Wayne May

Site owner at www.scamsurvivors.com with 16 years' experience working in the antiscam community. Appeared in the media on numerous occasions discussing both scam awareness and scambaiting.

Talk
My 10 commandments of baiting. A simple "howto" on how to bait 419 scammers. It explains basics such as baiting safe, not educating the scammers etc.

Dylan Wheeler

Dylan Wheeler is an ex-blackhat hacker known for his involvement in the Xbox Underground hacking group (featured by WIRED US and Darknet Diaries). Dylan currently resides in London and has been a major advocate for responsible disclosure in recent years, working largely within both the financial and entertainment sectors. Dylan takes an unusual and often eccentric approach towards the information security field and in 2019 was rumoured to be assaulted at the ICE London conference by a vendor for a security disclosure gone awry.

Talk
In 10 minutes, I give a brief introduction into neurodiversity, and how it can be leveraged towards your infosec career.

Melanie Molina

Hi I’m Mel, I’m Spanish/Venezuelan and my favourite areas of security are Application Security, Vulnerability Management & Automation.

Talk
The concept of and protocol Zero Knowledge, and possible use cases (1 in particular which is SSO) for passwordless single sign on!!

David Rogers

David Rogers MBE, CEO Copper Horse.
David is a mobile phone and IoT security specialist who runs Copper Horse Ltd, a software and security company based in Windsor, UK. His company is currently focusing on product security for the Internet of Things as well as future automotive cyber security. David chairs the Fraud and Security Group at the GSMA and sits on the Executive Board of the Internet of Things Security Foundation. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and is a member of the UK’s Telecoms Supply Chain Diversification Advisory Council. He has worked in the mobile industry for over twenty years in security and engineering roles. Prior to this he worked in the semiconductor industry. David holds an MSc in Software Engineering from the University of Oxford and a HND in Mechatronics from the University of Teesside. He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University. He was awarded an MBE for services to Cyber Security in the Queen’s Birthday Honours 2019.
He blogs from https://mobilephonesecurity.org and tweets @drogersuk

Talk
This talk will explain how we were able to get real-world car hacking equipment for mileage clocking up and running in our own vehicle motion simulator in order to help us reverse engineer and also demo it (without getting arrested). David Rogers will also explain how rigs can be built to bring in other types of equipment, from head units to dashcams. He will show how the rig has also been adapted to allow others to ‘remotely control’ elements of the vehicle – including removing the brakes and accelerator, which provides a truly terrifying, immersive experience of what it would be like to be in car where things are in the control of a malicious third party, not the driver. The talk will conclude with what needs to be done in the future autonomous and connected vehicle space to ensure safety and security. 

Abubakar Mohammed

Abubakar is a PhD student at Cardiff University researching on cybersecurity for OT Cyber-Physical Systems in the oil and gas industry. He has 12 years of experience working in the oil and gas industry in various engineering roles and has a background in Mechanical Engineering (B.Eng), and a Masters degree in Petroleum and Gas Engineering.

Talk
The offshore oil and gas (O\&G) industry has recently been going through a digitalisation drive with the use of `smart' equipment using technologies like the Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS). More specifically, oil production offshore is usually in remote locations, requiring remote access and control. This is achieved by integrating ICPS, Supervisory, Control and Data Acquisition (SCADA) systems, and IIoT technologies. However, although the integration of these devices has improved operational efficiencies, it has also introduced a range of security flaws. As such, and due to the important operational nature of these systems, they are becoming an attractive target to adversaries. Cyber-attacks against an oil and gas offshore asset could have a devastating impact on the environment, marine ecosystem and safety of personnel. In addition, any disruption to the world's supply of oil and gas can also have an effect on oil prices and in turn, the global economy. Subsequently, securing the industry against cyber threats is critical. The focus of this presentation is twofold; firstly, it will give an overview of the oil and gas industry and its lifecycle, and secondly, it will discuss the current state of cybersecurity and its challenges.

Jenny Codes

A software engineer and information security specialist based in Cardiff, South Wales.

Talk
The fight between access controls and security - a devils advocated talk from a software engineer- who needs high access to do their job, who is also passionate about security compliance and understands why tight measures are needed.

Ian Parsons

Cyber Threat Intelligence Analyst at Bridewell Consulting
 
Ian joined Bridewell in May 2021 as a Cyber Threat Intelligence Analyst and is responsible for proactively monitoring any threats against clients and their industry. He works with clients and their industries to proactively monitor for threats, providing intelligence to help defend their networks, brand, and reputation.
 
Prior to joining Bridewell, Ian was a Cyber Threat Intelligence Analyst for the Ministry of Defence where he was responsible for producing timely threat intelligence to help defend the MOD core network. He holds GCIH and GCFE qualifications and is certified in Open-Source Intelligence from the McAfee Institute.
 
Ian is passionate about cyber security, and the variety of responsibilities within his role. He works with a wide range of teams to ensure protection of their networks and reputation.


Talk
Disinformation and countering the narrative

Andrea Jones

Andrea Jones is an information security manager and data protection officer with the fire service, she is also vice-chair of the National Fire Chief's Council information governance group and a Microsoft Office Master Instructor.

Talk
This talk will summarise my Masters research into the ability of users to use the privacy protecting features of MS Office such as BCC, removing cropped areas of pictures, etc. I also looked at the ability to high steganography within an Office document. My talk will show my findings, useful information about Microsoft Office settings and some group policy configuration that can be used.

Vangelis Stykas

Vangelis is a developer as well as a penetration tester.
He applies his skills as a Senior Penetration Tester at Pen Test Partners and his research focus involves API and web application security.
His academic research is focused on machine learning and the development of proactive web application security. During his free time Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
During the past years he has published research regarding API control functions for ships, smart locks, IP cameras, EV chargers and many other IoT devices.

Talk

Pwning 10^7 devices in 10^1 minutes across 10^2 endpoints
Vangelis will cover in 10 one-minute slides how anyone could control 10^7 (that’s 10 million) devices by exploiting a series of simple yet critical API flaws that were typical “rush to market” flaws that can allow an attacker to control and even use them as an initial foothold in millions of networks. Devices controlled vary from routers to alarms and car chargers. It seems that the era of “central platform” handling that helped with a variety of problems (like port forwarding) backfired by reintroducing a number of vulnerabilities that were thought to be long gone.