Program Overview

Adli Wahid is a Senior Internet Security Specialist at APNIC. He has been involved in the CSIRT community for more than 10 years. His previous role includes leading Malaysia CERT (MyCERT) and working for a CERT in the financial sector. Adli is also serving board member of FIRST.Org

Your organization is held at ransom by a group of seemingly politically motivated activists. You determine a lot of the problem is intractable without leveraging both the relationship building capabilities of your CSIRT, and technical skill.

In this workshop you'll walk through a live incident, and discuss the actions you would take together with Adli Wahid, an incident response specialist from FIRST and APNIC. No incident response experience required, but come with an open mind!

Serge Droz is the Vice President OS-CERT at Open Systems, one of the leading managed security service providers in Europe. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. Before joining Open Systems, he worked in academia in Switzerland and Canada, later as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at SWITCH for more than 15 years. Serge is a member of the board of directors of FIRST. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

As many countries, yours probably depends to a great degree on having a reliable water supply. What would happen if this daily infrastructure no longer runs reliably? And what if there's some of our technology behind it?

In this workshop you'll walk through a live incident, and discuss the actions you would take together with Serge Droz, an incident response specialist from FIRST and Open Systems. No incident response experience required, but come with an open mind!

Serge Droz is a senior IT-Security expert and seasoned incident responder. After more than twenty years work in different CSIRTs he now works as a senior adviser for the Swiss FDFA. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada in different security roles as well as at the national CERT in Switzerland.

Serge is a member of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building.

Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Today incident response often involves analyzing large amounts of data (think log files, output of forensic analysis). Some of the analysis will be repetitive, some will be specific to the incident.

Modern data analysis tools allow conducting this work efficiently and in a documented manner. Jupyter Notebooks using the pandas framework are popular among data scientists but not so much in the security community. We try to change the latter.

In this talk we present a basic intro into Jupyter and pandas, illustrating this with real live examples.

Links:

• https://www.educative.io/blog/pandas-cheat-sheet
• https://matplotlib.org/
• https://seaborn.pydata.org/examples/index.html
• https://saturncloud.io/blog/processing-log-files-with-pandas-leveraging-dictionaries-and-lists-to-create-dataframes/
• https://openrefine.org/

Adli Wahid is a Senior Internet Security Specialist at APNIC. He has been involved in the CSIRT community for more than 10 years. His previous role includes leading Malaysia CERT (MyCERT) and working for a CERT in the financial sector. Adli is also serving board member of FIRST.Org

Serge Droz is the Vice President OS-CERT at Open Systems, one of the leading managed security service providers in Europe. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. Before joining Open Systems, he worked in academia in Switzerland and Canada, later as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at SWITCH for more than 15 years. Serge is a member of the board of directors of FIRST. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Already have a CSIRT? Learn how to bring to the next level, including techniques on how to build maturity, how to deal with more sophisticated incidents, manage exercises, and more.

Maarten Van Horenbeeck is a Board member, and former Chairman, of the Forum of Incident Response and Security Teams (FIRST. Maarten is also Chief Information Security Officer with Zendesk. Prior to this role, he was Vice President, Security Engineering at edge cloud network Fastly and managed the Threat Intelligence team at Amazon. Maarten has a master's degree in Information Security from Edith Cowan University, and a Masters degree in International Relations from the Freie Universitat Berlin. He is also Lead Expert to the Internet Governance Forum’s Best Practices Forum on Cybersecurity.

Learn how to build a Computer Security Incident Response Team, operate it, integrate external information sources, and most importantly, enhance your learning by responding to security incidents.

Serge Droz is the Vice President OS-CERT at Open Systems, one of the leading managed security service providers in Europe. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. Before joining Open Systems, he worked in academia in Switzerland and Canada, later as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at SWITCH for more than 15 years. Serge is a member of the board of directors of FIRST. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Hinne Hettema is the tactical security operations leader at Ports of Auckland.

His strengths are in SOC enablement, intelligence and incident response, as well as intelligence driven security operations and security architecture.

In a previous role, he led the security operations at the University of Auckland and has also worked as security architect. He has experience working in security operations in both ICT and ICS environments, setting and driving strategy and incident response. He studied Theoretical Chemistry (PhD 1993) and Philosophy (PhD 2012). As a theoretical chemist, he played with the supercomputers of the time. His first computer was hacked in 1991, after which he developed an enduring interest in cyber security. He is a blogger for APNIC, and maintains a security blog on his LinkedIn page.

In this half day course you will learn rapid triage of malicious content and next steps. These steps can be taken by a small team when targeted by specific malware. After completion of this process you can hand off to your AV vendor with a summary of your findings and links to any reports that you have generated, as well as put in some protection immediately.

The aim is to complete this process in about 30 minutes, have a definite answer whether something is malware or not, and give your AV vendor enough to go on as a starting point, share your findings with colleagues and clearly inform your business about the threat of this specific malware.

After this course, you will be able to: • Understand and strategise the use of malware analysis tools • Understand aspects of the cybercrime ecosystem and the role played by malware • Be able to model attacks and think strategically about defences • Be able to analyse malware to a high level quickly and securely • Be able to share your conclusions with others The course is targeted to beginners in malware analysis and those who need to make sense of the many tools available in this area.

Maarten Van Horenbeeck is a Board member, and former Chairman, of the Forum of Incident Response and Security Teams (FIRST. Maarten is also Chief Information Security Officer with Zendesk. Prior to this role, he was Vice President, Security Engineering at edge cloud network Fastly and managed the Threat Intelligence team at Amazon. Maarten has a master's degree in Information Security from Edith Cowan University, and a Masters degree in International Relations from the Freie Universitat Berlin. He is also Lead Expert to the Internet Governance Forum’s Best Practices Forum on Cybersecurity.

Hinne Hettema is the tactical security operations leader at Ports of Auckland.

His strengths are in SOC enablement, intelligence and incident response, as well as intelligence driven security operations and security architecture.

In a previous role, he led the security operations at the University of Auckland and has also worked as security architect. He has experience working in security operations in both ICT and ICS environments, setting and driving strategy and incident response. He studied Theoretical Chemistry (PhD 1993) and Philosophy (PhD 2012). As a theoretical chemist, he played with the supercomputers of the time. His first computer was hacked in 1991, after which he developed an enduring interest in cyber security. He is a blogger for APNIC, and maintains a security blog on his LinkedIn page.

Maarten Van Horenbeeck is a Board member, and former Chairman, of the Forum of Incident Response and Security Teams (FIRST. Maarten is also Chief Information Security Officer with Zendesk. Prior to this role, he was Vice President, Security Engineering at edge cloud network Fastly and managed the Threat Intelligence team at Amazon. Maarten has a master's degree in Information Security from Edith Cowan University, and a Masters degree in International Relations from the Freie Universitat Berlin. He is also Lead Expert to the Internet Governance Forum’s Best Practices Forum on Cybersecurity.

Serge Droz is the Vice President OS-CERT at Open Systems, one of the leading managed security service providers in Europe. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. Before joining Open Systems, he worked in academia in Switzerland and Canada, later as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at SWITCH for more than 15 years. Serge is a member of the board of directors of FIRST. He also served for 2 years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.