OWASP talk September 2019: Stalk Awareness and Rethinking Threat Intelligence – a quick glance at intelligence led risk management.

The Open Web Application Security Project, or OWASP, is a worldwide not-for-profit charitable organization focused on improving the security of software. The mission is to make software security visible, so that individuals and organizations are able to make informed decisions. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

My place of work, tombola, were kind enough to allow the Information Security team to attend a significant amount of CyberFest events. I managed to attend most of the events, which made following those fantastic events nerve wracking!

I’m one of the founders of OWASP Newcastle, and will write a little about the OWASP event at Dynamo Cyberfest 2019. We’ve come a long way since March 2015, when a small group of less than twenty information security enthusiasts met up in a small Northumbria University building to attend the first set of OWASP Newcastle talks.

OWASP Newcastle usually has 30-40 attendees, so we were expecting a similar number, but to our surprise the tickets kept on rising. We ended up with 84 tickets taken in total which is one of the best we’ve ever done! With ticketed events that are entirely free, there is usually a high drop out rate, seeing 50% attendance isn’t surprising at these events, but fortunately at a quick count it looked like we had about 65 attendees, which was an amazing turnout, we almost filled the room up! I attribute this uptake heavily to the joint promotion between OWASP Newcastle and Dynamo, with the hype around the CyberFest absolutely contributing to our success.

OWASP Newcastle events usually tend to follow the talk-pizza-talk format, as this event did. The initial speaker, Cian, I had heard before at a bsides London event. Cian was giving a talk on stalkerware on the rookie track at the event. I immediately thought he should not have been on the rookie track, limited to 15 minutes. If you’ve spoken to me before I’ve probably tried to convince you to talk at OWASP Newcastle and this was no different. I asked Cian if he could talk and he accepted. His talk on how companies are maliciously marketing stalkerware; software you install on your spouse’s phone when you don’t trust them, was incredibly interesting and I urge you to read through his slides at https://www.owasp.org/images/2/25/OWASP-Newcastle.pdf or even reach out to him directly at @nscrutables.

Pizza, as always, was a big hit! This is the perfect time to network with people. There were some fantastic discussions here, including several of us cornering Cian to ask him about his joint-investigation with Vice into a stalkerware provider who had unfortunately allowed the data generated by their stalkerware to be publicly-available!

The second speaker was Adam Pickering on rethinking how we use threat intelligence capabilities within enterprise to bring about changes to the way we deploy countermeasures against threat actors. This talk was really well received. A highlight was the concept of ‘murder meetings’ or ‘murder parties’, where you bring an idea to the table and the sole-responsibility for everyone else is to pick the idea apart, ensuring the idea is as polished as possible, what a concept! We’ve already started employing this within my team. You can read through Adam’s slides at https://www.owasp.org/images/c/cc/IntelligenceLedRiskManagement.pptx (direct download) or reach out to him directly at @adam_p81.

After that was the pub, unfortunately I was too unwell to attend the pub but I hear there was alcohol and merriment!

We weren’t sure if we could run the event in September, but thanks to Sage; who have sponsored OWASP for the last 4 years by funding rooms and refreshments, our speakers and the help from Dynamo North East we managed to pull it off with shorter notice than usual and with a fantastic turnout!

We hope you can attend our future OWASP events, usually listed in https://www.owasp.org/index.php/Newcastle or @owasp_newcastle, and we hope to host an event for next year’s #CyberFest!

Read more posts

Newcastle tech firm strikes partnership…

28.10.2019

Sunderland AFC has partnered with tech firm Advantex to enhance the club’s technology and communications. Established in 2002, Advantex has created a communications solution aiming to connect the entire club…

Read more

MSP reaffirms commitment to North…

28.10.2019

A company who specialise in precision software and part manufacturing solutions and works across the world with some of the biggest names in global manufacturing, has reaffirmed its commitment to…

Read more

Turnover and profit up at…

22.10.2019

The North East’s leading independent law firm for businesses, Muckle LLP, has reported an increase in income and profit for year ending March 2019. Newcastle based Muckle LLP saw turnover…

Read more

Join our
mailing list