This talk was presented at OWASP London Chapter Meeting on 24th November 2016. Shane will talk about myBBC Security Council and how it demonstrates an organisational approach towards security that ensures the right decisions are made by the right people, and that developers can raise concerns knowing that they will be seen and escalated. It also frames InfoSec as an enabling force rather than a loophole. Slides can be downloaded here: https://www.owasp.org/images/5/52/OWASPLondon20161124_SecurityCouncil.pptx Speaker Bio: Shane is a Senior Software Developer at The BBC, with a keen interest in security. Prior to the BBC he worked for the travel aggregator Travelfusion, and the anti-money laundering firm Fortent (formerly Searchspace). ... https://www.youtube.com/watch?v=zEEaSCMQ6dw

This talk will discuss a forensic readiness approach to SCADA and IPCS. Through a series of case studies we will discuss forensic requirements as they relate to SCADA and IPCS. We will also define a forensic readiness model in response to these requirements. This talk was presented at OWASP London Chapter Meeting on 26th April 2018 at EY. Presentation slides can be downloaded here: https://www.owasp.org/images/e/ea/OWASPLondon-SCADA-Forensics-Prof-Andrew-Blyth-20180426-PDF.pdf Speaker Bio: Professor Andrew Blyth received his PhD in Computer Science in 1995 at Newcastle University, UK. He is currently director of the Cyber Defence Centre at the University Of South Wales. Over the past twenty years he has spent much of his time working and publishing in the area of computer forensic and Computer Network Defence. Andrew and his Information Security Research Group has delivered ground-breaking work in the area of computer network defence over the years. He has published numerous conference/journal papers in the areas of computer network defence and computer forensics, with key highlights including: a) The first forensic analysis of games consoles such as the X-Box and Play-Station, b) first forensic analysis of automobile engine management systems and c) develop and deployment of forensic capability in the automobile engine management systems and SCADA/IPCS. In addition, Professor Blyth, is also lead examiner for the GCHQ accredited Tiger Scheme. He is the author of the "Information Assurance: Surviving in the Information Environment" book that has become the cornerstone of knowledge for every Information Security professional in the past 15 years. Many well-known security professionals and cybersecurity experts across different industries worldwide, have been taught and trained under his watch over the past 20 years. (@ajcblyth) ... https://www.youtube.com/watch?v=X3DIsOFmXcE

Slides: https://onedrive.live.com/view.aspx?resid=8FA20A9A448FD03!1238&ithint=file%2cpptx&authkey=!AHIAJVhgp2O9FIQ The more we strive to connect every part the world with IT, IOT & ICS SCADA assets running on legacy and existing infrastructure with IPv6 and upcoming 5G & 6E. The risk of finding connected, insecure assets containing juicy info which can be leveraged by naughty groups rises. How easy is it to find vulnerable databases, solar panels, smart homes, washing machines, space IOT, maritime assets and critical infrastructure? Using OSINT Open source intelligence gathering, an important part of the reconnaissance phase of a application security penetration test. Learning what sources of information is available to start a penetration test is a crucial step in completing a thorough but effective exploration. Risks associated with leveraging, misusing or selling discovered material are all too real. Get your hoodie out and join us on a journey of discovery and exploitation of high profile industrial controls systems spanning land, sea, air and space using legal tools & techniques. Key takeaways include closing the gaps and securing these systems. Speaker Bio: Christina Kubecka (@SecEvangelism), Security Researcher and CEO of HypaSec. Formerly, setting up several security groups for Saudi Aramco’s affiliates after the Shamoon 1 attacks. Implementing and leading the Security Operations Centre, Network Operation Centre, Joint International Intelligence Group and EU/UK Privacy Group for Aramco Overseas Company. With 20+ years of professional experience in the field, her career includes the US Air Force, Space Command, private and public sector. GIAC GPEN certification training & teaches penetration testing on IT, IoT & ICS. Chris has been featured in the media with Viceland News’ Cyber Warfare series, Hacking the Infrastructure, CNN, Fox News, and other news outlets. Chris is currently the Executive Secretary on the board of Geeks Without Bounds, and advises and lectures as an expert for several markets and governments. See also: Chris Kubecka on Wikpedia: https://en.wikipedia.org/wiki/Chris_Kubecka This talk was presented at the OWASP London Chapter meeting on the 19th September 2019 at Goodman Masson offices in London. #OSINT ... https://www.youtube.com/watch?v=NB9G6yXdknQ

This talk was presented at OWASP London Chapter Meeting on 28-Sep-2017. The slides can be downloaded here: https://www.owasp.org/images/b/b5/OWASPLondon20170928_ContainerSecurity-BenjyPortnoy.pdfhttps://www.owasp.org/images/b/b5/OWASPLondon20170928_ContainerSecurity-BenjyPortnoy.pdf Docker containers are transforming the way applications are developed and deployed. Closely tied to DevOps and Continuous Delivery, containers introduce both risks and opportunities to security management in Web applications. This talk will introduce the basic concepts of containers and micro services, how companies use them today, and how to support this technology while elevating the security posture of your application stacks. Various OWASP tools that leverage containers will also be presented. Speaker Bio: Benjy Portnoy is a seasoned cyber security professional with over 15 years experience in consulting, designing, and implementing strategic information security projects for organizations across EMEA. He is currently the director of DevSecOps at Aqua Security, helping enterprises streamline security into their DevOps processes to secure their containerized applications. Prior to joining Aqua Security, Benjy held senior security architect roles at CA, BlueCoat, and Symantec where he worked closely with CSO’s and security operations teams focusing on vulnerability management, datacenter security, and incident response. Benjy holds both CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) certifications and is currently completing his master's degree in Information Security and Digital Forensics. ... https://www.youtube.com/watch?v=1J1qhMu-2Yg