- This event has passed so registration is closed.
Overview
Please scroll down to access conference replay.
Program:
| Time (CEST – EU) | Time (ET – US) | Speaker | Title |
|---|---|---|---|
| 3:00 PM CEST | 9:00 AM ET | Jimmy Sanders | Intro |
| 3:10 PM CEST | 9:10 AM ET | Filipi Pires | Identity at the Core: Dissecting Malicious PDFs to Prevent Data Threats |
| 4:00 PM CEST | 10:00–10:05 AM ET |
Break | |
| 4:05 PM CEST | 10:05 AM ET | Francesco Chiarini with Patrick Lechner | Cyber Resilience: From Assessment to Action Leveraging The CR-CMM Toolkit |
| 4:55 PM CEST | 10:55–11:00 AM ET |
Break | |
| 5:00 PM CEST | 11:00 AM ET | Mario Demarillas | Open and Exposed: Protecting Primary and Secondary Schools Against Social Engineering Attacks |
| 5:50 PM CEST | 11:50 AM–1:00 PM ET |
Break | |
| 7:00 PM CEST | 1:00 PM ET | Mathieu Gorge | TBD |
Title: Open and Exposed: Protecting Primary and Secondary Schools Against Social Engineering Attacks
Speaker: Mario B. Demarillas, Asian Institute of Management
Co-Authors:
Maria Gay Advincula, Asian Institute of Management
Atty. Laurice Esteban-Tuason, Asian Institute of Management
Abstract: With digitalization, the online space has become a crucial platform for economic growth, allowing businesses and individuals to expand. However, this rapid transformation has also resulted in exploitation by malicious actors, leaving users, especially children and educational institutions, exposed to cyber threats.
When organizations utilize the internet, they face various threats, with social engineering being a primary concern. Social engineering involves manipulating individuals into disclosing confidential information, allowing attackers unauthorized access to systems and data.
An organization’s leadership must prioritize cybersecurity. According to Palo Alto’s State of Cybersecurity Report ASEAN 2022, 92% of organizations believe this should be a focus due to a rise in cyberattacks, with 50% experiencing significant disruptions. Such attacks harm reputations and can lead to financial losses and legal issues.
The Asia Foundation Report (2022) highlights the significant financial impact of cyberattacks in the Philippines, estimating damages at around USD 3.5 billion, with social engineering posing the greatest threats, particularly in educational technology (EdTech) and remote workplaces. Many employees lack cybersecurity training, making them vulnerable.
Furthermore, a UNICEF report reveals that children are increasingly targeted for online abuse, with victims ranging from ages five to fourteen. With over 60,000 schools in the Philippines, these institutions are particularly at risk, necessitating collaboration among school administrators, teachers, students, and parents. It’s essential to integrate cybersecurity awareness into curricula, establish educational policies, and conduct simulated drills to combat social engineering attacks effectively.
Title: Cyber Resilience: From Assessment to Action Leveraging The CR-CMM Toolkit
Speaker: Francesco Chiarini & Patrick Lechner
Abstract: Achieving true cyber resilience requires more than adhering to high-level principles or aiming to achieve regulatory compliance. Becoming cyber resilient demands a structured, measurable approach and accountable leadership. This presentation introduces core cyber resilience concepts and principles, outlines key differences between operational resilience and cybersecurity and will focus on the Cyber Resilience Capability Maturity Model (CR-CMM), a community-driven practical framework inspired by the famous SOC-CMM and aligned with NIST SP 800-160, the MITRE CREF, and aligned with key European regulatory frameworks such as DORA, NIS2 and CER.
Title: Identity at the Core: Dissecting Malicious PDFs to Prevent Data Threats
Speaker: Filipi Pires
Abstract: This session delves deep into the intricate structures of PDF files, offering a meticulous analysis of each segment with a focus on identity threats. Unveiling the covert strategies of threat actors, we explore how they ingeniously incorporate malicious components into file structures, often leveraging identity-related data for targeted attacks. The session elucidates the meticulous collection of IOCs (Indicators of Compromise) and the construction of IOAs (Indicators of Attack) for behavioral analysis, empowering defenders to anticipate and thwart novel attack vectors that threaten identity security.
Our technical journey navigates through the PDF file’s anatomy, encompassing headers, bodies, cross-reference tables, and trailers. Live demonstrations dissect malicious PDFs using tools like pdfid, pdf-parser, and pdftk, providing hands-on insights into the analysis process. The presentation unravels encoding techniques and exposes how threat actors exploit identity data to establish Command and Control (C&C) channels within PDFs. The session concludes with an opportunity for questions, equipping participants with advanced knowledge for robust malware analysis and proactive defense strategies, especially concerning identity security.
Moderator
Speaker/s
Mario B. Demarillas – Chief Information Security Officer (CISO), Head of IT Consulting and Software Engineering
Mario made a significant 24-year transition from roles as a bank and operations auditor to becoming an IT auditor, where he enhanced his knowledge of technological risks and vulnerabilities. Over the years, he advanced to the position of Cybersecurity Leader, concentrating on developing strategies to safeguard organizations against evolving cyber threats. Now, he is slowly shifting his focus toward academia, aiming to share his extensive experience and insights with the next generation.
Mario’s academic journey exemplifies his dedication to personal and professional development. He earned a degree in accountancy from Adamson University, studied information management at Asia Pacific College, and completed a master’s in cybersecurity with distinction from the Asian Institute of Management. With 21 units toward a PhD in Criminology from the Philippine College of Criminology, he is currently pursuing a Doctor of Education degree with a major in Educational Administration at Greenville College, which enhances his qualifications for educational leadership.
He’s a certified public accountant with various global certifications in risk management, internal audit, IT audit, information and cyber security, fraud examination, IT governance, and business continuity. He’s one of the outstanding alumni of Adamson University in the field of education innovation and academia, having earned various recognitions as a cybersecurity leader, training facilitator, board member, chairperson, and project leader from different professional and private organizations.
See Mario B. Demarillas‘s full profile.
Francesco Chiarini – Chairman ISSA Cyber Resilience SIG, Founder and Lead Instructor Cyber Resilience Academy
Francesco Chiarini is the founder and Chair of the ISSA.org Cyber Resilience Special Interest Group with nearly 2500 associates across the globe, and the creator of the Cyber Resilience Awareness Day worldwide. He is also the founder and lead instructor of the Cyber Resilience Academy, a global pioneer in cyber resilience education that equips professionals with the skills to design and safeguard resilient enterprise environments. Sought-after speaker who presented at global audiences including recent talks at United Nations, MITRE, FS-ISAC, ISACA, ISSA, Microsoft, London Stock Exchange, FIRST, Asia Pacific CERT, Africa CERT and many others.
In 2022, Francesco has co-authored multiple recognized research papers such as the World Economic Forum “The Cyber Resilience Index: Advancing Organizational Cyber Resilience”, the ASIFMA “Data Vaulting considerations for improving data recovery” and the Eurocontrol “Incident Timing Metrics, Reporting Cyber Risk to Boards.
From 2019 when NIST released the 800-160 publication, Francesco specialized in equipping companies with the ability to withstand and recover from multi-faceted attacks from advanced adversaries. He had the privilege to build a best-in-class cyber resilience program vetted -among others- by experts of the US CISA cyber resilience task force. In this capacity, Francesco has coined the concept of “high value target” to identify key assets from an adversarial standpoint.
Francesco currently leads global cyber resilience for a major pharmaceutical organization, where he focuses on assessing and advancing its resilience posture by identifying the core capabilities needed to stay sustainably ahead of evolving cyber threats.
Francesco has 20 years’ experience in IT and cyber security and joined Standard Chartered Bank from PepsiCo where he was in charge of one of the two global Cyber Fusion Centers (Poland), leading globally incident response, red teaming, adversary emulation and cyber resilience.
He has hired hundreds of information security professionals in Poland and won the 2021 Volunteer of the Year award at ISSA.org, won the global innovation award from the US Consumer Brands Association in 2018 among Fortune-100 companies, and founded the Consumer Packaged Goods (CPG) Special Interest Group at FIRST.org group.
See Francesco Chiarini‘s full profile.
Filipi Pires – Head of Identity Threat Labs & Global Product Advocate, Segura
Filipi has been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA – Middle-East – and others, He has served as University Professor in Graduation and MBA courses at Brazilian college. In addition, he is the Creator and Instructor of the Course – Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers (PentestMagazine) and Malware Analysis – Fundamentals (HackerSec).
See Filipi Pires‘s full profile.
Patrick Lechner – Head Service Delivery, High Value Target
Patrick Lechner leads Service Delivery at High Value Target, where he designs and delivers hands-on cyber resilience programs for clients worldwide. He drives the creation of the Cyber Resilience Capability Maturity Model (CR-CMM) that guides organizations from initial cyber capabilities to adaptive, intelligence-driven resilience postures. As former Chief Information Security Officer at a rapid-scale SaaS firm and Director of Cyber Strategy at Deloitte Switzerland, Patrick has built and led teams through rigorous regulatory landscapes, securing ISO certifications and architecting crisis response and incident management capabilities across Europe and the US. Over the past decade, he has partnered with technology, healthcare, finance and critical infrastructure organizations to simplify complex resilience challenges by integrating cybersecurity, operational resilience and crisis preparedness into business-driven cyber resilience strategies. Patrick’s work at High Value Target complements his strategic vision with practical, hands-on implementation, ensuring clients not only plan for resilience but live it every day.
See Patrick Lechner‘s full profile.
Mathieu Gorge – CEO and Founder, VigiTrust
Mathieu Gorge is the CEO and Founder of VigiTrust, a global provider of Integrated Risk Management (IRM) SaaS solutions, serving clients in over 120 countries. With 25 years of experience in cybersecurity, risk management, compliance, and information governance across Europe, the U.S., and Australia, he is widely recognized as a thought leader and innovator in the field. Mathieu is the author of the Amazon best-seller The Cyber Elephant in the Boardroom and the pioneer of the continuous compliance concept.
An award-winning CEO, he was honoured with the French National Order of Merit (Knight) in 2021 for his outstanding contributions to cybersecurity. Mathieu is a regular speaker at top industry conferences including RSA, ISSA, and ISACA, and is known for creating the VigiTrust 5 Pillars of Security Framework™. He also serves on the executive committee of the French Irish Chamber of Commerce and has held key leadership roles such as chairman of Infosecurity Ireland and official reviewer for ANSI.
Recent On-Demand Web Conferences
ISSA Webinars and Conference series cover all the continuing education credits to maintain your cyber security certifications. (CPEs, CEUs, ECE, etc). Each hour is equal to one continuing education credit. Certificates of completion are available upon request after completion. For instructions, click here.