ABOUTTHETALK SPEAKER BIO

SentinelAutomationforPowerUsers

WhatareLogicApps?Howdotheyworkwith Sentinel?Howdotheyunlockthetruepotentialof Sentinel?

Thisworkshopaimstoanswerallofthesequestions, andthensome!

CoveringthebasicsofSentinelPlaybooksusing LogicApps,withaneyeforbestpracticestokeepinto consideration.Youshouldpickupfirsthand experienceofrevolutionisingyouruseofLogicApps byimplementingamodulardesignstrategyto improvereusereducefunctionalcoupling,which meansneverhavingtorewritethatcomplicated workflowmorethanonce.

Theworkshopwillbe90minuteslong-pleasebring yourlaptopwithyou.

All round tech enthusiast that's too lazy to do thingsmyself!

XDRAutomationLeaderatCloudGuardAI Links&Socials https://uk.linkedin.com/in/yakub-desai-41054998

ABOUTTHETALK SPEAKER BIO

Tom is a security engineer at Bishop Fox. He likes to makes open source tools, like gron, meg, and anew; he also likes to teach people things, and occasioanllyhackwebstuff.

Socials&Links

Tools:http://github.com/tomnomnom https://tomhudson.co.uk

@TomNomNom

We need to stop being the “smartest person in the room” - that’s not how we get our own way in Infosec. Is it cheaper or more expensive to do what we say? If it’s not cheaper, then we’re getting ignored no matter how “right” we are. A talk about usingSecurityArchitecturetogetourownway.

Docker is an amazing tool! It has changed the way most businesses operate today. Why not leverage this fantastic technology to help enable security, thus helping security enable the business! This talk will cover several aspects of how Docker can be usedbysecurityteamstohelpthem.

With increasing connectivity and continuous advances in technology, the way we secure systemsneedstoevolveconstantly. This talk aims to shed light on the significant benefits that ChatGPT, an advanced AI-powered conversational agent, could bring to the realm of cybersecurity.Ornot!!!

Lorna is a Co-Founder of CAPSLOCK, an award winning cyber bootcamp. With a background in consulting, training and education, she has worked in cyber for over 15 years advising to the public and private sector and working at both strategic and operational level. Lorna is a proud northerner who is passionate and outspoken about removing barriers to entry into the cyber sector. Oh and Lego...shelovesLego!

@CAPSLOCKCyber

Who isn’t trying to get lazier? In this talk, I’m going to show you how easy it is to build scripts to automate practically anything you could want to do in a web browser. We’ll create a ‘my first login’ script, weaponise it, then learn how to build web scrapers,shoppingbotsandotherfunstuff.

In this talk, I’ll be sharing my findings, tips, and tools for identifying and exploiting account takeover vulnerabilities. If you are a Pentester or a Bug Bounty Hunter, Don’t miss this opportunity to enhance your skills to the next level. Join my talk tostayaheadofthegame.

Currently employed as a Senior Security Consultant/Penetration Tester at MDSec, with 9+ years of experience in the field. I have a deep understanding of vulnerability identification and exploitation techniques, a strong background in computer engineering, and extensive experience in Web/Mobile Apps and API security. I have also participated in bug bounty programs, finding security vulnerabilities in well-known companies andreceivingcreditsforthefindings.

@sandh0t https://ayoubsafa.com

Why use carpet bomb DDoS when a targeted strike consistent a few well crafted requests can cripple a service?

As an added bonus, precision strikes make it that mucheasiertoavoidWAFcountermeasures. And where to find this amazing cyber weapon? Why inaseeminglyunimportantCVSSscore7.5.

Socials&Links https://beny23.github.io @giskard23

Matching with the conference’s theme of red meets blue, during this workshop we’ll create Android applications that utilise tamper detection and anticompromise techniques, then participants will swap and apply offensive security techniques to get aroundthesecuritymechanismsoftheirpeers.

The workshop will be 90 minutes long - please bring yourlaptopwithyou.

Misunderstanding is the foundation of misconfiguration and, later, security issues. Starting from an amusing anecdote of a misunderstanding leading to the most ridiculous XSS you’ve heard of, we’ll then look atwhat weas“security nerds” can be doingtoimprovethegeneralsecuritylandscape.

core, cybersecurity is all about risk. We need understand, report, and mitigate our risk. However, the industry adopted methods for analyzing risk lead to inaccurate assessments, math, and ultimately bad decision making andspending.Iwillshowyouwhy,andhowtofixit.

https://www.linkedin.com/in/sara-anstey/

Alex played a crucial role in overseeing a team of expert penetration testers during an extraordinary assignment: a physical bank breach. This captivating talk offers insights into the pentest teams strategic utilisation of red teaming, reconnaissance, social engineering, and opensource intelligence to successfully breach the bank'sphysicalsecurity.

@yorkshirecsc

Alex is a highly skilled sales and account management professional with a keen focus on the cyber security and penetration testing sector. With nearly two decades of experience in the industry, he excels in building strong client relationships. Passionate about fostering professional growth, Alex serves as a dedicated mentor, providing valuable insights and guidance to aspiring students and seasoned professionals alike. As a cyber security-focused individual, Alex brings a wealth of knowledge in security testing, infrastructure, architecture, solutions, and threat intelligence. While he may not be a technical consultant, his exceptional sales acumen and domain expertise make him a valuable partner in helping organizations address their security concernsandachievetheirbusinessobjectives.

At its core, cybersecurity is all about risk. We need to understand, report, and mitigate our risk. However, the industry adopted methods for analyzing risk lead to inaccurate assessments, invalid math, and ultimately bad decision making andspending.Iwillshowyouwhy,andhowtofixit.

Socials&Links https://www.linkedin.com/in/sara-anstey/

Many cloud security breaches start from implementation mistakes: whether it be bad coding practices, misconfiguration, etc. Before (best case) your security team or (worst case) an outside attacker finds them; how can you be proactive aboutfindingandfixingcommonsecuritymistakes?

A Chatham House Style interactive session with Chris Roberts. Chris will share war stories, lessons learned, and you can ask him anything in this unrecordedsession.

Socials&Links

@Sidragon1

Chris is the CISO for Boom Supersonic and works as an advisor for several entities and organizations around the globe. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Over the years, he's founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry. (Likely while coding his EEG-driven digital clone that’s monitoringhisteaandbiscuitconsumption!)

The rise of infrastructure automation is inevitable, but does it come at a cost? Companies have adopted various technologies to streamline their processes across different contexts. Software devs have utilised the technologies over the years, but how do we use this technology in a prod enivronment?

Socials&Links https://www.northgreensecurity.com/

I am a senior security consultant & trainer from North Green Security, I am a massive believer in knowledge is for sharing and I have recently taken an interest in IaC, in particular Ansible and Terraform. I thought the Ansible Tower product wasanicewaytomanagethedeployment,butwas curious to how they could be taken advantage of aswell.

As for the One Direction question, completely unsure. What I can tell you though, is I like to take late night walks to the fridge, I am far to happy to seethelightasthedooropens.