On Sept 18th, Nexor and De Montfort University hosted the inaugural meeting of the Institute of Information Security Professionals (IISP) in the East Midlands. Twenty-five delegates were treated to a presentation and demonstration by Jay Abbott (Managing Director of Advanced Security Consulting Limited) on how easy it has become to play the role of a bad guy in Cyber Security.
The evening started with a slight delay while people fought with the local traffic, but the delay enabled delegates to visit the Cryptographic exhibition at De Montfort – an unexpected but excellent opportunity. The meeting proper started with an introduction from Colin Powers handing over to Jay.
Cyber Attacks & Live Hacks
Jay’s presentation explored how the key difference between good and bad guys was motivation, then went on to demonstrate a tool called Easy Creds showing how easy it was to set up a fake wireless access point, and use this to capture username / password and authentication cookies from unsuspecting mobile device users. Jay concluded with a perspective on how to defend systems against the easy-to-deploy threat.
Watch the presentation on YouTube.
A discussion then followed (not on the video), which largely focused on how do we as security professionals, in the light of such easy-to-deploy tools, get the attention of our respective companies, and ultimately boards, to accept the threat is real and investment needs to be in protecting the business from the effects of such threat.
What next for the IISP in the East Midlands
Following the discussion, the evening concluded with me leading a discussion on how to take the IISP East Midlands branch forward. My take away from the discussion was there is a real need and desire for a regular forum in the region, and some excellent ideas of topics were put forward with offers of venues. Encouraged by this we will certainly look to move forward.
Follow @IISPEastMids to keep informed of the plans as they evolve.
To get to this point with the IISP East Midlands has required the support and encouragement of a lot of people, dating back two years.
The key players have been Clinton Walker who allowed me to use the Talk*infosec event as a launch pad and sounding board. Tim Watson at De Montfort, who acted as the main catalyst – I briefly mentioned the concept to Tim earlier this year, and before I could take a second breath found myself in planning phone conferences with the IISP. Finally Colin Powers and Irene Dovey from Nexor who responded admirably to my call for help with sorting out the details, and I’m pleased to say they have agreed to be at the forefront of driving us forward.
Please keep your feedback coming, via the comments box below, as to what you would like to see from the East Midlands IISP branch, and how we should take it forward.