CSSA2023

CSSA2023
6 - 8 September 2023

CSSA 2023 in an ever-changing environment

Every day we hear about cyberattacks taking place globally. Cybercriminals are constantly adapting these attacks to catch you unawares.

It therefore remains each individual’s responsibility to think before they click or action an email, message or phone call that sounds slightly suspicious.

This year’s Cyber Security Symposium Africa, in collaboration with Cybersecurity Capacity Centre for Southern Africa (C3SA), is aimed at assisting and providing guidance for any environment! Rethinking the approach to awareness communications, training and cybersecurity architectures toward securing business assets in a time of porosity.

We have a range of speakers that will share their expertise on how you can change the cybersecurity culture in your organisation and inspire staff to protect your digital assets.

Theme

Cybersecurity in an ever-changing environment!

Rethinking the approach to awareness communications, training and cybersecurity architectures toward securing business assets in a time of porosity.

Focus Areas

✓ Cybersecurity awareness as a culture
✓ Artificial Intelligence
✓ Incident response
✓ Cyber hygiene
✓ Cloud security/vulnerabilities
✓ Ransomware
✓ Remote work - Even though various environments are trying to determine what technology is the most secure to use, end users may use their preferred technology, which is risky
✓ People in cyber
✓ Emerging technologies
✓ Proactive vs reactive response
✓ Digital trust

PROGRAMME

Wednesday, 6 September 2023

11:00 – 12:25Registration
Tea & coffee on arrival
12:30 – 12:40Opening and welcome
Richard Van Huyssteen
University of Cape Town
12:40 – 13:25Cybersecurity Capacity Maturity Model for Nations (CMM) – Evaluating your country’s Cybersecurity status
Professor Basie Von Solms
University of Johannesburg
13:30 – 13:55Cyber Hygiene
Siya Ndlovu
Marsh Africa
14:00 – 14:25The State of Cybercrime in Africa
- Liquid C2 Learning Masterclass

Unathi Mothiba
Liquid Intelligent Technologies
14:25 – 15:00TEA
15:00 – 15:25Tracing the Evolution and Strategies of the Rorschach Ransomware: Implications for Security and Defence
Nobukhosi Dlamini
University of Cape Town
15:30 – 15:55Data Protection against Ransomware
Richard Salt
Nakivo
16:00 – 16:40Keeping an AI open for opportunistic attacks
Peter Allwright
Suntera Forensics
16:40 – 16:45Closing remarks

Thursday, 7 September 2023

09:00 – 09:30Registration
Tea & coffee on arrival
09:30 – 09:35Opening and welcome
09:35 – 10:15Cybersecurity update for South Africa + sneak peek of upcoming Cybercrime Community initiative – COBRA
Craig Rosewarne
Wolfpack Risk
10:20 – 10:50Incident Response and ways to be Data Smart
Lauren van der Byl
Legalese
10:55 – 11:25Tabletop Games and Exercises for Cybersecurity Awareness and Incident Response Education - "MalAware" Proof of Concept.
Giddeon Angafor
De Montfort University
11:25 – 12:00TEA
12:00 – 12:25Zero Threat Architecture
Sikhumbuzo Mthombeni
Dimension Data
12:30 – 12:55Navigating a sea of vulnerabilities
Ghamza Jacobs
University of Cape Town
13:00 – 13:30Online child exploitation
Captain Veronica Banks
SAPS
13:30 – 14:30LUNCH*
14:30 – 14:55Fortinet SD-WAN
Cassie Voster
Fortinet
15:00 – 15:30Prior Preparation Prevents Poor Performance – the benefits of a cyber focussed business continuity exercise
Graham Ingram
University of Oxford
15:35 – 16:15Web Cache Chaos: How I got your CDNs to betray you
Keith Makan
Keith Makan Security Consultancy
16:15 – 16:45Securing the Future: Navigating Cybersecurity with Generative AI in Business
Zainab Ruhwanya
University of Cape Town

Friday, 8 September 2023

09:00 – 09:30Registration
Tea & coffee on arrival
09:30 – 09:35Opening and welcome
09:35 – 10:15The SCION Research and Education Network
Professor Adrian Perrig
ETH Zürich
10:20 – 10:50Common information security threats facing Higher Education Institutions
Roshan Harneker & Jamiela Dawood
10:55 – 11:20Current and future challenges to digital forensics
Roshan Harneker
11:25 – 11:55TEA
11:55 – 12:15Investigating the factors influencing individuals’ self-sovereign identity adoption intentions in South Africa
James Clark
University of Cape Town
12:15 - 12:35Exploring Barriers to Blockchain Adoption for Cybersecurity in South African Financial Service Industry
Jack Scott-King
University of Cape Town
12:40 – 13:10Securing the Future: Navigating Cybersecurity with Generative AI in Business
Zainab Ruhwanya
University of Cape Town
13:10 – 13:30Conference closing and prize giveaways

SPEAKERS

Craig Rosewarne

Craig Rosewarne

Craig is the MD of Wolfpack Information Risk - a South African firm established in 2011 that specialises in cyber threat intelligence, research, training, awareness and advisory services. A community of 9000+ information and cyber security specialists subscribe to their regular community updates. We have partnered with senior management teams from all major sectors to understand the opportunities and threats that cyberspace presents. Wolfpack have also been instrumental in driving many strategic cyber security initiatives with stakeholders on the African continent.

Craig was previously an Associate Director of Deloitte's Risk Advisory division. He ran the Deloitte School of Risk Management and was responsible on a national level for learning and innovation for a team of over 400 professionals. Craig has over 18 years of management experience in the fields of IT & cyber security. He is an author, instructor, keynote presenter & provides regular opinion pieces via TV, radio and print/online media. He is proudly South African and an even prouder husband and father to three healthy “cubs”.

MBA, CISSP, CISM, CVE, ISO 27001 Lead Implementer & Auditor, ISO 27035 Lead Incident Response Professional, Certified ISO 27005 Risk, COBIT & ITIL trainer.

Prof SH (Basie) von Solms

Prof SH (Basie) von Solms is a Research Professor in Cyber Security in the Academy for Computer Science and Software Engineering at the University of Johannesburg in Johannesburg, South Africa. He is  attached to the Centre for Cyber Security of the University of Johannesburg and is also an Associate Director of the Global Cybersecurity Capacity Centre of the University of Oxford in the UK, as well as a Board Member of the Cyber Security Capacity Centre of South Africa (C3SA) in Cape Town.

Basie had been an academic since 1970, and has spent most of his career in the areas of Information and Cybersecurity, specifically on the Governance dimension of Information and Cyber Security. He is regularly asked to comment on Cyber Security matters on radio and TV.

Unathi Mothiba

A seasoned Product Manager who is passionate about technology and its ability to transform the African continent.

Having begun his career in the Data Centre and Co-location space he then moved/migrated into the world of Cloud computing and now he is firmly secure in Liquid’s Cyber Security practice.

His purpose is to help Liquid Intelligent Technologies’ clients digital transform SECURELY through an understanding of the interdependencies among the people, processes and technology.

Graham Ingram

Graham Ingram has been the CISO of the University of Oxford for four and a half years, leading both a Governance, Risk and Compliance Team and a CERT. During this time, the university has continued to invest more heavily in INFOSEC to meet the demands of an ambitious programme. This includes an attempt to transform the cyber culture of the institution with an series of people, process and technology interventions. Key amongst these are a series of exercises to improve the preparedness of university senior management for inevitable cyber-attack.

Prior to Oxford, Graham was part of a new Cyber Risk Advisory Team with Deloitte in London. This was his first role after over 20 years in the Royal Corps of Signals. During his time as a British Army Officer, Graham specialised in the procurement and delivery of complex technology programmes including Intelligence, Surveillance and Reconnaissance systems and multi-domain secure IT for deployable operational roles.

Adrian Perrig

Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering at Carnegie Mellon University.

From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University. From 2007 to 2012, he served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his MS and PhD degrees in Computer Science from Carnegie Mellon University, and spent three years during his PhD at the University of California at Berkeley. He received his BSc degree in Computer Engineering from EPFL.

He is a recipient of the ACM SIGSAC Outstanding Innovation Award. Adrian is an ACM and IEEE Fellow. Adrian's research revolves around building secure systems -- in particular his group is working on the SCION secure Internet architecture.

Lauren van der Byl

Lauren is an admitted attorney with experience in litigation, commercial law and data compliance.

She is the head of Data and Regulations at Legalese, a legal consultancy based in Cape Town.

Lauren uses the dual focus of data and regulatory compliance to service clients across the tech and creative industries.

Giddeon Njamngang Angafor

Giddeon N Angafor is the Security Operations Manager at Risual Ltd, a UK Managed Services company. He leads the Security Operations Centre (SOC) Blue Team which specialises in Security Incident and Event Management and Security Orchestration, Automation and Response, (SIEM & SOAR) functions. He is also a final year PhD in Cyber Security research student at the Cyber Technology Institute, Faculty of Computing, Engineering and Media, De Montfort University, Leicester, UK.

From 2017 to June 2021, he served as IT Security Analyst for Hampshire and Isle of Wight Constabulary and Thames Valley Police. 2021 to June 2023 he was Acting IT Security Officer for both Hampshire and Thames Valley Police forces. From 2015 to 2017 he was QA and Security Manager at Capita Healthcare Decisions. Prior to that he served as Principal Software Tester at the same company from2012, to 2015.

He holds an MSc in Security Management (Cybercrime, Information Security & Risk Management) with distinction in from the Institute of Criminal Justice Studies- ICJS, University of Portsmouth. Giddeon’s PhD degree is due completion in September 2023.

Siyabulela Ndlovu

Siyabulela works as a Cyber Security consultant in Marsh's Consulting and Advisory Services department in the South Africa office. He is responsible for supporting clients with Cyber Control Assessment, Cyber Gap Assessment, and Cyber Risk Quantification in this job.

He has worked for two of South Africa's Big Four consulting firms. In 2016, he joined Deloitte South Africa as a Junior Cyber Security Analyst, and in 2021, he joined EY South Africa. He obtained experience in Threat Intelligence, Internal Audit support, SOC Monitoring, and Cyber Maturity assessments while working in these roles.

Captain Veronica Banks

Veronica is a police officer holding the rank of Captain. I am an investigating officer at a unit called Serial and Electronic Crimes Investigation Unit.  We specialise in online child exploitation.  We were trained by the FBI, HSI and law enforcement from Canada, Australia and Germany.

Keith Makan

Keith (BSc) is the founder of Keith Makan Security Consultancy (PTY) LTD. author and a passionate security researcher with a storied career of helping clients all over the world. Keith has worked for clients in Europe, the Americas and Asia and in that time gained experience assessing clients from a plethora of industries and technologies. Keith’s experience renders him ready to tackle any application, network or organization his clients need help with and is always eager to learn new environments. As a security researcher Keith has uncovered bugs in some prominent applications and services including Google Chrome Browser, various Google Services and components of the Mozilla web browser.

Richard Salt

Richard started off his career with the Department of Post and Telecommunications and thereafter moved into the Life Assurance industry with Southern Life. At Southern Life he was introduced to this new device - Personal Computer and the rest as they say was history.

He has held various roles in the IT industry since 1987, including Product Manager, Pre-Sales, Major Account Manager & Business Development both in Hardware and Software technologies. He has worked in IT distribution, IT resellers and multi-national vendors namely, Microsoft, Trend Micro, Skybox Security and now NAKIVO Backup & Replication.

He loves engaging with people and understanding their perspective. He is passionate about helping and enabling clients with the use of technology. With a love for new challenges, he looks forward to establishing NAKIVO Backup & Replication as a leading solution for Data Protection and Disaster Recovery in the South African market.

Peter Allwright

Peter is the Head of Suntera Forensics, headquartered in the Isle of Man. He specialises in board-level crisis management and disputes relating to cybercrime, financial crime, and intellectual property.

Peter leads a team of multi-skilled professionals who provide forensic services to a broad range of legal, insurance, financial services, and gaming businesses across the globe. One of his specialities is investigating high-value cybercrime incidents, where he has to deal with the complexities of foreign jurisdictions and the impact of data protection legislation.

He works closely with law enforcement agencies to track down, detain and extradite hackers for prosecution. He also served as a designated investigator, where the State appointed him to lead a forensic team to investigate maladministration, fraud, corruption, and malpractice within Government.

He has served as a forensic expert during internal disciplinary hearings, mediation and arbitration proceedings, labour court proceedings, and criminal trials both locally and internationally. He is a Commercial Forensic Practitioner, a Certified Cryptocurrency Investigator, a Certified Blockchain Expert, a Certified Open-Source Intelligence Analyst, a Certified Social
Engineering Expert, and a Lean Six Sigma Green Belt.

Ghamza Jacobs

Ghamza has over 17 years' experience working with Information Systems in the public and private sectors. From working as a Microsoft consultant and trainer, to Systems and Security Administrator, Ghamza has a holistic view of Information Technology and cybersecurity. This varied experience allows for a transition between hands on technical work, forensic investigations, incident response, procedure/policy creation, and engagements with both technical and non-technical clients and stakeholders. Ghamza has several certifications from vendors like CompTIA, IBM and Microsoft.

He also has a BCom (Hons) Information systems specialising in Computer forensics from the University of Cape Town. The ability to easily translate technical jargon to help teach and raise awareness on cybersecurity issues has seen Ghamza present to many diverse audiences.

Roshan Harneker

Roshan Harneker is the CISO for KHIPU Networks Limited, a UK and SA-based MSSP. Prior to that, she was the Senior Manager for Information and Cybersecurity Services at UCT where her proudest achievement was building the very first South African university-based (and FIRST.org accredited) CSIRT. She is also a UCT alumnus with MCom and BCom Honours degrees in Information Systems specialising in Digital Forensics, and has guest lectured at several universities about digital forensics and information security.

Roshan has 25 years of IT sector experience in the Network Service Provider (NSP) and Internet Service Provider (ISP) industries (SA and UK), as well as the Telecoms and Higher Education sectors. She has extensive experience spanning digital forensics, network engineering, information security, cybersecurity, systems administration, project management and technical management.

Nobukhosi Dlamini

Nobukhosi Dlamini is an experienced tech manager with over 18 years working in the corporate sector managing IT investments. She holds a BSc Computer Science from UCT, and is studying towards a MSc Cybersecurity from Georgia Institute of Technology specialising in critical infrastructure. She currently works as a Chief Software Technical Officer at the University of Cape Town.

Sikhumbuzo Mthombeni

Sikhumbuzo Mthombeni currently leads Dimension Data’s Cybersecurity Architect team nationally and works with a client base across Gauteng, Western Cape and KwaZulu Natal.

Sikhumbuzo joined Dimension Data as a graduate having worked as a developer at University of Cape Town immediately after completing his BSc Electrical and Computer engineering degree from the same University.  He was exposed to several business units at Dimension Data before pursuing a passion in Cybersecurity.

He has worked with several industry verticals on various Cybersecurity projects working closely with clients and internal teams to ensure the realization of an improved Cybersecurity posture. These projects involve secure networks, cloud environments and applications among other aspects of Information Security.

Jack Scott-King

Jack Scott-King is a young entrepreneur with a strong passion for harnessing emerging technologies to dismantle digital barriers in Africa. In 2016, he co-founded SubjeX, an EdTech platform start-up, that allows leading educators to offer specialised subject MasterClasses to South African Matric students. Currently in his fourth year, Jack is pursuing a Business Science degree with Honours in Information Systems at the University of Cape Town. His academic journey and entrepreneurial pursuits have provided him with valuable insights into the South African EdTech and FinTech sectors. He thrives on expanding his knowledge which has encouraged him to explore how emerging technologies can be leveraged in the Financial Service Industry.

Zainab Ruhwanya

Zainab Ruhwanya is a lecturer in the Department of Information Systems at the Faculty of Commerce at the University of Cape Town, where she specializes in teaching Cybersecurity to postgraduate students and Software Development to undergraduates. She also leads a research group dedicated to cybersecurity and privacy, guiding honours and master's students through their research endeavours. Known for her expertise in cybersecurity, Zainab has been a contributor to both local and international discussions in the field, significantly aiding the advancement of cybersecurity knowledge.

James Clark

James Clark is a dedicated and driven fourth-year student at UCT, where he is pursuing a Bachelor of Business Science with a specialisation in Information Systems. James’s academic journey in the realm of information systems has not only provided him with a strong foundation in technology but has also fuelled his passion for designing innovative digital solutions to address real-world challenges. James and his fellow two team members earned first place at the recent Discovery GradHack competition, where they developed a self-sovereign identity based proof of concept for onboarding new customers to banks. With a keen eye for technological innovation, James has cultivated a profound interest in self-sovereign identity technology, which inspired him to further explore this field as part of his honours research paper.

Cassie Voster

Cassie Vorster is a Senior IT professional with more than 25 years’ experience, working for Global Telco's in various senior management positions. His experience ranges from, Managing Multi-National IT Teams in EMEA, to running the IT Innovations Centre for a leader in the Global Telco industry. Before joining Fortinet, Cassie performed the role of a Senior Network Specialist, with primary focus on Multi-Vendor, managed SD-WAN services and solutions, to solve the business challenges faced by Global top 800 Companies in a Digital Age. With his unique blend of technical knowledge and experience, he understands the challenges faced by Network, Infrastructure as well as Security leaders in todays everchanging environment.

Cassie joined Fortinet in 2021 as the SD-WAN, Business Development Manager for Africa, supporting our valuable Partner Eco-system, to solve our customers business needs and support our customers on their unique journey towards Digital Transformation. His experience includes successful SD-WAN transformations to customers in the Mining Oil and Gas sector, Global Pharma, Retail, Banking and Finance Sector as well as various Government and educational institutions. In a time where change is the only constant, Cassie continuously strives to keep up with the changes in the Security Driven Networks landscape, what impact these changes will have on our Unique customers base and how these changes will impact their Digital Transformation aspirations.

SPONSORS

Proudly sponsored by

CSSA 2023 collaborator

Cybersecurity Capacity Centre for Southern Africa (C3SA) is part of the global constellation of regional cybersecurity capacity research centres which includes the Global Cyber Security Capacity Centre (GCSCC)  and  Oceania Cyber Security Centre (OCSC). C3SA is a consortium between Research ICT Africa (RIA), the Department of Information Systems at the University of Cape Town (UCT), the GCSCC at the University of Oxford, and the Norwegian Institute of International Affairs (NUPI). C3SA is hosted by the University of Cape Town and acts as a coordination and collaboration hub between cybersecurity capacity-building actors in order to reduce duplication of efforts on cyber capacity building in the region.  We are a partner of the Global Forum on Cyber Expertise (GFCE) –  a forum that aims to strengthen cyber capacity and expertise globally.