The healthcare community learned that there is a greater need for resiliency, contingency plans and backup plans in how it functions. Looking at this pandemic from a biohacking / security researcher point of view, how can we take the past ten months of pragmatic data, information, and insight and turn it into actionable knowledge to improve future decisions and outcomes for the biomedical ecosystem.

Have you ever felt overwhelmed with the number of cloud tools and security tools that you need to deal with? Have you been looking for a ready reckon-er to choose the best for you? Cloud adoption has grown multi-fold with the new normal and digitization journey accompanied by an exponential growth in the tools related to cloud. So, with too many tools and too many things to secure, organizations today look for suggestions on how to choose the right toolsets and strategy to secure things in the cloud. The session is to bring in views from experts in the Cloud security space on how we can systematically approach this complex issues around building security capabilities beyond cloud native controls to bring more orchestration and consistency.

Government and industry have invested significant effort in understanding the threat landscape in order to defend their interests in cyberspace, but the issue of how defensive action can influence attacker behaviour is poorly understood. This presentation seeks to explore the question: how do attackers respond to investigation into their operations? We will review the ‘spectrum’ of response options and changes that attackers have made to their operations following incident response cases and public reporting (and attribution) of specific groups. Responses range from defensive (‘go quiet’) to aggressive (threats or targeting of researchers), and include a multitude of change-ups in tactics, techniques, and procedures in between. This analysis will draw on evidence from numerous examples both from our investigations and cases from open sources to cover high priority threat groups faced by the public and private sectors as well as unintended consequences of disclosure and thoughts from a defender perspective

An autopilot is a flight control system that allows a pilot to fly an airplane without continuous hands-on control of the airplane. Autopilot reacts quickly to a disturbance, therefore, making the airplane more comfortable to fly in and allowing more accurate maintenance of heading and altitude. It takes a pilot a certain length of time to react to a disturbance and then still further time to decide which control to move and in which direction, whereas, an autopilot has corrected the disturbance in a fraction of the time taken by the pilot to react. The purpose of this paper is to get acquainted with the security challenges of Aviation Cyber Physical System (ACPS), to see the applicability of CPS security concepts, security architecture, threats and attacks related to ACPS as well as, the countermeasures for securing them, also to learn about CPS from the outside in and to aid us in learning what is it like to describe complex arguments (i.e. specific security risks) to a technical, yet non-security-minded audience. This research paper will be showing and covering some aspects of ACPS assets, threats, vulnerabilities, architecture, and security assessment

This talk will touch on the current opportunities and challenges that exist for Cyber Security with the field of emerging technologies as in quantum computing, autonomous systems and AI. It will introduce different research results that are obtained within the current field of research on quantum security and cryptology, using deep learning adversarial machine learning models to attack autonomous vehicles and current research questions tackled within avionics security systems. The challenges of adapting to these technologies and building a secure models within these technical boundaries.

Internet of Things has become essential in business, industry and our personal lives. The economic impact of the Internet of Things will be measured in $trillions. IoT is here to stay. During this session, attendees will learn about leading security practices and risks across IoT ecosystems. IoT Security is a complex area, the speaker will provide insights on the challenges of securing IoT and why this area cannot be secured by meeting compliance requirements. With devices in all areas of our lives from Medical devices, Fitbits, Smart voice assistants like Alexa, automation in supply chain to Industrial control systems controlling the power grid the spectrum of applications is vast and so is the risk if these technologies are not implemented securely.

Network firewalls are becoming irrelevant, neither can we be relied upon the perimeter networks nor can they be trusted. With adoption of bring your own device and convey your own cloud, we must evolve our defences to the devices and therefore the identities. ZTA is a response to enterprise network trends that include remote users and cloud-based assets which are not located within an enterprise-owned network boundary. In this paper we will be understanding how the security state and the trustworthiness contributes to overall security posture, considerations for automated access to resources via device also the identity conditions and the way to implement these conditions to the road of business SaaS apps or on-premises web apps.

You may be wondering what OSINT means. It refers to open source intelligence that we can gather from publicly available sources. You may not be aware of the term OSINT, but you’ve probably used OSINT gathering techniques without knowing it. So, join this session so that the speaker can clarify what OSINT is, show you the practical uses of it, and how we can leverage it so we can use our skills and knowledge for the greater good.

We may say that the front liners in the cyber warfare are the SOC or the Cyber Threat Intelligence Team. But how they operate is governed by strategy, policies, framework and standards. What is the role of GRC in levelling up the operation’s responsibility and accountability? How do we embed a risk-based approach in handling the threats and vulnerabilities? Let us understand how GRC is mapped in the day-to-day IT operations management, SOC Operations, and the organization’s assurance to comply with applicable regulations.

In today’s world of cyber-attacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. Today's rapidly evolving threat landscape demands smarter and more responsive security services. It’s the SOC’s job to monitor the enterprise from cyber-attacks. As hackers and cyber criminals launch increasingly sophisticated attempts to steal sensitive data and worm their way into business-critical applications, security operations centres (SOC) are the dedicated teams on the front line working to stop them. They stay up-to-date on the latest threats and mitigation techniques so they can act as an early warning system. Their mission is to continually monitor cyber security health and respond to alerts and incidents. But how does it do that? What comprises the people, process and technology of a SOC? How a SOC operates? What is a next generation SOC and how to implement it? How a cyber-attack is detected by SOC team? We would be discussing all these facts in our session regarding the Next generation Security operations centre (SOC).