Program Overview

Agenda is subject to change. Last updated December 7, 2021.

Times are reflected in UTC. Please check your local times. Detailed training information coming early November.

The event will be presented in English with French translation available during the plenary sessions on December 7.

Tuesday, December 7^th
Plenary Sessions
Wednesday, December 8^th
Day 1 | Technical 1
Day 1 | Technical 2
Day 1 | Management
Thursday, December 9^th
Day 2 | Technical 1
Day 2 | Technical 2
Day 2 | Management

Tuesday, December 7^th

	Plenary Sessions
11:00 – 11:15	EG CH TN Welcome Remarks Dr. Sherif Hashem (FIRST, EG); Dr. Serge Droz (FIRST / FDFA, CH); Jean-Robert Hountomey (AfricaCERT); Wafa Dahmani (ANSI - TunCERT, TN)
11:15 – 11:30	TN Opening Address Kamel Saadaoui (Chief of ICT Minister Office, TN)
11:30 – 13:00	EG OM TG GB ET US Regional and International Initiatives Dr. Sherif Hashem (FIRST, EG); Eng. Badar Al Salehi (Oman National CERT, ARCC, OIC-CERT, OM); Palakiyem Assih (CERT.tg, TG); Jeremy Ketteringham (UK Home Office, GB); Nick Small (Cyber4Dev, GB); Adil Suleiman (African Union Commission, ET); Elizabeth Vish (US Department of State, US); Serge Zongo (ITU)
13:00 – 13:15	Break
13:15 – 14:15	US DE KE NL Frameworks and Related Standards Jean-Robert Hountomey (AfricaCERT); Peter Allor (RedHat, US); Dr. Klaus-Peter Kossakowski (PRE-CERT, DE); Mwende Njiraini (Former Chair ITU-T SG17 Regional Group for Africa, KE); Justin Novak (CERT/CC, US); Don Stikvoort (NL)
14:15 – 15:45	TN LU TZ NL GH KR EG Open-source Tools and CSIRT Success Stories Prof. Nabil Sahli (TunCERT, TN); Marwan Ben Rached (ITU); Guenaëlle De Julis (CERT-XLM (Excellium), LU); Raymond Linus (TZ-CERT, TZ); Kevin Meynell (Internet Society, NL); Mariem Mahjoub (ANSI , TN); Omo Oaiya (WACREN, GH); Eunju Pak (KrCERT/CC, KR); Mahmoud Raouf (EG-CERT, EG)
15:45 – 16:00	Break
16:00 – 17:00	US LU PL KE AU Open Data (OSINT) and Threat Intelligence Sharing Platforms and Tools Jean-Robert Hountomey (AfricaCERT); John Grim (Verizon, US); Andras Iklody (CIRCL, LU); Piotr Kijewski (The Shadowserver Foundation, PL); Lawrence Muchilwa (FIRST Africa Regional Liaison – Silensec, KE); Adli Wahid (APNIC, AU)
17:00 – 18:00	TN NG US Observed Malicious Cyber Criminality During COVID in the African and Arab Regions Wafa Dahmani (ANSI - TunCERT, TN); Abdul-Hakeem Ajijola (AUCSEG, NG); Carlos Alvarez del Pino (ICANN, US); Mohamed Ali Benmabrouk (Tunisia, TN); Dr. Haitham Al Hajri (Oman National CERT, TN)
18:00 – 18:15	Closing Remarks

Wednesday, December 8^th

	Day 1 Technical 1	Day 1 Technical 2	Day 1 Management
11:00 – 13:00	TN Open-source Tools for CSIRTs Prof. Nabil Sahli, SMII Mondher (TunCERT, TN); Mohamed Ali Benmabrouk (Tunisia, TN); Amine Rached (CSIRT.tn, Keystone, TN) 11:00 – 15:00	US MITRE ATT&CK Fundamentals Sean Whitley (MITRE, US)	NL CSIRT Maturity Modeling Don Stikvoort (NL)
13:00 – 15:00	GB Protective DNS – Why It Matters and How to Deploy It On-prem Boris Taratine (Farsight Security, GB)	TN Designing and Running Cyber-exercises for CSIRTs Haythem El Mir (CSIRT.tn Keystone, TN)

Day 1
Technical 1

Day 1
Technical 2

Day 1
Management

11:00 – 13:00

Open-source Tools for CSIRTs

Prof. Nabil Sahli, SMII Mondher (TunCERT, TN); Mohamed Ali Benmabrouk (Tunisia, TN); Amine Rached (CSIRT.tn, Keystone, TN)

11:00 – 15:00

MITRE ATT&CK Fundamentals

Sean Whitley (MITRE, US)

CSIRT Maturity Modeling

Don Stikvoort (NL)

13:00 – 15:00

Protective DNS – Why It Matters and How to Deploy It On-prem

Boris Taratine (Farsight Security, GB)

Designing and Running Cyber-exercises for CSIRTs

Haythem El Mir (CSIRT.tn Keystone, TN)

Thursday, December 9^th

	Day 2 Technical 1	Day 2 Technical 2	Day 2 Management
11:00 – 15:00	US Incident Response and Classification Workshop Angel L Hueca, Justin Novak, Larry Rogers (CERT/CC, US)	LU MISP Fundamentals Alexandre Dulaunoy, Sami Mokaddem (CIRCL, LU)	MU National Cyber Crisis Management Jennita Appaya (Independent Consultant, MU); Dr. Kaleem Ahmed Usmani (CERT-MU, MU)

Day 2
Technical 1

Day 2
Technical 2

Day 2
Management

11:00 – 15:00

Incident Response and Classification Workshop

Angel L Hueca, Justin Novak, Larry Rogers (CERT/CC, US)

MISP Fundamentals

Alexandre Dulaunoy, Sami Mokaddem (CIRCL, LU)

National Cyber Crisis Management

Jennita Appaya (Independent Consultant, MU); Dr. Kaleem Ahmed Usmani (CERT-MU, MU)

NL
CSIRT Maturity Modeling
Don StikvoortDon Stikvoort (NL)
CSIRTs and similar cyber security teams: how mature is your team? How do you measure that? How can you use that to improve your team's quality? This short training gives answers to these questions and helps you to self-assess the maturity of your team, using the SIM3 model as tool.

Don Stikvoort MSc. In 1988 Don joined the Dutch national research network SURFnet, after studying physics and 2 years in the army. Don was among the pioneers who created the European Internet starting in 1989. He recognized “security” as a concern in 1991, chaired SURFcert between 1992-8, and was the founding father of NCSC-NL, the Dutch national team, and of the European TF-CSIRT community. Don became a member of FIRST in 1992 and has been very active during his membership from chairing the FIRST conference in Australia in 1999, co-chair of the Traffic Light Protocol working group and participating in CSIRT, Metrics and Ethics working groups. In 1998 he co-wrote the ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’. Don continues to support the global cyber security community through S-CURE the company he founded in 1998. Don created the SIM3 maturity model for CSIRTs, is a sought-after keynote speaker and also finds the time to do executive coaching and psycho therapy with a limited set of clients.

December 8, 2021 11:00-13:00
TN
Designing and Running Cyber-exercises for CSIRTs
Haythem El MirHaythem El Mir (CSIRT.tn Keystone, TN)
Cyber-exercises is a good way to train CSIRT teams and a good tool for CSIRT to prepare their constituency to face cyber emergencies. This training will present the concept of cyber-exercise: design, preparation and running. It will cover exercise for technical teams and for management. Some examples will be presented to explain the whole preparation process with useful techniques to run effective exercises. Virtual class capacity is 20 maximum.

Haythem El Mir is a cybersecurity expert with 20 years of experience. Currently, Mr. El Mir is the CEO of Keystone, a cybersecurity consulting company working on MEA region, and manager CSIRT.tn. With Keystone, Haythem is advising governments, critical sectors and big companies to develop their cyberdefense program and cybersecurity strategies.

As a specialist in critical information infrastructure protection (Banking, Telecom, Government, Industry), Mr. El Mir has participated in numerous cyber security projects in the Africa and Middle East regions. He helped also to set up about 15 CSIRT and projects.

December 8, 2021 13:00-15:00
Haythem-Slides-cyberExercice-FIRST.pdf
MD5: b282310d5becc1e45a84874a312c2841
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.84 Mb
US DE KE NL
Frameworks and Related Standards
Jean-Robert HountomeyPeter AllorDr. Klaus-Peter KossakowskiMwende NjirainiJustin NovakDon StikvoortJean-Robert Hountomey (AfricaCERT), Peter Allor (RedHat, US), Dr. Klaus-Peter Kossakowski (PRE-CERT, DE), Mwende Njiraini (Former Chair ITU-T SG17 Regional Group for Africa, KE), Justin Novak (CERT/CC, US), Don Stikvoort (NL)
A presentation on frameworks related to CSIRT, PSIRT, and a like organizations creation, operation, and maturity evaluation. Panelists will discuss emerging cyber security standards and models useful to incident response and security teams' operation.

Moderator

Jean-Robert Hountomey works as a researcher for a global technology leader. His expertise includes Product Security, Privacy Engineering, Secure Software Development Life Cycle, incident management, vulnerability research, maturity frameworks, drafting of policy, guidelines, and best practices.

Mr. Hountomey is a Founder and Director of the Africa Forum of Incident response and security teams(AfricaCERT), the African Anti Abuse Working Group. He is a SIM3 auditor, a Member of the African Union Cybersecurity Expert Group, the FIRST Membership committee, the PSIRT SIG, the Vulnerability Coordination SIG, the CVE outreach, and Communication Working Group (OCWG), ISACA (GOLD), OWASP (LIFETIME), IAPP.

He has contributed to cybersecurity frameworks, articles, ICANN, ISOC, AfriNIC, AfNOG, AfrISPA, the GFCE, and the UN OEWG. His research includes issues and opportunities related to law, technology, and Internet Governance.
Panelists
- Peter Allor - RedHat - Peter Allor is a Director for Red Hat Product Security where he has responsibility for the portfolio on Secure Development through Incident Response. He is currently the Chair for the FIRST PSIRT SIG where a number of documents supporting the product security incident response were developed by practitioners for practitioners including a Framework of Services, Maturity and a base Incident Response plan.
  
  Pete has assisted in the formation of the IT-ISAC and ICASI (Industry Consortium for Advancing Security on the Internet) groups for broader response and coordination. He is also a former Member of the FIRST Board of Directors serving as the CFO for five years, guiding CVSS and other SIGs as well as the board liaison for FIRST Conferences. Pete was a founding member of the IT Sector Coordinating Council and has participated on the CyberSecurity Commission for the 44th Presidency as well as supporting his CEO on the National Infrastructure Advisory Council where he led several working groups.
  
  Pete started with Internet Security Systems working their vulnerability disclosures and then was with IBM Security when ISS was acquired. He later moved to Honeywell working their cloud solutions and product as the Product Security Chief prior to moving to Red Hat.
- Prof. Dr. Klaus-Peter Kossakowski has worked in the security field for more than 30 years. In 1988 he was one of the first members of the Virus Test Center in Hamburg where he focused on malicious network programs. In January 1993 when DFN-CERT became the first German CERT for an open network he started to work there and became managing director of it in 2003. He also founded PRESECURE Consulting GmbH, a privately-owned company specialized in cyber security, critical information infrastructure protection, situational awareness, early warning and developing specialized services like CERTs or SOCs. He successfully led the team from a research effort to a functional and well-respected operational entity. He was a visiting professor at the University of Hamburg from 2008 to 2011 and became a full professor at the University of Applied Science in Hamburg in 2014.
  
  Since 1998 he is continuously providing feedback on research topics, operational experiences and lessons learned to the community. This started with the “CSIRT Handbook” in 1998, republished in 2003, that he co-authored with Moira West-Brown and Don Stikvoort. His research work was mostly supported by the CERT Coordination Center at the CMU/SEI for which he worked as visiting scientist from 1998 to 2011.
  
  He was elected as a member of the FIRST Steering Committee in 1997 and had been on the committee until 2005, being re-elected three times and served the two last years as Chair of the FIRST Steering Committee. Frequently he has been involved with FIRST Conferences as volunteer, organizer and presenter or served on the program committee. In 2015 he was representing the local host of the FIRST Conference in Berlin, in 2017 he was the Program Chair for the FIRST Conference on Puerto Rico.
  
  Together with Don Stikvoort he developed the accreditation and certification frameworks for CERTs and security teams including the now commonly accepted SIM3 maturity model adopted by ENISA and now maintained by the openCSIRT Foundation. Since 2011 he coordinates the Trusted Introducer framework providing infrastructure services, accreditation and certifications to nearly 400 security, product security and incident response teams internationally. Through the Trusted Introducer service and the support of his university he promotes and supports approaches like SIM3 or emerging frameworks or taxonomies for CERTs, most namely the “FIRST CSIRT Services Framework” and the “eCSIRT Incident Taxonomy”, which goes back to the eCSIRT.net project of 2003 successfully lead by him.
  
  Prof. Dr. Kossakowski helped considerably to raise the awareness for CERTs concentrating on international issues, information sharing and coordinated cooperation, and establishing an international infrastructure for Cyber Defense.
- Mwende Njiraini is the former Chair of ITU-T Study Group 17 (security) Regional Group for Africa. She continues to participate in the work of the developing a tool for assessment for Cyber Defence Centres including CIRTs based on the recently approved ITU-T Recommendation X.1060: Framework for the creation and operation of a cyber defence centre.
  
  Mwende has worked in various capacities at Communications Authority of Kenya, the ICT regulator, most recently as the Manager, Innovation, Research and Development.
  
  She is currently an Associate with DiploFoundation, working on developing Knowledge Modules for cybersecurity capacity development for the Africa Union Commission (AUC) - Global Forum for Cybersecurity Expertise (GFCE) project.
  
  She is a Telecommunications Engineer who loves baking and birdwatching .
- Justin Novak is a Senior Security Operations Researcher at the CERT Division of the Software Engineering Institute, a Federally Funded Research and Development Center hosted at Carnegie Mellon University. At CERT, he is involved in research on the operation of CSIRTs, Sector CSIRTs, and Security Operations Centers, focusing on incident response and incident management. He is currently is the SEI lead for engagements with Foreign Military partners through the DoD’s Foreign Military Sales program. Prior to that he led the International Cybersecurity Initiatives team. Before working at CERT, Justin was an Intrusion Detection Analyst and Network Analyst for the Department of Defense. He also worked in state government as an advisor to senior lawmakers. Justin holds a bachelor’s degree in Physics from the University of Pittsburgh, a Master’s degree in Security Studies from the University of Pittsburgh, and a PhD in Public Policy from George Mason University. Justin is an active member of the FIRST community and serves on the FIRST membership committee.
- Don Stikvoort MSc. In 1988 Don joined the Dutch national research network SURFnet, after studying physics and 2 years in the army. Don was among the pioneers who created the European Internet starting in 1989. He recognized “security” as a concern in 1991, chaired SURFcert between 1992-8, and was the founding father of NCSC-NL, the Dutch national team, and of the European TF-CSIRT community. Don became a member of FIRST in 1992 and has been very active during his membership from chairing the FIRST conference in Australia in 1999, co-chair of the Traffic Light Protocol working group and participating in CSIRT, Metrics and Ethics working groups. In 1998 he co-wrote the ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’. Don continues to support the global cyber security community through S-CURE the company he founded in 1998. Don created the SIM3 maturity model for CSIRTs, is a sought-after keynote speaker and also finds the time to do executive coaching and psycho therapy with a limited set of clients.
December 7, 2021 13:15-14:15
Frameworks-and-Related-Standards-Klaus-Peter-Slides.pdf
MD5: b53e37353644f972f1daae87e63d4a26
Format: application/pdf
Last Update: June 7th, 2024
Size: 148.14 Kb
Frameworks-and-Related-Standards-Pete-Slides.pdf
MD5: be6f81b7cb3e8743fc02ebc761f3b2d7
Format: application/pdf
Last Update: June 7th, 2024
Size: 439.9 Kb
Frameworks-and-Standards-ITU-T-X1060-Presented-by-Mwende-Njiraini-.pdf
MD5: 31f7cfc5640e2ad57f57ec7db18b8be3
Format: application/pdf
Last Update: June 7th, 2024
Size: 3.4 Mb
US
Incident Response and Classification Workshop
Angel L HuecaJustin NovakLarry RogersAngel L Hueca (CERT/CC, US), Justin Novak (CERT/CC, US), Larry Rogers (CERT/CC, US)
This workshop will provide current and future managers of computer incident response teams (CSIRTs) an understanding of the processes involved in cybersecurity incident response. Participants will be introduced to the goal and elements of incident response, the incident response process, and incident classification. Workshop attendees will have an opportunity to participate in a hands-on cyber incident triage exercise for classification and prioritization.

Registration capacity 25.

11:00-11:15 Opening remarks, intros, workshop kickoff
11:15-12:00 Goal and Elements of Incident Response
12:00-12:45 Incident Response Process
12:45-13:00 Break
13:00-13:45 Incident Classification and Prioritization
13:45-15:00 Incident Triage Exercise and Discussion

Trainers

Angel L. Hueca is a Senior Cybersecurity Operations Researcher in the CERT® Coordination Center of Carnegie Mellon University’s Software Engineering Institute (SEI). He has over 20 years of combined experience in Systems Administration and Cybersecurity. Angel has worked extensively in the private and public sector implementing intrusion detection systems (IDS) and systems auditing solutions. Currently, his focus in on international CSIRT initiatives. His previous professional experience includes being the Cybersecurity Program Information Systems Security Officer (contractor) at the Consumer Financial Protection Bureau (CFPB), where he served as the bureau Cyber Policy Manager and CyberPMO Plan of Actions and Milestones (POAM) manager for the CFPB cybersecurity program. Prior to that, Angel worked at the IRS as a Senior Cybersecurity Associate (contractor) and the Pension Benefits Guaranty Corporation (PBGC) as an Information Systems Security Engineer (contractor). Additionally, Angel worked at the Independent Community Bankers of America (ICBA) and TCM Bank as the IT Operations Manager and Senior Systems Administrator, introducing formal cybersecurity practices. Angel holds a Ph.D. in Information Systems, focusing in information security and insider threat.

Justin Novak is a Senior Security Operations Researcher at the CERT Division of the Software Engineering Institute, a Federally Funded Research and Development Center hosted at Carnegie Mellon University. At CERT, he is involved in research on the operation of CSIRTs, Sector CSIRTs, and Security Operations Centers, focusing on incident response and incident management. He is currently is the SEI lead for engagements with Foreign Military partners through the DoD’s Foreign Military Sales program. Prior to that he led the International Cybersecurity Initiatives team. Before working at CERT, Justin was an Intrusion Detection Analyst and Network Analyst for the Department of Defense. He also worked in state government as an advisor to senior lawmakers. Justin holds a bachelor’s degree in Physics from the University of Pittsburgh, a Master’s degree in Security Studies from the University of Pittsburgh, and a PhD in Public Policy from George Mason University. Justin is an active member of the FIRST community and serves on the FIRST membership committee.

Larry Rogers - Lawrence (Larry) Rogers is a Principle Engineer at the CERT Division of the Software Engineering Institute, a Federally Funded Research and Development Center hosted at Carnegie Mellon University. At CERT, Larry works on the Security Operations team and has been teaching topics on incident handling, malware analysis, and other incident response and forensics digital artifact analysis. Before that, he worked with different U.S. Federal Law Enforcement Agencies on "gap" areas of digital investigations and forensics. He also manages the CERT Linux Forensics Tools Repository (http://www.cert.org/forensics/repository), a collection of public domain software tools packages for Fedora and CentOS/RedHat Enterprise Linux.

December 9, 2021 11:00-15:00
Incident-Response-Training-Presented-by-SEI-CERTCC-Angel-Slides.pdf
MD5: 15d2fb6cea60ef0385cae73e5323ef91
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.67 Mb
Incident-Response-Training-Presented-by-SEI-CERTCC-Justin-2-Slides.pdf
MD5: ea2ff49cf516629244d193a072b4a3bc
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.03 Mb
Incident-Response-Training-Presented-by-SEI-CERTCC-Justin-Slides.pdf
MD5: eaaadb2896aa770b2b9362bc2038ca22
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.19 Mb
Incident-Response-Training-Presented-by-SEI-CERTCC-Larry-Slides.pdf
MD5: a7bff446e8153e1399ca765f3fe86e40
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.08 Mb
LU
MISP Fundamentals
Alexandre DulaunoySami MokaddemAlexandre Dulaunoy (CIRCL, LU), Sami Mokaddem (CIRCL, LU)
MISP Fundamentals - The MISP session will demonstrate how the open source Threat Intelligence Platform functions; we will explain how to share, comment and contribute and analyse information using MISP. The MISP standard and data model will be demonstrated to show how to use MISP in real cyber security incidents and intelligence use-cases.

Materials available at: https://github.com/MISP/misp-training#materials

Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team.

Sami Mokaddem is a civil engineer graduated from the Université catholique de Louvain (UCL). He is the lead developer of the situational awareness tool called misp-dashboard used for the MISP threat intelligence platform. He works at CIRCL.

December 9, 2021 11:00-15:00
US
MITRE ATT&CK Fundamentals
Sean WhitleySean Whitley (MITRE, US)
The ATT&CK Framework provides a common language for Cybersecurity professionals to use when describing adversary Tactics, Techniques, and Procedures. It is a growing standard across the Cybersecurity community being used in threat reporting, sensor configurations, analytics and more. In this session we will go over the fundamentals of the ATT&CK Framework, explore its parts and pieces, enumerate some common use cases, and walkthrough some tools we can use when working with it.

Sean Whitley is a Cyber Operations Lead at the MITRE Corporation and has a master’s degree in Information Security and Assurance. He has worked in the cyber defense domain for nine years, authored several papers on cyber hunting and TTP based defense, and is a contributor to the MITRE ATT&CK Defender (MAD) series of courses. Most of his time at MITRE has been spent using the ATT&CK framework to develop more effective analytics and detection methods. He also works with various organizations to help them adopt the ATT&CK framework and has been a contributor and lead of the Cyber Analytic Repository.

December 8, 2021 11:00-13:00
MU
National Cyber Crisis Management
Jennita AppayaDr. Kaleem Ahmed UsmaniJennita Appaya (Independent Consultant, MU), Dr. Kaleem Ahmed Usmani (CERT-MU, MU)
Cyber-attacks pose an ever-present security threat. As security professionals, we see the cyber landscape changing constantly. Countries and nations are taking necessary measures to protect their cyber space against these threats. One of these measures is the development of National Cyber Crisis Response Plan.

The main objective of this course is to allow participants to learn the national approach in responding to potential cyber threats or incidents. Other objectives of the course are as follows:
- To discuss the importance and benefits of a National Cyber Crisis Response Plan
- To highlight the roles and responsibilities of stakeholders in managing and coordinating incidents of critical in nature
- To learn the ways for incident resolution, proper information sharing and effective communication related to incidents of national significance
- To elaborate on testing, implementation and maintenance of a National Cyber Crisis Response Plan
The target audience for this course includes, Policy Makers , Chief Information Security Officers ,Information Security Officers , Security Directors , Security Managers , Aspiring Security Leaders, Other Security Personnel who have Team Lead or Management Responsibilities

Jennita Appanah Appaya - is an experienced Information Security Consultant working at the Computer Emergency Response Team of Mauritius (CERT-MU). She has extensive experience in incident handling and management, national cyber security strategy and policy drafting, cyber security vulnerability research, development of information security guidelines and best practices. She is the author and co-author of cybersecurity papers. She is passionate about cybersecurity and is keen on exploring new aspects in the field.

Jennita holds a Master degree in Computer Security and Forensics and is a Certified Ethical Hacker, Certified Network Security Manager and Certified Digital Forensic Investigation Professional. She is also an alumni of the U.S Department of State’s International Visitor’s Leadership Program on “Promoting Cybersecurity” (a Regional Project for Africa).

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.
December 9, 2021 11:00-15:00
National-Cyber-Crisis-Management-Plan-slides-Part-1.pdf
MD5: deb15c04b175d97d68d655359c3accef
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.78 Mb
National-Cyber-Crisis-Management-Plan-Training-slides-Part-2.pdf
MD5: cc194f9bb484e876d83b7cab60a4d998
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.17 Mb
National-Cyber-Crisis-Management-Plan-Training-slides-Part-3.pdf
MD5: b3f5cbcbeb8f62201b761dac70391cc7
Format: application/pdf
Last Update: June 7th, 2024
Size: 538.08 Kb
TN NG US
Observed Malicious Cyber Criminality During COVID in the African and Arab Regions
Wafa DahmaniAbdul-Hakeem AjijolaCarlos Alvarez del PinoMohamed Ali BenmabroukDr. Haitham Al HajriWafa Dahmani (ANSI - TunCERT, TN), Abdul-Hakeem Ajijola (AUCSEG, NG), Carlos Alvarez del Pino (ICANN, US), Mohamed Ali Benmabrouk (Tunisia, TN), Dr. Haitham Al Hajri (Oman National CERT, TN)
Regional experts will share their experiences and discuss attack trend updates (malware, bots, DDoS, etc.), CSIRT observations, new tendencies, and challenges, malicious and cyber criminality during COVID in the African and Arab regions.
Materials from Carlos' portion of the presentation can be found here: https://www.icann.org/dnsticr

Moderator

Wafa Dahmani is a senior engineer, IT emergency and support Director at National Agency of Computer Security . She manages the team responsible for monitoring cybernetic risks with early warning of attacks on national cyberspace, in coordination with Internet service providers and various stakeholders. And coordinating with similar international centers (CERT) in order to identify and combat cybernetic risks and to exchange information concerning new developments on an international scale in the field She is former Director of Network information center and in charge of commercial and competitive intelligence in ‘Tunisie Internet’ which an internet service provider, the cctld technical registry, an Afrinic LIR member and running TunIXP.
Panelists
- Abdul-Hakeem Ajijola (AhA) is a global Cybersecurity resource is ranked #1 IFSEC 2020 Global Cybersecurity professionals’ influencers and thought leaders list. He is also: Chair, African Union Cyber Security Expert Group, Addis Ababa; Chair, Working Group on Cyber Incident Management and Critical Information Protection of #theGFCE, The Hague; Commissioner, Global Commission on the Stability of Cyberspace (#GCSC), The Hague; Expert, supporting United Nations Office on Disarmament Affairs (#UNODA) development of an online training course in “Cyberdiplomacy", New York, USA; Resource Person, #ITU Arab Regional Cyber Security Centre through Oman National CERT (#OCERT) Muscat, Oman; Resource person, South East Asia Regional Centre for Counterterrorism (#SEARCCT), Kuala Lumpur, Malaysia; Resource person, on Cyber Security in Countering Terrorism and Violent Extremism for the Organization of the OIC Headquarters, Jeddah, Saudi Arabia; Founding member Organization of Islamic Cooperation – Computer Emergency Response Team (#OIC-CERT) and initiator of the annual OIC-CERT Global prize, Kuala Lumpur, Malaysia.
  
  He is also: Chair, Nigerian National Cybersecurity Policy and Strategy review committee; Chair, Nigeria Computer Society, Cybersecurity Advisory Group; Member, Presidential Committee on the Development of National Broadband Plan; Member, Group of Experts for the Nigerian Senate Committee on Cybersecurity and ICT; Lead, National Identity Management Harmonization and Integration Committee; Member, 2001 Nigeria National IT Policy Drafting Committee; Has been an Assistant to four (4) Nigerian National Security Advisers; Fellow, Nigeria Computer Society; Lead Facilitator, Cybersecurity Capacity Building, Executive Registration Programme, Computer Professionals Registration Council of Nigeria (CPrN); Board Member, Backbone Connectivity Network (BCN) Nigeria Limited; Director/ Secretary, HAKDA-Ajijola Foundation; Trustee, Alpha-Arewa Foundation.
  
  He has attended several development programmes both in Nigeria and abroad including an Executive Program on Science, Technology and Innovation Policy at the prestigious Harvard University, John F. Kennedy School of Government. He also has special certifications from the MIS Training Institute, Massachusetts MA, USA in Large Scale Computer Forensics, Incident Response, International Security in the Interconnected World and The Forum on Information Warfare. He is Certificated on Digital Forensics with Forensics Recovery Evidence Device (FRED) by Digital Intelligence, Inc., USA, and Cyber Security Capability & Capacity Building certification by Cybersecurity Malaysia.
- Carlos Alvarez leads ICANN's engagement with the trust and public safety communities (civil/criminal law enforcement, national cyber security centers, consumer protection, incident response teams, threat intelligence, operational security). His portfolio includes trust-groups, national/defense/police response teams, and organizations like the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the Forum of Incident Response and Security Teams (FIRST), the National Cyber Forensics and Training Alliance (NCFTA), the Global Cyber Alliance or the Cyber Defence Alliance, among others.
  
  Carlos is an attorney graduated from the Universidad de los Andes in Bogota. He holds a Master of Laws degree from the University of Southern California Gould School of Law, and has studies on networking with TCP/IP from UCLA.
- Mohamed Ali Benmabrouk is the Head of the Head of Watch, Alert, and Warning Division-tunCERT. He has been working at TunCERT since 2010 and is passionate about open source tools. He was involved the set up sectorial CERTs in Tunisia from 2017 like the Financial CERT (FIRST Member): https://www.financialcert.tn/ and assists them with developing processes and completing tasks within open source tools.
- Haitham AL Hajri is an Executive- Cyber Security Specialist at Oman National CERT, Dr. Haitham Hilal Al-Hajri Holds a PhD in Cybersecurity Management and a Master’s degree in digital forensics, along with a cluster of professional and specialized courses , such as a Certified Manager Risk Management ISO 31000 ISO and Information Security Management Certificate ISO / IEC 27001ISO. Haitham have participated in planning and implementation of a variety of projects, related to human security capacity building and public awareness campaigns, aimed at promoting the cyber security culture within workforce and society along. At industry capacity, Haitham have participated in organizing specialized training programs and cyber drills, which aims to simulate the latest trends of advanced digital threats that may target vital and critical sector organizations. In addition, enhancing the capabilities of the organizations to achieve digital transformation, while adhering and deploying Governance, Risk and Compliance frameworks (GRC), to address unconformity cybersecurity risks and aspects and to comply with global standards and local regularity laws. In return, enhancing cybersecurity capabilities, and forming a culture of cybersecurity between institutions and society to reduce the ongoing cyber threats and gap on digital divide.
December 7, 2021 17:00-18:00
Observed-Malicious-Cyber-Criminality-Benmabrouk-Slides.pdf
MD5: a9d5f49fff9d68c99f5d802c25549396
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.72 Mb
Observed-Malicious-Cyber-Criminality-During-COVID-Notes-Ajijola.pdf
MD5: 28abf02b75625ce85eab5cda86eb8fbc
Format: application/pdf
Last Update: June 7th, 2024
Size: 207.9 Kb
US LU PL KE AU
Open Data (OSINT) and Threat Intelligence Sharing Platforms and Tools
Jean-Robert HountomeyJohn GrimAndras IklodyPiotr KijewskiLawrence MuchilwaAdli WahidJean-Robert Hountomey (AfricaCERT), John Grim (Verizon, US), Andras Iklody (CIRCL, LU), Piotr Kijewski (The Shadowserver Foundation, PL), Lawrence Muchilwa (Silensec, KE), Adli Wahid (APNIC, AU)
A presentation on threat intelligence sharing platforms and tools, along with a presentation of opportunities and tools for the exploitation of open-source data (OSINT) during incident investigation activities. The desired outcome is to reflect on the strategic role of such platforms in promoting collaboration among CSIRTS and supporting national and regional exchange information models.
Moderator

Jean-Robert Hountomey works as a researcher for a global technology leader. His expertise includes Product Security, Privacy Engineering, Secure Software Development Life Cycle, incident management, vulnerability research, maturity frameworks, drafting of policy, guidelines, and best practices. Mr. Hountomey is a Founder and Director of the Africa Forum of Incident response and security teams(AfricaCERT), the African Anti Abuse Working Group. He is a SIM3 auditor, a Member of the African Union Cybersecurity Expert Group, the FIRST Membership committee, the PSIRT SIG, the Vulnerability Coordination SIG, the CVE outreach, and Communication Working Group (OCWG), ISACA (GOLD), OWASP (LIFETIME), IAPP. He has contributed to cybersecurity frameworks, articles, ICANN, ISOC, AfriNIC, AfNOG, AfrISPA, the GFCE, and the UN OEWG. His research includes issues and opportunities related to law, technology, and Internet Governance.

Panelists
- John Grim has over 19 years of experience leading investigations of data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, as a Distinguished Architect, John leads the Verizon Threat Research Advisory Center (VTRAC) Research, Development, and Innovation effort. In this role, John focuses on all aspects of cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating response preparedness training and breach simulation exercises for customers worldwide. Prior to Verizon, John served 12 years with the U.S. Army as a Counterintelligence Special Agent investigating security incidents.
- Andras Iklody works at the Luxembourgian Computer Security Incident Response Team (CSIRT) CIRCL as a software developer and has been developing the MISP core since early 2013. He is a firm believer that there are no problems that cannot be tackled by building the right tool.
- Piotr Kijewski makes things happen as the Shadowserver Foundation CEO, and also coordinating large-scale data collection and analysis projects as well as Shadowserver's CSIRT relationships. He has a strong CSIRT background, working at NASK in Poland for 14 years at the CERT Polska (CERT.PL) team. He was the Head of the CERT Polska team from 2010 - 2016, expanding its sensor projects, malware analysis and malware disruption capability. Piotr's interests include threat intelligence, incident response, honeypot technologies (he is a member and ex-Director of the Honeynet Project) as well as botnets/malware networks (which he likes to take down).
- Lawrence Muchilwa is a cyber security engineer with over 5 years experiences. He specializes in incident response,threat intelligence, cyber security training, leadership and currently manages the Security Operation Center at Silensec and is the lead blue team consultant at CYBER RANGES.
  
  He was the technical lead that worked with the ITU in the setup of Botswana CERT where he led the effort to establish a custom developed CTI platform. He has developed and delivered training for the ITU during their regional cyber drills in Africa,supported AfricaCERT during 2021 conference and collaborated with the Kenyan CIRT in matter cybersecurity. In his spare time, Lawrence prefers to volunteer and mentor young professionals, explore the outdoors on his motorbike and unwind with a paperback book.
- Adli Wahid is a Senior Internet Security Specialist at APNIC. He is an active member of the security community and involved in many capacity development project. Adli is currently the lead for the APNIC Community Honeynet Project. Prior to joining APNIC, he had served the Bank of Tokyo Mitsubishi-UFJ & the Malaysia CERT (MYCERT).
December 7, 2021 16:00-17:00
OSINT-Threat-Intelligence-Sharing-Andras-Slides.pdf
MD5: eaf7b9c2dd4d57ef541e383a2fd9b937
Format: application/pdf
Last Update: June 7th, 2024
Size: 563.96 Kb
OSINT-Threat-Intelligence-Sharing-Lawrence-Slides.pdf
MD5: b7203442e4e631a413e663d778c31bc7
Format: application/pdf
Last Update: June 7th, 2024
Size: 293.77 Kb
OSINT-Threat-Intelligence-Sharing-Piotr-Slides.pdf
MD5: 109a2300d453d598b8267cba963a6263
Format: application/pdf
Last Update: June 7th, 2024
Size: 15.16 Mb
TN LU TZ NL GH KR EG
Open-source Tools and CSIRT Success Stories
Prof. Nabil SahliMarwan Ben RachedGuenaëlle De JulisRaymond LinusKevin MeynellMariem MahjoubOmo OaiyaEunju PakMahmoud RaoufProf. Nabil Sahli (TunCERT, TN), Marwan Ben Rached (ITU), Guenaëlle De Julis (CERT-XLM (Excellium), LU), Raymond Linus (TZ-CERT, TZ), Kevin Meynell (Internet Society, NL), Mariem Mahjoub (ANSI , TN), Omo Oaiya (WACREN, GH), Eunju Pak (KrCERT/CC, KR), Mahmoud Raouf (EG-CERT, EG)
This session will focus on the open-source tools readily available to the incident response and security community as well as CSIRT success stories. Panelists will share their success stories as well as successful projects implementing open-source tools within their infrastructures.
Moderator

Professor Nabil Sahli is a Professor in Computer Science. He is General Director at the Ministry of Defense, in charge of academic studies at the Naval Academy and the Chief of the Research Unit "Security of Critical Systems", specialized in cyber security. He is also Senior Consultant at TunCERT, and advisor in cyber security for several National and international organizations. He is the "Fellows member" of OIC-CERT, the forum of CSIRTs of OIC, as co-founder of this forum and member of the "council of elders" of AfricaCERT, the forum of African CSIRTs, as co-founder of this young forum. Professor Nabil Sahli was the first CEO (founder) of the National Agency for Computer Security (“ANSI”) and Chief (founder) of the National CSIRT "TunCERT". He was the General Director of the National Unit, in charge of developing National cyber security strategy and Policy. He was also the founder of a Research and Development company (Biodata Carthago),specialized in the development of cyber security tools (PC and Distributed Firewalls, VPN tools, …).

Panelists
- Marwan Ben Rached - ITU - Mr. Marwan Ben Rached is a Cybersecurity Coordinator at ITU (International Telecommunication Union ) and has over a decade and a half of experience in the cybersecurity field. Marwan has provided information security consulting services and has managed cybersecurity projects for the governments and the private sector and also he has been involved into the regional cybersecurity assistance, by helping different developing countries to enhance their cybersecurity capabilities. Marwan received a Master and Engineer degrees in Computer Science from the University of Sousse and also he holds various Cybersecurity Certifications.
- Guenaëlle De Julis works in the security field since 10 years. She started by focusing on cryptography within the scope of a PhD, where she contributed in assessing the quality of physical source of randomness. Before joining Excellium CSIRT in 2019, she took part in a wide range of topics as a security consultant for small and international businesses, from application security to log analysis, and R&D projects in authentication, content protection, and fraudulent behaviors detection.
- Raymond Linus is a security professional specializing in Threat Hunting and Incident Response.
- Mariem Mahjoub - ANSI - Mariem Mahjoub is an IT engineer specialized in cybersecurity with more than 10 years of experience in this field including 5 years of research and teaching. Information security specialist, with know-how in several areas of IT security such as network security; information security assessment; penetration testing; free technologies; development of security procedures, policies and guidelines. Currently I am a member of the ISAC team.
- Kevin Meynell works at the Internet Society as the Manager of Technical and Operational Engagement supporting the deployment of key Internet technologies including Routing Security. He previously worked for JANET, the UK NREN, before joining TERENA (now the GÉANT Association) where he worked for the next 16 years on activities including the 6NET and 6DISS IPv6 deployment projects, eduroam, the Global Lambda Interconnect Facility, the TERENA Certificate Service and TF-CSIRT, as well having responsibilities for NREN Development Support in Eastern and Southern Europe, and Central Asia. After leaving TERENA, he worked as the Manager of the Shibboleth Consortium that develops the widely used Shibboleth web single sign-on software, before moving to APNIC as its Head of Training in 2014. He joined the Internet Society in October 2015.
- Omo Oaiya - WACREN - Omo Oaiya is the Chief Strategy Officer of the West and Central Research and Education Network (WACREN). He was the pioneer CTO of the RREN and continues to work on the technical development of high-capacity network infrastructure for research and education. Before WACREN, he was CEO of Datasphir, a private sector consultancy offering software development and project management support to the education sector in Nigeria and other parts of Africa. He leads LIBSENSE, an initiative aimed at building the information management capability of librarians and researchers, fostering communities of practice, and strengthening local services to support open science and research in Africa. A certified SIM3 Auditor, he has keen interests in establishing and maturing security teams in NRENs. He is the service manager for the "TrustBroker Africa" service, the CSIRT cooperation framework and service infrastructure operated by WACREN, in partnership with sister regional research networks, Ubuntunet Alliance and ASREN as part of the AfricaConnect3 project, which is co-funded by the European Union. TrustBroker Africa includes a membership model based on team maturity and a CSIRT platform that provides publicly available contact information for all members. Established to support the growth of CSIRTs in research and education, the framework and the platform is, however, open to all African security communities.
- Eunju Pak is a General Researcher at KrCERT/CC, KISA. She is in charge of the international and domestic cooperation among CSIRTs. She has run the capacity building program for CSIRTs and has been working for APCERT as the member of Steering Committee.
- Mahmoud Raouf joined EG-CERT in 2010 as Incident Response Engineer, Mahmoud is responsible for conducting investigation for national and top level domains. Mahmoud designed and develop national cybersecurity drills. Mahmoud holds a bachelor's degree in communication engineering from Cairo University, Professional diploma in cybersecurity from Information Technology Institute (iTi) and many professional certificates like OSCP, CHFIv8, GWAPT, GSEC, RHCSA.
December 7, 2021 14:15-15:45
Open-source-Tools-and-CSIRT-Success-Stories-Eunju.pdf
MD5: 0c98965ab3fc28883a6cbdfc683debf1
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.05 Mb
Open-source-Tools-and-CSIRT-Success-Stories-Guenaelle-Slides.pdf
MD5: 26a326ee5527481cd10c7783a7a7a73b
Format: application/pdf
Last Update: June 7th, 2024
Size: 678.34 Kb
Open-source-Tools-and-CSIRT-Success-Stories-Kevin.pdf
MD5: 583c65d74eb26edb87a1327119107fbd
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.4 Mb
Open-source-tools-and-CSIRT-success-stories-Mariem.pdf
MD5: b1bfe5097d06423f3420168406d62433
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.58 Mb
Open-source-Tools-and-CSIRT-Success-Stories-Marwan.pdf
MD5: bd3e91287f2a0934854208135fc09974
Format: application/pdf
Last Update: June 7th, 2024
Size: 988.81 Kb
Open-source-tools-and-CSIRT-success-stories-Prof-Nabil-SAHLI.pdf
MD5: f16826f613e1c74ce363e1eddd070b8c
Format: application/pdf
Last Update: June 7th, 2024
Size: 588 Kb
TN
Open-source Tools for CSIRTs
Prof. Nabil SahliMohamed Ali BenmabroukSMII MondherProf. Nabil Sahli (TunCERT, TN), Mohamed Ali Benmabrouk (Tunisia, TN), Amine Rached (CSIRT.tn, Keystone, TN), SMII Mondher (TunCERT, TN)
This training will provide an in-depth presentation, based on real practical experience (of a group of CSIRT experts from TunCERT and CSIRT.tn), of various open source tools of interest for CSIRT activities and Internal information system implementation. Virtual capacity 15 maximum.

Professor Nabil Sahli is a Professor in computer Science . He was the first CEO (founder) of the National Agency for Computer Security (ANSI, "Agence Nationale de Sécurité Informatique," TUNISIA) and Chief (founder) of the National CERT "TunCERT" (from 2004 to 2007), and General Director of the national Unit, in charge of developing national cybersecurity (UO-PDSI, from 2002 to 2004). He is currently Senior Consultant at TunCERT and at the National Agency for Computer Security, along with other consultancy positions at national and international organizations.

Prof Nabil Sahli, is the first "Fellows member" of the OIC-CERT, the forum of CERTs of the OIC countries, as co-founder of this forum and, previously, member of the "council of elders" of AfricaCERT, the forum of African CERTs, also as co-founder of this forum.

Professor Nabil Sahli is currently, the General Director of academic studies at the Navy Academy and Chief of the Research Unit "Security of Critical Systems", sponsored by the Ministry of Defense and the Ministry of Scientific research and high education, and he was also the Founder and CTO of a Research and Development company (Biodata Carthago), a subsidiary of an International company (Biodata IT AG, based in Germany), specialized in the development of security tools (PC and Distributed Firewalls).

Mohamed Ali Benmabrouk is the Head of the Head of Watch, Alert, and Warning Division-tunCERT. He has been working at TunCERT since 2010 and is passionate about open source tools. He was involved the set up sectorial CERTs in Tunisia from 2017 like the Financial CERT (FIRST Member): https://www.financialcert.tn/ and assists them with developing processes and completing tasks within open source tools.

Amine Rached is a Cybersecurity Specialist with more than 18 years of experience in this field, graduated with distinction, with an information system master degree. Skilled information security specialist, with a valuable know-how in most of IT security fields such as network, application and system security; information security assessment; penetration testing; open source technologies; developing security procedures, policies and guidelines; incident handling; computer forensics; security training and information security management, ISO 27001, ISO 27002, ISO 27005, information security in the banking industry, PCI-DSS. The experience covered also management aspects by managing and coaching technical teams.

SMII Mondher, a Cyber Security Analyst, at the National Agency for Computer Security NACS / Tunisian CERT, with expertise in threat analysis and intrusion detection systems. Performed dynamic analysis of malware and its delivery mechanism (malicious documents e.g. pdf, doc, etc.). Utilized custom sandbox environments such as Joe Sandbox, ANY.RUN and Hybrid Analysis to isolate malware and identifying malware C2 communication channels. Used MISP (Malware information sharing platform) to track, correlate and share the collected IOC's. I am in charge of Information Sharing and Analysis Center ISAC. I hold a professional master’s degree in Cyber Security and I am also certified ISO 27001 and ISO 22301.

December 8, 2021 11:00-15:00
Training-Open-source-and-csirt-2021-FIRST-symposium.pdf
MD5: 0c6499e1fee5fc8704c0201642265d66
Format: application/pdf
Last Update: June 7th, 2024
Size: 16.02 Mb
TN
Opening Address
Kamel SaadaouiKamel Saadaoui (Chief of ICT Minister Office, TN)

Kamel Saadaoui, computer engineer, is the Chief of ICT Minister office. He has also held several management positions. He was the CEO of the Tunisian Internet Agency (ATI), president of the National Telecommunications Authority and CEO of the national computer center (CNI) , among others.

He also held the post of chief of office of the former minister of ICT and digital economy in 2014 as well as the post of general coordinator at the Ministry of ICT, Higher Education and Scientific Research.

December 7, 2021 11:15-11:30
GB
Protective DNS – Why It Matters and How to Deploy It On-prem
Boris TaratineBoris Taratine (Farsight Security, GB)
Many cloud DNS providers including OpenDNS, Heimdal, DNSfilter, CloudFlare, and Quad9 offer DNS filtering whereby questions or answers deemed dangerous are answered dishonestly. This constructive dishonesty is a valuable security feature, and one which the US government recommended universally in an announcement published in March 2021. However, the USG recommendation only mentioned "cloud" solutions. Notably, managed private networks who use DNS as a control and monitoring point for cybersecurity can't or won't push their DNS service into the cloud. For them, a DNS firewall called RPZ can be used to subscribe to protective DNS filtering policy, and then be deployed locally using any open-source DNS server or any DNS appliance. In this presentation, we will cover the motives, methods, and context of on-premise protective DNS.

Special Instructions:
1. Have a system with Ubuntu 20.04 LTS installed (Raspberry Pi, VM, etc) available
2. Have an account on https://ioc2rpz.net/
3. Have an account on https://labs.fsi.io/
Boris Taratine is a passionate visionary and an influential ambassador of cybersecurity and cyber defense. He has been working with renowned companies across the Globe, was engaged in consulting with numerous organizations. He is very analytical and sees the roots of the problems through the elephants in the room. He is often at odds with the conventional wisdom that can be quite annoying until you understand the point. He actively promotes industry collaboration, participates in various industry forums, and is a frequent speaker at various industry events to influence global cybersecurity development. He volunteers his time advising to cybersecurity start-ups seeing a weakness in super-duper secure stuff whilst is still on napkin drawings - can be quite annoying too. Boris has many publications and dozens of patents granted and pending.
December 8, 2021 13:00-15:00
Protective-DNS-a-Boris-Slides.pdf
MD5: d441038c1cc61d6f63703cad3ffe942d
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.05 Mb
EG OM TG GB ET US
Regional and International Initiatives
Dr. Sherif HashemEng. Badar Al SalehiPalakiyem AssihJeremy KetteringhamNick SmallAdil SuleimanElizabeth VishSerge ZongoDr. Sherif Hashem (FIRST, EG), Eng. Badar Al Salehi (Oman National CERT, ARCC, OIC-CERT, OM), Palakiyem Assih (CERT.tg, TG), Jeremy Ketteringham (UK Home Office, GB), Nick Small (Cyber4Dev, GB), Adil Suleiman (African Union Commission, ET), Elizabeth Vish (US Department of State, US), Serge Zongo (ITU)
Expert panel will discuss the ongoing and future regional and international initiatives, projects, and funds for CSIRT creation, capacity building, and services tuning.

Moderator

Dr. Sherif Hashem is a Full Professor of Information Sciences and Technology at George Mason University-USA. Dr Hashem is a Senior IEEE member and an ISACA Certified Information Security Manager (CISM). Dr Hashem is currently a member of the Board of Directors of FIRST (Forum of Incident Response and Security Teams), and a member of the African Union’s Cybersecurity Expert Group (AUCSEG).

Over the last two decades, Dr. Hashem led several key cybersecurity efforts at the national level, and setting up the framework for further developing the Egyptian Computer Emergency Readiness Team (EG-CERT). In 2015, Dr Hashem became a member of Egypt’s Supreme Cybersecurity Council (ESCC), which is affiliated with the Cabinet of Ministers. As the Chairman of the Executive Bureau of the ESCC, Dr Hashem led the team that drafted Egypt’s first National Cybersecurity Strategy (2017-2021). Successful cybersecurity initiatives and activities led by Dr Hashem have contributed to Egypt’s advanced cybersecurity rank: 14th among 193 countries, as reported by the International Telecommunications Union (ITU) Global Cybersecurity Index in July 2017.

At the international level, Dr Hashem was an expert member of the United Nations Group of Government Experts (UN GGE) on the Developments In The Field Of Information And Telecommunications In The Context Of International Security (Aug 2012 - June 2013), a 15-members high-level group of experts that developed strategic cybersecurity reports to be endorsed by the UN General Assembly. He has been invited to give cybersecurity and ICT professional and strategic keynote speeches by numerous leading international organizations including: UN, ITU, Interpol, NATO, OSCE, OECD, African Union, the League of Arab States, as well as by the US Department of Defense and US Department of State.
Panelists
- Eng. Badar Al Salehi in the Director General of Oman National CERT in Ministry of Transport, Communications and Information Technology. Additionally, he carries out other leadership roles and responsibilities where he is the head of the Arab Regional Cybersecurity Center of the International Telecommunication Union (ITU) which is the specialized ICT agency of the United Nations (UN), He is also the chairman of the Organization of Islamic Cooperation Computer Emergency Response Team (OIC-CERT) and he’s chairing study group 17th in the International Telecommunication Union (ITU) concerned in cybersecurity standardization. As well he sets as a member in several Gulf regional committees such as, National Centers for Computer Emergency Response Committee in GCC Countries where he contributed in establishing committee as one of main standing committees within the General Secretariat of the Cooperation Council for the Gulf States Arabic.
  
  Eng. Badar Al Salehi worked in several government organizations where he worked in Muscat Municipality and Sultan Qaboos University. Currently is working in Ministry of Transport Communication and Information Technology. He supervised a number of national projects. He also contributed in obtaining number of international awards in cybersecurity for Oman.
  
  Eng. Badar hold an honorary BEng degree in computer systems engineering from United Kingdom. In addition to many professional certificates. He also participate and represents Oman in several international meetings as well participating as a keynote speaker in several regional and international conferences and workshops.
- Palakiyem Assih - CERT.tg- Palakiyem ASSIH is the Head of the CERT.tg, the national CERT of Togolese Republic and Technical Director of Cyber Defense Africa S.A.S (CDA). CDA is the national cybersecurity services company, mandated by the Togolese Republic to ensure the operational security of information systems in Togo. CDA has a security operations center (SOC) and a computer emergency response team that operates the CERT.tg. Prior to joining CDA and settling in Togo, Palakiyem has delivered cybersecurity projects within all EMEA (Europe, Middle East and Africa) geographic regions mainly with governmental institutions, financial institutions, telecoms and aircraft manufacturers.
- Jeremy Ketteringham - UK Home Office - Jerry is an ex-senior civil servant, with 34 years of experience working on UK government capability building programmes. Before leaving the civil service in September 2017 he spent five years as the Programme Director for the UK’s National Cyber Security Centre (NCSC) Cyber Security Programme, with responsibility for implementing the UK’s National Cyber Security Strategy. Since September 2017 he has been working as a specialist consultant for the Home Office working with international partners on National Cyber Risk Assessment (NCRA) and cyber security capacity building.
- Nick Small is a strategic advisor with extensive business and technology consulting experience, providing advanced services to both public and private sector organizations. He has an extensive background in defining and delivering initiatives that support clients in transforming their operations by capitalizing on innovative business models supported by proven technologies.
  
  In recent years Nick has specialized in Cybersecurity, supporting key stakeholders in the development and implementation of national cybersecurity programs. In this role he has assisted with the formulation of national strategies, capacity-building of incident response teams and the advancement of cross-border cooperation to advance capacities and drive cooperation. Working with recognized practitioners and thought-leaders, Nick has contributed to the development of cyber resilience through establishing sustainable capabilities to address cyber risks and threats. Across Europe, Africa, and Asia he has engaged with national and corporate leadership to focus on the rapid introduction of solutions that improve provision of service while maintaining advanced cybersecurity capacities.
- Adil Suleiman - African Union Commission - Adil Sulieman is a telecom, satellite and Computer Engineer with a Master’s degree in Computer Engineering. He is a graduate of George Washington University, School of Engineering. He has more than 20 years of International experience in various fields involving Communication Networks, Asset Management, resource evaluation and policy preparation. Adil is a former staff of Intelsat in the USA and worked there for more than 14 years. Since 2012, he has been assisting, in different capacities, the Information Society Division within the department of Infrastructure and Energy of the African Union Commission – an Intergovernmental organization with HQ in Addis Ababa, Ethiopia. Adil has contributed to and managed many projects and conferences around the world including the Pan African e-Network for Tele-medicine and Tele-education, Policy and Regulation Initiative for Digital Africa (PRIDA), Cybersecurity as a Flagship project of the African Union and currently in charge of organizing the African IGF. Adil is a member of the GAC and a resource person for the African School of Internet Governance (AfriSIG). Adil was a member of the working group responsible for developing the African Space Policy and Strategy. Adil is Fluent in both English and Arabic.
- Elizabeth Vish is a Policy Advisor in the Office Coordinator for Cyber Issues in the United States Department of State (S/CCI). S/CCI collaborates with the many entities within the State Department, U.S. Government, private sector, and civil society working on cyber issues. Ms. Vish is primarily responsible for cyber policy engagement in sub-Saharan Africa and State Department policy on cyberspace operations. Ms. Vish joined the U.S. government in 2013 as a Presidential Management Fellow, and has worked on foreign policy and economic issues in both the Economic and Business Bureau at the State Department and the Department of Treasury. Previous to her federal career, she worked in the non-profit sector on policy, programming, and advocacy focusing on democracy and governance issues in Africa and Washington, D.C. She graduated with honors from the Master’s program at the Johns Hopkins School of Advance International Studies, with dual concentrations in International Economics and Southeast Asian Studies.
- Serge Valery Zongo is currently Program Officer at the International Telecommunications Union (UN lead agency for Information and Communications Technologies) and Cybersecurity focal point for Africa region. He worked more than 15 years in information technology and management field in leading interconnection and telecommunications companies.
  
  The last eight years, he coordinates ITU’s initiatives in Africa in building trust, Cybersecurity culture reinforcement for ITU Members and boosting digital innovation ecosystem with a focus on national cybersecurity strategies and CIRTs, Cyberdrill and capacity building. He believes that an integrated and well-aligned synergy of cybersecurity initiatives in the continent is a key enabler of digital transformation in the region.
  
  Serge Valery’s broad experience in the Telecommunications/ICT sector spans over private and public sectors. He holds advanced degrees in Engineering, Computer Information Systems, management and finance.
December 7, 2021 11:30-13:00
Regional-and-International-Initiatives-Palakiyem-Slides.pdf
MD5: 78ad7ed96964f0b169d44b771dcdbe92
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.48 Mb
EG CH TN
Welcome Remarks
Dr. Sherif HashemDr. Serge DrozJean-Robert HountomeyWafa DahmaniDr. Sherif Hashem (FIRST, EG), Dr. Serge Droz (FIRST / FDFA, CH), Jean-Robert Hountomey (AfricaCERT), Wafa Dahmani (ANSI - TunCERT, TN)

Dr. Sherif Hashem is a Full Professor of Information Sciences and Technology at George Mason University-USA. Dr Hashem is a Senior IEEE member and an ISACA Certified Information Security Manager (CISM). Dr Hashem is currently a member of the Board of Directors of FIRST (Forum of Incident Response and Security Teams), and a member of the African Union’s Cybersecurity Expert Group (AUCSEG).

Over the last two decades, Dr. Hashem led several key cybersecurity efforts at the national level, and setting up the framework for further developing the Egyptian Computer Emergency Readiness Team (EG-CERT). In 2015, Dr Hashem became a member of Egypt’s Supreme Cybersecurity Council (ESCC), which is affiliated with the Cabinet of Ministers. As the Chairman of the Executive Bureau of the ESCC, Dr Hashem led the team that drafted Egypt’s first National Cybersecurity Strategy (2017-2021). Successful cybersecurity initiatives and activities led by Dr Hashem have contributed to Egypt’s advanced cybersecurity rank: 14th among 193 countries, as reported by the International Telecommunications Union (ITU) Global Cybersecurity Index in July 2017.

At the international level, Dr Hashem was an expert member of the United Nations Group of Government Experts (UN GGE) on the Developments In The Field Of Information And Telecommunications In The Context Of International Security (Aug 2012 - June 2013), a 15-members high-level group of experts that developed strategic cybersecurity reports to be endorsed by the UN General Assembly. He has been invited to give cybersecurity and ICT professional and strategic keynote speeches by numerous leading international organizations including: UN, ITU, Interpol, NATO, OSCE, OECD, African Union, the League of Arab States, as well as by the US Department of Defense and US Department of State.

Serge Droz is a senior IT-Security expert and seasoned incident responder. Serge works as a senior security engineer at Proton Technologies. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada in different security roles, at a national CERT in Switzerland for more than 20 years.

Serge is a member of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building.

Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Wafa DAHMANI, senior engineer, IT emergency and support Director at National Agency of computer Security . She manages the team responsible for monitoring cybernetic risks with early warning of attacks on national cyberspace, in coordination with Internet service providers and various stakeholders. And coordinating with similar international centers (CERT) in order to identify and combat cybernetic risks and to exchange information concerning new developments on an international scale in the field She is former Director of Network information center and in charge of commercial and competitive intelligence in ‘Tunisie Internet’ which an internet service provider, the cctld technical registry, an Afrinic LIR member and running TunIXP.

Jean-Robert Hountomey works as a researcher for a global technology leader. His expertise includes Product Security, Privacy Engineering, Secure Software Development Life Cycle, incident management, vulnerability research, maturity frameworks, drafting of policy, guidelines, and best practices.

Mr. Hountomey is a Founder and Director of the Africa Forum of Incident response and security teams(AfricaCERT), the African Anti Abuse Working Group. He is a SIM3 auditor, a Member of the African Union Cybersecurity Expert Group, the FIRST Membership committee, the PSIRT SIG, the Vulnerability Coordination SIG, the CVE outreach, and Communication Working Group (OCWG), ISACA (GOLD), OWASP (LIFETIME), IAPP.

He has contributed to cybersecurity frameworks, articles, ICANN, ISOC, AfriNIC, AfNOG, AfrISPA, the GFCE, and the UN OEWG. His research includes issues and opportunities related to law, technology, and Internet Governance.

December 7, 2021 11:00-11:15