UNICC hosts an annual Common Secure Conference with the goal to bring its information security Clients and Partners Organizations together to increase the UN family circle of trust, share intelligence on cyber practices and provide feedback on UNICC Common Secure services. The multi-day workshop blends vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies.
The Common Secure Annual Conference was held virtually between November 17-19 and November 23-25. There will be multiple 3-4 hour sessions on all days. Common Secure subscribers will be invited to the set of meetings. Please address queries to firstname.lastname@example.org.
There were over 100 participants from more than 30 UN Agencies and other international organisations.
- Welcome – Sameer Chauhan, Director, UNICC
- Opening – Tima Soni, Chief, Cyber Security Section, UNICC
- Security and Trust in the Cloud Age – Mark Ryland, Director of the CISO Office, AWS
- The Top 10 Cloud Attack Kill Chains – Richard Mogull, Analyst and CEO, Securosis
- Simple not Simple: Coordinated Vulnerability Disclosure Ecosystem – Art Manion, Senior Member, Vulnerability Analysis Team in the CERT Division, Carnegie Mellon University
- Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization – Jonathan Spring, Senior Member, Technical Staff in CERT Division, Software Engineering Institute at Carnegie Mellon University
- Threat Detection and Response – Brad Dispensa, Senior Solutions Architect, AWS
- Modernizing Security Operations – Steve Faehl, Director of Security Strategy, Microsoft
- DDoS Mitigation – Krassimir T. Tzvetanov, Security Researcher, Purdue University
- Forensic Collection of Webpages and Media: an Integrated Platform – Marco Tolli, Digital Forensic Expert, ICC-CPI
- COVID-19 Cybersecurity Attacks – Flavio Aggio, CISO; Martin Paulinyi, Information Security Engineer and Andrei Bashun, Technical Officer (Cybersecurity Risk & Compliance), WHO
- Ongoing LinkedIn Threat Campaigns Gathering Intelligence and Targeting Users – Viktors Engelbrehts, Head of IT Security, Infrastructure Unit, IAEA
- Microsoft Sentinel: An Introduction and Use Cases – Suhail Muhammed, SOC Manager, UNICEF and Sebastian Bania, Systems Analyst, UNICEF
- Security as Business as Usual. How ADB Integrated Security into IT Operations – Peter Fizelle, CISO, Asian Development Bank
- Practical Application of Machine Learning for Cybersecurity – Zhao Chen, Security Operations Lead, Asian Development Bank
- Implementing an Effective Vulnerability Management Program – Aldo Gomera Cruz, Information Security Officer, PAHO
- Practical Cyber Threat Intelligence: How to Apply the Diamond Model to Detect and Counteract Cloud Threat Actors – Oleksiy Kuzmenko, Deputy CISO, UNDP
- Information Security Benchmarking across the UN – Fabio Maggiore, Cyber Security Governance Lead, UNICC
- Common Secure in Action! Threat Actor Attribution – Bojan Simetic, Common Secure Technical Lead, UNICC
Challenges and Roadmap for a Common UN SOC Capability – Amedeo Cioffi, cSOC Manager, UNICC
Monetization of Cybercrime Affecting our Mission’s Integrity:
- Carmen Corbin, Counter Cybercrime Advisor, UNODC
- Mario Bruno, Lead Investigator, CITI Bank
- Bruno Halopeau, CTO, CyberPeace Institute
In 2019, the conference was held at UNICC’s CSOC and Centre of Excellence in Valencia, Spain.
Cyber criminals are collaborating more and more so cyber security professionals need to step up on sharing intelligence and information to keep pace with cyber criminals. Common Secure members can envision a UN family to collect and share information to keep our Agencies secure and aware.
Tima Soni, Chief, Cyber Security Section, UNICC
Participating Agencies included IFAD, PAHO, WFP, IMD, UNDP, OSCE, UNESCO, and ADB, IOM, WFP, UNDP, UNICEF, ILO, IAEA joined remotely – in addition to participation and presentations from the Computer Emergency Response Teams from the Spanish government and the city of Valencia. Participating partners included the Spanish CCN- CERT, Cynet, IBM, Microsoft, Qintel and the Valencia city Security Operations Centre.