Predictions For Cyber Security in 2016

Dear readers,
TEAM: We are approaching the end of the year, so it is time to think

Editor-in-Chief: about the future and the year ahead. We are pleased to present
Joanna Kretowicz you our very special project created by joint forces of eForensics
joanna.kretowicz@eforensicsmag.com
and Hakin9 Magazines – “Predictions for cyber security in 2016”.
Editors:
This special edition was based on interviews with representatives
Marta Sienicka
sienicka.marta@hakin9.com of companies that had agreed to participate in our project.
We would like to give our most sincere thanks to all the partici-
Marta Strzelec
marta.strzelec@eforensicsmag.com pants of this project. You made this possible and without you
we wouldn’t be able to make this unique edition.
Marta Ziemianowicz
marta.ziemianowicz@eforensicamag.com Additional and very special thanks to the Proofreaders who
Senior Consultant/Publisher: helped with this issue. Your involvement and support of the
Paweł Marciniak creation of this magazine is invaluable. Thank you.
CEO:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com The cyber security field is evolving at a rapid pace, constantly
Marketing Director: changing and influencing our lives unnoticed. Will year 2016
Joanna Kretowicz be revolutionary for cyber security? How will recruitment in IT
joanna.kretowicz@eforensicsmag.com change, what new threats will appear in the new year, will
DTP: Internet of Things influence cyber community? In search of
Marta Strzelec answers to these questions, our guests went on an unexpected
marta.strzelec@eforensicsmag.com journey through thirteen different sections. Armed only with their
Cover design: own experience, they confront the most difficult questions
Marta Sienicka tormenting experts on cyber security.
sienicka.marta@hakin9.org
Art used on the cover by Jack Moreh Do you want to find out if they succeeded? Uncover secrets
Publisher of cyber security and prepare yourself to face new year! Read our
Software Press Sp. z o.o. new issue and get all the answers you were looking for!
02-676 Warszawa
As this is our last issue in 2015, we would like to thank all of our
ul. Postępu 17D
Phone: 1 917 338 3631 readers for their continuous support for both our projects.
Without you we wouldn’t be here, doing all this amazing work to
www.eforensicsmag.com
bring you the best content we can. We hope we will be able to be
www.hakin9.org
even better in 2016, and with that we wish you all the best in the
All trademarks, trade names, or logos coming year.
mentioned or used are the property of
their respective owners. Thank you for all the support.
The techniques described in our articles
may only be used in private, local ne-
tworks. The editors hold no responsibility eForensics and Hakin9 Teams
for misuse of the presented techniques or
consequent data loss.
t
Page
able of contents
Section Questions
6 Top 2015 events  What were the most important things that happened this year?
14 Recruitment  What will change in the talent pool?

 Will talent shortage in the industry continue to grow?
 What new challenges will recruiters have to face in 2016?
 What new challenges will people looking for work in cyber security have to face?
29 Training  What role will formal education play in 2016?

 Will certification keep its role as the main tool to confirm skill and expertise?
 Will we see a more unified standardization of education and skills?
 Will online courses influence the level of education in security field?
40 Threats  What threats that emerged in 2015 will remain relevant in the next year?
 Which threat group will see the biggest growth in 2016?
 Can you see any old and forgotten threat coming back in the next year?
 Will threat landscape be affected by international efforts to combat terrorism?
 Will cyber security in healthcare remain a relevant topic?
 Will security in automotive industry keep on causing trouble?
63 Mobile  Which mobile phone will be the most secure one?

 What kind of vulnerabilities will affect mobile phones in 2016?
 What security measures we should use to protect our mobile phones in the next
year?
 What risks will mobile industry face in 2016?
76 Internet of Things  Will IoT force the industry to change?

 What kind of challenges will IoT face in the next year?
 How will IoT influence cyber community?
 Will we see the security for IoT emerging along new IoT solutions, or will we have
to wait?
91 Tools of the trade  How will tools evolve in 2016?

 Will the trend to eliminate passwords continue?
 What new technology will make an impact on cyber security the most?
 What new trends will we see on threat intelligence?
www.hakin9.org www.eforensicsmag.com
t
Page
able of contents
Section Questions
100 Areas of security  What are your predictions for network security in 2016?
 What are your predictions for software security in 2016?
 What are your predictions for hardware security in 2016?
 What are your predictions for cloud security in 2016?
109 Industry  Will 2016 belong to start-ups or big cyber security corporations?
 Will cyber security events remain an important part of influencing the deve-
lopment of cyber community and companies?
 Will we see more state-level cooperation in 2016?
 In which industry will we observe the biggest demand for cyber security services?
 What do you think will change in the cyber security market in your country?
122 Cyber security awareness  Will the cyber community influence the level of cyber security awareness?
 How can we work towards improving cyber security awareness in 2016?
 What obstacle in awareness will remain unsolved?
 What role will awareness play in corporate cyber security?
133 Miscellaneous  Predictions for cybersecurity
140 Advice  What advice would you give to fellow cybersecurity professionals going into 2016?
143 Contributing companies
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Wade Johansen, CouriTech LLC: C&C Botnets go public - DorkBot and the like have become a business mod-
el; they cost only $50 to buy in • The Anthem and EBay hacks - along with Target, Home Depot, JP Morgan,
etc. • The implementation of private peer-to-peer social networking clouds with unbreakable encryption •
TOR has 5% or more of the exit nodes hacked and infiltrated by the NSA • VTechs hack - stealing children’s
identities. C`mon ? This will have consequences we can’t even measure yet.
Amit Serper, Cybereason: We’ve been seeing massive data breaches pretty consistently for the past few
years, so really, 2015 was just more of the same. However, if I had to pick specific breaches that stand out,
the ones that come to mind are, first and foremost, the Hacking Team breach • Aside from the irony of a
“surveillance” company getting hacked (and learning how lax their own internal security was), the fact that
State-of-the-Art hacking tools and several Zero Day attacks were released into the wild have and will con-
tinue to have long term consequences. One of the Zero Days effectively killed Flash, and of course, having
all these resources available for consumption lowered the (technical) skills bar for potential cyber criminals
to enter into the game • Next comes the Ashley Madison hack - aside from it being one of the highest pro-
file ransomware attacks, it shows the impact that a data breach can have on people's lives - suicides oc-
curred, jobs were lost, families and reputations were ruined. Most companies approach cyber security
from a cost-benefit perspective - is it cheaper to fix the security problem or deal with the fallout from it? In
this case, how do you quantify the damage done to Ashley Madison customers? Is that something you can
even attach a number to?
Mark Bennet, Blustor: The U.S. Office of Personnel Management (OPM) lost nearly 5.6 million fingerprint
records in a cyber security attack in 2015. While this event went largely unnoticed by the general public, it
highlighted the tremendous risks associated with biometric security when an individual’s biometric tem-
plates are not properly protected. For the unfortunate employees impacted by this incident, they can nev-
er replace their fingerprints • Just recently reaching the awareness of the mainstream media, hospitals and
medical device manufacturers are being shown to be woefully unprepared. A recent article in Bloomberg
Business, entitled “It’s Way Too Easy to Hack the Hospital”, is one of many articles emerging in recent
months that tells a rather bleak and frightening story related to the vulnerability of medical devices to re-
mote hacking. It is clear that there is a high potential for catastrophic incidences that are likely to result in
serious injury as well as large scale identity theft.
Paul Shomo, Guidance Software: RATs Ran Rampant: (Remote Access Trojans) evolved and proliferated to
the point that they were seen in forensic investigations of some of the most high-profile hacks of the year,
including the Office of Personnel Management (OPM).
-6-
C YBERSECURITY
2015 TOP EVENTS
Leon Kuperman, Zenedge: 2015 RSA Conference where we introduced ZENEDGE to the world •
www.newbingobilly.ag - longest running DDOS campaign that we are aware of, lasting for almost one year;
the attacker has failed at bringing down the site but continues to try on almost a daily basis • ZENEDGE in-
troduces RapidBGP, which allows for sub 60-second DDOS mitigation in the cloud for network protection •
ZENEDGE launches Toronto Mitigation center, the first large scale mitigation center in Canada for customer
adoption • Complex multi-vector attack by Armada Collective, hitting many companies with DDoS for ran-
som Bitcoin. Our customer was hit with seven attacks in a one day period in Q4, key shopping season in-
cluding: Chargen, UDP Flood, SSDP Amplification, NTP Amplification and Layer 7 application attacks. We
have now seen Armada Collective on five separate occasions.
Shay Zandani, Cytegic: The OPM breach – because of the consequences to its management and the fact
that it was a direct and public hit on a government entity • Anthem Breach (alongside Premera and Blue-
Cross Blue-Shield) – because of the scale of the attack and how it emphasized the forecasted trend of PII
and medical data theft • Ashley Madison Breach – because it is perhaps the most significant internal
breach since Snowden – it emphasized the importance of the internal threat • The “Cyber-War” between
Iran and Saudi-Arabia over Yemen – because it showed very clearly the correlation between physical wars
and cyber wars, and the mobilization of hackers to support their governments • The US Military Kills the
ISIS Hacker and Recruiter that Attacked Them – because it emphasized the fact that cyber-warriors are val-
id targets for physical attacks and that they are an integral part of the war.
Mitchell Bezzina, Guidance Software: The Human Perimeter Remained Too Permeable: Human error opens
more doors to hackers than technical shortcomings. Whether clicking on a phishing email, failing to install
security patches on a regular basis, or leaving a laptop with patient healthcare records in a place where it
can be easily stolen, humans regularly hand over the keys to the data kingdom—or leave them lying
around where they can be readily obtained • Following suit is Australia, releasing a draft of the Privacy
Amendment (Notification of Serious Data Breaches) Bill 2015 in December that affects any domestic or for-
eign organization that deals directly with Australian consumers
Richard De Vere, The AntiSocial Engineer: The TalkTalk Breach! (and discovering it) helped place cyber se-
curity on the radar for the average person. Infosec left the boardrooms and had free reign of the TV • Old
issues making a comeback - Crossdomain Abuse, SQLi • BSIDES in London was my favourite event/con •
Software - The release of Kali 2.0 hasn’t changed the world but it’s nice to see the GUI updates • SE-
TOOLKIT - Mr Robot Edition (In fact, Mr Robot was the highlight of my year).
-7-
C YBERSECURITY
2015 TOP EVENTS
Irfan Shakeel, EH Academy: Helped more Nick Prescot, ZeroDayLab: Talk Talk breach –
than 3000 people to become effective com- an obvious choice, but perhaps more than
puter forensics examiners; training, certifica- any other • Safe Harbour re-alignment • EU
tion and relationship with the industry have General Data Protection Regulation • Ashley
been provided to them. Madison (mainly for the impact) • Sony Pic-
tures.
Rajeev Chauhan, Cyber Oxen: Sony Hack and

Retaliation • OPG Hack • Cryptolocker mal- BroadTech Security Team: A bit difficult to
ware • Identity Theft • Cyber Espionage. limit to five. Google Deceptively Tracks Stu-
dents’ Internet Browsing • Pentagon Cyber
Attack • Kaspersky Security Breach • Hacking
Team Breach • $1 Billion theft from banks •
Dennis Chow, Millar, Inc : Blue Cross Blue Ship Data Records Vulnerability • Kaspersky,
Shield Anthem Data Breach • New Cyber McAfee, AVG vulnerabilities • Industrial Sys-
Threat Intelligence initiatives • WITCHCOV- tem Control Gateway vulnerabilities.
EN Campaign • Remote Jeep Hack • FTC en-
forcement of Cyber Security to companies.
David Clarke, VCiso: Talk Talk Breach • Ran-

somware • School Breaches • Mobile Vul-
Francisco Amato, Infobyte: ekoparty • nerabilities • Mobile Security.
troopers • kiwicon • shakacon • chaos com-
munication congress.
Stephan Conradin: Theft of sensitive data •

Privacy concerns with Windows 10.
Amber Schroader, Paraben Corporation: En-
Fuse 2016 • PFIC 2016 • Techno • HTCIA
2016.
Paul Hoffman, Logical Operations: Two Steps

Ahead - Rochester. December 8th, 2015 •
Przemek (Shem) Radzikowski, Secbüro: Labs: ISSA Conference, October 2015 • Dispelled
Ashley Madison Hack • Black Hat USA • First Rumor of MAC OS being safe, as it account-
400+ Gbps NTP reflection DDoS attack • ed for the largest proportion of vulnerabili-
APT28 • TalkTalk hack by 15yo. ties in first quarter 2015 • The State Dept. is
breached by Russian hackers.
-8-
C YBERSECURITY
2015 TOP EVENTS
Roberto Langdon, Nicolas Orlandini, KPMG: As part of our Security Services to customers, we were dealing
with networks with unappropriated protection, the Internet of Things is leaving really black holes in the
information management and information gathering, people working so far from the existing standards
such as ISO 27001 and ISO 27002 mainly, and the lack of security awareness implemented as a continuous
process inside the organizations. Most of them are still reactive instead of being preventive. And most of
them know nothing about ISO 270037 • Technology considerably helped the business and mainly the users
interacting with it, and as one of the key issues is privacy, it is almost more frequent to find ethics codes
violation and frauds carried out by people who understand that the digital equipment that they use can
“protect” them against these types of investigations. Neither workstations nor smartphones are outside
the scope of investigations, and they have key valuable information. • Increase in amount and depth of
data breaches • Dark web, Mobile forensic, data encryption and IoT as challenges for forensic teams •
Cloud data collections • Black-Hat 2015 Las Vegas • Lack of Cyber Security/Cyber Forensic Investigators
personnel.
Craig McDonald, MailGuard: Anthem. In March, this health insurance company suffered an attack that
compromised 78.8 million customers’ records from December 2014 onwards. Data affected: names, dates
of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employ-
ment information, including income data. The data was not encrypted, according to reports • Although
smaller than the Anthem attack, the attack on 21.5 million records in the database of the US Office of Per-
sonnel Management (OPM) is significant because of the type of data accessed – personal information,
background checks, names and addresses and a million fingerprints of US Government employees. It is be-
lieved that Chinese hackers were responsible • UK telecom company, TalkTalk, suffered an attack that com-
promised four million records, estimated to be the seventh largest attack (to September 2015), apparently
through a third party call centre in India • Australian Bureau of Meteorology breach reported publicly in
December this year. There is no clear picture yet how much the breach will cost to fix or how long it will
take – but insiders estimate years and hundreds of millions of dollars. And the critical nature of the bu-
reau's services means its systems cannot be switched off for repair.
Michael A. Goedeker, Auxilium Cyber Security: OPM Breach • DEASH (ISIL-whatever) using social media for
targeting soldiers • Ukraine Hacks (our story on the „Fire Sale” hack) • The fight for balancing surveillance
and privacy • The Beginning of IoT as mainstream (and additional security holes and lack of it) • Increasing
vulnerabilities and attacks on global and national critical infrastructure
-9-
C YBERSECURITY
2015 TOP EVENTS
Rick Blaisdell: Kaspersky Lab revealed in June that it had discovered an infiltration in several of its internal
systems. The attack, also named Duqu 2.0, was believed to be a nation-state-sponsored attack, whose oth-
er victims included events and venues with links to world power meetings, including negotiations for an
Iran nuclear deal. The Moscow-based security vendor said the compromise included information on the
company's newest technologies, such as Kaspersky’s Secure Operating System, Kaspersky Fraud Preven-
tion, Kaspersky Security Network and Anti-APT solutions and services • LastPass got hacked - LastPass is a
very well known provider of cloud-based single sign-on and password manager. Enterprise administrators
around the globe use it to manage and secure passwords across their infrastructure. However, in June,
LastPass CEO Joe Siegrist admitted in a blog post that a network compromise resulted in the theft of cus-
tomer email addresses and password reminders. Even though the passwords were encrypted, and there
was no evidence of customer data being exposed, LastPass required all customers to change their master
passwords the next time they logged in • Pentagon failed to offer small firms cyber security resources - The
US Department of Defense (DOD)’s Office of Small Business Programs (OSBP) has failed to offer cyber secu-
rity options to protect the companies it does business with, according to a report from the US Government
Accountability Office (GAO). Small businesses, including those that conduct business with DOD, are vulner-
able to cyber threats and may have fewer resources, such as robust cyber security systems, than larger
businesses to counter cyber threats • The breach at Harvard University, following in the footsteps of eight
other education breaches this year, highlighted growing security concerns around the higher-education
market. The breach affected as many as eight schools and administrative offices, though it remains unclear
what information was accessed by the hackers • When it comes to the health-care industry, health insurer
Anthem revealed a breach in February that exposed an astonishing 80 million patient and employee rec-
ords. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have
exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email
addresses, employment information, income data and more. It said it did not believe banking information
was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by
hackers.
Kenneth C. Citarella, Guidepost Solutions: In no particular order, we cite these as the most significant cyber
security events in 2015: The Office of Personnel Management intrusion • Cyber security talks between the
U.S. and China, including China’s arrest of several men alleged to have intruded into U.S.-based systems at
the request of the U.S. government • The Third Circuit Court of Appeals upholding the authority of the Fed-
eral Trade Commission to sue over cyber security failures under its consumer protection powers. A compa-
ny may be engaged in an unfair trade practice if it does not live up to its cyber security promises • The be-
ginning of regulatory efforts to mandate cyber security standards in certain industries • Known weaknesses
and poor security habits continue to be major attack vectors.
- 10 -
C YBERSECURITY
2015 TOP EVENTS
Anthony Di Bello, Guidance Software: Breaches Abounded: Almost 90 million healthcare records were
breached causing $272 million worth of losses to leading United States healthcare organizations. The les-
son learned is that healthcare records are extremely valuable to cybercriminals • Emergence of Endpoint
Detection and Response (EDR) security technology category — while technologies focused on providing
security visibility and incident response capabilities for endpoint have existed for some time, 2015 marked
a critical mass in both the need for and emergence of several start-up technologies focused on these capa-
bilities. These vendors span established EDR players, such as Guidance Software, legacy security vendors
coming into the space through acquisition, such as Palo Alto, and start up technologies, such as Cylance.
These offerings fill a critical gap at the endpoint left by older technologies, such as anti-virus and host-
based IPS • Data Notification Requirements – The US Government began the first steps in creating one Fed-
eral breach notification law with the Data Security and Breach Notification Act of 2015 which received both
public backing and some initial opposition. The US is not alone, the EU Council found common ground with
Members of the European Parliament and put an end to fragmented requirements for minimum security
measures and breach notification requirements across critical service organizations in resources, transport,
finance, and health. This comes after the heavily publicized advancements in the EU General Data Protec-
tion Regulation to enhance data protection rights of EU consumers for any organization, worldwide, storing
personal data.
David Coallier, Barricade: VTech's data leak • Ashley Madison's data leak • The iCloud leak • The rise of the
internet of things and the internet of vulnerabilities • Ransomware and boot kits.
There were plenty more very important leaks, during this last year. What we find interesting is most of the
attacks fall into common categories, such as people still using insecure passwords and executives that do
not understand the current technological landscape.
The rise of ransomware and their exponential growth is interesting as it allows us to witness the evolution
of computer viruses and criminal groups in near real-time. A new player in town, the boot kit, is promising
an interesting turn of events for 2016 • Meanwhile, the Internet of Things is left very vulnerable because
efficiency and simplicity of use took priority over security, leaving a lot of early and late majority of the tech
adopters at risk. The so-called advanced persistent threat is still the industry's poster child and as state-
sponsored attacks and cyber-espionage grows, we'll probably keep hearing a lot about APT in the next year
alongside it's lack of security workforce.
- 11 -
C YBERSECURITY
2015 TOP EVENTS
Wade Lovell, Simpatic: Revenge Porn – Hunter Moore “who operated the Internet’s best-known ‘revenge
porn’ website was sentenced to 30 months in federal prison for hiring another man to hack into e-mail ac-
counts to steal nude photos that were later posted on his website.” This seems a little like sentencing Al
Capone on tax evasion charges, satisfying but incomplete link • Angler is an extremely capable and readily
available exploit kit used by criminals to run choice cuts of the latest Flash, Java, and browser exploits tar-
geting un-patched users. Hackers add exploit kit to article asking 'Is cyber crime out of control? “Hackers
have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the
machines of exposed readers. The attack firmly answers the article's headline, positing the question 'is cy-
bercrime out of control', based on arguments in a book by one Misha Glenny.” link • VTech Breach – ac-
counts of 2.9 million kids hacked. This is the type of hack no one seems to talk about because it doesn’t
directly involve credit card and social security numbers • Georgia’s Secretary of State released confidential
information to a dozen entities on 6 million Georgia voters, including driver’s license information, Social
Security numbers and dates of birth, and didn’t notify anyone, according to a lawsuit. “The Georgia Secre-
tary of State, Brian Kemp’s office is being sued by two Georgia women who claim that the Secretary's office
released personal information that involves 6 million Georgia voters. Mr. Kemp’s office has communicated
that … due to what they are calling a "clerical" error, individual voters personal information was included in
these files… According to the lawsuit, Mr. Kemp’s office never notified individuals regarding the breach,
nor did they contact the consumer reporting agencies.” link • Organized Criminal Hackers stealing $1 billion
directly from banks. “… a gang of international hackers have stolen as much as $1 billion from 100 banks
across 30 countries by installing malware that allowed them to take control of the banks' internal opera-
tions link.
Gerald Peng, Mocato: Anonymous taking down ISIS social media profiles, November - December 2015 •
Ashley Madison hack, July - August 2015 • In June 2015, US Office of Personnel Management (OPM) discov-
ered that the background investigation records of current, former, and prospective Federal employees and
contractors had been stolen. OPM and the interagency incident response team have concluded with high
confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individu-
als, was stolen from the background investigation databases • Stagefright Bug (all versions) for Android
phones, July 2015 • International Conference on Cybersecurity, January 5 - 8, 2015, New York City, NY,
United States.
- 12 -
W HO IS
WHO
Amit Serper Michael A. Goedeker
Cybereason Lead Mac OS X security Auxilium Cyber Security
researcher CEO and Founder
Amit is an Information security re- I am passionate about technology,

searcher specializing in embedded teaching and people! My interests,
Linux devices. His role at Cyberea- passion and research includes:
son is to develop novel methodolo- Cyber Security, Operations, Lea-
gies for identifying complex hac- dership and Training up to DoD/Mil
king operations. For over a decade level (includes every aspect of IT).
he led security projects for a Author and researcher at the front
government agency in Israel, spe- end of Cyber Warfare, Espionage
cializing in the security of embed- and Crime, researching in Acade-
ded systems. Amit is known as for mia, Press and Security Professio-
his "out of the box" thinking and is nals Globally. Entrepreneur with
renown for his shell popping abili- solid operations and financial bac-
ties on embedded devices such as kground. Easy to work with, people
routers, IP cameras and even home person that sees talent, develops it
irrigation systems. He has won and can establish rapport with al-
several Blackhat pen-testing chal- most anyone.
lenges.
Irfan Shakeel
EH Academy
CEO and Founder
The founder & CEO of ehacking

group. An engineer, penetration
Richard De Vere tester and a security researcher.
The AntiSocial Engineer Ltd, He specializes in Network, VoIP
Principal Consultant Penetration testing and digital fo-
rensics. With more than 7 years of
Richard is the Principal Consultant for The AntiSocial professional work experience, he is
Engineer Ltd, has an extensive background in penetra- creating new Infosec ventures and
tion testing and social engineering, including businesses around the globe.
„red team” exercises and information gathering assess-
ments.
- 13 -
R ECRUITMENT
What will change in the talent pool?
Richard De Vere,The AntiSocial Engineer: Kris Rides, Tiro Security: I think we will see
As more and more people fill the shortage larger companies moving internally / hi-
we have across the world for well trained ring people in alternative IT positions and
and experienced security vendors and cross training them into Security. So
testers, we will start to see the number of expect to see hiring of Infrastructure and
inexperienced testers rise. Development staff to increase further.
Michael A. Goedeker, Auxilium Cyber Se- Chase Cunningham, Cynja: Unfortunately,

curity: Skills needed and the way we look nothing. There will continue to be a vast
for people for „cyber” security space. Cy- lack of resources with respect to real cy-
ber security is dynamic, so we are looking ber security operations personnel. This
for people that can think outside the box will continue for at least the next five ye-
and make complex things simple. ars, probably much longer.
That’s why it’s important to encourage
kids to be safe online and learn about
technology. My hope is that if we start
Elizabeth Houser, Praesidio: As more peo- inspiring kids to join us in fighting the cri-
ple become aware of the ongoing trends minals online, that shortage will be non-
in cybersecurity and the increasing existent by the time our kids move out of
opportunities the industry offers, we’ll see the house. Looking 20 years down the
an uptick in people desiring a career shift. road, if one person says to me they chose
This will especially become noticeable as cybersecurity as a profession because of
expansion of the IoT requires input from me, then mission accomplished.
experts in other fields.
Dennis Chow, Millar, Inc: There will be

Wade Johansen, CouriTech LLC: Virtualiza- increased requirements for new skills to
tion skills and multitasking abilities are help defend against modern attackers.
(and will continue to be) a „must-have” Certifications and skills considered
talent. The days of specialization in one ‘advanced’ now will soon become stan-
service domain alone seem to be rapidly dard in the future, such as malware rever-
coming to an end. Mobile device manage- se engineering and exploit creation capa-
ment and maintenance is also a skill every bilities.
tech should start getting familiar with.
- 14 -
R ECRUITMENT
Rick Blaisdell: The increasing volume and Roberto Langdon, Nicolas Orlandini,
detail of information captured by enter- KPMG: There is a shortage of professio-
prises, the rise of multimedia, social me- nals who can meet the specific require-
dia, and the Internet of Things will fuel ments to be an investigator. This will
exponential growth in data for the forese- require professional knowledge about
eable future. At the same time, the rising networking, security, IT infrastructure,
demand for data scientists and the resul- plus “life” experience. And all of the
ting pressure on the analytics labor mar- above, under strictest ethical codes and
ket is increasing the need for analytics confidentiality. A forensic investigator
talent as more companies with more data must be hungry for investigation.
to sift through discover they are trying to In order to build qualified professionals, it
hire the same workers. is required to make more disclosures and
training courses to motivate the IT securi-
ty professionals to enter in this amazing
world.
Mayur Agnihotri: Talent pool constrained
on cyber security recruitment as cyber
security (Information Security) budgets
expand rapidly. “Cyber security Przemek (Shem) Radzikowski, Secbüro
(Information Security) industry is facing a Labs: Given the immediate requirement
new threat: hiring” - Worldwide situation. for cyber security professionals, many
Company faces cyber security people will try to reskill and transfer from
(information security) talent costs more their existing professions to fill the gap.
than other IT positions.
Julie Herold, Kenny Herold-Odin’s Eye:

Andrew Bagrin, My Digital Shield: There is Colleges are recognizing the value of IT
already a lot of very average security ta- Security Professionals; eventually we will
lent in the industry and very few great see a drastic increase in the number of
talent. We are running this industry so- qualified personnel. Although there is a
mewhat handicapped. I predict it will only strong belief that acclimation to this type
get worse as more talent is desperately of profession in the field, it is worrisome
needed and great talent is very hard to at best.
find.
- 15 -
R ECRUITMENT
Paul Hoffman, Logical Operations: As bre- Paul Shomo, Guidance Software: Talent
aches get more serious, companies will availability will increase, but be outwe-
start to pay more for skilled people. ighed by demand. Closely related careers,
like computer forensic examiners and ne-
twork specialists, will seek opportunities
in Security as methodology, concepts and
Wade Lovell, Simpatic: Some undergradu- practices are closely related, however,
ate programs have picked up the baton they will require in-depth training and
and are offering an emphasis in cyber se- time to gather experience. We’ve seen
curity. As students matriculate from these this in other high velocity emerging mar-
programs, the talent pool will increase at kets and cyber security is still three to six
a pace slightly ahead of the churn rate. years away from having a “normal” ratio
of availability vs demand.
Mitchell Bezzina, Guidance Software: In-

formation security leaders will begin to Dotan Bar Noy, Re-Sec Technologies: Cy-
see a new generation of fully mobile wor- bersecurity workforce shortage is expec-
kers coming into the workplace who have ted to reach 1.5 million by 2019 according
an instinctive understanding of privacy to Michael Brown, Symantec CEO. While
issues because of social-media hacks and the growth in the need for talented
problems they’ve all encountered, but experts in all sectors will drive an increase
who are not used to being restricted in in professionals in the long run, we are
their practices within large organizations. still going to struggle in the next few ye-
ars.
Einaras Gravrock, Cujo: The demand will

continue to outstretch the supply. An in- Amit Serper, Cybereason: In 2016, the
creasing number of IT specialists will re- shortage of skilled security pros will result
purpose themselves to fit the demand. in a more diverse workforce.
David Clarke, VCiso: Audit will take a hi- BroadTech Security Team: More people
gher priority as more and more cyber se- are going to go after certification rather
rvices are outsourced. than acquiring necessary knowledge and
skill in hyped up technologies, especially.
- 16 -
R ECRUITMENT
Anthony Di Bello, Guidance Software:

Vendors and industry experts need to
support the efforts of universities to crea-
te and deliver the required curriculum for
success in the ever-changing information
security landscape. Through the provisio-
ning of software, assistance in curriculum
development, and support through indu-
stry events and competitions the commu-
nity can give back, and help create the
next generation of infosec pros.
Ondrej Krehel, LIFARS: More talented

people, as well as people going for the
name. Overall, I see a dilution in talent as
companies do not want to spend money
on good resources.
Stephan Conradin: Security becomes mo-

re complex because business and techno-
logies change very fast, so real talent pool
will become shorter.
Nick Prescot, ZeroDayLab: Existing consul-

tants • New consultants will start on a
different track-level, following the new
known trends and identifying others in
the emerging world of Internet of Things.
- 17 -
R ECRUITMENT
Will talent shortage in the industry
continue to grow?
Michael A. Goedeker, Auxilium Cyber Se- Elizabeth Houser, Praesidio: Absolutely.

curity: I don’t see a talent shortage, just The field is experiencing the same person-
prices being ruined by big companies that nel shortage as the medical industry con-
overcharge for bad work. This does not tinues to face. Not only is there limited
allow smaller companies to earn enough space in training programs but disparity
to attract good people because for some also exists in the quality of these pro-
illogical reason, customers „trust” big na- grams. Also, a disconnect remains betwe-
mes without verifying them (bad for secu- en what IT managers need and what HR is
rity in general). requiring in job candidates.
Richard De Vere,The AntiSocial Engineer: I Kris Rides, Tiro Security: I think we will see
think for the foreseeable future we will an increase in requirements and if the
not meet the demand for information se- industry doesn’t make changes to how it
curity professionals. The need for these is currently recruiting, then the shortage
testers is clearly documented with global will grow.
rises in cyber crime but we have been
slow with training, especially in youth sec-
tors.
Wade Johansen, CouriTech LLC : Yes! Re-
cruitment is starting early because there
aren’t enough coders to go around, so
Irfan Shakeel, EH Academy: The shortage schools that offer it are seeing benefits for
of skillful people will increase, because their students.Unfortunately, there is a
the community failed to produce skillful shortage of strong teachers, so this is cau-
professionals. Organizations are lacking in sing a shortage of classes, and students.
terms of training & development pro- This is the case with a lot of technology
grams. It will have a direct impact on se- fields and not just coding.
curity; we will witness the rise of hacking
attacks.
Dennis Chow, Millar, Inc: Yes, even with

new talent graduating with new Informa-
Einaras Gravrock, Cujo: Yes, absolutely. tion Security focused degrees; many will
Given that inventory is growing by multi- lack the skills and experience that posi-
digit CAGR, it will take a business cycle for tions are in demand will need.
the supply to meet the new demand.
- 18 -
R ECRUITMENT
continue to grow?
Francisco Amato, Infobyte: I personally Przemek (Shem) Radzikowski, Secbüro

think that there is always talent floating Labs: For the foreseeable future, the ta-
around, but companies need to go out lent shortage will continue to grow for
and find talented people in different envi- another two to three years (the average
ronments, not just in traditional places. length of an undergraduate degree). Un-
There are a lot of capable people, but it is fortunately, the ripple effect from the
necessary to properly promote and nurtu- shortage may persist for a longer period
re them. One interesting way to find yo- while professionals gain industry expe-
ung blood is with competitions or challen- rience.
ges like CTFs, which are done in different
events worldwide. Also, the rise of the
hackerspace movement for me is an ideal
training ground to find people with a lot Mayur Agnihotri: Yes, talent shortage in
of skills. Of course, one of the biggest the industry continues to grow, demand is
things for these kinds of people is keeping high and supply is low. Companies needs
them motivated. If IT sec professionals are to attract and retain cyber security talent.
only in it for the money and are not really Some elements for attract and retain cy-
passionate about what they are doing, ber security talent • Provide training for
they probably are going to find it hard to staff on emerging technology • Companies
stand out in an intelligent and talented must participate in different events, like
industry where you have extremely bright hackathons and open-source community
people (who love what they are doing) platforms • Companies must collaborate
and these passionate people are the ones with universities / colleges in emerging
that are always going to be a step ahead. technology, as well as cyber security ta-
lent.
Anthony Di Bello, Guidance Software: The

talent shortage is expected to grow unless Mitchell Bezzina, Guidance Software: Yes,
a top-down effort is made to create and due to the demand generated by the unu-
stimulate interest in information security sual amount of potential business risk as-
fields early on in a student’s education. sociated with failed cyber security practi-
ces, the proliferation of media attention,
and time it takes to train security specia-
lists. The talent shortage will continue
David Clarke, VCiso: Yes, almost certainly, until the emergence of the next genera-
as more and more skills other than cyber tion of qualified cyber security specialists.
technical skills are required.
- 19 -
R ECRUITMENT
continue to grow?
Andrew Bagrin, My Digital Shield: Great Stephan Conradin: Of course. More com-
talent shortage will, but we will see a plexity, more needs, fewer people with
bunch of new people in the industry. The- wide knowledge.
re are schools now trying to get people in
the industry.
Amit Serper, Cybereason: Yes, but will be

offset by better and more automated
Dotan Bar Noy, Re-Sec Technologies: Yes, tools.
in the short term we will still have a talent
shortage, and even more important is
attracting the exceptional experts that are
becoming very rare. Rick Blaisdell: Unfortunately, yes. More
than 209,000 cybersecurity jobs in the
U.S. are unfilled, and postings are up 74%
over the past five years, according to a
Paul Hoffman, Logical Operations: Yes, Peninsula Press (a project of the Stanford
there will be a shortage for three to five University Journalism Program) analysis of
more years, as people are trained in the numbers from the Bureau of Labor Stati-
industry. stics. The demand for information security
professionals is expected to grow by 53
percent through 2018. According to
a recent report from the job board Dice,
BroadTech Security Team: There will be a the demand for the (cybersecurity)
shortage of usable people. Talent alone is workforce is expected to rise to 6 million
not enough. Skill and Experience are also (globally) by 2019, with a projected
needed, which needs time to be acquired. shortfall of 1.5 million.
Technology disruption and information
overload is happening in such a rapid rate At the same time, according to a 451 Re-
that time needed to understand, assimila- search recent study, based on responses
te, gain skill and experience is getting from more than 1,000 IT professionals,
even more limited. primarily in North America and EMEA,
security managers reported significant
obstacles in implementing desired securi-
ty projects due to lack of staff expertise
Ondrej Krehel, LIFARS: I believe so. Until (34.5%) and inadequate staffing (26.4%).
companies become aware they need ta- Given this challenge, only 24% of enterpri-
lent and reward it, I believe people may ses have 24×7 monitoring in place using
not want to enter the field. internal resources.
- 20 -
R ECRUITMENT
continue to grow?
Wade Lovell, Simpatic: Yes, while the ta-

lent pool is expanding slightly ahead of
the churn rate, the demand continues to
grow.
Nick Prescot, ZeroDayLab: It depends

what talent you’re looking for. Informa-
tion Security continues to be both.
- 21 -
R ECRUITMENT
What new challenges will recruiters
have to face in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Kris Rides, Tiro Security: Larger companies
curity: Becoming more knowledgeable in will look to hire more niche candidates as
what makes a successful „cyber” security they break down their teams into further
person. Understanding exactly what the specialties. This will mean your average
value of certs and experience is. Paying generalist IT agency will find it tougher to
the right money for demanded positions fill these people as they will need to be
instead of pushing them down. focused 100% in this area to build rela-
tionships. Medium sized businesses will
continue to have to a lot of competition
with companies for their Security peo-
Richard De Vere, The AntiSocial Engineer: ple. They will need to show the kind of
I think sorting the good from the bad will flexibility on job requirements and bene-
be harder than ever over the next year. fits to really differentiate themselves and
Recruiters have to step up their game and allow recruiters to fill their most urgent
rely more on personal bonds and careful requirements. Recruitment companies
research of their candidates and not just will find it even tougher to supply contrac-
point and click recruiting. tors in Cyber Security. High permanent
salaries and the kind of benefits these
people will be offered, matched with (at
least in the US) the high cost of healthcare
Irfan Shakeel, EH Academy: The recruiters mean the benefits of being a contractor
will get confused because of the formal will no longer be worth the risk.
education, infosec certifications without
any central governance body and the
skills. The recruiters have to develop a
methodology to capture the right candi- Wade Johansen, CouriTech LLC: There is a
date based on the skills, rather than a pie- large pool of jobs and many of them just
ce of paper. don’t pay enough, particularly the
Government sectors. There are not
enough highly skilled workers to meet the
demand and private industry pays far
Dennis Chow, Millar, Inc Short: Being able better. Unfortunately, having a good be-
to distinguish ‘paper certified’ professio- nefits plan isn’t enough now - workers
nals compared to ones with true hands-on want work at home VPN options, higher
experience that happen to have those salaries and employers that provide ongo-
same certifications. ing training benefits and perks.
- 22 -
R ECRUITMENT
Chase Cunningham, Cynja: The continued Ondrej Krehel, LIFARS: They will have to
lack of talent will increase the demand for deal with larger pools of applicants and
real cyber operators and the starting sala- finding talent among them.
ries for those individuals will continue to
rise. The men and women who are co-
ming out of the military and intelligence
communities will have their pick of priva- Stephan Conradin: First; they should see
te sector jobs and roles and recruiters will and understand this growing complexity.
have to outbid each other to win those Second: they have to reintroduce good
candidates. sense when finding talent, not only check
for some words in CV.
Amit Serper, Cybereason: Having to find

the right soft skills, which will be just as Paul Hoffman, Logical Operations: Diffe-
important as the right technical skills. rentiating between actually skilled wor-
kers and ones with puffed-up resumes,
but they may not care as anyone willing to
fight cyber attackers is better than no one.
Rajeev Chauhan: The vanishing line be-
tween ethical and unethical behavior in
the infosec community will be a matter of
growing concern. Wade Lovell, Simpatic: A growing percen-
tage of entrants into the security talent
pool will have absolutely no relevant job
experience.
Mayur Agnihotri : Nothing new recruiters
fail to attract and retain cyber security
talent.
Andrew Bagrin, My Digital Shield: Separa-
ting the true talent from the rest.
Przemek (Shem) Radzikowski, Secbüro

Labs: Recruiters will find it tough to sift
through a torrent of opportunistic but Nick Prescot, ZeroDayLab: Availability of
relatively unskilled candidates who want experienced consultants because none of
to jump aboard the rise in pay comman- them are available.
ded by quality security experts.
- 23 -
R ECRUITMENT
Anthony Di Bello, Guidance Software: A Dotan Bar Noy, Re-Sec Technologies:

lack of practical experience. While educa- Costs of talents will continue to increase
tion certainly provides an understanding as demand is high and companies are re-
of systems and how to secure them, all cruiting less experienced talents and will
bets are off when they experience their need to invest in training etc. According to
first live cyber-attack. a recent report from DICE, a leading IT job
board, the top five IT security salaries are:
No. 1 – lead software security engineer at
$233,333; No. 2 – chief security officer at
Mitchell Bezzina, Guidance Software: Tho- $225,000; No. 3 – global information se-
se looking to place experienced cyber security director at $200,000; No. 4 – chief
curity specialists will find it difficult mo- information security officer at $192,500;
ving an individual into a new organization and No. 5 – director of security at
with career development or ancillary be- $178,333.
nefits being part of the decision process.
It may well be easier to relocate teams
who have an understanding of each other
and efficient workflows. When looking to BroadTech Security Team: I cannot say for
place candidates transitioning into cyber- large companies. Startups like ours take
security as a solution to talent shortage, a freshers guide and train them.
more rigorous culling process will need to
be defined to ensure there is a great
rapport between manager and the new
candidate, this ensures a faster, more suc- David Clarke, VCiso: Recruitment is a vul-
cessful transition. nerable 3rd party and they will need to
apply cyber standards, as well as find the
appropriate resources.
Elizabeth Houser, Praesidio: The realities

of the field versus how popular culture
continues to influence the perception of Rick Blaisdell: The need for more cyber-
cybersecurity will continue to be an issue. workers also explains why info security is
CSI:Cyber isn’t likely to have the same considered one of the best jobs out there
impact on job candidates to the extent - for the next seven years. U.S. News and
the CSI effect has impacted average citi- World Report ranked a career in informa-
zens but there will be a definite ripple, tion security analysis eighth on its list of
regardless of size. the 100 best jobs for 2015. They state the
profession is growing at a rate of 36.5 per-
cent through 2022.
- 24 -
R ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
Michael A. Goedeker, Auxilium Cyber Se- Przemek (Shem) Radzikowski, Secbüro

curity: Payment expectations vs. reality. Labs: There is no substitute for experien-
Either you get more money working for a ce. Be prepared to work hard and learn
big company that likely uses you up, or fast because the security ecosystem is
you work for a startup and gain experien- changing far more quickly than other sec-
ce and knowledge to grow. Become life- tors.
long learners or look for another job.
Kris Rides, Tiro Security: It will still be

Richard De Vere,The AntiSocial Engineer: tough to stand out from the crowd, ad-
People new to the industry or people loo- verts will attract the masses meaning a
king to find that new role will have to good quality experienced candidates resu-
strengthen their knowledge of computing me will be in the middle of a pile of peo-
in general and not rely so heavily on auto- ple trying to move into cyber security.
mated tools. Expect to see plenty of counter offers, it’s
not a new challenge but there will be a
distinct rise so it’s important to ensure
you have tried your utmost to get the
Irfan Shakeel, EH Academy: The hiring changes you require in your current job
criteria, people are more likely to get con- before you start your search. If it takes
fused and they will focus on gaining the you to get another job before they give
certifications rather studying and practi- you what you are looking for, you are
cing. This will get them hired but at the working for the wrong company.
end, the organization will suffer the con- It will also be important for candidates to
sequences. weigh all the benefits of job offers, expect
to see some good salary increases but
remember, there is a lot more to a job
than that. As Richard Branson was recen-
Amit Serper, Cybereason: Not only are tly quoted, “Time is the new money.”
threats and the external landscape chan-
ging, but given the rate of technology in-
novation, security teams need to rethink
how they structure their processes and Anthony Di Bello, Guidance Software: Cer-
activities because perimeter based appro- tainly not a lack of competition in the job
aches are obsolete, and penetration is market.
inevitable.
- 25 -
R ECRUITMENT
Andrew Bagrin, My Digital Shield: How to Dotan Bar Noy, Re-Sec Technologies: For
defend against the new threats, how to the next few years not much. They need
simplify and at the same time reduce cost. to keep up-to-date with industry deve-
We can’t continuously keep spending mo- lopment and solutions.
re and more money on security.
Julie Herold, Kenny Herold, Odin’s Eye: Paul Hoffman, Logical Operations: It is not
Eventually a shortage of jobs and decli- new, but on-going; it is defending against
ning wages; cookie cutter vulnerability those things that you don’t know. Redu-
assessments and penetration testing cing risk and exposure in areas that are
(which really isn’t penetration testing). unknown. Hackers are constantly looking
We refer to it as hitting the big green “go” for new ways to breach security and com-
button with automated web application panies are just trying to patch those
or vulnerability scanning tools and remo- known areas.
ving false positives and calling it a pene-
tration test. As a result of this stance
from most IT Security companies, there
will be a lack of opportunities to grow in Wade Lovell, Simpatic: Entrants will likely
this space with breadth and depth of find themselves in the security silo witho-
knowledge and offering additional value ut many non-entrepreneurial opportuni-
to engagements. ties to move to other parts of engineering
and development.
Stephan Conradin: They must open their

eyes and have great interest on what BroadTech Security Team: There are so
happens just in left or right of them. We many tools and using them is very easy.
could not have only one specialization, we But understanding the underlying techno-
must have several and/or have a generali- logy is something lacking in people even
stic view. with certifications. People will need to
have more than certification if they need
to get work. People who do not have cer-
tification will have to show their experien-
Ondrej Krehel, LIFARS: New threats and ce and credibility in some tangible way.
budgetary challenges as technology emer-
ges.
- 26 -
R ECRUITMENT
Nick Prescot, ZeroDayLab: The balance of Mitchell Bezzina, Guidance Software: Pro-
qualifications vs. experience. There are ving their skillset can easily transition into
many consultants who are experienced cybersecurity would be the main challen-
but don’t have the level of qualifications ge. For those in developing careers, there
and others who are well qualified but will be a steep learning curve which may
don’t have the experience. involve odd hours and be prepared to
“roll up the sleeves”, as with growing in-
dustries, managers rarely manage people
but must also take on work tasks and as-
David Clarke, VCiso: A Cyber Role is a jour- sist in day-to-day activities.
ney and the role has to match where the
client is their cyber maturity and position
it no longer a “finger in the leaking dyke”.
Dennis Chow, Millar, Inc Short: The pro-

blem of finding well-paying local security
positions as opposed to ones that require
relocation to high cost of living areas.
Wade Johansen, CouriTech LLC: Employ-

ers who look for talent often don’t under-
stand just how talented an individual real-
ly is from a resume. Because every resu-
me is filtered through an HR dept, often
by keyword - great prospects are skipped
over. Keyword resume searching has be-
come the norm, often when you do get an
HR person who calls, they don’t under-
stand the technical abilities of the pro-
spective employee, and so they are often
overlooked when in reality they may be a
perfect fit. This is a challenge because IT
techs often are the worst at describing
what they know and do on a daily basis.
- 27 -
W HO IS
WHO
Kris Rides Elizabeth Houser

TiroSec, CEO and Founder Praesidio Security
Engineer
Kris believes that there is no substi-
tute for building long term rela- Security Engineer for Praesidio and
tionships with clients and you do focuses on vulnerability assess-
that by providing them a great se- ments, incident response, and digi-
rvice. This is his 16th year in the tal forensics. She is a graduate of
recruitment industry and he has the University of Washington and
built and managed both perma- lives in Seattle. Her additional inte-
nent and contract teams over mul- rests include malware analysis as
tiple disciplines in both the UK and well as cyber threat intelligence
all over the USA. Kris is passionate and serves on the Computer Infor-
about recruitment and still keeps in mation Systems (CIS) Advisory
touch with both people he placed Committee for Edmonds Communi-
when he first started his career and ty College in Lynnwood, WA.
clients he worked with. He has
spent almost all of his working ca-
reer in Tech recruitment and he
understands his candidates needs Roberto Langdon
as well as the difficulties clients KPMG Sr Manager,
have in some of these niche areas. Forensic Technology
Services Risk Consulting
He has a wide experience in the

Einaras Gravrock
Information Security market, as
Cujo, CEO
well as in the Forensic Practices
and Technology. He has 35 years
12 years digital commerce expe-
of experience previous to his position at KPMG, within
rience. Founded / built Mod-
national and multinational companies, from IT & Tele-
nique.com to $50M in annual sa-
comm sector, and 15 years of experience in Information
les. Named one of Goldman Sacs
Security, Physical Security and Urban Security speciali-
100 most intriguing entrepreneurs
zation.
in 2014.
- 28 -
T RAINING
What role will formal education play in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Wade Lovell, Simpatic: As the industry
curity: It always plays an important role in matures, degrees and certifications will
research based jobs. Teaches how to do play more of a role. This is a mistake.
research and work within specific require- Having held a number of certifications
ments and times. Certification will never myself, including the CFE (Certified Fraud
replace a degree (IMHO). A degree is also Examiner), I have little respect for their
not everything either. ability to help practitioners stay up to date
and see them more as a gate preventing
some experts, especially young ones wi-
thout corporate CPE and dues sponsors-
Irfan Shakeel, EH Academy: Formal educa- hip, from appearing as competent as so-
tion should play an effective role and we me of the corporate dinosaurs.
need to make little tweaks in the formal
education. But, the formal education wi-
thout the required amendments will not
play any notable role.
Chase Cunningham, Cynja: The more edu-
cation that cyber operations personnel
can attain before they go looking for
work, the higher initial salary they can
Elizabeth Houser, Praesidio: Formal edu- garner. Thanks to increased specialized
cation will continue to be sought after but training in the military and intelligence
the availability of online (especially free) communities, the need for actual degrees
training resources will increasingly aug- is not completely necessary. However,
ment the education of individuals at all surveys show that the gap in starting pay
skill levels. for those with advanced degrees is much
greater, by up to 40%, compared to those
with similar cyber skills but no formal edu-
cation. In short—it pays to go to school.
Roberto Langdon, Nicolas Orlandini,

KPMG: The education will be very impor-
tant in 2016, because we need to incorpo-
Nick Prescot, ZeroDayLab: Education will
rate already skilled people for this activity
become more formalised in 2016 where it
that can be very effective from the very
will be a training requirements.
beginning of his/her job.
- 29 -
T RAINING
Dennis Chow, Millar, Inc Short: There will Stephan Conradin: Crucial, more educa-
be an increase in positions requiring an tion for more ability to work with com-
undergraduate degree to even apply. Ho- plexity.
wever, I do not believe there will be a lar-
ge increase in requirements for ‘security’
specific degrees. Certification need will
also increase, as well, that teaches hands- Paul Hoffman, Logical Operations: Formal
on skills rather than conceptual only. education will have to step up in some
capacity and in 2016 you will see some do
just that. But it will take time. Those in-
stitutions do not move very fast.
Amber Schroader, Paraben Corporation:
We have seen a change in a need for a
base training and understanding of the
principles associated with examination Rajeev Chauhan: There can be no substi-
that comes through formal education. tute for formal education, the formal
However, we see a deficiency when it co- education provides the base for future.
mes to the ethics that are required to be However, exceptions can not be ruled out.
able to function in the field when it comes
to formal training.
Ondrej Krehel, LIFARS: It’ll be more impor-

tant, as curriculums are getting better, but
BroadTech Security Team: It will be an still not where it should be.
important factor but not a deterministic
factor. Skill, experience & passion will win
over nonchalant formal education.
Anthony Di Bello, Guidance Software: This
depends on the ability for universities to
find qualified instructors and develop me-
Wade Johansen, CouriTech LLC: In the U.S. aningful curriculum. Given the salaries
it is starting to gain more ground now. The associated with skilled cyber pros, I can
federal Govt has started giving grants to see how attracting qualified educators in
more colleges to develop Cyber Techno- the field will be challenging. Perhaps
logy and Security programs and degrees. universities can turn to their own internal
For many colleges, this is the first time information security teams for assistance
they’ve ever had real Cisco or cyber secu- in this area. Universities that offer mea-
rity labs and not just textbooks and desk- ningful cyber programs can be expected
tops. It’s a big leap forward. to play a big role.
- 30 -
T RAINING
Andrew Bagrin, My Digital Shield: Just ad-

ding head count in the industry. The secu-
rity industry requires experience and
knowledge about hacking, networking and
coding.

Labs: It is difficult to see formal education
disappearing completely, but in general, it
has been slow to incorporate cybersecuri-
ty trends within their curricula. It’s not
uncommon for university curricula to re-
main static for many years because of
their reliance on published textbooks.
David Clarke, VCiso: Education needs to

start in schools, the gap between schools
and IT is getting bigger, Cyber Security is
misunderstood.
Julie Herold, Kenny Herold, Odin’s Eye:

We think, based on the previous answers,
we won’t quite yet see the results this
year.
- 31 -
T RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: For now,
curity: They are important but experience yes! Because most college degrees don’t
is more important. Certs don’t guarantee prove skills in the field, or because the
success but combined with experience requirements of the degree may use
through using taught concepts in projects outdated resources, there is a tendency
is an indicator. now to look for certified professionals
such as VCP, CCNA, MCSA, C|EH, etc.,
which shows the skills are currently re-
levant to an architecture or model.
Rick Blaisdell: Yes, that’s for sure. The
2015 CompTIA study HR Perceptions of IT
Training and Certification revealed that:
65 percent of employers use IT certifica- Przemek (Shem) Radzikowski, Secbüro
tions to differentiate between equally qu- Labs: I’ve met many highly-certified peo-
alified candidates • 72 percent of employ- ple who have turned out to know very
ers use IT certifications as a requirement little. All too frequently, certifications
for certain job roles • 60 percent of orga- only test knowledge but not the candida-
nizations often use IT certifications to con- te’s ability to apply the concepts in real
firm a candidate's subject matter world situations.
knowledge or expertise • 66 percent of
employers consider IT certifications to be
very valuable - a dramatic increase from
the 30 percent in 2011. Dennis Chow, Millar, Inc: Yes, certifica-
tions will complement and evolve to help
maintain the attestation of a certain level
of skill. However, we will see more inte-
Dotan Bar Noy, Re-Sec Technologies: Cer- rviews and other candidate requirements
tification plays an important role ensuring to prove hands-on experience through
your team is up to speed with new solu- ‘practical’ assignments.
tions and encounters other professional
to share ideas and feedbacks on the diffe-
rent solutions.
David Clarke, VCiso: The idea that a five
day training course means we have cyber
skills, anymore than learning to drive from
Rajeev Chauhan: To some extent, certifi- multimedia training course is valid, we
cations are benchmarks for judging capa- need the equivalent of medical interns,
bilities, but there is no substitution for Barristers Pupilage.
hands on skills.
- 32 -
T RAINING
Amber Schroader, Paraben Corporation: Paul Hoffman, Logical Operations: Certifi-

Yes, certifications are a necessity as they cation will continue to play the primary
allow for the specialization in the industry role in confirming expertise.
that can only be done through specific
certifications.
Ondrej Krehel, LIFARS: I think work expe-

rience is the real key, certs are more of a
Andrew Bagrin, My Digital Shield: I think minimum knowledge.
certification has already dated itself and it
won’t get any better. Accomplishments
and understanding of core principles is
what I look at. Anthony Di Bello, Guidance Software:
I hope not. I believe practical experience
and red/blue team exercises should be
the main tool to confirm skill and experti-
Stephan Conradin: Yes, but certification se in this field.
will have to adapt to new complexity.
When I got my CISSP, I had a question
about the height of the fences, It is always
a good question but now our data is more
Elizabeth Houser, Praesidio: Likely yes, as
in the cloud and less protected by fences.
the desire for certifications has been con-
sistent over the years and most people
are comfortable with that benchmark.
Wade Lovell, Simpatic: I hope not. I prefer
directly testing candidates and reviewing
their code and thought process.
KPMG: Certification is a must to provide
calm and confidence to the clients, that
the people involved in the investigations
BroadTech Security Team: Certification
and data acquisitions, are recognized pro-
even now is not the main tool to confirm
fessionals to do that, keeping the security
skill and expertise for CEOs & HRs who
triad CIA (Confidentiality, Integrity and
care about business. But vendors will push
Availability) of all the information gathe-
for certification since it is another recur-
red and processed.
ring revenue generation market due its
expiry date.
- 33 -
T RAINING
Chase Cunningham, Cynja: New certifications, like those from ISACA’s CSX program, will start to slowly re-
place some of the “cookie-cutter” certifications that have typically garnered more interest. Recruiters are
hiring personnel and senior managers with active performance based certifications at a higher rate than
before. The old paradigm of studying for a certification and passing it will start to go away. If one can’t actu-
ally conduct the task then they won’t get certified. Another way to put it, people prefer doctors who have
practiced their medical skills on patients rather than simply reading books and passing exams. The same is
true in cybersecurity.
Julie Herold, Kenny Herold, Odin’s Eye: We’ve always been jaded with regards to an acronym that states
you can memorize information so we feel that any answer would be biased. Your work experience and end
product should be the proof of your level of expertise as well as your ability to convince your client that A.)
You know what you are talking about and B.) You can execute at that level. For clients that rely on the cer-
tifications as a compass to navigate through the many vendors with these types of services, they do have
their place.
- 34 -
T RAINING
Will we see a more unified
standardization of education and skills?
Michael A. Goedeker, Auxilium Cyber Se- Wade Lovell, Simpatic: Yes, but it won’t be
curity: I hope so, everyone has their helpful for the reasons discussed above
„own” standard and it's very hard to judge and because graduates of the new degre-
one cert from another. However „Cyber” es in cyber security seem to be primarily
and security, in general, are very dynamic learning Java and have little time on the
which makes standardization extremely keyboard with other languages.
hard to achieve.

Stephan Conradin: Not sure. Standardiza- Labs: The security ecosystem is becoming
tion doesn’t mean quality. We need big highly specialized and new niche areas are
certifications, like those of ISACA or (ISC)2 emerging each year. If anything, we will
but we need to use very specific certifica- see further fragmentation of education.
tions very close to technologies.
David Clarke, VCiso: No, unfortunately, Julie Herold, Kenny Herold, Odin’s Eye:
not for long time. We foresee, with the increase in demand,
that education will start at lower stages of
the education systems which would stan-
dardize and unify approach and delivery.
Andrew Bagrin, My Digital Shield: I doubt
it. Security changes too often because the
threats continuously change. So it will be
hard to have a standard training that will
last. Nick Prescot, ZeroDayLab: Not in 2016 but
as a growing trend over the years.
Mitchell Bezzina, Guidance Software: Yes,

as industries mature, standards will emer- Paul Hoffman, Logical Operations: I don’t
ge across disparate training and larger believe we will see standardization bey-
cybersecurity training organizations will ond the NIST and NICE efforts for a while.
devote time to university course curricu- Once those standards take hold, we will
lum. move to the next level.
- 35 -
T RAINING
Will we see a more unified
standardization of education and skills?
BroadTech Security Team: In information

security, it is important to have ground
work in standardization of education to
eliminate gaps in topics. But once the fo-
undation is made, standardization of skills
would be stupid because hackers don't
attack your standard way nor can you ask
a hacker to be certified before he attacks.
Hackers are ( I mean the good ones ) cre-
ative ( kaspersky breach ) and after the
standardization of education on funda-
mentals, InfoSec professionals should be
able to think creatively in order to counter
non standard attacks.
Wade Johansen, CouriTech LLC: Yes, this is

already happening today in the U.S. As the
federal Govt is standardizing its own ne-
tworks, the skills they are looking for in
high tech field employees has evolved.
Because there has been a lack of qualified
candidates, they have begun to fund colle-
ges and universities to develop those ne-
cessary skills in students or offer conti-
nuing education courses for workers who
are looking to enhance or upgrade their
skills.
Ondrej Krehel, LIFARS: I think so, but

diversity isn’t bad either.
- 36 -
T RAINING
Will online courses influence the level of
education in security field?
Michael A. Goedeker, Auxilium Cyber Se- Paul Hoffman, Logical Operations: To so-
curity: Online courses will grow in impor- me degree, of course.
tance as we see companies limit travel
expenses. Online training will also let peo-
ple learn at their own pace.
Ondrej Krehel, LIFARS: I believe they will
dilute the talent pool. As people who
would go remote could just learn on their
Irfan Shakeel, EH Academy: Yes, online own.
courses are the rich source to get the ba-
sic training & education. Online courses
will influence the infosec education.
Stephan Conradin: Online course are mo-
re adapted to time of life, it is easier to
find time to learn online. But presential
Wade Johansen, CouriTech LLC: They alre- courses are important to share with other
ady are. Most students I know are already professionals.
taking online courses. It opens up a world
of opportunity. You can now also get an
accredited degree completely online and
the adoption rate of this model is growing Wade Lovell, Simpatic: Only if there is a
quickly. complete change in the way course con-
tent is created, curated, and sold. For
example, Cisco or Microsoft could be in-
credibly influential in the level of educa-
Przemek (Shem) Radzikowski, Secbüro tion in the security field had they not ma-
Labs: Although I have a number of formal de education and certification profit cen-
credentials, I think online courses provide ters.
a tremendous service to the industry by
making security education easily and
cheaply obtainable to anyone who wants
it. That’s a positive. The negative aspect Andrew Bagrin, My Digital Shield: Yes it
of online courses lies with their clumsy will, but not the quality of people. The
way of proving that the student has pas- same reason as above. Security is not so-
sed the material – it still hinges on an ho- mething on its own, but security needs to
nours system. be applied in all areas. (networking, deve-
lopment, process, etc.)
- 37 -
T RAINING
Will online courses influence the level of
education in security field?
BroadTech Security Team: Yes, especially

free online courses are going to play a big
part.
Mitchell Bezzina, Guidance Software: Yes,

the base level of knowledge should incre-
ase.
Nick Prescot, ZeroDayLab: Not really.

Yes, as traditional colleges begin to move
more towards the “trade” skill fields, the
hands on training will inevitably be sup-
plemented with online courses.
- 38 -
W HO IS
WHO
Wade Johansen
Andrew Bagrin CouriTech LL, CEO and Founder
My Digital Shield (MDS)
Founder and CEO I’ve worked in the IT industry since
1982 and have been a high level
Andrew Bagrin is the Founder and systems engineer for more than 10
Chief Executive Officer of My Digital of those years. I also taught as an
Shield (MDS), a leading provider of IT course instructor for 8 years.
Security-as-a-Service (SECaaS) for I currently hold CISSP, HCISPP,
small businesses. With more than C|EH, CHIT, WG-WCSP, CCSP but
18 years of experience in the IT se- have also held over 25 certifica-
curity industry, Andrew started tions lifetime such as MCSE, CNA,
MDS in 2013 to bring cloud-based, Server+, Net+, Sec+, SCP, SCNA and
enterprise-level security technology more. I spend much of my time
to small businesses at an affordable integrating and merging business
price. Prior to founding MDS, domains and large scale environ-
Andrew served as the Director of ments, and improving network se-
Service Provider Business Deve- curity. My specialities are Active
lopment at Fortinet, a network se- Directory migrations for healthca-
curity provider. He held the posi- re, banking, and various other in-
tion from 2008 until 2013, focusing dustry verticals.
on new security offerings as well as
gaps in the security market.
Andrew’s career in IT security be-
gan in 1997, working for several Chase Cunningham
network security consulting compa- Cynja, CTO
nies. From 2000 to 2004, he served
as the Director of Network and Se- Chase Cunningham serves as CTO
curity with Regal. and fights bad guys in cyberspace.
He began his Cynja training serving
in the U.S. Navy, where he worked
as an analyst in the Department of
Defense’s network exploitation
Rajeev Chauhan program. He lives in Texas with his
two young cyber warriors Callie
C|HFI, C|EH, BSc, BTech IT & Comn, MS Cyber Law and and Caelyn. He earned a B.S. from
Cyber Security. Cybersecurity enthusiast, Independent the American Military University,
Researcher, trainer, consultant and blogger at Cyber- and an M.S. and a Ph.D. in informa-
oxen. Loves golden oldies. tion systems security from Colora-
do Tech University.
- 39 -
T HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Leon Kuperman, Zenedge: Targeted, ad- Shay Zandani, Cytegic: Attacks to steal PII,
vanced threats focused on specific organi- medical data and sensitive information
zations (called ATP’s) – threat actors are will continue to be a major concern – not
well funded, patient and utilize a combi- only for the “usual” targets but also for
nation of techniques to infiltrate an orga- “new types” of targets, such as municipa-
nization (including physical, social engine- lities, online gaming platforms, tier-2 reta-
ering and standard network and cyber ilers, production lines, etc. • SCADA and
attacks) • Advanced botnets, using Layer 7 ICS attacks will continue to grow and be-
DDOS attacks over HTTPS (hard to mitiga- come a major threat to critical infrastruc-
te) – this trend will continue in 2016 and ture, but also for plants, production lines.
we will see the next iteration of weaponi- • Ransomware is likely to continue to
zed zombies with near-browser like capa- evolve and remain mainly a nuisance.
bilities. • IoT – Connected devices with
OS’s running on them, with vulnerabilities
exposed at an unprecedented rate. •
DDOS attacks for Bitcoin. Rajeev Chauhan: Zero-day vunerabilities,
clickjacking and ransomware.
Einaras Gravrock, Cujo: IoT. It’s going to

get worse before it gets better. IoT pene-
Michael A. Goedeker, Auxilium Cyber
tration is growing at a high multi-digit rate
Security: „Cyber” Espionage, Warfare and
and device makers continue to be unpre-
their influence on new technology in
pared for security challenges.
„Cyber” Crime. Increased attacks on per-
sonal data in government, increased
attacks on critical infrastructure, increased
corp espionage by nation states, lack of
Kris Rides, Tiro Security: As more compa-
actionable intel in threat intelligence pro-
nies move towards cloud services, the
ducts
attack surface is increasing. I think we will
see more sophisticated attacks targeting
cloud service providers. I also think the
assumption made by many companies
Dennis Chow, Millar, Inc: Phishing and
that moving to the cloud pushes security
Social Engineering based attacks combi-
issues to these services providers, alongsi-
ned with insider threat based breaches.
de with companies running hybrid sys-
tems, will leave gaps in their security po-
sture.
- 40 -
T HREATS
Mayur Agnihotri: Good Malware Never David Clarke, VCiso: Security personnel
Dies, Fidelis in a recent report as a reporting lines reporting to IT, Cyber Secu-
"reincarnation" of previous malware. Not rity is there to protect against bad things
only can Java-based JSocket control Linux, happening, surely this should report to
Mac and Windows PC systems remotely, the highest level.
but the malicious code is also able to
affect mobile devices.
David Coallier, Barricade: Whilst ransom-

ware will probably continue to be used (as
Dotan Bar Noy, Re-Sec Technologies: Un- they are wildly successful for criminals), I
fortunately, enterprises are still not pro- am bullish on the new threat landscape
tected from 2015 threats to worry about around the Internet of Things. There are a
2016 ones. We will still see content based lot of devices which access vast amounts
attacks containing APT, Phishing, Ransom- of personal and private information, as
ware and many more zero-days. Threats well, becoming more intrinsic to your eve-
will continue to use sophisticated delivery ryday life (i.e. connected cars) and yet, the
mechanisms that will allow them to per- security of most of these devices is fickle
form updates and evolve over time. at best.
Paul Shomo, Guidance Software: Malware Rick Blaisdell: Wearables - Although most
designed primarily for long term com- wearable devices store a relatively small
mand-and-control, such as Remote Access amount of personal information, weara-
Trojans (RATs), will continue to be the ble platforms could be targeted by cyber
bane of incident responders’ existence in criminals working to compromise the
2016. It’s such a simple matter to create a smartphones used to manage them. The
new version of a RAT in minutes and they industry will work to protect potential
offer the advantage of being unique and attack surfaces, such as operating system
therefore bypass signature and policy ba- kernels, networking and Wi-Fi software,
sed detection methods, relying heavily on user interfaces, memory, local files and
technologies with deep endpoint visibility. storage systems, virtual machines, web
These tools will form the cornerstone of apps, and access control and security so-
incident response and security alert triage ftware.
and validation.
- 41 -
T HREATS
BroadTech Security Team: Threats in the Roberto Langdon, Nicolas Orlandini,

IoT sector, Compromising Anti-virus to KPMG: Although the Banking and Finan-
take over systems, Rogue drone causing cing sector is a common practice to search
damage. SSL vulnerabilities until OpenSSL for suspicious operations, in order to de-
is fully replaced by LibreSSL.. tect money laundering, frauds, etc., in the
rest of the market segments there are no
special organisms with the same responsi-
bility, so the corporate and government
Nick Prescot, ZeroDayLab: As with the M- organizations need to find a confident
Trends Report, the main APT groups aro- advisor to help them in this arena. Frauds
und hacktivism, state-sponsored actors are not exclusive for Banking and Finan-
and organised cybercrime aren’t going to cing institutions.
go away any time soon. The re-publishing
and distribution of open source hacking
tools is a lucrative market for amateur and
veteran threat actors alike, with organised Przemek (Shem) Radzikowski, Secbüro
cybercrime groups utilising younger indivi- Labs: We saw some interesting reflection
duals as smokescreens for larger-scale, in- and amplification DDoS attacks this year,
depth attacks (i.e. Talk Talk, Oct. 2015). in particular those using Simple Service
Discovery Protocol (SSDP). The SSDP
attack vector was possible as a result of
millions of unsecured home-based Inter-
Andrew Bagrin, My Digital Shield: APT di- net-connected devices which use Univer-
dn’t emerge in 2015 but they will continue sal Plug and Play (UPnP). These were
to grow and get worse, and they will start used as SSDP reflectors. Their sheer scale
to overlap with IoT threats as IoT grows. of numbers and passive availability will
likely continue through 2016.
Kenneth C. Citarella, Guidepost Solutions:

Every threat that emerged in 2015 will Stephan Conradin: Cybercrime did not
remain relevant. Unless known security really emerge in 2015 but is is clear now
weaknesses are corrected, we will conti- we are in cyberwar, with a lot of enemies
nue to be victimized by the same tech- and no more aliens.
niques that have worked previously.
- 42 -
T HREATS
Craig McDonald, MailGuard: Ransomware. In 2016, inexperienced cyber criminals will jump onto the ran-
somware-as-a-service offerings, and accelerate the growth of ransomware. Anonymizing networks and pay-
ment methods will continue to fuel ransomware’s rapid growth path • Cloud services. Weak or ignored
corporate security policies make cloud services easy targets for cyber criminals. The payoffs are big -- confi-
dential business information, customer data, organizational business strategies, company portfolio strate-
gies, next-generation innovations, financials, acquisition and divestiture plans, employee data and other
data • Attacks through employee systems. When organizations do improve their security, attackers shift
their focus to their employees, especially insecure home systems, to gain access to corporate networks •
Warehouses of stolen data. Stolen personally identifiable information sets are linked together in big-data
warehouses; combined records are more valuable to cyber attackers. Watch the dark market for stolen per-
sonally identifiable information and usernames and passwords boom in the coming year • Hardwa-
re. Attacks on all types of hardware and firmware will continue. The market for tools that make them possi-
ble will expand and grow. Virtual machines could be targeted with system firmware rootkits • Weara-
bles. Most wearable devices store a small amount of personal information, but they are desirable targets
because of the smartphones used to manage them • Cars. Connected automobile systems that fail to meet
best practice security policies in areas are tempting targets. These include vehicle access system engine
control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key
systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps and smartphone access.
Julie Herold, Kenny Herold, Odin’s Eye: Gerald Peng, Mocato: Personal Informa-
Continued focus on previous assumptions tion hacking, Cyberterrorism against
of lower level security in protocol stacks; private and public entities, Cloud compu-
as the theoretical attacks are becoming ting vulnerabilities, Mobile device exploi-
more and more probable and exploitable tation, Credit card fraud via card-not-
for nation states and other organizations present (CNP) technology, Phishing, Mal-
with computational power exceeding the ware, Ransomware, Connected device
norm. Continued focus on open source hacking (e.g. medical equipment, cars),
code and taking advantage of a lack of State sponsored hacking, Mobile phone
review on said code. vulnerabilities.
Ondrej Krehel, LIFARS: Better ransomwa- Wade Lovell, Simpatic: Ransomware, Wi-
re. re Fraud, Hacking into databases and
offering customized searches on Personal-
ly Identifiable Information as one Vietna-
mese national did who had access to data
Wade Johansen, CouriTech LLC: Bot-
on 200 million U.S. Citizens.
nets & CryptoLocker.
- 43 -
T HREATS
Which threat group will see
the biggest growth in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Roberto Langdon, Nicolas Orlandini,

curity: Cybercrime that works with nation KPMG: The global erosion of values, mo-
states for corp espionage and warfare rals, and responsibility, are affecting
(even though it is cyber war and espiona- strongly the organizations who suffered
ge, nations will (hide) behind cyber cri- frauds, money deviation, information
me). In addition, depending on how we theft, manipulation of information in or-
resolve terrorism, we could also see Cyber der to obtain personal benefits against
Terrorism growth as well. the organization objectives, taking advan-
tage of higher hierarchies or powered po-
sitions inside the company.
Dotan Bar Noy, Re-Sec Technologies: Gu-
essing from the past year, ransomware The dream of easy money is driving peo-
and specifically cryptolocker are the ones ple without loyalty and moral values to
most of us will encounter this upcoming take advantage of these “opportunities”.
year. We will see and hear more about Seeing packets of 50,000 credit cards sto-
new targets such as cars, etc. len information on the Dark Web on sale
for two or three thousand dollars is just
an example.
Besides that, as in some organizations, the
Shay Zandani, Cytegic: The tier-2 financial information gathering and storage is not
hacker groups, which now are able to buy well addressed when it comes to accom-
“off the shelf” exploit kits and advanced plishing security policies, the rest of the
attack methods, will continue to evolve. delinquent eco-system is ready to partici-
As such, the proliferation of advanced pate.
tools will continue this year.

Rick Blaisdell: I personally worry about the Labs: I think it’s worth keeping in mind
possibility of U.S. infrastructure becoming that 300+ Gbps DDoS attacks will become
the next major target of cybercriminals. the norm and may start to see sustained
Attacks on all types of hardware and 500+ Gbps attacks. We should also be pre-
firmware will likely continue, and the mar- pared to see a rise in DDoS attacks which
ket for tools that make them possible will act as a smokescreen for the “real” or
expand and grow. Virtual machines could “secondary” attack and ultimate exfiltra-
be targeted with system firmware tion of data.
rootkits.
- 44 -
T HREATS
Kenneth C. Citarella, Guidepost Solutions: Craig McDonald, MailGuard: Spear phis-

It is impossible to predict which threat hing. Targeted, specific email phishing
group will be most prominent in 2016. scams whereby the sender is impersona-
There are too many variables, such as ted, rendering the email content to be
“who” they target, what vulnerabilities more compelling to the recipient who
that target has and what kind of data is knows the ‘purported’ sender. Staff within
accessed. But the sophistication of many an organisation will wire transfer large
attackers is steadily growing, so we should sums of money for instance, believing the
not be surprised by continuing reports of CEO or CFO has asked directly for this
successful intrusions. transaction to occur.
Integrity attacks. Stealthy, selective com-
promises to the integrity of systems and
data are on the rise. Attackers seize and
BroadTech Security Team: IoT in health
modify transactions or data for their own
care, oil plants, power grids, nuclear facili-
purposes, such as changing a victim’s di-
ties, etc.
rect deposit settings and having their pay-
check deposited into a different account.
Wade Johansen, CouriTech LLC: Mobile

device security.
Andrew Bagrin, My Digital Shield: IOT be-
cause the industry is really growing witho-
ut any defenses.

Divulgers of dox attacks or pro-privacy
Gerald Peng, Mocato: I believe that per-
groups based on anti-government, anti-
sonal information, especially located on
corporation, anti-organization, anti-X mo-
mobile phones and social media channels,
tivations for smear campaigns or pro-
will continue to be the main targets for
privacy groups.
cyber attack and cyber fraud.
Nick Prescot, ZeroDayLab: Phishing and

malware. Stephan Conradin: Theft of sensitive data.
- 45 -
T HREATS
Wade Lovell, Simpatic: Spear phishing,

which is an email phishing attack customi-
zed with your information so that it appe-
ars legitimate.
Paul Hoffman, Logical Operations: Health

Care. Vital records about a person that
never change are the most valuable infor-
mation being sold.
Ondrej Krehel, LIFARS: As always, phis-

hing.
Leon Kuperman, Zenedge: IoT Device Vul-

nerabilities.
David Clarke, VCiso: The threat group that

is the biggest already is inadvertent hu-
man error “PWC” 95% of all incidents.
- 46 -
T HREATS
Can you see any old and forgotten
threat coming back in the next year?
Michael A. Goedeker, Auxilium Cyber Se- Stephan Conradin: We have cloud, IoT,
curity: Always, many attacks come back BYOD questions and people are thinking
after people forget them, or they are re- the virus front is safe now, but they are
purposed and updated. still there, more and more polymorphics
and hard to detect.
Leon Kuperman, Zenedge: Potentially; for

example, there are still many implementa- Craig McDonald, MailGuard: New malwa-
tions of SSLV3 running, and those are sure but the same old tactics Social engine-
sceptible to POODLE. Old attacks could ering and malware infection are the most
come back in a slightly modified form. common tactics used by cyber criminals.
Survey scams on social networking sites,
phishing and spear phishing emails for
corporate employees, and fake links on
Rick Blaisdell: Phishing is not new, but it search results are successful at the mo-
remains a top threat in the coming year. ment. Cybercriminals are constantly
The Global Phishing Survey of the Anti- morphing their malware and their social
Phishing Working Group (APWG) found tricks – faster than victims can identify
that in the last six months of 2014 alone, them and protect themselves.
there were approximately 124,000 unique
phishing attacks worldwide, which occur-
red on more than 95,000 unique domain
names. Dotan Bar Noy, Re-Sec Technologies: No.
I believe traditional security measures
offer a sufficient protection from old thre-
ats. The challenge will be to battle new
Alina Stancu, Titania: Heartbleed, Poodle types of malware and techniques.
and other critical vulnerabilities will resur-
face as recycled code is being used in
other applications.
Mayur Agnihotri: HACKTIVISM with more
dangerous faces, and in the present sce-
nario, we see most of the attacks are un-
Dennis Chow, Millar, Inc: Stego and Covert der Hacktivism, like LulzSec and one more
Channel Signaling. name is added #ISIS.
- 47 -
T HREATS
Przemek (Shem) Radzikowski, Secbüro Mitchell Bezzina, Guidance Software: Phy-

Labs: Brute force attacks have virtually sical attacks will make a come-back in
disappeared, but with the proliferation of 2017, where a combination of physical
cloud applications, “Low and Slow” Brute presence will be the easiest entry into an
Force attacks have been gaining populari- organization. 2016 will focus on individual
ty. The dispersed nature and scale of awareness and closing gaps in cybersecu-
cloud resources makes possible their use rity strategies.
to launch distributed “low and slow” bru-
te force attacks without triggering alert
thresholds.
Wade Johansen, CouriTech LLC: PKI trusts
- inherently trusted and ultimately insecu-
re.
Richard De Vere, The AntiSocial Engineer:
Without doubt, the largest rise will be se-
en in social engineering techniques. A lot
of security has evolved now to the point Anthony Di Bello, Guidance Software: Cer-
that only the very smartest and determi- tainly. There are already old and forgotten
ned criminals hack anything worth hac- threats still prolific throughout the world;
king. Social engineering techniques will see Conficker. The cybersecurity industry
help criminals to get the access they desi- ebbs and flows with technology from both
re. the attackers and defenders, this year saw
proliferation in POS intrusions and Phis-
hing, while these attack types remain
“easy”, they will continue, however, new
Ondrej Krehel, LIFARS: I don’t think there defense technologies of these attack ty-
are any really forgotten techniques, as pes will force attackers to pivot and define
hackers keep a large toolbelt. Maybe mo- other entry types.
re into COBOL and Fortran as NASA put it
back into the limelight.
Wade Lovell, Simpatic: Yes, EXE injec-

tions, for example, are making a come-
Einaras Gravrock, Cujo: The nature of back and many advanced persistent thre-
threats has not changed over the last cou- ats likely remain undiscovered. Macro
ple of decades; devices and networks malware in MS Office documents attached
have. We will continue seeing old attack to emails are also on the rise as an attack
methods aimed at new device types. vector.
- 48 -
T HREATS
Andrew Bagrin, My Digital Shield: I don’t

think so. I think the threats have grown up
quite a bit.
David Clarke, VCiso: Yes. Inadvertent hu-

man error, been around for ever, Enigma
was cracked because of this.
- 49 -
T HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Mark Bennet, Blustor: The debate betwe- Nick Prescot, ZeroDayLab: Governmental
en the need for intelligence agencies to supervision via traffic analysis, etc., has
decrypt data being communicated betwe- become more prevalent in the public eye,
en potential terrorists and the public’s and – as with recent proposed surveillan-
right to privacy will continue to rage. ce legislation – may only continue to fur-
Overreaching government agencies have ther public perception of ‘state snooping’
abused their ability to collect data on citi- of their online activities. As such, encryp-
zens with little oversight by legislatures or ted / obfuscated networks such as The
the judiciary. Restricting the transfer or Onion Router (TOR) may be utilised more
development of encryption technology by the general public who may not know
will have little impact on a terrorist orga- the ramifications of using such tools, ma-
nization to illegally obtain those capabili- king them vulnerable to malware attacks
ties but it will significantly restrict the abi- and vulnerabilities as yet unknown to si-
lity of law abiding citizens to protect their gnature-based anti-virus systems (i.e.
own privacy. The proposed “backdoors” OnionDuke).
that some officials are calling for to enable
intelligence agencies to covertly access
encrypted communications will also make
those same devices vulnerable to hackers. Dotan Bar Noy, Re-Sec Technologies: Cy-
There is no such thing as a “backdoor” ber terrorism becomes the new frontier
that only the good guys can use. and terror organizations. The growing im-
pact of cyber space on recruitment and
public opinion will mean that much of the
war against terrorism will take place in
Einaras Gravrock, Cujo: Yes. I think the cyber space.
governments all over the world have ma-
de cyber security among their top priori-
ties. Their funding has trickled down to
the private sector. This sort of positive Leon Kuperman, Zenedge: Yes, terrorists
attention from the government will fuel will use all means possible to achieve their
the private sector. objectives, including cyber-security vulne-
rabilities. Right now, terrorists are focused
on physical targets for the most part,
using technology as an enabler. In 2016
Stephan Conradin: I think the war is alrea- and forward, targets will include cyber-
dy here and due to our growing cyber- assets as the primary goal of terrorist
dependencies, it is clear cyberterrorism is campaigns.
a good weapon.
- 50 -
T HREATS
Craig McDonald, MailGuard: Although Ondrej Krehel, LIFARS: I don’t think so.
this was a hot topic two or three years Nationstates and terrorist groups make up
ago, it’s no longer attracting a lot of atten- a small minority of breaches. It’s really
tion. The internet and social media are people out for the money.
used as a recruitment tool and a weapons
development training ground. Two key
areas of cybercrime will be affected by the
war on terror: • A market for false identi- Alina Stancu, Titania: If legislation is pas-
ties • Criminals use stolen or false identi- sed in the wake of terrorist provoked tra-
ties to perpetrate frauds and establish gedies, there will be significant changes in
business structures and companies to how future threats will be delivered. It will
launder money. Identity crime is also used probably drive the criminals underground
to commit welfare, tax and other fraud and there will be more channelling
against government agencies, to gain through Virtual Private Networks, proxy
unauthorised access to sensitive informa- servers, and Tor.
tion or facilities, to conceal other criminal
activities such as drug trafficking and pro-
curing child exploitation material, and
even to facilitate the commission of terro- Michael A. Goedeker, Auxilium Cyber Se-
rist acts. • Rise of data mining • Increasing curity: Yes, they will likely increase hack-
commercialisation of data from Twitter, tivism and cyber terrorism before they
Facebook and LinkedIn for data miners for reduce them. Terrorism will show the we-
all purposes including terrorism. aknesses of How? When groups do not
work in a coordinated way, they will be
disorganized and this disorganization
could be used to hack certain countries. In
David Clarke, VCiso: Yes it may speed up addition, we could see the dawn of a new
legislation to make IT Safe. job title Anti-Cyber Terrorism Consultant/
Analyst. Weaknesses in the way security
people are trained will show here as we
will see a need for more hacking skills in
BroadTech Security Team: The internatio- all computer security related jobs in the
nal effort to combat terrorism will be con- future. Security teams can only protect
trolled by politics, fear, greed and national what they know will be attacked and how
interests. So how the landscape will chan- it will be attacked.
ge is not predictable. More than techno-
logy, the above mentioned factors will
dominate in shaping it.
- 51 -
T HREATS
Kenneth C. Citarella, Guidepost Solutions: Shay Zandani, Cytegic: Yes, the internatio-
Terrorist attacks and counter-terrorism nal efforts to combat terrorism and cyber-
will continue to engage in cyberspace. terrorism is equivalent to a “whack-a-
Terrorists will try hard to move past mere mole” game – with every hit, the attackers
website defacing and to create the same pop back in a different location. The
type of physical harm through compromi- efforts to control encryption and to hunt
sing systems that they attempt through down terrorists will demand innovation
kinetic attacks. We cannot assume they on the terrorist and hacker side, as we see
will lack the initiative or capabilities to these days.
attempt infrastructure intrusions, espe-
cially if they are not succeeding through
conventional efforts.
Wade Lovell, Simpatic: Yes, it will. Nation
States are becoming bigger players in cy-
bercrime, although they call it something
Andrew Bagrin, My Digital Shield: I believe else. Under “the ends justifies the means”
so. In any type of battle, resources such as argument, countries have recorded all
communications and supplies are always content, required they be allowed top
hit first to reduce the power of the ene- level certificates, etc. If countries coopera-
my. Misinformation is also a strategy. te in their data gathering and analysis,
there could be a decrease in terrorism
funding and mobility while the freedom of
Wade Johansen, CouriTech LLC: Definitely, the non-terrorists are eroded in lockstep.
the landscape evolves to new levels every
day. How? Anonymity is still a key. Terro-
rist networks no longer require social me-
dia from the typical resources to operate Roberto Langdon, Nicolas Orlandini,
efficiently, although recruitment will con- KPMG: Cyberterrorism is becoming more
tinue to happen across these mediums. equipped and informed, to help their ob-
Once an individual is involved in the social jectives be carried out, no matter where
aspect, they will be able to use a comple- or in which country it can be done. Cyber-
tely new private version of Facebook, space is the new war scenario where we
Twitter, etc., which is non-dependent on are almost in a new world war. And Fo-
the current world's social media rensic services needs to be a must to be
platforms. Independence for these covered by all the Army Forces and Securi-
platforms will evolve. ty Forces. If they are not self-sufficient,
KPMG is ready to help, worldwide.
- 52 -
T HREATS
Gerald Peng, Mocato: Absolutely. Firstly,

nation states are exploring options for
tactical cyber response or offense. This
adds a complexity which will impact stra-
tegies developed and resources deployed
to fighting terrorism. Secondly, terrorists
use mobile and social media technology
to recruit, organize themselves and to
intimidate others. The efforts used to
combat those domestic and international
threats may result in a decline in personal
freedoms and an increase in investiga-
tions of citizens, thereby diluting counter-
terrorism resources.

Not any more than it already has been,
everything is in motion already.
- 53 -
T HREATS
Will cyber security in healthcare
remain a relevant topic?
Elizabeth Houser, Praesidio: Definitely. Dennis Chow, Millar, Inc: Yes, PHI is worth
Several high profile breaches within the more than PCI data at present on the
healthcare industry during 2015 indicate black market. Additionally, any compromi-
that the adoption of necessary tools and se or damage of patient care based sys-
practices isn’t occurring quickly enough. tems could potentially affect lives. There
is increasing evidence of terrorism linked
with cyber related crime.

KPMG: And related to healthcare informa-
tion protection, this market segment was Kenneth C. Citarella, Guidepost Solutions:
identified as one not making the necessa- Cyber security in healthcare systems will
ry investment in information technology be a most relevant topic to both indu-
security, and most of healthcare service stries. Health care networks contain all
providers are in a high risk to be attacked. the data necessary to steal identities for
This was advised by the FBI at least three economic fraud as well as to obtain un-
or four years ago. We are seeing the heal- warranted health care services by assu-
thcare sector as one of the most ill- ming the identity of an insured party. The
prepared to prevent, detect and respond continuing adoption of electronic health
to a cybersecurity incident, such as a data records will only contribute to this pro-
breach. Considering they store tons of blem unless adequate security is built into
sensitive information such as PII and PHI, the records system from the ground up.
this becomes (and it is happening right In addition, more and more medical devi-
now) a perfect storm situation. ces will be accessible online, yet they
often continue to operate with outdated
and insecure software. The possibility for
online tampering to target a patient’s he-
David Clarke, VCiso: Yes. Healthcare, co- alth or life must be anticipated and ad-
uncils and charities still top the list for dressed.
breaches.
Nick Prescot, ZeroDayLab: This will grow

Shay Zandani, Cytegic: Healthcare will as the implementation of the Data Protec-
continue to be a lucrative target for attac- tion Act will come into force.
kers, targeting PII and medical informa-
tion.
- 54 -
T HREATS
Leon Kuperman, Zenedge: Yes – It’s a cri- Wade Johansen, CouriTech LLC: Absolute-
tical data asset that remains exposed, ly, health care is a big target since records
exploitable and monetizable (from an contain not only geographical data about
attacker’s perspective). a person, it also contains medical informa-
tion which can be used to exploit benefits
systems and ongoing retirement informa-
tion.
BroadTech Security Team: Of course! A
few hours ago I sent a mail to the CEO of a
chain of hospitals asking her if she is pre-
pared for the statistics “Cyber Attacks will Mark Bennet, Blustor: Cyber security in
compromise 1 -in -3 healthcare records the healthcare industry will not only re-
next year”. Our company will be actively main relevant but it will grow as a major
involved in spreading awareness in the concern. Due to decades of kicking the
healthcare sector and providing necessary can down the road, the healthcare infra-
consultation for them. Security should be structure is woefully unprepared to pro-
a main concern for people who write he- tect itself from well equipped hackers see-
alth care IoT operating systems, too. In- king to steal patient medical records, ran-
stead of starting from scratch, they should soming critical healthcare data, etc. The
port tested and proven operating systems, costs of addressing these vulnerabilities
like NetBSD and OpenBSD. mean that many healthcare organizations
and medical device manufacturers will be
slow to respond unless legislatures man-
date a more rapid response. Unfortunate-
ly, legislatures rarely take action until
Wade Lovell, Simpatic: As long as there AFTER a major cyber security incident for-
are trillions of dollars in healthcare and ces the issue into the mainstream aware-
big pharma and billions of dollars in tablo- ness of the voters that put them into offi-
ids, cyber security will be relevant in heal- ce.
thcare.
Michael A. Goedeker, Auxilium Cyber Se-

Mayur Agnihotri: Yes. As cyber threats in curity: Yes, because of the lack of money
healthcare continue to skyrocket, security and enforcement.
remains a top priority.
- 55 -
T HREATS
Einaras Gravrock, Cujo: Next year and Andrew Bagrin, My Digital Shield: Yes, it
beyond, absolutely. These are two of the will for a long time. Patient records are a
most trying challenges we’re facing in our very private thing. It’s one thing to get
generation. your credit card stolen, but to steal identi-
ty or medical information is much worse.
Alina Stancu, Titania: Yes. As the use of

new technologies grows in the healthcare Gerald Peng, Mocato: Yes. Healthcare da-
market, the need for security and stronger ta theft and the hacking of IP-based devi-
regulations over use of private patient ces present threats to the well-being of
data will be more poignant. For the time patients and institutions.
being, HIPAA is the only legislation to ad-
dress these issues, however the problem
with HIPAA is that it is not yet properly
monitored and enforced. Anthony Di Bello, Guidance Software: It
will be an even bigger topic next near as
we hear about breaches that are occur-
ring in 2015 as we speak. Healthcare com-
Julie Herold, Kenny Herold, Odin’s Eye: panies are a virtual treasure trove of per-
Yes, and increasingly so; this is an area sonal information… PII, credit card data
where there is a wealth of information for and more!
differing agendas attackers may have as
well as the industry being a lot further
behind in relation to security in compari-
son to other industries. Much of this will Dotan Bar Noy, Re-Sec Technologies: Yes,
be a result of the increased utilization of definitely.
SaaS and the industry’s lack of security
mindset/maturity and the usual growing
pains/adoption rate of industry best prac-
tices in other sectors. David Coallier, Barricade: Most definitely.
We have healthcare practitioners now
recommending the use of mobile apps as
well as using more sophisticated and in-
Ondrej Krehel, LIFARS: I don’t think so. terconnected gadgetry. The combination
Nationstates and terrorist groups make up of legislation, market uncertainty and fear
a small minority of breaches. It’s really as well as the need to protect the custo-
people out for the money. mer data has never been more prevalent.
- 56 -
T HREATS
Rick Blaisdell: Unfortunately, yes. In Au- Stephan Conradin: Yes. First it is very sen-
gust, the FDA and the Department of Ho- sitive for people. And with this kind of se-
meland Security advised health-care facili- curity we speak of human life, not only
ties to stop using Hospira's Symbiq infu- cash.
sion pump after learning that the device,
which administers medication to a patient
over time, is vulnerable to hackers. Mick
Coady, health information privacy and
security partner at PricewaterhouseCoo-
pers, believes that this type of cybercrime
will become more prevalent in 2016.
The newest threat for medical devices will
be “ransomware / Stuxnet” attacks, where
hackers can tap into the administrative
privilege capabilities of medical devices,
which are typically restricted to manufac-
turers or hospital administrators. We will
especially see an uptick in exploitation of
medical devices that have moved to more
modern types of interconnectivity with
mobile devices.
Craig McDonald, MailGuard: Cyber Crimi-

nals love to target healthcare records –
they contain so much sensitive informa-
tion all in one place. The biggest cyber
security attack of 2015 – Anthem –
involved the medical records of 78.8 mil-
lion people. It’s difficult for IT and security
professionals working in healthcare to
improve data protection without impe-
ding access to potentially life-saving pa-
tient information. At the same time, the
sheer size and complexity of many hospi-
tal IT environments means that cyber se-
curity in healthcare remains a hot topic.
- 57 -
T HREATS
Will security in automotive industry
keep on causing trouble?
Wade Johansen, CouriTech LLC: Cars don’t Gerald Peng, Mocato: Yes. As cars beco-
drive themselves… wait they actually do me increasingly programmable, IP-
now! By using peer to peer traffic infor- shareable and automated, the possibility
mation for apps like Waze, you’ll have of hacking a vehicle will erode consumer
hackers that will take advantage. Also, as confidence if the auto manufacturers do
cars begin to develop capabilities to obse- not address this issue head on.
rve traffic patterns and manage the car's
capability to brake even when a driver is
unaware of a potential incident ahead,
this technology could be used illicitly to Rick Blaisdell: As more and more cars con-
instead push a gas pedal down instead of nect to the Internet for such functions as
brake pedal. GPS, they become more vulnerable. Hac-
kers can connect to a car over a cellular
network and, conceivably, turn off the
engine while the car is speeding down a
David Coallier, Barricade: Not unlike any crowded highway, or cut the brakes, or
other industry, the automotive industry is cause any number of nightmarish
trying to adapt to this modern connected circumstances.
world and they aren't unaffected. They Security researchers will continue to focus
will need to take the same steps as every- on potential exploit scenarios for connec-
one else to prepare themselves and be ted automobile systems that fail to meet
ready to respond to incidents. The only best practice security policies. IT security
difference is cars are directly handling vendors and automakers will develop gui-
people's lives and will have to make a de- dance, standards and technical solutions
cision between convenience and safety. to protect attack surfaces such as vehicle
access system engine control units (ECUs),
engine and transmission ECUs, advanced
driver assistance system ECUs, remote key
BroadTech Security Team: There will be systems, passive keyless entry, V2X re-
trouble here and there, but overall, things ceiver, USBs, OBD IIs, remote link type
should improve and be moving towards apps and smartphone access.
being comfortably and sufficiently secure.
Paul Hoffman, Logical Operations: Yes,

Nick Prescot, ZeroDayLab: Yes, and the especially as we move to automation in
hacks will get worse. driving.
- 58 -
T HREATS
Michael A. Goedeker, Auxilium Cyber Se- Amit Serper, Cybereason: In 2015, we saw
curity: Any industry or product that does a rise in attacks using fileless malware.
not integrate security and doesn’t see se- We expect this to continue, and believe
curity as business critical will experience that it is the most important thing to wa-
problems. tch moving forward. In fact, we think 2016
will be the year of “malware-less attacks.”
While Microsoft is re-architecting Win-
dows to be more secure, it will be quite
David Clarke, VCiso: Yes, but I suspect the some time before those efforts will hit the
automotive industry will respond quickly mainstream. Until then, built in tools,
to safety issues like they did in the 60’s, such as WMI and Powershell, will conti-
partly due to Ralph Nader’s book nue to be very popular attack vectors until
“Unsafe at any speed”. newer versions of Windows become more
ubiquitous.
Additionally, we expect to see more
attacks targeting the Mac platform. The
Mitchell Bezzina, Guidance Software: Ab-
more pervasive it is, the more popular
solutely, the growth of electronics and
target it becomes.
lack of standardization means minimal
attention to security, no car buyer asks 2015 was also a key year in the evolution
how much R&D went into ensuring the of ransomware. Not only have we seen
data connection installed in the car they new business models around it, such as
are purchasing has been secured. It’s a the SaaS model we discovered with Ope-
secondary concern and a production cost ration Kofer, but in November, we saw
which means minimum viable security. the first case of Linux-based ransomware
targeting websites (see Krebs’ story on it),
we expect to see more new permutations
of ransomware coming in 2016.
Mayur Agnihotri: According to a survey
from McKinsey & Co., 45% of new-car ow-
ners are unwilling to use connected servi-
ces because of privacy concerns. Dennis Chow, Millar, Inc: Yes, kinetic
attacks are on the rise and transportation
like automobiles will be a prime target for
whitehats and blackhats alike.
Ondrej Krehel, LIFARS: Hopefully only until
self driving cars are safe.
- 59 -
T HREATS
Wade Lovell, Simpatic: Absolutely! As Craig McDonald, MailGuard: Automotive

early adopters move toward more and cyber crime is in its infancy as is evidenced
more automated driving features, whet- by the acceleration of the US Automobile
her it is proximity alerts or self-driving Industry Accelerates into security, and its
cars, the ability to commandeer controls recent initiatives to enhance cyber Securi-
of vehicles will be an important attack ty.
vector. Imagine going in for a safety recall
Cyber criminals will target vehicle access
and having the technician install a back-
system engine control units (ECUs), engi-
door unwittingly, on behalf of a nation
ne and transmission ECUs, advanced
state, as part of a cyber crime ring, or any
driver assistance system ECUs, remote key
other reason.
systems, passive keyless entry, V2X re-
ceiver, USBs, OBD IIs, remote link type
apps and smartphone access.
Leon Kuperman, Zenedge: Potentially –
This falls into the category of IoT devices.
Car manufacturers will need to treat secu-
Stephan Conradin: Perhaps not in 2016 or
rity as first-class citizens as opposed to
2017, but it is a big concern for future as
add-on technology components. As con-
vehicles become more and more depen-
nected technology modules start influen-
dent on data and telecom.
cing core driving / safety features, auto-
motive will go through a transformation
period where issues may occur.
Alina Stancu, Titania: The advent of IoT
means that automotive, just like eve-
rything else inter-connected, is a source of
Einaras Gravrock, Cujo: Well… we expect worry. The responsibility of car manufac-
cars to increasingly integrate with other turers is perhaps higher than for many
services using online technologies. When other technological gadget providers, as it
cars become computers interconnected must ensure the safety of its passengers.
with apps, services, and features… when The Jeep Cherokee hacking has been an
cars become another IoT, they will natu- eye-opener for drivers, just as much as it
rally be exposed to cyber security threats. was for the industry. Fiat Chrysler recalled
That being said, we don’t expect people to 1.4 m vehicles to patch the vulnerability
be in serious physical danger in the very that allowed two security researchers to
near future. disable the brakes on a car and sliding it
into a ditch.
- 60 -
T HREATS
Kenneth C. Citarella, Guidepost Solutions: Andrew Bagrin, My Digital Shield: I hope

The increasing computerization of cars not, but I suspect that it will. It is just
and their connection to the Internet of another IoT and won’t be taken seriously
Things heralds a wide array of potential until a disaster happens.
harm. Can the digital record of a car’s
activities be altered to impact litigation
arising from an accident, or remove evi-
dence that might lead to a criminal char-
ge? Can a car be remotely commandee- Julie Herold, Kenny Herold, Odin’s Eye:
red to threaten the life of its occupants? Not in our opinion; not enough gains.
Such risks are highly predictable; the time
for the security-related discussion and
analysis is now.

KPMG: Regarding the issues we are seeing
in the automotive industry, as long as the
new cars are incorporating more and mo-
re computer-based components and tech-
nology, as in any other aspect of the mar-
ket, this fact is attracting not only private
researchers, but also curious people and
the bad guys. Hacking vehicles, to find
and demonstrate their vulnerabilities and
bad security designs or implementations,
are only a few of the reasons for this to
happen. Automakers need to invest more
in assessing their internal processes in
regards to cyber security for their compu-
ter components, and also to assess the
components they get from their third par-
ties. In response to this transformation
process, KPMG has already created a stra-
tegic and technical Vehicle Forensics team
well prepared to assist the automakers in
preventing, detecting and responding to
cyber security issues.
- 61 -
W HO IS
WHO
Mitchell Bezzina Anthony Di Bello

Guidance Software Guidance Software
Security Strategist Senior Director
Security Practice
Mitchell Bezzina is a techno- Anthony Di Bello is

logy team leader with over 15 responsible for provi-
years' experience in informa- ding in-depth insight
tion security and endpoint into the advanced
forensics. With hands-on threat landscape for
experience in security and Guidance Software
digital investigations of every and its customers. Sin-
kind, he has designed, deve- ce joining the compa-
loped, and implemented ope- ny in 2005, Di Bello
rational and procedural poli- has been instrumental
cies for digital forensics, e- in defining the compa-
discovery, and security de- ny’s suite of security
partments to gain production products, introducing
efficiencies and comply with new products and suc-
business requirements. Mitchell is now focused on se- cessfully driving market adoption with Fortune 500
curity product strategy for Guidance software having companies and federal government agencies. Prior to
previously managed forensic and e-discovery services in joining Guidance Software, Di Bello spent seven years
support of investigations centered on intellectual pro- with Towers Perrin, a global professional services firm
perty theft, employee misconduct, fraud investigations, specializing in risk and financial management. He is a
cross-border investigations, court orders, and regulato- frequent speaker and quoted regularly in security indu-
ry inquiries. stry publications.
Paul Shomo
Guidance Software, Sr. Technical Manager
Paul Shomo has over 15 years of R&D experience, having begun his career wri-
ting firmware for IP routers and satellite networks. Paul joined Guidance So-
ftware’s new product research group in 2006, which launched the industry’s
first incident response solution. Paul has managed and architected cybersecu-
rity and forensic products for many years. He now manages integrations with
the EnCase open security platform, and in his free time works to educate the
cybersecurity industry.
- 62 -
M OBILE
Which mobile phone will be
the most secure one?
Chase Cunningham, Cynja: Silent Circle’s Elizabeth Houser, Praesidio: The iPhone,
Blackphone 2 is far and away the best and especially if U.S. Congress does not pass
most secure phone anyone can use but it legislation requiring Apple and other pho-
isn’t for the masses. Most people will stick ne makers to decrypt phones for law en-
with what they know. The Android based forcement purposes.
phones will continue to be the preferred
phones for exploitation because of how
readily available exploits are for that OS in
the cyber underground. Leon Kuperman, Zenedge: Systems that
are cost closed will have the best security
posture – iPhone / iOS .
Michael A. Goedeker, Auxilium Security:

There is no such thing as a „secure” mobi-
le phone. We created a secure handset Richard De Vere,The AntiSocial Engineer:
with hardened OS, blocked known malwa- Taking a look at the recent release of pri-
re and spyware apps but we can not repa- ces from zerodium (0day reseller) which
ir the broken communications systems offers bounties of 500,000 for iOS and
like SS7 that people use to track your po- 100,000 for Android… It’s plain to see
sition. The only real „secure” phone to which phone is more secure. It’s 0days
have would be based on its own coms that hurt this market and with iOS 0days
system and network (regardless of what fetching 5 times as much as Android says
others are selling you…). it all.
Mark Bennet, Blustor: Apple IOS devices Wade Johansen, CouriTech LLC: The iPho-
will continue to be the most secure widely ne will evolve to be the most secure pho-
used smartphone in the industry, primari- ne I believe, but it will probably only be
ly due to the more restrictive and control- because it is hacked “less often” than An-
ling ecosystem that Apple has built aro- droid and Windows phones.
und their products. While the use of niche
smartphones designed for enterprises
with the need for high-levels of security Rajeev Chauhan: The one with cloud sto-
will continue to grow, the price and flexi- rage and having active app scanner.
bility of these devices will likely keep
them out of the hands of the average con-
sumer.
- 63 -
M OBILE
Mayur Agnihotri: No phone will be the Anthony Di Bello, Guidance Software:

most secure one in my view. This is the BlackBerry Priv and Blackphone seem
wrong question. The right question is pretty well thought out from a security
which mobile phone company is more perspective. Only time will tell.
concerned about its user’s security and
privacy.

Roberto Langdon, Nicolas Orlandini, BlackPhone – sole purpose of the solution
KPMG: We cannot identify which mobile is for security and privacy. Other phones
phone will be the most secure one, due to are catering to end users for usability as
the direct interaction and criteria of its the focal point.
user. And again, the factor Security Awa-
reness comes again over the table. Almost
all of the mobile phone users are going
through their lives careless of what can Ondrej Krehel, LIFARS: One that’s turned
happen to their mobile phones, and main- off.
ly with the information inside them.
Stephan Conradin: Android? No it’s a joke,

Andrew Bagrin, My Digital Shield: The one iPhone will remain the least bad.
that is properly protected. If you take all
phones without any protection, probably
the old flip phones or blackberry on the
older RIM OS (not Android). Wade Lovell, Simpatic: Blackphone 2.

In looking at the security of mobile devi- Gerald Peng, Mocato: All mobile phones
ces, there is really not one that is conside- can be hacked with enough time and re-
red to be more secure than any other as it sources. Ideally, you want a phone that
all depends on how you use the device. will protect you against casual hacks and
From cloud access to desktop backup, persistent online behavioral tracking. Go-
most devices have a risk associated with od options on the market are Silent Circ-
them when it comes to security. le's Blackphone 2 or the BlackBerry Priv.
- 64 -
M OBILE
BroadTech Security Team: I have no Idea.

I don’t use a smartphone (or no phone
you can say).
Nick Prescot, ZeroDayLab: Blackphone

Blackberry.
David Clarke, VCiso: Android with Custo-

mised for security are currently in the le-
ad, there are no IOS customised versions
for security.
Dotan Bar Noy, Re-Sec Technologies: Pho-

ne will not be more secured than your
regular home computer as users are free-
ly downloading programs, plugging the
devices and connecting to random hot-
spots as they travel. The “PwC 2015 Infor-
mation Security Breaches Study on UK
Corporations” reports that 15 percent of
organizations suffered from a breach cau-
sed by use of a smartphone or tablet devi-
ce, more than doubling last year’s figure
of 7 percent. This is a great challenge and
opportunity for the industry.
Mitchell Bezzina, Guidance Software: My

1997 Nokia 6210.
- 65 -
M OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Richard De Vere, The AntiSocial Engineer:
curity: The same ones as now. In addition, Social Engineering using the mobile tele-
the false sense of security that „secure” phone has seen a rise over the past few
phone manufacturers sell you will lead to years based on the percentage of us now
more hacked phones. The system is bro- spending large amounts of time on our
ken, no phone would change that… smartphones. I think criminals have paid
more attention to this field. Noting phis-
hing sites that are mobile friendly!
Mark Bennet, Blustor: As biometrics conti-

nue to grow as a mainstream security me-
chanism for accessing mobile devices and Amber Schroader, Paraben Corporation:
related applications, consumers will see We believe there will be an increase in
an increase in malware that specifically security risks that come from 3rd party
targets biometric identity theft. The un- Apps. With a poor vetting procedure in
fortunate reality is that the identities of place for 3rd party Apps, we have seen an
many consumers are going to be compro- increase in the data being collected and
mised for life due to their own unaware- used by 3rd party Apps.
ness of how serious this issue will become
over the next few years. Once your bio-
metrics have been compromised, they can
never be replaced short of visiting a pla- Rick Blaisdell: According to the mobile
stic surgeon. security firm NowSecure, 43 percent of
"bring your own device" (BYOD)
smartphones used by U.S. workers don't
have a password, a personal identification
Elizabeth Houser, Praesidio: Malware for number or pattern lock. Fifty percent use
mobile devices is on the rise especially these devices to connect to unsecured Wi
since people habitually download free -Fi at least once a month, and nearly half
apps and use jailbroken phones. of mobile apps on any given mobile devi-
ce have at least one major security flaw.
Cybercriminals can easily exploit vulnera-
bilities in your mobile phone to obtain
Wade Johansen, CouriTech LLC: GPS vul- private data. These vulnerabilities someti-
nerabilities and apps that require too mes come from the apps you use or
much permissions (already an issue) with within your smartphone itself. Mobile
little company security knowledge about phones are also vulnerable to malware,
locking apps done before publishing. which can log keystrokes and capture
screenshots.
- 66 -
M OBILE
Mayur Agnihotri: Malware because “Good Wade Lovell, Simpatic: I am primarily con-
Malware Never Dies”. Some underground cerned about altered variants of apps,
hackers built this type of malware which especially games, being disseminated
does not need any type of permission through legitimate app stores. I am also
(“root" or "jailbreak") to access the mobi- concerned about apps with expanded ca-
le phone to affect the mobile phone. pabilities for analytics, etc. being downlo-
aded without users paying attention to
the terms and conditions.

We think there will be a breakthrough
outside of the usual delivery of malware Gerald Peng, Mocato: As the majority of
via stores. We think until an R&D depart- phones are Android based, my answer is
ment within a security company commits confined to those devices. The vulnerabili-
the time to explore this area further, the- ties of the Android OS are exposure to
re won’t be much change in the realized cloning, data leakage, weak malicious ap-
versus perceived attack surface and vec- plication detection and ability to use the
tors for exploitation. device as a microphone. These vulnerabi-
lities facilitate identity theft and financial
fraud.
Ondrej Krehel, LIFARS: Many of the same

ones, from malwaretising to phishing
texts/emails and unvalidated apps. Paul Hoffman, Logical Operations: Loca-
tion, financial information (Apple Pay),
Stephan Conradin: We have a great de-

pendence on geolocation and disturbation Roberto Langdon, Nicolas Orlandini,
of GPS data could be serious. KPMG: Malware addressed to steal infor-
mation, to make calls or messages devia-
tion, to get private photos or videos, is
totally easy. Think that the people are
David Clarke, VCiso: Mobiles are similar to carrying all their emails, access credentials
PCs 15 Years ago, almost everything is to portals, to mail servers, to home ban-
vulnerable from text and data transmis- king sites, etc. It is as easy as taking candy
sion to the OS. from a little child. Almost no one cares
about this, unfortunately.
- 67 -
M OBILE
BroadTech Security Team: Theo deRaadt,

founder of OpenBSD and Co-founder of
NetBSD, said, “Low code quality keeps
haunting our entire industry. That, and
sloppy programmers who don't under-
stand the frameworks they work within.
They're like plumbers high on glue.” I
think everything starts there, adding to it
is poor hardware design, infectable
firmware, malware apps, etc. Again, user
discretion and spreading security aware-
ness, I believe, can contain a lot of pro-
blems and keep them from blowing up.
Before you get a smartphone, it is good to
list out what purposes it should serve you
and then get just the ones that have only
those features and install only necessary
apps. Don’t root the phone because so-
meone else did it. If you go feature cha-
sing, you will end up in trouble because
one day you will find that feature was a
trap.
Nick Prescot, ZeroDayLab: Malware that's

executed by user unluckiness.
Andrew Bagrin, My Digital Shield: I think

they will be used as a method for hackers
to sneak malware into companies.
- 68 -
M OBILE
What security measures we should use to protect
our mobile phones in the next year?
Chase Cunningham, Cynja: Just like your Mark Bennet, Blustor: Consumers and
laptop, be sure that your phone is pa- enterprises alike need to separate the
tched and your OS is always up to date. keys of an individual’s digital identity from
Use two-factor authentication. If you the devices they require for access. One
don’t need an app or don’t need a parti- analogy is that you wouldn’t secure your
cular function…turn it off. Bottom line— car by leaving the keys in the ignition and
don’t suck at patching. neither should you store your biometric
identity on your smartphone. While po-
werful devices, smartphones are inheren-
tly vulnerable to attack due to the ubiqui-
Michael A. Goedeker, Auxilium Cyber Se- tous and always connected nature. A
curity: Don’t use a phone for secure stuff! better solution, such as BluStor’s Cyber-
Limit the usage for important calls and Gate platform, that allows users to seam-
functions, only use apps that are tested lessly separate the digital keys (e.g., bio-
and proven backdoor and spyware free. metrics) needed to access their phone or
Don’t trust any phone manufacturer, test other mobile devices, is critical to ad-
and verify your Sim card, phone hardwa- dressing this vulnerability.
re, OS and Apps are secure. Recognize
that the underlying communication sys-
tem is flawed. Anyone and everyone can
track you down, so if you don’t want that, Wade Johansen, CouriTech LLC: Apps like
then limit phone use. Use a computer or Cerberus to encrypt phones, detect GPS
electronic device that can use encrypted locations (if on), and ability to take pics of
signals and never needs the SS7 based users attempting too many passwords are
infrastructure. a plus! Remote wipe capability is also han-
dy.
Elizabeth Houser, Praesidio: Users need to

take responsibility for the apps s/he is Richard De Vere,The AntiSocial Engineer:
downloading and be aware of what I’d like to think every last person who
exactly is being loaded onto the device. uses the internet should be aware of two
Mobile devices have been around long factor authentication available for all mo-
enough that the current usage mentality bile platforms, this should help form the
should be maturing. For most people, basis of your security - But with our pho-
smart phones are now a vital, integrated nes becoming the master key for all our
tool in the daily operations of our lives digital lives, the need for secure 8+ digit
and should be protected as such. lock screen passwords and mobile disk
encryption is more so than ever.
- 69 -
M OBILE
Amber Schroader, Paraben Corporation: Mayur Agnihotri: Endpoint protection so-

The best security is to be aware of what ftware must be used on every mobile
your device is doing and what you have device. • Sharply analyze cloud services
granted access to with the device use po- for their ability to resist threats and
licies and with 3rd party apps. We have to attacks. For this, we should terminate
find the line between being secure and third-party security vendor conduct
being accessible. testing and instead, start checking the
cloud provider's certificate which should
indicate that third-party security vendor
has already tested its applications. •
Rick Blaisdell: Knowing your vulnerabili- When choosing a mobile phone, first
ties and making sure that you protect check its security features. • Before you
them will stand you in good stead for store information on your mobile phone,
2016. Other precautionary steps include: ask yourself “Is this TMI?” TMI – Too
- Use strong passwords for your accounts Much Information. • Do not "root" or
that include numbers, lower case and ca- "jailbreak" the mobile phone.
pitalized letters, and are not easy to gu-
ess, e.g. password, 12345, etc. Don't open
suspicious emails requesting that you re-
enter sensitive data - Destroy sensitive Roberto Langdon, Nicolas Orlandini,
documents—Use a VPN to secure your KPMG: Mobile phones must be protected
Internet connection if you need to use by antivirus, firewall, intrusion prevention
public Wi-Fi—Keep your antivirus softwa- systems, and backup policies as well. They
re up to date. are IT equipment! Phishing techniques
will be as frequent as during 2015, and
Android is still showing a lot of security
hack opportunities.
Julie Herold, Kenny Herold, Odin’s Eye: By the way, a lot of people think that the
Unfortunately, the anti-virus/anti- mobile phone is more private than a
malware maturity of software for phones workstation or notebook, and sometimes
is very immature. This is as a result of the there are important discoveries not imagi-
lack of a need for it, we are barely into the ned by the people involved in a fraud.
pattern based detection on mobile pro-
grams designed to protect an end user
against threats. This lack of maturity is
due, in part, to the lack of realistic threat Stephan Conradin: Keep in mind it is a
scenarios outside of the so-called smart device, open and not very secure.
“vetting” of applications before they are Awareness!
available in a store.
- 70 -
M OBILE
Ondrej Krehel, LIFARS: Be aware and read David Clarke, VCiso: As many security so-
the fine print on permissions. ftware apps as you can get on your pho-
ne. I use at least four.
Paul Hoffman, Logical Operations: Use

Two Factor authentication wherever po- Gerald Peng, Mocato: This is a non-
ssible. Change passwords to be more se- exhaustive list of security precautions you
cure. Use Bio where possible. can take: Check your device’s security fea-
tures before you buy, such as file en-
cryption, device wiping capacity, and au-
thentication features. • Secure the device
Wade Lovell, Simpatic: Establish a compa- using locking, enabling encryption and
ny-wide approved apps list for “bring your antivirus software. • Configure web acco-
own devices” (BYOD). • Have IT set up an unts using encrypted connections in acco-
internal app store so IT can determine unt options such as HTTPS or SSL. • Avoid
whether the checksums match with the clicking links sent in suspicious emails or
publishers’ source files, test updates befo- text messages. • Do not reveal your mo-
re they are deployed, etc. • Turn off wi-fi bile phone number on social networking
outside the office and route everything websites.• Consider what personal infor-
through cellular data except while in the mation you will store on your device. •
office. Vet applications before installing them on
your phone by researching them first. •
Disable Bluetooth, infrared and Wi-Fi in-
terfaces when not in use and in public
Anthony Di Bello, Guidance Software: Sa- places.
me measures we would take with any
other device. Encryption, password pro-
tection, turn off Bluetooth/wifi/gps when
in questionable locations such as Defcon. BroadTech Security Team: I will have to
write a paper on it so I will let someone
else answer it. What I do is simple I don’t
have a smartphone ( I don’t use the old
Andrew Bagrin, My Digital Shield: There mobile phone which can only make calls
isn’t much out there that is very accessi- and SMS unless there is a prior appoint-
ble, but I think having something simple ment or to call family ). In my current ca-
to at least identify if something is wrong pacity, a smartphone is a liability and risk.
or your configuration is not ideal is very
necessary. Something like NowSecure.
- 71 -
M OBILE
Nick Prescot, ZeroDayLab: For companies,

the MDM sandboxing is a good idea but
for personal users, they are safer than
desktop systems.
Einaras Gravrock, Cujo: For starters, you

should secure your home network. Often
times, home hackers get access to our cell
phones by penetrating your home ne-
twork. Secondly, do not use public Inter-
net networks.
- 72 -
M OBILE
What risks will mobile industry face in 2016?

curity: Increased usage as a cyber war and KPMG: Using phishing techniques, the bad
espionage tool. Data leakage and theft. guys made several devices contamination
oriented to steal information, mainly fi-
nancials (username, PIN, credit card infor-
mation, etc.), as well as personal informa-
Wade Johansen, CouriTech LLC: Bluetooth tion. All the stuff with value at the black
security problems currently plague the market. Also, it cannot be left out what it
mobile phone industry. Users who link to is related to spy at political level or indu-
their cars (remote start), Pandora radios, strial secrets as well.
GPS mapping, etc., are highly exploitable.
Rajeev Chauhan, Cyber Oxen: Identity
theft and personal data security.
Andrew Bagrin, My Digital Shield: More
features means more vulnerabilities, and
ability to control everything that you can
Einaras Gravrock, Cujo: The challenge is control from you phone (car, house, etc.).
that companies will need to continue shi-
fting their budgets away from features
and onto security which will slow down
overall product improvements as well as David Clarke, VCiso: Marketing apps may-
profitability. be too invasive, exploits exposing more
personal data.
Mayur Agnihotri: Ransomware • Encryp-

ted Penetration • No endpoint protection Wade Lovell, Simpatic: As payments move
software • Application-Based Threats. to the smartphone, so will attacks. • Bio-
metrics, as currently implemented, are a
dangerous way to validate users to devi-
ces and once a fingerprint is collected or
Gerald Peng, Mocato: The increasing po- stolen, the device and ALL FUTURE DEVI-
pularity of mobile shopping and mobile CES where the user registers that finger-
beacons will make mobile phones likelier print are compromised. This is disastrous
fraud targets. The ability to fight mobile for BYOD. • Nation States requiring back-
platform fraud will be influenced by in- doors or compromising component manu-
novations in data protection, intuitive se- facturers.
curity compliance protocols and user au-
thentication.
- 73 -
M OBILE
What risks will mobile industry face in 2016?
Ondrej Krehel, LIFARS: Users. They are

always the weakest link, especially in mo-
bile.
BroadTech Security Team: I don’t know

but vulnerabilities are surely going to in-
crease rather than decrease if vendors are
going to enchant people with features
and jargons instead of working more on
testing the quality of their product before
release.
Nick Prescot, ZeroDayLab: Bluetooth jac-

king.
- 74 -
W HO IS
WHO
Leon Kuperman Mark W. Bennett
Zenedge, CTO & Co-founder Blustor, COO
Leon Kuperman is a successful fo- Mark is the Chief Operating

under and CTO of multiple e- Office of BluStor PMC, Inc.
commerce organizations with 18+ and is a trailblazing execu-
years of experience in product ma- tive more than 20 years of
nagement, software design and experience in the IT industry
development all the way through to delivering strong competi-
production deployment. He is an tive advantages through
authority on Payment Card Industry technology innovation and
Data Security Standard (PCI DSS), e- organizational transforma-
commerce, online marketplaces / tion. He brings a unique per-
auctions, data center deployment, spective to the world of cyber security that is a combi-
cloud deployment and web applica- nation of years of work in areas that require high-level
tion architecture. He is also a of information security including the aerospace defense
holder of a patent relating to e- sector and financial services.
commerce caching systems which
he worked on while at IBM.
Mayur Agnihotri Przemek Radzikowski

Secbüro Labs
Chief Security Researcher
I've done Bachelors of Engineering
from Information Technology and Przemek (Shem) is the Chief Securi-
having certifications under my belt ty Researcher at Secbüro Labs. For
like C|EH - Certified Ethical Hacker, over two decades he has worked
Cyber Security for Industrial Con- on key assignments with govern-
trol Systems, Operational Security ment, military, telecommunica-
for Control Systems, Advanced Se- tions, banking, finance and large
curity In The Field, Basic Security In multinational clients across the
The Field. I have 3+ years of expe- Americas, Middle East, Africa, Eu-
rience and love to spend time find rope and Asia Pacific, where he
bugs and vulnerabilities. headed the technical delivery and
An Information Security Enthusiast, governance of highly complex
Who believes in Security and Not Cloud, Data Center and Security
Just Compliance. projects worth in excess of $65
million.
- 75 -
I NTERNET OF THINGS
Will IoT force the industry
to change?
Shay Zandani, Cytegic: The inherent inter- Dennis Chow, Millar, Inc: Not alone, as
connectivity of IoT already forces changes history shows, it will probably require mo-
in the security industry, and will continue re breaches related to IoT and high visibili-
to do so. This fact demands multi-device ty catastrophes before vendors will be
endpoint detection tools, cross-device forced to make changes.
honeypots and much stricter MDM rules
and practices in the office space.
Mitchell Bezzina, Guidance Software: Not

until it’s too late. Just like all other goods,
Kenneth C. Citarella, Guidepost Solutions: security concerns are production costs to
The Internet of Things will not force any the vendor and rarely factor in consumer
industry to change, not the auto industry, buying decisions. It will take a major bre-
not the appliance industry, not the home ach before standards are implemented
security industry not the computer indu- across IoT manufacturers and this will be
stry. A demand for security and privacy a 2020 concern.
pushed jointly by consumers, the govern-
ment, politicians and security experts will.
Dotan Bar Noy, Re-Sec Technologies: Yes.

But it is still a long process that is in its
Stephan Conradin: Before changing the early stages.
industry, understand what we can or
should do with all this data from these
sensors.
David Clarke, VCiso: Cyber security that
can be managed will need to be built in.
Paul Hoffman, Logical Operations: It alrea-

dy has.
Gerald Peng, Mocato: Gartner Inc. has
predicted that 6.4 billion connected things
will be in use worldwide in 2016, up 30
Nick Prescot, ZeroDayLab: Not really in percent from 2015, and will reach 20.8
2016, the regulation as part of EU GDPR billion by 2020. The increase in intercon-
will make people think. nected devices will mean that cyber-
attacks can be massively scaled up.
- 76 -
I NTERNET OF THINGS
to change?
Michael A. Goedeker, Auxilium Cyber Se- David Coallier, Barricade: The providers of
curity: Yes, as in all new technology, we, security products need to understand that
for some reason, always forget to integra- we have new computing capabilities avai-
te security right from the start. This is a lable to us nowadays that allow for leaps
dangerous way of creating new services in pattern discovery. Continuing to deve-
and products. Since IoT connects systems lop products that are doing heavy pro-
previously not connected, we will only get cessing on the devices is no longer an
to see the „new” hacking vectors as it be- option and the democratisation of compu-
comes more mainstream. ting Amazon is leading will force many
incumbents to change how they do things.
Amit Serper, Cybereason: While I think IoT

might have jump started a culture-shift Mark Bennet, Blustor: Despite the efforts
towards security in some industries - such of many organizations to get in front of
as automotive - for the most part, I don’t IoT related security issues, the drive to get
think people care enough about security to market first with these products is go-
to make IoT systems inherently more se- ing to result in numerous vulnerabilities
cure than what we have now. Unfortuna- that can scarcely be understood yet. This
tely, I don’t think there will be much of a means a long and painful road ahead for
groundswell towards building secure IoT IoT but it will ultimately drive significant
systems until people and businesses start changes in the industry. Unfortunately, I
experiencing consequences for themse- suspect we have many years of learning
lves. from the “school of hard knocks” in front
of us.

KPMG: IoT is becoming an amazing advan- Andrew Bagrin, My Digital Shield: Very
tage for people’s wellness, but if we consi- much so. We can no longer expect to have
der this with the little responsibility by a security endpoint client on every piece
mobile phone users in terms of protection of hardware out there that has an IP.
and security, this will become a funny war
between users and delinquents. I cannot
imagine a toaster firewall but we can have
security on the other side.
- 77 -
I NTERNET OF THINGS
to change?
Amber Schroader, Paraben Corporation: BroadTech Security Team: YES, I wrote

IoT has caused a lot of changes in how we about a particular scenario a few months
look at digital evidence and access of digi- back but it was not received then but now
tal devices in our daily life. IoT will make people have started appreciating it after
huge changes to where we see our infor- reality started striking. IoT is going to
mation spread out to, as well as where it bring a deluge of data for processing,
can be collected from. which traditional Big Data processing
techniques, Internet bandwidth, cloud
storage should be able to handle for a
long time without breaking down. We will
Anthony Di Bello, Guidance Software: Yes, see more and more of Proximity Cloud or
in today’s climate of privacy concerns, Intelligent Sensor Cloud that will throw
security will be critical to mass market away irrelevant data right from the start
adoption of IoT devices. It’s already forced and send only what is needed to be pro-
the industry to change. Take a look at cessed and stores. Data Flow ( Realtime
what Intel/McAfee is talking about lately. Big Data Analysis ) may not be a viable or
preferable option without Intelligent Sen-
sor Cloud ( I coined the term while resear-
ching AI ) no matter how big your infra-
structure is, someday someone is going to
Wade Lovell, Simpatic: Yes, IoT provides a question processing and storing all data
new attack vector. The Internet of Things because ultimately it all translates to cost
is a nightmare for security. Think of each incurred. I know I will get mocked on this
one of those devices as a small computer but let us see :-).
transmitting personal information about
you. What time are you out of the house?
Did you turn on the burglar alarm? How
do you remotely unlock the back door? At
the moment, all that data is poorly secu- Wade Johansen, CouriTech LLC: Will IoT
red. force the industry to change? Yes, NEST is
already making an impact. People want to
be in touch with their homes, children,
and PCs at all times. The world's techno-
logy industries will need to accommodate
Julie Herold, Kenny Herold, Odin’s Eye: this to remain profitable.
No, this area is too new and not profitable
yet as a result of the lack of presence.
- 78 -
I NTERNET OF THINGS
to change?
Craig McDonald, MailGuard: A study pre- Ondrej Krehel, LIFARS: A bit, but not real-
sented in October 2015 by the IT research ly.
company, Gartner, predicts a transforma-
tion in the world of cybersecurity within
the next two years, thanks to the Internet
of Things. Rajeev Chauhan: Yes, in a big way.
By the end of 2017, more than 20% of bu-
sinesses will be using security services
dedicated to protecting businesses ini-
tiatives, and that use devices and services
based on the Internet of Things.
Two examples: A sensor that detects and
adjusts the temperature in a room auto-
matically; another that adjusts the dosage
of medication for a patient in their hospi-
tal bed according to new data on their
medical records.
Threat intelligence sharing among enter-

prises and security vendors will grow and
mature. Legislative steps may be taken,
making it possible for companies and
governments to share threat intelligence.
The development of best practices in this
area will accelerate.
Einaras Gravrock, Cujo: IoT is about to

magnify the issues of cyber security with
billions of new devices entering the mar-
ket – devices that are largely unsecured. I
think it’s relatively easy to make an argu-
ment that IoT represents the biggest cy-
ber security challenge yet. They are easy
targets with potential for limitless dama-
ge.
- 79 -
I NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Michael A. Goedeker, Auxilium Cyber Se- Craig McDonald, MailGuard: Currently,

curity: Incorporating the correct levels of more things are connected to the Internet
security into software, menus, commands than people, according to technology
and integrating open source protection company, Cisco, which also predicts that
into all IoT devices from the start. At 25 billion devices will be connected by
Davos, I discussed and showed how gas 2015 and 50 billion by 2020. All things
heaters can be turned into bombs becau- that connect to the Internet expand the
se the lack of firewall and security verifica- attack surface for hackers and enemies. A
tion technology in FPGA units. This is just recent study released by Hewlett Pac-
one example, SCADA is also „still” an is- kard showed that 70 percent of IoT devi-
sue. ces contain serious vulnerabilities.
Mark Bennet, Blustor: The slow adoption Nick Prescot, ZeroDayLab: Same as mobi-
of standards and commercial competitive- les.
ness will continue to challenge the IoT
industry to really solve some of the more
serious security vulnerabilities inherent in
these devices.
Mayur Agnihotri: Lack of data protocol
standards • There is currently no agree-
ment/ standard on how to implement se-
curity in IoT • Upgradability And Patcha-
Irfan Shakeel, EH Academy: The security bility Of IoT regularly.
issues are expected to rise; security rese-
archers might challenge the existing infra-
structure. This will open the door for the
organizations to spend on R&D, they will
Wade Johansen, CouriTech LLC: Ban-
spend more on finding the vulnerabilities.
dwidth, security and reliability. Bandwidth
is already an issue, more fiber and more
competition between global bvs local car-
riers needs to be emphasised. Security
Stephan Conradin: IoT should be treated and reliability also go hand in hand, our
in parallel with Big Data. IoT must integra- phones, PCs, laptops, tablets, handhelds,
te safety and security from the design. watches, security systems, building sys-
tems, all the way up to electrical grids,
require better security and protection.
- 80 -
I NTERNET OF THINGS
Dennis Chow, Millar, Inc: Possibly weak BroadTech Security Team: I will have to
passwords, backdoors, and injection ba- write a book but here are few: (1) non
sed attacks. standardization of hardware and software
will create confusion but let us hope they
all follow standard transfer formats and
standard APIs for data transfer, talking of
the ones with same use but from different
vendors. (2) Serious security incidents are
IoT has a lot of risk in just being new and
going to happen due to vulnerable har-
not having the advantage of already being
dware, firmware and software and for a
broken. Once technology is broken, we
long time, vendors are not going to take it
find better and better means to fix it. With
seriously because they don’t understand.
IoT, it is giving us a completely new per-
We have IoT startups with people who are
spective that is causing issues in gaining
highly creative but quite naive in security,
access or even securing access.
so they are going to make highly useful
stuff but insecure, thus undermining the
product’s credibility.
Dotan Bar Noy, Re-Sec Technologies: The

lack of a standard protocol and the need
to incorporate many different patched
systems will be the main challenge and
not only for the next year. In addition, the Paul Hoffman, Logical Operations: Secu-
IoT by design is built with lightweight se- ring networks that use IoT.
curity and relies heavily on shared libra-
ries and a short development cycle.
David Coallier, Barricade: For us, the chal- Roberto Langdon, Nicolas Orlandini,
lenge isn't in security as much as it is in KPMG: The key actions will be addressed
usability. We are a design-led security to enter into the mobile phones, facilita-
company and we spend a lot of time thin- ted by the direct connection with the IoT.
king about how to make security more
accessible to businesses. Providers of IoT
devices face the same challenge. Keeping
a high level of convenience of use with
intrinsic, transparent and non-adversarial
security.
- 81 -
I NTERNET OF THINGS
Rick Blaisdell: As we become increasingly reliant on intelligent, interconnected devices in every aspect of
our lives, security is very much a central issue for the Internet of Things. Despite the opportunities of IoT,
there are many risks that must be considered. Here are five of the many risks that will be essential in an
Internet of Things world:
Understanding the complexity - Imagine Nuclear power plants and data centers using IoT devices to auto-
mate their controls and being compromised. Understanding the complexity of vulnerabilities, and how se-
rious of a threat they pose is going to become a huge challenge. Because these devices will have hardware
platforms and software that enterprises may never have had insight into before, the types of vulnerabilities
may be unlike anything organizations have dealt with previously. This is why it's critical not to underestima-
te the elevated risks of many IoT devices.
Vulnerability management - Another big challenge for enterprises into an IoT environment will be learning
how to quickly patch IoT device vulnerabilities and how to prioritize them. Because most IoT devices requi-
re a firmware update in order to patch the vulnerability, the task can be hard to accomplish in real time.
Identifying security controls - In the IT world, redundancy is critical. If one product fails, another is there to
take over. The concept of layered security works similarly, but we still have to see how well enterprises can
layer security and redundancy to manage IoT risk. The challenge will be identifying where security controls
are needed for Internet-connected devices, and then implementing effective controls. Given the diversity
that will exist among these devices, organizations will need to conduct customized risk assessments, often
relying on third-party expertise, to identify what the risks are and how best to contain them.
Disruption and denial-of-service attacks - Disruptive cyber attacks, such as distributed denial-of-service
attacks, could have bad consequences for an enterprise. If thousands of IoT devices try to access a corpora-
te website or data service feed that isn't available, a company’s happy customers will become frustrated,
resulting in revenue loss, customer dissatisfaction and potentially poor reception in the market. Capabilities
for managing lost or stolen devices will also be critical for dealing with compromised IoT devices, so having
an enterprise strategy in place will help mitigate the risks of corporate data ending up in the wrong hands.
Security analytics capabilities - The variety of new devices connecting to the Internet will create a flood of
data for enterprises to collect, process and analyze. While certainly organizations will identify new business
opportunities based on this data, new risks emerge as well.
- 82 -
I NTERNET OF THINGS
Wade Lovell, Simpatic: IoT designers will Andrew Bagrin, My Digital Shield: The bi-
have to convert to a security-centric de- ggest challenge will be security.
sign methodology. So far, security has mo-
stly been an afterthought.
Ondrej Krehel, LIFARS: Staying secure as

they grow in capabilities. It’s all about se-
Gerald Peng, Mocato: The surge in IP- rvice management and usability vs. securi-
connected devices increase cyber threat ty.
risks within the corporate and domestic
environments, specifically with respect to
IT infrastructure and device vulnerabili-
ties.
David Clarke, VCiso: Managing Cyber secu-
rity on a large scale.
Anthony Di Bello, Guidance Software: Re-

ally the challenge of mass-market adop-
tion, convincing the market that it is secu-
rity. News of hacked Barbie Dolls and ba-
by monitors is not helping here.

The greatest risk is that we will not antici-
pate the connections that will be made
possible by the Internet of Things. One
device may be designed to talk to
another, but where the second one leads
may only be understood once it is too la-
te. For example, many devices can be
accessed via a smartphone. If one device
is compromised and that leads to vulnera-
bility in the smartphone app, the risks for
the user can escalate to involve every
function and every app the phone
supports.
- 83 -
I NTERNET OF THINGS
How will IoT influence
cyber community?
Michael A. Goedeker, Auxilium Cyber Se- BroadTech Security Team: Will mention
curity: We need to be faster, teach more, just one part that could be missed by
work on creating security products that others. “More Information Overload“ cau-
protect everyday functions and people sing the brains to be rewired for
from dedicated and nasty attacks on wha- “continuous partial attention” thus degra-
tever the IoT industry brings out. It's a ding the brain’s ability to reflect and con-
new area that we need to protect fast. template and thus losing creativity. IoT
Time is ticking (tick-tock). devices will rule over us.
Rick Blaisdell: The Internet of Things has David Clarke, VCiso: Another very specia-
the potential to bring together every list niche is developing.
aspect of different networks. Therefore,
security at both the device and network
levels is critical to the operation of IoT.
The same intelligence that enables devi-
ces to perform their tasks must also ena-
Hopefully, the Internet of Things will ga-
ble them to recognize and counteract
lvanize the cyber community to talk about
threats.
the ever growing advocacy for thorough
evaluations of all aspects of security for all
connected devices.
Gerald Peng, Mocato: I hope that IoT will

help people think about cyber security
more holistically and with an eye on pro-
Leon Kuperman, Zenedge: IoT is a top
active, forensically sound measures and
concern to most security executives, be-
protocols. Addressing IoT cyber threats by
cause of the massive scale and potential
securing a single device here and there is
of the “armada” of computers out there
inadequate.
that can affect an organization.
Nick Prescot, ZeroDayLab: The use of SSO

Irfan Shakeel, EH Academy: IoT will have a
solution and the interoperability of infor-
great impact on Infosec community, it will
mation.
be in the spotlight along with BYOD and
cloud security.
- 84 -
I NTERNET OF THINGS
cyber community?
Wade Lovell, Simpatic: It may make the Stephan Conradin: Emerging standards for
community more cautious, which would communication.
be a good thing. It certainly exposes data
on previously private acts such as making
love in a room with a SmartTV or tempe-
rature sensor.
Ondrej Krehel, LIFARS: It’ll take time. Once
the first major breach happens, it’ll explo-
de.
Dotan Bar Noy, Re-Sec Technologies:

McKinsey estimates that the IoT has a to-
tal potential economic impact of $3.9 tril-
Mayur Agnihotri: As the IoT continues to
lion to $11.1 trillion a year by 2025. This
skyrocket, internet enabled devices will
growth by itself has the potential to incre-
become a more attractive target for cyber
ase dramatically the security research do-
attacks. I remember last year hackers ga-
ne and create power shift to new emer-
ined access to US retail chain which led to
ging vendors.
the theft of 40 million credit card num-
bers. Some points why IoT will influence
cyber community: IoT devices present
multiple points of vulnerability. • Connec-
Amber Schroader, Paraben Corporation: ted devices need to be upgraded and pa-
IoT will cause a lot of changes in the tched regularly. • IoT will increase com-
review of connection in the community plexity of the entire internet. It’s directly
and how that level of cross connection related to the increased complexity of the
can really affect the data we have on our information infrastructure.
devices. We expect to see a lot of new
cases come into play with a focus on non-
traditional storage devices.

David Coallier, Barricade: I truly believe Negligible, at this time it appears to be a
the industry will start realising the impor- novelty in discussion.
tance of de-expertizing the field and allo-
wing different types of people to join the
security field. We go as far as saying secu-
rity shouldn't be its own discipline but
normal part of operations in Barricade.
- 85 -
I NTERNET OF THINGS
cyber community?
Wade Johansen, CouriTech LLC: A lot of white hats will go gray, but not for all the wrong reasons! The con-
tinuous evolvement of global threats to peace and prosperity are affecting so many people that many have
decided the only way to fight crime is by operating outside the framework of laws as they currently stand.
Governments tend to be behind in technical advancements, and IoT is one of the things they aren’t
equipped to govern yet. They are slow to tackle emerging threats, and are behind on daily advances to
technology of IoT. Gray hats, on the other hand, can easily move in and out of systems without much fear,
and remain anonymous while having quite a large impact without causing system disruptions. They expose
and report vulnerabilities without exploiting them. It’s not about glory, it’s about getting the job done effi-
ciently and building security around devices.
Craig McDonald, MailGuard: Information technology security experts have been warning the public about
cyber threats for years, but users seem not to pay attention to these alerts -- they either don’t understand
the threats or they do not care.
The cybersecurity industry needs to get better at communicating.
One new initiative is the Open Web Application Security Project’s (OWASP) Internet of Things Top 10 Pro-
ject, which is attempting to educate users on the main facets of IoT security and help vendors make com-
mon appliances and gadgets network- and Internet-accessible. The project identifies the top 10 security
problems seen with IoT devices, and discusses how to prevent them on its website. Its list is as follows: In-
secure Web interface; Insufficient authentication or authorization; Insecure network services; Lack of trans-
port encryption; Privacy concerns; Insecure cloud interface; Insecure mobile interface; Insufficient security
configuration; Insecure software or firmware; Poor physical security.
The Internet of Things will redraw the lines of responsibilities for the enterprise – security policies will open
to different profiles of employees and updating protocols, as happened with the introduction of BYOD
or cloud computing, but on a much larger scale, and with a far more visible impact.
Technology research company Gartner believes that securing the IoT will be so complex that CISOs will use
a blend of approaches from mobile and cloud architectures, combined with industrial control, automation
and physical security.
- 86 -
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
Chase Cunningham, Cynja: IoT security Wade Johansen, CouriTech LLC: Security is
isn’t really even a thought right now. already paramount, but it will not grow as
What we are seeing is the emergence of quickly as IoT itself. Products often are
the “next” Internet. With new protocols, rushed to market just to get brand reco-
communication mediums and applications gnition, this often means security is left
but no consideration for security. Sadly, behind. In this case, you’ll see security
we are seeing kids become the first vic- follow after breaches, etc., and when it
tims of IoT exploits. In the past few weeks, becomes a regulation concern. For a whi-
we’ve learned that Barbie isn’t just a pla- le, though, it will be the wild-wild west,
stic doll with a house of your dreams any- just like the early dot-com days.
more. Instead, she’s a vector of attack
that hits kids right in their own home. And
parents who gave their child a Kidizoom
smartwatch or a VTech InnoTab tablet
BroadTech Security Team: Definitely, we
may have exposed their kids to identity
will have to wait because as I said earlier,
theft after VTech reported hackers stole
many new startup vendors have no idea
the personal information of more than 6
what it is. Wait, even Lockheed Martin
million children. That’s why I believe we
could not figure it out while making $37
need to protect our kids in this emerging
billion fleet of littoral combat ships for US
world of IoT and build systems that allow
Navy. Those new to IoT especially would
families to better control their family’s
need some time to figure it out :-).
data, allow parents to see what data IoT
devices are collecting and alert them
when those data are stolen. What we’ve
learned this year is when it comes to IoT
toys, trusting a company's "reasonable Gerald Peng, Mocato: I am an optimist,
measures" isn't enough. As a dad, I’m do- and with IoT developing so quickly, I be-
ing something about this and building lieve that consumers and corporations will
better protocols for kids’ digital lives. They drive the need for increased security
deserve better than what we’re using to- options and tools.
day.
Ondrej Krehel, LIFARS: It’ll take time. Once

Leon Kuperman, Zenedge: Yes, companies the first major breach happens, it’ll explo-
like CUJO are making waves by protecting de.
both IoT and mobile devices on home and
SMB networks.
- 87 -
I NTERNET OF THINGS
Michael A. Goedeker, Auxilium Cyber Se- Craig McDonald, MailGuard: The cyber
curity: We have to see security for IoT. We security industry needs to work with in-
have answered that call by discussing exi- novators from the get-go with partners-
sting hacks today, at Davos and any other hips that change the way products are
conference we are invited to speak at. designed.
Waiting for security and processes, proce-
dures to catch up to new tech is the same
issue as previously, only now we are invi-
ting attacks into our homes and family
Elizabeth Houser, Praesidio: Both. First-
members. This is a totally new ball-game.
attempt security for the IoT will emerge
along with new IoT solutions, otherwise
manufacturers won’t gain confidence and
purchases from consumers. There will, of
Mitchell Bezzina, Guidance Software: So- course, be vulnerabilities discovered and
me vendors are already making claims to privacy mishaps, most likely on a large
be able to help with IoT security, but they scale in some cases, and security stan-
have the advantage of being first-to- dards will have to adapt accordingly as the
market and attempting to define IoT secu- IoT expands and evolves.
rity based on what they have to offer.
While more robust tools and technologies
evolve to meet the challenge, the majority
of IoT security efforts in 2016 are likely to
Alina Stancu, Titania: It is predicted that
revolve around testing, testing, and more
over 200 billion devices will be connected
testing. Take a look at Intel/McAfee for
by 2020. This sheer explosion of devices
the current leaders in IoT security thought
attached to the network will lead to an
-leadership.
increased threat surface. Security monito-
ring will become essential and solutions
will have to adapt at managing the num-
bers. The silver lining is that IoT is still at a
Wade Lovell, Simpatic: Fortunately, secu- young stage and it appeared in a context
rity will emerge alongside new IoT solu- where users are slightly more aware of
tions and offerings. No manufacturer security and privacy issues. This means
wants to be in the news as the attack vec- there are calls for the industry to secure
tor allowing the theft of confidential infor- things before it can spin out of control,
mation or images. which means ultimately that the frame-
work will be safer by default.
- 88 -
I NTERNET OF THINGS
David Clarke, VCiso: IoT will move from Stephan Conradin: We have to wait. Too
becoming unsafe to manageable security, many devices exist with poor security or
the technology is there already. no security at all. It’s impossible to change
The industry needs to learn from its mista- all devices and components very fast. Re-
kes as it builds devices that connect via member migration from IPv4 to IPv6, not
the Internet. Best practices security, such months or years, but decades.
as using secure protocols for communica-
tion or installing the latest updates, fixes
and patches, are the starting point. In-
novators must consider that future securi- Kenneth C. Citarella, Guidepost Solutions:
ty will be managed automatically by the We must include new security with new
system instead of users, and designing developments. Waiting is too great of a
secure technology will require a new risk.
approach and mind-set.

David Coallier, Barricade: Most definitely. We, as an organization, have been focu-
The SaaS tech-model wherein a platform sing on it for over a year now and will con-
that processes large amounts of data to tinue to do so. IoT is here to stay and will
come up with decisions will start emer- only grow in popularity and connectivity
ging. which causes each individual's digital fin-
gerprint to grow. There is also a great
deal of interest from governments to safe-
guard new connections and warn business
Irfan Shakeel, EH Academy: We will not and home users of the increased risks that
have to wait; we will see the direct impact arrive with connecting new devices.
in the year 2016. We will see the research
papers, findings /solutions, products to
secure the IoT. It will change the business
dynamics and the education as well. Roberto Langdon, Nicolas Orlandini,
KPMG: Again, Security Awareness is a
must.
Andrew Bagrin, My Digital Shield: Usually

we have to wait because we need to know
what it is we are securing and what the
vulnerabilities are.
- 89 -
W HO IS
WHO
Amber Schroader Kenneth Citarella

Paraben Corporation Guidepost Solutions
CEO & Founder Senior Managing Director
Throughout the past two Kenneth Citarella is a se-

decades Ms Schroader nior managing director
has been a driving force for the Investigations and
for innovation in digital Cyber Forensics practice.
forensics. Ms. Schroader He joined Guidepost So-
has developed over two- lutions in 2010 as a pro-
dozen software programs ject manager to investi-
designed for the purposes gate fraudulent claims
of recovering digital data for the Gulf Coast Claims
from mobile phones, com- Facility in its administra-
puter hard drives, email, tion of the $20 billion BP
and live monitoring servi- compensation fund. In
ces. Ms. Schroader has that capacity, Mr. Citarel-
taught and designed the la supervised 300 pro-
established protocols for the seizure and processing of fessionals, including more than 200 field investigators.
digital evidence that have been used by numerous or- Nearly 18,000 claims were referred for investigation;
ganizations throughout the world. Ms. Schroader has many involved the financial analysis of a claimant’s bu-
coined the concept of the “360-degree approach to di- siness operations, including numerous construction-
gital forensics” as well as started the momentum and related entities. The project team wrote thousands of
push to the “Forensics of Everything-FoE” with her fo- fraud reports which were described by an official of the
cus to unique problems in digital evidence and solu- U.S. Department of Justice as the finest body of investi-
tions. gative work he had ever seen.
David Clarke
David has experience across Finance, Telecoms, Public Sector including develo-
ping CERT on a Financial Intranet trading $3.5 Trillion a day , Managed Security
Services with a $400 million dollar Global install base, including Leading edge
Product Selection ,implementation and architecture. In these sectors David
has built Secure operations capabilities often from scratch, developed full Cy-
ber incident response expertise , created , maintained and improved regulato-
ry and compliance commitments including PCI-DSS, ISO 27001.
- 90 -
T OOLS OF THE TRADE
How will tools evolve in 2016?
Michael A. Goedeker, Auxilium Cyber Se- David Coallier, Barricade: Businesses de-
curity: They will become easier and faster serve security that isn't adversarial, com-
to use. There will be more emphasis on plicated and confusing. The job of a secu-
the value a tool has to security and where rity professional shouldn't be to stare at a
it obtains that information from. screen all day but rather promote and
encourage good security procedures and
behaviour across the organisation. Both
emerging and new tools are helping in
Shay Zandani, Cytegic: The main evolve- solving that problem.
ment will be in the cybersecurity manage-
ment solutions field, due to the fact that
already CISOs and other security person-
nel are overwhelmed with the abundance Wade Johansen, CouriTech LLC: More will
of defenses, policies and procedures, and focus on geographical information and
they must have a management system isolation as well as virtual distribution mo-
that they can use as a vehicle to streamli- dels.
ne and update operations and policies.

Andrew Bagrin, My Digital Shield: I believe Increased reliance on existing automated
endpoint will become less effective and tools to help companies achieve com-
will eventually go away. pliance to avoid financial penalties and
less investment and focus on manual as-
sessments. As a result, automated tools
that typically scratched the surface will
Dennis Chow, Millar, Inc: We will probably mature as the compliance and regulatory
see more advancements in prediction vs. demands increase. The increase in de-
detection based tools with the addition of mand will force vendors coding tools to
complementing tools that augment exi- be more and more sophisticated and ac-
sting gaps in things like access control, curate and easier for anyone to utilize.
social engineering attack detection, and of
course, more 0-day detection.
Stephan Conradin: No real changes as

tools are not designed with security at the
Ondrej Krehel, LIFARS: They will try to ma- design. We’ll have nicer interfaces and
ke things easier, adding more usability for still 50 security patches per year.
untrained staff.
- 91 -
T OOLS OF THE TRADE
How will tools evolve in 2016?
Alina Stancu, Titania: There will be a boost Mitchell Bezzina, Guidance Software:
in automation, in order to keep up with Tools will continue to diversify for custo-
the sheer amount of data. As connectivity mer types, in most industries there are
has surpassed security, the number of experienced and new users who have va-
vulnerabilities and back doors has increa- stly different requirements and job func-
sed as well. Complex, interconnected sys- tions, solutions will adapt to cater for lar-
tems require complex security tools. Whi- ger audiences and aim to create operatio-
le there is no single tool that can suc- nal efficiency.
cessfully secure everything, there are cer-
tainly an array of solutions that can be
used together to minimise threats. The
key is not a bulk buy of the newest conso- Roberto Langdon, Nicolas Orlandini,
les. The key here is an intelligent risk as- KPMG: Forensic technologies and Data
sessment of the risks and capabilities of Analytics will be the drivers to push the
individual organisations, in order to apply investigation activity all over the world.
tools and tactics in an efficient, cost- Data Analytics tools are focused on brin-
effective manner. ging more versatility to users, in order to
help them optimize the information filter-
ing, identify potential irregular patterns in
huge volumes of information and select
Wade Lovell, Simpatic: Scanning tools, e.g. the tagged pieces of evidence, the most
NMap and ZenMap, will become even sustainable and specific ones. Cross infor-
more important and move into consumer mation with other sources will help to
products. More tools will be deployed in obtain a wider scope to the investigators,
real time environments. Intelligent because besides local equipment, pen
pattern recognition will continue to deve- drives, CDs, DVD, tablets, notebooks, and
lop and will be at least partially capable of smartphones, there is a lot of information
stopping bad actors, e.g. shutting down inside Cloud Services.
ports under attack.
David Clarke, VCiso: Vendors with the

most R&D budget will dominate the mar-
ket place, most tools will need to be ma-
naged by 3rd parties due to complexity.
- 92 -
T OOLS OF THE TRADE
Will the trend to eliminate passwords continue?
Michael A. Goedeker, Auxilium Cyber Se- Andrew Bagrin, My Digital Shield: Yes, no
curity: Not sure about passwords but the one likes passwords, but a standard solu-
way we authenticate will evolve. tion is needed.
Mark Bennet, Blustor: The trend to elimi- Stephan Conradin: The password is often
nate passwords will continue and will like- still the least bad solution and with SSO it
ly accelerate as more devices support bio- remains comprehensible to the user wi-
metric authentication. We will see the thout being too restrictive.
emergence of new two-factor authentica-
tion solutions as they incorporate the se-
curity benefits of biometrics.
Paul Hoffman, Logical Operations: Yes, it
is tough to change the habits of people
and making secure passwords and chan-
Wade Johansen, CouriTech LLC: Not yet, it ging them often is not easy. The quickest
is still far too common and there are not way to affect security is to have a new
enough options to remove this as a staple authentication method that is personal.
method of identification and authoriza-
tion. However, you will see more dual fac-
tor authentication requirements in 2016
as well as chip technology taking a strong Mitchell Bezzina, Guidance Software: Yes,
foothold. biometric scanning will be household and
the use of passwords will be limited, ho-
wever, the wide adoption will take years
for manufacturers to standardize so that
Dennis Chow, Millar, Inc Short: There will applications can make connections to har-
be efforts, but unfortunately, it’s not go- dware.
ing away anytime soon. Passwords are
still the most wide spread, easiest, and
most affordable method of access so far.
BroadTech Security Team: I think yes, and
I think we should do away with passwords
altogether. It is not secure at all these
Einaras Gravrock, Cujo: Absolutely. Ho- days, even the conference rooms have
wever, expect 2016 to be the year of new surveillance cameras that can suck up yo-
proposed solutions and not yet a solution ur password. But a one size fit all parallel
for what will actually be adopted. implementation won’t be possible.
- 93 -
T OOLS OF THE TRADE
Will the trend to eliminate passwords continue?
Dotan Bar Noy, Re-Sec Technologies: I David Clarke, VCiso: Yes. Strong authenti-
think the trend will continue but there is cation may need to be legislated to re-
still a very long way before biometric me- move passwords.
asures could replace old style passwords.
This is true both for large enterprises as
well as for SMBs. The rise of biometrics
identification measures we saw in mobiles
will take a very long time before it will
make the move to desktop computers.
Ondrej Krehel, LIFARS: Passwords are gre-

at. We just need more factors beyond it.
Wade Lovell, Simpatic: Yes. People are

fundamentally lazy and the standard 8
character password can be cracked in ten
seconds. 59% of adult users in one recent
survey said they use a single password for
every site. While password managers are
breathing new life into passwords, they
won’t stem the tide.

No, many attempts have been made to
eliminate the need for passwords and
most of them have failed. The only suc-
cessful ones are smart cards/HSMs for
nation state and the financial industry and
this is too costly to implement and has a
high learning curve and maintenance cost
associated with it that organizations and
companies will deem unnecessary as a
result of the impact to end users.
- 94 -
T OOLS OF THE TRADE
What new technology will make an impact
on cyber security the most?

curity: We believe ours! Dark Energy is KPMG: Organizations need to invest in the
the first framework of its kind aimed at right tools, as well as the right people.
using components from open source, They need visibility first and foremost, to
being open system and not telling a custo- know if they are being attacked. Without
mer or partner what threat feed to use, visibility, it’s impossible to identify holes
AV, ITAM, etc. It simply makes all that info in the security arsenal and weaknesses in
and systems finally actionable. We would infrastructure. There are organizations
hope that AV companies, SIEM, VA and that have been compromised for years
other security companies discuss and help before they discovered the damage.
us create the world's first unified threat
intelligence framework!

Labs: Attackers and criminal organizations
Wade Johansen, CouriTech LLC: En- have been cooperating together for many
cryption. It is now available to everyone years, and in many respects are a decade
for everything - so governments will no ahead of the rest in terms of their effec-
longer have the intelligence gathering tiveness. However, the adoption of cloud
capabilities they once were privy to and technologies has had a positive effect on
that will impact every person on the pla- our threat intelligence. By funnelling large
net. data segments through relatively few
cloud platforms, we have been able to
collect valuable intelligence on the tech-
niques, attack vectors and origin of
David Coallier, Barricade: As a company attacks. Correlating these across regional
working hard on leveraging machine lear- and organizational boundaries gives us
ning and artificial intelligence we believe even more intelligence. This plus a push
large-scale analysis will play a major role from industry players to share such intel
in changing how the security industry freely, will only improve our ability to de-
works. We want to eliminate the concept ploy proactive countermeasures.
of rules and integrate the concept of be-
haviours.
Wade Lovell, Simpatic: Simply secure

communications will have the greatest
BroadTech Security Team: It may not be impact in coming years because 91% of all
technology but awareness and a more hacks start with email.
discerning use of available technology.
- 95 -
T OOLS OF THE TRADE
What new technology will make an impact
on cyber security the most?
Andrew Bagrin, My Digital Shield: Defini- David Clarke, VCiso: Secure mobile pho-
tely IOT. nes, and technologies that replace pas-
sword technology.
Mitchell Bezzina, Guidance Software: Mo-

ving to a completely cloud based office Ondrej Krehel, LIFARS: One that can take
where laptops only store temporary data all the devices and manage them in a sin-
worked on offline, or “checked-out”. This gle place.
will force us to redefine all security rather
than segments.
Rick Blaisdell: The IoT makes every

"smart" device susceptible to hacks. Many
Julie Herold, Kenny Herold, Odin’s Eye: of these devices will be interconnected,
Technology that is developed to share which will make machine-to-machine
intel across companies in different indu- trust increasingly more important. It's not
stries. The attackers are already sharing just the channel they use to communicate
their intel for profit; we are just behind that needs to be trusted (TLS encryption),
and need to adopt their methods to keep but also whether the devices at the other
up. end should be trusted at all. This issue will
become even more relevant when self-
driving cars begin to communicate with
each other. They will need to be able to
Stephan Conradin: The human factor, but identify illogical commands or spoofed
it is not a technology. The first line of de- communications, and they will need to do
fense should remain the intelligence of that automatically without human inte-
the human, his understanding of the risks, rvention.
his awareness of his actions,
Rajeev Chauhan: Two factor authentica-

Dotan Bar Noy, Re-Sec Technologies: tion including dna matching.
Within enterprises big data analytics and
machine learning looking for patterns will
make the life of the hackers harder. Addi-
tional gate solution that can ensure con-
tent introduced to the users are free from
any threats (known and unknown).
- 96 -
T OOLS OF THE TRADE
What new trends will we see on threat
intelligence?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: Creating
curity: It’s doing its job! There are many virtual peer to peer networks (ready ma-
companies that have feeds but the que- de) and selling them as being darknet ops.
stion is always about value. Fancy maps Continued infiltration of current botnets,
are nice but what good does the informa- and C&C centers as well as placement of
tion in that map do really? How is the da- compromised servers into anonymous
ta collection any different than using a systems.
RasberryPi2 with Snort, etc? We build our
own network of sensors (Pi2’s, DMZ sen-
sors, etc) and use this information to find
differences and turn that information into
actionable intel. But we also use other Mark Bennet, Blustor: The continued
areas of data collection (all legal!). OSINT growth and use of biometric authentica-
is something surprisingly missing in all tion will have a profound impact on cyber
threat intelligence feeds so we created security – both improving security as well
our own system that also includes that. as creating a new set of vulnerabilities
that are not being effectively addressed
by the mobile device industry.
Stephan Conradin: More collaborative

work to share knowledge.
Anthony Di Bello, Guidance Software: Li-
kely a standardization of one or two for-
mats. We will see a Betamax/VHS situa-
Dennis Chow, Millar, Inc: Possibly the inc- tion emerging between the many
lusion of other threat vectors for true in- “standards” that currently exist such as
telligence such as physical, signaling, and STIX and YARA.
other disciplines that can be combined
into cyber.
Mitchell Bezzina, Guidance Software: In-

telligence platforms will emerge to
Shay Zandani, Cytegic: Geographic and converge threat intelligence providers
Industry-specific trend analysis and auto- into one connectivity source, cost of thre-
matic pattern recognition will be manda- at intelligence will lower due to commodi-
tory for large organizations who want to tization
be able to take informed preemptive deci-
sions in cybersecurity
- 97 -
T OOLS OF THE TRADE
What new trends will we see on threat
intelligence?
Roberto Langdon, Nicolas Orlandini, Ondrej Krehel, LIFARS: Better integration

KPMG: One way companies can expand and multiple source management.
their expertise is by bringing in security
intelligence to pinpoint problems, identify
anomalies and highlight unusual or suspi-
cious activity. Intelligence can help in two
ways. First, an “early-warning-as-a- Wade Lovell, Simpatic: Threat modeling
service” can reduce the vulnerability thre- for real-time response will become the
at window: the time between the detec- new norm even in small organizations.
tion and the remediation of an attack.
Intelligence can also provide a broader
picture of global threats than any one or-
ganization could gather on its own. Secu- David Clarke, VCiso: Threat Intelligence
rity is an ecosystem; organizations need may be the catalyst to make IT safe.
to know what is going on externally as
well as internally. Organizations can
expand their own intelligence by using
Threat Intelligence tools for consolidating,
analyzing and sharing information about
their own security threats with peers and
competitors. While this is a sound idea in
theory, sharing information with competi-
tors is not something many organizations
are willing to do—yet. Understanding the
threat landscape and knowing your ene-
my with security intelligence is another.
What you can’t prevent, you should try to
detect. And what you can’t detect, you
should be prepared to respond to quickly.
Andrew Bagrin, My Digital Shield: Simplifi-

cation as opposed to flexibility. Security
needs to start making a stand and force
software developers to start following
standards when they communicate across
the network.
- 98 -
W HO IS
WHO
Shay Zandani Rick Blaisdell
Cytegic, Co-founder and
CEO
Experienced CTO, creating
Shay’s entrance into cyber technical strategies which
security was on the nation- reduce IT operational costs
state cyber battlefield and improve efficiency. Rick
when he founded the In- has 20 years of product, bu-
formation Warfare Depart- siness development and high
ment at the Israeli Air For- -tech experience with Fortu-
ce. Under his leadership, ne 500 companies, develo-
the IWD pioneered the use ping innovative technology
of data manipulation for strategies, with particular
cyber offense. He then expertise in cloud computing integration, delivering
spent more than a decade cost effective IT services, strategic planning and deve-
as CEO of Kesselman Glo- lopment for Information Systems, and creating in-
bal Risk Management Solu- novative businesses
tions (GRMS), a subsidiary
of PwC focused on conduc-
ting risk and cyber security
maturity assessments for Wade Lovell
large enterprises. Prior to Simpatic, CEO
PwC, Shay participated in
establishing the first TTP Certificate Authority in Isra- Wade Lovell has founded
el.Shay’s unique blend of private and public sector eight companies with $200+
experience and deep understanding of how cyber risk million in stakeholder re-
evolves and impacts an organization’s bottom line hel- turns. Wade began his care-
ped crystallize his vision for Cytegic. He received his er at Goldman Sachs and
bachelors and masters degrees in computer science Arthur Andersen. He has an
from the Open University of Israel, and his Executive MBA from Columbia Busi-
MBA from Northwestern University and Tel-Aviv ness School and is a financial services expert. He is a
University, upon graduating from Mamram, the IDF CPA, former CFE, EA, and has held Series 3, 7, 63 & 24
(Israeli Defense Forces) technical elite unit in 1990. designations.
Dotan Bar Noy

Re-Sec Technologies Ltd, CEO and Co-Founder
Lt. Commander Israel Navy has more than 10 years of management experience in several leading
companies and startups in Israel and US.
- 99 -
A REAS OF SECURITY
What are your predictions
for network security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: It will
curity: The push for more automation will continue to grow as a field, and busines-
eventually happen. We have started this ses will be required meet new standards if
process by being the first company to in- they want to trade at global levels.
troduce our copyrighted concept of the
„Self Protecting Network”.
Wade Lovell, Simpatic: I anticipate a rise

in the adoption of security appliances and
Mark Bennet, Blustor: As more employees air-gapped internal networks in 2016
telecommute and the workforce continu- (similar to the structure of the 1970’s and
es to become more mobile, network secu- early 1980’s when each company had its
rity will continue to evolve to better own mainframe that did not communica-
support granting secure and remote ac- te with the outside world).
cess to enterprise networks. A key con-
cern is positively identifying that a remote
employee is, in fact, who they claim to be
at the point of entry into the network. We Julie Herold, Kenny Herold, Odin’s Eye:
will see the incorporation of biometrics as “All your eggs in one basket” – We see
one of the key solutions. Companies will SaaS, PaaS, IaaS, with many tenants beco-
also discover that storing an employee’s ming a target for network pivoting betwe-
biometrics in a centralized location comes en organizations and/or the presence of
with tremendous liability in the event that malicious faux companies establishing
data ever becomes compromised. Solu- presence to increase the proximity to tar-
tions such as BluStor’s CyberGate geted organizations.
platform are uniquely positioned to help
address those types of risks.
Mitchell Bezzina, Guidance Software:

Expect more breaches where organiza-
Leon Kuperman, Zenedge: Increased tions had detected compromise long be-
DDOS attacks in both size and complexity. fore data theft, but mishandled the origi-
Increased penetration into corporate ne- nal response. This trend will continue to
tworks, where threat actors wait and stay drive changes in incident response pro-
longer without detection. New attack cess, and the depth of forensic investiga-
methods for hiding command / control tion.
communication.
- 100 -
A REAS OF SECURITY
for network security in 2016?
Alina Stancu, Titania: Network function Anthony Di Bello, Guidance Software:

virtualisation (NFV) is a rapidly evolving Attackers will remain undetected for lon-
aspect of virtualisation which was created ger as evasion methods become more
in an effort to speed up deployment of complex.
network services. NFV is great for stream-
lining specialised network tasks onto a
single platform, but it is significantly more
complex and makes attacks harder to Stephan Conradin: Still a lot of DDOS.
identify, in its multi-layered form. Softwa-
re defined networks (SDNs) have been
created on campuses and developed in
cloud data centres. Used in combination Ondrej Krehel, LIFARS: I think network
with NFV, they can offer greater value to taps will be more common.
existing services, making it more scalable
and fully-automated. Further risks come
in the shape of open source software that
these new technologies are based on and Roberto Langdon, Nicolas Orlandini,
larger attack surfaces. Auditing and pene- KPMG: Our predictions on network secu-
tration services will rise as more industry- rity depend on the extent at which the
led standards become ingrained in busi- people responsible for technological
ness practices. From PCI-DSS to SANS, HI- platforms, recognize all the tools, policies
PAA or FISMA businesses are more under and procedures that must be added to the
pressure to comply with policies specific existing ones. Different surveys conclude
to the country they operate in, or the in- that about 40% of the market did not im-
dustry sector they cater to. plement Intrusion Prevention Systems
(other vendors call them Next Generation
Firewalls) to protect the application level
in the OSI model. If this is true, and on the
David Clarke, VCiso: Software defined ne- other hand the Top 10 OWASP recom-
tworks, legislation and password techno- mendations are not followed and assured
logy replacement. in the organizations, the cyber delinqu-
ents still have a lot of work to do.
Andrew Bagrin, My Digital Shield: I pre-

dict that there will be more pre-filter, try- Paul Shomo, Guidance Software: Variants
ing to deliver a prescrubbed internet se- of malware will increase to limit the abili-
rvice, as opposed to giving more tools to ty for indicators of compromise being ea-
try and scrub it themselves. sily defined.
- 101 -
A REAS OF SECURITY
for software security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Mitchell Bezzina, Guidance Software:

curity: Secure coding will continue to be a Endpoint technologies will be the main
vital part of any security methodology. focus for 2016, redefining the replace-
OS’s with integrated spyware will be less ment for antivirus. This allows networks
and less acceptable and will see business to be understood and secured from the
revenue drop. This will push Open Source inside out and provides a means of detec-
OS’s for the second time. tion and response to all threats.
Einaras Gravrock, Cujo: We will see many Stephan Conradin: Still 50 security pa-
new solutions focused on network traffic tches per year for each software because
patterns, big data, and machine learning. software have no security by design,
OWASP will continue their very good job
of explaining how to avoid SQL Injection
and we’ll see SQL injection
The heavier we move code reliance on the
client for storage and processing, the mo-
re attacks that will be developed in server Paul Hoffman, Logical Operations: Move
response and client-side code tampering to secure coding. Patching holes before
versus the more traditional and more se- launching software.
cure server side attacks in client requests.
Rick Blaisdell: Backup and recovery will

Ondrej Krehel, LIFARS: Hopefully, the become synonymous with security. With
SDLC will include more security, hopefully the explosive growth of structured and
being sent to a security specialist and not unstructured data, improving backup and
a dev. recovery time will be a big hurdle for the
enterprise. Vendors will rely on automa-
ted tiered solutions and data de-
duplication to address the challenges of
Wade Johansen, CouriTech LLC: Much of heterogeneity of technology. Encrypted
it will become platform independent and data backups and agentless cloud-based
include focus on mobility and portability. replication will become the norm for data
Dennis Chow, Millar, Inc Short: More fo- security.
cus and demand in SSL/TLS based de-
cryption.
- 102 -
A REAS OF SECURITY
for software security in 2016?
David Clarke, VCiso: Self contained securi-

ty in software, vulnerability management
designed in as part of software mainte-
nance, password technology replacement.
Wade Lovell, Simpatic: Apps – corpora-

tions will start controlling the approved
and therefore available apps on BYODs.
Antivirus – consumer antivirus programs
will move up market in order to remain
viable. AVG, for example, is struggling un-
der the weight of its free model and has
moved to freemium offerings and add-
ons.
Andrew Bagrin, My Digital Shield: It will

continue to struggle to keep up. I’m assu-
ming this is referring to endpoint.
- 103 -
A REAS OF SECURITY
for hardware security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Wade Lovell, Simpatic: Manufacturers

curity: We already train our partners and will continue to be plagued by their own
customers in „hardware hacking”. Many errors and government demands for back-
instances have shown that hardware and doors. They will also be compelled to offer
the associated firmware is a valid attac- economic incentives for successful hacks
king vector. We are no longer just dealing against their hardware, e.g. Cisco routers,
with software viruses and malware, we in order to attract a real mining effort on
are also dealing with firmware, side chan- the part of the white hat community.
nels and newer aversion techniques to
hide protocols and suspicious traffic and
activities.
Einaras Gravrock, Cujo: We will see an
increasing amount of hardware makers
who will rely on third party platforms to
Julie Herold, Kenny Herold, Odin’s Eye: build software for their hardware. Those
We think there will be an increased focus third party platforms, a combination of
on uncovering intentionally placed holes/ hardware security and software security,
gaps within the hardware space that are will help IoT makers build less vulnerable
baked into the solution at low levels. devices.
Ondrej Krehel, LIFARS: More 2+ factor David Clarke, VCiso: Hardware security
tools for access. appliances may make a comeback as vir-
tualisation may still be very vulnerable to
skill shortages and software exposures.
Stephan Conradin: Perhaps more con-

cerns with corrupted devices by firmware,
and questions like How to trust manufac- Paul Hoffman, Logical Operations: More
turers. use of built-in BIO security.
Andrew Bagrin, My Digital Shield: Har- Wade Johansen, CouriTech LLC: TPM will
dware security is fine, but it doesn’t need make a larger impact, and we will conti-
to be on specialized hardware. For 2016, I nue to make smaller, faster IOPs capable
don’t believe there will be much change. data devices for the data center.
- 104 -
A REAS OF SECURITY
for cloud security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Rajeev Chauhan, Cyber Oxen: IOT will
curity: National and International Privacy dictate the security in cyber space scena-
will continue to shape this industry and rio including all the areas of security men-
how products are hosted to international tioned above. The boundaries between
customers and partners. As more services hardware and software security will mer-
and resources are put into the cloud, so ge.
too will the regulations and audits needed
to verify compliance evolve. As more se-
rvices are hosted in the cloud, it then be-
comes an even bigger target. Wade Johansen, CouriTech LLC: AWS and
Azure will make cloud security a priority
this year. There appears to be a lull in the
adoption of more cloud based services,
Ondrej Krehel, LIFARS: I hope the provi- and in large part, it’s because the security
ders will be more secure in their deploy- has been behind. That will be rectified this
ments. year.
Mark Bennet, Blustor: There is an inte- Leon Kuperman, Zenedge: Cloud is an

resting growth trend in the number of area where the industry is behind. There
whitepapers and articles that have been are no solid security standards for multi-
published over the past year that espouse cloud deployments / implementations.
the increased security of cloud based so- New solutions will need to be introduced
lutions. While these claims are partially to close the gap between on-prem
true, a close examination of many of the (mature) security and cloud infrastructu-
articles reveals that they are often spon- re.
sored by companies that provide cloud
based solutions or related services. The
reality is that the cyber security in the
cloud is still largely immature, unproven, Wade Lovell, Simpatic: More companies
and there are ample examples of failures. will move to universal two factor authen-
Like the growth of mobile devices, the tication. True secure end to end encryp-
cloud is a tremendously powerful tool but ted email and chat will start replacing in-
carries with it the risks of what is still a secure desktop and mobile email in parti-
young and rapidly evolving industry. En- cular. Companies will force https connec-
terprises need to carefully examine how tions to all web sites accessed from within
access to cloud based data and applica- their organization and eventually move to
tions are effectively controlled. white lists.
- 105 -
A REAS OF SECURITY
David Coallier, Barricade: Huge year for Stephan Conradin: With cloud we delega-
cloud security. More companies are beco- te our security without strong controls.
ming aware that "the cloud" is not a silver Sooner or later, there will be a serious
bullet but also not completely insecure. incident.
Tools who are born on the cloud will
prevail as it is clear that incumbents who
are retroactively adapting their tools for
cloud products are simply not good at it. Dennis Chow, Millar, Inc: Many more ven-
The pricing models for the security indu- dors and startups coming to complement
stry, which has traditionally been contract access controls and data discovery/data
-based, has to change to reflect how peo- control.
ple use the cloud. The SaaS model for se-
curity will grow.
Mitchell Bezzina, Guidance Software: Lar-

ge Cloud Vendors will be forced to make
Paul Hoffman, Logical Operations: More virtual machines of computer systems
security controls. available to security teams for incident
response investigations in response to
new data breach notification regulations.
Without access to full machines, response
Andrew Bagrin, My Digital Shield: Security teams are limited in their ability to acqui-
in the cloud and securing the cloud are re all data quickly, this may also affect
two different things. I believe there will be SaaS providers and will likely lead to in-
a much bigger move to providing security strumental case between a breached or-
in the cloud (pre-scrubbing). ganization and its cloud provider.
Julie Herold, Kenny Herold, Odin’s Eye: Rick Blaisdell: Cloud security will increase
We think technologies like Chef, Puppet, in scale, and decrease in complexity. In
Ansible, SaltStack and Docker will be tar- 2016, we’ll see cloud security evolve into
geted by attackers to proliferate back- simpler, virtualized controls and solutions
doors, misconfigurations with the inten- that will have embedded security proces-
tion of abuse, and malware. Of course, ses to help map current IT systems. Heavy
this would also include any other patch protective layers that have difficulty sca-
management, centralized security ap- ling in the cloud will stay behind, and next
pliances/solutions etc. year will have lighter, scalable cloud secu-
rity solutions.
- 106 -
A REAS OF SECURITY
Craig McDonald, MailGuard: 2016 will be David Clarke, VCiso: Cloud availability and
the first year cloud services will be chosen a minimum of dual (maybe internet and
because of their enhanced security. Peo- private) connectivity. Cloud services will
ple are at risk of physical harm as next- help mitigate skills shortage in cyber secu-
generation technologies are targeted. Cy- rity.
ber attackers will fund unpatched vulnera-
bilities in smart-connected home devices
as a way to stage a full-blown attack. The-
re are no signs of a wide scale attack co-
ming but this scenario is highly probable.
Attacks on next generation payment met-
hods – from EMV credit cards to mobile
wallets – will increase. Mobile malware is
expected to grow exponentially with
much of this originating in China. Hack-
tivists will use data breaches to systemati-
cally destroy their targets. Businesses will
also fall for elaborate tricks that use new
social engineering lures. Expect a big in-
crease in ploys that persuade employees
to transfer money to cybercriminal-
controlled bank accounts. Their first step
is to become familiar with the target’s
ongoing business activities, so their mali-
cious schemes are camouflage. This is ty-
pically done by intercepting communica-
tions between business partners.
Irfan Shakeel, EH Academy: Cloud security

will face new challenges; hackers are mo-
re likely to exploit the human vulnerabili-
ties. Organizations have to invest in trai-
ning programs; the certification providers
will also create the cloud specific certifica-
te and training to capture the market ne-
ed. Over all, the business will grow.
- 107 -
W HO IS
WHO
Ondrej Krehel Julie Herold
Lifars, CEO and Founder Odin’s Eye
Senior Security Consultant
He is the CEO and Foun-
der of LIFARS LLC, an Strong eleven year development
international Cybersecu- background for a Fortune 10 com-
rity Intelligence, Digital pany and 2 years of penetration
Forensics, and Incident
Response firm. Ondrej
also leads the Digital
Forensics team at LI- Kenny Herold
FARS. He’s the former Odin’s Eye
Chief Information Securi- Principal Security Consultant
ty Officer of Identity
Theft 911, the nation’s 4 years of experience as a service
premier identity theft lead for anti-spam/anti-malware/
recovery and data bre- anti-virus working for a Fortune 10
ach management servi- company at a global scale as well
ce. He previously con- as 2 years of general application
ducted forensics investi- security background and 5 years of
gations and cyber securi- penetration testing in aforementio-
ty consulting at Stroz ned company and an additional 2 years of penetration
Friedberg. With two de- testing for Odin’s Eye, LLC.
cades of experience in
computer security and forensics, he conducted a wide
range of investigations, including data breached
through computer intrusions, theft of intellectual pro- Alina Stancu
perty, massive deletions, defragmentation, file carvings, Titania Marketing Coordinator
anti-money laundering, financial fraud, mathematical
modeling and computer hacking. Ondrej’s experience She is Marketing Coordinator at
also includes advanced network penetration testing - Titania and has spent the past two
using various tools and technologies, database security years, learning, talking and writing
testing, physical security assessments, logical security about information security. She is
audits, wireless network penetration testing, and provi- also a contributor to The Analogies
ding recommendations for operational efficiency of Project.
approaches.
- 108 -
T HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Chase Cunningham, Cynja: Startups will Irfan Shakeel, EH Academy: 2016 will be-
continue to be the real infosec innovators. long to the start-ups of the infosec com-
I predict large companies will pick up their panies. Startups will focus on vulnerability
pace of acquisition of these smaller firms. research, threat intelligence & monitoring
From where I sit, the large companies tools. The infosec service sector will likely
aren’t concerned or even working to- to grow, as more organizations are loo-
wards much innovation in the space as it king for services.
is cheaper to simply buy the little guys
out. This “trend” is basically leading to the
establishment of a market wherein anyo-
ne can start a company, come up with Leon Kuperman, Zenedge: Disruptive Star-
something 1% better than someone else tups.
and get bought for a lot of money, then
go off and do it again.
Einaras Gravrock, Cujo: The tide’s going to

be growing for all types of companies.
Michael A. Goedeker, Auxilium Cyber Se- New sectors within cyber security will cre-
curity: Hard to say really. Start-ups will ate new giants from startups. Overall, this
happen, the question is if big cyber corps is growing so fast… with such a huge de-
will start to get more pressure to think mand for products and sectors within cy-
dynamically like start-ups do. ber security the space will continue boo-
ming in 2016 and beyond.
Wade Johansen, CouriTech LLC: Startups

will be less of an influence in 2016 as the Mark Bennet, Blustor: In 2016, the growth
market becomes more global, they just of IoT, increased public awareness of cy-
don’t have the capability of tapping ber security issues, and the global expan-
worldwide systems for the intelligence sion of Internet access will provide tre-
gathering in an increasingly hostile envi- mendous opportunities for cyber security
ronment. start-ups. As typical of most industries,
disruptive innovation is largely driven by
small start-ups. We will see continued
Elizabeth Houser, Praesidio: Startups. Lar- innovation in the cyber security space as
ger cybersecurity corporations don’t offer well as consolidation as larger companies
the agility or innovation that startups acquire start-ups with promising techno-
bring to table. logy.
- 109 -
T HE INDUSTRY
corporations?
David Coallier, Barricade: Startups. The Stephan Conradin: Neither one nor the
tech world moves so fast that the incum- other. Good ideas are emerging in small
bents are stuck in the innovator's dilem- entities but great entities have the ability
ma and only the smaller, more agile com- to act. They have to collaborate.
panies are able to move at the pace at
which the security industry should be
operating.
Wade Lovell, Simpatic: 2016 is a year for
start-ups to show their agility.
Alina Stancu, Titania: Mergers and acquisi-

tions in the industry will continue to take
place. Small cyber security boutique-style Craig McDonald, MailGuard: The big se-
companies, which have the flexibility to curity players are at risk of being di-
develop innovative solutions at a fast pa- srupted by agile emerging competitors.
ce, will be acquired by bigger, more esta- Their challenge is to start delivering the
blished companies. Something which big next generation of security solutions for
enterprises find more difficult. However, the cloud, where they lag behind. Expect
as demand for more than one solution to see the big players courting and buying
addressing different needs increases, big small vendors – unless they can finally
corporations choose to increase their achieve some innovation in their current
portfolio of in-house solutions. product offerings. As Microsoft’s Azu-
re and AWS compete for business, they
will focus on new and improved security
features, in particular, helping customers
Paul Hoffman, Logical Operations: There is to have greater control and visibility in-
room for both. The big companies’ will to their cloud. As they reach ‘feature pari-
have it easier because they already have ty’ in the IaaS (Infrastructure-as-a-Service)
customers, but startups will have in- space, rich security capabilities will beco-
novative technology that will make them me their differentiators, either through
relevant. additional platform features or third-party
offerings.
Ondrej Krehel, LIFARS: New players will

always be great, but they can be bought Rajeev Chauhan: There is ample space for
out. startups as not all industries can afford
highly expensive services of corporations.
- 110 -
T HE INDUSTRY
corporations?
Dotan Bar Noy, Re-Sec Technologies: We Nick Prescot, ZeroDayLab: Clients are loo-
are at time where the big vendors domi- king for the right company to do the right
nate the more conservative solution and job, the benefits won't change.
reinventing themselves by acquiring in-
novative new technologies. The startups
are the ones that will introduce the di-
sruptive technologies that will be necessa- David Clarke, VCiso: Both as the bigger
ry in order to combat new types of mal- ones will buy the start-ups.
ware.
Gerald Peng, Mocato: Start-ups. In the

Anthony Di Bello, Guidance Software: I first half of 2015, venture firms invested
think the question is more will 2016 be- $1.2 billion into cybersecurity start-ups
long to broad security vendors (such as (CB Insights). Corporate customers want
Palo Alto, McAfee) or niche best-of-breed to avoid destructive attacks that can hurt
vendors (such as Blue Coat, Guidance so- their brand names and consumers are
ftware). I believe we will see a focus on trying to protect their private information.
integrated best-of-breed solutions, the These firms are finding innovative ways to
mix of which being different at each en- capitalize on that need.
terprise based on their unique environ-
ment and threat types.
Andrew Bagrin, My Digital Shield: Defini-

tely startups!
BroadTech Security Team: Nothing will
hinder startups though some will fail. Ma-
ny of the products of cyber security cor-
porations will become a public disgrace.

Larger security corporations because of
the increased demand, lack of consumer
knowledge in what they need as far as
breadth and depth for defensive or pro-
active offensive testing and mitigation
and/or remediation advice.
- 111 -
T HE INDUSTRY
Will cyber security events (like BlackHat or
DEFCON) remain an important part of influencing
the development of cyber community and companies?
Chase Cunningham, Cynja: The larger Ondrej Krehel, LIFARS: I think the focus is
CONS are already basically viewed by changing from them. They’ve grown too
most security operations personnel as not big.
much more than a reason to go to Vegas
and perhaps participate in shenanigans.
It’s smaller CONS where really interesting
and really innovative solutions are being Julie Herold, Kenny Herold, Odin’s Eye:
shown. The large CONS will continue but We think these events are becoming mo-
are slowly becoming nothing more than a re and more about networking and ven-
giant sales convention for companies to dors which will continue on the upward
network and pitch things. trend.
Michael A. Goedeker, Auxilium Cyber Se- Rajeev Chauhan: Yes, they may become
curity: It’s getting to the point where the prominent as recruiters for govt agencies
investment for attending and the value as well as “Contract Agreement” hunting
are starting to be questioned for some ground.
conferences. In my opinion, events like
Bsides are becoming more important and
attended by more people due to the lo-
wer costs involved with attending. I am by Paul Hoffman, Logical Operations: Yes, for
no means saying Blackhat is not valuable a while.
but people are starting to feel real pain
when paying thousands of dollars or eu-
ros to attend a conference in the US. The-
re has to be a balance and not a „we are BroadTech Security Team: Yes, of course,
talking all the money from all sides” just such events are the life and blood of cy-
so you attend our show. Security lives ber security. There will be many more
from teaching and not being so egotistical such local events, too, which may not get
with conferences. much press.
Leon Kuperman, Zenedge: These events Stephan Conradin: Yes. Experts should
are overly commercialized at this point meet experts to share knowledges.
and used as announcement platforms for
the most part.
- 112 -
T HE INDUSTRY
Will cyber security events (like BlackHat or
DEFCON) remain an important part of influencing
the development of cyber community and companies?
Craig McDonald, MailGuard: Yes, and the- Wade Johansen, CouriTech LLC: Yes, un-
re will be more of them. Education and fortunately they still will not be a target of
communication is a key priority in 2016. many companies for sending their cyber
Cybersecurity can no longer be seen by employees, as it’s still seen by too many
businesses as optional, nor half-baked as a non-essential training experience.
solutions accepted.
Andrew Bagrin, My Digital Shield: Yes,

that is where all is exposed.
Anthony Di Bello, Guidance Software: Cer-

tainly. They should (and are) be leveraged
as recruitment events. In addition I think
we will see more involvement by industry
in collegiate cyber security events such as
www.nationalccdc.org and niche security
events such as guidancesoftware.com/
enfuse, bringing together like specialist
communities to a common cause.
Dotan Bar Noy, Re-Sec Technologies: Yes.

It is harder to get noticed at those events
due to the overall noise. But those events
play a significant opportunity to meet pro-
fessionals, exchange ideas and meet deci-
sion makers.
Wade Lovell, Simpatic: Yes, if they don’t

get too expensive for small bleeding edge
companies to justify attending and if they
keep attracting new talented speakers.
- 113 -
T HE INDUSTRY
Will we see more state-level cooperation in 2016?
Chase Cunningham, Cynja: Local and state Andrew Bagrin, My Digital Shield: Less
governments in the U.S. are so far behind cooperation and more regulation I think,
the curve in cyberspace they don’t even which is a mistake, but that is how our
have an idea on how to get involved. Wi- government thinks when it comes to se-
thout a coalition that can guide local and curity.
regional entities and help them gain trac-
tion in solving their own specific cyber
problems, they will continue to lag and
exploits will rapidly expand. Rick Blaisdell: 2016 will be a very signifi-
cant year for both sides of the cybercrime
equation. Governments and enterprises
will begin to see the benefit of cybersecu-
Dennis Chow, Millar, Inc: We will see mo- rity foresight, with changes in legislation
re attempts at information sharing and and the increasing addition of cybersecu-
incident response assistance. rity officers within enterprises. In addi-
tion, as users become more aware of onli-
ne threats, attackers will react by develo-
ping sophisticated, personalized schemes
Michael A. Goedeker, Auxilium Cyber Se- to target individuals and corporations ali-
curity: Certainly and this is a good thing! ke.
We need to discuss privacy, protecting
people, critical infrastructure.
Paul Hoffman, Logical Operations: Yes

they will have to.
Leon Kuperman, Zenedge: Yes, it’s a must-
have shift.

No, there is too much on their plate to be
Wade Johansen, CouriTech LLC: Yes and able to assist the private sector unless it is
No? As the world becomes smaller elec- in the best interest of the state or nation.
tronically, states are beginning to realize Funding for security on the lowest levels
that being part of larger and slower of defense is lower in government agen-
government system can be crippling, but cies than the private sector. If anything,
when it comes to sharing data about its threat intel shared from the private sec-
citizens or immigrants then I think yes, tor, which is capitalist driven, may assist
they’ll share a lot more this year than last at the state or national level.
year?
- 114 -
T HE INDUSTRY
Will we see more state-level cooperation in 2016?
Anthony Di Bello, Guidance Software: To BroadTech Security Team: Yes, but each
some degree. Will it be effective? De- state taking into its own national interest
pends on the degree of sharing, accuracy first.
of what is being shared, and the controls
various states will demand on the data
they are sharing.
Stephan Conradin: I hope. We are in cybe-

rwar and some aliens are always welco-
me.
Einaras Gravrock, Cujo: We are seeing it

already. For example, the recently anno-
unced Department of Homeland Security
initiative to secure IoT devices. We can
expect many more initiatives like that sim-
ply because the government alone cannot
combat this problem.
David Clarke, VCiso: Yes already happe-

ning, and needs to be at a business level.
Wade Lovell, Simpatic: No. Nation states

have their own agendas and huge budgets
as well as some of the brightest minds in
white hats. The so-called cooperation we
have seen so far has allowed them to
tamper with standards and implementa-
tions down to the level of the NSA alle-
gedly recommending elliptic curves it has
the means to break.
- 115 -
T HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
Michael A. Goedeker, Auxilium Cyber Se- Przemek (Shem) Radzikowski, Secbüro

curity: Critical Infrastructure, Defense and Labs: Akami’s statistics for 2015 show that
anything Big Data. Media & Entertainment (48%), High Tech-
nology (11%), Retail (9%) and Public Sec-
tor (5%) collectively accounted for 65% of
attacks. I’d put my money on this trend
Mark Bennet, Blustor: The healthcare and and say that these four segments will
related industries are already under tre- drive demand.
mendous pressure to address the tremen-
dous vulnerabilities in their legacy infra-
structure, medical devices, and data pro-
tection solutions. This is an area that is Kenneth C. Citarella, Guidepost Solutions:
gaining public awareness and will drive Government, banking and healthcare will
the demand for innovative solutions that fuel the demand for cyber security.
can help solve some of the industry pro- Andrew Bagrin, My Digital Shield: Pro-
blems without breaking the bank. bably retail and healthcare.
Wade Johansen, CouriTech LLC: Travel Wade Lovell, Simpatic: The security spent
and immigration services such as VISA in healthcare is expected to rise more
programs. than 20% but I think the biggest demand
will be among money center banks.
(Symphony, which serves a coalition of 19
banks, just raised another $100 million
David Coallier, Barricade: Strange answer this Fall.)
to this one but fashion and e-commerce
to us have strong signs of interest and
growth. Many companies in these indu-
stries do not traditionally have a strong Roberto Langdon, Nicolas Orlandini,
security culture and new products will KPMG: Cyber Security is a challenge for
come in and help them achieve that, grow the entire “Government-Private Corpora-
with security awareness at the very least. tions, SMB organizations, and professio-
Mayur Agnihotri: Cyber security services / nals” ecosystem. It requires to stay infor-
solution is one of the alarming concerns in med, well equipped, conscious about the
many critical industryies, such as BFSI: subject, and with policies and procedures
aerospace, defense, and intelligence, be- to let the people know how to do the
cause the biggest challenges of cyber se- things right, and how to react to a security
curity are education and training in 2015. issue or incident.
- 116 -
T HE INDUSTRY
Alina Stancu, Titania: Possibly healthcare. Anthony Di Bello, Guidance Software: He-
Although the financial sector, as well as althcare, retail, government and finance.
various governments, are stepping up se- A problem here is financial and consulting
curity efforts, due to the threat levels. (PWC, ATOS, Optiv, etc) industries have
Financial crime is not disappearing, the cash to corner much of the existing
though it is becoming more targeted, whi- talent.
le state-sponsored attacks, through their
complexity and persistence, require signi-
ficant resources and a wide range of spe-
cialised skills. The most stealthy attack Gerald Peng, Mocato: Retail, healthcare,
campaigns known to date (Stuxnet, Duqu, finance, and device manufacturing. The
Flame, The Mask) have been from state- first two will demand it due to the IP, con-
sponsored actors. sumer data and communications they
want to protect. Companies that process
electronic payments or produce IP-sharing
devices will also want protection against
Stephan Conradin: SCADA, critical infra- cyber threats in order to maintain consu-
structures. mer confidence and brand reputation.
Dotan Bar Noy, Re-Sec Technologies: Ac- David Clarke, VCiso: Demand is big, the
cording to the “Banking & Financial Servi- ability to pay isn’t, government, finance,
ces Cybersecurity: U.S. Market 2015-2020 pharmaceutical, legal.
Report”, by Homeland Security Research
Corp. (HSRC), the 2015 U.S. financial servi-
ces cybersecurity market will reach $9.5
billion, making it the largest non- BroadTech Security Team: Defence, he-
government cybersecurity market. In ad- alth care, power...
dition, the report concludes that this mar-
ket will be the fastest growing non-
government cybersecurity market, excee-
ding $77 billion in cumulative 2015-2020 Paul Hoffman, Logical Operations: Heal-
revenues. This is driven by an increase in thcare, they are so far behind. It will take
regulation and the demand for zero brea- years to get them off this list.
ches, shutdown time and information leak
systems.
- 117 -
T HE INDUSTRY
Leon Kuperman, Zenedge: Banking, Insu-

rance, Financial, Health Care, Retail.

The health industry as a result of the
upward trend in data breaches and the
lack of security maturity in this space.
Ondrej Krehel, LIFARS: Manufacturing.
- 118 -
T HE INDUSTRY
What do you think will change in the cyber
security market in your country?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC, US: The
curity, Germany: I hope that there will be push for BYOD will drastically drop this
better rates for experienced security peo- year in the US because of inherently inse-
ple. Right now many big customers pay cure devices that are not corporate con-
little for much, this is unbalanced and re- trolled, which could compromise entire
ally unfair as „cyber” security experts do a networks.
lot of learning and gain experience that is Dennis Chow, Millar, Inc Short: Advances
not paid. This experience „SHOULD” be in Threat Intelligence and Automatic Re-
paid but currently isn’t. At some point, we sponse in Systems.
will refuse to be undersold and not work
for minimal wages comparable to low pa-
id jobs that do not require special trai-
ning, certifications or degrees in addition Alina Stancu, Titania, UK: UK remains a
to real world experience. hotspot for disruption and advancements
in technology. But where recent years
have been explosive with new start-ups
and cutting-edge developments, 2016 is
Andrew Bagrin, My Digital Shield, US: Mo- converging towards a more consolidated,
re complexity and higher process. mature market. More defined classifica-
tions of security services are starting to
emerge. Export was a priority to the UK
government in 2015 and that was illustra-
Dotan Bar Noy, Re-Sec Technologies, Isra- ted best with the visit of Prime Minister
el: The latest data from Israel’s National David Cameron to US at the beginning of
Cyber Bureau indicates cyber exports in- this year, where he invited a trade delega-
creased from $3 billion (USD) in 2013 to tion of cyber security companies.
$6 billion in 2014, that constitutes about
10 percent of the global cyber market.
Israel is second only to the United States
as the largest exporter of cyber products. Julie Herold, Kenny Herold, Odin’s Eye,
This is made possible by the increasing US: We think the days of charging absurd
amount of highly skilled professionals. amounts of money for IT Security services
Israel’s unique security needs created a will be controlled as a result of the num-
focus on cyber security education in ber of competitors and it will put an end
schools, army service, and dedicated col- to the exorbitant and unfair pricing many
lages. Hopefully, we will see additional of the leading IT Security companies char-
Israeli vendors take their place as world ge.
leaders, such as Check Point, CyberArk,
etc.
- 119 -
T HE INDUSTRY
What do you think will change in the cyber
security market in your country?
Mayur Agnihotri, India: Yes, one of the Anthony Di Bello, Guidance Software, US:
biggest changes because of Prime Mini- Tough one to answer, depends on what
ster’s vision for India to take leadership in the next high-profile breaches have to
this critical and emerging space. Indian offer.
digital security market to grow at 8.3% to
$1.1 bn in 2015, says Gartner, Indian IT
security market reaches 1.2 billion next
year I expect. Main components contribu- Wade Lovell, Simpatic, US: In the United
ting to the growth of the Indian cyber se- States, there is a decent chance the fede-
curity market include: increased penetra- ral government will weaken encryption,
tion testing of IT services in the telecom, leaving a broader attack surface.
banking and insurance industries; the vul-
nerability of Indian IT infrastructure to
hackers; National Association of Software
and Services Companies (NASSCOM) and Roberto Langdon, Nicolas Orlandini,
Data Security Council of India launch the KPMG, Argentina: Checking really quickly
NASSCOM Cyber Security Task Force that the site http://map.norsecorp.com/ and
aims to build India as a global hub for pro- then you can see the online status of cy-
viding cyber security solutions, developing ber-attacks around the globe in real time.
cyber security R&D. What are we waiting to put our hands on
to just leave to be an observer, and be a
protagonist?
David Clarke, VCiso, UK: Legislation as per

other industries.
Gerald Peng, Mocato, Canada: Prolifera-

tion of fraudulent electronic payments, in
conjunction with an increasing number of
public corporate security breaches.
BroadTech Security Team, India: People

will be willing to pay external agencies to
conduct security audits and not just blin-
dly leave it to network/system administra-
tors.
- 120 -
W HO IS
WHO
Craig McDonald David Coallier

MailGuard, CEO and Founder Barricade, CEO
In 2001 I started MailGuard David Coallier is the chief executive

Pty Ltd (MailGuard). I saw a officer of Barricade. David is a tech-
world where online security nologist, an avid learner, and a se-
was going to be a growing rial entrepreneur with a passion for
concern. A key to solving artificial intelligence.
that problem was the need
for a simple and inexpensive way to manage unwanted
email and website content. MailGuard, in response to
that need, has pioneered a range of cloud security solu-
tions to provide complete protection against online Nick Prescot
threats such as malware, spyware, viruses and spam.
ZeroDayLab
My key focus for the moment is to support businesses
Senior Information
who continue to struggle with IT security. I want to con-
Security Manager
tinue growing through technology and allied partners-
hips.
As Head of GRC and incident re-
sponse , I am responsible for the
development and delivery of these
services to our clients. Whether
Stephan Conradin you need an assessment, review, audit and/or a consul-
I am an independant consultant with more than 30 ye- tation with your people,policies, procedures and pro-
ars of activities in information security as well as infor- cesses ZeroDayLab's award winning consulting services
mation systems. I have hold CISSP, CISM, CRISC, ISO can ensure that you are protected with the very best
27001, COBIT and ITIL certifications and a Master in advice; if you are unfortunate to be at the receiving
Information Security. end of a breach, you can be assured that the very best
people in the business are there to keep the hackers at
- 121 -
C YBER SECURITY
AWARENESS
Will the cyber community influence the level
of cyber security awareness?
Chase Cunningham, Cynja: How can we work towards improving cyber security awareness in 2016? Cyber-
space isn’t the Magic Kingdom. It’s the Wild West—only worse, as it’s a place where it’s really difficult to
observe people as they make choices and experience the consequences. So corporate social responsibility
programs try to drive a consciousness-raising dialogue among young people to fill the void. Sadly, what
they deliver is often hopelessly lame and condescending. They miss that creating cybersecurity awareness,
especially among kids, takes serious effort—and that in the case of our digital lives today, one that has to
be backed by the creative vision necessary to set out and define this new frontier. This is something new—
something we never experienced before.
Instead, many large companies who have the revenues to do this simply don’t. They justify their limited
efforts by claiming to only have a “limited budget” for guiding kids on how to protect their future. Some
corporations just want to tick a box to show that they are “helping the children” and move on. And so kids
are shown silly dogs, flying saucers, or the occasional cyber kitty—accompanied by bullet point guidance
more suitable for corporate PowerPoint presentations. Seriously, how are we as an industry going to inspi-
re kids to want to make smart choices online with PowerPoint and clip art?
Our kids and our children’s children are going to be the ones who will see new technologies and methods
of compromise we haven’t even considered. As an industry, we must take this responsibility seriously ra-
ther than treat it like an optional line item to be squeezed by our finance departments. We need to educa-
te and train kids to be cyber smart and involve more kids in our industry. Today, too many companies focus
on the now, rather than the later. That behavior simply means our industry is shorting an entire generation
of children’s digital future. It’s very sad to watch.
Mark Bennet, Blustor: The cyber commu- Ondrej Krehel, LIFARS: Lawmakers and
nity can have a tremendous influence on corporations are the big movers. Money
public awareness by evangelizing and makes people do things.
working with the media to bring serious
issues to surface. This requires a level and
style of communication that “mere mor-
tals” can understand and using examples Elizabeth Houser, Praesidio: Yes, but in a
that clearly show the potential consequ- reactive manner. The level of cybersecuri-
ences. As a community, we need to enco- ty awareness is most greatly influenced by
urage and support cyber security experts the publicizing of breaches and litigious
to share their stories, concerns, and po- actions that follow.
tential solutions with the rest of the
world.
- 122 -
C YBER SECURITY
AWARENESS
Richard De Vere,The AntiSocial Engineer: Roberto Langdon, Nicolas Orlandini,

In the UK, we are starting to form smaller KPMG: Awareness is one of the most im-
clusters of computer security experts, this portant (if not the most) topics the corpo-
is designed to give smaller businesses aro- rations need to address. Cybersecurity is a
und us access to good sound advice. Soon, process, not a product or a department
all the UK will have a network of talent to within the company. This needs to be
lean upon. addressed using a top-down-top appro-
ach. Needs to reach the entire organiza-
tion.
Einaras Gravrock, Cujo: Absolutely. I think

cyber security researchers, as well as ethi-
cal hackers have been very vocal for years Francisco Amato, Infobyte: I don't think
about security issues and finally they are so, it depends a lot on the culture and the
being heard. We have reached the point country, but in general people start to
where a significant dialogue is happening grasp cyber security threats posed to
around the world and cyber security them more from problems or news that
experts are a big part of that dialogue. happen in companies on a daily basis than
from warnings from IT sec professionals.
To give an example, people for quite a
few years have known that they need to
Amit Serper, Cybereason: Absolutely - all do backups for security reasons, for nor-
the recent data breaches have thrust cy- mal problems with hard discs that break,
ber security into the spotlight. Now that etc. Today, with attacks done with Ran-
it’s on it, Cyber security leaders will also somware, we can see now that simple
“cross the chasm” and become much mo- backups don't always get the job done. It
re visible as cybersecurity champions and is possible that this type of attack ends up
evangelists. raising awareness about the importance
of safeguarding one's information, becau-
se not only is there the chance of your
hard disc breaking but when a Ransomwa-
Wade Johansen, CouriTech LLC: Yes, it’s a re is able to capture all your information
key factor in getting needed information and extort money from you in order for it
out to the public quickly so actions can be be returned. The same kind of things
taken immediately as needed. If you wait happen when almost weekly a new com-
for the news to report it, then chances are pany has their information compromised
it’s already old news to the cyber commu- and people seeing this in the news start to
nity. ask themselves how they can protect
themselves and their organization.
- 123 -
C YBER SECURITY
AWARENESS
Kenneth C. Citarella, Guidepost Solutions: Andrew Bagrin, My Digital Shield: Yes,

Cyber security awareness must develop they are doing it already and will continue
within the user community at all levels. to improve.
No matter what security experts say, un-
less the need for security is well understo-
od and adopted as a policy and a practice,
we cannot become more secure. David Clarke, VCiso: No, awareness plus
strategy and technology will.

No, the topics are too complex and there- Leon Kuperman, Zenedge: Yes, the trend
fore not palatable for anyone that is not will continue.
IT savvy as well as IT Security savvy.
Wade Lovell, Simpatic: Yes, those of us

Anthony Di Bello, Guidance Software: Cer- who cried “Wolf!” are now seen as well-
tainly, and already are doing so through informed instead of paranoid. “Your mind
things like national cyber security aware- is working at its best when you're being
ness month (October). paranoid. You explore every avenue and
possibility of your situation at high speed
with total clarity.” ― Banksy, Banging Yo-
ur Head Against a Brick Wall.
Nick Prescot, ZeroDayLab: Yes, because of
the legislative drive that is happening but
it will become more of a business issue.
Stephan Conradin: Yes. We must influence
because we are in front line.
Alina Stancu, Titania: Yes, the security

community is the only one to drive aware-
ness among the non-technical public. Michael A. Goedeker, Auxilium Cyber Se-
While there is an argument to be made curity: That is our (its) responsibility. We
regarding scaremongering by some ven- must continue as an industry to teach and
dors, there are genuine businesses in the make aware but in ways that are different
industry that wish to inform and educate than before. Its cool and hip to be secure,
as well as develop a thriving business and it's a way of life that everyone should
support economic growth. have.
- 124 -
C YBER SECURITY
AWARENESS
How can we work towards improving
cyber security awareness in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Dennis Chow, Millar, Inc: Add gamifica-
curity: Talk, present at Bsides and other tion theory to the community which will
security conventions, boycott the selling encourage active participation in impro-
of speaker slots (for money) by sales com- ving security awareness as a whole.
panies.
Amit Serper, Cybereason: Start cyber se-

Elizabeth Houser, Praesidio: Fund and ma- curity education and awareness training in
ke mandatory cybersecurity training for elementary school.
users.
David Coallier, Barricade: The only way we

Richard De Vere,The AntiSocial Engineer: can work towards improving cyber securi-
We should all stop bashing people over ty awareness is by building tools that are
the head with cyber security. It’s time we not exclusively made for security experts.
turn our expertise to our family and We are very bullish on the concept of
friends. The big corporates will always be bottom-up security. Traditionally, security
responsible for their own security but the has been mandated from the top-down.
common person in the street is at risk dai- A C-Level would push for the security
ly from preventable attacks. standards to be put in place and it would
become more a chore to the people who
are actually managing the day-to-day ope-
rations, developing the online applica-
Stephan Conradin: Communicate, collabo- tions, etc. Many new products, such as
rate, explain again and again. Barricade, empower the developers and
operations teams first, then they allow
the organisation to grow with it. Engine-
ers by nature want their work to be
Wade Johansen, CouriTech LLC: Social better. New products allowing developers
awareness. There is a stigma that goes to produce better code and allowing the
with being the one to say something, and operations teams to deploy and manage
then maybe being contested by others. their infrastructure with confidence are
Standing up for making any improvements required. Security is rarely at the top of
in security is hard because it’s essentially the priority list for most SMBs and it
non-conformist in nature. However, it's a shouldn't change. What should change
critical part of moving any society forward are the products those companies use in
when we speak about raising security order to manage their security.
awareness.
- 125 -
C YBER SECURITY
AWARENESS
Mayur Agnihotri: Some points which are Ondrej Krehel, LIFARS: Make it law to
first clear for audience and trainers are: have cybersecurity guards just as they
Don’t confuse cyber awareness programs have regular security guards.
with security training; • Include posters,
newsletters, email tips, blogs and remin-
ders; • Cyber security awareness im-
proves by changing culture (changing be- Wade Lovell, Simpatic: Launch meaningful
haviors {Relate cyber awareness to perso- social media campaigns with star collabo-
nal life, family, home and corporate }) • rators. • Buy a Guy Fawkes mask and help
Creating a Culture of Cybersecurity at take down ISIS or contribute to Anonymo-
Work / organization • Cyber security us in other ways.
events must be started at small and me-
dium size companies, schools, colleges
and society.
Paul Hoffman, Logical Operations: Just
keep the message out there. The hackers
are helping by creating News.
Government leaders at all levels must en-
gage in a protracted and serious discus-
sion of issues about cyber security. Some Gerald Peng, Mocato: I believe that too
have begun that effort, but it must be mo- often, awareness happens when there is a
re widespread and focused on specific cyber disaster like Target or Ashley Madi-
efforts to be undertaken by government, son. Part of the problem is the highly spe-
business and private individuals. cialised nature of cyber security. I believe
that to keep cyber security top of mind,
the discussion has to become proactive
and accessible by non-industry people.
Continue to have breaches, spamming
initiatives, malware campaigns whether
targeted or not, successful take downs for Rajeev Chauhan: The weakest link in the
illegal activities, and other information chain of cybersecurity is the lack of awa-
regarding cybercrime activity and reduc- reness amongst the users at all levels,
tion being advertised for the sake of awa- starting from home users to corporate
reness. If non-IT savvy end users do not users. Concentrated efforts to create awa-
have a direct impact to them personally, reness has to be undertaken by schools,
we will not see improvement. colleges, communities and corporates.
- 126 -
C YBER SECURITY
AWARENESS
BroadTech Security Team: Making cyber David Clarke, VCiso: Security should be at
security mandatory in curriculum. • Short board level, and legislated for.
interesting articles in print and visual/
cyber media, etc., are what our organiza-
tion does in collaborating with the state
police. • Conduct workshops. Andrew Bagrin, My Digital Shield: We ne-
ed to separate myth and reality. The rea-
son awareness is taken with a grain of salt
is because something is always trying to
Nick Prescot, ZeroDayLab: There won't be be sold.
a magic wand to deliver, it's an education
strategy.
Anthony Di Bello, Guidance Software: Do-

ing what we can to make it a mainstream
issue. Part of which involves being able to
speak in everyday terms and with relata-
ble examples to folks outside our industry.
Alina Stancu, Titania: We can demand for

better legislation to reflect the concerns
of individuals and businesses. There is, of
course, the danger of over-regulation and
crippling costs of compliance can be di-
scouraging to small businesses. That is
why the security industry can cooperate
to develop helpful, free tools to support
even firms on small budgets to achieve a
basic level of security. If we raise the bar
step by step, we can then focus on in-
novating more, collaborating better and
living safer.
- 127 -
C YBER SECURITY
AWARENESS
What obstacle in awareness will remain unsolved?
Mark Bennet, Blustor: Many cyber securi- Leon Kuperman, Zenedge: The fundamen-
ty risks are shrouded in complexity that is tal miscommunication and misunderstan-
difficult for the general public to fully ding of how technology works and what is
grasp. The cyber security community and vulnerable.
the media need to work closely together
to simplify and distill these risks into eve-
ryday terms that the public and our legi-
slatures can better understand. Wade Johansen, CouriTech LLC: The reali-
zation of what firewalls and cryptography
can really do for protection, and the im-
portance of retaining offline backups.
Michael A. Goedeker, Auxilium Cyber Se-
curity: That people listen and change
their habits. This can only be done by
experiencing the pain of breaches (or so it Dennis Chow, Millar, Inc: Resources, not
seems). enough time and or money for polished
programs at all the various entities from
small to large.
Richard De Vere,The AntiSocial Engineer:

I think awareness and perception to cyber
crime is a hard battle, people can’t see Kenneth C. Citarella, Guidepost Solutions:
most attacks, they have a tendency to The biggest obstacle will be personal con-
ignore issues and hope it will be OK. With duct. Everyone likes to push cyber securi-
more and more breaches hitting the me- ty off to the firewall, the system opera-
dia in 2015, people are starting to be mo- tors, the programmers or anyone else
re aware - but have a long way to go! they can. We all must recognize that how
we use whatever computer we are on,
just like we drive a car, is critical to our
safety.
Alina Stancu, Titania: The industry is still
ridden with technical jargon. To the
“uninitiated” public, this can be off-
putting and impenetrable. There is a per- Elizabeth Houser, Praesidio: The precise
ceived lack of interest even regarding the formula of situational awareness, motiva-
steady reports of breaches and cyber- tion, and behavior modification to increa-
crime. Perhaps it is time to learn how to se user participation in routine cybersecu-
translate the industry in practical business rity.
terms.
- 128 -
C YBER SECURITY
AWARENESS
What obstacle in awareness will remain unsolved?
Ondrej Krehel, LIFARS: Having a security BroadTech Security Team: Rapport. Peo-
professional and not just “security aware” ple don’t understand the InfoSec langua-
staff. ges and jargon. So things have to be sim-
plified while spreading awareness.
Stephan Conradin: The ability of people to

understand they are a big part of security.
There is no magic bullet to educate the
average end user.
Paul Hoffman, Logical Operations: Trai-
ning v. production. We can’t stop produc-
tion for training. So we are having to
squeeze training in as minimally as possi-
ble is the mindset for most companies.
David Clarke, VCiso: Board level buy in,
companies have legal, finance compo-
nents they are there for compliance and
Nick Prescot, ZeroDayLab: It won't happen legal reasons, cyber needs to be there as
to them so they won't worry about it. well.
Wade Lovell, Simpatic: Inertia. It is a po- Andrew Bagrin, My Digital Shield: The
werful force. “The vis insita, or innate for- trust, because cybersecurity is a complex
ce of matter, is a power of resisting by thing to understand and trust someone
which every body, as much as in it lies, about.
endeavours to preserve its present state,
whether it be of rest or of moving uni-
formly forward in a straight line.” Isaac
Newton.
Anthony Di Bello, Guidance Software: The

human factor can only be mitigated, not
solved. Even with the best security aware-
ness program, 1/100 people will still click
that well-crafted phishing email.
- 129 -
C YBER SECURITY
AWARENESS
What role will awareness play in corporate cyber security?
Michael A. Goedeker, Auxilium Cyber Se- Kenneth C. Citarella, Guidepost Solutions:

curity: A big one. Awareness pays many Security awareness is the key to our secu-
dividends to any company that invests in rity, ultimately. This is true for individu-
them. There are neutral statistics that als, as well as businesses and governmen-
prove that awareness campaign training tal agencies of all sizes. We must know
decreases successful password hacking our weaknesses, understand what the
and social engineering attacks (two of the attackers do and remove practices that
most difficult attack vectors to secure be- create vulnerabilities.
cause of human nature vulnerabilities).
Wade Johansen, CouriTech LLC: Realiza-

Andrew Bagrin, My Digital Shield: More tion of the threat landscape which evolves
training and testing of social engineering. daily is a technical cyber security challen-
ge and often a nightmare. True awareness
requires many things, including social me-
dia integration, which often is blocked on
Elizabeth Houser, Praesidio: The lack of most corporate networks - accurate re-
user awareness and inattentiveness will porting from real-time systems which
continue to pose a threat to corporate often display false positives - and
cybersecurity infrastructure. knowledge by the technical staff to be
able to interpret the data when anomalies
are encountered. Target is an example of
a breach where the systems were pointing
Julie Herold, Kenny Herold, Odin’s Eye: to an event in progress, and it was repea-
We think there will have to be tighter con- tedly ignored as an anomaly that wasn’t a
trols given the BYOD policies many com- danger.
panies and organizations are implemen-
ting and deploying within their organiza-
tions to protect the end users from them-
selves. Richard De Vere, The AntiSocial Engineer:
Awareness and a good understanding of
the nefarious people that we can all enco-
unter online is the main objective. You
Ondrej Krehel, LIFARS: It helps but you can’t expect people to care about their
really need a professional. No one says to digital security if they don’t have the per-
a secprof you should be accounting aware ception of what's out there today.
so we don’t need accountants, so why the
other way?
- 130 -
C YBER SECURITY
AWARENESS
What role will awareness play in corporate cyber security?
Paul Hoffman, Logical Operations: It will

play the biggest role. No software or har- Gerald Peng, Mocato: Awareness will po-
dware can make up for an unaware em- sitively impact corporate cyber security by
ployee clicking, or not changing a pas- facilitating support and investment in cy-
sword, or any number of things that leave ber security protocols and tools.
the cyber door wide open.
Stephan Conradin: Crucial, employees

must understand that cyber security if not
BroadTech Security Team: In many star- a black box like a firewall, it is a conti-
tups, there are no firewalls and the lap- nuous process and they are involved.
tops are connected directly to internet
through WiFi. In such cases, end point
security is of prime importance and users
should be made aware. In most corpora- David Clarke, VCiso: The awareness is the-
tes, awareness training is given, I suppose, re, it’s the incentive to implement that
and their focus should be on making peo- isn’t.
ple compliant to the security instructions.
Nick Prescot, ZeroDayLab: Users are beco-
ming more aware and this will be a con-
stant education exercise. David Coallier, Barricade: This is going to
be immense. For corporate awareness to
kick in, security needs to be implemented
bottom-up as a cycle rather than top-
Wade Lovell, Simpatic: Maybe, just may- down as a mandate.
be 2016 is the year cyber security beco-
mes a Board issue rather than an IT issue.
Dennis Chow, Millar, Inc: Eventually, it
will become standard as part of other po-
licies and procedures signed like an AUP.
Anthony Di Bello, Guidance Software: A
large role, many organizations already
have some form of cyber awareness pro-
gram. If nothing else it will help minimize Mayur Agnihotri: Organization’s people
the risk of social engineering attacks, have a key role to play in effective cyber
which are leveraged extensively in the security.
first phase of most compromises.
- 131 -
W HO IS
WHO
Nicolas Orlandini Gerald Peng
KMPG Mocato, Founder
Director Forensic Services
He is a Director of KPMG’s Cyber Gerald Peng is the founder of

practice and a member of the Mocato Inc., a consulting firm
Forensic Technology team, spe- that specializes in digital foren-
cializing in digital response servi- sics, E-Discovery and data ana-
ces and cyber investigations. He lytics. In the last 12 years, Ge-
is specialized in identification, rald has provided services in
preservation and collection of computer forensics, incident
electronic stored information management and information
(ESI ), data leak prevention and security. He has worked closely with financial institu-
detection, information protection and incident respon- tions, law firms and government to perform computer
se, and information security audits. He also has a forensic investigations and fraud analysis. Gerald is a
strong background across the electronic evidence certified computer forensic examiner (EnCE, GCFE), Cer-
acquisition protocols and chain of custody regarding tified Fraud Examiner (CFE), Certified Information Sys-
eDiscovery matters or internal investigations. He deve- tems Security Professional (CISSP), and Certified E-
loped and leaded the Forensic Technology Lab in KPMG Discovery Specialist (CEDS). He is also a member of the
Buenos Aires – Argentina office for many years, provi- High Technology Crime Investigation Association
ding evidence collection, processing and hosting to (HTCIA), and a graduate of McMaster University’s Com-
companies and law firms located across Latin America, puter Engineering and Management program.
including clients located in Argentina, Brazil, Chile, Uru-
guay, Paraguay, Bolivia, Peru, Venezuela, Ecuador, Co-
lombia, Panama, Curacao and Costa Rica.
Francisco Amato
Infobyte, CEO
He is a researcher and computer security consultant who works in the area of vulnerability Deve-
lopment, blackbox testing and reverse engineering. He is CEO of Infobyte Security Research
(Infobyte LLC) www.infobytesec.com, from where he published his developments in audit tools
and vulnerabilities in products from companies like Novell, IBM, Sun Microsystems, Apple, Micro-
soft. His last work was evilgrade a modular framework that allows the user to take advantage of
an upgrade process from different applications, compromising the system by injecting custom
payloads. Founder and organizer of ekoparty south america security conference.
- 132 -
M ISCELLANEOUS
LogRhythm’s Predictions for Cybersecurity
An uptick in all-in-one home surveillance systems. We are seeing more motion sensing/camera/
recording devices in the home that can be managed through personal devices. This type of technology will
continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.
A rise in the use of mobile wallet apps. Like having virtual money and an ID in one’s pocket, mobile wallet
apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is
directly tied to one’s mobile phone which is a critical access vector for cyber threats.
New model of what to protect. Instead of a mandate to “protect everything on the network,” IT staffs
must work more like a unit, centralizing and protecting the most critical resources. This approach moves
defense-in-depth to the most critical business components of the organization.
Identity access management: The unsung hero. Companies will be investing more money and R&D reso-
urces in behavior-based modeling, analytics and identity access management to track behaviors. More cu-
stomers are asking about it, which will motivate the rest of the industry to follow.
The next big attack target: Education. This industry has a plethora of data that cyber criminals want - cre-
dit reports, personally identifiable information (PII), donor money, tuition money. And these institutions
are not doing an adequate job of securing all their systems. Add to that the myriad “customer” – namely
professors, student, parents, administrators – and you have magnified the attack vectors exponentially.
Emergence of hacking for good. More organizations, like Anonymous, will be leaving the dark side and
hacking for the public good. They are more motivated by the notoriety and publicity on social media than
for financial gain. Teens are learning to program on their own; high schools are introducing technology and
coding to get this generation aware of and more proficient in this industry. Younger generations are finding
coding and programming cool. This is the next gen workforce that we hope will continue to want to posi-
tively impact society.
Security is in a renaissance. Security is a hot space. And the fact that CISOs are getting a seat in the Boar-
droom is another indication of the importance of this industry for all organizations, regardless of the verti-
cal market. Many companies still don’t have adequate security infrastructures, awareness or training to
defend themselves. There will also be consolidation. Companies will either “get it” or not, and govern-
ments will start ramping up regulations.
- 133 -
M ISCELLANEOUS
LogRhythm’s Predictions for Cybersecurity
Next steps for CISA, open sharing of threat intelligence. Critical infrastructure will emerge as more com-
panies in various sectors, such as energy, financial and healthcare, join in. The principle and the intention
behind the creation of a more collaborative community for the open sharing of threat intelligence is grand,
with two distinct sides of the political aisle. We will either see a big push or nothing happen at all.
Ransomware gaining ground. The ransomware-style of attack is powerful and expanding into Macs and
mobile devices, making it easier to target consumers. Criminals can gain big profit by locking down an enti-
re system; victims have no choice but to pay. Although consumers are ripe for the picking, businesses are
not immune to this approach.
Vendors need to step up – Despite the running list of breaches, many companies still do not have an
adequate security infrastructure to defend itself against cyber criminals. And we cannot rely on consumers
to know how to protect home systems. It is up to the security vendors to build better software, systems
and patching mechanisms, as well as offer training and services to protect people, companies and their as-
sets.
- 134 -
M ISCELLANEOUS
IBM’s Predictions for Cybersecurity
Bob Stasio, senior product manager for cyber threat analysis, i2 Safer Planet:
The market for behavioral analytics and threat detection offerings will continue unabated • Large financial
organizations will continue divesting themselves of managed security services to create their own fusion
centers • “Big X” consulting firms will offer their customers cyberintelligence-as-a-service consulting op-
tions • Companies and government agencies will begin using block-chain encryption to protect against
cyberthreats • Private organizations will increase their visibility into the dark web to become more proac-
tive about cyberthreats than ever before.
Shahid Shah, CEO, Netspectives Communication:

The market for behavioral analytics and threat detection offerings will continue unabated • Vulnerability
curators will become increasingly prevalent as companies learn to share breach data • Companies will
begin properly inventorying digital assets and data as part of their risk management strategies, heightening
understanding of threat surfaces and ways of minimizing them • Third-party libraries and software compo-
nents will increasingly gain attention as CIOs and CISOs realize how many vulnerabilities they create.
Todd Rosenblum, senior executive for worldwide big data, i2 Safer Planet
Auditability and managed access of US citizens’ personal data will be an increasingly important require-
ment for US national security agencies • The international community will create safe zones in Syria to
stem the mass migration to Europe, and big data analytics will play an integral role in enforcing identity
resolution and border security in those safe zones.
Andrew Borene, federal manager, i2 Safer Planet

Continued cybersecurity breaches and state-sponsored cyber espionage will lead to spikes in cybersecurity
spending on both workforce and software solutions • New data sources arising from the Internet of Things
and biometrics will lead to a renewed government interest in using big data to prevent terrorism.
- 135 -
M ISCELLANEOUS
Kenneth C. Citarella, Guidepost Solu- David Clarke, VCiso:

tions: Every year we learn about new Cyber Security Vendors who can spend
intrusions and new breaches until we the most on R & D and who have market
have almost become numb from the re- positions now will dominate the Informa-
lentless reports. It will not change in 2016 tion Security Marketplace. • The CISO
unless there is serious cooperation among role will need to change from being part
all levels of government, the computer of IT and report to either directly to the
industry and network owners, coupled CEO or at least to Legal or Finance board
with serious diplomatic pressure from the members. • Legislation or pressure from
U.S. government on the international Cyber Insurance, will enforce that certain
front. cyber security components are mandated,
eg strong authentication. Other industries
such as the car industry, aero, nuclear and
building have many mandated safeguards
Richard De Vere,The AntiSocial Engineer: already, seat belts, vehicle checks, crash
The industry hasn’t taken the large steps standards. An unsafe vehicle cannot be
it needs yet to focus on security first and put on the roads, unsafe aircraft in the air,
profit second. Finance still leads most bu- thus unsafe IT would not be permitted on
sinesses security implementations in 2015 the electronic highways.• Governments
and for our selfish greed in this matter, may need to provide assistance on protec-
we will see security breaches and online ting information superhighways similar to
crime rise like it has done every other the way the road systems and airspace is
year previous. This is good for business in protected. • Cyber Security will need to
the short term yes, but the industry become an outsourced function due to
should seek to help people reduce crime complexity, rapidly evolving cyber techno-
before our business model collapses on logy, huge amount of Data to be proces-
itself. sed and analysed, intricate threats, and
exponential skills shortage.
Wade Johansen, CouriTech LLC: Organi-

zational hacking will become a normal Irfan Shakeel, EH Academy: The impor-
course of business and defense, if botnet tance of incident handling and digital fo-
time and crypto ransomware services can rensics will increase. The community will
be bought for as little as $50 for an acco- invest their time and resources to develop
unt, I believe you will see similar services and create the effective work-process to
being more readily available for purchase solve hacking cases.
such as hackers for hire.
- 136 -
M ISCELLANEOUS
Kris Rides, Tiro Security: I think we will

see more attacks coming through small
vendors to larger companies. Many high
tech vendors who are providing niche se-
rvices have little or no security posture
making them an easy way to get at the
real target. We are already seeing SMB’s
increasing their spend on security as they
realize it can be a differentiator when it
comes to winning new business against
competitors.
- 137 -
W HO IS
WHO
James Carder Greg Foss
LogRhythm LogRhythm
CISO & VP Security Operations
Team Lead
He has over 18 years of He is LogRhythm’s Security
experience working in cor- Operations Team Lead and
porate IT security and con- a senior researcher with
sulting for the Fortune 500 Labs, where he is tasked
and U.S. Government. At with leading both offensive
LogRhythm, he develops and defensive aspects of
and maintains the company’s security governance mo- corporate security. He has just under a decade of expe-
del and risk strategies, protects the confiden`tiality, in- rience in the Information Security industry with an
tegrity and availability of information assets, oversees extensive background in Security Operations, focusing
threat and vulnerability management and the Security on Penetration Testing and Web Application Security.
Operations Center. He also directs the mission and stra- Greg holds multiple industry certifications including the
tegic vision for the LogRhythm Labs machine data intel- OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among
ligence, threat research, compliance research, incident others. He has presented at national security conferen-
response, and threat intelligence teams. He holds a Ba- ces such as DerbyCon, AppSecUSA, BSidesLV, and is a
chelor of Science degree in Computer Information Sys- very active member of the Denver security community.
tems from Walden University and is a Certified Informa-
tion Systems Security Professional.
Dennis Chow
Millar Inc, Security Manager, Incident Response
He is a security practitioner that has over 10 years of combined IT and Information Security experien-
ce. Dennis currently leads Information Security efforts at Millar, Inc. as their Network Security Mana-
ger. In addition management and practitioner experience, Dennis has consulted for various clients
within Oil and Gas, Healthcare, Defense, and other critical infrastructure industries. Dennis also holds
several industry known certifications including the GCFA, GCIH, GCIA, GPPA, CISSP, E|CSA, C|EH, and
L|PT and is currently the Program Manager for a collaborative Cyber Threat Information Sharing
Grant by the Department of U.S. Health and Human Services.
- 138 -
W HO IS
WHO
Bob Stasio Andrew Borene
Senior Product Manager of Cyber Federal manager, i2 Safer Planet
Analysis at IBM i2 Safer Planet
Bob Stasio is the He brings nearly
Andrew Borene provides executive
14 years of rare expertise fighting leadership for IBM’s i2 Safer Planet
top tier malicious actors through Federal business team. He served
his work in the intelligence com-
as Associate Deputy General Coun-
munity, the U.S. Military, NSA and sel at the U.S. Department of De-
commercial sector. Bob served on fense and is a former U.S. Marine
the initial staff of US Cyber Com- Corps military intelligence offi-
mand. Serving in Iraq during “The cer. Prior to joining IBM, Mr. Bore-
Surge,” Bob’s intelligence unit
ne was a Counselor to the interna-
supported the detainment of over
tional law firm of Steptoe & John-
450 high-value targets.
son LLP. His career includes leading
corporate development at a micro-
robotics startup and U.S. intelligen-
Todd M. Rosenblum ce community program manage-
Senior executive for worldwide big ment for a publicly-held big data
data, i2 Safer Planet company. He is active within le-
ading public-private initiatives for
improved U.S. national security,
Todd M. Rosenblum joins IBM as a global leadership and technology
Senior Executive for Global Busi- growth.
ness Development. He is responsi-
ble for identifying market engage-
ment opportunities for IBM’s Safer
Planet, Enterprise Insight Analysis Shahid Shah
suite of capabilities. Todd focuses CEO, Netspective Communications
especially closely on deepening He is an award-winning Govern-
collaborative partnerships with ment 2.0, Health IT, Bio IT & digital
senior executives in the United Sta- Medical Device Inventor & CTO
tes Government, U.S. State, local with over 25 years of technology
and private sector companies, as strategy, architecture, engineering,
well as worldwide defense, intelli- entrepreneurship, speaking, and
gence and law enforcement institu- writing experience. He is the chair
tions. of the #HealthIMPACT Forum.
- 139 -
A DVICE
What advice would you give to fellow cybersecurity
professionals going into 2016?
Mark Bennet, Blustor: Cyber security pro- Rajeev Chauhan, Cyber Oxen: Be suspi-
fessionals and the industry need to chal- cious, but don’t be paranoid about securi-
lenge our current paradigms that often ty, the best approach is having preventive
involve centralizing and attempting to measures in place.
control every element of data flowing in
and out of the systems under our protec-
tion. We are in a leaky ship and bailing
the water out faster isn’t really solving the Amber Schroader, Paraben Corporation:
problem. We need to look closer at the Vigilance to where we are leaving our di-
underlying root issues, which include gital identities. We are expanding out to
things like immutable human behavior more and more layers that hold informa-
and the inherent weakness of outdated tion tied to who we are and not thinking
security mechanisms such as usernames, how to protect and secure each of those
passwords, and PINs. Until we do that, at layers. We need to focus on knowing what
best we are just keeping our heads above is where as we look at a cyber future with
water. devices tied to ourselves at every corner.
Kenneth C. Citarella, Guidepost Solutions: David Coallier, Barricade: If you have to go

Be patient when reminding others, be to one conference this year, go to a confe-
vigilant, and hold on tight. rence that's NOT about security. Maybe a
software or cloud conference. Talk to peo-
ple about security and note their eye-roll/
exasperation reactions. Security is scary,
Mayur Agnihotri: “Keep seeking out new and it's adversarial. Let's break down the
things to learn and master what you barrier and make security something mo-
know.” re natural.
Wade Johansen, CouriTech LLC: You will Nick Prescot, ZeroDayLab: Talk security as
never be right 100% of the time, don’t let a business issue and not an IT issue. IT
it stop you from being right 1% of the ti- creates the systems that process data, the
me. Also, if you have a one-in-a-million business are the ones that process the
idea to improve something, then there data and the operations teams are the
are 8,000 other people on this planet ones that are responsible for the data.
thinking the exact same thing as you... be
the first to say it out loud.
- 140 -
A DVICE
Mitchell Bezzina, Guidance Software: The Alina Stancu, Titania: Keep on top of com-
“assumption of compromise” mindset has pliance, as that will remain important in
been gaining notoriety within Security ensuring baseline security. Certification
teams, it takes the active defense appro- against governmental or business accredi-
ach where security teams consciously tations will travel down the supply chain
hunt for organization threats rather than as more suppliers demand that businesses
rely on technology to alert. The personnel present some form of security assurance
problem does not help this cause but buil- of their product and services.
ding teams from parallel skillsets is the
only way to ensure there are more securi-
ty professionals, and don’t concern your-
self with a flooded market – there will Gerald Peng, Mocato: Your role is more
never be enough skilled cybersecurity broad and important that you may imagi-
specialists. ne. Protecting the public from cyber-
attacks on their IT infrastructure and devi-
ces will help deter cybercriminals from
their spheres of activity. Our focus must
Roberto Langdon, Nicolas Orlandini, extend past our employers and clients.
KPMG: Our vision of what will be going in We must collaborate to secure our data
2016, is that there have been several ca- sovereignty, and reduce any weak points
ses where the forensic investigation hel- in our systems.
ped to discard false hypothesis, false
conclusions, and these aspects are sho-
wing the importance of this discipline to
be used strongly each time, and so on in Paul Hoffman, Logical Operations: Jump in
the future. As the forensics doctors said with both feet.
“a dead body can still tell information re-
garding to resolve a murder”, the infor-
mation technology recipients or devices
can bring more than we can imagine, in Dotan Bar Noy, Re-Sec Technologies: We
order to resolve frauds or criminal cases. live in exciting challenging times and are
receiving public attention as well as enter-
prises boards. We need to make sure the
advice and solutions we are offering are
Stephan Conradin: Learn, understand, not just adding layers of more of the sa-
have global view, learn again, understand me, but substantially improve the overall
again. enterprise security while keeping organi-
zation productivity untouched.
- 141 -
A DVICE
Michael A. Goedeker, Auxilium Cyber Se- David Clarke, VCiso: Keep Going. Keep the
curity: LEARN HOW TO HACK THINGS, Be Passion.
curious, always continue to learn new
things and technology. Stay informed and
aware, assume every OS, Application and
piece of hardware can spy on you, has
weaknesses and needs to be verified. Se-
curity is a business process just as much
as it is a technological one, never EVER
forget this. Security protects IP, revenue
and the business. Be creative, think outsi-
de the box.
BroadTech Security Team: Stop hype. Le-

arn your stuff. Know what you are talking
about. Keep yourself updated daily & sha-
re your knowledge with others. Stop using
jargon and fancy words and explain things
clearly to people. Our job is to keep things
secure and not to show off our knowledge
or expertise. One more prediction. Once
Hammer2 is feature complete, Dragon-
FLYBSD implements single sign on and
redundancy using CARP, etc. The way of
doing cloud computing will take a new
turn.
Craig McDonald, MailGuard: The number

one tip is to plan a 360 degree approach
to cyber security. Understand all your bu-
sinesses attack vectors and how these can
be infiltrated by cyber criminals. Blocking
threats through the use of cloud security
services such as email and web filtering
should be the first line of defence – pro-
tecting the organization’s network.
- 142 -
C ONTRIBUTING
COMPANIES
- 143 -
- 144 -
- 145 -
- 146 -
- 147 -

Predictions For Cyber Security in 2016

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Predictions For Cyber Security in 2016

Caricato da

Copyright:

Formati disponibili

Dear readers,

TEAM: We are approaching the end of the year, so it is time to think

14 Recruitment  What will change in the talent pool?

29 Training  What role will formal education play in 2016?

63 Mobile  Which mobile phone will be the most secure one?

76 Internet of Things  Will IoT force the industry to change?

91 Tools of the trade  How will tools evolve in 2016?

133 Miscellaneous  Predictions for cybersecurity

143 Contributing companies

Rajeev Chauhan, Cyber Oxen: Sony Hack and

David Clarke, VCiso: Talk Talk Breach • Ran-

Stephan Conradin: Theft of sensitive data •

Paul Hoffman, Logical Operations: Two Steps

Amit is an Information security re- I am passionate about technology,

The founder & CEO of ehacking

Michael A. Goedeker, Auxilium Cyber Se- Chase Cunningham, Cynja: Unfortunately,

Dennis Chow, Millar, Inc: There will be

Julie Herold, Kenny Herold-Odin’s Eye:

Mitchell Bezzina, Guidance Software: In-

Einaras Gravrock, Cujo: The demand will

Anthony Di Bello, Guidance Software:

Ondrej Krehel, LIFARS: More talented

Stephan Conradin: Security becomes mo-

Nick Prescot, ZeroDayLab: Existing consul-

Michael A. Goedeker, Auxilium Cyber Se- Elizabeth Houser, Praesidio: Absolutely.

Dennis Chow, Millar, Inc: Yes, even with

Francisco Amato, Infobyte: I personally Przemek (Shem) Radzikowski, Secbüro

Anthony Di Bello, Guidance Software: The

Amit Serper, Cybereason: Yes, but will be

Wade Lovell, Simpatic: Yes, while the ta-

Nick Prescot, ZeroDayLab: It depends

Amit Serper, Cybereason: Having to find

Przemek (Shem) Radzikowski, Secbüro

Anthony Di Bello, Guidance Software: A Dotan Bar Noy, Re-Sec Technologies:

Elizabeth Houser, Praesidio: The realities

Michael A. Goedeker, Auxilium Cyber Se- Przemek (Shem) Radzikowski, Secbüro

Kris Rides, Tiro Security: It will still be

Stephan Conradin: They must open their

Dennis Chow, Millar, Inc Short: The pro-

Wade Johansen, CouriTech LLC: Employ-

Kris Rides Elizabeth Houser

He has a wide experience in the

Roberto Langdon, Nicolas Orlandini,

Ondrej Krehel, LIFARS: It’ll be more impor-

Andrew Bagrin, My Digital Shield: Just ad-

Przemek (Shem) Radzikowski, Secbüro

David Clarke, VCiso: Education needs to

Julie Herold, Kenny Herold, Odin’s Eye:

Amber Schroader, Paraben Corporation: Paul Hoffman, Logical Operations: Certifi-

Ondrej Krehel, LIFARS: I think work expe-

Przemek (Shem) Radzikowski, Secbüro

Mitchell Bezzina, Guidance Software: Yes,

BroadTech Security Team: In information

Wade Johansen, CouriTech LLC: Yes, this is

Ondrej Krehel, LIFARS: I think so, but

BroadTech Security Team: Yes, especially

Mitchell Bezzina, Guidance Software: Yes,

Nick Prescot, ZeroDayLab: Not really.

Julie Herold, Kenny Herold, Odin’s Eye:

Einaras Gravrock, Cujo: IoT. It’s going to

David Coallier, Barricade: Whilst ransom-

BroadTech Security Team: Threats in the Roberto Langdon, Nicolas Orlandini,

Kenneth C. Citarella, Guidepost Solutions: