8:00 - 8:50
9:00 - 9:10
9:10 - 9:45
Opening Keynote: Social Engineering In the Dark Future
In this talk, we will know how the social engineering will be in the future? How Phishing and Vishing will look like? How artificial intelligence will play a big role in those attacks? How to prepare ourselves as individuals and organizations to defend against those attacks?
9:45 - 10:15
Development of secure and qualitative applications delivered by improved and automated software development life cycle
Secure development process should accommodate the ground principles of information security, especially when applications are going to process and store valuable data. Deployment through automation and segregated environments is mandatory to guarantee the life cycle and a qualitative delivery.
10:15 - 10:30
10:30 - 11:00
How Machine Learning Raises The Stakes On Both Sides Of The Information Security Barrier
This talk focuses on the various ways in which ML supports both offensive and defensive information security practices – in other words, both the red and blue teams.
11:00 - 11:30
IT threats – The real vulnerabilities for ICS/DCS and SCADA systems
I will show the IT threats from the real world based on site-experiences. Current ICS/DCS and SCADA systems are very sensitive for the security. I will present real use cases how can malwares, ransomwares and other attack vectors can cause nightmare for the Operation managers. We will discuss how could we react in case of incidents even how important is the real protection.
11:30 - 12:00
Using Blockchain Technology for Energy Infrastructure while ensuring Cyber Security
The talk will outline how blockchain is used in the energy sector through the tokenization of power generation and consumption data. The talk will furthermore describe the security implications of using blockchain in this domain and introduce the general security concepts of energy grids.
12:00 - 12:30
New and emerging threats seen by SANS Internet Storm Center
In last couple of years we have witnessed some sophisticated attacks that severely impacted businesses around the world, causing millions of EUR in damage. SANS Internet Storm Center has been following and analyzing various attacks for more than 2 decades.
In this presentation Bojan Zdrnja will talk about several new emerging threats that are slowly becoming prevalent. These include domain fronting as well as modern Command & Control centers, such as Facebook accounts, which are not that widely used. Finally, we will conclude with a discussion about benefits (and problems) that are introduced by DNS-over-HTTPS (DoH), specifically from a defender’s point of view.
12:30 - 13:30
13:30 - 13:50
ICS cybersecurity - Trends & Challenges
In our connected world, new attack vectors are being discovered almost daily. Due to their nature, Industrial Controls Systems are built to last for decades, but an increasingly complex infrastructures now demands some systems be now connected either to a local network / VPN, or even worse, directly to the internet.
During our presentation we will be focusing on the current ICS threat landscape and what (we think) the future holds. We will present our vision and solutions on how you can better protect your ICS infrastructure in order to immediately react to new attacks aimed at your organization.
13:50 - 14:35
GDPR Aftermath PANEL discussion
- How effectively has GDPR been applied and do you think business still fear the consequences of not following the requirements
- What are the challenges controllers and processors face when protecting personal data and business interests? How do they find the balance?
- What are the directions for business optimizations that GDPR provides? Did the implementation of GDPR requirements help business in other aspects?
Anton Ivanov, DPO at Allianz, Bulgaria
Emilian Zlatev, DPO at Telenor, Bulgaria
Anton Todorov, DPO at UniCredit, Bulgaria
Kaloian Petrov, DPO at Postbank, Bulgaria
Luybomir Grancharov, DPO at Commission for Personal Data Protection (CPDP), Bulgaria
14:35 - 15:05
Migrating your PCI DSS infrastructure to AWS
Taking corporate security to the next level with cloud through various options and architectures. The shared responsibility and PCI DSS compliance. Practical implications of applied cloud security technologies.
15:05 - 15:35
Microsoft's Approach to secure user devices
Latest Microsoft’s operating system Windows 10 contains many security features that can help the user to protects his data. Let me show you the family of these technologies and how they can make user’s world secure.
15:35 - 15:50
15:50 - 16:20
The Road to Hell is Paved with Bad Passwords
Ever wonder what incident management is like when an embassy gets hacked, by ISIS? Come on a journey of surprisingly weak security, insider threats, a 50 million dollar extortion attempt, diplomatic immunity, city wide security lock down, all while >400 dignitary’s lives dangle in the negotiation crossfire. Join Chris, the lead investigator and resolver on a super-secret squirrel adventure against ISIS & Turkish Intel in The Hague, The Netherlands. Discussing the 2014 Saudi Arabian embassy hack. Whoever said STEM was boring made it boring! Solve the crime and save lives with key takeaways from a real life cyber terrorism investigation. No classified information will be shared, some terrorists were harmed in the making of this talk.
16:20 - 16:40
Closing Keynote: The most devastating cyber scams the FBI is fighting today
Cyber threats have quickly evolved over the past 10 years resulting in crippling attacks against small and medium sized businesses by manipulating the financial transaction system for multi-million dollar heists. This presentation will discuss the most critical defensive actions everyone must take to defend themselves against the dynamic actors behind these attacks.