We’ve been waiting for this day and it’s finally happening!
We’re ready to get our dose of inspiration from 10 amazing ladies from cybersecurity who take the stage today. The talks are very diverse and packed with hands-on knowledge from their infosec careers. They will share valuable and insightful personal lessons or present useful case studies or researches.
If for any reason, you can’t be here with us at the event, we’ve got you covered with constant updates from the event. We’ll make sure you don’t miss the most inspiring ideas and tips, words of wisdom from female speakers with varied backgrounds and experience.
What you should do is keep an eye on the DefCamp blog today for the latest updates and infosec stories from #LadiesinCybersecurity 2019.
Monica Obogeanu, Startup Programs Manager @Orange
Innovation & cybersecurity
- Being a woman in the tech world is a big advantage today with lots of opportunities.
- Orange supporting innovation in cybersecurity through various programs, such as Orange Fab, and the company is involved in educational programs (European Cybersecurity challenge conference)
- Launched the Business Internet security report and working on another one.
- “We believe in unicorns and we believe we can raise the next generation of unicorns,” said Monica
10:15 – 11:00
Christina Kubecka, CEO HypaSec
Presentation: Hack the World: IT/IOT/ICS SCADA OSINT
- we have lots of security challenges in different domains: solar and wind – not much security testing, smart electric meters – we do not trust their security and privacy, there’s been 390% increase in attacks against water systems in the USA (2000-2009), agriculture.
- metadata can actually expose passwords, sensitive data, business infrastructure
- election insecurity and how easy you can hack a hotel’s wifi network and access lots of data
- How difficult is security? Institutions and intelligence agencies have issues with security
- we have reached a point where everything is connected, and we need to use testing tools because everything can be hacked given the number of resources available.
- you can always mitigate and put protection around because security gaps expose everyone.
- the book “Down the rabbit hole on OSINT Journey” wrote by Chris
- critical communication become exposed, whether it’s good or bad
- “IT is like oxygen, You don’t know you need until you have to breathe”
- “We all have to stand up and we can do whatever we want. “You know what? I can do it on my own.”
Andra Zaharia, Freelance Senior Content Marketer
Presentation: 5 Key Decisions That Shape Your Infosec Career
- We have lots of role models to look forward and so much we can do and learn.
- there are incredible career opportunities out there for everyone.
- Studies say there are 3.5 million cyber sec job opportunities by 2021
- #1: Decide to build and follow your OWN process:
-Get education and certificates which validate your expertize, learn how to code, understand the field (business needs and understand the context and our role), find key people to learn from, because there are SO many generous people in this industry, willing to share info, learn from mentors and peers, develop a feedback loop to see how’s your current situation and see how to position in relation with others, build a presence in the field (communities: join Peerlyst.com, use Twitter, build a website)
- #2 Decide to play an infinite game:
– prepare to deal with surprises and different situations, develop an appetite for change, you can tap into unlimited growth, and remember to stay engaged and challenged, absorb as much as you can to discover what you love to do (Growth mindset) -> subscribe to newsletters, listen to podcasts, follow journalists and researchers
- #3 Decide to make a contribution
– prepare start as an intern in companies, volunteer at events, go to meetups and conferences, find the people you want to connect, because they have the same challenges as you, answer questions.
- #4 Decide to go PRO
– Be dependable and reliable to differentiate you in the field, get focus and clarity, understand the business, internal processes, the way people talk to each other. Show up and DO YOUR BEST. Articulate your ideas and opinions, because as much as you write about something, the more you know about a topic.
-Cultivate long-lasting curiosity, be always curious and try to put yourself in the shoes of others. Decide what enough means to you, define your guiding principles for your decisions (the backbone of your personality), build strategy vision and foresight.
- #5 Decide to work on something meaningful and rewarding
-boost and cultivate your self-awareness, you’ll learn to see the bigger picture, solve intricate puzzles in infosec which can be rewarding. Work with advanced teams and tech, derive value and personal rewards when you work on something you love.
11:40 – 12:10
Ruxandra Olimid, Lecturer
Presentation: Privacy & Security Aspects in Mobile Networks, talk facilitated by Orange Romania
- mobile networks evolution 1G -> looking forward to 5G
- The problem with the mobile network is wireless, because the information is everywhere, and needs to be secured
- WEP (Wired Equivalence Privacy)
- the problem with wireless: easy to get direct access to the medium (radio) and get sniffed, privacy concerns with the difficulty to detect attacks
- security improvements: encryption, the anonymity of subscribers, authentication of subscribers.
- In mobile networks, the goal is to achieve end-to-end security, and security improvements are needed in all networks: 3G, 4G
- Breaking is easy! Securing is hard! -> useful #infosec education tip to keep in mind.
- Attacks in the wireless world – > in the past it was difficult to obtain the tools to launch attacks, now it’s easier to facilitate experimentation. Low-cost tools are available on a large scale.
- one of the problems in mobile communication up to 4G was the identity request to a mobile network.
- Key takeaways: Learn from mistakes, and be aware of today’s technological revolution. Keep in mind the speed of development vs security, because things go really, really fast. Do we really need so much automation, digitalization?
12:10 – 12:40
Corina Stefania Nebela, Big Data & Cyber Security Architect @ Atos
Presentation: Leverage Big Data in Cybersecurity
- Corina took an indirect path to infosec, having different job profiles and skills. “My personal advice for anyone would be to cross their personal boundaries and to be on a constant quest for knowledge.”
- We need diversity in infosec, because we tackle different and tackle problems, and would help to have broader visions on different issues.
- 60% of organizations victim of major breaches in 2020 (Source: Gartner)
- humans are prone to errors, and they can facilitate the hackers’ work
- 3 things for big data: data velocity, data variety, and data volume, and the higher the volume, the more challenges infosec pros will have
- Big data -> what can we do with it? We use machine learning (supervised and unsupervised)
13:30 – 14:15
Jelena Milosevic, Nurse / Speaker / Independent info security researcher
Presentation: Why I didn’t run away from infosec community
- I started to ask and explain why and how there’s a need for security in hospitals, and raise awareness about healthcare security. Then she started attending conferences as a speaker to share their ideas and needs for securing health requirements and devices.
- People in the infosec community are SO friendly and helpful, and always ready to share info and knowledge.
- Jelena started learning, researching about what she wanted to know about infosec, networking with other cybersecurity experts, and being part of the infosec community.
- Jelena recommends ” If you want to go in any industry, not just infosec, you should also listen and accept what others have to say and what rules they apply”. Finding a mentor is also important for your career path.
- teamwork is essential in infosec because if we work together, we can move things together.
- the position of the women in the world -> Romania is one of the best places for women in tech.
- stimulate children, friends and young people to do what they WANT, and support them to go in the tech world
- The infosec community is open, honest, right to the point, includes women professionals and supporters, and they accept and respect people to be different.
- After 4 years of being in infosec, Jelena’s story looks like this: lots of research projects, attending more than 30 conferences in Europe and USA, including one-time keynote, organizing events such as BSides Amsterdam, or medical village at HIIB, doing consulting for free.
- her final message is “If I can do it, you can do it too”:-)
14:20 – 14:50
Valentina Galea, Ethical Hacker at Bit Sentinel
Presentation: The art of being a lady in a hacking world
- Before entering the cybersecurity industry, she’s been a graphic designer for 7 years in the gaming industry, and then cybersecurity became her “target”
- She changed career at 28 yo, and it was the best decision ever.
- Gaming without hacking and hacking without gaming doesn’t exist
- Career-wise, Valentina started as a QA tester, and now she’s working as a junior penetration tester and aims for being a senior IT Security specialist
- She’s involved in projects that encourage and help noobs to enter the infosec industry, and eager to help the community and share her knowledge
- As an artist, she needed inspiration in her new role in cybersecurity.
- #Cyberinspiration women and role models for Valentina: Kim Vanvaeck, Susy Thunder – specialized in social engineering, Adeanna Cooke
- REMEMBER to: Be open to continuous learning, always look up for new challenges, stay safe and keep your paranoia open, and remember to get off your comfort zone.
14:55 – 15:40
Laura Tămaș, Technical Project Manager, TypingDNA
Presentation: Securing sensitive accounts with MFA and Behavioral Biometrics
- Demo case regarding the typing biometrics authentication – showing the typing behavior and how it influences the way people type (practical and useful exercise)
- Stats: 81% use weak passwords, 50% never changed social passwords for one year, 38% reuse passwords, 80% privileged credentials. Every month we hear about a major data breach.
- the problems with passwords: easy to hack, guessable, often reused for many accounts and shared, accounts being stolen at IdP level, administered poorly, vulnerable to MiM attacks, phishing attacks.
- MFA can be an answer to passwords security and companies need to take it into consideration.
- Two types of biometrics: physical biometrics, and behavior biometric (the way how you walk and talk)
- Behavior biometrics are very hard to imitate, like DNA, and more difficult to be hacked because the behavior is unique.
- TypingDNA MFA -> Is a RESTful API solution that handles 2FA through multiple factors, such as typing biometrics, SMS/email OTP (one-time passwords).
- Biometrics is all about fallbacks and MFA
- In a nutshell, behavior biometrics refers to behavior recording, data engineering, machine learning, and authentication.
- Key benefits/advantages: a higher level of security, deliver great user experience, comply with the latest cyber sec regulations, and adapts at the user’s behavior.
16:05 – 16:35
Sabina – Alexandra Ștefănescu, Co-Founder of Security Espresso
Presentation: WiFi, a cautionary tale. Leakage, pwnage and just plain silliness
- The scary thing about WiFi: *everyone can hear everyone else all the time* (not true for Ethernet)
- Wifi detection tools: WIGLE platform (only captures SSIDs), Kismet (captures SSIDs and devices beacons -> intrusion detection system)
- MAC addresses are personal data protected by GDPR
- Pwnage – > the Karma attacks work by listening to nearby connected devices.
16:40 – 17:10
Lavinia Mihaela Dinca, Ph.D., Data protection and Information Security Analyst
Presentation: Biometric spoofing in the context of biometric key derivation
- encryption importance: more interconnected devices which mean an increased need for security
- biometric spoofing – a big challenge for biometric security
- problems with biometrics: secrecy (biometric data is not secret), revocation (you can’t change your fingerprints), tracking.
- key security issues: liveness detection and smartphone application security.
- biometric key derivation – a good solution to current challenges, but it might actually prove less secure the current system.
- don’t jump into the biometrics bandwagon just because it’s cool.
- multi-biometrics doesn’t increase security in key derivation