Cyber News Global: Issue 8

Dear Reader,

Welcome to the GISEC Special Edition of Cyber News Global, this informative publication has been brought to you exclusively. by Cyber News Global Limited. The focus of the editorial team is to bring together the leading industry subject matter experts that will be attending this year’s GISEC in Dubai. An Exclusive interview with His Excellency Dr Mohamed Al – Kuwaiti sets the scene as to the many exciting things we can witness at GISEC this year, it also outlines some of the challenges that UAE Cyber Security Council face every day.

CNG has focused on the many collaborative presentations that will be witnessed at GISEC. Many of the Worlds leading experts from government law enforcement will lead keynote presentations. With more than seven hundred industry exhibitors in attendance this year will build on the many successes of previous. GISEC events.

Many collaborations will forge a way forward for new and exciting times at GISEC The introduction to the return of a UK Pavilion will see twelve UK Cyber companies attending GISEC under the unity of the GREAT brand for the first time. Much of this would not have been possible without the support of the Scottish Cyber body ScotlandIS and the UK Department of Business and Trade (DBT).

The GISEC Special edition of CNG will also feature many International industry companies that provide the critical technical and nontechnical support so vital to the Cyber Security resilience of the UAE and the tens of thousands of companies that require their expert support to continue doing business in this vastly expanding digital world.

THE FUTURE OF CYBER

SECURITY IN THE UAE WITH H.E. DR MOHAMED AL KUWAITI

H.E. Dr Mohamed Al Kuwaiti CEO of the Cybersecurity Council UAE

Cyber News Global recently had the exclusive honour of hosting His Excellency Dr. Mohamed Al-Kuwaiti, Head of Cybersecurity of the UAE Government, on the CNG ‘Let’s Talk Cyber ’ Podcast Series.

H.E. Dr. Al-Kuwaiti was appointed by the Cabinet as the Head of Cyber Security for the UAE Government since 2020. As the Head of Cyber Security, his mandate includes responsibilities as the Chairman of the UAE Cyber Security Council as well as Managing Director of the National Data Centre under the Supreme Council for National Security. As the Head of Cyber Security for the UAE Government by investiture, H.E. Dr. Al-Kuwaiti has legal authority over all aspects pertaining to securing the cyberspace for the entire Nation.

CNG had some pressing questions for His Excellency here is what he had to say.

CNG: What is the primary role of the Cyber Security Council in the UAE?

H.E. Dr Al Kuwaiti: The Cyber Security Council is the highest umbrella of all the cyber domains in UAE. We work together with many of the Emirate States and different industries to bring together all of those ecosystems. We set rules, regulations, legislations, procedures, and laws; and ensure the accreditation, certification, and the fulfilment of such laws.

We ensure that many of the governing policies are really aligned with the business and the vision of our UAE perspective. We are trying to stimulate the market here. We are trying to make cybersecurity the priority in digital transformation across the UAE.

We’ve heard of the adaptation of AI, cloud computing, and more. Securing all of this is very important to us, let alone the government and the privacy of this data. This is why we are here, and we have great support from our partners along the way.

H.E.DR.MOHAMED AL-KUWAITI

HEAD OF CYBERSECURITY

UAE GOVERNMENT

CNG: What drives you personally to make the UAE a safe place to do business in this digital world?

H.E. Dr Al Kuwaiti: It’s important to be passionate about leveraging those technologies such as AI and cloud computing. Technology is the saviour of so much that we have. We heard recently at COP28, for example, that sustainability requires technologies to ensure the saving of our planet. The UAE is number one in many of those international global indicators where we have the safest nation, the safest cities etc.

But that is just one end of the scale – the other end is the people, the community, they are suffering from so many cyber attacks.

Cyber crimes, cyber terrorism, misinformation, disinformation, cyber warfare are just a few examples of threats seen across so many domains in UAE. This is where we become passionate to really reflect so that UAE can be number one in the virtual world

We need to really incubate and allow everybody to easily do their business, to easily communicate, collaborate in that virtual world. And we need to do all this without impacting their services, their finances, and many of the things that they have.

We need a safe perspective of the virtual aspects and that’s what really drives me personally on this. We need to make a change.

CNG: What is the UAE doing internationally to work together and fight cyber criminals?

H.E. Dr Al Kuwaiti: There are many streams that we are currently working on. As you know, those crimes do not distinguish between a nation, does not distinguish between a business or a person in that perspective. There are trans and international crimes occurring. Because of this, we must build those bridges and channels in case of any event.

We need to know who are those trusted partners who will help us to fulfil any incident response? For example, we are heading many of the committees under the counter ransomware initiative in the White House, including the information sharing platform. That information sharing committee works on sharing information to build that deterrence mode, to build up that proactive mode.

We are also the co-chair of the OIC, the Organization of Islamic Countries, where we have more than 57 nations working together to really work in that perspective. We are with ITU working to build synergy and cyber drills. Some of the largest of which we will be conducting at GISEC, where we have more than 100 nations all together to really simulate an attack that could happen to one nation and how everybody comes together to really help that nation.

So, there are many international collaborations, but we need to do more. Even with all our efforts, attacks are still high, attacks are still infecting us all and this is where we all need to really work together.

To Listen to H.E. Dr Al Kuwaiti’s full podcast, Scan the QR code

H.E. Dr Al Kuwaiti: So, there are five major things that we will be presenting as initiatives. The first is ‘Cyber Sniper’. Cyber Sniper is really elevating the skills of many of our first line defenders. These technological savvy and ethical hackers need to be enhanced, work together and really given real time experience.

We have ‘CyberPulse 2.0’. That’s the second version of our CyberPulse, the cyber awareness initiative. We need to ensure the spread of awareness to our community. We have heard of cyber-attacks against children, cyber bullying, and many other things happening with regard to child protection.

This is where we need to ensure cyber pulse is spread across many of those things.

We have the global cyber drill. This is an important initiative where we are bringing the United Nations and the ITU to enhance and spread that cyber security across the many entities.

We have startups. We have hundreds of startups focusing on this cyber domain, especially now with the advancements in Artificial Intelligence.

All of this is really exciting, bringing a new synergy, which I’m sure Cyber News Global will cover at GISEC. H.E. Dr Al Kuwaiti’s complete interview on “Lest Talk Cyber” can be viewed here QR Code

That takes us to the fifth initiative where cyber A.I. is an important aspect that we need to really spread awareness about. We’ll see some workshops, some sessions, some governing safe and responsible uses of A.I. in the cyber domain.

CYBER CRIMINAL USA SECRET SERVICE AGENT -

BUSTS INTERNATIONAL

Matthew K. O’Neill

Co- Founder/Partner, 5OH Consulting LLC Mobile - 202-630-8855, 5ohconsulting.com

Matt O’Neill former US Secret Service Agent talked exclusively to CNG about the upcoming GISEC event where he will be a Keynote speaker sharing his experiences in busting one of the world’s most prolific hackers Hieu Minh Ngo. Here is Matt’s story.

I started with the Secret Service in 1998, and I spent most of my career in field offices working as a case agent doing targeting cyber criminals. That evolved into the online sale of PIII. I also did a lot of lure operations. I really enjoyed serving as an undercover agent for about 17 or 18 years. And the last seven years, I came down to Washington, DC to start the Global Investigative Operations Center to serve as an internal center for agency operations to provide support to our field offices.

And then for the last couple years, I ran the agency’s cyber investigative portfolio. We largely centralized a lot of our case operations due to a lot of competing priorities with protection that everybody knows the Secret Service for.

I was reading a news article on Krebsonsecurity .com about a website that was selling PII. I was always interested in what is available online for bad actors and how can they monetize it. And so I went on the website from New Hampshire and put in some information and was able to see that I was able to buy the PII. And so from that point forward, we opened up a case, and it took about six months to a year to build it up so we could get Hieu Ngo indicted.

We identified him as living in Vietnam. At the time, there was no extradition agreement in place. We were able to identify the source of where he was getting the PII from. And we were able to sort of disrupt his ability to sell 200 million Americans PII to 1500 cyber fraudsters, causing billions of dollars in loss.

We knew he was still trying to get his website up and running because we knew he was making a lot of money off of it. So what we did is started a lure operation where basically we posed as I worked with somebody else that I arrested who actually lived in the UK to convince Ngo that he had to go through this individual in order to keep unfettered access to PII because we kept shutting him down when he was getting access to new sort of tranches of data.

Because Ngo was making a lot of money and because we disrupted his ability to make money, he, over about a five or six month period of time, decided that it was worth his risk of getting arrested to go to Guam and meet with this individual. And so at that point, then we arrested him. But it took months and months and months of sort of just grooming him to feel the trust in order to travel.

We had worked, I had done numerous other law operations prior to this where I was posing as women in order to lure other hackers into the United States.

And I had a really good prosecutorial team that was able to support an operation like this spanning three continents over many, many months. But really the interesting thing is once we arrested Noh, we didn’t just kind of say, oh, well, we got him and that’s the end of it because we knew so many people were making millions and millions of dollars off of the PII that he was selling. So I spent two years after arresting Ngo, posing as him online and we arrested dozens of additional cyber criminals, luring a lot of them as a result of arresting Ngo and then convincing Ngo to cooperate and then being able to sort of for the investigation downstream.

I’m calling our presentation a modern day, catch me if you can, where you have a unique scenario where you have the individual, me, who was chasing Ngo down, and then Ngo, obviously, the guy who got chased down and arrested. And then so the, what I’ll be doing is telling my side of the story, saying, oh, I did this. And as a result, this is what I saw. And then Ngo, Hieu will talk about from his perspective such as why did he do this and how much money he was making and sort of give an insight into sort of the timeline from the perspective of the hunter and the hunted and then ultimately, which led to the events at the Guam airport where we arrested him. And so it’s kind of a unique scenario where you don’t get this opportunity to basically be with which who was at the time the world’s leading identity thief because of his access to data.

So there are, there’s very few safe harbors in this world and those places are, if you’re willing to stay in them and at some point though, you’re going to want to go somewhere else. And every single time you travel, you’re going to have to look over your shoulder because we’re going to be following you.

Book time with me:

https://calendly.com/matt-5oh/30min

Sure, so from the perspective of private sector, they need to understand that the ability for federal law enforcement globally to materially disrupt and dismantle organized crime is somewhat limited. The way we’re going to be able to really successfully knock these people off their ex, if you will, is to create a world where there’s cross -domain, cross -industry information sharing at scale. Because the...

As fraudsters are able to operate in between the cracks in the system, those cracks can be filled in by proactively, lawfully sharing information with each other, whether it’s suspected fraud, whether it’s artifacts or TTPs of fraudsters. We need to sort of change the dynamic because what we’re doing right now is not working.

According to the IC3 report, it was $12 billion in losses, up 20%, which was up again from the previous year. What we’re doing is not working. We have to change how we’re fighting fraud because it’s just simply not working anywhere in the world.

Virtual CISO & Cyber Security Experts

IT Support & Monitoring

ISO 9001 & 27001 Compliance

Risk Management

Training Campaigns

GDPR Compliance

Business Optimisation & Data Analysis

Digital Solutions

Support & Guidance

Security Gap Analysis

System Organisation

www.oncatech.com

CELEBRATING WOMEN IN CYBERSECURITY AT GISEC 2024

GISEC Global continues to provide a solid platform and expand the opportunities for women in the field, fuelling the growth of a diverse industry that is set to transform the world’s digital behaviours.

As pioneers forging a complex and dynamic career path, seasoned security architect Alina Tan, esteemed cybersecurity advisor Judy Ngure, and cybersecurity influential digital creator Caitlin Sarian are among the headliners and stand as powerful symbols of female perseverance, talent, and advocacy.

Their unique contributions to the cybersecurity space have seen ground-breaking impact across the automotive industry, corporate landscape, and social media – while collectively, they continue to expand the industry’s understanding of inclusivity and the subsequent potential for even greater innovation.

From motorsport aspirations to an unprecedented career in auto cybersecurity Alina Tan

A prominent presence in Singapore’s automotive cybersecurity industry – and one of the Top 30 Women in Security in ASEAN – Alina Tan is a powerful representation of female success in a largely male-dominated field.

Her passion for cybersecurity stemmed from a personal interest in motorsport, which saw her leverage the synergy between the two to establish a specialised interest group, Car Security Quarter, dedicated to automotive security within her local community. She also spearheads the Singapore Chapter of the Automotive Security Research Group, a global non-profit that promotes knowledge sharing and the development of security solutions.

“I firmly believe in the power of representation and visibility,” said Tan. “Through my experiences, insights, and accomplishments, I aim to demonstrate that women can excel in cybersecurity and thrive in diverse roles within the industry. Notable initiatives in the Middle East, such as GISEC Global, feature dedicated stages for Women in Cybersecurity, providing a large-scale platform to showcase talent and inspire a new generation of women in STEM (Science, Technology, Engineering, and Mathematics).”

Caitlin Sarian, also known as Cybersecurity Girl, is a dominant cybersecurity influencer with a comprehensive career history –including a decade of consulting experience at the likes of EY and a previous role at TikTok’s Global Cybersecurity Advocacy and Culture team.

As well as attending the Women in Cybersecurity roundtable, Caitlin will be leading a talk titled ‘The flawed path: debunking the efficacy of current cybersecurity training approaches and how we can improve our future,’ in which she hopes to relay the urgent need to overhaul outdated education methods in favour of training strategies that prioritise real-world application and critical thinking.

The challenge: women are under represented and overlooked.

Tan, Ngure, and Sarian agree that for many young women, there may be a sense of not receiving the support, recognition, and validation they deserve for their contributions to cybersecurity.

An especially significant barrier to upskilling women in cybersecurity is a pervasive lack of understanding around what the field entails. While many assume it is strictly about coding, it has proven to be a multifaceted profession that requires a variety of skills – from analytical expertise and problemsolving to communication and creativity.

An overwhelming number of available bootcamps and online courses can also make it difficult for beginners to start, with the information overload often leading to confusion and discouragement before women have even stepped foot into the industry.

The field of cybersecurity benefits immensely from diversity, as it brings different perspectives, ideas, and approaches to problem-solving.

Women, with their unique experiences and viewpoints, can drive innovation and enhance the effectiveness of cybersecurity measures.”

She continued: “As the industry becomes more inclusive, we can expect a more holistic approach to security challenges – one that has the potential to result in more robust and comprehensive security strategies that strengthen our defence against cyber threats.”

The solution: awareness, accessibility, and advocacy

Addressing these challenges can be achieved through a variety of avenues, largely led by governments and enterprises, to create more opportunities for women in tech, cybersecurity, and defence.

Tan will be joined in the Inspire conference at GISEC Global 2024 by Judy Ngure, the founder and CEO of Bug Bounty Box, a platform to help security leaders manage vulnerabilities. A cybersecurity practitioner for over five years, she sits on various advisory boards across Africa, supporting organisations in furthering diversity in the cybersecurity field.

Ngure also co-authored a book titled “African Women in Security: Remarkable Women Moving Cybersecurity in Africa”, which aims to celebrate women in the field, demonstrate their value and inspire other women to enter the industry.

“The biggest challenge is getting women excited about technical topics in cybersecurity because it looks like a very male-dominated environmentwhich it is,” said Ngure. “The other key challenge is retaining women in the cybersecurity field; I have seen many women move from technical cyber roles to non-technical jobs. I do encourage women to upskill compared to moving because we need more women active in the industry’s technical leadership positions.”

Sarian agreed saying: “Increased female participation in cybersecurity is not just a matter of equity – it’s a strategic necessity.

Basma Ahmadush shares her thoughts Exclusively with Cyber News Global for the special GISEC edition 2024.

On a corporate level, enterprises can adjust their recruitment and hiring processes to eliminate any unconscious biases, as well as partner with female-focused organisations to support with targeted

Mentorship and development are also essential to ensure that women are receiving the senior support they need and are positioned to undertake ongoing training and development to fuel their career growth.

Awareness and advocacy remain top-ofmind and play a crucial role in championing female role models in the industry, highlighting their achievements and contributions to the wider cybersecurity community. Awards ceremonies, media campaigns, and conferences can stir conversations around female success and entrepreneurship in the industry.

Governments are able to further drive accessibility through education and training initiatives that encourage girls to pursue STEM education and careers, along with dedicated scholarships and grants to fund their academic journey.

At a higher level, policy and legislation can better equip businesses to deliver equal pay and opportunity – as well as flexible working policies to attract and retain top female talent – while cross-industry

Basma Ahmadush, a Network Security Master’s graduate with over 10 years in cybersecurity, is a Cybersecurity Advisor at stc Group.

She had pivotal in developing stc’s performance management framework, and establishing a GRC department in insurance industry. Recently, she joined the CS risk team to aid in GRC transformation. Basma, co-founder of “Women in Cyber Security Middle East,” champions gender diversity, earning her the title of Women Leader in Cybersecurity in the Middle East 2019 by MESA. Recognized among the top 20 in “Cybersecurity Women of the World Edition 2023,” She conducted awareness sessions for over 3,000 employees, highlighting her commitment to knowledge sharing.

Synopsis of your role within your own organization

As a cybersecurity advisor and co-founder & board member at WiCSME (Women in Cybersecurity Middle East), I play multifaceted roles. My pivotal contribution with the team was establishing an innovative cybersecurity performance management system, addressing executives’ need to understand their cybersecurity investments’ business impact. This system assesses cybersecurity program maturity and aligns it with organizational goals, where I spearheaded maturity level measurement and reporting. This initiative’s success was shared at global conferences, influencing industry advancement.

In the same vein, I encourage employee innovation in cybersecurity, particularly through AI, and elevate the hackathon with workshops, competitions, and ceremonies. This event highlighted employees’ innovative solutions to cybersecurity challenges.

At WiCSME, my journey comes full circle, providing the mentorship and support I once sought. Driving women’s empowerment in cybersecurity, we celebrate our strides in annual conferences, supported by renowned entities. Our presence and impact at major events like the RSA Conference, Black Hat Middle East and many partnerships underscore our commitment. WiCSME, a testament to my dedication, has created a robust network and support system for women in the field, promoting their growth and excellence in a traditionally maledominated industry, marking my influential role in this transformative journey.

CALL FOR ACTION, What women should be focus on to be in leadership level in cybersecurity field?

Forge a path to cybersecurity leadership with key strategies: Stay informed on industry developments to ensure you are always ahead. Exhibit commitment and confidence, essential for leaders. Cultivate a network that values diversity and inclusivity, welcoming range of perspectives to enrich your understanding. Invest in community building through mentorship, supporting peers, and nurturing the next generation. Champion a culture of collaboration and support, where every contribution is recognized, and every success is shared. Through our united endeavors, we will pave a path toward a more promising future in cybersecurity, both in the GCC and globally, where inclusivity and collaboration flourish.

Locking out cyber threats to secure your business. With AI & Digital Trust.

Prevent the cyber threat or deal with the attack. The choice is yours.

The world’s most complete cyber threat intelligence and aggregation platform.

Zero Day Live prevents cyber threats before they weaponise and cause damage to organsation’s, providing a 150 - 500% uplift in threat protection.

What makes Zero Day Live the best investment in threat intelligence?

Zero Day Live (ZDL) is the force multiplier desperately needed within today’s government and private sector environments. ZDL procures unique threat intelligence (TI) via specialised tradecraft and proprietary machine learning technology ZDL automatically integrates its intelligence directly into an organisation’s existing security infrastructure, without the need for human intervention. We operate at the pace of the adversary.

Visit us at the UK Pavilion, GISEC (next to the CISO Lounge)

www.blackwired.com

Technical and Organisational Measures (TOMS) are they just a GDPR thing?

TOMS. Are they just a GDPR thing? Is that right? Is it just a GDPR thing, TOMS?

The GDPR became enforceable in 2018 and technical and organisational measures relate directly back to Article 32 of the GDPR. However, within the GCC region, we’ve seen a lot of new laws that are being updated or introduced that come on the back of GDPR being implemented in 2018.

So, for example, We’ve got the Bahrain PDPL and that states explicitly that data controllers must ensure the safety of data by applying adequate levels of security and technical measures to protect the data.

Saudi Arabia, PDPL updated and amended as recently as 2023, in particular relation to transfers of data, states that data controllers must take the necessary organizational, administrative, and technical measures to ensure the security of personal data.

If you go to the UAE, which is relevant for GISEC, Dubai International Financial Center has its own data protection law. It states controllers must implement appropriate technical and organizational measures to protect personal data against data loss or unauthorized access and must only engage data processors providing sufficient guarantees in respect of technical security and organizational measures.

In Europe, since 2018 567 fines have been imposed for Non-compliance with general data processing principles at a total of €2,081,126,159 and 362 fines imposed for insufficient technical and organisational measures at a total of €391,263,875. It is evident therefore that Statutory Authorities are focussing efforts on security.

Can we fulfill the regulatory requirements by implementing just technical measures? So from my point of view, are we satisfying the regulators if all we do is implement just technical measures or solutions?

I’ve got to say no to that. There are two sets of requirements. We’ve got the technical requirements and under GDPR. We have anonymization and pseudonymization explicitly called out in the GDPR as just two of the technical measures. There are lots of other technical measures. Have you got antivirus? Have you got MFA? Do you have firewalls? Do you patch? I

I’ve got to say no to that. There are two sets of requirements. We’ve got the technical requirements and under GDPR. We have anonymization and pseudonymization explicitly called out in the GDPR as just two of the technical measures. There are lots of other technical measures. Have you got antivirus? Have you got MFA? Do you have firewalls? Do you patch?

All of the above are technical measures, but in terms of organizational measures, that’s where we work a lot with our clients and XpertDPO.

I’m going to give you an analogy. You can spend millions of dollars on the latest security system. So let’s take a CCTV system, for example. And there is your technical measure. But the human factor has let you down because doors are left unlocked, and windows are left open.

There’s a lack of understanding around the importance of governance. You have a technical control, but you must also have the governance piece that sits alongside that your policy environment (we call them house rules).

What’s the policy environment around the camera?

What’s the policy environment around physical security?

Where can I start? How do I approach this whole Tom’s piece as an organization that’s had no, nothing in place, not putting anything in place? How on earth do I start to approach this?

Any organization, whether they’re in GCC, UAE, Europe, needs to approach their framework by defining the governance measures first. The majority of security issues that we’ve seen as an organization stem from a lack of governance.

We take a lot of time understanding the organization that we’re going to be working with. We take a lot of time to understand their strategy. What are the plans for growth?

Lots of organizations don’t have that plan. So you’ve got to work with what you have. It all generally starts changing the way the organisation treats data. We help them to understand that data is an asset.

If you don’t treat data as an asset, you’re not going to protect it. You protect your assets. You protect what you’ve invested in.

The first step is to understand what data you’re processing. If you don’t understand what data is flowing through your organization any data loss prevention tools will be rendered ineffective.

Data loss prevention cannot work without classification. If you don’t know what data you have, you can’t classify it. So this is how we approach these. So you’ve got to know what you have. You’ve got to classify it. And if you’ve not classified it and you don’t know what you have, how do?

Data mapping is really important. Some updated regulations stipulate that you have to keep a record of processing. And the record of processing must, in a general manner, detail how you’re approaching technical and organizational measures.

What is your call to action?

Organisations have to start by treating data as an asset. Understand that it is the live blood of your organization. Understand that losing access to it can represent a real danger to your business in terms of risk.

The key is that security measures must be implemented appropriate to the risk. associated with that data and appropriate to the organization.

When Siker embarked on its journey to provide cyber security training and awareness in mid-2013 (then known as HS & TC), our mission was simple: empower individuals with the skills they need to navigate their roles securely. We understood early on that not everyone needed to be a security expert, but rather, most users of today’s IT required a deeper understanding of how to be 'professionally secure'.

By fostering user awareness of their responsibilities, we aim to help organisations bolster their first line of defence, ultimately shrinking their attack surface and mitigating risk.

Whether your organisation calls it ‘Cyber’, ‘Digital’, ‘Information’, or simply ‘IT’, security has emerged as a focal point for boards worldwide. While generic certifications and courses once dominated the landscape, the evolution of Cyber Security demands a more tailored approach. Governments and corporations alike now prioritise highly trained individuals with specialised competencies, reflecting the growing importance of cyber defence in today’s landscape.

Tim Harwood is a veteran of the security world and has been providing information security guidance and expertise to corporate clients, the UK Government and the UK military for over 30 years. As CEO of Siker, he provides strategic direction for the company that he founded in 2013.

An Exclusive Interview with CNG

“In my career, I started with information systems, developing and managing projects aimed at modernizing our armed forces,” Taborlupa reflects. “But transitioning to cyber wasn’t just about claiming a new title; it required a solid foundation and collaboration across various specializations, from applications to networks to data science.”

Now serving as the first female spokesperson of the Armed Forces of the Philippines in its 88 years of existence, Colonel Taborlupa serves as the face and the voice of the AFP.

With nearly three decades of military service under her belt, Colonel Taborlupa stands as a testament to the evolving landscape of security, particularly in the realm of cyber operations. Graduating from the prestigious Philippine Military Academy Sanghaya Class of 2000 and subsequently excelling in the Philippine Army Signal Corps, her journey through the ranks has been nothing short of extraordinary. From spearheading digitalization efforts within the Armed Forces of the Philippines to serving in high-stakes security roles, Taborlupa has continually pushed boundaries and shattered stereotypes along the way.

The transition from Communication, Electronics, and Information Systems (CEIS) to Command, Control, Communications, and Cyber Operations (C4S) marked a pivotal moment in Taborlupa’s career and indeed for the Armed Forces of the Philippines. It’s a testament to the military’s adaptability in embracing the complexities of modern warfare, where cyber capabilities are increasingly crucial.

However, it was her role as the battalion commander of the 7th Signal Battalion that allowed Taborlupa to truly marry her passion for technology with her advocacy for peace and development.

It was here that she conceived the “Cyber for Peace” Initiative, recognizing the nexus of technology and development in practice.

Fast forward to the present, Taborlupa finds herself at the forefront of cyber initiatives within the Armed Forces of the Philippines, advocating for the establishment of a dedicated Cyber Command.

“Enhancing our cyber capabilities is not just about staying ahead in the digital arms race; it’s about safeguarding our nation’s security and promoting stability in the region,” Taborlupa emphasizes.

Yet, Taborlupa’s journey in the military hasn’t been without its challenges, particularly as a woman in a traditionally male-dominated field. “Being in the STEM field, especially in the military, presents its own set of obstacles,” she acknowledges. “But being a woman isn’t a weakness; it’s a strength. Our attention to detail and ability to approach problems from different perspectives are invaluable assets, especially in cybersecurity.”

Taborlupa is keenly aware of the importance of representation and mentorship in encouraging more women to pursue careers in STEM and security. “We’re still breaking through glass ceilings,” she admits. “But every opportunity I’m given to inspire and mentor the next generation of female leaders reaffirms the importance of pushing boundaries.”

To women and girls everywhere, especially those who, like Taborlupa, hail from humble beginnings, she offers words of encouragement: “Don’t let anyone tell you where you can’t go. Embrace your potential, find your passion, and let it guide you. Whether it’s in STEM or any other field, there’s a place for you to shine.”

Now serving as the first female spokesperson of the Armed Forces of the Philippines in its 88 years of existence, Colonel Taborlupa serves as the face and the voice of the AFP, as well as a cyber luminary. As she continues to pave the way for future generations of cyber warriors, her journey stands as a testament to the power of determination, advocacy, and inclusivity in shaping the future of security.

In a world where cyber threats loom large and the need for skilled professionals grows ever more pressing, it’s voices like hers that offer hope and inspiration for a safer, more secure tomorrow.

BRIDGING COMPLIANCE FORGING TRUE SECURITY THROUGH UNITY

Ultimately, it’s about bringing these separate groups together with a shared goal and method of working. By unifying them, you ensure that everyone is working towards the same end result in the same way.

UNIFIED TEAM

When I work with organizations, especially with teams like security and engineering, they often struggle to collaborate effectively. Instead of addressing problems thoroughly, they often opt for quick fixes. But what I’ve noticed is that when these teams align and work as one, everything becomes smoother.

So, how do you make them a unified team instead of competitors? When everyone is on the same page, it’s easier to create a secure environment that goes beyond just meeting compliance standards. With a unified approach, you can build security measures into the job itself, moving away from just ticking boxes.

This unity not only streamlines processes but also makes audits less daunting. When teams are aligned, there’s less fear of surprises during audits. But when teams work separately or only focus on compliance, problems can slip through the cracks.

SECURITY, IT AND BUSINESS STRATEGIES

Being compliant is crucial to demonstrate that your organization meets its obligations to customers and regulatory bodies. What strategies can organizations use to encourage collaboration between compliance and security teams? In simpler terms, how can they ensure everyone is following the rules correctly?

There are many strategies to consider.

First, it’s important to align the strategic plans of security and business operations. This means addressing emerging threats like hacking and phishing while also ensuring business goals are met. One way to do this is by showing how security measures can generate revenue rather than just being a cost. By integrating security tasks into employees’ job responsibilities, compliance becomes a natural part of everyday operations. This fusion of security and business objectives allows compliance to drive business goals while ensuring security needs are met effectively.

Organizations should understand the business requirements which also creates and identifies key security risks that the organizations need to address. Once alignment and communication gaps are handled, teams can truly implement the proper security protocols to ensure company assets and business investments are secure.

To listen to Shannon Noonans full podcast, Scan the QR code

RISK MANAGEMENT – DO YOU SPEAK THE SAME LANGUAGE

Let’s break it down. Unified collaboration between compliance and security teams greatly enhances the risk management process. How does this collaboration improve risk management, you ask? Well, let me share my perspective.

In today’s world, the significance of risk management cannot be overstated. Previously, security risks were often overlooked or dismissed as hypothetical. However, recent events, such as the breach at UnitedHealthcare in the US, underscore the real and immediate impact these risks can have on organizations and their customers.

The question arises: why weren’t these risks identified earlier? The answer lies in the lack of alignment between different departments within organizations. The language spoken by the Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) differs from that of the Chief Financial Officers (CFOs) and Chief Operating Officers (COOs). While security is crucial for protecting the company, it’s often viewed as an overhead cost by the CFO. Meanwhile, the COO and sales teams are focused on driving revenue and expanding into new markets, sometimes overlooking security considerations.

However, by integrating security risks into overall business risks and emphasizing its role in revenue generation, a shift in perception occurs. Suddenly, security is no longer seen as a mere cost but as a crucial aspect of maintaining profitability. This alignment with business objectives garners attention from the board and secures the resources needed to address security concerns effectively

By recognizing security as a revenue-generating tool and embracing it as part of the business strategy, organizations can proactively mitigate risks, secure additional budget allocation, and ultimately reduce their exposure to threats.

So, what’s the key takeaway here? It’s time for organizations to integrate security seamlessly into their business strategies, viewing it not just as a cost but as a means to drive revenue and ensure longterm success.

CALL TO ACTION

Let’s simplify it. The crucial call to action here is to integrate security tasks into individual roles within the organization.

When these tasks become part of someone’s job, they take ownership and pride in their work. This approach also gives them a voice in aligning security efforts with the organization’s goals and financial impact. It’s about showing employees how their contributions generate revenue and are vital to the company’s success.

By making security a natural part of their responsibilities, employees no longer see it as a burdensome checkbox exercise or something to dread when audits approach. Instead, they feel empowered and motivated to contribute positively to the organization’s security posture.

Ultimately, this approach enables employees to demonstrate the value of their security efforts, proving that it’s not just about compliance but about enhancing the organization’s overall resilience and success.

Your Cyber Security Partner: Transfer www crmg-consult com

Proven Expertise, Pragmatic Solutions

Cyber Security Governance & Compliance

International Benchmarking

CISO Support & Tooling

Cyber Risk Assessment & Management

Third Party Risk Management

Build Operate

info@crmg-consult.com

- Susanne Bitter DATA PRIVACY AND ITS ROLE IN THE CYBER REALM.

Susanne Bitter a Certified Information Security & Data Governance Professional will be speaking at this years GISEC event in Dubai and shared exclusively with CNG what she plans to discuss, her focused presentation will be about Data privacy and Its role in the Cyber Realm, CNG had some questions for Susanne, here is what she had to say.

CNG: Why should we care about data privacy? What’s all the fuss about? Tell us about it.

Susanne: We have to care because it does concern us. We should have control about what information is actually collected, for what reasons and how our information is actually protected. Sadly, I think a lot of people take their data privacy very lightly. Either they do not know the risks, or they are not aware what could be actually happening. Everyone has certain personal information that should not be exposed across world wide web freely.

But a lot of people on their own have very limited leverage towards organizations that have collected or used the data without the data owner’s consent. These organisations often do not care about such data because their primary intent is to make money. They do not care about your privacy, but rather their profit (from potentially selling your data).

Because of this. Many countries, particularly in Europe, have started introducing privacy regulations and various privacy frameworks that force companies to comply with data subject rights.

CNG: What’s the reason that you’re talking more about EU GDPR at GISEC this year? Why did you decide to focus on that?

Susanne: Due to globalisation and changes in the approach towards business processes, many companies have their branches or their operation centers outside the company’s original location.

There is a lot of business process outsourcing happening as well, from India to South America and further, because of the lower operational cost. This way, the collected data often leaves the jurisdiction of a certain country or even a continent without the owner’s knowledge.

Europe is leading privacy efforts in making the knowledge a right versus for example, United States where the privacy of the consumer is not taken as a right, but more like a “nice to have” (with exception of California Consumer Privacy Act)

Due to the increased scale of business offerings in the Middle East there will be instances where Data Privacy and related regulations must be considered.

When it comes to data collection, it’s about knowing and making sure that organizations who either directly or indirectly collect data are safeguarding them.

As an individual, it is quite difficult to do due diligence or simply know where that certain company operates from and where data will “travel” to.During GISEC my recommendation to organizations will be to hold themselves accountable and be transparent. I will share tips on how to provide data subjects with the confidence that their data will be protected.

Many organizations like hoarding data just in case. They have millions of data inputs they do not know what to do with. It comes with the cost of storing, archiving and in some cases this data creates a lot of mess within their databases or the analytical data sets. So doing data privacy correctly can reduce associated costs.

Therefore, the best practice is to put a spotlight on the data being collected, and then ask the question: Why are we collecting this?

CNG: One of the things that most people will want to know are what are the risks if we don’t manage our data properly? And more importantly, what can go wrong if we don’t manage and control people’s data?

Susanne: For me it is shocking how complicated data privacy has become to understand, so I would say the immediate risk is around an information fatigue related to Privacy aspects of my data. Cookies permissions on websites you visit is a perfect example – after being prompted a few times you just “Accept all”, right ? That is, you giving up all your rights to the organisations to do whatever they want with your data, because no one reads the fine tiny text to understand what you have just permitted.

CNG: What’s your one call to action ?

Susanne: An ethical approach and understanding the consequences of sharing personal data. Malicious actors who are not ethical and want to cause harm can cause identity theft or scams which in extreme cases can result in the victim committing suicide.

I know it is not nice to live in paranoia, but I cannot stress enough the importance of an informed decision. Are you happy to share sensitive information about yourself or your family in exchange to know what kind of potato you are?

If so, fine, just know: Once your data enters the digital world, it stays there!

I would like to appeal to every organisation to operate with their heart and protect the user’s data as much as is feasibly possible, apply an ethical approach and be transparent.

This is just scratching the surface of potential threats to data protection. Do your bit. Don’t be a lazy potato. It’s your data, protect it. Summary

CYBER SECURITY: TECHNOLOGY VERSUS BUSINESS RISK?

De-risk your business with a specialised and inclusive approach to talent acquisition

The pace of digitalization, accelerated by a global pandemic and evolving geopolitical stress factors, has intensified cyber risk for organizations and created higher demand for experienced cyber security professionals.

Organizations across all industries and geographies are facing a global talent deficit. Rapidly evolving regulation, the increasing sophistication of cybercrime affecting critical infrastructure, adoption of AI and lack of specialist boardroom expertise are just some of the challenges that business leaders are facing around the world. With all of these challenges, it’s crucial to have the right talent in place. Caldwell’s world-class cyber security practice has in-depth functional knowledge, extensive technical expertise, and global access to diverse cyber security talent. With unparalleled dedication to your success, Caldwell holds the key to engaging with industry visionaries and best-in-class international talent in the Chief Information Security Officer, Chief Technical Officer and Chief Digital Officer functions, complemented by a broad selection of technology, information security and digital transformation experts. Visit us in the UK Pavilion, by the CISO Lounge.

SOPHIE DE FERRANTI

Partner, Cyber Security Practice

sdeferranti@caldwell.com

Unlocking Cybersecurity Excellence: The Potential Impact of the EU AI Act

Authors: Sean Musch, Co-CEO/CFO, Mail to: s.musch@ai-and-partners.com, Michael Charles Borrelli, Co-CEO/COO, Mail to: m.borrelli@ai-and-partners.com, AI & Partners,

Sean has an extensive background in the entertainment industry (e.g. film and art), and has a specialism in design. Alongside this, Sean has more than a decade of experience in the professional services sector, including holding the position of a tech accountant for 5 years. Sean knows about auditing and has helped with an IPO on the New York stock exchange. As well as being a compliance expert, he has deep expertise in implementation aspects of audit & assurance engagements, and has been working with the largest global tech MNEs over the past 5 years.

Michael Charles Borrelli is a highly experienced financial services professional with over 10 years of experience. He has held executive positions in compliance, regulation, management consulting and operations for institutional financial services firms, consulted for FCA-regulated firms on strategic planning, regulatory compliance and operational efficiency. In 2020, Michael set-up the operations model and infrastructure for a cryptoasset exchange provider, and has been actively engaged in the Web 3.0 and AI communities over the last 4 years. He currently advises a host of AI, Web3, DLT and FinTech companies.

Executive Summary : In the realm of cybersecurity, the European Union’s (“EU”) Artificial Intelligence (“AI”) Act (“EU AI Act”) emerges as a significant regulatory development poised to shape cyber risk management practices across various sectors. This summary encapsulates key findings derived from recent studies, particularly one conducted by RSM, shedding light on the potential implications of the EU AI Act on cyber risk management outcomes. While literature on its direct impact remains limited, extrapolations from primary research indicate a promising trajectory towards enhanced cybersecurity measures among organizations. By making inferences from data across different organizational contexts, this summary underscores the varying perceived impacts of the EU AI Act and emphasizes the importance of tailored guidance and support to maximize cybersecurity efficacy.

Organizations across sectors are expected to prioritize cyber resilience and invest in AI system security and governance, reflecting the evolving threat landscape. The study highlights a consensus among respondents regarding the sustained changes influenced by the EU AI Act, signalling a cultural shift towards robust cybersecurity practices.

However, concerns persist regarding potential detrimental consequences, necessitating careful calibration of AI governance vis-a-vis other cybersecurity aspects. Effective industry-specific interventions are crucial to address diverse motivations and influences, ensuring optimal cybersecurity outcomes in the wake of regulatory changes.

Context : The growing sentiment suggests that effective cyber risk management can be achieved through the implementation of the EU AI Act. This sentiment is grounded in extrapolations from the findings of studies such as the one conducted by RSM1, which assessed the impact of the General Data Protection Regulation (“GDPR”) on cyber security outcomes. The study involved a comprehensive review of existing literature, quantitative and qualitative fieldwork, and analysis, providing valuable insights into the potential influence of the EU AI Act on cyber risk management practices.

Drawing parallels with the GDPR, which significantly reshaped data protection practices, the EU AI Act is anticipated to catalyse similar transformations in cyber security measures. By examining patterns and trends in organizational responses to regulatory frameworks, researchers anticipate a shift towards heightened prioritization of AI system security and governance. This shift is expected to be driven by a combination of regulatory compliance imperatives, increased awareness of cyber threats, and organizational imperatives to safeguard data and systems. As organizations adapt their strategies and policies to align with the EU AI Act, stakeholders anticipate a corresponding improvement in cyber resilience and risk mitigation capabilities across diverse industry sectors.

Key Findings : While existing literature on the potential impact of the EU AI Act remains scarce, insights gleaned from primary research indicate significant enhancements in cybersecurity measures among organizations. Most organizations are likely to improve their cyber risk management practices, with notable increases in prioritization, board-level engagement, and financial investments in cybersecurity initiatives.

Encouragingly, a majority of organizations have introduced or enhanced cyber security strategies, policies, and technical controls, indicating a proactive approach towards fortifying digital defences.

Data from the study suggest that factors linked to the EU AI Act are likely pivotal drivers of changes in cybersecurity practices, with a substantial proportion of organizations attributing these changes to the regulatory landscape. Notably, organizations that conduct Fundamental Rights Impact Assessments (“FRIAs”), deploy AI systems, or experience cyber security incidents are more inclined to enhance their cyber security measures, indicating the potential efficacy of the EU AI Act in incentivizing improvements.

Challenges and Opportunities :

By recognizing the unique challenges and opportunities within each sector, organizations can develop targeted strategies that address industry-specific cyber risks while aligning with regulatory requirements. This tailored approach enables organizations to leverage industry-specific insights and best practices, enhancing their cyber resilience and effectively managing the evolving threat landscape. Additionally, fostering collaboration and knowledgesharing among industry peers can further enrich cybersecurity efforts, facilitating collective learning and innovation to address common challenges and stay ahead of emerging cyber threats.

Sustainability and Long-term Implications :

While immediate impacts are evident, sustaining cybersecurity enhancements remains a concern. Ongoing compliance efforts and staff awareness initiatives are essential for fostering a culture of cybersecurity resilience. However, it remains to be seen whether these changes will result in longer-term behaviour change or cultural shifts towards more robust practices, highlighting the need for further research in this area to ascertain the durability of cybersecurity improvements over time.

Striking a balance between AI governance and broader cybersecurity objectives is paramount to mitigate these challenges effectively.

Recommendations for Businesses :

In light of the evolving regulatory landscape, businesses are urged to proactively assess their cybersecurity posture and align initiatives with the mandates of the EU AI Act. Collaboration with regulatory bodies, industry peers, and cybersecurity experts is essential to navigate regulatory complexities effectively. By prioritizing investments in risk management initiatives and continuously evaluating cybersecurity practices, organizations can stay ahead of emerging threats and ensure compliance with evolving regulations. Embracing a proactive approach to cybersecurity not only enhances resilience but also fosters trust among stakeholders, safeguarding both the organization’s reputation and its digital assets in an increasingly interconnected digital ecosystem.

Conclusion :

Despite the positive trajectory, the EU AI Act presents challenges, including concerns about excessive caution, disproportionate focus on AI governance, and overinvestment in cybersecurity. Organizations could benefit from guidance on achieving this equilibrium and maximizing the effectiveness of cybersecurity investments. By fostering a holistic approach to cyber risk management, organizations can ensure that regulatory compliance efforts align with broader cybersecurity goals, thereby enhancing resilience against evolving cyber threats while avoiding potential pitfalls associated with regulatory overreach. This necessitates a nuanced understanding of the interplay between regulatory requirements, organizational priorities, and emerging cyber risks, empowering organizations to navigate the complex landscape of cybersecurity governance with confidence and agility.

Industry and Organizational Variances :

The impact of the EU AI Act varies across industries and organizational types, underscoring the need for tailored approaches. Sectors such as finance, insurance, and public services are positioned for significant shifts in cybersecurity practices, driven by regulatory mandates and sector-specific operational nuances. Customized guidance tailored to industry-specific needs is critical to optimize cybersecurity efficacy across diverse organizational landscapes.

As organizations navigate the complexities of cybersecurity in the era of the EU AI Act, proactive engagement and strategic alignment with regulatory mandates are indispensable. By leveraging regulatory changes as catalysts for cybersecurity excellence, businesses can fortify their defences, safeguard digital assets, and uphold trust in an increasingly interconnected digital ecosystem. Adaptability and agility will be key to navigating the ever-changing cybersecurity landscape effectively, ensuring resilience in the face of evolving cyber threats.

BUILD CUSTOM CYBERSECURITY AUDITS WITH TAAP

Digitally Transform Any Process with TAAP’s Agile Applications Platform

Are you struggling to perform cybersecurity audits with Excel or a legacy audit application? Use TAAP’s No-Code technology to rapidly create an app tailored to your requirements and accelerate your cybersecurity audits.

Accelerated App Development

Create personalised audit applications in hours, not months. Dive into Cyber Essentials, NIST, and more with ease.

Extensible Tech

Pivot quickly with applications that adapt to evolving cyber standards, keeping you perpetually audit-ready.

100% Secure

Deploy to the Cloud, your own instance, not Saas, Self Host in your own data centre, or even Air Gapped for super secure deployments.

No-Code Capability

Slash development time with TAAP’s no-code technology. Tailor to any cyber standard.

Enterprise Scale

From startups to enterprises, TAAP scales with you, ensuring your audit tools always fit perfectly.

Scan here to find out more.

Let’s Talk Cyber We Fight Fraud

My Name is Dr Nicola Harding, I am a Criminologist and The CEO of We Fight Fraud. I work with former criminals who’ve got first-hand experience of committing fraud and cybercrime and former police to utilise their expertise and their insights in order to stop fraud, financial crime, and cybercrime. Ultimately, we are here to help protect businesses from criminal attack.

We Fight Fraud

We Fight Fraud is a leading financial crime prevention consultancy that specialises in examining vulnerabilities and threats to your organisation ‘through the eyes of a criminal’.

We offer testing and training, conduct research, and engage with the media to help protect organisations from criminal threats.

One of the co-founders of We Fight Fraud is Tony Sales, who is also at GISEC this year. He was known as Britain’s Greatest Fraudster until he turned his life around about 15 years ago and decided he wanted to make right his wrongs and use what he knew to help protect against fraud.

Another of our partners is Solomon Gilbert who’s a former hacker. He was picked up by the National Crime Agency (NCA)

when he was just 17 years old with a lot of things on his computer that he shouldn’t have had and he was given a choice -you can go down this path it’s probably going to end up in some prison time or you can work with us and put your skills to good and that’s what he decided to do.

I also work with Andy McDonald, who was formerly Head of Special Investigations at SO15 Counter Terrorism Command and UK National Terrorist Financial Investigation Unit (NTFIU) previously Head of Metropolitan Police Fraud Squad at New Scotland Yard.

Dr. Nicola Harding

CEO of We Fight Fraud

The other co -founder of We Fight Fraud is a film director called Adam Boome.

We all came together this kind of different mix of people to focus on financial crime prevention and preventing cybercrime. We use our knowledge and expertise to test organisations in real life scenarios to reveal the way criminals attack your business.

Our testing helps to identify any vulnerabilities, understand how criminals may use these to compromise an organisation, and what is needed to manage or mitigate these vulnerabilities and protect the business, staff and clients from criminal exploitation.

We’ve cultivated an unmatched intelligence network, providing real-time knowledge on evolving criminal threats, empowering organizations like yours, and your clients, to identify, understand, and manage risks effectively.

We Fight Fraud

At GISEC I’ll be delivering a comprehensive training session based upon what we have learned from our testing. Essentially, we want to help businesses Know Their Criminal. That’s my focus.

• I’ll show excerpts that we filmed from our testing to demonstrate how we have compromised systems - like bypass biometric identity verification to open up three UK bank accounts in one of our 72 -hour rapid response tests.

• I’ll talk about the vulnerabilities that we’re seeing and how you can overcome them.

• I’m going to do is give you an overview of how the different parts fit together, how we can take tech solutions, cybersecurity, but also include human behaviour, awareness, knowledge and insights to fully protect your organization from a holistic point of view.

The session is designed really for people who are in leadership positions within any organisation, whether that be financial services, critical infrastructure, government, retail. Whoever, whatever organisation you’re there to represent, if you’re in a position to influence your policy and practise, if you’re looking for technical solutions, if you’re looking to really understand the threat that criminals pose to your organisation because you want to do something about it to help protect who you work for, your company or your organisation, then you should come to the session.

We Fight Fraud are here to help you as part of your business’s strategic corporate data resilience planning and government’s planning. We can help you to ‘Know your criminal’, understand your vulnerabilities, and prevent criminals from attacking your organisation.

If you are at GISEC and would like to find out more, I would love to talk to you. Please come to my session, add me on Linkedin, and let’s arrange a time to meet up while I’m in Dubai.

You can add me on linkedin

Here: https://www.linkedin.com/in/dr-nic/

Find our more about We Fight Fraud at www.wefightfraud.org

Scan for more details : Let’s cyber talks

Advanced Cyber Bot Protection

Veracity Web Threat Protection:

AI-powered bot detection and prevention.

Add it to your security stack today, risk-free, and protect your website and reputation in under 5 minutes.

AI-Powered Bot Detection

Veracity detects bots visiting websites.

47% of all website visitors are non-humans (bots) and 30% are malicious bots intent on harm (stealing data, setting up fake accounts, planting ransomware, etc). Veracity protects your website and data against even the new generation of AI driven malicious bots.

Friction-Free Bot Prevention

Veracity protects organisations from malicious bot attacks, using our friction-free deep tech machine-learning solutions to accurately differentiate humans from bots. No more selecting pictures or clicking on boxes. Sophisticated, accurate, rapid bot protection with no negative user experience.

Our AI-powered technology detects Automated Bot Attacks and Supply Chain Attacks (OWASP class 7-10 and 12-13) accurately, quickly and before they can cause you damage.

veracitytrustnetwork.com

Email: hello@vtn.live. London, Singapore, UAE.

Veracity Trust Network, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK. Find

First Official Guinness World Record FOR A CYBER AWARENESS ONLINE COURSE

DELIVERED BY UK COMPANY OSP CYBER ACADEMY

On behalf of the Kingdom of Bahrain

Scotland’s OSP Cyber Academy and the Arab International Cyber Security Conference & Exhibition (AICS) unite to achieve a cyber Guinness World Record – 1550 complete Internet Safety lesson in 24 hours.

OSP Cyber Academy and the AICS announce they have set a new Guinness World Record for the ‘Most People to Take an Online Internet Cyber Safety Lesson in 24 hours’.

The record was set during the AICS in Bahrain, where 1550 people from 44 countries completed the lesson in 24 hours, turning the day into the world’s largest cybersecurity training event.

AICS is Bahrain’s largest cyber security conference, bringing together government regulators, industry professionals, and solution providers to discuss and develop plans to secure their cyber and IT infrastructure. The event took place on 5th & 6th December and had a space dedicated to the Guinness World Record attempt, which was opened by Shaikh Salman bin Mohammed bin Abdulla Al Khalifa, CEO, National Cybersecurity Centre, Bahrain.

“We are absolutely thrilled to have achieved a place in the prestigious Guinness World Records. Our achievement has helped educate 1550 people on internet safety, arming them with the knowledge and skills to spot malicious activity online. Digital is the backbone of every industry worldwide, but criminals see this as an opportunity to launch cyberattacks and harm people. Only through education and awareness can we deter these threat actors.”

The Internet Safety lesson was created by OSP Cyber Academy, one of Scotland’s leading providers of cybersecurity training.

The lesson provided participants with valuable insight into the techniques cybercriminals use to exploit internet users and organisations, as well as providing advice on how to recognise scams and protect against them.

“Cybercrime affects everyone today. It’s not just an issue for businesses, if you are on the internet, then you are a target. By achieving this Guinness World Record we have helped to educate more internet users on online safety – but in the most fun and imaginative way possible.

We need to do more of these engaging tournaments to get more people thinking about their safety online. I am delighted that we have managed to achieve this Guinness World Record. We only needed to train 500 individuals to achieve the title, but we tripled our target. What a success,” said Thomas McCarthy, CEO of OSP Cyber Academy.

The World Record attempt began at 11.12am (AST) on Tuesday 5th December 2023. Evidence was shown to GWR Adjudicator Pravin Patel and Expert Independent Witness Isabelle Meyer that the leaderboard was wiped clean of any test users right before the attempt began. The course was then freely accessible for anyone from anywhere in the world for exactly 24 hours.

A few ‘completed’ users were selected at random to prove authenticity of the result. It was found that these users in fact spent more than one-hour on the course; re-attempting knowledge checks and demonstrating a clear path of real time eLearning.

This was a key requirement for this Guinness World Record Attempt, and reflected the success of awareness training.

In support of the global effort to improve Cyber Awareness, OSP continued to welcome users onto the platform after the 24 hour period. Course access remained open to be accessed freely worldwide for the entirety of the conference.

A further 552 people completed the course, even after the official record attempt was over. This not only re-enforce the success of the Guinness World Record Attempt, but shows that people are keen to learn, and that they understand the importance of good cyber awareness.

OFFICIAL GUINNESS WORLD RECORD: 1550

TOTAL COURSE COMPLETIONS:2102

The World Record attempt ended at precisely 11.12am (AST) on Wednesday 6th December 2023 and in the presence of Pravin and Isabelle, the leaderboard presented the current total course completions: 1,550. For

TOTAL COUNTRIES PARTICIPATED: 44

We Protect Your Business

End-to-End Protection from Cyber Threats

Athena - Digital Risk Management Platform

Digital Risk Monitoring

Supplier Security Monitoring

Dark Web Monitoring

Athena is a cutting-edge SAAS-based digital risk management platform that offers a 360-degree view of an organization's brand, reputation, and online risks.

Thunder Bolt - Digital Identity Protection Platform

Executive Protection Monitoring

Thunderbolt is AI and ML-powered digital identity protection platform. It safeguards users ' digital identities and helps them maintain a healthy security posture.

CYBER COMPLIANCE IN THE UNITED STATES

Licensed and educated in law, ethics and compliance, technology, intelligence, and cyber

Dr. Diane Janosek urges all:

“Until the regulation and innovation balance is achieved, all security leaders must zealously advocate for each team member and support open communication and teamwork. In the end, the collaborative and close global community we have built and cultivated must be saved, and not yield to fear. We’ve got this. We have each other.”

What US agency regulates cyber compliance and reporting requirements for publicly traded companies?

• The Security and Exchange Commission (SEC) plays a crucial role in safeguarding investors and maintaining the integrity of financial markets in the United States. Their primary mission is to protect ordinary Americans who invest in publicly traded companies. Let’s delve into some key aspects:

1. Regulation and Oversight:

The SEC oversees various aspects of the financial industry to include the stock exchanges NASDAQ and NYSE. By enforcing regulations, they ensure fair practices, transparency, and accountability.

2. Disclosure Requirements:

Publicly traded companies must adhere to strict disclosure requirements. This ensures that investors receive accurate and timely information about a company’s financial health, operations, risks, and governance.

3. Preventing Fraud:

The SEC actively investigates and prosecutes fraudulent activities. Whether it’s insider trading, accounting fraud, or misleading statements, their goal is to maintain market integrity and protect investors from scams.

4. Educating Investors:

The SEC provides educational resources to help investors make informed decisions. From understanding financial statements to recognizing red flags, they empower individuals to navigate the complex world of investments.

5. Market Surveillance:

Monitoring market activities is essential. The SEC keeps an eye on trading patterns, unusual price movements, and potential market manipulation. This helps maintain a level playing field for all investors.

6. Enforcement Actions:

When violations occur, the SEC takes enforcement actions. Penalties, fines, and legal proceedings are used to hold wrongdoers accountable and deter future misconduct.

7. Adapting to Technology:

With the rise of digital assets and online trading platforms, the SEC continues to evolve its regulations to address new challenges and protect investors in a rapidly changing landscape.

The SEC’s activities are meant to ensure investor confidence, market stability, and fair practices. While regulations may sometimes be debated, their overall impact is vital for a healthy financial ecosystem.

Are the SEC cyber compliance regulations overburdensome?

• There is certainly a delicate balance between regulation and innovation. The line is akin to a tightrope walk. Let’s explore the nuances of this situation:

1. The SEC’s plays a role in holding companies accountable, and they aims to instill investor confidence and promote fair practices protecting investors.

2. If there is overreach, or perceived overreach, it causes fear and uncertainty in the market.

What happened in the SEC fraud lawsuit against SolarWinds and their CISO?

• The 2023 civil fraud lawsuit filed by the SEC against SolarWinds highlights the delicate balance and intersection of cybersecurity and regulatory compliance.

1. SolarWinds, a victim of a cyber attack, faces allegations of inadequate reporting and insufficient security measures over several years.

2. While complicated facts, the SEC alleges intentional misleading of investors occurred.

3. The SEC’s stance raises questions about the balance between cybersecurity diligence and regulatory expectations.

Why is this concerning to the global community- what are the challenges and concerns?

• Striking the right balance is challenging and can raise concerns on sides.

1. While regulations protect investors, excessive burdens can stifle innovation and hinder proactive cybersecurity efforts.

2. The chilling effect stems from the fear of overregulation, which may discourage companies from promptly disclosing breaches or investing in robust security measures.

What is the SEC saying about Board Liability in cyber breaches?

• Boards of directors play a critical role in governance and risk management.

1. They are accountable for overseeing cybersecurity strategies.

2. While liability is a valid concern, it’s essential to recognize that boards need guidance rather than undue pressure.

3. Encouraging collaboration between boards, executives, and cybersecurity experts is crucial for effective risk

4. Boards should actively engage with cybersecurity experts, stay informed, and prioritize risk mitigation.

Why is there concern about the cyber and information security workforce because of this pending fraud lawsuit which names the CISO personally?

• Security professionals succeed Because of teamwork and trust.

• If, and when, an event occurs, blaming one person and naming out subordinates will dissipate this earned trust over time and erode the collective sense of camaraderie in the community.

• Cybersecurity is a collective effort.

• Trust among team members, transparency, and open communication are essential.

• In the information security field, the only thing that is certain is change. To be successful, teamwork is a must.

• Rather than solely focusing on individuals and personal liability, the community must emphasize and advocate for collaboration, continuous learning, and adaptive strategies.

What is the call to action?

• Finding the right equilibrium between regulation and innovation is an ongoing journey.

• Striving for a balanced approach— one that protects investors without stifling progress—is key.

To listen to Diane Janosek interview with Lets Talk Cyber:

Empowering Women in Cybersecurity:

WiCSME’s Trailblazing Journey

This special article is dedicated to the remarkable Women in Cyber Security Middle East (WiCSME) members, who have tirelessly contributed their utmost dedication and passion to make our initiatives successful and transformative in cybersecurity. WiCSME stands as a beacon of empowerment, innovation, and collaboration, championing the role of women in cybersecurity and significantly enhancing regional and global cyber resilience. Let’s highlight the initiatives that significantly impacted and celebrate the individuals driving these efforts.

GISEC 2023: A Meeting of Minds (UAE)

The GISEC 2023 breakfast gathering was a notable event, graced by Dr. Mohamed Hamad Al-Kuwaiti, who underscored women’s vital contributions to cybersecurity. This yearly initiative, led by Heide Young for four years, has brought WiCSME members as speakers and panellists in various stages.

She Talks Security: Echoing Vision 2030 (KSA)

Under the visionary leadership of Basma Amadush and in collaboration with Twaiq Academy, the “She Talks Security” program aimed to nurture female talent in alignment with Saudi Arabia’s Vision 2030. Champions like Maha AlOtaibi, Nouf Almobaraz, Dr. Majda Wazzan, Yosra Alquwaifel, Samiyah Alanazi, and Norah Aldeghaim led sessions that drove the diversity and inclusion

CyberSecurity Women of The Year 2023 Awards (USA)

WiCSME had a strong presence in the Global CyberSecurity Woman of the Year 2023 Awards, where Abeer Khedr served as a Judge, and three Finalists WiCSME Members: Heidi Young, Saltanat Mashirova, and Dr. Reem Faraj AlShammari. Dr. Reem was announced as the Winner of CyberSecurity Woman (Barrier Breaker) of the Year 2023.

Four of the founding members of WiCSME attended the Women of the World Awards Ceremony in Aberdeen Scotland 2023 kindly organised by OSP Cyber Academy & Cyber News Global, look our for the next exciting Awards event by CNG in Scotland and the GCC. Cyber

Such Presence and acknowledgments confirm the Stellar leadership of our Women in CyberSecurity in the Middle East and the Valuable impacts and achievements they have contributed to making our World a better and safer place to be in.

Women in Cyber Mentorship Program with ITU: Shaping Futures (Arab Region)

The WiCSME Mentorship Program Team was led by Dr. Reem Faraj AlShammari, supervised by Irene Corpuz, and supported by volunteers Shamma Bin Hamad, Lama Alhamad, Engr. Nouf Mohammad Albreiki, and Arwa Saleh Al Katheeri.

The Team exemplified WiCSME’s dedication to mentoring the next generation of female cybersecurity experts across 17 MENA countries, proving the power of guidance and knowledge exchange. Arab region participants (Mentors and Mentees) comprised around 30% of the total Program participants.

The Program sessions are available on the WiCSME YouTube channel to share knowledge and encourage learning.

Cybersecurity Woman of the World Edition Awards: Global Recognition (Scotland)

The Cybersecurity Woman of the World Edition Awards showcased WiCSME’s international stature, with Dr. Reem Faraj AlShammari serving as a judge and WiCSME members like Priyanka Chatterjee, Heide Young, Basma Ahmadush, and Saltanat Mashirova being honored, demonstrating the exceptional contributions of WiCSME women on a global scale.

Women in Cyber @ GISEC

CyberUK23 Conference: Bridging Continents (UK)

At the CyberUK23 Conference, WiCSME members, including Priyanka Chatterjee and Dr. Noora Fetais, highlighted the contributions of Middle Eastern women in cybersecurity, fostering important global dialogues and partnerships, and also meeting the other UK-Gulf Women in Cybersecurity Fellows Dr. Hoda A.Alkhzaimi and Aysha Ahmed Bin Haji who are leading innovations, regional and global collaborations, forums, and driving national cybersecurity strategies.

Blackhat Middle East 2023: Advancing Knowledge (KSA)

WiCSME’s engagement with Black Hat Middle East 2023 as a Community Supporter, led by Dr. Reem Faraj AlShammari who supervised Women in Cyber Focus for 3rd year in a row, shone a spotlight on the diverse expertise within the community with almost 20 members speaking in various stages, underlining WiCSME’s commitment to cybersecurity advancement.

Expanding Influence with Conference Partnerships

Spearheaded by Irene Corpuz, WiCSME’s “Community Supporter in Conferences” initiative has achieved remarkable success, establishing 13 event partnerships across 8 countries and engaging 158 members.

This effort showcases WiCSME ‘s global commitment to empowering women in cybersecurity, fostering extensive networks, and enhancing the community’s worldwide presence.

UAE Affiliate’s First Meet-up 2024: Inspiring Leadership

2024 was kicked off with the UAE Affiliate’s inaugural meet-up, orchestrated by Shafeeqa Shakri, Irene Corpuz, and Roya Hatamleh, was a celebration of leadership and innovation, charting the path for future endeavors and showcasing the vibrant journey of WiCSME.

CIO50 Awards: A Crown of Achievement

The CIO50 Awards recognized WiCSME with the Special Recognition Award in 2024, the first achievement of its kind. This is a testament to its pivotal role in empowering women and promoting diversity in the cybersecurity domain.

We are grateful to Andrea Benito Arauzo, Editor of CIO Middle East, Foundry, for her continued support to WiCSME.

A Salute to Individual Excellence

This year has been stellar for WiCSME members, with 26 achieving certifications, 42 presenting at conferences, 27 earning promotions or securing better opportunities, and 5 publishing books or research papers. These individual milestones underscore the talent and dedication within our community and the broad impact of WiCSME members in cybersecurity.

This Partnership is led by Dr. Reem AlShammari (Wicked6 Advisor Board member), supervised by Fatma Al Lawati (WiCSME Speakers Team Lead), and supported by Norah Aldeghaim (WiCSME Marketing Team Lead).

This article is a tribute to our WiCSME members, whose relentless efforts and heartfelt contributions have fueled our initiatives’ success. We may not be able to name every member and their contributions, but we value all their efforts and support for WiCSME’s wider mission.

Together, we continue to break barriers, inspire the next generation, and pave the way for a more inclusive and secure digital future.

Women in CyberSecurity Middle East (WiCSME) in Social Media: X (formerly Twitter): @WiCSME

LinkedIn: Women In Cyber Security Middle East Instagram: WiCSME (@womenincybersecurity middleeast)

YouTube: Women in Cyber Security Middle East [WiCSME]

Supporting Wicked6 2023 and 2024

WiCSME’s Partnership in 3 consecutive years with the Wicked6 Global Women’s Cyber League through WiCSME members contributions as Event Speakers, Cyber Game Players, and Conference attendees.Such continuous collaboration confirms WiCSME’s commitment to connecting, inspiring, and elevating women and girls worldwide in cybersecurity.

EMPOWERING WOMEN IN CYBERSECURITY: OPPORTUNITIES AND CHALLENGES IN THE GCC

Women in the GCC can contribute to developing national cybersecurity strategies, leading digital security initiatives, and innovating in artificial intelligence and cyber defense technologies.

Irene Corpuz, Founding Partner and Board Member, Women in Cyber Security Middle East

Contact : https://www.linkedin.com/in/irenecorpuz/

The cybersecurity sector in the Gulf Cooperation Council (GCC) countries presents a dynamic landscape filled with opportunities and challenges for women. Spearheading the movement towards a more inclusive and diverse cybersecurity community, Irene Corpuz, co-founder of Women in Cyber Security Middle East (WiCSME), has been a beacon of empowerment and leadership. Her dual roles as a WiCSME co-founder and Cyber Policy Expert underscore her commitment to advancing women’s roles in cybersecurity and shaping robust cyber policy frameworks in the Middle East.

Unlocking Opportunities for Women in Cybersecurity

The GCC’s cybersecurity sector is rapidly growing, driven by increasing digital transformation and heightened awareness of cyber threats. This growth opens numerous opportunities for women, ranging from technical roles like security analysts and engineers to leadership positions in governance, risk management, and compliance (GRC).

WiCSME, co-founded by Corpuz, along with eight other women from the MENA region in 2018, stands as a testament to the potential of women in cybersecurity. This initiative provides a platform for women to network and collaborate and emphasizes the value of women’s unique insights and talents in driving technological innovation and resilience. WiCSME’s foundation marks a significant step toward dismantling women’s barriers in a traditionally male-dominated field, promoting a more equitable and dynamic cybersecurity community.

Navigating Challenges in the Sector

Despite these opportunities, women in the GCC’s cybersecurity sector face several challenges. Gender biases and stereotypes persist, often undermining the recognition of women’s capabilities and contributions. Additionally, a lack of female role models and mentors in cybersecurity can hinder young women’s entry and progression in the field. Balancing career demands with societal and familial expectations also poses a significant challenge for many women in the region.

To address these challenges, support networks like WiCSME are crucial. They provide mentorship, education, and advocacy, empowering women to pursue and excel in cybersecurity careers. Initiatives like the ITU Mentorship Program, led by Corpuz, play a pivotal role in nurturing the next generation of female cybersecurity professionals in the MENA region. This program, alongside platforms like Blackhat Middle East, offers women valuable insights, advice, and exposure to advanced cybersecurity practices and emerging technologies.

A Visionary Leader’s Impact

Irene Corpuz’s contributions have been instrumental in fostering a culture of inclusivity and empowerment within the cybersecurity community, particularly for women in the GCC. By integrating advocacy for women’s empowerment with strategic expertise in cybersecurity policy and GRC, Corpuz has paved the way for a more inclusive cybersecurity community. Her visionary leadership and insightful contributions continue to inspire and shape the future of cybersecurity, embodying a legacy of positive change and resilience.

Through dedicated efforts like those of Corpuz and WiCSME, the cybersecurity sector in the GCC is gradually becoming a more welcoming and promising field for women. These initiatives not only highlight the importance of diversity in cybersecurity but also encourage the development of a supportive ecosystem that can overcome challenges and leverage the full potential of women in the field.

Strength in Diversity: Woman at the Helm of Cyber Resilience in the Middle East

Eng.

Al-Salamen

Eng. Dina Al-Salamen is the Vice President and the Head of Cyber and Information Security at Bank ABC (Jordan). She has worked for multinational businesses such as Arab Bank and Bank ABC for over 17 years. She recently got the opportunity to be a member of the EC-Council International Advisory Board (CISO Program).

She holds PECB Trainer and EC-Council Certified Instructor credentials. She is honored to participate as an advisory member in several cybersecurity and CBDC communities in Jordan’s financial sector.

Dina has a genuine love for innovative technologies such as Blockchain, Big Data, and Artificial Intelligence. She gives keynote speeches on cybersecurity and has spoken at various international conferences, including GISEC in Dubai, LEAP & Blackhat MEA in Riyadh, and the Fintech Summit in Jordan.

Dina’s role @ Bank ABC (Jordan)

As the Head of Cyber and Information Security, Dina is in charge of developing and implementing the information security strategy and program to ensure that information assets and technology are properly safeguarded.

Dina’s call for action: What do you think women need to focus on to make GCC a safe place to work.

Dina believes that each organization will need to develop specific agendas that align gender diversity measures with the organization’s strategy. However, in each arena, it is possible to identify practical steps that senior leaders can take to achieve a substantial positive impact.

She establishes appropriate standards and controls relevant to data protection & contingency planning, manages security technologies, and directs the establishment and implementation of policies and procedures.

Dina is also responsible for information-related compliance (for example, ensuring that the Central Bank of Jordan’s Cybersecurity Framework is followed). She collaborates closely with other executives to ensure Bank ABC (Jordan) grows in a secure and compliant manner. She directs the cybersecurity team in identifying, developing, implementing, and maintaining processes across Bank ABC (Jordan) to mitigate information and information technology risks.

What will help to support a change program focused on establishing women leaders as the norm is an integrated “ecosystem” of direction-setting, enabling training practices and mentorship as well as supportive policies and procedures.

Therefore, Top management commitment, Targeted leadership development programs, and Supporting HR policies and infrastructure are the keys to make GCC a safe place for women to work.

SCOTSOFT2024

For more than 30 years, leadership and technology have combined at ScotSoft.

The day is jam packed with more than 40 speakers across our Developer Conference and Leadership Forum, and topped off with our Young Software Engineer of the Year Awards dinner in the evening.

More than 1000 guests join us from around the country not just to learn during the day, but celebrate our incredible young talent emerging from Scotland’s universities. join us

The day is packed full of visionaries, technologists, business leaders and managers working in digital companies and end user businesses.

Join us and get inspired by our great line up of speakers at the longest running tech focussed conference in Scotland.

scotlandis.com