West of Scotlands First Student-Led Cyber Convention
Glasgow Caledonian Cyber Convention abbreviated G3C will bring together individuals who either work in the Cybersecurity industry, are studying a Cybersecurity related course or have a general interest in Cybersecurity. This family-friendly event will run on the 12th October 2019 at Glasgow Caledonian University. Running from 9 am to 5 pm, throughout the day we'll have engaging speakers, workshops and panel discussions.
Emergency Responders have a vital role. Their skills are vital in trying to stop a malware outbreak or a breach in progress.
This role requires a mix of digital forensics, penetration testing and administration skills. This is one of the exciting new challenges that having a career in infosec has.
Are you up for it?
27 Years ago Rory completed his degree at Glasgow Caledonian University... in Accountancy. Since then he has held a number of roles in IT and IT security, working as a security/penetration tester for the last 14 years. He has presented at a number of UK and international security conferences and helped organize the first two BSides events in Scotland. He is on twitter as @raesene
From the outside penetration testing can often appear to be an unusual role involving typing on 4 keyboards simultaneously whilst wearing a ski mask (if stock photographs are to be believed) This talk will look at some of the realities of life as a pentester and discuss how the industry in the UK has developed over the last 20 years.
Andy is a hacker at heart, who's always been interested in taking things apart and sometimes even putting them together again. As his day job, Andy works as a senior penetration tester who is capable of delivering a wide spectrum of assessment types. However in his free time he can be found blogging, speaking at events, tweeting from @ZephrFish & @ZephrSec or researching different tech.
A tool that is often overlooked and has become more and more popular recently when attacking windows networks is bloodhound. It can be leveraged to gain access to different paths to compromise and Pwnage on a network, making it a very powerful tool for assessing routes to compromise!
Abigail McAlpine is a Cyber Security Researcher with the Secure Societies Institute at The University of Huddersfield studying the sharing of PII on digital systems and how social media encourages users into sharing information with ever expanding and insecure circles.
PII authentication has been used everywhere, from banks, phones, utilities, job roles and even forgotten password authentication. Now with the amount of data breaches and lost PII of users, is it a safe way forward for our next generation? We now have more PII information available online than ever, with social media encouraging the sharing of personal data on a regular basis, is PII a secure way to authenticate users in future? This material is innovative as it looks at the amount of information that can be collected about users to collate a full picture of their lives, this research especially focuses on children who are sometimes victims of their own parents social sharing, with some parents sharing every aspect of their children's lives online before they are old enough to have their own profile.
A bit about the penetration testing industry with several anonymous anecdotes about important "hacks" in my career and what was learned from them. This is about passing on lessons from the front-lines back to people about to embark on their own adventure. Learn about: * delivery of tough news to customers. * times I was less than professional. * my perspectives behind some old news headlines. * ... n more things.
This talk will not be recorded. Live performance only.
Lead Software Security Engineering at large MSSP, with origins in software development. Interests in application security with a focus on web based applications. Additionally a co-leader of OWASP Scotland.
Software development today is a far cry from software development from yesteryear. Gone are the days of developing something from the ground up. Software development now involves “stitching together” numerous libraries and frameworks together to develop the desired system/application. We are now dependent on 3rd party vendors and providers now, more than ever before. This has greatly help to aid the generation of rapid development. However, this helped to introduce a new, and often overlooked problem, weakness introduced by these libraries. Why would an attacker spend significant effort and time trying to break through the front door of an organization, when they can instead open a backdoor for themselves? The purpose of this talk is to raise awareness for the potential problem, with some recommendations of tools and approaches which could help. Discussing past examples where backdoors have been placed into libraries, as well as discussing some of the difficulties to keeping libraries up to date.
Ross is a Cyber Consultant with Seric Systems in Glasgow, helping customers reach an assured security posture of their networks. Ross is a CISSP, ISO27001 Lead Implementer and Advanced Cyber Essentials Practitioner. Through vulnerability management, risk management and penetration testing, Ross enables people to engage with digital technology, free from the doubt of ever-evolving cyber threats. Ross’ ambitions are aligned to Scottish Government’s strategy for a Safe, Secure and Prosperous Scotland, making our wee country a fantastic place to do business. Finding solutions to complex security issues, led to Ross and Seric winning the Scottish Cyber Awards 2018, for Outstanding Customer Experience. In spare time, Ross volunteers with SmartSTEMs.org delivering hugely successful workshops to children, focussing on teamwork, cryptography and problem solving. The workshops are aligned to Curriculum for Excellence Experiences and Outcomes, so very popular with teachers whilst helping address the skills and gender gap within the Cyber Security industry.
CyberSafe Escape Room
In industry, user Awareness is an ongoing concern and practical experience in a group setting is a fantastic way to make learning outcomes stick. The CyberSafe Escape Room is a short taster session and focusses on Security through Obscurity (and why it’s a bad idea)!
You’ll find yourself in the abandoned R&D Department of the defunct Caledonian Bank, where it is rumoured a stash of treasure was left behind. Against the clock, your team must search the room for information and clues, crack safes and collect the goods!
Like in business, the key strategy is communication, “See it, Say it”…and realise first hand how poor InfoSec practices are easily exploited!
I am currently a final year student at Bournemouth University, studying Forensic Computing and Security. Recently I have had the excitement of winning BSides London Rookie Track and am hoping to continue working on projects for conferences.
My newest venture is helping to host and set up Bournemouth 2600 as a branch off the London meet, and I am also keen to get stuck into as many InfoSec communities as possible! Here to learn and in turn also try and help others!
DigiSpark programming to interact with Mobile Devices
Description - This short workshop will include an in depth look at the make-up of the DigiSpark and how it's interacting with your mobile device. We will be looking at how you can program the DigiSpark to unlock your device. The DigiSparks will be provided, all you will need is your laptop with the Arduino IDE installed (if you're not sure on this I will also cover this) and a phone!
Steve(@a8n_pub) is the co-founder and CEO (Caffeine Extraction Officer) of the Moon on a Stick Lock Picking and Cold Brew Emporium (@MoononaStickLP), founded with the aim to educate people about the joys of physical security (and provide highly caffeinated beverages to hungover conference attendees). A former MoD research scientist, he's been involved in the IT security industry for over 25 years, and a qualified Check Team Leader since 2001. Working mostly on the offensive security team at a large British telecommunications provider.
"A long time ago, well roughly 5 years ago, two like minded people met and formed a partnership the likes of which the galaxy has never seen... with their powers combined they formed an internet security podcast called..."Weegiecast"
Dave and Andy, two proud Glaswegians, became friends over a shared love for technology, music and top notch banter. At the beginning Dave had just graduated from Glasgow Caledonian University after studying Audio Production and was looking to break in to the audio industry. By this point, Andy was well on his way to becoming a respected member of the infosec community. After some late night discussions over exactly what it is to be a "hacker", Andy decided to write a series of blog posts aimed at helping people like Dave wrap their heads around a technologically diverse and expansive subject with the hope of sparking new interest in the field and launching careers.
After a few years the turbulence of daily life took Dave and Andy different directions, until in mid 2019 the pair got back in contact, just as Dave was looking to change career direction following a redundancy towards the field of internet security. By this point, the aforementioned blog posts were turned in to a book - To date, "Breaking Into Information Security - Learning the Ropes 101 by Andy Gill" has sold over 10k copies both printed and digitally, across the globe.
As Andy continued Dave, during a drive to Steelcon 2019 where they talked all things hacky for 5 hours straight with barely a breath between sentences, it became clear that these discussions greatly benefited from having both the perspective of a newcomer in the industry and, by now, a seasoned veteran.
And thus, Weegiecast was born! A podcast aimed at tackling the diverse and often complex elements within internet security, in the hope that it may encourage others who may feel that a career in hacking is either unrealistic or beyond their capabilities, from all walks of life and starting positions."