On Tuesday 23 November a number of CISOs and CIOs gathered in an online mini symposium for a better approach of security. The symposium had an interactive element where CISOs/CIOs were given the tools, information and resources that allow them to look further and deeper than their day-to-day business.
Themes and speakers
Speaker Pepijn Vissers from Chapter 8 talked about the how and why of Purple Teaming. He explained why ‘assume breach’ is essential, and shared a number of war stories. A few of his take-aways:
- Know your assets
- Expect resistance (following the Kübler-Ross model)
- Celebrate successes
Prof. Dr. Peter de Kock from the University of Tilburg & Pandora Intelligence spoke about the possibilities of data science in the fight against (organised) crime. He demoed a model that ‘storifies’ large amounts of data, discovering new connections. Uniquely this model can use fictional data as input. A few of his take-aways:
- A reminder that information is not intelligence
- (Cyber)criminals often get their inspiration from novels and movies
- Let the machine do the heavy lifting in investigations, let the specialist figure out the meaning
Speaker Fred Streefland from Hikvison spoke about security cameras. Companies want to add this and other IoT because there is a business case for it. But at the same time, they want to keep their digital attack surface as small as possible. Streefland gave tips on how to do that. A few of his take-aways:
- Know your assets (where have we seen this before?): full visibility
- There are four security domains: IT, OT, IoT and physical, but they overlap so much that you need one single person or team in charge
The symposium ended with a general Q&A and discussion on the topics presented.
Cross-Sectorial CISO intervision sessions
Several times a year HSD organises cross-sectorial CISO Intervision Sessions, where small groups of CISOs come together to share knowledge, discuss challenges and share insights. Would you like to join? Please contact email@example.com