South Africa Threat Day | Anomali

South Africa Threat Day
Wednesday, June 13th, 2018

About The Event

Anomali is hosting a complimentary South Africa-based educational seminar focused on cyber threat intelligence. Industry leading threat intelligence providers will give a briefing on today’s adversaries and their attack techniques.

Who Should Attend

This one-day session is intended for both CXO and Sr. Technical Staff. Anticipate walking away from the seminar with tangible information for your teams to research within your own environments.


Sandton Sun, Alice Ln & Fifth Street, Sandhurst, Sandton, 2031, South Africa


  • Intel471
  • Flashpoint
  • Group IB
  • Cyber Defense Alliance
  • Sabric
  • Anomali
  • BitSight
  • RedShift


8 - 9 amRegistration/Continental Breakfast
9 - 9:05Welcome - Anomali
9:05 - 9:35Anomali, Sara Moore, Strategic Intelligence Analyst
Sara is a Cyber Threat Intelligence Analyst for Anomali. Her work focuses on strategic and operational intelligence analysis. She has previously worked in the finance sector, with the Cyber Defence Alliance (CDA), and UK CERT (now NCSC).

An Update on Recent Russian Cyber Activities
Russian actors have been active in a variety of areas in recent months. This talk will cover some of their recent publicly known activities and discuss potential future concerns from this region.
9:35 - 10:05Flashpoint, Maurits Lucas, Director of Strategic Accounts
Maurits Lucas is a Director of Strategic Accounts at Flashpoint, where he specialises in bridging the gap between technology and business. Prior to Flashpoint, Maurits was Business Director for inTELL, Fox-IT’s Cyber Intelligence team. He has held various positions in IT Security over the past 16 years and holds an M.Sc. in Computer Science from Delft University of Technology. Maurits is a subject matter expert on cybercrime and has presented his research to distinguished audiences around the world.

The Cybercriminal Model Evolution
In today's world, threats are multi-facited. Organizations must consider cyber, third-party, and physical security, just to name a few, in order to paint a holistic picture of business risk. Another critical piece of this puzzle is a thorough understanding of actor motivations and TTPs that can be gleaned from the Deep & Dark Web. With this understanding, companies can increase resiliency by using the past as a guide to model future trends. In this talk, Flashpoint’s Maurits Lucas will look back at the recent history of financially motivated cybercrime through the prism of the cybercriminal business model. He will walk through how this lens can help discern patterns that aid in predicting where cybercriminals are moving next, how the actor ecosystem may evolve, and how to better assess business risk.
10:05 - 10:50Cyber Defense Alliance, Maria Vello, CEO
Ms. Maria Vello, CISSP, joined the Cyber Defence Alliance (CDA) as Chief Operating Officer in April 2016. Prior to this, she was CEO and President of the NCFTA (National Cyber-Forensics & Training Alliance) for three years. Maria brings a wealth of experience in trust-based collaboration, information sharing across industry, law enforcement, government and academia to proactively detect, protect, deter, dismantle and stop cybercrime/threats. She has effectively led teams to leverage cross-sector resources and threat intelligence to more effectively analyse, correlate and attribute critical real-time intelligence against emerging cyber threats and deliver actionable intelligence to both industry and law enforcement.

Collaborating to Drive Resilience, Preparedness and Proven Results
Taking the fight to the miscreants. In cyber, what is more important knowing the emerging threat, taking an action oriented approach and defeating thy enemy or knowing who is behind the keyboard? How can you be sure who’s hands are on the keyboard? Collaborating for results oriented outcomes, resilience and attribution.
10:50 - 11:05Break
11:05 - 11:35BitSight, Nagarjuna Venna, Chief Product Officer and Co-founder

Securing the Financial Supply Chain: What Data & Best Practices Tell Us
The cybersecurity risk posed by third-parties is one of the biggest challenges in today’s digital world. From the outbreak of “NotPetya” ransomware to high-profile data breaches of organizations critical to the Finance sector, the compromise of a key organization or platform can affect thousands of organizations in the blink of an eye. Many criminals know this: instead of targeting organizations directly or spreading malware indiscriminately, they can maximize returns by focusing efforts on organizations and platforms that are embedded within many business ecosystems. In this session, Nagarjuna Venna, Chief Product Officer and Co-founder of BitSight, shares recent BitSight research on specific cyber risks found within the supply chain of Finance organizations, and discusses the implications of recent third-party breaches.
11:35 - 12:05 pmIntel471, Steve Laskowski, VP of Global Strategy

The Convergence of Nationstates and Cybercriminals: How we got here and what are the implications for South African organizations
12:05 - 1:05Lunch
1:05 - 1:35RedShift Security, Sean Howell, Managing Director
Sean is currently the managing director of Redshift Cyber Security. Redshift was founded in 2015 to help companies understand the critical business assets that attackers are really after, the tools, techniques and motivations behind the attacks and how to defend against them. Sean is a certified penetration tester and has hacked into many South African and global companies to help expose security weaknesses in complex business environments. Redshift works closely with South African financial services organisations to conduct realistic attack simulations and build resilience against modern attackers.

Learning From the Enemy
An exploration of alternative uses for threat intelligence data. This talk explores how traditional security and risk assessment methodologies can be evolved to take advantage of what we now understand about our attacker’s tools, techniques and tactics. Using threat intelligence data, it is possible to more accurately simulate attacks which the organisation would actually experience in the real world. A powerful technique lies in using security research combined with reverse engineered malware, indicators of compromise and threat actor behaviours to create a much more robust risk identification process. Key take-aways from this talk: a modern way of thinking about risk identification in the organisation, how to use security products and threat data in creative ways to drastically improve established risk functions.
1:35 - 2:05Group-IB, Dmitry Volkov, CTO
Dmitry holds extensive experience in investigation of botnets, fraud, carding, DDoS attacks and other high tech crime. Member of the Europol EC3 Advisory Group on Internet Security and UN Open-ended Intergovernmental Expert Group. Listed by Business Insider as one of the top 7 professionals behind influential security companies. Dmitry has led the cyber security and incident response operations at Group-IB when his team successfully conducted the first cyber investigations in Russia. Since then they have identified and helped detain criminals targeting banks and enterprises worldwide.

Adversaries Targeting the Financial Sector
Russia has long been known as a testing ground for Russian speaking cyber criminals. In 2017 and early 2018 new tactics and tools were tested against Russian financial institutions, successfully, followed by attacks in the USA, Europe and Asia, using the same Techniques and procedures. This discussion will cover emerging groups and a detailed technical overview of their tools, techniques and procedures likely to be exported yet again.
2:05 - 2:45Sabric, Susan Potgieter, Relationship Management
Susan heads up Relationship Management at SABRIC, a not for profit company mandated to support the South African banking industry in their fight against organised crime. In this capacity regularly engages with banks and other stakeholders in Government and the private sector, in South Africa as well as in the
rest of Africa, to seek opportunities to collaborate in the fight against crime. Collaboration is central to the SABRIC model and Susan is involved in ensuring mutual benefit for both the banking industry and their strategic partners.

Cybersecurity Collaboration
The essence of effective collaboration, building blocks, challenges, future vision from a banking perspective.
2:45 - 3:00Closing Remarks
3:00 - 7:00Happy Hour

Save Your Seat