is one of the most successful strategies in military history. Just as armies used deceit to conquer continents, cyber-deception exploits the modern hacker’s greatest weakness – they’re only human.

This session deconstructs recent attacks from a hacker’s perspective and shows how companies can use deception technology to predict upcoming threats, detect stealthy attacks, illuminate network blind spots, and minimise breach detection time.

Sahir Hidayatullah is the co-founder and CEO of Smokescreen Technologies. Smokescreen’s deception technology uses decoys to detect targeted cyber-attacks before they cause business impact.

Sahir is a serial cyber security entrepreneur. His past ventures have investigated numerous high-profile data breaches, with clients spanning critical infrastructure, global financial institutions, and Fortune 500 companies.

His work has been highlighted in a cover feature story in Fortune India magazine, and his thoughts on technology risk management appear regularly in the print and television media.

Research-industry engagement in cyber security

Workshop Leader: Surya Nepal, Data61
Motivating Speakers:
– Dr Liming Zhu – Research Director, CSIRO Data61
– Federico Bettini – CEO, Aizoon Australia
– Dr Praveen Gauravaram – Tata Consultancy Services Limited
– Dr Carsten Rudolph – Associate Professor, Monash University
– Daniella Traino – Business Leader, Cyber Security (GAICD) CSIRO Data61
– Ben Whitham – Founder, Penten Australia
Duration: Half-Day Afternoon (1:00pm – 4:00pm)

The engagement between research (universities and research organisations) and industry is key to building an innovation ecosystem in cyber security that can contribute to the national economy and security as well as provide enormous societal benefits.

This engagement has many facets, for example:

  • universities can produce cyber graduates to fill the skills gap;
  • industries can integrate graduates into their workforce to tackle problems they are facing now;
  • existing research IP can be transferred to industries to create new technologies and products;
  • key research breakthroughs can seed new industries;
  • industries can specify research challenges for the research ecosystem to tackle;
  • industries can partner with research organisations for their research & development needs.

What are the pathways or models for research-industry engagement and what are the models of success?

The workshop brings cyber security researchers and industry practitioners to share their experiences through successful research-industry collaborative projects and models. This includes models and projects from startup/SMEs space to large corporations.

This workshop will run as a series of interactive lightning talks. All participants may also choose to use a three minute lightning pitch or a 10 minute short talk to highlight specific industry problems and challenges, existing off-the-shelf research IP and capabilities and preferred engagement models.

Participants who would like to do a 3-5 minute pitch or lightning talk are asked to please email your short bio and title to Surya Nepal at surya.nepal@data61.csiro.au.

Dr Surya NepalDr Surya Nepal is a Principal Research Scientist at CSIRO Data61. He has been working at CSIRO since 2000. He currently leads a distributed systems security group. His main research interest is in the development and implementation of technologies in the area of distributed systems and social networks, with a specific focus on security, privacy and trust. He obtained his BE from the National Institute of Technology (NIT) Surat, India, ME from the Asian Institute of Technology (AIT), Thailand, and PhD from RMIT University, Australia. He has more than 150 peer-reviewed publications to his credit; his papers are published in international journals such as IEEE Trans. Parallel and Distributed Systems, IEEE Trans. on Service Computing, ACM Trans. on Internet Technologies, and IEEE Trans. on Computers. He has co-edited three books including Security, Privacy and Trust in Cloud Systems by Springer. He has three patents and a trademarked technology in the area of cyber security. He currently serves as associate editor of IEEE Transaction on Service Computing.
Federico BettiniFederico Bettini is Chief Executive Officer at Aizoon Australia. He has a Ph.D from the University of Bologna. Federico’s professional experience ranges from large multinational corporates through to applied research and commercialisation companies in Europe and Australia, including roles with McCain, George Weston Foods and Lion Co.

Federico has an innovative approach to digital transformation and business in general, and he always brings a different perspective to the table. He is passionate about building capabilities and developing leaders for the future.

Praveen GauravaramPraveen Gauravaram is a consultant and scientist in cyber security at Tata Consultancy Services (TCS) in Brisbane. Praveen’s focus is on embedding innovation and creativity into TCS’s customer deliverables and offerings. Praveen leads TCS’s research and innovation activities in cyber security in Australia.

Praveen has a PhD in Cryptology from Queensland University of Technology, Brisbane. Praveen has held scientific positions in India, Europe and Australia and published several scientific papers and technical reports. Praveen has made significant scientific contributions to the analysis and design of standard cryptographic designs, in particular cryptographic hash functions. He is a co-designer of Grøstl hash function and a finalist in the SHA3 competition conducted by NIST USA. Praveen is also an Adjunct Senior Lecturer at University of New South Wales, Australia.

Dr Carsten RudolphDr Carsten Rudolph is an associate professor in the Faculty of IT at Monash University and Director of the Oceania Cyber Security Centre in Melbourne, Australia. His research concentrates on information security, formal methods, security engineering and cryptographic protocols with a strong focus on hardware-based security and Trusted Computing. Results of his research work have been applied in areas such as critical infrastructures, industry control systems, or certified systems. Among other activities he has worked on a security validation of the Trusted Platform Module TPM 1.2 on behalf of the German BSI and he contributes as invited expert to the standardisation of the TPM in the Trusted Computing Group TCG. He successfully initiated five large co-operative European research projects funded by the European Commission along with six projects funded by the German Federal Ministry of Education and Research, BMBF. His industry co-operations included large companies and many small and medium-sized enterprises. In 2015, he supported Huawei in establishing a Trusted Computing research team in Germany.
Daniella TrainoAt Data61, Daniella Traino co-developed the cyber security business strategy and is responsible for business development and global innovation partnerships for the cyber security domain.

Daniella is a member of the Research Advisory Committee for the Internet Commerce Security Laboratory (ICSL) – a cyber security research unit of Federation University Australia. She was a judge at the 2017 Finnies (Fintech Australia awards), a contributor to the 2017 report ‘Startup secrets: How Australia can create new businesses with fintech and cyber security industry collaboration‘, and Cyber Track leader for the 2016 Spark Festival (formerly Startup Week Sydney). Daniella also volunteers some of her time to advise Australian cyber security startups on innovation pathways and product-market strategies.

Prior to Data61, Daniella has held executive roles including General Manager Security & Risk (Chief Information Security Officer) for a NSW government department, responsible for the effective management of all ICT risk, security and continuity practices; and executive management roles in banking and finance and management consulting.

Daniella holds a Bachelor of Commerce (Accounting, Computer Science) from the University of Sydney, and is a Graduate Member of the Australian Institute of Company Directors (GAICD). She is motivated to help industry and government tackle the growing and challenging cyber security implications and opportunities of operating in the emerging digital economy.

Ben WhithamBen Whitham is a cyber security entrepreneur and engineer. After a career in the military, Ben worked as a consultant in a number of Australian government and commercial cyber incident response teams. He co-founded several companies, including M5 Network Security, where he was co-creator of the Secure Communications Solution, a product that was finalist in the 2012 SC Magazine Mobile Security Product of the Year and winner of the Australian Museum Eureka Award for Outstanding Science in Safeguarding Australia. Now with his new venture, Penten, he continues to consult and design security solutions, primarily in areas associated with cyber deception.

IoT CTF/Village

Workshop Leader: Barry ‘Fish’ van Kampen, Managing Director, The S-Unit and Dirk ‘Perzik’ van Veen
Duration: Full-Day (9:00am – 4:00pm)

At the live hacking village you will learn how to tinker (play with technology) with hardware and software. Playing with hardware, protocols and the software behind it is one of the goals. A collection of ESP’s, Arduinos, sensors, hardware sniffers and SDR’s (Software Defined Radio) will be used (available at the village). Barry ‘Fish’ van Kampen is an enthusiast hacker known from Hack in The Box, and will let you learn and tinker within these hardware environments. Attendees will also have access to a collection of IOT hardware, like remote controlled switches, camera’s, etc to research and hack. If you PWN it, you will OWN it 🙂 The main goal is to bridge the gap with the software hacking world and show you how easy it is to start hardware hacking.

A mini CTF (hacking competition) will be held alongside the IOT and hardware hacking. Dirk ‘Perzik’ van Veen, lead organiser of the CTF for Hack in The Box Amsterdam, will bring a collection of basic and intermediate challenges and guide the visitors in solving the hacking puzzles. Of course, there will be a scoreboard and a prize for the one who finishes the most challenges during the village/workshop.

Participants in this workshop will need to bring:

  • Technical skills
  • A computer with rights to install software. Pre-installed (virtual) Kali and Arduino is useful.
  • Some basic hardware materials like USB cable’s, network cables/adapters, power adapters.

What to expect?
Depending on your current skillset, you can expect to learn hacking and tinker techniques, both hard and software based, on different levels. At the end of the day you can expect to have at least basic knowledge about the subjects or to have a higher skill set than when you started.

Barry van KampenBarry ‘Fish’ van Kampen is a hacker enthusiast and thinker full of ideas and energy. During his technological journeys, he has made a lot of friends in the hacker (space) community. As part of the HITB Core crew he has co-organised HITB Amsterdam since 2010. He is also the chairman and one of the founders of Randomdata, a hackerspace in Utrecht. As a professional, he is the MD of The S-Unit with a great passion for technology.

Dirk van VeenDirk ‘Perzik’ van Veen is the lead pentester at The S-Unit. In his spare time, he organises and creates challenges for several CTF competitions in the Netherlands, including Hack in the Box. When he is not busy finding bugs in websites or penetrating networks, you can find him teaching people how to think like a hacker or dance (in no particular order).

Using red teaming to succeed in security

Workshop Leaders: Damian Grace, General Manager, Phriendly Phishing and Mark Hofman, CTO, Shearwater Solutions
Duration: Half-Day Afternoon (1:00pm – 4:00pm)

Red teaming is a key buzzword in modern cyber security, but it can have vastly different meanings to different organisations. For one, it might be a supported offensive security exercise; for another, it might mean letting a “security ninja” loose in your network with little to no supervision. It is often conducted without a true understanding of an organisation’s threat landscape, the attack possibilities, and what an organisation is really trying to achieve as an end result.

Understanding your threat landscape is extremely important in modern environments, and can dramatically affect the success of a red teaming engagement and the cost associated with it.

Join Damian Grace and Simon Treadaway in a collaborative workshop that will explain the whats and hows of red teaming in a practical, jargon-free environment.Attendees will work through the following:

  • Map out the possible threat vectors and attack scenarios that need to be considered when red teaming
  • Build a comprehensive framework to evaluate your environment against the vast array of daily attacks
  • Highlight specific ways to defend against common red team attacks

The key outcomes of this workshop include a solid understanding of red teaming as a practice and a framework for making decisions regarding what’s most important to your organisation.

This workshop is specifically targeted at a managerial level and no deep technical skills are required.

Mark Hofman is a director and founder of Shearwater Solutions and has over 25 years’ experience in ICT Security. He has worked for both private industry and government and has provided a wide range of information security consulting services to numerous organisations, including the financial sector, private sector, and government. Mark is currently a certified instructor for the SANS Institute. He has trained and lectured internationally, and is a handler for the Internet Storm Center.
Damian Grace is a director at Shearwater, a pure play cyber security organisation founded in 2003. He has also led the Ethical Hacking division at Shearwater for over 8 years before founding Phriendly Phishing, a pioneering phishing awareness training and simulation solution and the only Australian product of its kind.

Damian is passionate about making security awareness education effective and accessible to everyday Australians. He has used his extensive experience in ethical hacking, phishing assessments, user education and business consulting in the development of Phriendly Phishing. The training is now deployed to hundreds of thousands of users across organisations of all sizes.

Damian is a regular public speaker in the security industry and was part of Austrade’s Landing Pad in Israel for Fintech and Cyber Security startups, which he attended last year.