This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is always (I suspect) a delicate balance between the different drivers from business, technology and ‘industry’, but this year’s event is definitely our best effort thus far. ITWeb has more than ever acknowledged the centrality of good, objective content and has worked closely with us as the Technical Committee and their various sponsors to strike the optimal balance. I don’t think we have it 100% right yet, and there are some improvements and initiatives that will unfortunately only manifest at next year’s event, but this year’s program (here and here) is nevertheless first class and comparable with almost anything else I’ve seen.
Dominic White was interviewed for a short video that sums it all up quite nicely.
<Shameless plug>If you’re in South Africa, and you haven’t registered, I highly recommend that you do</Shameless plug>
This year’s Summit explores the idea that trust in CyberSpace is “broken” and that, one for one, all the pillars we relied on to tame the Internet and make it a safe place to do business in, have failed. Basically the event poses the question: “What now”?
We’ve tried hard to get all our speakers to align in some way with this theme. Sadly, as is often he case, we had fewer submissions from local experts then we hoped, but we were able to round up a pretty killer program, including an VIP list of visiting stars.
After the plenaries each day, the program is divided into themed tracks where talks on a topic are grouped together. Where possible we’ve tried to include as many different perspectives and opinions as possible. Here’s a brief summary of my personal highlights:
Plenaries:
- Eddie Schwartz – “A State of Dynamic Risk: Containment and Victory in a World of Advanced Threats
- Moxie Marlinspike – “The demise of SSL & Internet Trust”
- Kenneth Geers – “Cyber War – Beyond Theory”
- Charlie Miller – “Banned in the USA”
- Joshua Corman – “Where do we go from here? Adapting to modern adversaries”
- Haroon Meer – “Information Security: The things we dont say…”
- Charl van der Walt (me!) – “What’s the deal with Mobile and Africa”
- Tyrone Erasmus (MWR) – “Pilfering information from the masses”
- Juan Pablo Perez Etchegoyen (Onapsis) – “Cyber-Attacks on SAP & ERP systems: Is Our Business-Critical Infrastructure Exposed?”
- Chris John Riley – “SAP (in)security: Scrubbing SAP clean with SOAP”
- Ian de Villiers (SensePost) – “Systems Applications Proxy Pwnage”
- Jon Matonis – “Cryptography in a World of Digital Currencies”
- Kenneth Geers – “Ghost in the Shell Revisited”
Finally, there’s excellent looking full-day workshop titled “Security in an era of BYOD” with Dan Crisp and Lynn Terwoerds.
Its gonna be excellent. See you there!