March 18

Event takeaway – SecIT 2023

0  comments

My key takeaways from SecIT conference 2023

Setting

  • 15.03. – 16.03.2023
  • Location: Hannover Congress Centrum, Hannover, Germany
  • 2 halls, 3 stages
    • small enough to see everything and have time to talk with exhibitors without FOMO
    • large enough to fill two days without getting bored
  • Parking quite affordable with 3,50€ per day
  • I didn’t book any paid workshops, neither on 14.3. nor any other day
  • The talquee app was surprisingly easy to use and helpful to navigate the program and the location

Day 1

Agiles ISMS und ganzheitliche Beratung – ⁠Expert-Talk

  • Speaker:
  • Akarion offers a cloud-based ISMS solution
  • Updates to assets and processes can also be done automatically via APIs
  • List of stakeholders is also in the tool. In case of an incident all relevant information are in a separate tool
    • Tool-based emergency communication with stakeholders already in dev pipeline
  • Strong focus on (re-)audit support by generation of on demand overviews and reports
  • I think, it is scary on a first glance to have such critical information in a SaaS product. On the other hand, Akarion must focus on security as critical factor to their business whereas on prem ISMS systems may be "just part" of the inhouse security efforts
    • I understood that MFA will be implemented soon

KRITIScher Fachkräftemangel – Keynote

  • Speaker: Manuel Atug, Head of Business Development Hisolutions AG
  • Automation and digitalization increases slow but steady whereas older and experienced employees leave
    • a lot of OT has long term lifespans and loosing the knowhow how to secure and operate it, due to no successors, will become disastrous in the future
  • Employees are often seen as FTE (full time expenditures)
    • looking who may have potential to take new challenges within the company should be first step before looking for new candidates

Manuel Atug's keynote on skills shortage at SecIT 2023

Manuel Atug's keynote on skills shortage at SecIT 2023

Die neuen quantensicheren Kryptoalgorithmen und die Tücken, sie zu implementieren – Keynote

  • Speaker: Klaus Schmeh, Consultant cryptovision
  • CRYSTALS-Kyber and CRYSTALS-Dilithium are most promising algorithms in post-quantum security
  • Both have been developed by German mathematicians Peter Schwabe and Eike Kiltz
  • the increased key length (approx. 2000 Bit RSA vs 12000 Bit Kyber) is one of the reasons, why a migration to the new algorithms will be challenging

Klaus Schmeh naming 2 post-quantum cryptography algorithms on SecIT 2023

Klaus Schmeh showing differences in key length for private keys in post-quantum algorithms on SecIT 2023

Cybercrime wirkungsvoll abwehren – So erschaffen Sie eine nachhaltige Sicherheitskultur – ⁠Expert-Talk

  • Speaker: Christian Reinhardt, Dipl. Psychologe & Awareness Specialist SoSafe GmbH
  • COVID-19 and working from home decreased the security level for companies
    • not only missing technical controls put employees at risk but also missing communication channels and therefore declining awareness
    • grapevine – beside all negative side effects – protected the users regarding security incidents, as e.g. phishing mails where communicated faster and it was convenient to ask a coworker about suspicious mails before clicking
    • decentralized organizations have an initial click rate of 30% compared to centralized organization with 12% in Phishing simulations
  • New channels like Microsoft Teams will also be used for Phishing
    • its a false assumption that these tools are "safe" per se

channels like Microsoft Teams and mobile devices offer new attack vectors according to Christian Reinhardt in his workshop at SecIT 2023

increasing click rates in phishing simulations due to homeoffice according to Christian Reinhardt in his workshop at SecIT 2023

holistic approaches required in security awareness according to Christian Reinhardt in his workshop at SecIT 2023

Preisverleihung "CISO des Jahres" – CISO Alliance e. V.

  • hosts:
    • Ron Kneffel, Head of IT Security Bredex GmbH / Vorstandsvoritzender Ciso Alliance e.V
    • Donald Ortmann
    • Ralf Kleinfeld, Information Security Officer Otto (GmbH & Co KG)
  • winner
  • I especially liked the awareness campaign from A. Obermann-Smith as she made her coworkers and stakeholders in her company the actors for short videoclips, showing everyday security issues in a quite amusing way.
    • This way she generated involvement and some kind of viral effect for the vids in her company

Ron Kneffel pitching the CISO Alliance at the SecIT 2023

Wenn der Deepfake zweimal klingelt ⁠- Show

  • Speaker: Tobias Schrödel , Comedyhacker® IT Security & Awareness
  • he demonstrated live on stage how easy it has become to imitate someone else’s voice
  • he also showed live how a simple picture he took with his mobile of a person in the crowd can be used as a camera filter, so that it seems that this person is on a video call not him
    • yes, the results are not highres yet but triggering the right person in a high stress moment it might be convincing enough
    • Tobias pointed out that we get used to some kind of blurry artefacts in video calls due to the daily use of virtual backgrounds
    • It’s hard to distinguish a visual artefact created by a fake virtual camera from one generated by a virtual background
  • He also pointed out, that these tools still have issues eg with glasses someone is wearing, which might help to identify a fake
  • It was an Aha-moment for me, that we use filters in social media on a daily basis and that the algorithms that recognize our faces there are the same that can be abused to create deep fakes

Demo of software 'xpression camera' by Tobias Schrödel at SecIT 2023

Meeting other students

  • this event was a great opportunity for me to meet IRL other students who study "Cybersecurity" for a bachelor degree at the IU as well

having fun with other students of the IU at SecIT 2023

day 2

Zu Gast bei der heise show: Der Leitende Oberstaatsanwalt und Leiter der Zentral- und Ansprechstelle Cybercrime Nordrhein-Westfalen (ZAC NRW), Markus Hartmann

  • great quote regarding the discussion if strict rules against and punishment of hate speech will lead to overblocking of critical content in social media

    Strafbarkeit ist ein ganz gutes Kriterium um Overblocking zu vermeiden
    — Markus Hartmann

  • he expects that in near future 40% of all cases can be prepared solely by AI for judges to decide
  • T3K is preferred partner for the ZAK to develop AI solutions against CSAM
  • Esp fighting against CSAM, AI might be very helpful as it can preprocess a lot of images much faster than any human
    • 5% of false positives is his target to consider a system reliable
    • regarding CSAM better some false positives than overlooking any victim
    • the AI never decides, this remains the realm for humans

Gehaltstrends in der IT-Branche: Was man über Inflation und Gehaltsentwicklung wissen sollte

  • Speaker: Shezan Kazi, Head of Perm Engineering GULP
  • hint: ask a special recruiter regarding your market value instead of using generic comparison charts
  • if negotiating salary use specific values not ranges
    • the higher end of the range will never be negotiated at the end anyways
  • when negotiating salary with your boss, create a comfy environment e.g. having a business diner instead of a clean conference room
    • priming helps
  • IT/System-admins had the biggest raises since 2017

Shezan Kazi speaking about salaries in IT at SecIT 2023

Statistic about raising salaries in IT presented by Shezan Kazi at SecIT 2023

Angriffe auf deutsche Unternehmen und kritische Infrastrukturen – wie erreichen wir Resilienz? ⁠Podiumsdiskussion

  • Participants
  • A lot of hospitals are not yet KRITIS, but the German "Sozialgesetzbuch" (SGB 5 §75c) also enforces IT-security already for all of them
  • there is a special protocol used for the exchange of medical data called HL7

Env

additional links


Tags

event, SecIT


You may also like

Event takeaways: BSidesMeSh21 – day 2

Event takeaways: BSidesMeSh21 – day 2

Event takeaway: 2. IT-Grundschutz-Tag 2021

Event takeaway: 2. IT-Grundschutz-Tag 2021
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}