OWASP talk September 2019: Stalk Awareness and Rethinking Threat Intelligence – a quick glance at intelligence led risk management.

The Open Web Application Security Project, or OWASP, is a worldwide not-for-profit charitable organization focused on improving the security of software. The mission is to make software security visible, so that individuals and organizations are able to make informed decisions. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

My place of work, tombola, were kind enough to allow the Information Security team to attend a significant amount of CyberFest events. I managed to attend most of the events, which made following those fantastic events nerve wracking!

I’m one of the founders of OWASP Newcastle, and will write a little about the OWASP event at Dynamo Cyberfest 2019. We’ve come a long way since March 2015, when a small group of less than twenty information security enthusiasts met up in a small Northumbria University building to attend the first set of OWASP Newcastle talks.

OWASP Newcastle usually has 30-40 attendees, so we were expecting a similar number, but to our surprise the tickets kept on rising. We ended up with 84 tickets taken in total which is one of the best we’ve ever done! With ticketed events that are entirely free, there is usually a high drop out rate, seeing 50% attendance isn’t surprising at these events, but fortunately at a quick count it looked like we had about 65 attendees, which was an amazing turnout, we almost filled the room up! I attribute this uptake heavily to the joint promotion between OWASP Newcastle and Dynamo, with the hype around the CyberFest absolutely contributing to our success.

OWASP Newcastle events usually tend to follow the talk-pizza-talk format, as this event did. The initial speaker, Cian, I had heard before at a bsides London event. Cian was giving a talk on stalkerware on the rookie track at the event. I immediately thought he should not have been on the rookie track, limited to 15 minutes. If you’ve spoken to me before I’ve probably tried to convince you to talk at OWASP Newcastle and this was no different. I asked Cian if he could talk and he accepted. His talk on how companies are maliciously marketing stalkerware; software you install on your spouse’s phone when you don’t trust them, was incredibly interesting and I urge you to read through his slides at https://www.owasp.org/images/2/25/OWASP-Newcastle.pdf or even reach out to him directly at @nscrutables.

Pizza, as always, was a big hit! This is the perfect time to network with people. There were some fantastic discussions here, including several of us cornering Cian to ask him about his joint-investigation with Vice into a stalkerware provider who had unfortunately allowed the data generated by their stalkerware to be publicly-available!

The second speaker was Adam Pickering on rethinking how we use threat intelligence capabilities within enterprise to bring about changes to the way we deploy countermeasures against threat actors. This talk was really well received. A highlight was the concept of ‘murder meetings’ or ‘murder parties’, where you bring an idea to the table and the sole-responsibility for everyone else is to pick the idea apart, ensuring the idea is as polished as possible, what a concept! We’ve already started employing this within my team. You can read through Adam’s slides at https://www.owasp.org/images/c/cc/IntelligenceLedRiskManagement.pptx (direct download) or reach out to him directly at @adam_p81.

After that was the pub, unfortunately I was too unwell to attend the pub but I hear there was alcohol and merriment!

We weren’t sure if we could run the event in September, but thanks to Sage; who have sponsored OWASP for the last 4 years by funding rooms and refreshments, our speakers and the help from Dynamo North East we managed to pull it off with shorter notice than usual and with a fantastic turnout!

We hope you can attend our future OWASP events, usually listed in https://www.owasp.org/index.php/Newcastle or @owasp_newcastle, and we hope to host an event for next year’s #CyberFest!

INSIGHTS

Read more Posts

Opencast Secures £32 million DWP Product & Delivery Contract

Unlocking the Potential of Open Source AI: From Llama-3 to Business Solutions

Agentic AI and Large Language Models: Does it all add up?

The Rise of IP-Backed Financing for SMEs