EXPO 2020 Dubai - Connecting Minds, Creating the Future

EXPO 2020 Dubai (www.expo2020dubai.com) is a MEGA-event that was built from the ground up! 

Expo 2020 (Arabic: إكسبو 2020‎) is a World Expo to be hosted by Dubai in the United Arab Emirates. 

Expo 2020 was scheduled to open its doors in Oct/2020, but due to the pandemic it was postponed to 2021 (will be running for 6 months, from 1 October 2021 to 31 March 2022) while keeping its original brand name as "EXPO 2020 Dubai".

(See the wikipedia page for more information).

If you are already resident in the UAE you can seize a unique opportunity to volunteer for EXPO 2020. The Expo 2020 Volunteers Programme, like most of the world’s mega events, is at the heart of the first World Expo that will take place in MEASA (Middle East, Africa and South Asia) region.

Follow Expo 2020 on Twitter (@EXPO2020Dubai) to get the latest update and stay abreast of what is happening #PavilionsPremier #ExpoPavilionsPremiere #Expo2020 #Dubai #UAE

UAE IA Standards: Measuring Cyber Security Maturity

The UAE has become an emerging technology hub in a fast-evolving interconnected digital world while cyber-threats at a global scale are becoming far more complex, and increasingly inevitable.

The UAE has significant resources and is continuously raising the bar when it comes to innovation. At the same time, smart technologies, automation and technological advances make the region a particularly attractive target to threat actors. Effective cybersecurity strategies are moving from a standalone defensive approach to mandatory security programs representing the competitive advantage among whole organisations.

The UAE's federal body released the UAE Information Assurance (UAE IA) Standards on 25th June 2014, as part of the Cyber Security Framework, to manage the country's cyberspace.

Since the release of the UAE IA standard, the UAE and the globe, has seen a nearly exponential growth of cybersecurity landscape. The lates statistics from various sources depict an exponential growth of the cyber landscape while at the same time, offer trustworthy and actionable recommendations for thought-leaders and decision-makers.

Be aware of fraudsters taking advantage of the devastating incident in Beirut

As we have seen in the past, any major breaking news and large events draw the attention of cyber criminals, as they try to take advantage of such situations. It is devastating what happened in Beirut, and many countries have already sent help. 

As a cyber security professional, I would like to seize the opportunity and bring into people’s attention that malicious groups and fraudsters most probably will try to take advantage of the situation in order to profit from it. During such times there is a rise in different types of malicious communications such as, emails pretending to be from legitimate charities, spear phishing messages through all types of social media, even actual phone calls. 

This is a call to everyone to be vigilant, and especially to the security community to come together with a common message, to raise awareness. 

Please do your diligence if you want to help. Do not send money to charities that “pop-up” the last minute without any tangible evidence that these are legitimate. Do not trust links posted on social media about online donations. If you want to send financial aid, do that only through official channels (such as, official government sites). 

Whatever the reason in such difficult times, be always aware that there are malicious groups out there that they only care about taking advantage of such situations. Please keep in mind that every dollar given unintentionally to fraudsters, is a dollar that will be missed by the people who are affected from this unprecedented incident. 

SHe CISO - May 2020, Mentoring Call - CISO Talk

It was a really great to be invited to the SHe CISO mentoring call this May.  Lyn Webb and myself had the opportunity to have a chat with Chani Simms and Didar Gelici around Cybersecuiry challenges. 

In this call I had an opportunity to give a brief inside to my 3xM approach when it comes to dealing with challenges in the cybersecurity culture of organisations. 

The 3xM approach is composed of Mentality > Mindset > Maturity and how these interconnect with each other, in order to compliment each other, in a continuous cycle. Stay tuned for an upcoming talk that will attempt to set some foundations on how leading roles in cybersecurity have a responsibility to evolve towards a holistic 360 approach across all verticals of an organisation (digital ecosystem). 

Security BSides Athens 2020

Given the current situation with most conferences having been canceled in 2020, Security BSides Athens 2020 (www.bsidesath.gr) took the decision to convert this year's event into a virtual conference. Based on that decision, we seized the opportunity to reach out to more people around Greece, and of course, welcoming anyone who wanted to join us from around the world (see here).

A virtual event has many challenges, especially when having to make sure everything is 100% ready before you hit the "go live" button. For the past 5 year, this annual meetup of Security BSides in Athens brought people together from all over the world, both Greeks and non-Greeks. We all have busy lives and we wanted to give people to opportunity to keep in touch with friends & colleagues that we tend to see once a year. Hence, even though we do not want this virtual get-together to be the norm, at the same time, it allows us to stay in touch. In our case, we used this year’s virtual event as an opportunity to a) increase the number of people who can “attend”, b) invest to a bigger/better event in 2021. In other words, as we do this for the community despite how much more work it needed, we are very happy that we are now in a position to say: Security BSides Athens 2020, was not cancelled! ;) 

A big -Thank You- to the whole team for supporting the event and spending their time putting this year's virtual conference together. It goes without saying that we couldn't have done this without our sponsors and speaker, who decided to support this year's Security BSides Athens 2020. 

We have now archived the Security BSides Athens 2020 and you can find all the relevant information (speakers, sponsors, participation, youtube videos, etc.) here: 2020.bsidesath.gr 

Awareness around COVID-19 SMS Phishing (Smishing)

This blog-post discusses an issue known for almost 20years, which is related to the online SMS platforms. Given the recent pandemic and the use of the GSM network for sending SMS notifications to the public, it in an opportunity to raise awareness regarding Smishing (SMS Phishing) attempts, targeting the public which is affected by COVID-19.

In Greece, the number 13033 is being used to send SMS confirmations to people who use this particular service, which is used for registering in advance their daily movements when it comes to get essential goods (such as, going to the supermarket, the pharmacy, etc.) before they exit their homes. Due to the COVID-19 pandemic, this process attempts to limit people’s unnecessary movement(s), in an attempt to minimise the risk of getting affected, or contaminating others in case the person is a carrier of the virus.

Given the importance of the pandemic and the necessity of this service, it is mandatory to mention that it is possible to spoof the SEND ID in order to send SMS updates to recipients pretending to be from the original 13033 service number. This action, have the potential to trick the recipients (general public) in clicking on malicious links, or by using Social Engineering (and potentially scare tactics) to ask recipients to pay a fine that has been imposed. 

"Given the current situation, it would be beneficial to everyone if the Ministry in Greece responsible for operating the 13033 service (and other Ministries around the globe that use similar services), could promote a campaign educating all recipients regarding the potential threat of Smishing"

More specifically, the public should be informed that they should under no circumstances visits any URLs received by the 13033 service and that the 13033 service will not send any messages requesting to pay any fines. The public need to be aware that in case they receive such messages, these should be ignored and deleted.  

The proof of concept for the alluded was tested and proven by @DimisMeu and we decided to publish this blog post in order to be able to raise the necessary awareness. 

Security BSides Athens 2019

Security BSides Athens 2019 was the 4th Ethical Hacking / Information Security / Cybersecurity conference that took place in Athens, Greece. Once again we created a conference for the information security community, by the information security community, with a special thanks to all our volunteers. 

Due to the feedback we received we kept the same location again this year allowing more people to explore Athens Impact Hub. We try our best to make the event a unique experience each year and a day to look forward to. We have dedicated ourselves in having more quality in the event, rather that focus on quantity. 

Security BSides Athens 2019 (www.bsidesath.gr) took place at Impact Hub Athens (link). (All the information for our previous events is archived and can be found here: https://www.bsidesath.gr/index.php#Pevents)

This year we managed to reach 230 attendees throughout the day exceeding our expectation. 

We are the conference that introduced the "gamification" of the CTF, and we are very proud that we did that again this year! We tried to have a realistic CTF scenario with the help of our CTF partner Hack The Box, while demonstrating the ethical side of hacking. 

We look forward to seeing you at

Security BSides Athens 2020! 

Gulf Information Security Expo & Conference (GISEC 2019)

The Gulf Information Security Expo & Conference (GISEC) brings together over 6,000 top security professionals to discover cutting-edge solutions, share insights with industry experts and equip themselves with the right tools to protect their businesses from rapidly-evolving cyber attackers.

Supported by Smart Dubai, Dubai Police and the National Cyber Security Center KSA, GISEC is your opportunity to do business and share ideas with the world’s most important tech companies, government officials and private industries.

I was invited to go on stage and present at @GISECDUBAI at the #DarkStage, presenting on “CyberSecurity in Evolutionary Terms”.

#CyberDubai #GISEC #GISEC2019 #SmartDubai #SecurityMindset #ThoughtLeadership


See the GISEC 2019 - Post-show report can be found here

GISEC 2019 Speaker Profile: https://www.gisec.ae/conference-speakers/grigorios-fragkos

Security BSides Dublin 2019

I am very pleased to see Security BSides Dublin 2019 (www.bsidesdub.ie) @BSidesDublin becoming a reality and running for the first time this year. It was a very well organised event that brought together approximately 300 people from around the world in the beautiful city of Dublin. I have traveled numerous times in Dublin and have made many good friends there. This time however, it became a visit to remember!

Talk title: 
Cyber Security in evolutionary terms (food-for-thought), by Dr. Grigorios Fragkos

Abstract:
The Red Queen hypothesis, also referred to as the Red Queen effect, is an evolutionary hypothesis which proposes that organisms must constantly adapt, evolve, and proliferate not merely to gain a reproductive advantage, but also simply to survive while pitted against ever-evolving rival organisms in a continuously changing environment. 

Let's explore under a Cyber lens this evolutionary hypothesis in contrast to the evolving (cyber)threats and our adaptation (as professionals) to equally evolve our Cyber Resiliency capabilities (as an industry). This presentation is an opportunity to explore as professionals our security mindset and draw some personal conclusions on our Cyber Security culture in order to better ourselves.

From user awareness all the way to Cyber Resilience, from developing by writing secure code to the effort it takes in breaking it, from gaps in hiring talents to hiring for the right reasons, this brief session is intended to spark a personal "eureka" moment in the mindmap of each security professional inside and outside the room.

Looking forward to next year's event! 

International Defence Conference, IDEX2019

The International Defence Exhibition & Conference, or IDEX, is a biennial Arms and Defence technology sales exhibition. The exhibition is the largest defence exhibition and conference in the Middle East and takes place in Abu Dhabi, United Arab Emirates.

As Cyber space is officially the 5th domain of operations, Cyber Defense is in everyone's agenda. 

This week I was at IDEX 2019, presenting & sharing expertise on how to tackle the challenge of ‘Measuring Cyber Security Maturity’ especially when it comes to protection entities that have a key role in the Critical National Infrastructure. 

Driving groundbreaking innovation in CyberSecurity required to be able to protect and defend the emerging new technologies and smart cities from evolving Cyber threats. 
#CNI #SmartCity #SmartDubai #CyberRisk #CyberDefense #CyberResilience #MENA #IDEX2019 @IDEX_UAE, Cyber Risk Exposure, #CyberDefense, #CyberResilience, #IDEX

Guest Speaker at the University of South Wales

Invited by USW Cyber Security Society and Information Security Research Group in University of South Wales to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space. 

"Thank you very much for all your sharing today at USW. Just wanted to say you are such an inspiration to me and many others" Maria Peng Wang

See Talk Details --->

Guest Speaker at Cardiff University

Invited by Complex Systems Research Group in University of Cardiff to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space.

Feedback:
"The talk was one of the most useful I have attended during my PhD because it is unusual to speak to someone who can relate between research and industry in cyber security. It was really encouraging and made me look forward to working in the space after my PhD" Matilda Rhode 

"Very Inspiring and a Great Talk" Irene Anthi

See Talk Details --->

OWASP Cambridge at Anglia Ruskin

I was invited by OWASP Cambridge and Adrian Winckles to present my talk "A holistic view on Cyber Security in evolutionary terms" hosted by the Cyber Security Networking & Big Data Research Group, Anglia Ruskin University. 

This evening is part of a series of evening events on raising awareness for local businesses & organisations on the issues of cyber security and cybercrime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times. read more

“Greg is an extremely motivational speaker in the cyber security sector who speaks with a passion accentuating the key messages and issues that the community needs to hear and understand” Adrian Winckles

Adrian Winckles
MSc BEng CEng CITP MBCS
Cyber Lead & Director of Cyber Security & Networking Research Group
(OWASP Cambridge Chapter Leader)
(UK Cyber Security Forum - Cambridge Cluster Chair)
(BCS Cybercrime Forensics Vice Chair)
Anglia Ruskin University
Twitter:  @botflowking

See Talk Details --->

OWASP London at JP Morgan (NCSAM 2018)

Due to the fact October is considered National Cyber Security Awareness Month (aka NCSAM) we were planing an OWASP London Chapter meetup. The meetup was hosted by JP Morgan at Canary Wharf, and it was an opportunity to deliver a talk around Cyber Security and how (cyber)threats have been evolving over the years. 

This time our lineup of talk included:

• "If You Liked It, You Should Have Put Security On It" - Zoë Rose (@5683Monkey)
• "Lessons From The Legion (The OWASP London Remix)" - Nick Drage (@SonOfSunTzu)
• "A holistic view on Cyber Security in evolutionary terms (food-for-thought)" - Dr. Grigorios Fragkos (@drgfragkos)

Cyber Security Awareness Month 2018

October is known as Cyber Security Awareness Month and in the US it is commonly referred as National Cyber Security Awareness Month (NCSAM). This is a global initiative to raise awareness on emerging Cyber threats and best practices to defend against them, while educating the public and the private sector, on how to tackle cyber security challenges in a fast-evolving digital ecosystem.

‘Security’ is the enabler for evolving and scaling up in a secure manner, while minimising the risk of being affected at an irrecoverable level.

Cyber Security is promoted at an impressive rate during this month, with several awareness campaigns taking place. Typically, these campaigns focus on giving advice around having best-in-class practices when it comes to Cyber Security, sharing thoughts around exposure to unnecessary risk and try to communicate the benefits from having a Cyber Resilience strategy in place, while discussions around defence-in-depth tend to spawn recommendations around different products and services that might help an organisation’s security practice. 

To achieve this, during October several events take place to engage and educate the information security community, while focusing on sharing knowledge, lessons learned, and forward-looking ideas.

Boardroom Briefing on Cyber Risk Exposure, in M&A and deal-flow scenarios

To understand and simplify the current Cyber Risk exposure in Mergers and Acquisitions (M&A), this article focuses on explaining the inner workings and what is currently the state of affairs in the Cyber front, from a deal-flow perspective, while being structured as an informative boardroom briefing. 

"Understanding the Cyber related risks in M&A in this digital era, is an 'investment metric' for a successful decision-making process"

Before jumping into specifics, and to put things in the right context, consider for a moment that every business entity is more or less similar to an alive ecosystem; that is composed of people, services, synergies, cooperation, products, ideas, technologies, dependencies, and advances on different fronts. Effectively, as business entities evolve, by adapting the digital model of operations, the nature of their risk exposure equally evolves due to the numerous emerging Cyber-threats. 

OWASP London Chapter at 44CON

Yes, we are here once again this year, leading the #CyberLondon scene. Information Security, Application Security, Cyber Security, Cyber Defence at #44CON with #OWASP and global Security BSides (London, Athens, Manchester, Amsterdam, Tel Aviv, Lisbon, Cape Town).
#respect #collaboration #inclusion #community #InfoSec #AppSec #CyberSecurity #EthicalHacking #CyberRisk #ThoughtLeadership #CyberSecurityAwareness

@44CON is a well-established security conference in London, with hackers coming to attend and present from all over the world.

The OWASP London Chapter was there.

If you didn't know, there is a whole bus in the venue, that serves drinks. The happy hour is when it is #Gin o’clock at @44CON! View from the top of the bus!

OWASP London Chapter at Facebook

Yes, this whole surface is a screen at the headquarters of Facebook in London. We have been invited by Facebook to host the OWASP London Chapter meet-up at this amazing space. 

T1: "Bug Hunting Beyond facebook.com" - Jack Whitton
Facebook's Whitehat bug bounty program receives 1000's of security bug reports annually, covering a wide range of issues and products. Come listen to some of the interesting bugs Facebook's Whitehat program team handled over the past year, and some pro-tips when looking for bugs outside of "facebook.com".

L1: "Open Source for Young Coders" - Hackerfemo
Inspirational 12 year old Hackerfemo will tell us all about how open source helps him run coding and robot workshops for 10-16 year olds throughout the world.

T2: "Reviewing and Securing React Applications" - Amanvir Sangha
As developers start using front-end frameworks such as React they must be made aware of any related security issues. Whilst React provides developers with proactive measures such as output encoding, there still exist edge cases which can lead to cross-site scripting issues. This talk explores common security issues in the framework and how to defend against them

L2: - "Introducing OWASP Amass Project" - Jeff Foley (remote)
Jeff will introduce the OWASP Amass project - a tool which obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. All the information is then used to build maps of the target networks.

The video recordings of the OWASP London Chapter talks: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki

ISSA UK meet on board the HQS Wellington

This week we had an amazing event with @issauk. The meet took place on-board the @HQSWellington #HQSWellington #InfoSec #CyberSecurity #CyberDefense #CyberDecence 

ISSA-UK, isthe UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. 

Security BSides Athens 2018

Security BSides Athens 2018 was the 3rd Ethical Hacking conference that took place in Athens, Greece. Once again we created a conference for the information security community, by the information security community, with a special thanks to all our volunteers. 

We love moving the venue to different locations each year to ensure the participants get to "rediscover" the event. One of the main reasons why we love scouting for a new location each year, is because we adapt the conference to the venue's attributes, whichever these are. This is what makes the event unique each year and a lovely memorable experience, while trying to bring more quality, rather that focus on quantity. 

Security BSides Athens 2018 (www.bsidesath.gr) took place at Impact Hub Athens (link) which allowed us to bring a different look and feel to the whole event. (All the information for our previous events is archived and can be found here: https://www.bsidesath.gr/index.php#Pevents)