Ivan Reedman - Head of Hardware, NCC Group UK

My name is Ivan Reedman, I am the NCC Group UK Head of Hardware. I approach security with a systems engineering mind set. Understanding a system architecture allows me to focus the teams energy on areas of high priority to a client and areas that are most likely to have issues that have a high impact if compromised. I have been a hardware and embedded systems innovator and designer for over 20 years. I have always focused on niche high technical risk markets such as Military. I designed and delivered a specialist last line of communication radio system for DSTL (UK MOD defence science and technology laboratory) that included a new RF modulation (Phase delta encoding) resulting in 15 times the bandwidth of previous LF communications. I focus on specialist HW penetration tests and hardware deep dives as well as providing clients with secure by design hardware support. I also oversee the development of specialist security hardware testing tools for NCC Group, these include but not limited too;

1. USB Magic (USB Hacking tool the size of a memory stick. It provides on board hardware crypto acceleration, WIFI communications, supporting 16 con-current USB end points under 100% software control.)
2. USB to SENT (A SENT adaptor to allow our automotive team to sniff, inject and bus master the SENT communications within vehicles. The tool also supports the generation of invalid SENT messages at a PHY layer to support fuzzing of the software stack within the target device)
3. NFC Relay (A near field communications tool, it supports relaying at low latency NFC data from one point to another. This tool has been used successfully to allow our team to unlock, start and drive away many high end German cars that support remote keyless entry)
4. RKE Amp (A simple tool built specifically for the BBC One show where the BBC asked us to demonstrate an attack on a German car that had previously been on the news. The tool was built using parts purely from a local electronics store)

Late 2016, I identified a vulnerability in the silicon construction of programmable many mixed signal IC’s used to provide HW security in the event of a software compromise. A white paper on this will be published.

I am also heavily involved in software defined radio. I have built a tool called EM-Map (RF version of nMap) that allows us to scan a target for electro-magnetic emissions, the tool then matches those emissions to a database of known protocols and channels in order to provide an understanding of what EM the target is emitting. It utilises a UWB antenna and can scan target equipment from below 60MHz to beyond 6GHz.

Richard Morrell - Director, Cloud Security Alliance (CSA)

Now working for the Cloud Security Alliance and based in the United Kingdom, Richard has a background in security stretching back over two decades. Heading up security strategy for leading global organisations including CGI and most recently six years with Red Hat. Open Source veteran and co-founder of SmoothWall the filtering company in 2001 and the Linux project of the same name a year earlier.

A former UK Government CLAS advisor working with GCHQ and the UK MoD including the first ever use of CSA CCM controls in the classified and defence space globally. Richard writes a regular security column in the UK and has presented over 140 episodes of his security radio show since 2012 talking to the leading global lights in the security world.

Mike StJohn-Green - Former Deputy Director of CESG

Mike is an independent consultant in cyber security, currently working with a range of clients, primarily in the City of London and Europe. Among recent assignments, he has led information security audits with three of the UK's FTSE-350 companies and offered advice to City auditors and boards, demystifying this thing called cyberspace and its security. He retired in 2013 after more than 39 years working for the UK government, mainly at GCHQ and most recently in the Office of Cyber Security and Information Assurance in the Cabinet Office. His Cabinet Office responsibilities included international relations and the role of standards in improving cyber security. He had a range of roles in GCHQ, including deputy director CESG, the Information Assurance arm of GCHQ.

Mike also works with the Information Security Forum, which publishes the internationally-recognised Standard of Good Practice. He works with the International Atomic Energy Agency chairing a standards committee. He was on the steering board of the recently published cyber security standard, PAS-555, and supports the IET's work on Cyber Security, principally by chairing committees and conferences. He is a frequent speaker and writer on the topic of cyber security. He remains, at heart, an engineer and is convinced we could build more secure systems, by design and cost-effectively avoid many of today’s security-related problems.

Ali Dehghantanha - Research Fellow Cyber Forensics at University of Salford, Manchester

Ali is the Research Fellow Cyber Forensics at University of Salford, Manchester

Martin Borrett - CTO Europe & Distinguished Engineer, IBM Security

Martin Borrett is an IBM Distinguished Engineer and CTO IBM Security Europe. He advises clients at the most senior level on policy, business, technical, and architectural issues associated with security. Martin leads IBM's Security Blueprint work and is co-author of the IBM Redbooks 'Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security' and 'Understanding SOA Security.'

He is Chairman of the European IBM Security User Group community, and a member of the Royal Society's Cybersecurity Research Steering Group. He is also a Fellow of the British Computer Society and a Chartered Engineer (CEng) and member of the IET. Martin has a passion for sailing - having represented Great Britain - and is also a keen tennis player.

Peter Stelzhammer - Co-Founder, AV-Comparatives

Peter Stelzhammer started working in IT in 1989. After 5 years working as the IT System Administrator of Alois Wild Group (Champion, Mexx, Benetton, Etienne Aigner), he became COO at Telesystem Tirol (an ISP and TV broadcasting company). He later set up Kompetenzzentrum.IT (IT security consulting), which has customers all over the world. Whilst running this organization he met Andreas Clementi, with whom he founded AV-Comparatives.

Peter Stelzhammer is on the board of directors of the Tyrolean Cluster IT (Tyrolean government’s IT strategy group) and also the board of AMTSO (Anti-Malware Testing Standard Organization). Peter is a frequent speaker at major security conferences.

Danielle Ashcroft - Group Information Security Manager, JD Sports

Danielle looks after the global infosec operation at FSTE 250 LSE listed JD Sports Fashion PLC, a global multi-channel retailer who’s brands include JD, Size?, Chausport, Sprinter, Getthelabel.com, Kooga, Kukri Sports, Source Lab, Scotts, Tessuti, BrownBag, Woodhouse, JD Gyms and Nicholas Deakins. Its outdoor brands include Blacks, Millets, Tiso and Ultimate Outdoors and Go Outdoors. Chausport operates throughout France retailing international footwear brands, such as Nike, Adidas and Le Coq Sportif together with brands specific to the local market, such as Redskins. Sprinter is a sports retailer in Spain selling footwear, apparel, accessories and equipment for a range of sports, as well as lifestyle casual wear and childrenswear.

Danielle looks after global infosec and compliance, covering over 1000 stores and business 15K+ employees globally. Prior to JD Sports Danielle spent over 3 years as retailer Matalan as Commercial Risk and Compliance Manager, overseeing the commercial compliance and PCI DSS strategy for the group including the omni-channel and store estate, the risk portfolio, change implementation, fraud investigations and PCI DSS programme. Before Matalan Danielle held various roles at Barclays Retail and Corporate Banking, covering Risk Management and corporate banking services.

Ken Munro - Partner, Pen Test Partners

Ken is a security entrepreneur and industry maverick that has worked in infosec for over 15 years. After studying Applied Physics he tried his hand in the hospitality industry but soon discovered a talent for hacking, persuading a till to print out mortgage amortisations. He went on to cut his teeth in the anti-virus industry before founding SecureTest, a penetration testing business that quickly established a reputation for delivering high spec services using a boutique business model. NCC Group recognised the value of the proposition and acquired SecureTest in 2007. But Ken had found his calling and his penchant for pen testing saw him set up Pen Test Partners in 2010 which now boasts some of the best ethical hackers in the business, each of whom has a stake in the firm. Ken’s zeal for pen testing is matched only by his disdain for those vendors who resort to scaremongering to peddle point solutions. He is a fierce advocate of responsible disclosure and regularly researches and reveals security vulnerabilities in an effort to promote better security design and practice. He takes a key role in conducting investigations as well as encouraging team members to pursue their own research and the results are published on the company blog on a weekly basis as well as being publicised by the wider media.

Ken is a respected speaker and pulls no punches during his annual Tech Talk presentations at Infosecurity Europe, where he can also be found performing practical hack attacks on the company stand. He is a regular speaker at events held by industry bodies and associations and has spoken at the ISSA Dragon’s Den, (ISC)2 Chapter events and CREST (Council of Registered Ethical Security Testers) events, where he sits on the board, helping to establish standards in both member organisations and among individual penetration testers. He’s also an Executive Member of the "Internet of Things Security Forum", a body that aims to promote best security practice and the application of controls in smart device manufacturing, and spoke out on IoT security design flaws at the forum’s inaugural event. He’s also not averse to getting deeply techie, regularly participating in hacking challenges and demos at 44CON, DefCon and Bsides. Ken has a wealth of experience in penetration testing but it’s the systems and objects we come into contact with on an everyday basis that really pique his interest. This has seen him hack everything from hotel keycards, to keyless cars and a range of Internet of Things (IoT) devices, from wearable tech to children’s toys and smart home control systems. This has gained him some notoriety among the national press, leading to regular appearances on BBC TV and BBC News online as well as the broadsheet press, and he’s also a regular contributor to industry magazines, penning articles for the legal, security, insurance, oil and gas, and manufacturing press.

Rik Ferguson - Global Vice President Security Research, Trend Micro

Rik Ferguson, Vice President Security Research at Trend Micro, is one of the leading experts in information security. He is a Special Advisor to Europol EC3, a project leader with the International Cyber Security Prevention Alliance (ICSPA), and Vice Chair of the Centre for Strategic Cyberspace & Security Science. In April 2011 Rik was inducted into the Infosecurity Hall of Fame.

As a presenter at global industry events such as RSA, Mobile World Congress, Virus Bulletin, RUSI and the e-Crime Congress, Rik addresses the challenges posed by emerging technology and online crime. He is frequently interviewed by the BBC, CNN, CNBC, Channel 4, Sky News and Al-Jazeera English and is quoted by national newspapers and trade publications throughout the world.

Rik writes the Countermeasures blog and is the lead spokesperson for Trend Micro, he also writes regular columns for CIO, ZDNet, T3 and several other European publications. In this position, Rik is actively engaged in research into online threats and the underground economy. He also researches the wider implications of new developments in the Information Technology arena and their impact on security both for consumers and in the enterprise.

With over twenty years experience in information security, Rik has been with Trend Micro since 2007. Prior to assuming his current role he served as Security Infrastructure Specialist at EDS where he led the security design work for government projects related to justice and law enforcement and as Senior Product Engineer at McAfee focused on network security, intrusion prevention, encryption and content filtering. Rik Ferguson holds a Bachelor of Arts degree from the University of Wales and is a Certified Ethical Hacker and CISSP-ISSAP in good standing.

Gary S. Miliefsky - Publisher, Cyber Defense Magazine

Gary is a globally recognized cybersecurity expert, frequent keynote speaker, inventor and founder of numerous cybersecurity companies. He is a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cyber crime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the infosec arena, he is an active member of Phi Beta Cyber Society an organization dedicated to helping high school students become cyber security professionals and ethical hackers. He founded and remains the Publisher of Cyber Defense Magazine.

Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Previously, Gary has been founder and/or inventor for technologies and corporations sold and licensed to Hexis Cyber, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. Gary is a member of ISC2.org and is a CISSP®.
He’s frequently writing articles published throughout the mainstream media and he also likes to write thought provoking articles at LinkedIn as a Top 1% of all INFOSEC LinkedIn profiles and a Top 3% Globally on LinkedIn.

Stu Hirst - Head Of Security Engineering, Photobox Group

Stu is currently the Head Of Security Engineering at Photobox Group (which includes Moonpig, PosterXXL and Hofmann).

He was instrumental in building Skyscanner’s Security team from 2015-2017, having led them to the final of SC Magazine’s Security Team Of The Year 2017.

He has previously worked in security at The Trainline and was part of the Cyber Leadership Team at Capital One UK.

He has twice been nominated as a finalist for Cyber Evangelist Of The Year at the Scottish Cyber Awards and runs one of Scotland’s leading Tech Meet Ups; Security Scotland.

Stu has appeared at numerous leading Security events such as InfoSec Europe, Cloud Expo Europe and Future Of Cyber Security.

Twitter: @StuHirstinfosec