Agenda Cyber Security Summit 2017


Day 1 – Monday

08:30-09:00 Registration & breakfast

Get a good start with freshly baked sandwiches, tea and coffee.

Welcome to TrueSec Cyber Security Summit 2017!

09:00-09:15 Keynote

Speaker: Marcus Murray

Marcus Murray Agenda TrueSec Cyber Security Summit

Let’s kick off this two-day conference with a TED-talk-inspired keynote starring Marcus Murray, cyber security expert and team manager at TrueSec.

He will give you insight into the current Cyber Security landscape - Cyber Security trends, threats, major breaches and mitigations will be discussed and maybe even demonstrated!

09:15-10:15 Attack: Breaching the perimeter! - Finding and exploiting entry points

Speakers: Kenneth Ljungqvist, Davide Girardi

Kenneth Ljungqvist Agenda TrueSec Cyber Security SummitDavide Girardi Agenda TrueSec Cyber Security Summit

Modern cyber criminals and threat actors all have different objectives and scopes within their offensive operations. However, they have one thing in common: they need to breach the perimeter and establish a foothold inside the target network.

How do nation state groups such as Fancy bear and Lazarus group establish footholds within modern infrastructure? What's your organization's weakest link? External exposure, spear-phishing, or could it be the physical security?

Watch live as the attack team from Truesec showcases how threat actors establish their initial footholds!

10:15-10:30 Break

Stretch your legs and get some water in between the sessions.

And! Stop by the exhibitors booths, maybe they've got some great swag for you?

10:30-11:30 Attack: Expand & Conquer! – Complete IT infrastructure takeover

Speakers: Fabio Viggiani, Marcus Murray

Fabio Viggiani Agenda TrueSec Cyber Security SummitMarcus Murray Agenda TrueSec Cyber Security SummitThe assumption that an internal IT environment is protected from external threats is long gone. Organizations must embrace the concept of "assume breach" and expect intruders to already be connected to the internal network.

But what does it really mean for an attacker to have access to an internal computer? Can they really do that much with the privileges of a regular employee?

As a continuation of the first demo-based hacking session, the Truesec attack team will demonstrate modern tools and methods to compromise an entire IT infrastructure in a matter of hours!

11:30-12:30 Lunch

Lunch is served. Enjoy!

12:30-13:30 Protect: Identities in the Enterprise

Speakers: Daniel Ulrichs, Hasain Alshakarti

Daniel Ulrichs Agenda TrueSec Cyber Security Summit Hasain Alshakarti Agenda TrueSec Cyber Security SummitIdentity has become one of the most important security boundaries and critical endpoints in modern enterprises. The natural replacement for the network security perimeter in a complex modern enterprise is the authentication and authorization controls in an organization's identity layer. Privileged administrative accounts are effectively in control of this new "security perimeter".

We need to protect against identity compromise, prevent reuse of stolen credentials, go beyond passwords and move to more secure forms of authentication based on the employee's identity, the device they are using and only for a limited time. Using just in time and privilege access management controls helps minimize the number of people who have access to critical information or resources, and reduces the chance of a malicious user getting that access. And makes it harder for attackers to penetrate a network and obtain privileged account access without being detected.

In this session, we will describe and demonstrate important concepts to protect against common attacks on identities and add more monitoring, more visibility, and more fine-grained controls so that organizations can see who their privileged administrators are and what are they doing.

13:30-13:45 Break

Still in a food coma after lunch?

Get some air, go for a quick walk, or hang out with other attendees in the lobby during this 15 minute break.

13:45-14:45 Protect: Securing the on-premise infrastructure

Speakers: Peter Löfgren, Hasain Alshakarti

Peter Löfgren Agenda TrueSec Cyber Security Summit Hasain Alshakarti Agenda TrueSec Cyber Security SummitWhen analyzing the numerous breaches over the past few years, one quickly concludes that no matter what method was used to breach the environment, the attackers proceed to compromise administrator credentials and devices so that they can integrate, control and hide inside the environment.

Enforcing device enrollment, provisioning of policies, implementing security baselines, limiting exposure, collecting audit logs, controlling code execution and then securing access to systems, apps and data using just-in-time and just-enough based methods are critical controls to give IT the ability to provide the guardrails needed to prevent users and administrators from putting the enterprise at risk.

In this session, we will describe and demonstrate important concepts to limit the breach impact, make it detectable and have the ability to respond.


14:45-15:00 Coffee break

Load up with some new energy!

We'll serve coffe, tea and something sweet to trigger your endorphins before the last session.

15:00-16:00 Protect: Modern Application Security

Speakers: Emil Kvarnhammar

Emil Kvarnhammar Agenda TrueSec Cyber Security SummitMost of us are heavily dependent on software from larger vendors like Google, Microsoft and Apple. Continuously applying security patches from these vendors is nowadays considered a minimum in cyber security. Security has been a key part of the vendors' SDLC (Software Development Lifecycle) for many years now. Still, our exposure to cyber security threats involves a lot more than products from these larger software companies. Attackers exploit application vulnerabilities to gain control over entire enterprises, even with all the latest patches applied.

Application security is becoming increasingly important, and old mitigation strategies like penetration tests or code reviews once a year are no longer sufficient. With DevOps and Continuous Delivery, the threat landscape for your production environment might change from one hour to another. New vulnerabilities in third-party/middleware code used by applications are continously discovered and exploited, and you need a strategy for managing these new threats. Additional challenges includes tools like Docker moves some of the patch management responsibility to Dev or DevOps teams.

This is a unique opportunity to learn how the TrueSec team works with Modern Application Security, and how you can prevent many attacks by making it a key part of your cyber security strategy.

16:00-17:30 Q&A's and After Work

In case you haven't got answers to your questions during the day, you now have the opportunity to ask the experts face to face.

We invite you to grab a beer, soda or coffee by the bar, to round up the day with a Q&A session.


Day 2 – Tuesday

08:30-09:00 Breakfast

Fetch a sandwich, tea or coffee and get off to a great start.


09:00-09:15 Opening speach

Speaker: Johan Blom (presenter of the event)

Johan Blom Presenter TrueSec Cyber Security Summit Summary of day 1 and set the stage for Day 2.

09:15-10:15 Protect: Secure Application Infrastructure on AWS

Speaker: Emil Kvarnhammar

Emil Kvarnhammar Agenda TrueSec Cyber Security SummitBoth new and legacy applications are moving to the cloud, and it's happening extremely fast. There are great opportunities to build secure application infrastructure with platforms like Amazon Web Services (AWS), which are a lot more secure than most on-premise deployments.

But your use of cloud platforms could also turn into a disaster without the right security strategy in place. As a comparison, imagine what it would mean if your on-premise data center would be physically accessible to any attacker 24/7 (esentially admin console access to all your servers). Sounds a bit scary, doesn't it?

In this session you'll learn about some important general concepts in building secure and resilient application infrastructure in the cloud. We use Amazon AWS as a demo environment, but most of the concepts can be achieved using Microsoft Azure or Google Cloud Platform as well. We will talk about automated provisioning, identity and access management (IAM), secure TLS, micro-segmentation, patch management, runtime application protection, monitoring/logging and a lot more.

10:15-10:30 Break

A short break. Get some water, stretch your legs and get ready for next session.

10:30-11:30 Protect: Develop, secure and govern your application on Azure

Speaker: Hasain Alshakarti, Richard Ulfvin

Hasain Alshakarti Agenda TrueSec Cyber Security SummitRichard Ulfvin Speaker TrueSec Cyber Security SummitGet practical insight into some of the security features the Microsoft cloud can provide.

We will guide you through the transition from an onsite application implementation to PaaS covering important points from a security perspective.

We will also discuss some concerns in regard to what can drive cost and/or administrative overhead in design decisions and implementation.

11:30-12:30 Lunch

Time to get some lunch! Mingle with other attendees and exhibitors.

12:30-13:30 Protect: Protecting Sensitive Data

Speakers: Mats Hultgren, Mårten Thomasson

Mårten Thomasson Agenda TrueSec Cyber Security Summit Mats Hultgren Speaker TrueSec Cyber Security Summit

As attacks are getting more and more advanced and the tools of nation states have become available to cybercrime, we must assume breach - all environments will get hacked sooner or later. In addition, the business need for digitalization, sourcing and moving to the cloud expose data for new risks. Encryption of data becomes more important, not least because of regulatory demands such as GDPR.

In this session Addlevels Cyber Security Advisors will guide you through how to protect data at rest with modern cryptographical solutions in hybrid environments, as well as how to use data protection impact assessments to identify which data to encrypt. We will also discuss how you should work with suppliers and outsourcing partners through requirements, governance and due diligence.

13:30-13:45 Break

15 minutes energy break - enjoy!

13:45-14:45 Detect/Repond: Develop your capability to detect and respond to cyber attacks

Speakers: Magnus Sjöberg, Suresh Ramasuppu, Marcus Murray

Magnus Sjöberg Agenda TrueSec Cyber Security SummitSuresh Ramasuppu Speaker TrueSec

It is a matter of national concern that so few organizations have eyes on what happens in their networks and systems.

All organizations are vulnerable to serious computer intrusions in this highly networked world. It is impossible to prevent and stop all attacks when employees can open e-mail attachments from untrusted sources or when they can access webservers on the Internet from the same workstation computer that has access to internal systems with sensitive information. It is only a matter of time until a serious breach occurs.

But the speed with which an organization can detect and respond to an incident will limit the impact of an intrusion and lower the cost of recovery.

It is vital that organizations in the private sector as well as in the public sector understand that a modern information and IT security program must consist of a capability to detect and respond to cyber-attacks. This should be as natural as having a firewall or having a Service Desk!

Watch as TrueSec shows you how different types of attacks can be detected.

14:45-15:00 Coffee break

Fill up your energy reserves!

Coffee, tea, and something sweet is served during this last break.

15:00-16:00 Attack: Nation-state sponsored attacks! Advanced attacks and anti-detection techniques

Speakers: Fabio Viggiani, Kenneth Ljungqvist, Davide Girardi, Marcus Murray

Fabio Viggiani Agenda TrueSec Cyber Security Summit Kenneth Ljungqvist Agenda TrueSec Cyber Security SummitMarcus Murray Agenda TrueSec Cyber Security SummitDavide Girardi Agenda TrueSec Cyber Security SummitIs it possible to break into a highly secured environment? Nation-state level attackers have proven several times that by using advanced and sometimes unconventional methods they can not only break into any environment but also circumvent security monitoring to avoid detection.

This final session will demonstrate an advanced attack using stealthy techniques against a highly secure modern environment.

The Truesec attack team will share their real-world experience from both red team offensive projects and investigations of nation-state sponsored attacks targeting Swedish organizations.

16:00-16:15 Summary Keynote

15 minutes to sum up the event.

Thank you for attending!


All sessions are in English.

We love questions!

Raise your hand or tweet using #SecSummit

Cookie Information

We use cookies for this website to work properly for you.
By continuing navigate this website, you agree to this. Read our cookie policy here.