Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Section Questions
6 Top 2015 events What were the most important things that happened this year?
40 Threats What threats that emerged in 2015 will remain relevant in the next year?
Which threat group will see the biggest growth in 2016?
Can you see any old and forgotten threat coming back in the next year?
Will threat landscape be affected by international efforts to combat terrorism?
Will cyber security in healthcare remain a relevant topic?
Will security in automotive industry keep on causing trouble?
www.hakin9.org www.eforensicsmag.com
t
Page
able of contents
Section Questions
100 Areas of security What are your predictions for network security in 2016?
What are your predictions for software security in 2016?
What are your predictions for hardware security in 2016?
What are your predictions for cloud security in 2016?
109 Industry Will 2016 belong to start-ups or big cyber security corporations?
Will cyber security events remain an important part of influencing the deve-
lopment of cyber community and companies?
Will we see more state-level cooperation in 2016?
In which industry will we observe the biggest demand for cyber security services?
What do you think will change in the cyber security market in your country?
122 Cyber security awareness Will the cyber community influence the level of cyber security awareness?
How can we work towards improving cyber security awareness in 2016?
What obstacle in awareness will remain unsolved?
What role will awareness play in corporate cyber security?
140 Advice What advice would you give to fellow cybersecurity professionals going into 2016?
www.hakin9.org www.eforensicsmag.com
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Wade Johansen, CouriTech LLC: C&C Botnets go public - DorkBot and the like have become a business mod-
el; they cost only $50 to buy in • The Anthem and EBay hacks - along with Target, Home Depot, JP Morgan,
etc. • The implementation of private peer-to-peer social networking clouds with unbreakable encryption •
TOR has 5% or more of the exit nodes hacked and infiltrated by the NSA • VTechs hack - stealing children’s
identities. C`mon ? This will have consequences we can’t even measure yet.
Amit Serper, Cybereason: We’ve been seeing massive data breaches pretty consistently for the past few
years, so really, 2015 was just more of the same. However, if I had to pick specific breaches that stand out,
the ones that come to mind are, first and foremost, the Hacking Team breach • Aside from the irony of a
“surveillance” company getting hacked (and learning how lax their own internal security was), the fact that
State-of-the-Art hacking tools and several Zero Day attacks were released into the wild have and will con-
tinue to have long term consequences. One of the Zero Days effectively killed Flash, and of course, having
all these resources available for consumption lowered the (technical) skills bar for potential cyber criminals
to enter into the game • Next comes the Ashley Madison hack - aside from it being one of the highest pro-
file ransomware attacks, it shows the impact that a data breach can have on people's lives - suicides oc-
curred, jobs were lost, families and reputations were ruined. Most companies approach cyber security
from a cost-benefit perspective - is it cheaper to fix the security problem or deal with the fallout from it? In
this case, how do you quantify the damage done to Ashley Madison customers? Is that something you can
even attach a number to?
Mark Bennet, Blustor: The U.S. Office of Personnel Management (OPM) lost nearly 5.6 million fingerprint
records in a cyber security attack in 2015. While this event went largely unnoticed by the general public, it
highlighted the tremendous risks associated with biometric security when an individual’s biometric tem-
plates are not properly protected. For the unfortunate employees impacted by this incident, they can nev-
er replace their fingerprints • Just recently reaching the awareness of the mainstream media, hospitals and
medical device manufacturers are being shown to be woefully unprepared. A recent article in Bloomberg
Business, entitled “It’s Way Too Easy to Hack the Hospital”, is one of many articles emerging in recent
months that tells a rather bleak and frightening story related to the vulnerability of medical devices to re-
mote hacking. It is clear that there is a high potential for catastrophic incidences that are likely to result in
serious injury as well as large scale identity theft.
Paul Shomo, Guidance Software: RATs Ran Rampant: (Remote Access Trojans) evolved and proliferated to
the point that they were seen in forensic investigations of some of the most high-profile hacks of the year,
including the Office of Personnel Management (OPM).
www.hakin9.org www.eforensicsmag.com
-6-
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Leon Kuperman, Zenedge: 2015 RSA Conference where we introduced ZENEDGE to the world •
www.newbingobilly.ag - longest running DDOS campaign that we are aware of, lasting for almost one year;
the attacker has failed at bringing down the site but continues to try on almost a daily basis • ZENEDGE in-
troduces RapidBGP, which allows for sub 60-second DDOS mitigation in the cloud for network protection •
ZENEDGE launches Toronto Mitigation center, the first large scale mitigation center in Canada for customer
adoption • Complex multi-vector attack by Armada Collective, hitting many companies with DDoS for ran-
som Bitcoin. Our customer was hit with seven attacks in a one day period in Q4, key shopping season in-
cluding: Chargen, UDP Flood, SSDP Amplification, NTP Amplification and Layer 7 application attacks. We
have now seen Armada Collective on five separate occasions.
Shay Zandani, Cytegic: The OPM breach – because of the consequences to its management and the fact
that it was a direct and public hit on a government entity • Anthem Breach (alongside Premera and Blue-
Cross Blue-Shield) – because of the scale of the attack and how it emphasized the forecasted trend of PII
and medical data theft • Ashley Madison Breach – because it is perhaps the most significant internal
breach since Snowden – it emphasized the importance of the internal threat • The “Cyber-War” between
Iran and Saudi-Arabia over Yemen – because it showed very clearly the correlation between physical wars
and cyber wars, and the mobilization of hackers to support their governments • The US Military Kills the
ISIS Hacker and Recruiter that Attacked Them – because it emphasized the fact that cyber-warriors are val-
id targets for physical attacks and that they are an integral part of the war.
Mitchell Bezzina, Guidance Software: The Human Perimeter Remained Too Permeable: Human error opens
more doors to hackers than technical shortcomings. Whether clicking on a phishing email, failing to install
security patches on a regular basis, or leaving a laptop with patient healthcare records in a place where it
can be easily stolen, humans regularly hand over the keys to the data kingdom—or leave them lying
around where they can be readily obtained • Following suit is Australia, releasing a draft of the Privacy
Amendment (Notification of Serious Data Breaches) Bill 2015 in December that affects any domestic or for-
eign organization that deals directly with Australian consumers
Richard De Vere, The AntiSocial Engineer: The TalkTalk Breach! (and discovering it) helped place cyber se-
curity on the radar for the average person. Infosec left the boardrooms and had free reign of the TV • Old
issues making a comeback - Crossdomain Abuse, SQLi • BSIDES in London was my favourite event/con •
Software - The release of Kali 2.0 hasn’t changed the world but it’s nice to see the GUI updates • SE-
TOOLKIT - Mr Robot Edition (In fact, Mr Robot was the highlight of my year).
www.hakin9.org www.eforensicsmag.com
-7-
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Irfan Shakeel, EH Academy: Helped more Nick Prescot, ZeroDayLab: Talk Talk breach –
than 3000 people to become effective com- an obvious choice, but perhaps more than
puter forensics examiners; training, certifica- any other • Safe Harbour re-alignment • EU
tion and relationship with the industry have General Data Protection Regulation • Ashley
been provided to them. Madison (mainly for the impact) • Sony Pic-
tures.
www.hakin9.org www.eforensicsmag.com
-8-
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Roberto Langdon, Nicolas Orlandini, KPMG: As part of our Security Services to customers, we were dealing
with networks with unappropriated protection, the Internet of Things is leaving really black holes in the
information management and information gathering, people working so far from the existing standards
such as ISO 27001 and ISO 27002 mainly, and the lack of security awareness implemented as a continuous
process inside the organizations. Most of them are still reactive instead of being preventive. And most of
them know nothing about ISO 270037 • Technology considerably helped the business and mainly the users
interacting with it, and as one of the key issues is privacy, it is almost more frequent to find ethics codes
violation and frauds carried out by people who understand that the digital equipment that they use can
“protect” them against these types of investigations. Neither workstations nor smartphones are outside
the scope of investigations, and they have key valuable information. • Increase in amount and depth of
data breaches • Dark web, Mobile forensic, data encryption and IoT as challenges for forensic teams •
Cloud data collections • Black-Hat 2015 Las Vegas • Lack of Cyber Security/Cyber Forensic Investigators
personnel.
Craig McDonald, MailGuard: Anthem. In March, this health insurance company suffered an attack that
compromised 78.8 million customers’ records from December 2014 onwards. Data affected: names, dates
of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employ-
ment information, including income data. The data was not encrypted, according to reports • Although
smaller than the Anthem attack, the attack on 21.5 million records in the database of the US Office of Per-
sonnel Management (OPM) is significant because of the type of data accessed – personal information,
background checks, names and addresses and a million fingerprints of US Government employees. It is be-
lieved that Chinese hackers were responsible • UK telecom company, TalkTalk, suffered an attack that com-
promised four million records, estimated to be the seventh largest attack (to September 2015), apparently
through a third party call centre in India • Australian Bureau of Meteorology breach reported publicly in
December this year. There is no clear picture yet how much the breach will cost to fix or how long it will
take – but insiders estimate years and hundreds of millions of dollars. And the critical nature of the bu-
reau's services means its systems cannot be switched off for repair.
Michael A. Goedeker, Auxilium Cyber Security: OPM Breach • DEASH (ISIL-whatever) using social media for
targeting soldiers • Ukraine Hacks (our story on the „Fire Sale” hack) • The fight for balancing surveillance
and privacy • The Beginning of IoT as mainstream (and additional security holes and lack of it) • Increasing
vulnerabilities and attacks on global and national critical infrastructure
www.hakin9.org www.eforensicsmag.com
-9-
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Rick Blaisdell: Kaspersky Lab revealed in June that it had discovered an infiltration in several of its internal
systems. The attack, also named Duqu 2.0, was believed to be a nation-state-sponsored attack, whose oth-
er victims included events and venues with links to world power meetings, including negotiations for an
Iran nuclear deal. The Moscow-based security vendor said the compromise included information on the
company's newest technologies, such as Kaspersky’s Secure Operating System, Kaspersky Fraud Preven-
tion, Kaspersky Security Network and Anti-APT solutions and services • LastPass got hacked - LastPass is a
very well known provider of cloud-based single sign-on and password manager. Enterprise administrators
around the globe use it to manage and secure passwords across their infrastructure. However, in June,
LastPass CEO Joe Siegrist admitted in a blog post that a network compromise resulted in the theft of cus-
tomer email addresses and password reminders. Even though the passwords were encrypted, and there
was no evidence of customer data being exposed, LastPass required all customers to change their master
passwords the next time they logged in • Pentagon failed to offer small firms cyber security resources - The
US Department of Defense (DOD)’s Office of Small Business Programs (OSBP) has failed to offer cyber secu-
rity options to protect the companies it does business with, according to a report from the US Government
Accountability Office (GAO). Small businesses, including those that conduct business with DOD, are vulner-
able to cyber threats and may have fewer resources, such as robust cyber security systems, than larger
businesses to counter cyber threats • The breach at Harvard University, following in the footsteps of eight
other education breaches this year, highlighted growing security concerns around the higher-education
market. The breach affected as many as eight schools and administrative offices, though it remains unclear
what information was accessed by the hackers • When it comes to the health-care industry, health insurer
Anthem revealed a breach in February that exposed an astonishing 80 million patient and employee rec-
ords. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have
exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email
addresses, employment information, income data and more. It said it did not believe banking information
was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by
hackers.
Kenneth C. Citarella, Guidepost Solutions: In no particular order, we cite these as the most significant cyber
security events in 2015: The Office of Personnel Management intrusion • Cyber security talks between the
U.S. and China, including China’s arrest of several men alleged to have intruded into U.S.-based systems at
the request of the U.S. government • The Third Circuit Court of Appeals upholding the authority of the Fed-
eral Trade Commission to sue over cyber security failures under its consumer protection powers. A compa-
ny may be engaged in an unfair trade practice if it does not live up to its cyber security promises • The be-
ginning of regulatory efforts to mandate cyber security standards in certain industries • Known weaknesses
and poor security habits continue to be major attack vectors.
www.hakin9.org www.eforensicsmag.com
- 10 -
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Anthony Di Bello, Guidance Software: Breaches Abounded: Almost 90 million healthcare records were
breached causing $272 million worth of losses to leading United States healthcare organizations. The les-
son learned is that healthcare records are extremely valuable to cybercriminals • Emergence of Endpoint
Detection and Response (EDR) security technology category — while technologies focused on providing
security visibility and incident response capabilities for endpoint have existed for some time, 2015 marked
a critical mass in both the need for and emergence of several start-up technologies focused on these capa-
bilities. These vendors span established EDR players, such as Guidance Software, legacy security vendors
coming into the space through acquisition, such as Palo Alto, and start up technologies, such as Cylance.
These offerings fill a critical gap at the endpoint left by older technologies, such as anti-virus and host-
based IPS • Data Notification Requirements – The US Government began the first steps in creating one Fed-
eral breach notification law with the Data Security and Breach Notification Act of 2015 which received both
public backing and some initial opposition. The US is not alone, the EU Council found common ground with
Members of the European Parliament and put an end to fragmented requirements for minimum security
measures and breach notification requirements across critical service organizations in resources, transport,
finance, and health. This comes after the heavily publicized advancements in the EU General Data Protec-
tion Regulation to enhance data protection rights of EU consumers for any organization, worldwide, storing
personal data.
David Coallier, Barricade: VTech's data leak • Ashley Madison's data leak • The iCloud leak • The rise of the
internet of things and the internet of vulnerabilities • Ransomware and boot kits.
There were plenty more very important leaks, during this last year. What we find interesting is most of the
attacks fall into common categories, such as people still using insecure passwords and executives that do
not understand the current technological landscape.
The rise of ransomware and their exponential growth is interesting as it allows us to witness the evolution
of computer viruses and criminal groups in near real-time. A new player in town, the boot kit, is promising
an interesting turn of events for 2016 • Meanwhile, the Internet of Things is left very vulnerable because
efficiency and simplicity of use took priority over security, leaving a lot of early and late majority of the tech
adopters at risk. The so-called advanced persistent threat is still the industry's poster child and as state-
sponsored attacks and cyber-espionage grows, we'll probably keep hearing a lot about APT in the next year
alongside it's lack of security workforce.
www.hakin9.org www.eforensicsmag.com
- 11 -
C YBERSECURITY
2015 TOP EVENTS
What were the most important things
that happened this year?
Wade Lovell, Simpatic: Revenge Porn – Hunter Moore “who operated the Internet’s best-known ‘revenge
porn’ website was sentenced to 30 months in federal prison for hiring another man to hack into e-mail ac-
counts to steal nude photos that were later posted on his website.” This seems a little like sentencing Al
Capone on tax evasion charges, satisfying but incomplete link • Angler is an extremely capable and readily
available exploit kit used by criminals to run choice cuts of the latest Flash, Java, and browser exploits tar-
geting un-patched users. Hackers add exploit kit to article asking 'Is cyber crime out of control? “Hackers
have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the
machines of exposed readers. The attack firmly answers the article's headline, positing the question 'is cy-
bercrime out of control', based on arguments in a book by one Misha Glenny.” link • VTech Breach – ac-
counts of 2.9 million kids hacked. This is the type of hack no one seems to talk about because it doesn’t
directly involve credit card and social security numbers • Georgia’s Secretary of State released confidential
information to a dozen entities on 6 million Georgia voters, including driver’s license information, Social
Security numbers and dates of birth, and didn’t notify anyone, according to a lawsuit. “The Georgia Secre-
tary of State, Brian Kemp’s office is being sued by two Georgia women who claim that the Secretary's office
released personal information that involves 6 million Georgia voters. Mr. Kemp’s office has communicated
that … due to what they are calling a "clerical" error, individual voters personal information was included in
these files… According to the lawsuit, Mr. Kemp’s office never notified individuals regarding the breach,
nor did they contact the consumer reporting agencies.” link • Organized Criminal Hackers stealing $1 billion
directly from banks. “… a gang of international hackers have stolen as much as $1 billion from 100 banks
across 30 countries by installing malware that allowed them to take control of the banks' internal opera-
tions link.
Gerald Peng, Mocato: Anonymous taking down ISIS social media profiles, November - December 2015 •
Ashley Madison hack, July - August 2015 • In June 2015, US Office of Personnel Management (OPM) discov-
ered that the background investigation records of current, former, and prospective Federal employees and
contractors had been stolen. OPM and the interagency incident response team have concluded with high
confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individu-
als, was stolen from the background investigation databases • Stagefright Bug (all versions) for Android
phones, July 2015 • International Conference on Cybersecurity, January 5 - 8, 2015, New York City, NY,
United States.
www.hakin9.org www.eforensicsmag.com
- 12 -
W HO IS
WHO
Amit Serper Michael A. Goedeker
Cybereason Lead Mac OS X security Auxilium Cyber Security
researcher CEO and Founder
Irfan Shakeel
EH Academy
CEO and Founder
www.hakin9.org www.eforensicsmag.com
- 13 -
R ECRUITMENT
What will change in the talent pool?
Richard De Vere,The AntiSocial Engineer: Kris Rides, Tiro Security: I think we will see
As more and more people fill the shortage larger companies moving internally / hi-
we have across the world for well trained ring people in alternative IT positions and
and experienced security vendors and cross training them into Security. So
testers, we will start to see the number of expect to see hiring of Infrastructure and
inexperienced testers rise. Development staff to increase further.
www.hakin9.org www.eforensicsmag.com
- 14 -
R ECRUITMENT
What will change in the talent pool?
Rick Blaisdell: The increasing volume and Roberto Langdon, Nicolas Orlandini,
detail of information captured by enter- KPMG: There is a shortage of professio-
prises, the rise of multimedia, social me- nals who can meet the specific require-
dia, and the Internet of Things will fuel ments to be an investigator. This will
exponential growth in data for the forese- require professional knowledge about
eable future. At the same time, the rising networking, security, IT infrastructure,
demand for data scientists and the resul- plus “life” experience. And all of the
ting pressure on the analytics labor mar- above, under strictest ethical codes and
ket is increasing the need for analytics confidentiality. A forensic investigator
talent as more companies with more data must be hungry for investigation.
to sift through discover they are trying to In order to build qualified professionals, it
hire the same workers. is required to make more disclosures and
training courses to motivate the IT securi-
ty professionals to enter in this amazing
world.
Mayur Agnihotri: Talent pool constrained
on cyber security recruitment as cyber
security (Information Security) budgets
expand rapidly. “Cyber security Przemek (Shem) Radzikowski, Secbüro
(Information Security) industry is facing a Labs: Given the immediate requirement
new threat: hiring” - Worldwide situation. for cyber security professionals, many
Company faces cyber security people will try to reskill and transfer from
(information security) talent costs more their existing professions to fill the gap.
than other IT positions.
www.hakin9.org www.eforensicsmag.com
- 15 -
R ECRUITMENT
What will change in the talent pool?
Paul Hoffman, Logical Operations: As bre- Paul Shomo, Guidance Software: Talent
aches get more serious, companies will availability will increase, but be outwe-
start to pay more for skilled people. ighed by demand. Closely related careers,
like computer forensic examiners and ne-
twork specialists, will seek opportunities
in Security as methodology, concepts and
Wade Lovell, Simpatic: Some undergradu- practices are closely related, however,
ate programs have picked up the baton they will require in-depth training and
and are offering an emphasis in cyber se- time to gather experience. We’ve seen
curity. As students matriculate from these this in other high velocity emerging mar-
programs, the talent pool will increase at kets and cyber security is still three to six
a pace slightly ahead of the churn rate. years away from having a “normal” ratio
of availability vs demand.
David Clarke, VCiso: Audit will take a hi- BroadTech Security Team: More people
gher priority as more and more cyber se- are going to go after certification rather
rvices are outsourced. than acquiring necessary knowledge and
skill in hyped up technologies, especially.
www.hakin9.org www.eforensicsmag.com
- 16 -
R ECRUITMENT
What will change in the talent pool?
www.hakin9.org www.eforensicsmag.com
- 17 -
R ECRUITMENT
Will talent shortage in the industry
continue to grow?
Richard De Vere,The AntiSocial Engineer: I Kris Rides, Tiro Security: I think we will see
think for the foreseeable future we will an increase in requirements and if the
not meet the demand for information se- industry doesn’t make changes to how it
curity professionals. The need for these is currently recruiting, then the shortage
testers is clearly documented with global will grow.
rises in cyber crime but we have been
slow with training, especially in youth sec-
tors.
Wade Johansen, CouriTech LLC : Yes! Re-
cruitment is starting early because there
aren’t enough coders to go around, so
Irfan Shakeel, EH Academy: The shortage schools that offer it are seeing benefits for
of skillful people will increase, because their students.Unfortunately, there is a
the community failed to produce skillful shortage of strong teachers, so this is cau-
professionals. Organizations are lacking in sing a shortage of classes, and students.
terms of training & development pro- This is the case with a lot of technology
grams. It will have a direct impact on se- fields and not just coding.
curity; we will witness the rise of hacking
attacks.
www.hakin9.org www.eforensicsmag.com
- 18 -
R ECRUITMENT
Will talent shortage in the industry
continue to grow?
www.hakin9.org www.eforensicsmag.com
- 19 -
R ECRUITMENT
Will talent shortage in the industry
continue to grow?
Andrew Bagrin, My Digital Shield: Great Stephan Conradin: Of course. More com-
talent shortage will, but we will see a plexity, more needs, fewer people with
bunch of new people in the industry. The- wide knowledge.
re are schools now trying to get people in
the industry.
www.hakin9.org www.eforensicsmag.com
- 20 -
R ECRUITMENT
Will talent shortage in the industry
continue to grow?
www.hakin9.org www.eforensicsmag.com
- 21 -
R ECRUITMENT
What new challenges will recruiters
have to face in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Kris Rides, Tiro Security: Larger companies
curity: Becoming more knowledgeable in will look to hire more niche candidates as
what makes a successful „cyber” security they break down their teams into further
person. Understanding exactly what the specialties. This will mean your average
value of certs and experience is. Paying generalist IT agency will find it tougher to
the right money for demanded positions fill these people as they will need to be
instead of pushing them down. focused 100% in this area to build rela-
tionships. Medium sized businesses will
continue to have to a lot of competition
with companies for their Security peo-
Richard De Vere, The AntiSocial Engineer: ple. They will need to show the kind of
I think sorting the good from the bad will flexibility on job requirements and bene-
be harder than ever over the next year. fits to really differentiate themselves and
Recruiters have to step up their game and allow recruiters to fill their most urgent
rely more on personal bonds and careful requirements. Recruitment companies
research of their candidates and not just will find it even tougher to supply contrac-
point and click recruiting. tors in Cyber Security. High permanent
salaries and the kind of benefits these
people will be offered, matched with (at
least in the US) the high cost of healthcare
Irfan Shakeel, EH Academy: The recruiters mean the benefits of being a contractor
will get confused because of the formal will no longer be worth the risk.
education, infosec certifications without
any central governance body and the
skills. The recruiters have to develop a
methodology to capture the right candi- Wade Johansen, CouriTech LLC: There is a
date based on the skills, rather than a pie- large pool of jobs and many of them just
ce of paper. don’t pay enough, particularly the
Government sectors. There are not
enough highly skilled workers to meet the
demand and private industry pays far
Dennis Chow, Millar, Inc Short: Being able better. Unfortunately, having a good be-
to distinguish ‘paper certified’ professio- nefits plan isn’t enough now - workers
nals compared to ones with true hands-on want work at home VPN options, higher
experience that happen to have those salaries and employers that provide ongo-
same certifications. ing training benefits and perks.
www.hakin9.org www.eforensicsmag.com
- 22 -
R ECRUITMENT
What new challenges will recruiters
have to face in 2016?
Chase Cunningham, Cynja: The continued Ondrej Krehel, LIFARS: They will have to
lack of talent will increase the demand for deal with larger pools of applicants and
real cyber operators and the starting sala- finding talent among them.
ries for those individuals will continue to
rise. The men and women who are co-
ming out of the military and intelligence
communities will have their pick of priva- Stephan Conradin: First; they should see
te sector jobs and roles and recruiters will and understand this growing complexity.
have to outbid each other to win those Second: they have to reintroduce good
candidates. sense when finding talent, not only check
for some words in CV.
www.hakin9.org www.eforensicsmag.com
- 23 -
R ECRUITMENT
What new challenges will recruiters
have to face in 2016?
www.hakin9.org www.eforensicsmag.com
- 24 -
R ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
www.hakin9.org www.eforensicsmag.com
- 25 -
R ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
Andrew Bagrin, My Digital Shield: How to Dotan Bar Noy, Re-Sec Technologies: For
defend against the new threats, how to the next few years not much. They need
simplify and at the same time reduce cost. to keep up-to-date with industry deve-
We can’t continuously keep spending mo- lopment and solutions.
re and more money on security.
Julie Herold, Kenny Herold, Odin’s Eye: Paul Hoffman, Logical Operations: It is not
Eventually a shortage of jobs and decli- new, but on-going; it is defending against
ning wages; cookie cutter vulnerability those things that you don’t know. Redu-
assessments and penetration testing cing risk and exposure in areas that are
(which really isn’t penetration testing). unknown. Hackers are constantly looking
We refer to it as hitting the big green “go” for new ways to breach security and com-
button with automated web application panies are just trying to patch those
or vulnerability scanning tools and remo- known areas.
ving false positives and calling it a pene-
tration test. As a result of this stance
from most IT Security companies, there
will be a lack of opportunities to grow in Wade Lovell, Simpatic: Entrants will likely
this space with breadth and depth of find themselves in the security silo witho-
knowledge and offering additional value ut many non-entrepreneurial opportuni-
to engagements. ties to move to other parts of engineering
and development.
www.hakin9.org www.eforensicsmag.com
- 26 -
R ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
Nick Prescot, ZeroDayLab: The balance of Mitchell Bezzina, Guidance Software: Pro-
qualifications vs. experience. There are ving their skillset can easily transition into
many consultants who are experienced cybersecurity would be the main challen-
but don’t have the level of qualifications ge. For those in developing careers, there
and others who are well qualified but will be a steep learning curve which may
don’t have the experience. involve odd hours and be prepared to
“roll up the sleeves”, as with growing in-
dustries, managers rarely manage people
but must also take on work tasks and as-
David Clarke, VCiso: A Cyber Role is a jour- sist in day-to-day activities.
ney and the role has to match where the
client is their cyber maturity and position
it no longer a “finger in the leaking dyke”.
www.hakin9.org www.eforensicsmag.com
- 27 -
W HO IS
WHO
www.hakin9.org www.eforensicsmag.com
- 28 -
T RAINING
What role will formal education play in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Wade Lovell, Simpatic: As the industry
curity: It always plays an important role in matures, degrees and certifications will
research based jobs. Teaches how to do play more of a role. This is a mistake.
research and work within specific require- Having held a number of certifications
ments and times. Certification will never myself, including the CFE (Certified Fraud
replace a degree (IMHO). A degree is also Examiner), I have little respect for their
not everything either. ability to help practitioners stay up to date
and see them more as a gate preventing
some experts, especially young ones wi-
thout corporate CPE and dues sponsors-
Irfan Shakeel, EH Academy: Formal educa- hip, from appearing as competent as so-
tion should play an effective role and we me of the corporate dinosaurs.
need to make little tweaks in the formal
education. But, the formal education wi-
thout the required amendments will not
play any notable role.
Chase Cunningham, Cynja: The more edu-
cation that cyber operations personnel
can attain before they go looking for
work, the higher initial salary they can
Elizabeth Houser, Praesidio: Formal edu- garner. Thanks to increased specialized
cation will continue to be sought after but training in the military and intelligence
the availability of online (especially free) communities, the need for actual degrees
training resources will increasingly aug- is not completely necessary. However,
ment the education of individuals at all surveys show that the gap in starting pay
skill levels. for those with advanced degrees is much
greater, by up to 40%, compared to those
with similar cyber skills but no formal edu-
cation. In short—it pays to go to school.
www.hakin9.org www.eforensicsmag.com
- 29 -
T RAINING
What role will formal education play in 2016?
Dennis Chow, Millar, Inc Short: There will Stephan Conradin: Crucial, more educa-
be an increase in positions requiring an tion for more ability to work with com-
undergraduate degree to even apply. Ho- plexity.
wever, I do not believe there will be a lar-
ge increase in requirements for ‘security’
specific degrees. Certification need will
also increase, as well, that teaches hands- Paul Hoffman, Logical Operations: Formal
on skills rather than conceptual only. education will have to step up in some
capacity and in 2016 you will see some do
just that. But it will take time. Those in-
stitutions do not move very fast.
Amber Schroader, Paraben Corporation:
We have seen a change in a need for a
base training and understanding of the
principles associated with examination Rajeev Chauhan: There can be no substi-
that comes through formal education. tute for formal education, the formal
However, we see a deficiency when it co- education provides the base for future.
mes to the ethics that are required to be However, exceptions can not be ruled out.
able to function in the field when it comes
to formal training.
www.hakin9.org www.eforensicsmag.com
- 30 -
T RAINING
What role will formal education play in 2016?
www.hakin9.org www.eforensicsmag.com
- 31 -
T RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: For now,
curity: They are important but experience yes! Because most college degrees don’t
is more important. Certs don’t guarantee prove skills in the field, or because the
success but combined with experience requirements of the degree may use
through using taught concepts in projects outdated resources, there is a tendency
is an indicator. now to look for certified professionals
such as VCP, CCNA, MCSA, C|EH, etc.,
which shows the skills are currently re-
levant to an architecture or model.
Rick Blaisdell: Yes, that’s for sure. The
2015 CompTIA study HR Perceptions of IT
Training and Certification revealed that:
65 percent of employers use IT certifica- Przemek (Shem) Radzikowski, Secbüro
tions to differentiate between equally qu- Labs: I’ve met many highly-certified peo-
alified candidates • 72 percent of employ- ple who have turned out to know very
ers use IT certifications as a requirement little. All too frequently, certifications
for certain job roles • 60 percent of orga- only test knowledge but not the candida-
nizations often use IT certifications to con- te’s ability to apply the concepts in real
firm a candidate's subject matter world situations.
knowledge or expertise • 66 percent of
employers consider IT certifications to be
very valuable - a dramatic increase from
the 30 percent in 2011. Dennis Chow, Millar, Inc: Yes, certifica-
tions will complement and evolve to help
maintain the attestation of a certain level
of skill. However, we will see more inte-
Dotan Bar Noy, Re-Sec Technologies: Cer- rviews and other candidate requirements
tification plays an important role ensuring to prove hands-on experience through
your team is up to speed with new solu- ‘practical’ assignments.
tions and encounters other professional
to share ideas and feedbacks on the diffe-
rent solutions.
David Clarke, VCiso: The idea that a five
day training course means we have cyber
skills, anymore than learning to drive from
Rajeev Chauhan: To some extent, certifi- multimedia training course is valid, we
cations are benchmarks for judging capa- need the equivalent of medical interns,
bilities, but there is no substitution for Barristers Pupilage.
hands on skills.
www.hakin9.org www.eforensicsmag.com
- 32 -
T RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
www.hakin9.org www.eforensicsmag.com
- 33 -
T RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Chase Cunningham, Cynja: New certifications, like those from ISACA’s CSX program, will start to slowly re-
place some of the “cookie-cutter” certifications that have typically garnered more interest. Recruiters are
hiring personnel and senior managers with active performance based certifications at a higher rate than
before. The old paradigm of studying for a certification and passing it will start to go away. If one can’t actu-
ally conduct the task then they won’t get certified. Another way to put it, people prefer doctors who have
practiced their medical skills on patients rather than simply reading books and passing exams. The same is
true in cybersecurity.
Julie Herold, Kenny Herold, Odin’s Eye: We’ve always been jaded with regards to an acronym that states
you can memorize information so we feel that any answer would be biased. Your work experience and end
product should be the proof of your level of expertise as well as your ability to convince your client that A.)
You know what you are talking about and B.) You can execute at that level. For clients that rely on the cer-
tifications as a compass to navigate through the many vendors with these types of services, they do have
their place.
www.hakin9.org www.eforensicsmag.com
- 34 -
T RAINING
Will we see a more unified
standardization of education and skills?
Michael A. Goedeker, Auxilium Cyber Se- Wade Lovell, Simpatic: Yes, but it won’t be
curity: I hope so, everyone has their helpful for the reasons discussed above
„own” standard and it's very hard to judge and because graduates of the new degre-
one cert from another. However „Cyber” es in cyber security seem to be primarily
and security, in general, are very dynamic learning Java and have little time on the
which makes standardization extremely keyboard with other languages.
hard to achieve.
David Clarke, VCiso: No, unfortunately, Julie Herold, Kenny Herold, Odin’s Eye:
not for long time. We foresee, with the increase in demand,
that education will start at lower stages of
the education systems which would stan-
dardize and unify approach and delivery.
Andrew Bagrin, My Digital Shield: I doubt
it. Security changes too often because the
threats continuously change. So it will be
hard to have a standard training that will
last. Nick Prescot, ZeroDayLab: Not in 2016 but
as a growing trend over the years.
www.hakin9.org www.eforensicsmag.com
- 35 -
T RAINING
Will we see a more unified
standardization of education and skills?
www.hakin9.org www.eforensicsmag.com
- 36 -
T RAINING
Will online courses influence the level of
education in security field?
Michael A. Goedeker, Auxilium Cyber Se- Paul Hoffman, Logical Operations: To so-
curity: Online courses will grow in impor- me degree, of course.
tance as we see companies limit travel
expenses. Online training will also let peo-
ple learn at their own pace.
Ondrej Krehel, LIFARS: I believe they will
dilute the talent pool. As people who
would go remote could just learn on their
Irfan Shakeel, EH Academy: Yes, online own.
courses are the rich source to get the ba-
sic training & education. Online courses
will influence the infosec education.
Stephan Conradin: Online course are mo-
re adapted to time of life, it is easier to
find time to learn online. But presential
Wade Johansen, CouriTech LLC: They alre- courses are important to share with other
ady are. Most students I know are already professionals.
taking online courses. It opens up a world
of opportunity. You can now also get an
accredited degree completely online and
the adoption rate of this model is growing Wade Lovell, Simpatic: Only if there is a
quickly. complete change in the way course con-
tent is created, curated, and sold. For
example, Cisco or Microsoft could be in-
credibly influential in the level of educa-
Przemek (Shem) Radzikowski, Secbüro tion in the security field had they not ma-
Labs: Although I have a number of formal de education and certification profit cen-
credentials, I think online courses provide ters.
a tremendous service to the industry by
making security education easily and
cheaply obtainable to anyone who wants
it. That’s a positive. The negative aspect Andrew Bagrin, My Digital Shield: Yes it
of online courses lies with their clumsy will, but not the quality of people. The
way of proving that the student has pas- same reason as above. Security is not so-
sed the material – it still hinges on an ho- mething on its own, but security needs to
nours system. be applied in all areas. (networking, deve-
lopment, process, etc.)
www.hakin9.org www.eforensicsmag.com
- 37 -
T RAINING
Will online courses influence the level of
education in security field?
www.hakin9.org www.eforensicsmag.com
- 38 -
W HO IS
WHO
Wade Johansen
Andrew Bagrin CouriTech LL, CEO and Founder
My Digital Shield (MDS)
Founder and CEO I’ve worked in the IT industry since
1982 and have been a high level
Andrew Bagrin is the Founder and systems engineer for more than 10
Chief Executive Officer of My Digital of those years. I also taught as an
Shield (MDS), a leading provider of IT course instructor for 8 years.
Security-as-a-Service (SECaaS) for I currently hold CISSP, HCISPP,
small businesses. With more than C|EH, CHIT, WG-WCSP, CCSP but
18 years of experience in the IT se- have also held over 25 certifica-
curity industry, Andrew started tions lifetime such as MCSE, CNA,
MDS in 2013 to bring cloud-based, Server+, Net+, Sec+, SCP, SCNA and
enterprise-level security technology more. I spend much of my time
to small businesses at an affordable integrating and merging business
price. Prior to founding MDS, domains and large scale environ-
Andrew served as the Director of ments, and improving network se-
Service Provider Business Deve- curity. My specialities are Active
lopment at Fortinet, a network se- Directory migrations for healthca-
curity provider. He held the posi- re, banking, and various other in-
tion from 2008 until 2013, focusing dustry verticals.
on new security offerings as well as
gaps in the security market.
Andrew’s career in IT security be-
gan in 1997, working for several Chase Cunningham
network security consulting compa- Cynja, CTO
nies. From 2000 to 2004, he served
as the Director of Network and Se- Chase Cunningham serves as CTO
curity with Regal. and fights bad guys in cyberspace.
He began his Cynja training serving
in the U.S. Navy, where he worked
as an analyst in the Department of
Defense’s network exploitation
Rajeev Chauhan program. He lives in Texas with his
two young cyber warriors Callie
C|HFI, C|EH, BSc, BTech IT & Comn, MS Cyber Law and and Caelyn. He earned a B.S. from
Cyber Security. Cybersecurity enthusiast, Independent the American Military University,
Researcher, trainer, consultant and blogger at Cyber- and an M.S. and a Ph.D. in informa-
oxen. Loves golden oldies. tion systems security from Colora-
do Tech University.
www.hakin9.org www.eforensicsmag.com
- 39 -
T HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Leon Kuperman, Zenedge: Targeted, ad- Shay Zandani, Cytegic: Attacks to steal PII,
vanced threats focused on specific organi- medical data and sensitive information
zations (called ATP’s) – threat actors are will continue to be a major concern – not
well funded, patient and utilize a combi- only for the “usual” targets but also for
nation of techniques to infiltrate an orga- “new types” of targets, such as municipa-
nization (including physical, social engine- lities, online gaming platforms, tier-2 reta-
ering and standard network and cyber ilers, production lines, etc. • SCADA and
attacks) • Advanced botnets, using Layer 7 ICS attacks will continue to grow and be-
DDOS attacks over HTTPS (hard to mitiga- come a major threat to critical infrastruc-
te) – this trend will continue in 2016 and ture, but also for plants, production lines.
we will see the next iteration of weaponi- • Ransomware is likely to continue to
zed zombies with near-browser like capa- evolve and remain mainly a nuisance.
bilities. • IoT – Connected devices with
OS’s running on them, with vulnerabilities
exposed at an unprecedented rate. •
DDOS attacks for Bitcoin. Rajeev Chauhan: Zero-day vunerabilities,
clickjacking and ransomware.
www.hakin9.org www.eforensicsmag.com
- 40 -
T HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Mayur Agnihotri: Good Malware Never David Clarke, VCiso: Security personnel
Dies, Fidelis in a recent report as a reporting lines reporting to IT, Cyber Secu-
"reincarnation" of previous malware. Not rity is there to protect against bad things
only can Java-based JSocket control Linux, happening, surely this should report to
Mac and Windows PC systems remotely, the highest level.
but the malicious code is also able to
affect mobile devices.
Paul Shomo, Guidance Software: Malware Rick Blaisdell: Wearables - Although most
designed primarily for long term com- wearable devices store a relatively small
mand-and-control, such as Remote Access amount of personal information, weara-
Trojans (RATs), will continue to be the ble platforms could be targeted by cyber
bane of incident responders’ existence in criminals working to compromise the
2016. It’s such a simple matter to create a smartphones used to manage them. The
new version of a RAT in minutes and they industry will work to protect potential
offer the advantage of being unique and attack surfaces, such as operating system
therefore bypass signature and policy ba- kernels, networking and Wi-Fi software,
sed detection methods, relying heavily on user interfaces, memory, local files and
technologies with deep endpoint visibility. storage systems, virtual machines, web
These tools will form the cornerstone of apps, and access control and security so-
incident response and security alert triage ftware.
and validation.
www.hakin9.org www.eforensicsmag.com
- 41 -
T HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
www.hakin9.org www.eforensicsmag.com
- 42 -
T HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Craig McDonald, MailGuard: Ransomware. In 2016, inexperienced cyber criminals will jump onto the ran-
somware-as-a-service offerings, and accelerate the growth of ransomware. Anonymizing networks and pay-
ment methods will continue to fuel ransomware’s rapid growth path • Cloud services. Weak or ignored
corporate security policies make cloud services easy targets for cyber criminals. The payoffs are big -- confi-
dential business information, customer data, organizational business strategies, company portfolio strate-
gies, next-generation innovations, financials, acquisition and divestiture plans, employee data and other
data • Attacks through employee systems. When organizations do improve their security, attackers shift
their focus to their employees, especially insecure home systems, to gain access to corporate networks •
Warehouses of stolen data. Stolen personally identifiable information sets are linked together in big-data
warehouses; combined records are more valuable to cyber attackers. Watch the dark market for stolen per-
sonally identifiable information and usernames and passwords boom in the coming year • Hardwa-
re. Attacks on all types of hardware and firmware will continue. The market for tools that make them possi-
ble will expand and grow. Virtual machines could be targeted with system firmware rootkits • Weara-
bles. Most wearable devices store a small amount of personal information, but they are desirable targets
because of the smartphones used to manage them • Cars. Connected automobile systems that fail to meet
best practice security policies in areas are tempting targets. These include vehicle access system engine
control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key
systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps and smartphone access.
Julie Herold, Kenny Herold, Odin’s Eye: Gerald Peng, Mocato: Personal Informa-
Continued focus on previous assumptions tion hacking, Cyberterrorism against
of lower level security in protocol stacks; private and public entities, Cloud compu-
as the theoretical attacks are becoming ting vulnerabilities, Mobile device exploi-
more and more probable and exploitable tation, Credit card fraud via card-not-
for nation states and other organizations present (CNP) technology, Phishing, Mal-
with computational power exceeding the ware, Ransomware, Connected device
norm. Continued focus on open source hacking (e.g. medical equipment, cars),
code and taking advantage of a lack of State sponsored hacking, Mobile phone
review on said code. vulnerabilities.
Ondrej Krehel, LIFARS: Better ransomwa- Wade Lovell, Simpatic: Ransomware, Wi-
re. re Fraud, Hacking into databases and
offering customized searches on Personal-
ly Identifiable Information as one Vietna-
mese national did who had access to data
Wade Johansen, CouriTech LLC: Bot-
on 200 million U.S. Citizens.
nets & CryptoLocker.
www.hakin9.org www.eforensicsmag.com
- 43 -
T HREATS
Which threat group will see
the biggest growth in 2016?
www.hakin9.org www.eforensicsmag.com
- 44 -
T HREATS
Which threat group will see
the biggest growth in 2016?
www.hakin9.org www.eforensicsmag.com
- 45 -
T HREATS
Which threat group will see
the biggest growth in 2016?
www.hakin9.org www.eforensicsmag.com
- 46 -
T HREATS
Can you see any old and forgotten
threat coming back in the next year?
Michael A. Goedeker, Auxilium Cyber Se- Stephan Conradin: We have cloud, IoT,
curity: Always, many attacks come back BYOD questions and people are thinking
after people forget them, or they are re- the virus front is safe now, but they are
purposed and updated. still there, more and more polymorphics
and hard to detect.
www.hakin9.org www.eforensicsmag.com
- 47 -
T HREATS
Can you see any old and forgotten
threat coming back in the next year?
www.hakin9.org www.eforensicsmag.com
- 48 -
T HREATS
Can you see any old and forgotten
threat coming back in the next year?
www.hakin9.org www.eforensicsmag.com
- 49 -
T HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Mark Bennet, Blustor: The debate betwe- Nick Prescot, ZeroDayLab: Governmental
en the need for intelligence agencies to supervision via traffic analysis, etc., has
decrypt data being communicated betwe- become more prevalent in the public eye,
en potential terrorists and the public’s and – as with recent proposed surveillan-
right to privacy will continue to rage. ce legislation – may only continue to fur-
Overreaching government agencies have ther public perception of ‘state snooping’
abused their ability to collect data on citi- of their online activities. As such, encryp-
zens with little oversight by legislatures or ted / obfuscated networks such as The
the judiciary. Restricting the transfer or Onion Router (TOR) may be utilised more
development of encryption technology by the general public who may not know
will have little impact on a terrorist orga- the ramifications of using such tools, ma-
nization to illegally obtain those capabili- king them vulnerable to malware attacks
ties but it will significantly restrict the abi- and vulnerabilities as yet unknown to si-
lity of law abiding citizens to protect their gnature-based anti-virus systems (i.e.
own privacy. The proposed “backdoors” OnionDuke).
that some officials are calling for to enable
intelligence agencies to covertly access
encrypted communications will also make
those same devices vulnerable to hackers. Dotan Bar Noy, Re-Sec Technologies: Cy-
There is no such thing as a “backdoor” ber terrorism becomes the new frontier
that only the good guys can use. and terror organizations. The growing im-
pact of cyber space on recruitment and
public opinion will mean that much of the
war against terrorism will take place in
Einaras Gravrock, Cujo: Yes. I think the cyber space.
governments all over the world have ma-
de cyber security among their top priori-
ties. Their funding has trickled down to
the private sector. This sort of positive Leon Kuperman, Zenedge: Yes, terrorists
attention from the government will fuel will use all means possible to achieve their
the private sector. objectives, including cyber-security vulne-
rabilities. Right now, terrorists are focused
on physical targets for the most part,
using technology as an enabler. In 2016
Stephan Conradin: I think the war is alrea- and forward, targets will include cyber-
dy here and due to our growing cyber- assets as the primary goal of terrorist
dependencies, it is clear cyberterrorism is campaigns.
a good weapon.
www.hakin9.org www.eforensicsmag.com
- 50 -
T HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Craig McDonald, MailGuard: Although Ondrej Krehel, LIFARS: I don’t think so.
this was a hot topic two or three years Nationstates and terrorist groups make up
ago, it’s no longer attracting a lot of atten- a small minority of breaches. It’s really
tion. The internet and social media are people out for the money.
used as a recruitment tool and a weapons
development training ground. Two key
areas of cybercrime will be affected by the
war on terror: • A market for false identi- Alina Stancu, Titania: If legislation is pas-
ties • Criminals use stolen or false identi- sed in the wake of terrorist provoked tra-
ties to perpetrate frauds and establish gedies, there will be significant changes in
business structures and companies to how future threats will be delivered. It will
launder money. Identity crime is also used probably drive the criminals underground
to commit welfare, tax and other fraud and there will be more channelling
against government agencies, to gain through Virtual Private Networks, proxy
unauthorised access to sensitive informa- servers, and Tor.
tion or facilities, to conceal other criminal
activities such as drug trafficking and pro-
curing child exploitation material, and
even to facilitate the commission of terro- Michael A. Goedeker, Auxilium Cyber Se-
rist acts. • Rise of data mining • Increasing curity: Yes, they will likely increase hack-
commercialisation of data from Twitter, tivism and cyber terrorism before they
Facebook and LinkedIn for data miners for reduce them. Terrorism will show the we-
all purposes including terrorism. aknesses of How? When groups do not
work in a coordinated way, they will be
disorganized and this disorganization
could be used to hack certain countries. In
David Clarke, VCiso: Yes it may speed up addition, we could see the dawn of a new
legislation to make IT Safe. job title Anti-Cyber Terrorism Consultant/
Analyst. Weaknesses in the way security
people are trained will show here as we
will see a need for more hacking skills in
BroadTech Security Team: The internatio- all computer security related jobs in the
nal effort to combat terrorism will be con- future. Security teams can only protect
trolled by politics, fear, greed and national what they know will be attacked and how
interests. So how the landscape will chan- it will be attacked.
ge is not predictable. More than techno-
logy, the above mentioned factors will
dominate in shaping it.
www.hakin9.org www.eforensicsmag.com
- 51 -
T HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Kenneth C. Citarella, Guidepost Solutions: Shay Zandani, Cytegic: Yes, the internatio-
Terrorist attacks and counter-terrorism nal efforts to combat terrorism and cyber-
will continue to engage in cyberspace. terrorism is equivalent to a “whack-a-
Terrorists will try hard to move past mere mole” game – with every hit, the attackers
website defacing and to create the same pop back in a different location. The
type of physical harm through compromi- efforts to control encryption and to hunt
sing systems that they attempt through down terrorists will demand innovation
kinetic attacks. We cannot assume they on the terrorist and hacker side, as we see
will lack the initiative or capabilities to these days.
attempt infrastructure intrusions, espe-
cially if they are not succeeding through
conventional efforts.
Wade Lovell, Simpatic: Yes, it will. Nation
States are becoming bigger players in cy-
bercrime, although they call it something
Andrew Bagrin, My Digital Shield: I believe else. Under “the ends justifies the means”
so. In any type of battle, resources such as argument, countries have recorded all
communications and supplies are always content, required they be allowed top
hit first to reduce the power of the ene- level certificates, etc. If countries coopera-
my. Misinformation is also a strategy. te in their data gathering and analysis,
there could be a decrease in terrorism
funding and mobility while the freedom of
Wade Johansen, CouriTech LLC: Definitely, the non-terrorists are eroded in lockstep.
the landscape evolves to new levels every
day. How? Anonymity is still a key. Terro-
rist networks no longer require social me-
dia from the typical resources to operate Roberto Langdon, Nicolas Orlandini,
efficiently, although recruitment will con- KPMG: Cyberterrorism is becoming more
tinue to happen across these mediums. equipped and informed, to help their ob-
Once an individual is involved in the social jectives be carried out, no matter where
aspect, they will be able to use a comple- or in which country it can be done. Cyber-
tely new private version of Facebook, space is the new war scenario where we
Twitter, etc., which is non-dependent on are almost in a new world war. And Fo-
the current world's social media rensic services needs to be a must to be
platforms. Independence for these covered by all the Army Forces and Securi-
platforms will evolve. ty Forces. If they are not self-sufficient,
KPMG is ready to help, worldwide.
www.hakin9.org www.eforensicsmag.com
- 52 -
T HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
www.hakin9.org www.eforensicsmag.com
- 53 -
T HREATS
Will cyber security in healthcare
remain a relevant topic?
Elizabeth Houser, Praesidio: Definitely. Dennis Chow, Millar, Inc: Yes, PHI is worth
Several high profile breaches within the more than PCI data at present on the
healthcare industry during 2015 indicate black market. Additionally, any compromi-
that the adoption of necessary tools and se or damage of patient care based sys-
practices isn’t occurring quickly enough. tems could potentially affect lives. There
is increasing evidence of terrorism linked
with cyber related crime.
www.hakin9.org www.eforensicsmag.com
- 54 -
T HREATS
Will cyber security in healthcare
remain a relevant topic?
Leon Kuperman, Zenedge: Yes – It’s a cri- Wade Johansen, CouriTech LLC: Absolute-
tical data asset that remains exposed, ly, health care is a big target since records
exploitable and monetizable (from an contain not only geographical data about
attacker’s perspective). a person, it also contains medical informa-
tion which can be used to exploit benefits
systems and ongoing retirement informa-
tion.
BroadTech Security Team: Of course! A
few hours ago I sent a mail to the CEO of a
chain of hospitals asking her if she is pre-
pared for the statistics “Cyber Attacks will Mark Bennet, Blustor: Cyber security in
compromise 1 -in -3 healthcare records the healthcare industry will not only re-
next year”. Our company will be actively main relevant but it will grow as a major
involved in spreading awareness in the concern. Due to decades of kicking the
healthcare sector and providing necessary can down the road, the healthcare infra-
consultation for them. Security should be structure is woefully unprepared to pro-
a main concern for people who write he- tect itself from well equipped hackers see-
alth care IoT operating systems, too. In- king to steal patient medical records, ran-
stead of starting from scratch, they should soming critical healthcare data, etc. The
port tested and proven operating systems, costs of addressing these vulnerabilities
like NetBSD and OpenBSD. mean that many healthcare organizations
and medical device manufacturers will be
slow to respond unless legislatures man-
date a more rapid response. Unfortunate-
ly, legislatures rarely take action until
Wade Lovell, Simpatic: As long as there AFTER a major cyber security incident for-
are trillions of dollars in healthcare and ces the issue into the mainstream aware-
big pharma and billions of dollars in tablo- ness of the voters that put them into offi-
ids, cyber security will be relevant in heal- ce.
thcare.
www.hakin9.org www.eforensicsmag.com
- 55 -
T HREATS
Will cyber security in healthcare
remain a relevant topic?
Einaras Gravrock, Cujo: Next year and Andrew Bagrin, My Digital Shield: Yes, it
beyond, absolutely. These are two of the will for a long time. Patient records are a
most trying challenges we’re facing in our very private thing. It’s one thing to get
generation. your credit card stolen, but to steal identi-
ty or medical information is much worse.
www.hakin9.org www.eforensicsmag.com
- 56 -
T HREATS
Will cyber security in healthcare
remain a relevant topic?
Rick Blaisdell: Unfortunately, yes. In Au- Stephan Conradin: Yes. First it is very sen-
gust, the FDA and the Department of Ho- sitive for people. And with this kind of se-
meland Security advised health-care facili- curity we speak of human life, not only
ties to stop using Hospira's Symbiq infu- cash.
sion pump after learning that the device,
which administers medication to a patient
over time, is vulnerable to hackers. Mick
Coady, health information privacy and
security partner at PricewaterhouseCoo-
pers, believes that this type of cybercrime
will become more prevalent in 2016.
The newest threat for medical devices will
be “ransomware / Stuxnet” attacks, where
hackers can tap into the administrative
privilege capabilities of medical devices,
which are typically restricted to manufac-
turers or hospital administrators. We will
especially see an uptick in exploitation of
medical devices that have moved to more
modern types of interconnectivity with
mobile devices.
www.hakin9.org www.eforensicsmag.com
- 57 -
T HREATS
Will security in automotive industry
keep on causing trouble?
Wade Johansen, CouriTech LLC: Cars don’t Gerald Peng, Mocato: Yes. As cars beco-
drive themselves… wait they actually do me increasingly programmable, IP-
now! By using peer to peer traffic infor- shareable and automated, the possibility
mation for apps like Waze, you’ll have of hacking a vehicle will erode consumer
hackers that will take advantage. Also, as confidence if the auto manufacturers do
cars begin to develop capabilities to obse- not address this issue head on.
rve traffic patterns and manage the car's
capability to brake even when a driver is
unaware of a potential incident ahead,
this technology could be used illicitly to Rick Blaisdell: As more and more cars con-
instead push a gas pedal down instead of nect to the Internet for such functions as
brake pedal. GPS, they become more vulnerable. Hac-
kers can connect to a car over a cellular
network and, conceivably, turn off the
engine while the car is speeding down a
David Coallier, Barricade: Not unlike any crowded highway, or cut the brakes, or
other industry, the automotive industry is cause any number of nightmarish
trying to adapt to this modern connected circumstances.
world and they aren't unaffected. They Security researchers will continue to focus
will need to take the same steps as every- on potential exploit scenarios for connec-
one else to prepare themselves and be ted automobile systems that fail to meet
ready to respond to incidents. The only best practice security policies. IT security
difference is cars are directly handling vendors and automakers will develop gui-
people's lives and will have to make a de- dance, standards and technical solutions
cision between convenience and safety. to protect attack surfaces such as vehicle
access system engine control units (ECUs),
engine and transmission ECUs, advanced
driver assistance system ECUs, remote key
BroadTech Security Team: There will be systems, passive keyless entry, V2X re-
trouble here and there, but overall, things ceiver, USBs, OBD IIs, remote link type
should improve and be moving towards apps and smartphone access.
being comfortably and sufficiently secure.
www.hakin9.org www.eforensicsmag.com
- 58 -
T HREATS
Will security in automotive industry
keep on causing trouble?
Michael A. Goedeker, Auxilium Cyber Se- Amit Serper, Cybereason: In 2015, we saw
curity: Any industry or product that does a rise in attacks using fileless malware.
not integrate security and doesn’t see se- We expect this to continue, and believe
curity as business critical will experience that it is the most important thing to wa-
problems. tch moving forward. In fact, we think 2016
will be the year of “malware-less attacks.”
While Microsoft is re-architecting Win-
dows to be more secure, it will be quite
David Clarke, VCiso: Yes, but I suspect the some time before those efforts will hit the
automotive industry will respond quickly mainstream. Until then, built in tools,
to safety issues like they did in the 60’s, such as WMI and Powershell, will conti-
partly due to Ralph Nader’s book nue to be very popular attack vectors until
“Unsafe at any speed”. newer versions of Windows become more
ubiquitous.
Additionally, we expect to see more
attacks targeting the Mac platform. The
Mitchell Bezzina, Guidance Software: Ab-
more pervasive it is, the more popular
solutely, the growth of electronics and
target it becomes.
lack of standardization means minimal
attention to security, no car buyer asks 2015 was also a key year in the evolution
how much R&D went into ensuring the of ransomware. Not only have we seen
data connection installed in the car they new business models around it, such as
are purchasing has been secured. It’s a the SaaS model we discovered with Ope-
secondary concern and a production cost ration Kofer, but in November, we saw
which means minimum viable security. the first case of Linux-based ransomware
targeting websites (see Krebs’ story on it),
we expect to see more new permutations
of ransomware coming in 2016.
Mayur Agnihotri: According to a survey
from McKinsey & Co., 45% of new-car ow-
ners are unwilling to use connected servi-
ces because of privacy concerns. Dennis Chow, Millar, Inc: Yes, kinetic
attacks are on the rise and transportation
like automobiles will be a prime target for
whitehats and blackhats alike.
Ondrej Krehel, LIFARS: Hopefully only until
self driving cars are safe.
www.hakin9.org www.eforensicsmag.com
- 59 -
T HREATS
Will security in automotive industry
keep on causing trouble?
www.hakin9.org www.eforensicsmag.com
- 60 -
T HREATS
Will security in automotive industry
keep on causing trouble?
www.hakin9.org www.eforensicsmag.com
- 61 -
W HO IS
WHO
Paul Shomo
Guidance Software, Sr. Technical Manager
Paul Shomo has over 15 years of R&D experience, having begun his career wri-
ting firmware for IP routers and satellite networks. Paul joined Guidance So-
ftware’s new product research group in 2006, which launched the industry’s
first incident response solution. Paul has managed and architected cybersecu-
rity and forensic products for many years. He now manages integrations with
the EnCase open security platform, and in his free time works to educate the
cybersecurity industry.
www.hakin9.org www.eforensicsmag.com
- 62 -
M OBILE
Which mobile phone will be
the most secure one?
Chase Cunningham, Cynja: Silent Circle’s Elizabeth Houser, Praesidio: The iPhone,
Blackphone 2 is far and away the best and especially if U.S. Congress does not pass
most secure phone anyone can use but it legislation requiring Apple and other pho-
isn’t for the masses. Most people will stick ne makers to decrypt phones for law en-
with what they know. The Android based forcement purposes.
phones will continue to be the preferred
phones for exploitation because of how
readily available exploits are for that OS in
the cyber underground. Leon Kuperman, Zenedge: Systems that
are cost closed will have the best security
posture – iPhone / iOS .
Mark Bennet, Blustor: Apple IOS devices Wade Johansen, CouriTech LLC: The iPho-
will continue to be the most secure widely ne will evolve to be the most secure pho-
used smartphone in the industry, primari- ne I believe, but it will probably only be
ly due to the more restrictive and control- because it is hacked “less often” than An-
ling ecosystem that Apple has built aro- droid and Windows phones.
und their products. While the use of niche
smartphones designed for enterprises
with the need for high-levels of security Rajeev Chauhan: The one with cloud sto-
will continue to grow, the price and flexi- rage and having active app scanner.
bility of these devices will likely keep
them out of the hands of the average con-
sumer.
www.hakin9.org www.eforensicsmag.com
- 63 -
M OBILE
Which mobile phone will be
the most secure one?
www.hakin9.org www.eforensicsmag.com
- 64 -
M OBILE
Which mobile phone will be
the most secure one?
www.hakin9.org www.eforensicsmag.com
- 65 -
M OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Richard De Vere, The AntiSocial Engineer:
curity: The same ones as now. In addition, Social Engineering using the mobile tele-
the false sense of security that „secure” phone has seen a rise over the past few
phone manufacturers sell you will lead to years based on the percentage of us now
more hacked phones. The system is bro- spending large amounts of time on our
ken, no phone would change that… smartphones. I think criminals have paid
more attention to this field. Noting phis-
hing sites that are mobile friendly!
www.hakin9.org www.eforensicsmag.com
- 66 -
M OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
Mayur Agnihotri: Malware because “Good Wade Lovell, Simpatic: I am primarily con-
Malware Never Dies”. Some underground cerned about altered variants of apps,
hackers built this type of malware which especially games, being disseminated
does not need any type of permission through legitimate app stores. I am also
(“root" or "jailbreak") to access the mobi- concerned about apps with expanded ca-
le phone to affect the mobile phone. pabilities for analytics, etc. being downlo-
aded without users paying attention to
the terms and conditions.
www.hakin9.org www.eforensicsmag.com
- 67 -
M OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
www.hakin9.org www.eforensicsmag.com
- 68 -
M OBILE
What security measures we should use to protect
our mobile phones in the next year?
Chase Cunningham, Cynja: Just like your Mark Bennet, Blustor: Consumers and
laptop, be sure that your phone is pa- enterprises alike need to separate the
tched and your OS is always up to date. keys of an individual’s digital identity from
Use two-factor authentication. If you the devices they require for access. One
don’t need an app or don’t need a parti- analogy is that you wouldn’t secure your
cular function…turn it off. Bottom line— car by leaving the keys in the ignition and
don’t suck at patching. neither should you store your biometric
identity on your smartphone. While po-
werful devices, smartphones are inheren-
tly vulnerable to attack due to the ubiqui-
Michael A. Goedeker, Auxilium Cyber Se- tous and always connected nature. A
curity: Don’t use a phone for secure stuff! better solution, such as BluStor’s Cyber-
Limit the usage for important calls and Gate platform, that allows users to seam-
functions, only use apps that are tested lessly separate the digital keys (e.g., bio-
and proven backdoor and spyware free. metrics) needed to access their phone or
Don’t trust any phone manufacturer, test other mobile devices, is critical to ad-
and verify your Sim card, phone hardwa- dressing this vulnerability.
re, OS and Apps are secure. Recognize
that the underlying communication sys-
tem is flawed. Anyone and everyone can
track you down, so if you don’t want that, Wade Johansen, CouriTech LLC: Apps like
then limit phone use. Use a computer or Cerberus to encrypt phones, detect GPS
electronic device that can use encrypted locations (if on), and ability to take pics of
signals and never needs the SS7 based users attempting too many passwords are
infrastructure. a plus! Remote wipe capability is also han-
dy.
www.hakin9.org www.eforensicsmag.com
- 69 -
M OBILE
What security measures we should use to protect
our mobile phones in the next year?
www.hakin9.org www.eforensicsmag.com
- 70 -
M OBILE
What security measures we should use to protect
our mobile phones in the next year?
Ondrej Krehel, LIFARS: Be aware and read David Clarke, VCiso: As many security so-
the fine print on permissions. ftware apps as you can get on your pho-
ne. I use at least four.
www.hakin9.org www.eforensicsmag.com
- 71 -
M OBILE
What security measures we should use to protect
our mobile phones in the next year?
www.hakin9.org www.eforensicsmag.com
- 72 -
M OBILE
What risks will mobile industry face in 2016?
www.hakin9.org www.eforensicsmag.com
- 73 -
M OBILE
What risks will mobile industry face in 2016?
www.hakin9.org www.eforensicsmag.com
- 74 -
W HO IS
WHO
Leon Kuperman Mark W. Bennett
Zenedge, CTO & Co-founder Blustor, COO
www.hakin9.org www.eforensicsmag.com
- 75 -
I NTERNET OF THINGS
Will IoT force the industry
to change?
Shay Zandani, Cytegic: The inherent inter- Dennis Chow, Millar, Inc: Not alone, as
connectivity of IoT already forces changes history shows, it will probably require mo-
in the security industry, and will continue re breaches related to IoT and high visibili-
to do so. This fact demands multi-device ty catastrophes before vendors will be
endpoint detection tools, cross-device forced to make changes.
honeypots and much stricter MDM rules
and practices in the office space.
www.hakin9.org www.eforensicsmag.com
- 76 -
I NTERNET OF THINGS
Will IoT force the industry
to change?
Michael A. Goedeker, Auxilium Cyber Se- David Coallier, Barricade: The providers of
curity: Yes, as in all new technology, we, security products need to understand that
for some reason, always forget to integra- we have new computing capabilities avai-
te security right from the start. This is a lable to us nowadays that allow for leaps
dangerous way of creating new services in pattern discovery. Continuing to deve-
and products. Since IoT connects systems lop products that are doing heavy pro-
previously not connected, we will only get cessing on the devices is no longer an
to see the „new” hacking vectors as it be- option and the democratisation of compu-
comes more mainstream. ting Amazon is leading will force many
incumbents to change how they do things.
www.hakin9.org www.eforensicsmag.com
- 77 -
I NTERNET OF THINGS
Will IoT force the industry
to change?
www.hakin9.org www.eforensicsmag.com
- 78 -
I NTERNET OF THINGS
Will IoT force the industry
to change?
Craig McDonald, MailGuard: A study pre- Ondrej Krehel, LIFARS: A bit, but not real-
sented in October 2015 by the IT research ly.
company, Gartner, predicts a transforma-
tion in the world of cybersecurity within
the next two years, thanks to the Internet
of Things. Rajeev Chauhan: Yes, in a big way.
By the end of 2017, more than 20% of bu-
sinesses will be using security services
dedicated to protecting businesses ini-
tiatives, and that use devices and services
based on the Internet of Things.
Two examples: A sensor that detects and
adjusts the temperature in a room auto-
matically; another that adjusts the dosage
of medication for a patient in their hospi-
tal bed according to new data on their
medical records.
www.hakin9.org www.eforensicsmag.com
- 79 -
I NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Mark Bennet, Blustor: The slow adoption Nick Prescot, ZeroDayLab: Same as mobi-
of standards and commercial competitive- les.
ness will continue to challenge the IoT
industry to really solve some of the more
serious security vulnerabilities inherent in
these devices.
Mayur Agnihotri: Lack of data protocol
standards • There is currently no agree-
ment/ standard on how to implement se-
curity in IoT • Upgradability And Patcha-
Irfan Shakeel, EH Academy: The security bility Of IoT regularly.
issues are expected to rise; security rese-
archers might challenge the existing infra-
structure. This will open the door for the
organizations to spend on R&D, they will
Wade Johansen, CouriTech LLC: Ban-
spend more on finding the vulnerabilities.
dwidth, security and reliability. Bandwidth
is already an issue, more fiber and more
competition between global bvs local car-
riers needs to be emphasised. Security
Stephan Conradin: IoT should be treated and reliability also go hand in hand, our
in parallel with Big Data. IoT must integra- phones, PCs, laptops, tablets, handhelds,
te safety and security from the design. watches, security systems, building sys-
tems, all the way up to electrical grids,
require better security and protection.
www.hakin9.org www.eforensicsmag.com
- 80 -
I NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Dennis Chow, Millar, Inc: Possibly weak BroadTech Security Team: I will have to
passwords, backdoors, and injection ba- write a book but here are few: (1) non
sed attacks. standardization of hardware and software
will create confusion but let us hope they
all follow standard transfer formats and
standard APIs for data transfer, talking of
the ones with same use but from different
Amber Schroader, Paraben Corporation:
vendors. (2) Serious security incidents are
IoT has a lot of risk in just being new and
going to happen due to vulnerable har-
not having the advantage of already being
dware, firmware and software and for a
broken. Once technology is broken, we
long time, vendors are not going to take it
find better and better means to fix it. With
seriously because they don’t understand.
IoT, it is giving us a completely new per-
We have IoT startups with people who are
spective that is causing issues in gaining
highly creative but quite naive in security,
access or even securing access.
so they are going to make highly useful
stuff but insecure, thus undermining the
product’s credibility.
David Coallier, Barricade: For us, the chal- Roberto Langdon, Nicolas Orlandini,
lenge isn't in security as much as it is in KPMG: The key actions will be addressed
usability. We are a design-led security to enter into the mobile phones, facilita-
company and we spend a lot of time thin- ted by the direct connection with the IoT.
king about how to make security more
accessible to businesses. Providers of IoT
devices face the same challenge. Keeping
a high level of convenience of use with
intrinsic, transparent and non-adversarial
security.
www.hakin9.org www.eforensicsmag.com
- 81 -
I NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Rick Blaisdell: As we become increasingly reliant on intelligent, interconnected devices in every aspect of
our lives, security is very much a central issue for the Internet of Things. Despite the opportunities of IoT,
there are many risks that must be considered. Here are five of the many risks that will be essential in an
Internet of Things world:
Understanding the complexity - Imagine Nuclear power plants and data centers using IoT devices to auto-
mate their controls and being compromised. Understanding the complexity of vulnerabilities, and how se-
rious of a threat they pose is going to become a huge challenge. Because these devices will have hardware
platforms and software that enterprises may never have had insight into before, the types of vulnerabilities
may be unlike anything organizations have dealt with previously. This is why it's critical not to underestima-
te the elevated risks of many IoT devices.
Vulnerability management - Another big challenge for enterprises into an IoT environment will be learning
how to quickly patch IoT device vulnerabilities and how to prioritize them. Because most IoT devices requi-
re a firmware update in order to patch the vulnerability, the task can be hard to accomplish in real time.
Identifying security controls - In the IT world, redundancy is critical. If one product fails, another is there to
take over. The concept of layered security works similarly, but we still have to see how well enterprises can
layer security and redundancy to manage IoT risk. The challenge will be identifying where security controls
are needed for Internet-connected devices, and then implementing effective controls. Given the diversity
that will exist among these devices, organizations will need to conduct customized risk assessments, often
relying on third-party expertise, to identify what the risks are and how best to contain them.
Disruption and denial-of-service attacks - Disruptive cyber attacks, such as distributed denial-of-service
attacks, could have bad consequences for an enterprise. If thousands of IoT devices try to access a corpora-
te website or data service feed that isn't available, a company’s happy customers will become frustrated,
resulting in revenue loss, customer dissatisfaction and potentially poor reception in the market. Capabilities
for managing lost or stolen devices will also be critical for dealing with compromised IoT devices, so having
an enterprise strategy in place will help mitigate the risks of corporate data ending up in the wrong hands.
Security analytics capabilities - The variety of new devices connecting to the Internet will create a flood of
data for enterprises to collect, process and analyze. While certainly organizations will identify new business
opportunities based on this data, new risks emerge as well.
www.hakin9.org www.eforensicsmag.com
- 82 -
I NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Wade Lovell, Simpatic: IoT designers will Andrew Bagrin, My Digital Shield: The bi-
have to convert to a security-centric de- ggest challenge will be security.
sign methodology. So far, security has mo-
stly been an afterthought.
www.hakin9.org www.eforensicsmag.com
- 83 -
I NTERNET OF THINGS
How will IoT influence
cyber community?
Michael A. Goedeker, Auxilium Cyber Se- BroadTech Security Team: Will mention
curity: We need to be faster, teach more, just one part that could be missed by
work on creating security products that others. “More Information Overload“ cau-
protect everyday functions and people sing the brains to be rewired for
from dedicated and nasty attacks on wha- “continuous partial attention” thus degra-
tever the IoT industry brings out. It's a ding the brain’s ability to reflect and con-
new area that we need to protect fast. template and thus losing creativity. IoT
Time is ticking (tick-tock). devices will rule over us.
Rick Blaisdell: The Internet of Things has David Clarke, VCiso: Another very specia-
the potential to bring together every list niche is developing.
aspect of different networks. Therefore,
security at both the device and network
levels is critical to the operation of IoT.
The same intelligence that enables devi-
Kenneth C. Citarella, Guidepost Solutions:
ces to perform their tasks must also ena-
Hopefully, the Internet of Things will ga-
ble them to recognize and counteract
lvanize the cyber community to talk about
threats.
the ever growing advocacy for thorough
evaluations of all aspects of security for all
connected devices.
www.hakin9.org www.eforensicsmag.com
- 84 -
I NTERNET OF THINGS
How will IoT influence
cyber community?
Wade Lovell, Simpatic: It may make the Stephan Conradin: Emerging standards for
community more cautious, which would communication.
be a good thing. It certainly exposes data
on previously private acts such as making
love in a room with a SmartTV or tempe-
rature sensor.
Ondrej Krehel, LIFARS: It’ll take time. Once
the first major breach happens, it’ll explo-
de.
www.hakin9.org www.eforensicsmag.com
- 85 -
I NTERNET OF THINGS
How will IoT influence
cyber community?
Wade Johansen, CouriTech LLC: A lot of white hats will go gray, but not for all the wrong reasons! The con-
tinuous evolvement of global threats to peace and prosperity are affecting so many people that many have
decided the only way to fight crime is by operating outside the framework of laws as they currently stand.
Governments tend to be behind in technical advancements, and IoT is one of the things they aren’t
equipped to govern yet. They are slow to tackle emerging threats, and are behind on daily advances to
technology of IoT. Gray hats, on the other hand, can easily move in and out of systems without much fear,
and remain anonymous while having quite a large impact without causing system disruptions. They expose
and report vulnerabilities without exploiting them. It’s not about glory, it’s about getting the job done effi-
ciently and building security around devices.
Craig McDonald, MailGuard: Information technology security experts have been warning the public about
cyber threats for years, but users seem not to pay attention to these alerts -- they either don’t understand
the threats or they do not care.
The cybersecurity industry needs to get better at communicating.
One new initiative is the Open Web Application Security Project’s (OWASP) Internet of Things Top 10 Pro-
ject, which is attempting to educate users on the main facets of IoT security and help vendors make com-
mon appliances and gadgets network- and Internet-accessible. The project identifies the top 10 security
problems seen with IoT devices, and discusses how to prevent them on its website. Its list is as follows: In-
secure Web interface; Insufficient authentication or authorization; Insecure network services; Lack of trans-
port encryption; Privacy concerns; Insecure cloud interface; Insecure mobile interface; Insufficient security
configuration; Insecure software or firmware; Poor physical security.
The Internet of Things will redraw the lines of responsibilities for the enterprise – security policies will open
to different profiles of employees and updating protocols, as happened with the introduction of BYOD
or cloud computing, but on a much larger scale, and with a far more visible impact.
Technology research company Gartner believes that securing the IoT will be so complex that CISOs will use
a blend of approaches from mobile and cloud architectures, combined with industrial control, automation
and physical security.
www.hakin9.org www.eforensicsmag.com
- 86 -
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
Chase Cunningham, Cynja: IoT security Wade Johansen, CouriTech LLC: Security is
isn’t really even a thought right now. already paramount, but it will not grow as
What we are seeing is the emergence of quickly as IoT itself. Products often are
the “next” Internet. With new protocols, rushed to market just to get brand reco-
communication mediums and applications gnition, this often means security is left
but no consideration for security. Sadly, behind. In this case, you’ll see security
we are seeing kids become the first vic- follow after breaches, etc., and when it
tims of IoT exploits. In the past few weeks, becomes a regulation concern. For a whi-
we’ve learned that Barbie isn’t just a pla- le, though, it will be the wild-wild west,
stic doll with a house of your dreams any- just like the early dot-com days.
more. Instead, she’s a vector of attack
that hits kids right in their own home. And
parents who gave their child a Kidizoom
smartwatch or a VTech InnoTab tablet
BroadTech Security Team: Definitely, we
may have exposed their kids to identity
will have to wait because as I said earlier,
theft after VTech reported hackers stole
many new startup vendors have no idea
the personal information of more than 6
what it is. Wait, even Lockheed Martin
million children. That’s why I believe we
could not figure it out while making $37
need to protect our kids in this emerging
billion fleet of littoral combat ships for US
world of IoT and build systems that allow
Navy. Those new to IoT especially would
families to better control their family’s
need some time to figure it out :-).
data, allow parents to see what data IoT
devices are collecting and alert them
when those data are stolen. What we’ve
learned this year is when it comes to IoT
toys, trusting a company's "reasonable Gerald Peng, Mocato: I am an optimist,
measures" isn't enough. As a dad, I’m do- and with IoT developing so quickly, I be-
ing something about this and building lieve that consumers and corporations will
better protocols for kids’ digital lives. They drive the need for increased security
deserve better than what we’re using to- options and tools.
day.
www.hakin9.org www.eforensicsmag.com
- 87 -
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
Michael A. Goedeker, Auxilium Cyber Se- Craig McDonald, MailGuard: The cyber
curity: We have to see security for IoT. We security industry needs to work with in-
have answered that call by discussing exi- novators from the get-go with partners-
sting hacks today, at Davos and any other hips that change the way products are
conference we are invited to speak at. designed.
Waiting for security and processes, proce-
dures to catch up to new tech is the same
issue as previously, only now we are invi-
ting attacks into our homes and family
Elizabeth Houser, Praesidio: Both. First-
members. This is a totally new ball-game.
attempt security for the IoT will emerge
along with new IoT solutions, otherwise
manufacturers won’t gain confidence and
purchases from consumers. There will, of
Mitchell Bezzina, Guidance Software: So- course, be vulnerabilities discovered and
me vendors are already making claims to privacy mishaps, most likely on a large
be able to help with IoT security, but they scale in some cases, and security stan-
have the advantage of being first-to- dards will have to adapt accordingly as the
market and attempting to define IoT secu- IoT expands and evolves.
rity based on what they have to offer.
While more robust tools and technologies
evolve to meet the challenge, the majority
of IoT security efforts in 2016 are likely to
Alina Stancu, Titania: It is predicted that
revolve around testing, testing, and more
over 200 billion devices will be connected
testing. Take a look at Intel/McAfee for
by 2020. This sheer explosion of devices
the current leaders in IoT security thought
attached to the network will lead to an
-leadership.
increased threat surface. Security monito-
ring will become essential and solutions
will have to adapt at managing the num-
bers. The silver lining is that IoT is still at a
Wade Lovell, Simpatic: Fortunately, secu- young stage and it appeared in a context
rity will emerge alongside new IoT solu- where users are slightly more aware of
tions and offerings. No manufacturer security and privacy issues. This means
wants to be in the news as the attack vec- there are calls for the industry to secure
tor allowing the theft of confidential infor- things before it can spin out of control,
mation or images. which means ultimately that the frame-
work will be safer by default.
www.hakin9.org www.eforensicsmag.com
- 88 -
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
David Clarke, VCiso: IoT will move from Stephan Conradin: We have to wait. Too
becoming unsafe to manageable security, many devices exist with poor security or
the technology is there already. no security at all. It’s impossible to change
The industry needs to learn from its mista- all devices and components very fast. Re-
kes as it builds devices that connect via member migration from IPv4 to IPv6, not
the Internet. Best practices security, such months or years, but decades.
as using secure protocols for communica-
tion or installing the latest updates, fixes
and patches, are the starting point. In-
novators must consider that future securi- Kenneth C. Citarella, Guidepost Solutions:
ty will be managed automatically by the We must include new security with new
system instead of users, and designing developments. Waiting is too great of a
secure technology will require a new risk.
approach and mind-set.
www.hakin9.org www.eforensicsmag.com
- 89 -
W HO IS
WHO
David Clarke
David has experience across Finance, Telecoms, Public Sector including develo-
ping CERT on a Financial Intranet trading $3.5 Trillion a day , Managed Security
Services with a $400 million dollar Global install base, including Leading edge
Product Selection ,implementation and architecture. In these sectors David
has built Secure operations capabilities often from scratch, developed full Cy-
ber incident response expertise , created , maintained and improved regulato-
ry and compliance commitments including PCI-DSS, ISO 27001.
www.hakin9.org www.eforensicsmag.com
- 90 -
T OOLS OF THE TRADE
How will tools evolve in 2016?
Michael A. Goedeker, Auxilium Cyber Se- David Coallier, Barricade: Businesses de-
curity: They will become easier and faster serve security that isn't adversarial, com-
to use. There will be more emphasis on plicated and confusing. The job of a secu-
the value a tool has to security and where rity professional shouldn't be to stare at a
it obtains that information from. screen all day but rather promote and
encourage good security procedures and
behaviour across the organisation. Both
emerging and new tools are helping in
Shay Zandani, Cytegic: The main evolve- solving that problem.
ment will be in the cybersecurity manage-
ment solutions field, due to the fact that
already CISOs and other security person-
nel are overwhelmed with the abundance Wade Johansen, CouriTech LLC: More will
of defenses, policies and procedures, and focus on geographical information and
they must have a management system isolation as well as virtual distribution mo-
that they can use as a vehicle to streamli- dels.
ne and update operations and policies.
www.hakin9.org www.eforensicsmag.com
- 91 -
T OOLS OF THE TRADE
How will tools evolve in 2016?
Alina Stancu, Titania: There will be a boost Mitchell Bezzina, Guidance Software:
in automation, in order to keep up with Tools will continue to diversify for custo-
the sheer amount of data. As connectivity mer types, in most industries there are
has surpassed security, the number of experienced and new users who have va-
vulnerabilities and back doors has increa- stly different requirements and job func-
sed as well. Complex, interconnected sys- tions, solutions will adapt to cater for lar-
tems require complex security tools. Whi- ger audiences and aim to create operatio-
le there is no single tool that can suc- nal efficiency.
cessfully secure everything, there are cer-
tainly an array of solutions that can be
used together to minimise threats. The
key is not a bulk buy of the newest conso- Roberto Langdon, Nicolas Orlandini,
les. The key here is an intelligent risk as- KPMG: Forensic technologies and Data
sessment of the risks and capabilities of Analytics will be the drivers to push the
individual organisations, in order to apply investigation activity all over the world.
tools and tactics in an efficient, cost- Data Analytics tools are focused on brin-
effective manner. ging more versatility to users, in order to
help them optimize the information filter-
ing, identify potential irregular patterns in
huge volumes of information and select
Wade Lovell, Simpatic: Scanning tools, e.g. the tagged pieces of evidence, the most
NMap and ZenMap, will become even sustainable and specific ones. Cross infor-
more important and move into consumer mation with other sources will help to
products. More tools will be deployed in obtain a wider scope to the investigators,
real time environments. Intelligent because besides local equipment, pen
pattern recognition will continue to deve- drives, CDs, DVD, tablets, notebooks, and
lop and will be at least partially capable of smartphones, there is a lot of information
stopping bad actors, e.g. shutting down inside Cloud Services.
ports under attack.
www.hakin9.org www.eforensicsmag.com
- 92 -
T OOLS OF THE TRADE
Will the trend to eliminate passwords continue?
Michael A. Goedeker, Auxilium Cyber Se- Andrew Bagrin, My Digital Shield: Yes, no
curity: Not sure about passwords but the one likes passwords, but a standard solu-
way we authenticate will evolve. tion is needed.
Mark Bennet, Blustor: The trend to elimi- Stephan Conradin: The password is often
nate passwords will continue and will like- still the least bad solution and with SSO it
ly accelerate as more devices support bio- remains comprehensible to the user wi-
metric authentication. We will see the thout being too restrictive.
emergence of new two-factor authentica-
tion solutions as they incorporate the se-
curity benefits of biometrics.
Paul Hoffman, Logical Operations: Yes, it
is tough to change the habits of people
and making secure passwords and chan-
Wade Johansen, CouriTech LLC: Not yet, it ging them often is not easy. The quickest
is still far too common and there are not way to affect security is to have a new
enough options to remove this as a staple authentication method that is personal.
method of identification and authoriza-
tion. However, you will see more dual fac-
tor authentication requirements in 2016
as well as chip technology taking a strong Mitchell Bezzina, Guidance Software: Yes,
foothold. biometric scanning will be household and
the use of passwords will be limited, ho-
wever, the wide adoption will take years
for manufacturers to standardize so that
Dennis Chow, Millar, Inc Short: There will applications can make connections to har-
be efforts, but unfortunately, it’s not go- dware.
ing away anytime soon. Passwords are
still the most wide spread, easiest, and
most affordable method of access so far.
BroadTech Security Team: I think yes, and
I think we should do away with passwords
altogether. It is not secure at all these
Einaras Gravrock, Cujo: Absolutely. Ho- days, even the conference rooms have
wever, expect 2016 to be the year of new surveillance cameras that can suck up yo-
proposed solutions and not yet a solution ur password. But a one size fit all parallel
for what will actually be adopted. implementation won’t be possible.
www.hakin9.org www.eforensicsmag.com
- 93 -
T OOLS OF THE TRADE
Will the trend to eliminate passwords continue?
Dotan Bar Noy, Re-Sec Technologies: I David Clarke, VCiso: Yes. Strong authenti-
think the trend will continue but there is cation may need to be legislated to re-
still a very long way before biometric me- move passwords.
asures could replace old style passwords.
This is true both for large enterprises as
well as for SMBs. The rise of biometrics
identification measures we saw in mobiles
will take a very long time before it will
make the move to desktop computers.
www.hakin9.org www.eforensicsmag.com
- 94 -
T OOLS OF THE TRADE
What new technology will make an impact
on cyber security the most?
www.hakin9.org www.eforensicsmag.com
- 95 -
T OOLS OF THE TRADE
What new technology will make an impact
on cyber security the most?
Andrew Bagrin, My Digital Shield: Defini- David Clarke, VCiso: Secure mobile pho-
tely IOT. nes, and technologies that replace pas-
sword technology.
www.hakin9.org www.eforensicsmag.com
- 96 -
T OOLS OF THE TRADE
What new trends will we see on threat
intelligence?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: Creating
curity: It’s doing its job! There are many virtual peer to peer networks (ready ma-
companies that have feeds but the que- de) and selling them as being darknet ops.
stion is always about value. Fancy maps Continued infiltration of current botnets,
are nice but what good does the informa- and C&C centers as well as placement of
tion in that map do really? How is the da- compromised servers into anonymous
ta collection any different than using a systems.
RasberryPi2 with Snort, etc? We build our
own network of sensors (Pi2’s, DMZ sen-
sors, etc) and use this information to find
differences and turn that information into
actionable intel. But we also use other Mark Bennet, Blustor: The continued
areas of data collection (all legal!). OSINT growth and use of biometric authentica-
is something surprisingly missing in all tion will have a profound impact on cyber
threat intelligence feeds so we created security – both improving security as well
our own system that also includes that. as creating a new set of vulnerabilities
that are not being effectively addressed
by the mobile device industry.
www.hakin9.org www.eforensicsmag.com
- 97 -
T OOLS OF THE TRADE
What new trends will we see on threat
intelligence?
www.hakin9.org www.eforensicsmag.com
- 98 -
W HO IS
WHO
Shay Zandani Rick Blaisdell
Cytegic, Co-founder and
CEO
Experienced CTO, creating
Shay’s entrance into cyber technical strategies which
security was on the nation- reduce IT operational costs
state cyber battlefield and improve efficiency. Rick
when he founded the In- has 20 years of product, bu-
formation Warfare Depart- siness development and high
ment at the Israeli Air For- -tech experience with Fortu-
ce. Under his leadership, ne 500 companies, develo-
the IWD pioneered the use ping innovative technology
of data manipulation for strategies, with particular
cyber offense. He then expertise in cloud computing integration, delivering
spent more than a decade cost effective IT services, strategic planning and deve-
as CEO of Kesselman Glo- lopment for Information Systems, and creating in-
bal Risk Management Solu- novative businesses
tions (GRMS), a subsidiary
of PwC focused on conduc-
ting risk and cyber security
maturity assessments for Wade Lovell
large enterprises. Prior to Simpatic, CEO
PwC, Shay participated in
establishing the first TTP Certificate Authority in Isra- Wade Lovell has founded
el.Shay’s unique blend of private and public sector eight companies with $200+
experience and deep understanding of how cyber risk million in stakeholder re-
evolves and impacts an organization’s bottom line hel- turns. Wade began his care-
ped crystallize his vision for Cytegic. He received his er at Goldman Sachs and
bachelors and masters degrees in computer science Arthur Andersen. He has an
from the Open University of Israel, and his Executive MBA from Columbia Busi-
MBA from Northwestern University and Tel-Aviv ness School and is a financial services expert. He is a
University, upon graduating from Mamram, the IDF CPA, former CFE, EA, and has held Series 3, 7, 63 & 24
(Israeli Defense Forces) technical elite unit in 1990. designations.
Lt. Commander Israel Navy has more than 10 years of management experience in several leading
companies and startups in Israel and US.
www.hakin9.org www.eforensicsmag.com
- 99 -
A REAS OF SECURITY
What are your predictions
for network security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC: It will
curity: The push for more automation will continue to grow as a field, and busines-
eventually happen. We have started this ses will be required meet new standards if
process by being the first company to in- they want to trade at global levels.
troduce our copyrighted concept of the
„Self Protecting Network”.
www.hakin9.org www.eforensicsmag.com
- 100 -
A REAS OF SECURITY
What are your predictions
for network security in 2016?
www.hakin9.org www.eforensicsmag.com
- 101 -
A REAS OF SECURITY
What are your predictions
for software security in 2016?
Einaras Gravrock, Cujo: We will see many Stephan Conradin: Still 50 security pa-
new solutions focused on network traffic tches per year for each software because
patterns, big data, and machine learning. software have no security by design,
OWASP will continue their very good job
of explaining how to avoid SQL Injection
and we’ll see SQL injection
Julie Herold, Kenny Herold, Odin’s Eye:
The heavier we move code reliance on the
client for storage and processing, the mo-
re attacks that will be developed in server Paul Hoffman, Logical Operations: Move
response and client-side code tampering to secure coding. Patching holes before
versus the more traditional and more se- launching software.
cure server side attacks in client requests.
www.hakin9.org www.eforensicsmag.com
- 102 -
A REAS OF SECURITY
What are your predictions
for software security in 2016?
www.hakin9.org www.eforensicsmag.com
- 103 -
A REAS OF SECURITY
What are your predictions
for hardware security in 2016?
Ondrej Krehel, LIFARS: More 2+ factor David Clarke, VCiso: Hardware security
tools for access. appliances may make a comeback as vir-
tualisation may still be very vulnerable to
skill shortages and software exposures.
Andrew Bagrin, My Digital Shield: Har- Wade Johansen, CouriTech LLC: TPM will
dware security is fine, but it doesn’t need make a larger impact, and we will conti-
to be on specialized hardware. For 2016, I nue to make smaller, faster IOPs capable
don’t believe there will be much change. data devices for the data center.
www.hakin9.org www.eforensicsmag.com
- 104 -
A REAS OF SECURITY
What are your predictions
for cloud security in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Rajeev Chauhan, Cyber Oxen: IOT will
curity: National and International Privacy dictate the security in cyber space scena-
will continue to shape this industry and rio including all the areas of security men-
how products are hosted to international tioned above. The boundaries between
customers and partners. As more services hardware and software security will mer-
and resources are put into the cloud, so ge.
too will the regulations and audits needed
to verify compliance evolve. As more se-
rvices are hosted in the cloud, it then be-
comes an even bigger target. Wade Johansen, CouriTech LLC: AWS and
Azure will make cloud security a priority
this year. There appears to be a lull in the
adoption of more cloud based services,
Ondrej Krehel, LIFARS: I hope the provi- and in large part, it’s because the security
ders will be more secure in their deploy- has been behind. That will be rectified this
ments. year.
www.hakin9.org www.eforensicsmag.com
- 105 -
A REAS OF SECURITY
What are your predictions
for cloud security in 2016?
David Coallier, Barricade: Huge year for Stephan Conradin: With cloud we delega-
cloud security. More companies are beco- te our security without strong controls.
ming aware that "the cloud" is not a silver Sooner or later, there will be a serious
bullet but also not completely insecure. incident.
Tools who are born on the cloud will
prevail as it is clear that incumbents who
are retroactively adapting their tools for
cloud products are simply not good at it. Dennis Chow, Millar, Inc: Many more ven-
The pricing models for the security indu- dors and startups coming to complement
stry, which has traditionally been contract access controls and data discovery/data
-based, has to change to reflect how peo- control.
ple use the cloud. The SaaS model for se-
curity will grow.
Julie Herold, Kenny Herold, Odin’s Eye: Rick Blaisdell: Cloud security will increase
We think technologies like Chef, Puppet, in scale, and decrease in complexity. In
Ansible, SaltStack and Docker will be tar- 2016, we’ll see cloud security evolve into
geted by attackers to proliferate back- simpler, virtualized controls and solutions
doors, misconfigurations with the inten- that will have embedded security proces-
tion of abuse, and malware. Of course, ses to help map current IT systems. Heavy
this would also include any other patch protective layers that have difficulty sca-
management, centralized security ap- ling in the cloud will stay behind, and next
pliances/solutions etc. year will have lighter, scalable cloud secu-
rity solutions.
www.hakin9.org www.eforensicsmag.com
- 106 -
A REAS OF SECURITY
What are your predictions
for cloud security in 2016?
Craig McDonald, MailGuard: 2016 will be David Clarke, VCiso: Cloud availability and
the first year cloud services will be chosen a minimum of dual (maybe internet and
because of their enhanced security. Peo- private) connectivity. Cloud services will
ple are at risk of physical harm as next- help mitigate skills shortage in cyber secu-
generation technologies are targeted. Cy- rity.
ber attackers will fund unpatched vulnera-
bilities in smart-connected home devices
as a way to stage a full-blown attack. The-
re are no signs of a wide scale attack co-
ming but this scenario is highly probable.
Attacks on next generation payment met-
hods – from EMV credit cards to mobile
wallets – will increase. Mobile malware is
expected to grow exponentially with
much of this originating in China. Hack-
tivists will use data breaches to systemati-
cally destroy their targets. Businesses will
also fall for elaborate tricks that use new
social engineering lures. Expect a big in-
crease in ploys that persuade employees
to transfer money to cybercriminal-
controlled bank accounts. Their first step
is to become familiar with the target’s
ongoing business activities, so their mali-
cious schemes are camouflage. This is ty-
pically done by intercepting communica-
tions between business partners.
www.hakin9.org www.eforensicsmag.com
- 107 -
W HO IS
WHO
Ondrej Krehel Julie Herold
Lifars, CEO and Founder Odin’s Eye
Senior Security Consultant
He is the CEO and Foun-
der of LIFARS LLC, an Strong eleven year development
international Cybersecu- background for a Fortune 10 com-
rity Intelligence, Digital pany and 2 years of penetration
Forensics, and Incident
Response firm. Ondrej
also leads the Digital
Forensics team at LI- Kenny Herold
FARS. He’s the former Odin’s Eye
Chief Information Securi- Principal Security Consultant
ty Officer of Identity
Theft 911, the nation’s 4 years of experience as a service
premier identity theft lead for anti-spam/anti-malware/
recovery and data bre- anti-virus working for a Fortune 10
ach management servi- company at a global scale as well
ce. He previously con- as 2 years of general application
ducted forensics investi- security background and 5 years of
gations and cyber securi- penetration testing in aforementio-
ty consulting at Stroz ned company and an additional 2 years of penetration
Friedberg. With two de- testing for Odin’s Eye, LLC.
cades of experience in
computer security and forensics, he conducted a wide
range of investigations, including data breached
through computer intrusions, theft of intellectual pro- Alina Stancu
perty, massive deletions, defragmentation, file carvings, Titania Marketing Coordinator
anti-money laundering, financial fraud, mathematical
modeling and computer hacking. Ondrej’s experience She is Marketing Coordinator at
also includes advanced network penetration testing - Titania and has spent the past two
using various tools and technologies, database security years, learning, talking and writing
testing, physical security assessments, logical security about information security. She is
audits, wireless network penetration testing, and provi- also a contributor to The Analogies
ding recommendations for operational efficiency of Project.
approaches.
www.hakin9.org www.eforensicsmag.com
- 108 -
T HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Chase Cunningham, Cynja: Startups will Irfan Shakeel, EH Academy: 2016 will be-
continue to be the real infosec innovators. long to the start-ups of the infosec com-
I predict large companies will pick up their panies. Startups will focus on vulnerability
pace of acquisition of these smaller firms. research, threat intelligence & monitoring
From where I sit, the large companies tools. The infosec service sector will likely
aren’t concerned or even working to- to grow, as more organizations are loo-
wards much innovation in the space as it king for services.
is cheaper to simply buy the little guys
out. This “trend” is basically leading to the
establishment of a market wherein anyo-
ne can start a company, come up with Leon Kuperman, Zenedge: Disruptive Star-
something 1% better than someone else tups.
and get bought for a lot of money, then
go off and do it again.
www.hakin9.org www.eforensicsmag.com
- 109 -
T HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
David Coallier, Barricade: Startups. The Stephan Conradin: Neither one nor the
tech world moves so fast that the incum- other. Good ideas are emerging in small
bents are stuck in the innovator's dilem- entities but great entities have the ability
ma and only the smaller, more agile com- to act. They have to collaborate.
panies are able to move at the pace at
which the security industry should be
operating.
Wade Lovell, Simpatic: 2016 is a year for
start-ups to show their agility.
www.hakin9.org www.eforensicsmag.com
- 110 -
T HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Dotan Bar Noy, Re-Sec Technologies: We Nick Prescot, ZeroDayLab: Clients are loo-
are at time where the big vendors domi- king for the right company to do the right
nate the more conservative solution and job, the benefits won't change.
reinventing themselves by acquiring in-
novative new technologies. The startups
are the ones that will introduce the di-
sruptive technologies that will be necessa- David Clarke, VCiso: Both as the bigger
ry in order to combat new types of mal- ones will buy the start-ups.
ware.
www.hakin9.org www.eforensicsmag.com
- 111 -
T HE INDUSTRY
Will cyber security events (like BlackHat or
DEFCON) remain an important part of influencing
the development of cyber community and companies?
Chase Cunningham, Cynja: The larger Ondrej Krehel, LIFARS: I think the focus is
CONS are already basically viewed by changing from them. They’ve grown too
most security operations personnel as not big.
much more than a reason to go to Vegas
and perhaps participate in shenanigans.
It’s smaller CONS where really interesting
and really innovative solutions are being Julie Herold, Kenny Herold, Odin’s Eye:
shown. The large CONS will continue but We think these events are becoming mo-
are slowly becoming nothing more than a re and more about networking and ven-
giant sales convention for companies to dors which will continue on the upward
network and pitch things. trend.
Michael A. Goedeker, Auxilium Cyber Se- Rajeev Chauhan: Yes, they may become
curity: It’s getting to the point where the prominent as recruiters for govt agencies
investment for attending and the value as well as “Contract Agreement” hunting
are starting to be questioned for some ground.
conferences. In my opinion, events like
Bsides are becoming more important and
attended by more people due to the lo-
wer costs involved with attending. I am by Paul Hoffman, Logical Operations: Yes, for
no means saying Blackhat is not valuable a while.
but people are starting to feel real pain
when paying thousands of dollars or eu-
ros to attend a conference in the US. The-
re has to be a balance and not a „we are BroadTech Security Team: Yes, of course,
talking all the money from all sides” just such events are the life and blood of cy-
so you attend our show. Security lives ber security. There will be many more
from teaching and not being so egotistical such local events, too, which may not get
with conferences. much press.
Leon Kuperman, Zenedge: These events Stephan Conradin: Yes. Experts should
are overly commercialized at this point meet experts to share knowledges.
and used as announcement platforms for
the most part.
www.hakin9.org www.eforensicsmag.com
- 112 -
T HE INDUSTRY
Will cyber security events (like BlackHat or
DEFCON) remain an important part of influencing
the development of cyber community and companies?
Craig McDonald, MailGuard: Yes, and the- Wade Johansen, CouriTech LLC: Yes, un-
re will be more of them. Education and fortunately they still will not be a target of
communication is a key priority in 2016. many companies for sending their cyber
Cybersecurity can no longer be seen by employees, as it’s still seen by too many
businesses as optional, nor half-baked as a non-essential training experience.
solutions accepted.
www.hakin9.org www.eforensicsmag.com
- 113 -
T HE INDUSTRY
Will we see more state-level cooperation in 2016?
Chase Cunningham, Cynja: Local and state Andrew Bagrin, My Digital Shield: Less
governments in the U.S. are so far behind cooperation and more regulation I think,
the curve in cyberspace they don’t even which is a mistake, but that is how our
have an idea on how to get involved. Wi- government thinks when it comes to se-
thout a coalition that can guide local and curity.
regional entities and help them gain trac-
tion in solving their own specific cyber
problems, they will continue to lag and
exploits will rapidly expand. Rick Blaisdell: 2016 will be a very signifi-
cant year for both sides of the cybercrime
equation. Governments and enterprises
will begin to see the benefit of cybersecu-
Dennis Chow, Millar, Inc: We will see mo- rity foresight, with changes in legislation
re attempts at information sharing and and the increasing addition of cybersecu-
incident response assistance. rity officers within enterprises. In addi-
tion, as users become more aware of onli-
ne threats, attackers will react by develo-
ping sophisticated, personalized schemes
Michael A. Goedeker, Auxilium Cyber Se- to target individuals and corporations ali-
curity: Certainly and this is a good thing! ke.
We need to discuss privacy, protecting
people, critical infrastructure.
www.hakin9.org www.eforensicsmag.com
- 114 -
T HE INDUSTRY
Will we see more state-level cooperation in 2016?
Anthony Di Bello, Guidance Software: To BroadTech Security Team: Yes, but each
some degree. Will it be effective? De- state taking into its own national interest
pends on the degree of sharing, accuracy first.
of what is being shared, and the controls
various states will demand on the data
they are sharing.
www.hakin9.org www.eforensicsmag.com
- 115 -
T HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
Wade Johansen, CouriTech LLC: Travel Wade Lovell, Simpatic: The security spent
and immigration services such as VISA in healthcare is expected to rise more
programs. than 20% but I think the biggest demand
will be among money center banks.
(Symphony, which serves a coalition of 19
banks, just raised another $100 million
David Coallier, Barricade: Strange answer this Fall.)
to this one but fashion and e-commerce
to us have strong signs of interest and
growth. Many companies in these indu-
stries do not traditionally have a strong Roberto Langdon, Nicolas Orlandini,
security culture and new products will KPMG: Cyber Security is a challenge for
come in and help them achieve that, grow the entire “Government-Private Corpora-
with security awareness at the very least. tions, SMB organizations, and professio-
Mayur Agnihotri: Cyber security services / nals” ecosystem. It requires to stay infor-
solution is one of the alarming concerns in med, well equipped, conscious about the
many critical industryies, such as BFSI: subject, and with policies and procedures
aerospace, defense, and intelligence, be- to let the people know how to do the
cause the biggest challenges of cyber se- things right, and how to react to a security
curity are education and training in 2015. issue or incident.
www.hakin9.org www.eforensicsmag.com
- 116 -
T HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
Alina Stancu, Titania: Possibly healthcare. Anthony Di Bello, Guidance Software: He-
Although the financial sector, as well as althcare, retail, government and finance.
various governments, are stepping up se- A problem here is financial and consulting
curity efforts, due to the threat levels. (PWC, ATOS, Optiv, etc) industries have
Financial crime is not disappearing, the cash to corner much of the existing
though it is becoming more targeted, whi- talent.
le state-sponsored attacks, through their
complexity and persistence, require signi-
ficant resources and a wide range of spe-
cialised skills. The most stealthy attack Gerald Peng, Mocato: Retail, healthcare,
campaigns known to date (Stuxnet, Duqu, finance, and device manufacturing. The
Flame, The Mask) have been from state- first two will demand it due to the IP, con-
sponsored actors. sumer data and communications they
want to protect. Companies that process
electronic payments or produce IP-sharing
devices will also want protection against
Stephan Conradin: SCADA, critical infra- cyber threats in order to maintain consu-
structures. mer confidence and brand reputation.
Dotan Bar Noy, Re-Sec Technologies: Ac- David Clarke, VCiso: Demand is big, the
cording to the “Banking & Financial Servi- ability to pay isn’t, government, finance,
ces Cybersecurity: U.S. Market 2015-2020 pharmaceutical, legal.
Report”, by Homeland Security Research
Corp. (HSRC), the 2015 U.S. financial servi-
ces cybersecurity market will reach $9.5
billion, making it the largest non- BroadTech Security Team: Defence, he-
government cybersecurity market. In ad- alth care, power...
dition, the report concludes that this mar-
ket will be the fastest growing non-
government cybersecurity market, excee-
ding $77 billion in cumulative 2015-2020 Paul Hoffman, Logical Operations: Heal-
revenues. This is driven by an increase in thcare, they are so far behind. It will take
regulation and the demand for zero brea- years to get them off this list.
ches, shutdown time and information leak
systems.
www.hakin9.org www.eforensicsmag.com
- 117 -
T HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
www.hakin9.org www.eforensicsmag.com
- 118 -
T HE INDUSTRY
What do you think will change in the cyber
security market in your country?
Michael A. Goedeker, Auxilium Cyber Se- Wade Johansen, CouriTech LLC, US: The
curity, Germany: I hope that there will be push for BYOD will drastically drop this
better rates for experienced security peo- year in the US because of inherently inse-
ple. Right now many big customers pay cure devices that are not corporate con-
little for much, this is unbalanced and re- trolled, which could compromise entire
ally unfair as „cyber” security experts do a networks.
lot of learning and gain experience that is Dennis Chow, Millar, Inc Short: Advances
not paid. This experience „SHOULD” be in Threat Intelligence and Automatic Re-
paid but currently isn’t. At some point, we sponse in Systems.
will refuse to be undersold and not work
for minimal wages comparable to low pa-
id jobs that do not require special trai-
ning, certifications or degrees in addition Alina Stancu, Titania, UK: UK remains a
to real world experience. hotspot for disruption and advancements
in technology. But where recent years
have been explosive with new start-ups
and cutting-edge developments, 2016 is
Andrew Bagrin, My Digital Shield, US: Mo- converging towards a more consolidated,
re complexity and higher process. mature market. More defined classifica-
tions of security services are starting to
emerge. Export was a priority to the UK
government in 2015 and that was illustra-
Dotan Bar Noy, Re-Sec Technologies, Isra- ted best with the visit of Prime Minister
el: The latest data from Israel’s National David Cameron to US at the beginning of
Cyber Bureau indicates cyber exports in- this year, where he invited a trade delega-
creased from $3 billion (USD) in 2013 to tion of cyber security companies.
$6 billion in 2014, that constitutes about
10 percent of the global cyber market.
Israel is second only to the United States
as the largest exporter of cyber products. Julie Herold, Kenny Herold, Odin’s Eye,
This is made possible by the increasing US: We think the days of charging absurd
amount of highly skilled professionals. amounts of money for IT Security services
Israel’s unique security needs created a will be controlled as a result of the num-
focus on cyber security education in ber of competitors and it will put an end
schools, army service, and dedicated col- to the exorbitant and unfair pricing many
lages. Hopefully, we will see additional of the leading IT Security companies char-
Israeli vendors take their place as world ge.
leaders, such as Check Point, CyberArk,
etc.
www.hakin9.org www.eforensicsmag.com
- 119 -
T HE INDUSTRY
What do you think will change in the cyber
security market in your country?
Mayur Agnihotri, India: Yes, one of the Anthony Di Bello, Guidance Software, US:
biggest changes because of Prime Mini- Tough one to answer, depends on what
ster’s vision for India to take leadership in the next high-profile breaches have to
this critical and emerging space. Indian offer.
digital security market to grow at 8.3% to
$1.1 bn in 2015, says Gartner, Indian IT
security market reaches 1.2 billion next
year I expect. Main components contribu- Wade Lovell, Simpatic, US: In the United
ting to the growth of the Indian cyber se- States, there is a decent chance the fede-
curity market include: increased penetra- ral government will weaken encryption,
tion testing of IT services in the telecom, leaving a broader attack surface.
banking and insurance industries; the vul-
nerability of Indian IT infrastructure to
hackers; National Association of Software
and Services Companies (NASSCOM) and Roberto Langdon, Nicolas Orlandini,
Data Security Council of India launch the KPMG, Argentina: Checking really quickly
NASSCOM Cyber Security Task Force that the site http://map.norsecorp.com/ and
aims to build India as a global hub for pro- then you can see the online status of cy-
viding cyber security solutions, developing ber-attacks around the globe in real time.
cyber security R&D. What are we waiting to put our hands on
to just leave to be an observer, and be a
protagonist?
www.hakin9.org www.eforensicsmag.com
- 120 -
W HO IS
WHO
www.hakin9.org www.eforensicsmag.com
- 121 -
C YBER SECURITY
AWARENESS
Will the cyber community influence the level
of cyber security awareness?
Chase Cunningham, Cynja: How can we work towards improving cyber security awareness in 2016? Cyber-
space isn’t the Magic Kingdom. It’s the Wild West—only worse, as it’s a place where it’s really difficult to
observe people as they make choices and experience the consequences. So corporate social responsibility
programs try to drive a consciousness-raising dialogue among young people to fill the void. Sadly, what
they deliver is often hopelessly lame and condescending. They miss that creating cybersecurity awareness,
especially among kids, takes serious effort—and that in the case of our digital lives today, one that has to
be backed by the creative vision necessary to set out and define this new frontier. This is something new—
something we never experienced before.
Instead, many large companies who have the revenues to do this simply don’t. They justify their limited
efforts by claiming to only have a “limited budget” for guiding kids on how to protect their future. Some
corporations just want to tick a box to show that they are “helping the children” and move on. And so kids
are shown silly dogs, flying saucers, or the occasional cyber kitty—accompanied by bullet point guidance
more suitable for corporate PowerPoint presentations. Seriously, how are we as an industry going to inspi-
re kids to want to make smart choices online with PowerPoint and clip art?
Our kids and our children’s children are going to be the ones who will see new technologies and methods
of compromise we haven’t even considered. As an industry, we must take this responsibility seriously ra-
ther than treat it like an optional line item to be squeezed by our finance departments. We need to educa-
te and train kids to be cyber smart and involve more kids in our industry. Today, too many companies focus
on the now, rather than the later. That behavior simply means our industry is shorting an entire generation
of children’s digital future. It’s very sad to watch.
Mark Bennet, Blustor: The cyber commu- Ondrej Krehel, LIFARS: Lawmakers and
nity can have a tremendous influence on corporations are the big movers. Money
public awareness by evangelizing and makes people do things.
working with the media to bring serious
issues to surface. This requires a level and
style of communication that “mere mor-
tals” can understand and using examples Elizabeth Houser, Praesidio: Yes, but in a
that clearly show the potential consequ- reactive manner. The level of cybersecuri-
ences. As a community, we need to enco- ty awareness is most greatly influenced by
urage and support cyber security experts the publicizing of breaches and litigious
to share their stories, concerns, and po- actions that follow.
tential solutions with the rest of the
world.
www.hakin9.org www.eforensicsmag.com
- 122 -
C YBER SECURITY
AWARENESS
Will the cyber community influence the level
of cyber security awareness?
www.hakin9.org www.eforensicsmag.com
- 123 -
C YBER SECURITY
AWARENESS
Will the cyber community influence the level
of cyber security awareness?
www.hakin9.org www.eforensicsmag.com
- 124 -
C YBER SECURITY
AWARENESS
How can we work towards improving
cyber security awareness in 2016?
Michael A. Goedeker, Auxilium Cyber Se- Dennis Chow, Millar, Inc: Add gamifica-
curity: Talk, present at Bsides and other tion theory to the community which will
security conventions, boycott the selling encourage active participation in impro-
of speaker slots (for money) by sales com- ving security awareness as a whole.
panies.
www.hakin9.org www.eforensicsmag.com
- 125 -
C YBER SECURITY
AWARENESS
How can we work towards improving
cyber security awareness in 2016?
Mayur Agnihotri: Some points which are Ondrej Krehel, LIFARS: Make it law to
first clear for audience and trainers are: have cybersecurity guards just as they
Don’t confuse cyber awareness programs have regular security guards.
with security training; • Include posters,
newsletters, email tips, blogs and remin-
ders; • Cyber security awareness im-
proves by changing culture (changing be- Wade Lovell, Simpatic: Launch meaningful
haviors {Relate cyber awareness to perso- social media campaigns with star collabo-
nal life, family, home and corporate }) • rators. • Buy a Guy Fawkes mask and help
Creating a Culture of Cybersecurity at take down ISIS or contribute to Anonymo-
Work / organization • Cyber security us in other ways.
events must be started at small and me-
dium size companies, schools, colleges
and society.
Paul Hoffman, Logical Operations: Just
keep the message out there. The hackers
are helping by creating News.
Kenneth C. Citarella, Guidepost Solutions:
Government leaders at all levels must en-
gage in a protracted and serious discus-
sion of issues about cyber security. Some Gerald Peng, Mocato: I believe that too
have begun that effort, but it must be mo- often, awareness happens when there is a
re widespread and focused on specific cyber disaster like Target or Ashley Madi-
efforts to be undertaken by government, son. Part of the problem is the highly spe-
business and private individuals. cialised nature of cyber security. I believe
that to keep cyber security top of mind,
the discussion has to become proactive
and accessible by non-industry people.
Julie Herold, Kenny Herold, Odin’s Eye:
Continue to have breaches, spamming
initiatives, malware campaigns whether
targeted or not, successful take downs for Rajeev Chauhan: The weakest link in the
illegal activities, and other information chain of cybersecurity is the lack of awa-
regarding cybercrime activity and reduc- reness amongst the users at all levels,
tion being advertised for the sake of awa- starting from home users to corporate
reness. If non-IT savvy end users do not users. Concentrated efforts to create awa-
have a direct impact to them personally, reness has to be undertaken by schools,
we will not see improvement. colleges, communities and corporates.
www.hakin9.org www.eforensicsmag.com
- 126 -
C YBER SECURITY
AWARENESS
How can we work towards improving
cyber security awareness in 2016?
BroadTech Security Team: Making cyber David Clarke, VCiso: Security should be at
security mandatory in curriculum. • Short board level, and legislated for.
interesting articles in print and visual/
cyber media, etc., are what our organiza-
tion does in collaborating with the state
police. • Conduct workshops. Andrew Bagrin, My Digital Shield: We ne-
ed to separate myth and reality. The rea-
son awareness is taken with a grain of salt
is because something is always trying to
Nick Prescot, ZeroDayLab: There won't be be sold.
a magic wand to deliver, it's an education
strategy.
www.hakin9.org www.eforensicsmag.com
- 127 -
C YBER SECURITY
AWARENESS
What obstacle in awareness will remain unsolved?
Mark Bennet, Blustor: Many cyber securi- Leon Kuperman, Zenedge: The fundamen-
ty risks are shrouded in complexity that is tal miscommunication and misunderstan-
difficult for the general public to fully ding of how technology works and what is
grasp. The cyber security community and vulnerable.
the media need to work closely together
to simplify and distill these risks into eve-
ryday terms that the public and our legi-
slatures can better understand. Wade Johansen, CouriTech LLC: The reali-
zation of what firewalls and cryptography
can really do for protection, and the im-
portance of retaining offline backups.
Michael A. Goedeker, Auxilium Cyber Se-
curity: That people listen and change
their habits. This can only be done by
experiencing the pain of breaches (or so it Dennis Chow, Millar, Inc: Resources, not
seems). enough time and or money for polished
programs at all the various entities from
small to large.
www.hakin9.org www.eforensicsmag.com
- 128 -
C YBER SECURITY
AWARENESS
What obstacle in awareness will remain unsolved?
Ondrej Krehel, LIFARS: Having a security BroadTech Security Team: Rapport. Peo-
professional and not just “security aware” ple don’t understand the InfoSec langua-
staff. ges and jargon. So things have to be sim-
plified while spreading awareness.
Wade Lovell, Simpatic: Inertia. It is a po- Andrew Bagrin, My Digital Shield: The
werful force. “The vis insita, or innate for- trust, because cybersecurity is a complex
ce of matter, is a power of resisting by thing to understand and trust someone
which every body, as much as in it lies, about.
endeavours to preserve its present state,
whether it be of rest or of moving uni-
formly forward in a straight line.” Isaac
Newton.
www.hakin9.org www.eforensicsmag.com
- 129 -
C YBER SECURITY
AWARENESS
What role will awareness play in corporate cyber security?
www.hakin9.org www.eforensicsmag.com
- 130 -
C YBER SECURITY
AWARENESS
What role will awareness play in corporate cyber security?
www.hakin9.org www.eforensicsmag.com
- 131 -
W HO IS
WHO
Nicolas Orlandini Gerald Peng
KMPG Mocato, Founder
Director Forensic Services
Francisco Amato
Infobyte, CEO
He is a researcher and computer security consultant who works in the area of vulnerability Deve-
lopment, blackbox testing and reverse engineering. He is CEO of Infobyte Security Research
(Infobyte LLC) www.infobytesec.com, from where he published his developments in audit tools
and vulnerabilities in products from companies like Novell, IBM, Sun Microsystems, Apple, Micro-
soft. His last work was evilgrade a modular framework that allows the user to take advantage of
an upgrade process from different applications, compromising the system by injecting custom
payloads. Founder and organizer of ekoparty south america security conference.
www.hakin9.org www.eforensicsmag.com
- 132 -
M ISCELLANEOUS
LogRhythm’s Predictions for Cybersecurity
An uptick in all-in-one home surveillance systems. We are seeing more motion sensing/camera/
recording devices in the home that can be managed through personal devices. This type of technology will
continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.
A rise in the use of mobile wallet apps. Like having virtual money and an ID in one’s pocket, mobile wallet
apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is
directly tied to one’s mobile phone which is a critical access vector for cyber threats.
New model of what to protect. Instead of a mandate to “protect everything on the network,” IT staffs
must work more like a unit, centralizing and protecting the most critical resources. This approach moves
defense-in-depth to the most critical business components of the organization.
Identity access management: The unsung hero. Companies will be investing more money and R&D reso-
urces in behavior-based modeling, analytics and identity access management to track behaviors. More cu-
stomers are asking about it, which will motivate the rest of the industry to follow.
The next big attack target: Education. This industry has a plethora of data that cyber criminals want - cre-
dit reports, personally identifiable information (PII), donor money, tuition money. And these institutions
are not doing an adequate job of securing all their systems. Add to that the myriad “customer” – namely
professors, student, parents, administrators – and you have magnified the attack vectors exponentially.
Emergence of hacking for good. More organizations, like Anonymous, will be leaving the dark side and
hacking for the public good. They are more motivated by the notoriety and publicity on social media than
for financial gain. Teens are learning to program on their own; high schools are introducing technology and
coding to get this generation aware of and more proficient in this industry. Younger generations are finding
coding and programming cool. This is the next gen workforce that we hope will continue to want to posi-
tively impact society.
Security is in a renaissance. Security is a hot space. And the fact that CISOs are getting a seat in the Boar-
droom is another indication of the importance of this industry for all organizations, regardless of the verti-
cal market. Many companies still don’t have adequate security infrastructures, awareness or training to
defend themselves. There will also be consolidation. Companies will either “get it” or not, and govern-
ments will start ramping up regulations.
www.hakin9.org www.eforensicsmag.com
- 133 -
M ISCELLANEOUS
LogRhythm’s Predictions for Cybersecurity
Next steps for CISA, open sharing of threat intelligence. Critical infrastructure will emerge as more com-
panies in various sectors, such as energy, financial and healthcare, join in. The principle and the intention
behind the creation of a more collaborative community for the open sharing of threat intelligence is grand,
with two distinct sides of the political aisle. We will either see a big push or nothing happen at all.
Ransomware gaining ground. The ransomware-style of attack is powerful and expanding into Macs and
mobile devices, making it easier to target consumers. Criminals can gain big profit by locking down an enti-
re system; victims have no choice but to pay. Although consumers are ripe for the picking, businesses are
not immune to this approach.
Vendors need to step up – Despite the running list of breaches, many companies still do not have an
adequate security infrastructure to defend itself against cyber criminals. And we cannot rely on consumers
to know how to protect home systems. It is up to the security vendors to build better software, systems
and patching mechanisms, as well as offer training and services to protect people, companies and their as-
sets.
www.hakin9.org www.eforensicsmag.com
- 134 -
M ISCELLANEOUS
IBM’s Predictions for Cybersecurity
Bob Stasio, senior product manager for cyber threat analysis, i2 Safer Planet:
The market for behavioral analytics and threat detection offerings will continue unabated • Large financial
organizations will continue divesting themselves of managed security services to create their own fusion
centers • “Big X” consulting firms will offer their customers cyberintelligence-as-a-service consulting op-
tions • Companies and government agencies will begin using block-chain encryption to protect against
cyberthreats • Private organizations will increase their visibility into the dark web to become more proac-
tive about cyberthreats than ever before.
Todd Rosenblum, senior executive for worldwide big data, i2 Safer Planet
Auditability and managed access of US citizens’ personal data will be an increasingly important require-
ment for US national security agencies • The international community will create safe zones in Syria to
stem the mass migration to Europe, and big data analytics will play an integral role in enforcing identity
resolution and border security in those safe zones.
www.hakin9.org www.eforensicsmag.com
- 135 -
M ISCELLANEOUS
www.hakin9.org www.eforensicsmag.com
- 136 -
M ISCELLANEOUS
www.hakin9.org www.eforensicsmag.com
- 137 -
W HO IS
WHO
James Carder Greg Foss
LogRhythm LogRhythm
CISO & VP Security Operations
Team Lead
He has over 18 years of He is LogRhythm’s Security
experience working in cor- Operations Team Lead and
porate IT security and con- a senior researcher with
sulting for the Fortune 500 Labs, where he is tasked
and U.S. Government. At with leading both offensive
LogRhythm, he develops and defensive aspects of
and maintains the company’s security governance mo- corporate security. He has just under a decade of expe-
del and risk strategies, protects the confiden`tiality, in- rience in the Information Security industry with an
tegrity and availability of information assets, oversees extensive background in Security Operations, focusing
threat and vulnerability management and the Security on Penetration Testing and Web Application Security.
Operations Center. He also directs the mission and stra- Greg holds multiple industry certifications including the
tegic vision for the LogRhythm Labs machine data intel- OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among
ligence, threat research, compliance research, incident others. He has presented at national security conferen-
response, and threat intelligence teams. He holds a Ba- ces such as DerbyCon, AppSecUSA, BSidesLV, and is a
chelor of Science degree in Computer Information Sys- very active member of the Denver security community.
tems from Walden University and is a Certified Informa-
tion Systems Security Professional.
Dennis Chow
Millar Inc, Security Manager, Incident Response
He is a security practitioner that has over 10 years of combined IT and Information Security experien-
ce. Dennis currently leads Information Security efforts at Millar, Inc. as their Network Security Mana-
ger. In addition management and practitioner experience, Dennis has consulted for various clients
within Oil and Gas, Healthcare, Defense, and other critical infrastructure industries. Dennis also holds
several industry known certifications including the GCFA, GCIH, GCIA, GPPA, CISSP, E|CSA, C|EH, and
L|PT and is currently the Program Manager for a collaborative Cyber Threat Information Sharing
Grant by the Department of U.S. Health and Human Services.
www.hakin9.org www.eforensicsmag.com
- 138 -
W HO IS
WHO
Bob Stasio Andrew Borene
Senior Product Manager of Cyber Federal manager, i2 Safer Planet
Analysis at IBM i2 Safer Planet
Bob Stasio is the He brings nearly
Andrew Borene provides executive
14 years of rare expertise fighting leadership for IBM’s i2 Safer Planet
top tier malicious actors through Federal business team. He served
his work in the intelligence com-
as Associate Deputy General Coun-
munity, the U.S. Military, NSA and sel at the U.S. Department of De-
commercial sector. Bob served on fense and is a former U.S. Marine
the initial staff of US Cyber Com- Corps military intelligence offi-
mand. Serving in Iraq during “The cer. Prior to joining IBM, Mr. Bore-
Surge,” Bob’s intelligence unit
ne was a Counselor to the interna-
supported the detainment of over
tional law firm of Steptoe & John-
450 high-value targets.
son LLP. His career includes leading
corporate development at a micro-
robotics startup and U.S. intelligen-
Todd M. Rosenblum ce community program manage-
Senior executive for worldwide big ment for a publicly-held big data
data, i2 Safer Planet company. He is active within le-
ading public-private initiatives for
improved U.S. national security,
Todd M. Rosenblum joins IBM as a global leadership and technology
Senior Executive for Global Busi- growth.
ness Development. He is responsi-
ble for identifying market engage-
ment opportunities for IBM’s Safer
Planet, Enterprise Insight Analysis Shahid Shah
suite of capabilities. Todd focuses CEO, Netspective Communications
especially closely on deepening He is an award-winning Govern-
collaborative partnerships with ment 2.0, Health IT, Bio IT & digital
senior executives in the United Sta- Medical Device Inventor & CTO
tes Government, U.S. State, local with over 25 years of technology
and private sector companies, as strategy, architecture, engineering,
well as worldwide defense, intelli- entrepreneurship, speaking, and
gence and law enforcement institu- writing experience. He is the chair
tions. of the #HealthIMPACT Forum.
www.hakin9.org www.eforensicsmag.com
- 139 -
A DVICE
What advice would you give to fellow cybersecurity
professionals going into 2016?
Mark Bennet, Blustor: Cyber security pro- Rajeev Chauhan, Cyber Oxen: Be suspi-
fessionals and the industry need to chal- cious, but don’t be paranoid about securi-
lenge our current paradigms that often ty, the best approach is having preventive
involve centralizing and attempting to measures in place.
control every element of data flowing in
and out of the systems under our protec-
tion. We are in a leaky ship and bailing
the water out faster isn’t really solving the Amber Schroader, Paraben Corporation:
problem. We need to look closer at the Vigilance to where we are leaving our di-
underlying root issues, which include gital identities. We are expanding out to
things like immutable human behavior more and more layers that hold informa-
and the inherent weakness of outdated tion tied to who we are and not thinking
security mechanisms such as usernames, how to protect and secure each of those
passwords, and PINs. Until we do that, at layers. We need to focus on knowing what
best we are just keeping our heads above is where as we look at a cyber future with
water. devices tied to ourselves at every corner.
Wade Johansen, CouriTech LLC: You will Nick Prescot, ZeroDayLab: Talk security as
never be right 100% of the time, don’t let a business issue and not an IT issue. IT
it stop you from being right 1% of the ti- creates the systems that process data, the
me. Also, if you have a one-in-a-million business are the ones that process the
idea to improve something, then there data and the operations teams are the
are 8,000 other people on this planet ones that are responsible for the data.
thinking the exact same thing as you... be
the first to say it out loud.
www.hakin9.org www.eforensicsmag.com
- 140 -
A DVICE
What advice would you give to fellow cybersecurity
professionals going into 2016?
Mitchell Bezzina, Guidance Software: The Alina Stancu, Titania: Keep on top of com-
“assumption of compromise” mindset has pliance, as that will remain important in
been gaining notoriety within Security ensuring baseline security. Certification
teams, it takes the active defense appro- against governmental or business accredi-
ach where security teams consciously tations will travel down the supply chain
hunt for organization threats rather than as more suppliers demand that businesses
rely on technology to alert. The personnel present some form of security assurance
problem does not help this cause but buil- of their product and services.
ding teams from parallel skillsets is the
only way to ensure there are more securi-
ty professionals, and don’t concern your-
self with a flooded market – there will Gerald Peng, Mocato: Your role is more
never be enough skilled cybersecurity broad and important that you may imagi-
specialists. ne. Protecting the public from cyber-
attacks on their IT infrastructure and devi-
ces will help deter cybercriminals from
their spheres of activity. Our focus must
Roberto Langdon, Nicolas Orlandini, extend past our employers and clients.
KPMG: Our vision of what will be going in We must collaborate to secure our data
2016, is that there have been several ca- sovereignty, and reduce any weak points
ses where the forensic investigation hel- in our systems.
ped to discard false hypothesis, false
conclusions, and these aspects are sho-
wing the importance of this discipline to
be used strongly each time, and so on in Paul Hoffman, Logical Operations: Jump in
the future. As the forensics doctors said with both feet.
“a dead body can still tell information re-
garding to resolve a murder”, the infor-
mation technology recipients or devices
can bring more than we can imagine, in Dotan Bar Noy, Re-Sec Technologies: We
order to resolve frauds or criminal cases. live in exciting challenging times and are
receiving public attention as well as enter-
prises boards. We need to make sure the
advice and solutions we are offering are
Stephan Conradin: Learn, understand, not just adding layers of more of the sa-
have global view, learn again, understand me, but substantially improve the overall
again. enterprise security while keeping organi-
zation productivity untouched.
www.hakin9.org www.eforensicsmag.com
- 141 -
A DVICE
What advice would you give to fellow cybersecurity
professionals going into 2016?
Michael A. Goedeker, Auxilium Cyber Se- David Clarke, VCiso: Keep Going. Keep the
curity: LEARN HOW TO HACK THINGS, Be Passion.
curious, always continue to learn new
things and technology. Stay informed and
aware, assume every OS, Application and
piece of hardware can spy on you, has
weaknesses and needs to be verified. Se-
curity is a business process just as much
as it is a technological one, never EVER
forget this. Security protects IP, revenue
and the business. Be creative, think outsi-
de the box.
www.hakin9.org www.eforensicsmag.com
- 142 -
C ONTRIBUTING
COMPANIES
www.hakin9.org www.eforensicsmag.com
- 143 -
www.hakin9.org www.eforensicsmag.com
- 144 -
www.hakin9.org www.eforensicsmag.com
- 145 -
www.hakin9.org www.eforensicsmag.com
- 146 -
www.hakin9.org www.eforensicsmag.com
- 147 -