• Day 2 Session 2 Workshop 1
  • Day 2 Session 2 Workshop 2
  • Day 2 Session 2 Workshop 3
  • Day 2 Session 2 Workshop 4

Day 2 Session 2 Workshop 1

Think Before You Click: how to run an engaging phishing campaign
Melanie Oldham, Managing Director, Bob's Business Ltd

Think Before You Click is an Outstanding Security Professional Awards winner that has a proven track record of raising awareness of phishing and developing a secure culture within staff. Melanie Oldham, Managing Director of Bob’s Business Ltd, ran a workshop to demonstrate how to make a phishing awareness campaign engaging to the end user.

With 10 years experience within the cyber security field, offering engaging and memorable cyber security awareness campaigns for small and large organisations alike, Melanie is an expert in her field and through Bob’s Business’ cyber security awareness training and phishing awareness training portals, educates over 200,000 users each month.

The latest APWG detailed that Phishing attacks increased 65% over the past 12 months highlighting how effective this approach is to accessing data. With this in mind, we need to ensure that users can spot the sinister emails lurking within their inbox.

Melanie had delegates reevaluating their own campaigns by highlighting the common pitfalls that many organisations fall into and offered solutions that will stop staff making ‘phishy’ mistakes.

Back to Day 2

As Seen In CyberTalk! link to article

Day 2 Session 2 Workshop 2

Think your VPN is secure? Think again...(Live Demonstration)
Graham Bartlett, Technical Leader, Cisco Sytems

In this session Graham described how common VPN architectures have evolved over the years, however, the protocols we use today were designed nearly 20 years ago. Have these protocol stood the test of time?

Delegates investigated a number of attack vectors against VPNs and discussed controls that can be used. Finally, workshop attendees looked to the future of VPNs and investigated what the threat of a quantum computer brings to modern day IPsec VPN designs.

Graham, CCIE No. 26709, has designed a number of large scale Virtual Private Networks within the UK and worked with customers throughout the world using IKEv2 and Next Generation Encryption. Graham’s interests include Security and Virtual Private Networks. Within this space he has discovered zero-day vulnerabilities, including the higest severity security advisory in the March 2015 Cisco IOS software and IOS XE software security advisory bundled publication. He has contributed to numerous IETF RFCs, and has intellectual property published as prior art. He is a CiscoLive speaker and has developed Cisco Security exam content (CCIE/CCNP). He is a CCP (Senior) IA Architect, CCP (Practitioner) Security & Information Risk Advisor, CCNP, CISSP, Cisco Security Ninja and holds a BSc(Hons) in Computer Systems and Networks. Graham is co-author of The IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS (Networking Technology: Security)  

Back to Day 2

Day 2 Session 2 Workshop 3

Cyber Security Body of Knowledge
Howard Chivers, Senior Lecturer in Cyber Security, University of York

Cyber security is recognised as an important element in curricula at all educational levels, from GCSE through to postgraduate, as well as in professional training courses and certifications. However, the foundational knowledge upon which the field of cyber security is being developed is fragmented and as a result it can be difficult for both students and educationalists to map coherent paths of progression through the subject. By comparison, mature scientific disciplines like mathematics, physics, chemistry and biology have established foundational knowledge and clear learning pathways.

As a result, to further the maturity of this discipline the National Cyber Security Centre is funding an academic consortium, led by Lancaster University, to develop a Guide to the Cyber Security Body of Knowledge (CyBOK). The guide will be developed progressively, and when sections related to topic areas have reached an appropriate level of maturity, bridging material will show how foundation topics can be linked to developmental pathways.

During the development of the guide the consortium will seek inputs and reviews from the community of experts. The aim is to develop a consensus for what is regarded as established knowledge and also identify important current topics of debate. We will also elicit requirements that potential educational users have for the material, including how content in the guide should be mapped to learning pathways.

This workshop presented the initiative and then elicited delegates' views on these important foundation topics.

  • View the slide deck
  • Request the audio recording of the discussion - please email
  • Learn more about the CyBOK
  • Visit the CyBOK site later this year to find out about consultations in September and October. These consultations present an exciting opportunity for cyber security professionals that didn't join the workshop in York to get engaged and express views on the scope. Views gathered from these will be used to help inform the scoping, alongside input gathered through other consultations, so get involved now!

Back to Day 2

Day 2 Session 2 Workshop 4

Patching People: What on earth does Information Management have to do with Cyber Security?
Martin Fletcher, Assurance and Information Management Consultant, The National Archives

The National Archives play an important role within government ensuring information is handled correctly. Details on the work we do features in the latest edition of CyberTalk magazine.

The theme of this workshop was how good Information Management and good Cyber Security are both mutually dependent upon one another. Both disciplines need to both be considered for an organisation to protect its information...
- Knowing where information is held and how it’s being used can help identify and prevent cyber attacks;
- Good Information Management can greatly increase efficiency and reduce the chance of data loss;
- In both Information Management and Cyber Security the part of the system most likely to get compromised is the people working with it.

Discussion was on what particular issues delegates face in terms of managing their information effectively, and what delegates are doing to engage their staff in this area.

Back to Day 2

As Seen In CyberTalk! link to article

Find Out More

Get a Quote

Call Me Back

Enquiry Form