CSSA2019

KEYNOTE SPEAKER

Steve Kennett

Steve Kennett served 23 in the Royal Air Force, he specialised in Data communications, Cryptography & Data protection (cyber and Information security).

On Leaving the RAF Steve held senior positions at Kingston Communications and Centrica where he had responsibilities for the Data & IP networks responsible for all aspects of IP and ISP operations, design & strategic management and at Ofcom he was Head of Spectrum Services responsible for all aspects of Enforcement & Interference policy. Steve was part of the successful Ofcom Olympics Spectrum
Delivery team responsible for keeping the Spectrum for the London 2012 Games free from Interference.

Steve is currently the Security Director and SIRO responsible for Jisc’s response to the increasing cyber security threat, providing leadership for the development of the cyber security strategy and policy to ensure that an extensive programme of enhanced cyber security services and initiatives is maintained that protect the network and meets the needs of Jisc’s members and customers whilst maintaining a high level of cyber security across the Janet network and other Jisc services.

 

Keynote Address - Jisc’s Active Cyber Defence

By 2021 UK education and research organisations will be more cyber resilient, better able to respond to security incidents and can demonstrate an increased cyber security posture to enable the UK’s education and research sector to be the most digitally advanced in the world. In the |Jisc Cyber Security Division we work to protect the UK National Research & Education Network (NREN) Janet Network and connected organisations.

The Jisc Cyber Security Divisions mission is to safeguard the current and future network and information security of the Janet network and of our members’ networks, creating a secure environment for organisations and their users to conduct innovative online activities. To do this we will continue to develop and refine products and services to help support an institution’s cyber security policy and to ensure continuity of business and we will continue to invest in shared services to protect the education and research sector.

Since our first security strategy was published in 2015 there have been many developments at both Government and international levels, and the current updated strategy now reflects the UK National Cyber Security Strategy 2016-2021. The way Jisc delivers cyber security has changed considerably to reflect the ever-changing security landscape. The types of threats are continually evolving, and as funding changes within the UK education and research sector Jisc will need to be more agile and innovative about how we work with the UK academic and research sector to address cyber security threats. Our three main objectives to Defend, Deter, Develop continue to help us build upon and improve our capabilities.

SPEAKERS

Akhona Damane

Akhona Damane is currently the Manager: Office of Digital Advantage at CSIR (Council for Scientific and Industrial Research). He is responsible for facilitating the implementation of the South Africa's ICT Research, Development and Innovation (RDI) Roadmap, which seeks to stimulate investment in R&D and Innovation in ICT by both public and private sectors through partnerships with industry, universities, research institutions and international organisations. He guides RDI programs that unearth the potential of the emerging / exponential technologies, such as Data Science, Artificial Intelligence / Machine Learning, Blockchain, Internet of Things, and Cybersecurity within the context of the 4th Industrial Revolution.

Mr Damane has previously worked as the Manager for Knowledge Management and Innovation (2012-2017) at Transnet Freight Rail, where he was responsible for spearheading the Knowledge Management function. Prior to joining Transnet, Mr Damane was employed by the Western Cape Government Department of Human Settlements as the acting Director for Strategy, Monitoring & Evaluation, and Information Management. During 2010-2011, he worked as a part-time Lecturer in Information Systems at the University of the Western Cape, in Cape Town. In recent years Mr Damane has honoured invitations to be a Guest Lecturer at Wits Business School and at University of Johannesburg.

He holds a Bachelor of Science Honours Degree in Computer Science and a Bachelor of Science from the University of Fort Hare. He has completed a number of training certificates in Systems Analysis, Knowledge Management, Project Management, Agile SCRUM and ITIL 4 Foundation. He is currently studying towards an MBA.

Craig Rosewarne

Craig is the MD of Wolfpack Information Risk - a South African firm established in 2011 that specialises in cyber threat intelligence, research, training, awareness and advisory services. A community of 9000+ information and cyber security specialists subscribe to their regular community updates.

We have partnered with senior management teams from all major sectors to understand the opportunities and threats that cyberspace presents. Wolfpack have also been instrumental in driving many strategic cyber security initiatives with stakeholders on the African continent.

Craig was previously an Associate Director of Deloitte's Risk Advisory division. He ran the Deloitte School of Risk Management and was responsible on a national level for learning and innovation for a team of over 400 professionals.

Craig has over 18 years of management experience in the fields of IT & cyber security. He is frequently invited to speak at information security, cybercrime and counter-espionage events. He provides regular opinion pieces via TV, radio and print/online media.

He is proudly South African and an even prouder husband and father to three healthy “cubs”.

MBA, CISSP, CISM, CVE, ISO 27001 Lead Implementer & Auditor, ISO 27035 Lead Incident Response Professional, Certified ISO 27005 Risk, COBIT & ITIL trainer.

Boeta Pretorius

NWU Strategic management and co-ordination of Information and Communication Technology, including:

  • Management of ICT resources;
  • Advocacy for digital transformation;
  • Setting and executing strategy;
  • Provision and optimisation of ICT-supported systems, processes and services for teaching, learning, research and administration;
  • ICT Governance, including development and implementation of ICT plicy and standards;
  • ICT Representation and Positioning in external and internal relationships;
  • and management of IT portfolio.

Wilhelm van Belkum

NWU Management of OI department which includes:

  • Overall responsible for all IT Infrastructure at the University (Strategy, Plan, Implement, Deploy and Operation)
  • Overall responsibility for IT Operational Management
  • Staff Management (3 Department - Operations, Systems and Infrastructure)
  • Key role player in determining ICT strategies and directions at NWU
  • Key role player in IT Governance planning and implementation
  • IT-Infrastructure financial and budget management
  • IT and HE sector collaboration & community engagement
  • Cybersecurity

Maiendra Moodley

Maiendra Moodley graduated from the University of Natal, with a Bachelor of Commerce Degree in Business Information Systems and Information Systems Technology. Subsequently, he read for the Advanced Business Programme and Bachelor of Technology (Management) at Technikon Natal, before studying for his Masters in Business Administration through the University of Wales. His dissertation, on the security risk management measures that banks adopt in online banking, was awarded a distinction. His qualifications include the Foundation Certificate in IT Service Management (ISEB), Advanced Security Management Programme from Technikon Pretoria, Post Graduate Diploma in Forensic and Investigative Accounting and a Master in Security Studies from the University of Pretoria. He is presently reading for his doctorate on financial transformation through the use of ERP systems at the European University in Belgrade.

He is a member of the Golden Key International Honour Society.

Mr. Moodley's diverse experience includes having served as a senior systems auditor, a security architect with a leading retail bank, supervising IT LAN support services, to being a panelist and examiner on the IT programme of a national tertiary institution. Other posts that he has held include serving as a Trainee Accountant, a Senior Risk Consultant, a Principal Consultant, managing a security advisory services function, acting as a Chief Risk Officer to presently serving as a Senior Analyst for Wikistrat. He is the former HoD for Financial Systems and Processes at the State Information Technology Agency. His articles, extensive speaking and teaching engagements presented and published both locally and internationally in India, Kenya, Ghana, Botswana, Mauritius, Tanzania, Zimbabwe, and Zambia, span a wide range of industries and topics such as auditing, fraud, security and risk management to unlocking the strategic value of technology.  He presently provides advisory services to Government customers.

Peter Allwright

Director of Horizon Forensics

Peter is a cyber intelligence investigator and open source intelligence expert.

He specialises in investigating high-value customer data breaches and hunting down hackers in hostile jurisdictions to retain the stolen data. He works closely with local and international law enforcement agencies to detain hackers and to support their successful extradition and prosecution.

He has successfully led local and international search and seizure operations of private residences, business premises and internet service providers, in order to retain stolen data and secure evidence that hackers leave behind. He often has to deal with the complexities of foreign jurisdictions and the impact of data protection legislation.

He has wide experience of dealing with crisis management situations and together with specialised professionals takes care of coordinating the key aspects of resolving the crisis and protecting the client’s position at all times.

He has investigated hacking of data centres, data breaches, domain name hijacking, man-in-the-middle attacks, phishing and spear phishing attacks, counterfeit trademarks, copyright violations, prohibited/illegal content, identity theft, malvertising, ransomware, cyberstalking, cyberbullying, online scams, fraudulent invoices/change of bank account scams, sextortion, defamatory blogs, hacking and reprogramming of master slave devices, software piracy, and the distribution of child pornography.

He uses conventional and unconventional techniques to investigate cybercrime. His conventional methods include a proprietary threat intelligence and investigation platform together with custom-built threat hunting workstations and advanced forensic tools to access information that is out of the public domain. His unconventional methods include system thinking tools that analyse the situation to reveal unknown or hidden associations.

He has successfully guided multidisciplinary forensic teams in Africa, the Middle East, Europe and Asia.

Nadia Veeran-Patel

BCom (Marketing & Business Management) | ISO27001 Foundation | ITIL Foundation | ITIL Service Management |Completed CISSP course | Train the Trainer | Lotus Domino Administrator | Lotus Domino Developer

Nadia has 13 years of IT experience in Service Desk Management, Training, Account Management and Information Security.

She has spent the last 3 years providing advice and assurance on Information Security related activities

  •  Application and Infrastructure Baselines
  • Writing and implementing Information Security policies
  • Leading IT DR testing and planning for inclusion in the Business Continuity Plans
  • Conducting Phishing campaigns with remedial training
  • Vulnerability Management

Nadia trained in the UK in the Information Assurance Maturity Model (IAMM) and successfully adapted and implemented it in South Africa over a 12-month period.

Jacques Ophoff

Jacques is a senior lecturer in the Department of Information Systems at the University of Cape Town.  His research covers a variety of topics within information systems security, with a specific focus on behavioral (human) aspects of information security. Jacques supervises a Security & Privacy Research Group with more than a dozen active research students and has over 40 peer-reviewed publications.

Jacques holds a Ph.D. in Information Technology from the Nelson Mandela Metropolitan University

Stephen Nel

Stephen has over 18 years' experience in Consulting and is currently the Group Senior Manager of Transformational Consulting. He previously was Head Security Consulting for MEA. During his 6 years at Dimension Data, he has worked across multiple industry verticals, assisting organisations with their Transformational and Cyber Security Challenges, aligning these strategies with the organisational business outcomes. His background includes management positions in one of the big four audit firms and working in the financial sector.

During this time Stephen was a Senior Information Security Consultant and at various stages was acting in the Group Information Security Officer role. Stephen worked primarily within Information Security Management and Governance arena where he was responsible for setting Security Strategy and defining the Information security target operating model, he was also responsible for the implementation roadmap for the effective execution of Information Security within the Group.

Stephen has also numerous years' experience assisting local and international companies within the E-commerce industry with their security architecture, strategies, and implementation. During this time Stephen was responsible for defining the security strategies and aligning the strategies to the business strategy. This included the development of and delivery against a security road map.

Mervyn George

Mervyn George is a seasoned technologist, experienced in driving value discussions and implementing enterprise systems at multinational organisations. As a business architect with SAP, Mervyn dedicates his focus to advising leaders of large enterprises on the role technology plays in business innovation and the modernisation of corporate strategy.

Dominic Cull

Dominic holds a master’s degree in ICT law from UCT and specialises in electronic communications regulation. After proving unsuited – due to a stubborn streak of pragmatism – to the formalities of life as an attorney, Dominic founded ellipsis regulatory solutions (www.ellipsis.co.za) as a consultancy seeking to assist those navigating the murky waters of communications law.

Dominic’s brief is to shape policy and regulation towards the interests of ISPA’s members and to ensure effective communication between ICASA and members.

Dr Kiru Pillay

Kiru has thirty years of experience in the ICT sector with the first 23 years as an ICT practitioner and has worked in various industry sectors and in various roles globally.

He has eight years of experience in an academic and research environment and has been based at three South African universities both on a full-time, and currently on a part-time basis.

He is presently in the Public Sector as a Chief Director, Cybersecurity Operations at the Department of Telecommunications and Postal Services (DTPS) responsible for the national Cybersecurity mandate and the management of the national Computer Security Incident Response Team (CSIRT). He also has a mandate for the operationalisation of the Department’s 4IR initiatives via its Digital Transformation Centre.

Kiru holds a PhD in Information Systems from the University of KwaZulu Natal. He is currently a visiting academic attached to the LINK Centre at the University of Witwatersrand and also to Wits Business School, with a primary responsibility of post-graduate supervision with some lecturing responsibilities.

Corien Vermaak

IT law specialist by trade, Vermaak has spent many years working in ICT and representing multinationals.

Vermaak specialises in ICT technologies and network security. She has recently completed studies towards becoming a certified digital forensic auditor.

Vermaak has been instrumental in assisting the Law Society of South Africa with seminars for legal practitioners regarding technology law and cyber crime legislation.

As director of a technology academy, she developed training in cyber security and data protection and audits in large companies.

Paul Beyleveld

Paul Beyleveld is a Consulting Systems Engineer for Cisco Security Sales supporting the sub-Saharan Africa region. He is responsible for providing advice, consultation services and gearing up Cisco customers with end-to-end cyber security capabilities.

Paul has over 15 years' experience in the Cybersecurity industry, 8 of which were spent at Cisco. Before Cisco, Paul was part of the Engineering teams at leading value added cyber security distributors within the sub-Sahara Africa region and worked to design, implement and support encryption, content, network and application security solutions.

Paul is a Certified Information Systems Security Professional (CISSP). He is a self-professed Maker with a keen interest in 3D printing and electronics.

Hylton Brand

Hylton Brand, has over 21 years work experience in government and is currently a Risk Officer at the City of Cape Town.

With a passion for Information Security, he qualified as a CISSP in 2004, graduated with a UCT Computer Forensics diploma in 2009 and obtained Honors degree in 2010.

Specialisations include Information Security awareness, Public education, GRC and Business Continuity.

Noteworthy achievements include spearheading the City’s Cybersecurity Handbook for Cape Town residents and driving information security awareness amongst public servants and officials as part of a 10-year City campaign.

Giuseppe Garau

Giuseppe has more than 15 years of experience in the ICT sector, during his career he has managed projects in Telco and Enterprise focusing mainly on networking and security issues.

Giuseppe has worked in Allot since 2015 as Solution architect for Italy, North Europe and Africa territories focused in Enterprise market.

He took his degree in Telecommunication Engineering at Technical University in Milano.

Mauritz Grobler

Mauritz Grobler is a security Solutions Architect who works as part of the Dimension Data cybersecurity team to develop security solutions that enable their client’s businesses.

Mauritz believes that good security starts with good policy.

“Few things provide me with as much joy as reading a well-managed risk register”

He has been working in information technology for the past 14 years as engineer, sales specialist and solutions architect.

Raymond Maclean

Raymond Maclean is currently a Senior Systems Engineer with the Information and Communication Technology Services (ICTS) department at the University of Cape Town.

He has over 21 years’ experience in ICT; ranging from customer service, network technician and a hardware specialist; to a consultant in the Service Desk environment and as a Systems Engineer.

He has a passion for Information Technology and his interests include basic electronics, amateur radio, gaming, tinkering, security, scripting and automation.

Raymond studied Digital Forensics at UCT in 2017 and graduated in 2019 with a BCom Honours (First Class) specialising in Information Systems (IS).

Prof SH (Basie) von Solms

Prof SH (Basie) von Solms is a Research Professor in the Academy for Computer Science and Software Engineering at the University of Johannesburg, the Director of the Centre for Cyber Security at the University of Johannesburg as well as an Associate Director of the Global Cybersecurity Capacity Centre of the University of Oxford in the UK. Basie is a member of the World Economic Forum’s Global Future Council for Cyber Security.

(Via Video Presentation)

PLATINUM SPONSORS

CSSA 2019 CONFERENCE PROGRAMME

New Lecture Theatre (NLT)
Upper Campus
University of Cape Town (UCT)
View map

Wednesday, 03 July 2019

09:00 – 10:30Registration (tea & coffee on arrival)
10:30 – 10:35Introductions
Richard van Huyssteen
Executive Director: ICTS
UCT
10:35 – 10:45Welcome
Dr Reno Morar
UCT
10:45 – 11:15The emerging cybersecurity legislative framework and obligations for organisations
Dr Kiru Pillay
South African Department of Telecommunications and Postal Services (DTPS)
11:15 – 12:00Cyber self-defence; organisation, people and country risk
Craig Rosewarne
Wolfpack
12:00 – 13:00LUNCH
13:00 – 13:35Session chair: Roshan Harneker
Security as an Elusive Service
Maiendra Moodley
Government advisor
13:35 – 14:10The South African ICT R&D and Innovation Roadmap
Akhona Damane
Council for Scientific and Industrial Research
14:10 – 14:45Cybersecurity: A Smart-City Perspective
Hylton Brand
City of Cape Town
14:45 – 15:15TEA
15:15 – 15:45Platinum sponsor: Dimension Data
Dimension Data’s Global Threat Intelligence Report

Mauritz Grobler
15:45 – 16:30Cornered in the pool room – using unconventional techniques to find a hacker
Peter Allwright
Horizon Forensics
16:30 – 16:45Closing remarks
18:00Conference Dinner

Thursday, 04 July 2019

08:00 – 09:00Registration (tea & coffee on arrival)
09:00 – 09:05Welcome
Andre Le Roux
09:05 – 09:50Keynote address
Jisc’s Active Cyber Defence
Steve Kennett
JISC
09:50 – 10:20Cyber Security Capacity Building for the 4th Industrial Revolution
Basie von Solms
University of Johannesburg
(pre-recorded presentation)
10:20 – 10:50Cybercrime bill what is next for South Africa
Corien Vermaak
Cyber security and IT law specialist
10:50 – 11:20TEA
11:20 – 11:55Session chair: Penny Thompson
Are we ready to embrace the future of work?
Mervyn George
SAP
11:55 – 12:30Cyber resilience
Nadia Veeran-Patel
ContinuitySA
12:30 – 13:00Network Intelligence to See, Control & Secure IT
Giuseppe Garau
Allot
13:00 – 14:00LUNCH
14:00 – 14:30Session chair: Ghamza Jacobs
Developing an IT cyber security strategy in a vacuum
Boeta Pretorius & Wilhelm Belkum
North-West University
14:30 – 15:00Jedi Mind Tricks 101: Social Engineering - Vice, Virtue or …
Jamiela Dawood
University of Cape Town
15:00 – 15:30Awareness of cybersecurity risks (Phishing) leads to well-informed user choices
Richard Hlalele
University of Johannesburg
15:30 – 16:00TEA
16:00 – 16:25Determining the key factors that lead to the adoption of password managers
Raymond Maclean
University of Cape Town
16:25 - 17:00Interactive Session
17:00 – 17:15Closing remarks
17:15Cocktail Function

Friday, 05 July 2019

08:00 – 09:00Registration (tea & coffee on arrival)
09:00 – 09:05Welcome
Roshan Harneker
UCT
09:05 – 09:45Dominic Cull
Ellipsis
09:50 – 10:20Platinum sponsor: Dimension Data
Multi- cloud security
Stephen Nel
10:20 – 10:50The Cybersecurity Capacity Centre for Southern Africa
Jacques Ophoff
UCT
10:50 – 11:20TEA
11:20 – 11:40Allot DDoS solution for Enterprise
Giuseppe Garau
Allot
11:40 - 12:10Paul Beyleveld
Cisco
12:10 - 13:00Panel Discussion
13:00 - 13:15Conference closing and Lucky Draw
Richard van Huyssten
UCT
13:15TAKEAWAY LUNCH
13:30 – 15:30Cybersecurity SIG meeting
By invitation only