Photo: UNICC/Cadinu

Common Secure Conference

UNICC hosts an annual Common Secure Conference with the goal to bring its information security Clients and Partners Organizations together to increase the UN family circle of trust, share intelligence on cyber practices and provide feedback on UNICC Common Secure services. The multi-day workshop blends vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies.

Common Secure Annual Conference 2020 was held virtually between November 17-19 and November 23-25. There were multiple 3-4 hour sessions on all days. Common Secure subscribers were invited to the set of meetings. Please address queries to commonsecure@unicc.org.

There were over 100 participants from more than 30 UN Agencies and other international organisations.

Agenda

  • Welcome – Sameer Chauhan, Director, UNICC
  • Opening – Tima Soni, Chief, Cyber Security Section, UNICC

External speakers

  • Security and Trust in the Cloud Age – Mark Ryland, Director of the CISO Office, AWS
  • The Top 10 Cloud Attack Kill Chains – Richard Mogull, Analyst and CEO, Securosis
  • Simple not Simple: Coordinated Vulnerability Disclosure Ecosystem – Art Manion, Senior Member, Vulnerability Analysis Team in the CERT Division, Carnegie Mellon University
  • Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization – Jonathan Spring, Senior Member, Technical Staff in CERT Division, Software Engineering Institute at Carnegie Mellon University
  • Threat Detection and Response – Brad Dispensa, Senior Solutions Architect, AWS
  • Modernizing Security Operations – Steve Faehl, Director of Security Strategy, Microsoft
  • DDoS Mitigation – Krassimir T. Tzvetanov, Security Researcher, Purdue University

Client sessions:

  • Forensic Collection of Webpages and Media: an Integrated Platform – Marco Tolli, Digital Forensic Expert, ICC-CPI
  • COVID-19 Cybersecurity Attacks – Flavio Aggio, CISO; Martin Paulinyi, Information Security Engineer and Andrei Bashun, Technical Officer (Cybersecurity Risk & Compliance), WHO
  • Ongoing LinkedIn Threat Campaigns Gathering Intelligence and Targeting Users –  Viktors Engelbrehts, Head of IT Security, Infrastructure Unit, IAEA
  • Microsoft Sentinel: An Introduction and Use Cases – Suhail Muhammed, SOC Manager, UNICEF and Sebastian Bania, Systems Analyst, UNICEF
  • Security as Business as Usual. How ADB Integrated Security into IT Operations – Peter Fizelle, CISO, Asian Development Bank
  • Practical Application of Machine Learning for Cybersecurity – Zhao Chen, Security Operations Lead, Asian Development Bank
  • Implementing an Effective Vulnerability Management Program – Aldo Gomera Cruz, Information Security Officer, PAHO
  • Practical Cyber Threat Intelligence: How to Apply the Diamond Model to Detect and Counteract Cloud Threat Actors –  Oleksiy Kuzmenko, Deputy CISO, UNDP
  • Information Security Benchmarking across the UN – Fabio Maggiore, Cyber Security Governance Lead, UNICC
  • Common Secure in Action! Threat Actor Attribution – Bojan Simetic, Common Secure Technical Lead, UNICC
  • Challenges and Roadmap for a Common UN SOC Capability  – Amedeo Cioffi, cSOC Manager, UNICC

Panel discussions:

Monetization of Cybercrime Affecting our Mission’s Integrity:

  • Carmen Corbin, Counter Cybercrime Advisor, UNODC
  • Mario Bruno, Lead Investigator, CITI Bank
  • Bruno Halopeau, CTO, CyberPeace Institute.

Common Secure Conference follow-up sessions. See more information on the Common Secure follow-up sessions on 2-3 February 2021.  Thanks also to the over 100 participants from 30 Agency subscribers who attended more follow-up sessions on 26-27 April 2021, including guests from the European Investment Bank and European Bank for Research and Development.

There were insightful presentations on topics concerning the UN’s information security, including a closer look at DarkPath scammers and a discussion around a Secure Collaboration Platform. Special thanks to speakers from Volexity and Group-IB (Threat Hunting and Adversary-Centric Cyber Intelligence Company) and UNICC presenters.

In 2019, the conference was held at UNICC’s CSOC and Centre of Excellence in Valencia, Spain.

Cyber criminals are collaborating more and more so cyber security professionals need to step up on sharing intelligence and information to keep pace with cyber criminals. Common Secure members can envision a UN family to collect and share information to keep our Agencies secure and aware.

Tima Soni, Chief, Cyber Security Section, UNICC

Participating Agencies included IFAD, PAHO, WFP, IMD, UNDP, OSCE, UNESCO, and ADB, IOM, WFP, UNDP, UNICEF, ILO, IAEA joined remotely – in addition to participation and presentations from the Computer Emergency Response Teams from the Spanish government and the city of Valencia. Participating partners included the Spanish CCN- CERT, Cynet, IBM, Microsoft, Qintel and the Valencia city Security Operations Centre.