Program Overview

Working draft agenda. Agenda is subject to change.

All times are UTC unless otherwise noted. Please check your local times. Training breaktimes will be up to each individual trainer.
Additional training information and technical requirements will be available to confirmed registrants prior to the event week.

•  US

  CSIRT Creation and Management

  Angel HuecaJustin NovakMark ZajicekAngel Hueca (CERT/CC, US), Justin Novak (CERT/CC, US), Mark Zajicek (CERT/CC, US), Sharon Mudd (CERT/CC, US)

  Angel L. Hueca is a Senior Cybersecurity Operations Researcher in the CERT® Coordination Center of Carnegie Mellon University’s Software Engineering Institute (SEI). He has over 20 years of combined experience in Systems Administration and Cybersecurity. Angel has worked extensively in the private and public sector implementing intrusion detection systems (IDS) and systems auditing solutions. Currently, his focus in on international CSIRT initiatives. His previous professional experience includes being the Cybersecurity Program Information Systems Security Officer (contractor) at the Consumer Financial Protection Bureau (CFPB), where he served as the bureau Cyber Policy Manager and CyberPMO Plan of Actions and Milestones (POAM) manager for the CFPB cybersecurity program. Prior to that, Angel worked at the IRS as a Senior Cybersecurity Associate (contractor) and the Pension Benefits Guaranty Corporation (PBGC) as an Information Systems Security Engineer (contractor). Additionally, Angel worked at the Independent Community Bankers of America (ICBA) and TCM Bank as the IT Operations Manager and Senior Systems Administrator, introducing formal cybersecurity practices. Angel holds a Ph.D. in Information Systems, focusing in information security and insider threat.

  Justin Novak is a Senior Security Operations Researcher at the CERT Division of the Software Engineering Institute, a Federally Funded Research and Development Center hosted at Carnegie Mellon University. At CERT, he is involved in research on the operation of CSIRTs, Sector CSIRTs, and Security Operations Centers, focusing on incident response and incident management. He is currently is the SEI lead for engagements with Foreign Military partners through the DoD’s Foreign Military Sales program. Prior to that he led the International Cybersecurity Initiatives team.
  Before working at CERT, Justin was an Intrusion Detection Analyst and Network Analyst for the Department of Defense. He also worked in state government as an advisor to senior lawmakers. Justin holds a Bachelor’s degree in Physics from the University of Pittsburgh, a Master’s degree in Security Studies from the University of Pittsburgh, and a PhD in Public Policy from George Mason University. Justin is an active member of the FIRST community, and serves on the FIRST membership committee.

  Mark Zajicek is a Member of the Technical Staff in the CERT Division at the Software Engineering Institute, located at Carnegie Mellon University (Pittsburgh, Pennsylvania, USA). Mark’s current work is focused on helping other organizations to build and assess their own computer security incident response team (CSIRT) or incident management capability. As a member of the CERT CSIRT Development and Training team, Mark is responsible for providing guidance to new and existing CSIRTs, worldwide. Mark has co-developed a variety of documents and training materials, and he is an instructor for a suite of several courses that provide training for CSIRT managers and technical staff and for organizations that are building or evaluating an insider threat program. Previously, Mark was the Daily Operations team leader for the CERT Coordination Center (CERT/CC), after having joined the CERT/CC’s incident handling staff in 1992. Prior to joining the CERT/CC, he also helped support the CERT/CC during its initial start-up in 1988.

  This workshop will provide current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle, focusing on the incident handling process and the types of tools and infrastructure needed to be effective. The course incorporates interactive instruction, exercises, and role playing.

  Day 1 Agenda

  12:00-12:45: Opening remarks, intros, workshop kickoff etc.

  12:45-13:45: CSIRT Management Issues Exercise

  13:45-14:45: IM Process – Prepare and Protect

  14:45-15:00: Break

  15:00-16:00: IM Process – Detect and Triage

  Day 2 Agenda

  12:00-12:30: IM Process – Detect and Triage (Con’t)

  12:30-13:30: Triage Exercise

  13:30-14:15: IM Process – Respond

  14:15-15:15: Coordinating Response Exercise

  15:15-15:45: Managing CSIRT Infrastructure

  15:45-16:00: Course Wrap up

  October 21, 2020 12:00-16:00, October 22, 2020 12:00-16:00

•  US

  Cyber Threat Intelligence

  Krassimir TzvetanovKrassimir Tzvetanov (Purdue University, US)

  Krassimir Tzvetanov is a graduate student at Purdue University focusing his research on Threat Intelligence, Operational Security Research, and Social Media Influence Operations, in the cyber domain. In the recent past Krassimir was a security architect at Fastly, a content delivery network (CDN) designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and investigations, threat intelligence and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and security software development best practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has a number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.

  Introduction to Cyber Threat Intelligence:

  In this class, attendees will go over the basics of Cyber Threat Intelligence. It starts with coverage of what it is — standard definitions and terminology used in the FIRST framework, as well as its applications for solving strategic, operational, and tactical problems. Exploration of Analytical Techniques and intelligence tradecraft. Specific examples being, analysis of competing hypotheses, the language of uncertainty, and mental biases. The class helps trainees distinguish the difference between raw intelligence, data feeds, and intelligence product and how each of them plays a role in the detection and response to hostile activity. Moreover, how to set a more beneficial threat posture, as well as what type of intelligence informs specific components of the business and technical process. The material also disambiguated the relationship between intelligence, forensics analysis, and evidence. The class also covers community issues, such as the benefits of sharing information, the economy of scale, and the potential tradeoff of sharing information. Among topics covered are collection techniques and methods, technical, open, closed, including specific sources and technologies assisting the process, such as passive DNS, sandboxing, malware analysis, forensic investigation, and visualization. The class intends to provide a foundational level of training which will allow the trainees to enter the field.

  DDoS Mitigation Fundamentals:

  In this class, attendees will go over the basics of Denial of Service. It starts with coverage of the different parts of the stack that can be attacked and transitions into a discussion about the currently popular types of DDoS: reflection attacks, SYN flood, Sloworis, etc. While it covers different attack types, it supplements the attack descriptions with detailed technical explanation of the specific operating system components like sockets, buffers, etc. The class is interlaced with a number of exercises allowing the attendees to manually configure different mitigations. In general the workshop focuses on the technologies and not on particular vendor implementation. The test platform is vendor agnostic and uses a Linux VM to illustrate the attacks and mitigations.

  October 22, 2020 12:00-16:00

•  NL

  How to Understand CSIRT Maturity Using the SIM3 Maturity Model, How to Measure It, and How to Use This to Help Improve Your Team - Day 1 of 2

  Don StikvoortDon Stikvoort (NL)

  In 1988 Don joined the Dutch national research network SURFnet, after studying physics and 2 years in the army. Don was among the pioneers who created the European Internet starting in 1989. He recognized “security” as a concern in 1991, chaired SURFcert between 1992-8, and was the founding father of NCSC-NL, the Dutch national team, and of the European TF-CSIRT community. Don became a member of FIRST in 1992 and has been very active during his membership from chairing the FIRST conference in Australia in 1999, co-chair of the Traffic Light Protocol working group and participating in CSIRT, Metrics and Ethics working groups. In 1998 he co-wrote the ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’. Don continues to support the global cyber security community through S-CURE the company he founded in 1998. Don created the SIM3 maturity model for CSIRTs, is a sought-after keynote speaker and also finds the time to do executive coaching and psycho therapy with a limited set of clients.

  Have you any idea of the maturity of your CSIRT? And is that just gut feeling, or can you classify and measure it? This short talk is about the SIM3 maturity model for CSIRTs, which is used all over the world. We explain what it is and how it's being used. And also how you can use it to measure the maturity of your team - and use that as a tool for improving your team. Making it more mature. And in the end, more effective, flexible and trusted.

  October 21, 2020 12:00-13:45

•  NL

  How to Understand CSIRT Maturity Using the SIM3 Maturity Model, How to Measure It, and How to Use This to Help Improve Your Team - Day 2 of 2

  Don StikvoortDon Stikvoort (NL)

  In 1988 Don joined the Dutch national research network SURFnet, after studying physics and 2 years in the army. Don was among the pioneers who created the European Internet starting in 1989. He recognized “security” as a concern in 1991, chaired SURFcert between 1992-8, and was the founding father of NCSC-NL, the Dutch national team, and of the European TF-CSIRT community. Don became a member of FIRST in 1992 and has been very active during his membership from chairing the FIRST conference in Australia in 1999, co-chair of the Traffic Light Protocol working group and participating in CSIRT, Metrics and Ethics working groups. In 1998 he co-wrote the ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’. Don continues to support the global cyber security community through S-CURE the company he founded in 1998. Don created the SIM3 maturity model for CSIRTs, is a sought-after keynote speaker and also finds the time to do executive coaching and psycho therapy with a limited set of clients.

  Have you any idea of the maturity of your CSIRT? And is that just gut feeling, or can you classify and measure it? This short talk is about the SIM3 maturity model for CSIRTs, which is used all over the world. We explain what it is and how it's being used. And also how you can use it to measure the maturity of your team - and use that as a tool for improving your team. Making it more mature. And in the end, more effective, flexible and trusted.

  October 22, 2020 12:00-13:45

•  EE

  Incident Response C-101: Challenges and Shifting Priorities in Incident Response During COVID-19

  Sille LaksSille Laks (Cyber4Dev, EE)

  Having spent most of last decade working on the defensive side, responding to cyber incidents and organizing awareness raising campaigns at national CERT team and preventing online fraudsters stealing corporate and customers’ money in private sector, Sille is now working in an Estonian company Clarified Security that is focused on the offensive side of security. In her daily job she is responsible for organizing cyber exercises, operational side of incident response, and awareness raising lectures. She is quite often also doing awaraness raising training for the voluntary members of Estonian Defence League and it’s subunits being a member of the organization herself for soon 20 years. Sille holds an MSc degree in Cybersecurity and a BA degree in Business and Public Management and is a guest lecturer of Foundations of Cyber Security in Tallinn Technical University.

  Many organizations have been struggling very hard when it comes to incident response decades before C19 already. The amount of data collected is growing each year and more data and tools also means more security alerts to analyze. And this was already an issue before all employees moved to home offices and turned to online solutions to replace their physical contacts and activities and are now spread across the city (or even a country) and you can’t physically go and unplug the machine any longer when there is a threat of losing acess to business critical systems. Or when you are even unable to triage the incident in real time because the user is currently in the middle of their kid’s violin lesson? And who can guarantee that the user’s home network or personal computer (which they are now allowed to use as the company does not have the budget for corporate laptops or VPN solutions) is not compromised and someone is not following every move they make online?

  October 21, 2020 14:00-16:00

  Sille-Presentation-materials.pdf

  MD5: 7943870f08ac6bcce9a1b1bb54725100

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 2.91 Mb

•  CA US GB

  Keynote Panel Discussion: Global Trends

  Adiel AkloganCarlos AlvarezCraig JonesFolake OlagunjuAdiel Aklogan (ICANN, CA), Carlos Alvarez (ICANN, US), Craig Jones (INTERPOL, GB), Folake Olagunju (ECOWAS)

  Adiel A. Akplogan is Vice-President for Technical engagement at ICANN. With more than 25 years experience in the Internet industry, Adiel has previously worked as CEO of AFRINIC (The African Network Information Centre – 2004-2015), IT Director for Symbol Technology/Motorola in France (2001-2003) and Director of New Technology at CAFÉ Informatique in Togo (1994-2000). Recognized as one of the Internet Technology pioneers in Africa, he has contributed to technical capacity building and actual deployment of some of the first private ISPs in West Africa from 1996-2000. During his career, Adiel has served on Boards and Advisory Committees of several global & international organizations such as the UN Internet Governance Forum Multistakeholder Advisory Group (IGF-MAG from 2006-2009), the Technical Advisory Committee of the United Nation Economic Commission for Africa (ATAC/UNECA from 2005-2006), the Executive Council of the Number Resource Organization (NRO – 2005-2015 as Chair, Secretary and Treasurer), the ICANN's Strategic Panel on its role in the Internet Governance ecosystem, the Africa Union's AXIS program Steering Committee (2012-2015), the Africa Network Operators Group and the Africa Internet Summit's Administration and Program committee (AFNOG/AIS – 2000-2015) and the OIF (Organisation International de la Francophonie) Expert Group on Internet Governance (since 1999). With a strong passion for the Internet technology and its impact on human development, he has also actively contributed to the setup of several technical coordination bodies in Africa such as the African Network Operators Group (AfNOG), The Africa Network Information Centre (AFRINIC) which he has lead for the past 10 years, the African ccTLD Managers Association (AfTLD), AfricaCERT, Africa Internet Summit (AIS), etc. Public speaker, he has written and contributed to several papers and articles on the Internet infrastructure and its governance. Adiel Akplogan is an Electrical Engineer and holds a Masters in E-Business and New Technology Management from Paris Graduate School of Management. He leaves and works from Montreal (Canada). He was Inducted by Internet Society (ISOC) in the 2019 class of Internet Hall of Fame.

  Carlos’s work is currently focused on helping the Internet community address abuse of Domain Name System resources, by: -- Providing subject matter expertise on contractual and policy matters with potential anti-abuse and consumer protection implications. -- Trust-based collaboration with worldwide cyber law enforcement and the operational security community. -- Capability building, via training law enforcement and other constituents involved in the operation or the security of the Internet identifiers. He served in the past in ICANN's Contractual Compliance Team where he managed the team responsible for processing all registrar-related complaints worldwide. He also provided key subject matter expert advice and guidance to ICANN's Contractual Compliance Audit Program and to the gTLD registry-related work of the Compliance Team. Prior to joining ICANN, Carlos participated in the International Attorneys Program at Holland & Knight in Miami and served as the head of the Legal & Business Affairs Division at Sony Music for Colombia, Ecuador, Venezuela and Peru. While in this position he was a member of the Andean legal committee of the IFPI (International Federation of the Phonographic Industry). He was a pioneer in Latin America in matters related to software anti-piracy, information security from a legal perspective and cyber crime, initially through his work with the local law firm of the Business Software Alliance in Colombia since 1998. His articles on piracy and terrorism, cyber crime, botnets, digital evidence, criminal aspects related to the use of honeypots, legal aspects of information security standards, the Budapest Convention, and other related matters have been published in Colombia, Venezuela, Argentina, Mexico and Spain. He taught computer law, legal aspects of information security and intellectual property in two universities in Bogota and has lectured before many different audiences in the Americas, Europe and Asia, from students to c-level executives, as well as government representatives, regulators, law enforcement, and military and intelligence personnel. He maintains working relationships with law enforcement cyber units from different countries and while still living in Bogota was a member of the local Electronic Commerce Subcommittee of the International Chamber of Commerce. Carlos is a former co-chair of the Messaging, Malware and Mobile Anti Abuse Working Group (M3AAWG)'s Anti-Phishing Special Interest Group and is a co-chair of M3AAWG's DNS Abuse Special Interest Group. Carlos is an attorney graduated from the Universidad de los Andes in Bogota. He holds a Master of Laws degree from the University of Southern California Gould School of Law, and has studies on networking with TCP/IP from UCLA.

  Craig Jones, INTERPOL Cybercrime Director Originally from New Zealand, Craig Jones leads INTERPOL’s Global Cybercrime Programme. The objectives of this Programme are to reduce the global impact of cybercrime and protect communities for a safer world. Under this mandate, he focuses on operational delivery, cyber threat response and capabilities development in support of 194 INTERPOL member countries. With over 27 years of law enforcement experience, he is an expert in the area of cyber/digital crime investigations and capabilities development. Previously, he held several senior management positions in the UK law enforcement, most recently at the National Crime Agency in the UK. In this capacity, he coordinated UK’s law enforcement response to the National Cyber Security Programme, which underpinned the UK’s National Cyber Security Strategy. He has successfully delivered multi-million Euro projects, designed to increase cyber capabilities and capacity at regional, national and international levels. He also worked on the international capacity framework project, representing the UK and now INTERPOL, at the Global Forum for Cyber Expertise working groups and forums. He is recognized as a strategic leader, and identifies and assists in shaping policies that deliver outcomes and results against international and national cyber strategies. He also anticipates and predicts the long-term impact of national and international developments including economic, political, environmental, social and technological aspects specific to the cyber threat.

  Folake Olagunju is the Program Officer Internet and Cybersecurity at the Economic Community of West African States (ECOWAS) Commission. She is currently working on implementing the cybersecurity agenda to facilitate initiatives that will assist the ECOWAS region protect their cyberspace, critical information infrastructure and build confidence in the use of ICTs. Prior to her current role, she worked on various IT related activities including policy and infrastructure initiatives in West Africa. Folake is also co-Chair of the GFCE Advisory Board.

  Cybersecurity and cybercrime issues are becoming a day-to-day struggle for the whole world including Africa. Recent trends and cybersecurity statistics reveal a huge increase in in the number of incidents of different kind. Cybercrime is on the rise. Additionally, recent security research suggests that most organizations have a poor cybersecurity practices in place, making them vulnerable to data loss. To successfully fight against malicious intent, it’s imperative that companies make cybersecurity awareness, prevention and security best practices a part of their culture. This session is focused to give you a better idea of the current state of overall security and the global trends.

  The discussion will help to paint a picture of how potentially dire leaving the organization insecure can be as well as show the prevalence and need for cybersecurity.

  Carlos and Adiel will provide a brief update on ICANN‘s activities in the areas of Security, Stability and Resiliency, and engagement with the public safety and cyber security communities worldwide, including obviously FIRST.

  October 23, 2020 12:00-12:35

•  CH

  Opening Ceremony & Keynote Presentation

  Moctar YedalySerge DrozMoctar Yedaly (Head of Information Society Division, African Union Commission), Serge Droz (Chairman, FIRST, CH)

  Moctar Yedaly is a Telecom and Computers Engineer with an MBA in international Business. He is graduated from George Washington University, Amity University and Institute of Informatics. He has more than 20 years of International experience in the field communication and Networks management, resources evaluation and policy preparation. After many years in Telecom industry in the USA and in Africa, Moctar is, since 2011, in charge of the Information Society within the African Union Commission – an Intergovernmental organization with HQ in Addis Ababa, Ethiopia. In this capacity, he has contributed to and managed many programs in theAfrican continent among which the Program for Infrastructure development in Africa (PIDA), Dot Africa Domain Name, the African Internet Exchange Systems (AXIS) and the AU Convention on Cybersecurity.

  Serge Droz is a senior IT-Security expert and seasoned incident responder working at Proton Technologies. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada, among others as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at the national CERT in Switzerland for more than 15 years. Serge is the chair of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response and a Senior Advisor to the Swiss based ICT4Peace foundation. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

  October 23, 2020 11:30-12:00

•  FR TN ZA CI

  Panel Discussion: Challenges and Lessons Learned

  Danny AfahounkoFethi ManaaHaythem El MirRoderick MooiSorene AssefaVladimir AmanDanny Afahounko (AfricaCERT, FR), Fethi Manaa (Tunisian Financial CERT, TN), Haythem El Mir (CSIRT.tn Keystone, TN), Roderick Mooi (SANReN, ZA), Sorene Assefa (Cyber Czar , ZA), Vladimir Aman (CI-CERT, CI)

  My name is AMAN VLADIMIR, Head of CI CERT. I have nearly 10 years of professional experience in the field of cyber security in Côte d’Ivoire. In addition to the technical background acquired during the years spent as a cybersecurity analyst at CI-CERT and the Platform for Combating Cybercrime (Police Scientifique), in recent years I have specialized in information security management with international certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27001 7001 Lead Cybersecurity Manager, etc. Je suis AMAN VLADIMIR, Chef du CI-CERT. J’ai une expérience professionnelle de près de 10 années dans le domaine de la cybersécurité en Côte d’Ivoire. En plus du background technique acquis au cours des années passées en qualité d’analyste de cybersécurité au CI-CERT et de la Plateforme de Lutte contre la Cybercriminalité (Police Scientifique), je suis spécialisé dans la management de la sécurité de l’information avec des certifications internationales telles que ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27001 Lead Cybersecurity Manager, etc.

  Danny Afahounko is an Open-Source advocate and IT passionate. He has over 15 years of experience in the IT industry. He has been part of the most influential companies in IT, namely AFRINIC as System Engineer and the world market leader in Open-Source Red Hat France as Cloud Architect. A disruptor by nature, Danny’s ideology is to change the way IT is perceived. His mission is to breakdown the complexity of IT and makes it accessible for everyone in Africa through education. He is actively engaged in training and capacity building and leads the Network Management track at AFNOG. Danny has been volunteering at AfricaCERT to automate open source tooling for incident response teams. Danny is CEO and Founder of Cloud-Inspire. If you are an IT enthusiast and eager to learn more about Infra as Code and Cloud as a service, this is where you can reach out to him.

  Fethi Manai is head of digital and cybersecurity division in the Tunisian Association of banks and financial institutions. He is involved in transformation and innovation projects within the financial sector, notably related to cybersecurity and the fight against payment fraud. Fethi has 18 years of experience in financial services. He has experience in clearing, electronic payment and mobile payment and cybersecurity. He is the head of the Tunisian Financial CERT. Fethi holds a professional master's degree in Cyber Security and a master's degree in Computer Science, he’s also certified ISO 27005.

  Haythem El Mir is a cybersecurity expert with more than 18 years. Currently, Mr. EL MIR is the CEO of Keystone, a cybersecurity consulting company working on MEA region, and manager CSIRT.tn. With Keystone, Haythem is helping governments, critical sectors and big companies to develop their cyberdefense program and cybersecurity strategies. As a specialist in critical information infrastructure protection (Banking, Telecom, Government, Industry), Mr. EL MIR has participated in numerous cyber security projects in the Africa and Middle East region. In this context, it has set up three R&D units around SCADA security, IoT and security data analysis based on Big Data and Machine Learning. Mr. EL MIR has been involved in consulting projects in Africa region by setting up national CERTs, SOCs and developing national and sectorial cybersecurity strategies. Mr. EL MIR is one of the founders of ANSI and the Tunisian national CERT since 2002, having developed several strategic projects for the Tunisian government as technical director of ANSI.

  Roderick Mooi currently heads up the South African National Research Network (SANReN)’s Cybersecurity and Computer Security Incident Response Team (CSIRT) efforts. He has been part of the team since 2011, evolving from a network design and engineering role to a focus on advanced services development and information security, leading the CSIRT through TI accreditation (2018) and FIRST membership (2020). Roderick is an engineer by heart who enjoys new challenges and opportunities to make a difference. He can be found at https://www.linkedin.com/in/roderick-mooi

  Founder and Managing Director at Cyber Czar (Pty) Ltd., Sorene, founded Cyber Czar - “igniting a culture of cybersecurity in South Africa”, with the sole aim of protecting the most vulnerable against Cybercrime; and advocating for women’s equal opportunity in the Cybersecurity eco-system by inspiring girls to pursue studies and career in Cybersecurity. Sorene is passionate and resolute about inspiring and empowering young African women to play a critical role in the area of Cybersecurity. Moreover, she is immensely passionate about contributing to Africa’s present and future standing in Cybersecurity, Privacy, and Governance issues. As a Cybersecurity specialist, Sorene believes in a multi-stakeholder approach to address Cybersecurity challenges. Levering her experience, Sorene has forged a strong partnership with the National Cybersecurity Alliance (NCSA), which is the public-private partnership working with the Department of Homeland Security (DHS), NGOs, and others. Cyber Czar is also a STOP. THINK. CONNECT™ partner, and National Cybersecurity Awareness Month (NCAM) Cyber Aware Champion, and Privacy Aware Champion. Sorene has far-reaching experience of working in a multi-stakeholder environment. During her tenure with the International Telecommunication Union (ITU) HQs, in Geneva, Switzerland, she served as an Information Systems Officer and later as Technology Analyst for the Office of the Secretary-General and dealt with issues on emerging trends, Internet Governance, and the overall implementation of ITU's Cybersecurity mandate. One of her main responsibilities was to serve as a team leader and focal point for the ITU-International Multilateral Partnership against Cyber Threats (IMPACT) Alliance, which is believed to be the first truly global, multi-stakeholder and public-private alliance against Cyber threats. A substantial part of her work focused on assisting UN Agencies and the Member States - mainly developing countries - to build their Cybersecurity capabilities such as Computer Emergency Response Teams (CERTs). Sorene holds a postgraduate degree (MSc) in Computer Science from the University of Johannesburg, South Africa. She is also a Certified Information Systems Security Professional (CISSP®), PRINCE2® Practitioner, ITIL ®, COBIT® 5, ISO/IEC 27001 amongst other certifications within the area of Internet Governance and Cybersecurity.

  October 23, 2020 13:20-14:05

•  ZM BJ JP FR TN

  Panel Discussion: Crisis Management During COVID-19

  Choolwe NalubambaGuéric GonçalvesJean-Robert Hountomey (Moderator)Koichiro "Sparky" KomiyamaLouis RouxelSMII MondherChoolwe Nalubamba (SCADA, ZM), Guéric Gonçalves (ANSSI, BJ), Jean-Robert Hountomey (Moderator) (AfricaCERT), Koichiro "Sparky" Komiyama (JPCERT/CC, JP), Louis Rouxel (CERT France, FR), SMII Mondher (TunCERT, TN)

  Choolwe Nalubamba is currently the Head of Telecommunications, SCADA, and Information Systems at one of the Power Companies in Zambia called Copperbelt Energy Corporation PLC. He has over 20 years of multi-disciplinary experience in the ICT industry (with a strong bias to Cybersecurity). He has consulted and or spoken at Cybersecurity workshops organised by COMESA, the International Telecommunications Union (ITU), African Top Level Domain (AfTLD), Forum for Incident Responders and Security Teams (FIRST), and the African Union. While working for the Government of Zambia; he spearheaded the implementation of the Zambia Computer Incident Response Team (ZmCIRT) in 2012; facilitated the implementation of a Computer Forensic Lab at the Zambia Police Headquarters in June 2014; and was strategic in the organization of the first-ever African Cyber drill that was held in Livingstone-Zambia in 2014. He has also facilitated many cybersecurity related training programs primarily for Law Enforcement Agencies in Zambia. He holds an MSc in Operational Communications from Coventry University (UK), a Bachelor's of Engineering degree in Electronics and Telecommunications from the University of Zambia, and several professional cybersecurity certifications.

  Guéric Gonçalves is a Senior Analyst at bjCSIRT under the National Information Systems’ Security Agency of Benin (ANSSI: Agence Nationale de la Sécurité des Systèmes d'Information). Prior to joining bjCSIRT, he was a Cybersecurity Expert Consultant working in France and the West African region. The earlier part of the last decade, before getting in the cybersecurity field, he worked as Network Engineer at a major Internet Service Provider in Benin. Guéric earned a Master of Science degree in Network Computing and a Bachelor of Science degree in Information Technology both from Coventry University, United Kingdom. He also holds a Certified Title as a Cyber Security Expert Consultant (RNCP Niv 1/CEC Niv 7) from M2i Paris, France.

  A researcher at heart, Jean-Robert Hountomey's research focuses on law, technology, and Internet governance issues. An Internet pioneer in West Africa, he is also a founding member of the Africa Forum of computer security and incident response team (AfricaCERT) and the African Anti Abuse Working Group. He has worked with government officials, industry, and academia on Internet policy issues, capacity building, information security, product security, secure software development life cycle, and privacy risk management for two decades. He has contributed to the PSIRT and the Multi-Vendor Coordination frameworks from the Forum of Incident Security Response Teams (FIRST), the CVE outreach and Communications Working Group (OCWG), the African Union Cybersecurity Expert Group, the Interpol Africa Working Group, the UN open-Ended Working Group (OEWG), ICANN, ISOC, AfriNIC, AfNOG, AfrISPA

  Koichiro Sparky Komiyama is the Director of the Global Coordination Division at JPCERT/CC, the Japanese Computer Emergency Response Team. His current focus are norms in cyberspace, confidence building and capacity building in developing countries. He has worked as a security analyst and led the gathering of security information and publishing multiple security alerts and advisories at JPCERT/CC. Prior to joining JPCERT/CC, he worked as a systems engineer for Internet Security Systems (IBM ISS), where he was in charge of enterprise IDS/IPS system operations. In 2014-2018, he served as a member of the Board of Directors of FIRST, the global Forum for Incident Response and Security Teams. From 2017, he also works for the Global Commission on the Stability of Cyberspace, a multi-stakeholder forum aims to propose norms and policies to enhance international security and stability. He holds a Ph.D. in Media ang Governance from Keio University.

  Louis Rouxel is in charge of Internal Cooperations for CERT-FR at ANSSI, the French national cybersecurity agency. Louis was previously chairman of Signal Spam, the national email abuse reporting platform in France. He has 20 years of experience in the IT industry, as former co-founder and CTO of Splio, a SaaS software editor.

  I am SMII Mondher, a Cyber Security Analyst, at the National Agency for Computer Security NACS / Tunisian CERT, with expertise in threat analysis and intrusion detection systems. Performed dynamic analysis of malware and its delivery mechanism (malicious documents e.g. pdf, doc, etc.). Utilized custom sandbox environments such as Joe Sandbox, ANY.RUN and Hybrid Analysis to isolate malware and identifying malware C2 communication channels. Used MISP (Malware information sharing platform) to track, correlate and share the collected IOC's. I am in charge of Information Sharing and Analysis Center ISAC. I hold a professional master’s degree in Cyber Security and I am also certified ISO 27001 and ISO 22301.

  October 23, 2020 15:05-15:50

  SMII-Mondher-presentaion-tunCERT_FIRST-AfricaCERT-Symposium.pdf

  MD5: 72f457e06a9115b26f2aff19ae44b5b2

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 3.02 Mb

•  AU US GB CH

  Panel Discussion: Cyber Diplomacy and the Role of the CSIRT

  Adli Wahid (Moderator)Kathryn FitrellKathryn JonesMaarten Van HorenbeeckSerge DrozDr. Sherif HashemAdli Wahid (Moderator) (APNIC, AU), Kathryn Fitrell (U.S. State Department, US), Kathryn Jones (UK Foreign and Commonwealth Office, GB), Maarten Van Horenbeeck (FIRST, US), Serge Droz (FIRST, CH), Dr. Sherif Hashem (FIRST, US)

  At the U.S. State Department, Kathryn Fitrell is a Senior Policy Advisor in the Office of the Coordinator for Cyber Issues which promotes an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation. In her current role, Kathryn manages outreach with the U.S. cyber stakeholder community, as well as with U.S. diplomats overseas. She has been an officer in the U.S. Foreign Service for nearly 20 years, and lived in Denmark, Ghana, Zambia, Guatemala, Portugal, Mauritius, and Ethiopia.

  Kathryn Jones is Head of International Cyber Governance at the UK Foreign, Commonwealth and Development Office, Cyber Policy Department.
  Her role sees her leading delegations to the UN Open Ended Working Group on Developments in the field of information and telecommunications in the context of international security and the Organisation for Security and Cooperation in Europe (OSCE) Informal Working Group on Cybersecurity, as well as taking her place on the UN Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security. She has previously worked in a range of government departments including the UK’s Department for Digital Policy and National Cyber Security Centre. She has represented the UK in the Organisation for Economic Co-operation and Development (OECD) and the UN International Telecommunications Union.

  Maarten Van Horenbeeck is a Board member, and former Chairman, of the Forum of Incident Response and Security Teams (FIRST. Maarten is also Chief Information Security Officer with Zendesk. Prior to this role, he was Vice President, Security Engineering at edge cloud network Fastly and managed the Threat Intelligence team at Amazon. Maarten has a master's degree in Information Security from Edith Cowan University, and a Masters degree in International Relations from the Freie Universitat Berlin. He is also Lead Expert to the Internet Governance Forum’s Best Practices Forum on Cybersecurity.

  Serge Droz is a senior IT-Security expert and seasoned incident responder working at Proton Technologies. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada, among others as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at the national CERT in Switzerland for more than 15 years. Serge is the chair of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response and a Senior Advisor to the Swiss based ICT4Peace foundation. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

  Dr. Hashem is a Visiting Professor of Computer and Information Sciences at the SUNY Polytechnic Institute (SUNY Poly), New York-USA. Dr Hashem is a Senior IEEE member and an ISACA Certified Information Security Manager (CISM). Prior to joining SUNY Poly in 2019, Dr Hashem was the Chair Professor of Engineering Mathematics and Computer Science at the Faculty of Engineering, Cairo University, Egypt. Dr Hashem also held a joint appointment as the Vice President of the National Telecom Regulatory Authority (2013-18). Dr Hashem's professional and research interest includes Cybersecurity, Artificial Intelligence, Information Technology, and Management of Information Security. Dr Hashem is currently a member of the African Union’s Cybersecurity Expert Group (AUCSEG). Over the last two decades, Dr. Hashem led several key cybersecurity efforts at the national level, and setting up the framework for further developing the Egyptian Computer Emergency Readiness Team (EG-CERT) at the National Telecom Regulatory Authority (NTRA). More recently, in 2015, Dr Hashem became a member of Egypt’s Supreme Cybersecurity Council (ESCC), which is affiliated with the Cabinet of Ministers. As the Chairman of the Executive Bureau of the ESCC, Dr Hashem led the team that drafted Egypt’s first National Cybersecurity Strategy (2017-2021). Successful cybersecurity initiatives and activities led by Dr Hashem have contributed to Egypt’s advanced cybersecurity rank: 14th among 193 countries, as reported by the International Telecommunications Union (ITU) Global Cybersecurity Index in July 2017. (https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf ). At the international level, Dr Hashem was an expert member of the United Nations Group of Government Experts (UN GGE) on the Developments In The Field Of Information And Telecommunications In The Context Of International Security (Aug 2012 - June 2013), a 15-members high-level group of experts that developed strategic cybersecurity reports which were presented at and endorsed by the UN General Assembly. https://www.un.org/disarmament/ictsecurity/ | https://www.un.org/ga/search/view_doc.asp?symbol=A/68/98 . Dr. Hashem received a B.Sc. in Communication & Electronic Engineering (1985) and a M.Sc. in Engineering Mathematics from Cairo University-Egypt (1988), and a Ph.D. in Industrial Engineering from Purdue University-USA (1993). He also completed the Senior Executive Program at Harvard Business School-USA (2001).

  October 23, 2020 14:20-15:05

•  GB US MU CH

  Panel Discussion: On-going Cybersecurity Activities in Africa

  Andy ChadwickJustin NovakKaleem Ahmed UsmaniMoctar YedalyNick SmallDr. Serge DrozSerge ZongoAndy Chadwick (FCDO, GB), Justin Novak (CERT/CC, US), Kaleem Ahmed Usmani (CERT-MU, MU), Moctar Yedaly (GFCE), Nick Small (Cyber4Dev, GB), Dr. Serge Droz (FIRST / FDFA, CH), Serge Zongo (ITU)

  Andy Chadwick is the Head of Africa Cyber Network for the UK Foreign, Commonwealth & Development Office, based in Nairobi but with an Africa-wide remit on Cyber. He has over 30 years’ experience with HMG in the fields of information security, cyber operations and intelligence analysis. The majority of his career has been spent overseas and working with international partners, most recently collaborating on cybersecurity capacity building projects and skills development programmes across Africa. His previous role was with the UK National Cyber Security Centre (NCSC) working primarily on International Engagement. He is keen to strengthen cybersecurity relationships and collaborate with partners across Africa.

  Justin Novak is a Senior Security Operations Researcher at the CERT Division of the Software Engineering Institute, a Federally Funded Research and Development Center hosted at Carnegie Mellon University. At CERT, he is involved in research on the operation of CSIRTs, Sector CSIRTs, and Security Operations Centers, focusing on incident response and incident management. He is currently is the SEI lead for engagements with Foreign Military partners through the DoD’s Foreign Military Sales program. Prior to that he led the International Cybersecurity Initiatives team. Before working at CERT, Justin was an Intrusion Detection Analyst and Network Analyst for the Department of Defense. He also worked in state government as an advisor to senior lawmakers. Justin holds a bachelor’s degree in Physics from the University of Pittsburgh, a Master’s degree in Security Studies from the University of Pittsburgh, and a PhD in Public Policy from George Mason University. Justin is an active member of the FIRST community and serves on the FIRST membership committee.

  I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius. My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

  Moctar Yedaly is a Telecom and Computers Engineer with an MBA in international Business. He is graduated from George Washington University, Amity University and Institute of Informatics. He has more than 20 years of International experience in the field communication and Networks management, resources evaluation and policy preparation. After many years in Telecom industry in the USA and in Africa, Moctar is, since 2011, in charge of the Information Society within the African Union Commission – an Intergovernmental organization with HQ in Addis Ababa, Ethiopia. In this capacity, he has contributed to and managed many programs in theAfrican continent among which the Program for Infrastructure development in Africa (PIDA), Dot Africa Domain Name, the African Internet Exchange Systems (AXIS) and the AU Convention on Cybersecurity.

  Nick is a Management Consultant with more than 25 years of business and strategy consulting experience, providing both public and private sector organizations with innovative solutions to their complex business challenges. He has an extensive background in defining and delivering initiatives that support clients in transforming their operations by capitalizing on innovative business models supported by strong governance, security and sustainability plans and policies. He has led strategic initiatives focused on aligning operational capabilities and associated financial investments with business goals and objectives. Nick has managed both the design and delivery of information and communications technology programs with a significant focus on institutionalizing appropriate management and security capacities to ensure stable, long-term service capabilities. Over the past 15 years Nick has led teams of management and technology professionals focused on the planning, design, development, and implementation of strategic ICT programs for government administrations in emerging markets. He had managed strategy development, transformation planning, and solution implementations that support national development goals while applying innovative approaches to address operational challenges. Having worked internationally for much of his career, Nick has extensive experience in delivering business and technology solutions in a variety of environments. He has contributed to a broad range of projects in Africa, Asia, Europe and the Americas.

  Serge Droz is a senior IT-Security expert and seasoned incident responder working at Proton Technologies. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada, among others as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at the national CERT in Switzerland for more than 15 years. Serge is the chair of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response and a Senior Advisor to the Swiss based ICT4Peace foundation. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

  Serge Valery ZONGO is currently Program Officer at the International Telecommunications Union (UN lead agency for Information and Communications Technologies) and Cybersecurity focal point for Africa region. He worked more than 15 years in information technology and management field in leading interconnection and telecommunications companies. The last eight years, he coordinates ITU’s initiatives in Africa in building trust, Cybersecurity culture reinforcement for ITU Members and boosting digital innovation ecosystem with a focus on national cybersecurity strategies and CIRTs, Cyberdrill and capacity building. He believes that an integrated and well-aligned synergy of cybersecurity initiatives in the continent is a key enabler of digital transformation in the region. Serge Valery’s broad experience in the Telecommunications/ICT sector spans over private and public sectors. He holds advanced degrees in Engineering, Computer Information Systems, management and finance.

  October 23, 2020 12:35-13:20

•  EE

  Threat Landscape - C19 Edition: COVID-19 Cyber Threat Landscape from the Attacker's Perspective

  Sille LaksSille Laks (Cyber4Dev, EE)

  Having spent most of last decade working on the defensive side, responding to cyber incidents and organizing awareness raising campaigns at national CERT team and preventing online fraudsters stealing corporate and customers’ money in private sector, Sille is now working in an Estonian company Clarified Security that is focused on the offensive side of security. In her daily job she is responsible for organizing cyber exercises, operational side of incident response, and awareness raising lectures. She is quite often also doing awaraness raising training for the voluntary members of Estonian Defence League and it’s subunits being a member of the organization herself for soon 20 years. Sille holds an MSc degree in Cybersecurity and a BA degree in Business and Public Management and is a guest lecturer of Foundations of Cyber Security in Tallinn Technical University.

  A massive amount of daily work and studies moved online in 2020. It has become a new reality that a lot of daily communication is now done only online or via phone. Criminals have always evolved and adapted to new changes very fast and cybercrime is no exception. The more users you have online who are trying to cope with the growing e-mail flood and phone calls from their internal helpdesks - the easier it is to conduct even the most trivial cyber attacks. Whether someone is impersonating IT-helpdesk or sending you a “Mailbox full, please insert password to get more space” e-mail. And how easy it is to get money from an organization when you are.

  October 22, 2020 14:00-16:00, January 1, 1970 00:00-00:00

  Sille-Presentation-materials.pdf

  MD5: 7943870f08ac6bcce9a1b1bb54725100

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 2.91 Mb

• 2020 FIRST & AfricaCERT Virtual Symposium for Africa and Arab Regions
  • Program Overview
  • Registration