SHe CISO - May 2020, Mentoring Call - CISO Talk

It was a really great to be invited to the SHe CISO mentoring call this May.  Lyn Webb and myself had the opportunity to have a chat with Chani Simms and Didar Gelici around Cybersecuiry challenges. 

In this call I had an opportunity to give a brief inside to my 3xM approach when it comes to dealing with challenges in the cybersecurity culture of organisations. 

The 3xM approach is composed of Mentality > Mindset > Maturity and how these interconnect with each other, in order to compliment each other, in a continuous cycle. Stay tuned for an upcoming talk that will attempt to set some foundations on how leading roles in cybersecurity have a responsibility to evolve towards a holistic 360 approach across all verticals of an organisation (digital ecosystem). 

Security BSides Athens 2019

Security BSides Athens 2019 was the 4th Ethical Hacking / Information Security / Cybersecurity conference that took place in Athens, Greece. Once again we created a conference for the information security community, by the information security community, with a special thanks to all our volunteers. 

Due to the feedback we received we kept the same location again this year allowing more people to explore Athens Impact Hub. We try our best to make the event a unique experience each year and a day to look forward to. We have dedicated ourselves in having more quality in the event, rather that focus on quantity. 

Security BSides Athens 2019 (www.bsidesath.gr) took place at Impact Hub Athens (link). (All the information for our previous events is archived and can be found here: https://www.bsidesath.gr/index.php#Pevents)

This year we managed to reach 230 attendees throughout the day exceeding our expectation. 

We are the conference that introduced the "gamification" of the CTF, and we are very proud that we did that again this year! We tried to have a realistic CTF scenario with the help of our CTF partner Hack The Box, while demonstrating the ethical side of hacking. 

We look forward to seeing you at

Security BSides Athens 2020! 

Gulf Information Security Expo & Conference (GISEC 2019)

The Gulf Information Security Expo & Conference (GISEC) brings together over 6,000 top security professionals to discover cutting-edge solutions, share insights with industry experts and equip themselves with the right tools to protect their businesses from rapidly-evolving cyber attackers.

Supported by Smart Dubai, Dubai Police and the National Cyber Security Center KSA, GISEC is your opportunity to do business and share ideas with the world’s most important tech companies, government officials and private industries.

I was invited to go on stage and present at @GISECDUBAI at the #DarkStage, presenting on “CyberSecurity in Evolutionary Terms”.

#CyberDubai #GISEC #GISEC2019 #SmartDubai #SecurityMindset #ThoughtLeadership


See the GISEC 2019 - Post-show report can be found here

GISEC 2019 Speaker Profile: https://www.gisec.ae/conference-speakers/grigorios-fragkos

Security BSides Dublin 2019

I am very pleased to see Security BSides Dublin 2019 (www.bsidesdub.ie) @BSidesDublin becoming a reality and running for the first time this year. It was a very well organised event that brought together approximately 300 people from around the world in the beautiful city of Dublin. I have traveled numerous times in Dublin and have made many good friends there. This time however, it became a visit to remember!

Talk title: 
Cyber Security in evolutionary terms (food-for-thought), by Dr. Grigorios Fragkos

Abstract:
The Red Queen hypothesis, also referred to as the Red Queen effect, is an evolutionary hypothesis which proposes that organisms must constantly adapt, evolve, and proliferate not merely to gain a reproductive advantage, but also simply to survive while pitted against ever-evolving rival organisms in a continuously changing environment. 

Let's explore under a Cyber lens this evolutionary hypothesis in contrast to the evolving (cyber)threats and our adaptation (as professionals) to equally evolve our Cyber Resiliency capabilities (as an industry). This presentation is an opportunity to explore as professionals our security mindset and draw some personal conclusions on our Cyber Security culture in order to better ourselves.

From user awareness all the way to Cyber Resilience, from developing by writing secure code to the effort it takes in breaking it, from gaps in hiring talents to hiring for the right reasons, this brief session is intended to spark a personal "eureka" moment in the mindmap of each security professional inside and outside the room.

Looking forward to next year's event! 

International Defence Conference, IDEX2019

The International Defence Exhibition & Conference, or IDEX, is a biennial Arms and Defence technology sales exhibition. The exhibition is the largest defence exhibition and conference in the Middle East and takes place in Abu Dhabi, United Arab Emirates.

As Cyber space is officially the 5th domain of operations, Cyber Defense is in everyone's agenda. 

This week I was at IDEX 2019, presenting & sharing expertise on how to tackle the challenge of ‘Measuring Cyber Security Maturity’ especially when it comes to protection entities that have a key role in the Critical National Infrastructure. 

Driving groundbreaking innovation in CyberSecurity required to be able to protect and defend the emerging new technologies and smart cities from evolving Cyber threats. 
#CNI #SmartCity #SmartDubai #CyberRisk #CyberDefense #CyberResilience #MENA #IDEX2019 @IDEX_UAE, Cyber Risk Exposure, #CyberDefense, #CyberResilience, #IDEX

Guest Speaker at the University of South Wales

Invited by USW Cyber Security Society and Information Security Research Group in University of South Wales to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space. 

"Thank you very much for all your sharing today at USW. Just wanted to say you are such an inspiration to me and many others" Maria Peng Wang

See Talk Details --->

Guest Speaker at Cardiff University

Invited by Complex Systems Research Group in University of Cardiff to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space.

Feedback:
"The talk was one of the most useful I have attended during my PhD because it is unusual to speak to someone who can relate between research and industry in cyber security. It was really encouraging and made me look forward to working in the space after my PhD" Matilda Rhode 

"Very Inspiring and a Great Talk" Irene Anthi

See Talk Details --->

OWASP Cambridge at Anglia Ruskin

I was invited by OWASP Cambridge and Adrian Winckles to present my talk "A holistic view on Cyber Security in evolutionary terms" hosted by the Cyber Security Networking & Big Data Research Group, Anglia Ruskin University. 

This evening is part of a series of evening events on raising awareness for local businesses & organisations on the issues of cyber security and cybercrime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times. read more

“Greg is an extremely motivational speaker in the cyber security sector who speaks with a passion accentuating the key messages and issues that the community needs to hear and understand” Adrian Winckles

Adrian Winckles
MSc BEng CEng CITP MBCS
Cyber Lead & Director of Cyber Security & Networking Research Group
(OWASP Cambridge Chapter Leader)
(UK Cyber Security Forum - Cambridge Cluster Chair)
(BCS Cybercrime Forensics Vice Chair)
Anglia Ruskin University
Twitter:  @botflowking

See Talk Details --->

OWASP London at JP Morgan (NCSAM 2018)

Due to the fact October is considered National Cyber Security Awareness Month (aka NCSAM) we were planing an OWASP London Chapter meetup. The meetup was hosted by JP Morgan at Canary Wharf, and it was an opportunity to deliver a talk around Cyber Security and how (cyber)threats have been evolving over the years. 

This time our lineup of talk included:

• "If You Liked It, You Should Have Put Security On It" - Zoë Rose (@5683Monkey)
• "Lessons From The Legion (The OWASP London Remix)" - Nick Drage (@SonOfSunTzu)
• "A holistic view on Cyber Security in evolutionary terms (food-for-thought)" - Dr. Grigorios Fragkos (@drgfragkos)

Global OWASP AppSec EU 2018

The OWASP Global Application Security Conference took place this week in the heart of London. see: OWASP AppSecEU 2018

The QEII conference centre, just across the Westminster Abbey was packed with brilliant minds from all over the world, dedicated in advancing security across all technologies. 

The premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.

As an OWASP London Chapter leader, (@OWASPLondon) it was an honor to be part of the team that delivered this amazing 1 week event. 

The OWASP foundation staff and board did an amazing job and we all enjoyed working together. We reached out to all OWASP chapters across the globe and we are dedicating ourselves in amazing things to come. 

Security BSides Athens 2018

Security BSides Athens 2018 was the 3rd Ethical Hacking conference that took place in Athens, Greece. Once again we created a conference for the information security community, by the information security community, with a special thanks to all our volunteers. 

We love moving the venue to different locations each year to ensure the participants get to "rediscover" the event. One of the main reasons why we love scouting for a new location each year, is because we adapt the conference to the venue's attributes, whichever these are. This is what makes the event unique each year and a lovely memorable experience, while trying to bring more quality, rather that focus on quantity. 

Security BSides Athens 2018 (www.bsidesath.gr) took place at Impact Hub Athens (link) which allowed us to bring a different look and feel to the whole event. (All the information for our previous events is archived and can be found here: https://www.bsidesath.gr/index.php#Pevents)

"Moving Towards CyberResilience", BalCCon2k17

This year is my first time to the Balcan Computer Congress, known as BalCCon (BalCCon2k17) in Novi Sad, in Serbia. I have visited Serbia a few times for work and it is a pleasure to have the opportunity be back, attending this amazing conference and present a talk. 

BalCCon (@balcc0n) is a three-day conference with a great line-up of speakers, hackspace activities that include soldering and hardware hacking, retro gaming, workshops, and a pleasant atmosphere with a party-mood throughout the day. 

This year’s event is the 5th BalCCon2k17.  The conference opened on Friday 15/Sep/2017 by Jelena Georgijevic Krasojevic. She welcomed everyone and gave a small introduction about the event and its history. The event started at 14:00, which gave people enough time to fly to the country in the morning or make sure they had a really good night sleep if they arrived the previous night. 

If you haven't been to BalCCon, it is time for you to make plans for next year. The package includes, amazing talks, plenty activities for people to do, many workshops to attend, a friendly atmosphere, good food, and warm weather. 

Security BSides Amsterdam 2017

My passion for contributing to the information security community as much as possible, led me into getting myself involved with the formation of another information security conference. After a number of discussions, I decided to help out with putting together a Security BSides conference in the Netherlands. More specifically, the first ever Security BSides Amsterdam 2017 (www.bsidesams.nl) took place on Friday, 1/Sep/2017 in the heart of Amsterdam, at Zalen Pakhuis de Zwijger B.V. (dezwijger.nl). 

We tried to engage the Dutch information security community as much as possible as this was  our first attempt to make this conference a reality. We were very pleased to have so many speakers submitting a talk to the conference, and the support of OWASP and especially OWASP Netherlands. 

On our account on peerlyst you will find a list of all the talks of the day, along with their respective YouTube video. 

You can also find all of the videos on our YouTube channel, all combined in one playlist here. 

Security BSides Athens 2017

This was the second Security BSides Athens in Greece this year, which allowed us to move to a slightly bigger venue. We tried to put together a better event since last year and further improve the quality of the conference.

Security BSides Athens 2017 (www.bsidesath.gr) took place at "The Athinais Cultural Center" - ATHINAIS

OWASP London chapter meeting (Guest Speaker)

It is a great honour to have been invited to speak at the OWASP London Chapter meeting this May. (Thursday, 18 May 2017 - Central London)
More importantly, as this meeting is sponsored by WorldPay, it is a fantastic opportunity to share previous work I have done on payment systems over the past few years.   

Allow me to say a big Thank You to the OWASP London Chapter organisers for the work they put in to keep the London chapter so live & active, and of course to WorldPay, for supporting this meeting, and for being so kind to host it at their premises. If you are interested to find out more OWASP, make sure you attend the OWASP Summit 2017.

Given the opportunity for this blog-post, I would also like to thank you all for your messages about my talk. I am very pleased to hear that the tickets for OWASP London Chapter meeting this month were sold-out that fast and that the organisers had to activate the waiting list. The organisers also mentioned that due to the high demand, they will consider live streaming. So, stay tuned for updates on that as I am planning to schedule a number of tweets to go out before and during the talk. Thus, for updates you can follow me on Twitter: @drgfragkos

Guest Speaker for University of South Wales (Information Security Research Group) - InfoSec Community; Stepping into the security industry

I had the pleasure to be invited as a guest speaker to the University of South Wales by the Information Security Research Group (ISRG). The talk was about the Information Security community and more specifically how young professionals can step into the security industry.

During this talk, the students (graduates & postgraduates) had the opportunity to understand and discuss what they can do today in order to ensure they are well prepared when it comes to stepping into the security industry.

The talk included an introduction to what is considered to be a security oriented mindset, provided a number of quick tips, mentioned several online resources, and last but not least how to prepare for an interview. The students among a number of subjects that were raised during the talk, were also introduced to penetration testing types, practices, methodologies, real stories from the industry, tools, and techniques. Black Box testing versus White Box testing was explained, the significance of white-listing was discussed and a brief comparison between Vulnerability Assessments and Penetration Testing was given.

Representing DeepRecce - Conferences list 2016

IRISSCERT Cyber Crime Conference – November 2016
	IRISS is Ireland’s CERT team and provides a range of services to its clients to help them defend and secure their networks and data. This annual conference is now recognised as Ireland’s premier Cyber Security event where experts on various aspects of cyber security share their thoughts and experiences. DeepRecce was represented by Dr. Grigorios Fragkos who delivered a really forward looking talk on Cyber Resilience with the interesting title: All aboard, next stop; Cyber Resilience. The talk familiarised the audience with what Cyber Resilience really is, how a holistic approach to cybersecurity problems is better to protect us from cyber threats, and last but not least, how Cyber Resilience will change once and for all the way cybersecurity is discussed in the boardroom, as it will provide companies the means to stay within budget.
BruCON – October 2016
	One of the most important security conferences for ethical hackers in Europe is BruCON. The event started with security training sessions that lasted for three days and concluded with a two-day conference composed of outstanding security presentations and workshops. It comes without surprise to see so many people arriving to the event from all over Europe to join an interesting atmosphere for open discussions related to critical InfoSec issues, privacy, information technology and its cultural/technical implications on society. DeepRecce was represented at the conference by Dr. Grigorios Fragkos who was invited to present his talk on Point of Sales (POS) and more specifically on Point of Interaction (POI) devices and Virtual Terminals. Even though the research started almost three and a half years ago, the findings were never made publicly available, and have only been presented behind closed doors and to by invitation only events/conferences, in order to be given enough time to acquirers, payment processors and affected parties to remediate the issues disclosed.
Securing Online Gaming – October 2016
	The challenges involved when it comes cyber resilience were discussed at this year’s annual “Securing Online Gaming” in London, on the 4th October 2016. DeepRecce is not only a strategic sponsor to the event, but was also represented by Dr. Grigorios Fragkos with an innovative and forward-looking talk on “Online Gaming towards Cyber Resilience”. The talk focused mainly on: • Today’s challenges & requirements towards security online gaming • How attacks are evolving, and what should we expect • Taking steps for an effective Cyber Resilience strategy
44CON – September 2016
	DeepRecce had a presence at this year’s 44CON in London. We had the chance to meet and catch up with friends and colleagues from the industry. As Cyber Security becomes a more and more boardroom discussion it was a pleasure to see the department of MoJ Digital & Technology at the event who also designed a fun yet challenging Capture the Flag. Information Security professionals from all industries, mostly interested in cybersecurity and ethical hacking, had the change to attend a series of interesting talks and workshops related to security from speakers around the world.
Security BSides Manchester – August 2016
	DSecurity BSides events are Information Security community based conferences happening all over the world and DeepRecce was present at this year’s event in Manchester. Information Security Professionals, experts, researchers, ethical hackers and InfoSec enthusiasts come together to discuss the next “big thing”, not only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance. DeepRecce was represented at the event by Dr. Grigorios Fragkos with a talk about “Accessing the personal details of most of the InfoSec professionals & the Responsible Disclosure process”. Due to the sensitive nature of the contents, the talk was not allowed to be recorded.
Electromagnetic Field – August 2016 – EMF Camp
	A UK based camping festival that takes place every two years for those with an inquisitive mind or an interest in making/breaking things: hackers, geeks, digital artists, scientists, engineers and technology enthusiasts. DeepRecce was represented at the event by Dr. Grigorios Fragkos with a talk on the myths and truths when it comes to hacking airplanes.
SnoopCon – July 2016
	DeepRecce was represented by Dr. Grigorios Fragkos at SnoopCon 2016 invited by the Cyber Security Testing and Validation Team at British Telecoms (BT) in order to attend their annual internal conference, as a guest speaker. This is actually the second time Grigorios attended this by-invitation-only conference, where he was awarded the Best External speaker award in 2015. The conference is known as SnoopCon and it is BT’s Penetration Testing and Ethical Hacking annual meet-up event which lasts five days overall.

in-flight entertainment vs avionics

For those of you who have had the opportunity to see one of my presentations "Can you really hack an airplane: Myths & Truths", you are already familiar with what is really happening and the confusion between in-flight entertainment systems and avionics (https://en.wikipedia.org/wiki/Avionics). I was asked to put this article up by a number of friends in the security industry to highlight a few very important points. The purpose of this article is to provide food for thought. Especially, when you hear someone saying that "hacked" an airplane, or made it fly "sideways" by tampering with its systems through the in-flight entertainment system. Consider the following points and come to your own conclusions. 

Anyone who is trying to "generalise" and claim that during an actual flight, for example through the in-flight entertainment system, managed to take control of the plane and/or that it is possible to actually fly an aircraft like this, should first read what the law has to say about this. (Tokyo Convention 1963). 
Do you really want someone with the excuse of being a "security researcher" tampering with the airplane's systems while you are on an actual flight, because he/she decided that has nothing better to do? I am sorry, but from where I stand, we (security researchers) respect the law, and make sure we have permission to conduct any security assessments & penetration testing, in a safe and approved environment. 

IRISSCON 2016 - 8th IRISSCERT Cyber Crime Conference

IRISSCON 2016 - The 8th #IRISSCERT Cyber Crime Conference
Ireland's first CERT (Computer Emergency Response Team)

This year, my talk was all about Cyber Resilience. The talk provided the opportunity to participants to familiarise and understand what the term really means, and why it should not be considered as another buzzword used in the industry.  

"Threats constantly evolve based on the way our defences counter-evolve, and this cycle is something that is going to happen no matter what. What matters the most, is in what way we act upon, and how our decisions need to be part of a bigger forward looking strategy that does not treat security in an ad-hoc manner, especially when it is too late"

IRISSCON 2016 - IRISSCERT

The 8th IRISSCERT Cyber Crime Conference will be held this year on Thursday the 24th of November 2016 in the Ballsbridge, Pembroke Road, Dublin. www.iriss.ie 

This all day conference, focuses on providing attendees with an overview of the current cyber-threats throughout the world and focuses especially on threats that affect businesses in Ireland, and what should be the best course of action when it comes to defending against these threats. You can find my recap blog post for last year's event here.

Like every year, professionals that work in cybersecurity and tackle cybercrime / cyber threats on a daily basis, will be sharing their thoughts and experiences, while attendees have a unique opportunity to ask questions,discuss cybersecurity strategies, and most importantly will meet and network with likeminded individuals allowing them to share their views and opinions.

I am honoured to be invited to speak at this event and get to share my thoughts and views on cybersecurity and most importantly, on cyber resilience, which is also reflected by my talk's title: "All aboard, next stop; Cyber Resilience". 

The abstract for my talk can be found below and I do hope you find it interesting. If you find yourselves in Dublin during the conference, I strongly suggest getting a ticket on time and join us at IRISSCON, and please come and say hi. It is always a pleasure to meet people who are passionate about information security and cybersecurity, and want to discuss/share their thoughts and opinions. Looking forwards to seeing you all there.