My thoughts on Security Days conference

I’ve now been to my first ever cybersecurity conference. Tietoevry held the three-day conference known as Security Days. With 6 speakers from 4 different countries, it was a wonderful chance for me to broaden my knowledge of both offensive and defensive security as well as meet some really interesting people. In this post, I would like to highlight a few events from the conference.

The place to be

It is 3:30 PM on the 1st of November and the Security Days conference in Brno is starting. I arrived at the Impact Hub, a well-known coworking space in Brno, half an hour earlier to be able to reserve a place for seating because I anticipated this event to be packed with people because there aren’t many cybersecurity events in my local area.

Impact Hub where the conference was held

When BitLocker, app whitelisting, antivirus and EDR are not enough

Fortunately, I was able to enter just as the first speaker was about to begin. This one was really exciting for me because Jan Marek is a well-known figure in the cybersecurity industry and co-founder of Cyber Rangers. It was quite a treat to see him again, and I thoroughly enjoyed his presentation on the subject of “Bypassing standard Windows protection”.

Jan has demonstrated how to get around practically every aspect of Windows security. Installing Russian as one of the system languages is one of the amusing and intriguing takeaways and tips on how to safeguard your servers. Even though it might seem foolish, doing it could save you and your systems as a true nationalist hacker would never dare to temper with his country’s server.

Security is a process, not a product

Security is not a product that you buy once and suddenly become “secure”. As opposed to trying to add security at the very end of the project development process, security needs to become more of a mindset. That is the major lesson to be learned from Jari Javanainen’s presentation on improving security using available tools. Jari, the head of CSIRT at Tietoevry, discussed the value of a defensive approach to security in less than an hour, drawing on his expertise in incident response. Hearing about different APT (advanced persistent threat) organizations like Lazarus and OceanLotus and their activities was pretty interesting.

Cybersecurity around the world

The third talk that really sparked my interest was given by Martin Zich. Martin is a Hewlett Packard cybersecurity consultant who has traveled to practically every country in the world. He has discussed his experience and common errors businesses make while attempting to become more cyber-resilient.

Even on the final day of the conference, the space was mostly full.

Winning some merch

The majority of us attend conferences because of the merchandise we can get there. I’m not an outlier. However, this time, participants could win “Security Days” t-shirts by providing insightful questions or accurately responding to those posed by presenters.

Attendees were asked if they were aware of any methods used to prevent cookie theft during Jari’s presentation. I’ve advised utilizing the SameSite property and setting the secure context to guard against cookie theft and forgery. So this is me happily wearing a well deserved t-shirt.

Proud owner of one of the Security Days t-shirts

Raffle

There was a large lottery for vouchers for training from the CompTIA worth 20.000 CZK after each and every presentation. Unfortunately, I wasn’t fortunate enough to win, but perhaps next time I’ll be.:)

CTF with Wayne Burke

One of the speakers, Wayne Burke, has also planned his own Capture the Flag hosted TryHackMe. Unfortunately, I had to leave early and was unable to attend, but I have no doubt that everyone there had a good time.

Summary

Overall I am quite satisfied by the first conference I have attended. I want to express my gratitude to Tietyevry for hosting the event and to all of the speakers who were there as we have chatted after each presentation. Being around individuals who are passionate about the same things is fantastic, and I am already looking forward to the next year.

If you have read so far, you might want to follow me here on Hashnode. Feel free to connect with me over at LinkedIn or Mastodon.