Cyber Spill - September 2023

Meet the Team: Ahmed Behlul

5 October 2023

Curious who’s on the other end of the phone or helping you through your Cyber Essentials certification? Find out through our Meet the Team series.

Q: What is your role at ID Cyber?

A: Cyber Security Assessor and Team Lead

Q: When did you join ID Cyber?

A: December 2019

Q: Can you describe your role at ID Cyber?

A: I carry out Cyber Essentials assessments and also lead our team of assessors, making sure that they’re supported, have all the information they need, and that applications are on track.

Q: What’s your favourite thing about working at ID Cyber?

A: I know everyone else has said this, but I love our team.????

Q: How did you end up working in cyber security?

A: During my time as a Data Centre Infrastructure Manager, I had the opportunity to gain deep insights into the critical importance of securing sensitive data and maintaining the integrity of IT systems. I was responsible for ensuring the seamless operation of the data centre, which included implementing robust security measures to safeguard the infrastructure and data against potential threats. I found the security aspect of the job really interesting and have focused my attention there ever since.

Q: What do you like to do in your spare time?

A: I spend a lot of time in the gym and love going on holiday, especially to warm places. I also try to go to Iraq when I can — I moved from Iraq to Scotland two decades ago, but I still have a lot of family and friends there who I love to visit. I also spend a lot of time with my family and friends in Scotland.

Q: Is there a book, blog, or podcast you’d like to recommend?

A: ID Cyber Sessions… ??

Conferences

BSides Leeds and SteelCon 2023

Attending conferences is a crucial way our staff can keep up to date with cutting-edge research, be introduced to important new ideas and perspectives, and help inspire and support the next generation of cyber security professionals. Our?ID Cyber Solutions?Conference Report series aims to showcase some exciting and ground breaking ideas presented at these events.

Report by Alice, Cyber Essentials Assessor and Technical Editor

It’s hard to deny the value of conferences. Meeting new people and developing networks, learning about new technologies and ideas, and even just reinforcing your existing interests – I don’t think I’ve ever been to a conference and not a) massively enjoyed it b) gained a lot from it on both a personal and professional level, and I’m happy and grateful to be working for a company that supports its staff attending these events.

However, there’s more to be done at a conference than (just?!) attending, listening, networking, and learning, and I’ve recently been appreciating the importance and the satisfaction of directly contributing. This means that our usual conference wrap-up post is going to be a little different this time, given I didn’t manage to actually attend many talks at all!

On 24th June 2023, I attended BSides Leeds?as a conference volunteer. I had signed up for this several months before, and had dedicated the odd morsel of time here and there to tasks passed on by the conference organising team. As regards the event itself, my weekend looked something like this:

Friday

14.30: Leave Glasgow (sharing the car with two other volunteers and an attendee)

19.00: Arrive in Leeds

19.30: Attend pre-event social gathering

Saturday

01:00: Arrive back at hotel after social gathering

06.00: Go for an optimistic but probably ill-advised run with another volunteer

07.30: Leave hotel

08.00: Arrive at venue to don volunteer garb and to help with outstanding setup

09.00: Attend opening remarks

09.30: Attend opening keynote (Holly-Grace Williams discussing red teaming)

10.00: Complete general runner duties – setting out biscuits for the coffee break, retrieving items, retrieving people

12.30: Have a quick lunch (accompanied by an excellent brownie)

13.00: Complete Green Room duties – providing a secure space for speakers’ personal belongings, helping settle speakers before their sessions, (unexpectedly) helping teams obtain scavenger hunt items

14.30: Go back to being a runner – more biscuits, more retrieving items and people, undertaking critical missions (finding coffee for tired speakers)

16.45: Attend final panel session, juggled with the theme of the day – retrieving items and people

17.30: Attend closing remarks

17.45: Point attendees in the direction of the afterparty

17.46: Frantically tidy up in the few minutes left before the venue closure

18.00: Say hello to attendees at the afterparty

19.15: Begin the drive back to Glasgow

21.30: Stop at M6 services for expensive fuel (for both car and people)

Sunday

01.15: Arrive home, having deposited other car-occupiers in various locations

Being a volunteer essentially guarantees an incredibly busy day with not a lot of downtime. I managed to tot up almost 14k steps during the event, and only saw the opening keynote and part of the final panel. However, this doesn’t mean it’s not an amazing experience. Seeing attendees having a great time, an appreciative nod from a tired organiser or presenter as you silently pass them a coffee during a session, the volunteers’ WhatsApp group exploding with messages because something is needed and everyone is leaping to help – these things all mean you have an absolute blast and have the additional satisfaction of knowing: you helped make this happen. I would wholeheartedly recommend volunteering to anyone who just enjoys getting stuck in.

And then?SteelCon… that was a different kettle of fish entirely. When I finished my academic endeavours and embarked on a publishing career, I swore to myself I wouldn’t ever put myself back in a position where public speaking was required. And then I came to cyber security and actively sought it out.

My application to speak at SteelCon was accepted, and I duly made my way there for the conference on 8th July 2023. I’m not afraid to say that I was extremely, extremely nervous. I’m not a natural public speaker and, while my experience from academia was that fully scripting a talk was the norm, my foray into cyber security presenting would involve speaking with only a few Presenter Notes against my slides. In fact, I was so nervous that I couldn’t attend anything in the morning beyond the opening remarks, because I needed to try and calm my nerves through mindless repetitive action (playing Space Invaders at a sponsor’s stall).

My talk (about effective communication in cyber security) seemed to go well, with lots of positive feedback, and after the lunch break I was finally able to attend some talks. First, I went to Maya Boeckh’s talk on how creating JavaScript challenges for Capture the Flag events has helped them with reverse-engineering. This was a highly technical talk, and I’m not ashamed to say that aspects were far beyond my coding capabilities, but Maya had structured their talk carefully and in such a way that anyone, possibly even someone with no coding knowledge whatsoever, could follow their logic.

I then saw Ian Thornton-Trump speak on “Good, Better & The Best Security!”, which was a passionate and important discussion about how security controls can and should fit within an organisation. Ian is a really excellent speaker and this was a highly engaging and entertaining talk about compliance, controls, and context.

And, aside from closing remarks, that was all I saw. The nerves and adrenaline of giving my own talk had really taken it out of me, and, although I did attend the afterparty for a couple of hours, I was honestly ready for bed from partway through the afternoon. But I really enjoyed it. I felt good about the talk I gave and the feedback I received, and I loved that, after attending my first SteelCon in 2022, I was able to actually contribute to it in 2023. I loved that aspect to such a degree that, despite loudly proclaiming to fellow SteelCon attendees that they had witnessed my first, last, and only presentation, I applied to speak at G3C (to be held at Glasgow Caledonian University in November 2023) only a couple of weeks later.

Am I sad that I saw barely any talks from Leeds and SteelCon? Yes. But! YouTube is a wonderful thing. Cooper (@ministraitor on Twitter/X) manages, with the support of a small team, to record the talks at a huge array of conferences, meaning you can catch up online afterwards. And while I didn’t see the talks on the day, it’s been really lovely over the last few weeks to spend a lunch break or a random hour at a weekend revisiting the events and seeing what I missed at the time.

If you’re interested in copying me and spending your spare time seeing the honestly brilliant offerings from these events, check out their YouTube channels (BSides Leeds?and?SteelCon).

And if you’re interested in copying me and volunteering or speaking at one of these events, please please do. I can assure you that you won’t regret it.

BSides Newcastle

We were proud to be a Gold Sponsor for BSides Newcastle at the end of September.?Below are a couple of images taken at the event.

International Cyber Expo 2023

We were also delighted to be at the?International Cyber Expo?as part of the IASME Pavilion (The IASME Consortium). Below are a couple of pictures from our stand.

Zoholics

Megan?and?Stephen?went to Zoholics to help us expand our product knowledge of cloud-based systems.

Glasgow Caledonian Cyber Convention

G3C?- 4th-5th November 2023 More speakers announced

We are excited to announce that ID Cyber Solutions' Alice McGready?and?Cary Hendricks have been announced as speakers at G3C on the 4th of November 2023. Alice will present a talk entitled 'Communication Breakdown', while Cary will deliver the closing Keynote Speech entitled 'That is a Good Question, Kev'.? More speaker announcements (including another ID Cyber team member) are?expected soon, so watch our LinkedIn Page for updates. Glasgow Caledonian Cyber Convention, abbreviated G3C, is going on for its second year bringing together cyber security industry professionals, students, and enthusiasts to share ideas, knowledge, and experience.?G3C is designed with the aim of providing a great opportunity for networking, and learning for all attendees of any background and experience.

ID Cyber Sessions

Tune in to the chat with?Lennaert Oudshoorn, a Security Analyst at?Zerocopter, which helps organisations establish effective bug bounty programs, and a volunteer with?DIVD Dutch Institute for Vulnerability Disclosure. He shares?insights into the world of vulnerability disclosure, including guidance for ethical hackers who've discovered a vulnerability and for organisations receiving a disclosure.Check out Lennaert’s interview now?via our YouTube channel:?Click here.

CV Workshop Feedback

We delivered our first CV workshop at the start of September! Thanks so much to Jamie for the lovely feedback.

Cyber Essentials Update

Are you currently working on?your?Cyber Essentials application?? Did you purchase it before 24th April?

If so, you'll be on the Evendine question set. Please note that all applications on this question set must be completed by 23rd October 2023. Make sure that you submit well in advance of this date to allow sufficient time for marking and remediation. If you also purchased the Evendine version of?Cyber Essentials Plus, your Plus must be completed by 23rd January 2024. However, your self-assessment must still be completed by 23rd October.

Upcoming Courses

Have?you considered Cyber Essentials certification?

Cyber Essentials?certification is a great way to double-check whether your organisation is up to date with recommended standards and to show your dedication to maintaining a robust security.

To find out more (or to check out our Fast Track and Extra Help services), click here.