Cambridge

Local News

OWASP Cambridge Chapter Security Spring Seminar

Tuesday 7th March 2017 17:30 – 20:30, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge. Hosted by the Department of Computing & Technology, Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter

Spring Presentations

Guest speaker: Andrew Tillman, 8ARC Ltd

Abstract: “Introduction to Open Source Intelligence"

This talk will provide an introduction to Open Source Intelligence and give an insight into what is needed to conduct an Open Source Intelligence Investigation. The subject matter is designed for persons who are interested in the information discovery phase of an investigation and/or research activity, and will provide theoretical and practical advice and guidance.  The learning points gained from the ‘Introduction to Open Source Intelligence’ are intended to be transferable for numerous uses and are adaptable for both public and private sector organisations.

Biography: Andrew Tillman

Andrew is the CEO of 8ARC LTD, a cyber intelligence and information security management company specialising in protecting businesses and consumers from cyber and cyber-enabled crime. Andrew has extensive detailed and specific experience in the cyber intelligence/investigations arena. As the former Head of Intelligence for National Trading Standards (NTS), Andrew built the first National Trading Standards e-Crime Intelligence Hub, and also the NTS Intelligence Team. In addition to the aforementioned, Andrew has developed and delivered numerous training events, nationally and internationally, on subjects such as Open Source Intelligence (OSINT) cyber intelligence/enforcement, and exploitation of emerging technologies for use in large scale frauds.   Guest Speaker: Andrew Thompson, Solutions Architect, Checkmarx

Biography: Andrew Thompson

With over 20 years experience in IT, Andrew is an industry veteran. He started off working in IBM mainframes prior to spending several years as a Java programmer. Building on his lengthy career debugging code, Andrew’s current goal is helping development teams increase their debugging efficiency.

Abstract - 1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness

We created an application security awareness kit for organisations to run a month long secure coding awareness enhancement program with their developers. We shipped 362 physical kits including an interactive quiz, giveaways and other incentives. During this session you will learn how to effectively educate developers on secure coding best practices, play an interactive gamified session and demonstrate your knowledge and win your very own secure development kits.

Learn how to engage developers with Application Security

View a case study about Application Security education, how it can be gamified and made interactive and appealing to any audience

Request your own education kit to try it out within your organization

Understand why developers are a core function in the cyber security world and why it is critical that they become more security aware

Guest Speaker: John Haine, Chairman, IoT Security Foundation

Biography: John Haine

John Haine has spent his career in the electronics and communications industry, working for British Telecom, Marconi, PA Consulting, and with start-ups including Cognito and Ionica. His technical background includes R&D in radio circuitry and microwave circuit theory; and the design of novel radio systems for cordless telephony, mobile data, and fixed wireless access. He has led standardisation activities in both the latter areas in ETSI, and contributed to WiMax.

In 1999 he joined TTP Communications working on research, technology strategy and M&A activities; and after the company’s acquisition by Motorola became Director of Technology Strategy in Motorola Mobile Devices. After leaving Motorola he was CTO Enterprise Systems with ip.access Limited, the leading manufacturer of GSM picocells and 3G femtocells. In early 2010 he joined Cognovo Limited, which was acquired by u-blox AG in 2012. In u-blox John worked on RF platform strategy for future wireless modules. He led u-blox’ involvement in a major 3GPP standards activity on low complexity cellular communications for the Internet of Things, and the company’s early development of devices for trials and demonstrations. Now retired from u-blox he is Royal Academy of Engineering Visiting Professor at Bristol University, focusing on Radio Systems for the Internet of Things.

John has a first degree from Birmingham (1971) and a PhD from Leeds (1977) universities. He is a member of the IET and IEEE and serves on the Cambridge Wireless Board.

Abstract: “Overview of the IoT Security Foundation”

The IoT Security Foundation is an industry group set up in 2015 to document and promulgate best security practice for IoT devices and systems. In December 2016 it published its initial set of guidelines and its "Trust Framework", initially aimed at connected consumer products. Together these are intended to support a process by which any party in the IoT supply chain can apply best practice in developing, supplying and supporting its products and services, so that we can build a "supply chain of trust". The Foundation has 79 members from across the IT industry ranging from large multi-nationals to one-man-bands, including several universities. Work continues and revised and updated documents will be released in June and December 2017, widening the scope to cover other types of product and service. This presentation will give an overview of the IoTSF and its activities.

Background

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.

Agenda

17:30 – 17:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University 17:45 - 18:30 Talk from Andrew Tillman, 8ARC Ltd “Introduction to Open Source Intelligence" 18:30 - 19:15 Talk from Andrew Thompson, Checkmarx, “1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness” 19:15 – 20:00 Talk from John Haine, Chairman, IoT Security Foundation, “Overview of the IoT Security Foundation”. 20:00 – 20:30 Refreshments & Networking in LAB006

Registration

To register for this free event, please register online at

https://www.eventbrite.com/e/owasp-cambridge-chapter-spring-security-seminar-tickets-32352865291

The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).

Please enter through the Helmore Building and ask at reception.

---

Meeting Location

Anglia Ruskin University

Cambridge Campus

East Road

Cambridge

CB1 1PT

Get further information on travelling to the university.

http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/cambridge_campus/find_cambridge.html

Everyone is welcome to join us at our chapter meetings.

Planned dates for upcoming events

Thursday 19th January 2017

Wednesday 25th January 2017

Tuesday 7th February 2017

Tuesday 7th March 2017

Tuesday 4th April 2017