DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe that brings together the world’s leading cyber security doers to share latest researches and knowledge.
That means we’re a few short months away from some of the most exciting hacking competitions in Europe (and the world!).
Just a few weeks ago, DefCamp founder Andrei Avadanei, along with a couple of other infosec pros, selected the Romanian team for this year’s ECSC (European Cyber Security Challenge).
A team of 36 was chosen to undergo training and receive guidance for the next few months. Only 12 will go on to participate in the ECSC finals this October, which will be held right here, in Bucharest.
This is why we wanted to dedicate today’s newsletter to the awesome experience of participating in CTFs.
ECSC participants mention things such as overcoming challenges as a team, testing personal limits (and breaking them), and working with passionate and skilled hackers.
As D-CTF organizers, we can add many more benefits to this list which we hope you’ll read and act on. You have a lot to gain from a CTF experience, this we can promise!
9 ways CTFs make your a better infosec specialist
If you’re motivated to solve cybersecurity puzzles and gain awesome experience (and prizes!), CTFs may be one of the most fun and engaging things you can do.
From reverse engineering to cryptography, from web vulnerabilities to binary exercises, networking, and forensics, you can work with diverse challenges suited for almost every level.
Solve individual challenges to earn points, tackle increasingly complex ones, and watch yourself progressing through the CTF while learning and having fun.
The brain-teasers in capture the flag competitions are especially designed to help you become a stronger, wiser infosec specialist. They’re also a great way to get to know the community and build relationships that can advance both your career and your personal development.
Here are a couple of other ways in which you can make CTFs work for you:
1. Participate no matter your skill level.
It’s normal to feel intimidated by cybersecurity competitions, especially if you’ve never been part of one. CTFs like the DefCamp one give you the chance to gradually work your way through the challenges.
The more tasks you solve, the more your self-confidence will improve. These small successes will give you energy and keep you motivated to choose increasingly complex challenges which leads us to our next point.
Take it from someone who’s done it more than a few times:
“It’s always good to practice your applied security skills in a fun and competitive environment”, says Calle “Zeta Two” Svensson, Team captain for HackingForSoju that won D-CTF in 2018.
2. Understand vulnerabilities in-depth.
As you most likely know, reading about new (and not-so-new-but-frequently-exploited) vulnerabilities is one thing but working with them is an entirely different ballgame.
A CTF provides the perfect opportunity to play around with vulnerabilities and better understand the context they operate in. The more you learn about the ramifications that exploiting vulnerabilities generate, the more context you have to make decisions about securing systems in real-life.
Andrei Avadanei, DefCamp founder and D-CTF organizer, highlights how participating in this type of hacking competitions benefits everyone involved.
“D-CTF and CTFs in general are very useful for infosec specialists to use their offensive and defensive skills in scenarios very close to real life ones.
These kind of competitions provide the proper environment to test, explore, and learn how to exploit vulnerabilities in order to get the flags.
After each edition of D-CTF we receive a lot of feedback from teams who say that the challenges were great, they even take some time to make and publish write-ups on their blogs after the competition for others who always need more time to get to the bottom of everything.
When we refer to the motivation of joining D-CTF, I must say teams usually enrol in competitions where they attended before because there are several well known international rankings websites that reward most active teams with best results on different world-wide recognised CTFs, including ours.
For us, it’s amazing to see teams who register every year curious to see what new and exciting challenges we’ve prepared for them.
We made lots of friends and learned a lot from them about building and organising the ideal environment for cyber security contests and do it at scale, but also neat tricks to make us better security specialists and improve at identifying threats in companies and complex infrastructures.”
3. Explore new territories and expand your skill set.
The cool thing about CTFs is that they’re always different and surprising. These competitions push you to delve into areas you wouldn’t normally interact with.
When you respond to these challenges, you instantly broaden your horizon and gain a deeper understanding of all things infosec, one task at a time.
Try to choose problems that lie beyond your comfort zone and you might just find the thing that takes your infosec experience to the next level.
Organizers for popular and appreciated CTFs strive to always create new challenges that cater to the curious and eager to explore. This includes Andrei Avadanei:
“D-CTF is the first CTF we’ve organized (and most probably the first one ever organised in Romania) and I must say that hosting this kind of competition is pretty amazing.
I’ve been participating and getting involved in numerous competitions since high school but it’s always much more satisfying and challenging to be on the other side of the table.
We started D-CTF at the first edition of DefCamp, in 2011, but back then it was mainly happening offline, during the event and it was held only locally.
In the following years we managed to expand everything and learn about the good, the bad, and the ugly. Since 3 years now, we have around 1,000 international teams that enrol online in the Qualification phase and the top 15 come to Bucharest every fall at the Final that takes place during the DefCamp conference.
The most rewarding aspect of organizing the D-CTF is the fact that we always need to innovate, to develop different scenarios in order to challenge attendees to explore and find all the flags.
At the end of each edition, we receive a lot of feedback from all the teams that played their way to the top.
I still enjoy creating challenges for this event, even after so many years. Here’s an example I’m really fond of.
There was one time, a few years ago, when I created several blockchain challenges and many attendees were very excited about this new addition, mainly because we were pioneering CTF-like challenges for blockchain applications, never before considered by other well-known international contests.”
4. Test and enrich your know-how.
Things change so fast in infosec that practice is the only way to keep up. To become a skilled professional, you must combine theoretical knowledge with as much practical experience as possible.
Joining CTFs is an excellent opportunity to test your know-how and discover what you need to put more effort towards studying.
Your job’s not on the line and failure is not punished in any way, so why not take advantage of this chance to take you knowledge for a spin?
5. Cultivate critical thinking.
When you watch more experienced hackers work, one thing becomes clear: they’re not only infosec pros, they’re also excellent decision-makers.
Building the ability to think clearly and make great decisions is invaluable for a cybersecurity specialist, no matter the role. With data pouring in from all sources, you’re the one who has to make the call in difficult situations (say, a data breach, since we have plenty of those around these days).
Make critical thinking your forte by completing challenges against the clock in a CTF (or more!) and you’ll reap the rewards instantly.
6. Gain invaluable practical experience. Surprise yourself (and others).
Going through a CTF benefits you in more ways than one. The experience you gain from the competition helps you in the most practical sense and it always add points to your resume.
Joining a CTF proves to potential employers that you’re curious, committed to continuous improvement, and focused on proactively enhancing your skills.
Sometimes contestants get so creative that they even surprise CTF organizers. Andrei knows this full well:
“D-CTF is the type of contest when you expect the unexpected. :))
Naturally, we have some rules all attendees must follow, but when hackers compete, sometimes they tend to bend the rules.
We experienced any kind of situation you can imagine, from challenges that were previously verified but failed in the contest to challenges that were solved in unexpected ways, to challenges solved and subsequently locked to other teams (or for us) and up to having teams that qualified but forgot to mention they want to join us in Bucharest. :)”
7. Break stuff in an environment that allows it.
Hackers will hack because that’s how they learn. This is also what makes CTFs so fun and thrilling: you can spend your time breaking into things and win points (and cool prizes) for it!
Calle “Zeta Two” Svensson, Team captain for HackingForSoju recalls the most rewarding aspect of participating in the D-CTF was “to go abroad to an on-site competition to meet and compete against other teams that you previously only have played against online.”
Knowing the rules of the game gives you the freedom to focus on the task at hand. Plus, knowing what it takes to break into things gives you a competitive edge over attackers when it’s up to you to secure systems and networks against attacks.
8. Form a team with other infosec people.
It’s really, really awesome to experience the type of camaraderie that forms between people who share the same intense passion for cybersecurity.
We see this each time we run the DefCamp CTF: contestants learn from each other, they complement one another, amplifying their passion and excitement. With multiple points of view and backgrounds involved, they advance faster. Some even end up building friendships in the process.
CTFs are a great way to make your way around the community and explore your potential. Don’t miss out!
For example, Calle “Zeta Two” Svensson, Team captain for HackingForSoju, the winners of D-CTF 2018, recall the most unexpected thing that happened during last year’s competition:
“We recruited a new member to our team who has been playing with us since then.”
9. Win prizes
Most CTFs have quite nice prizes that make the experience even more appealing.
For example, each year at DefCamp we partner with companies that hook you up with the latest gadgets, games, and software.
The next time you host game night, you’ll have a nice throwback to add to it.
Here are two more things to read about CTFs before you jump at the next opportunity to join one:
We’ve been waiting for this day and it’s finally happening!
We’re ready to get our dose of inspiration from 10 amazing ladies from cybersecurity who take the stage today. The talks are very diverse and packed with hands-on knowledge from their infosec careers. They will share valuable and insightful personal lessons or present useful case studies or researches.
If for any reason, you can’t be here with us at the event, we’ve got you covered with constant updates from the event. We’ll make sure you don’t miss the most inspiring ideas and tips, words of wisdom from female speakers with varied backgrounds and experience.
What you should do is keep an eye on the DefCamp blog today for the latest updates and infosec stories from #LadiesinCybersecurity 2019.
Being a woman in the tech world is a big advantage today with lots of opportunities.
Orange supporting innovation in cybersec through various programs, such as Orange Fab, and the company is involved in educational programs (European Cybersecurity challenge conference)
Launched the Business Internet security report and working on another one.
“We believe in unicorns and we believe we can raise the next generation of unicorns,” said Monica
10:15 – 11:00
Christina Kubecka, CEO HypaSec
Presentation: Hack the World: IT/IOT/ICS SCADA OSINT
we have lots of security challenges in different domains: solar and wind – not much security testing, smart electric meters – we do not trust their security and privacy, there’s been 390% increase in attacks against water systems in the USA (2000-2009), agriculture.
metadata can actually expose passwords, sensitive data, business infrastructure
election insecurity and how easy you can hack a hotel’s wifi network and access lots of data
How difficult is security? Institutions and intelligence agencies have issues with security
we have reached a point where everything is connected, and we need to use testing tools because everything can be hacked given the number of resources available.
you can always mitigate and put protection around because security gaps expose everyone.
the book “Down the rabbit hole on OSINT Journey” wrote by Chris
critical communication become exposed, whether it’s good or bad
“IT is like oxygen, You don’t know you need until you have to breathe”
“We all have to stand up and we can do whatever we want. “You know what? I can do it on my own.”
Andra Zaharia, Freelance Senior Content Marketer
Presentation: 5 Key Decisions That Shape Your Infosec Career
we have lots of role models to look forward and so much you can do and learn.
there are incredible career opportunities out there for everyone
studies say there are 3.5 million cyber sec job opportunities by 2021
#1: Decide to build and follow your OWN process:
-Get education and certificates which validate your expertize, learn how to code, understand the field (business needs and understand the context and our role), find key people to learn from, because there are SO many generous people in this industry, willing to share info, learn from mentors and peers, develop a feedback loop to see how’s your current situation and see how to position in relation with others, build a presence in the field (communities: join Peerlyst.com, use Twitter, build a website)
#2 Decide to play an infinite game (there’s abook a book this):
– prepare to deal with surprises and different situations, develop an appetite for change, you can tap into unlimited growth, and remember to stay engaged and challenged, absorb as much as you can to discover what you love to do (Growth mindset) -> subscribe to newsletters, listen to podcasts, follow journalists and researchers
#3 Decide to make a contribution
– prepare start as an intern in companies, volunteer at events, go to meetups and conferences, find the people you want to connect, because they have the same challenges as you, answer questions.
#4 Decide to go PRO
– Be dependable and reliable to differentiate you in the field, get focus and clarity, understand the business, internal processes, the way people talk to each other. Show up and DO YOUR BEST. Articulate your ideas and opinions, because as much as you write about something, the more you know about a topic.
-Cultivate long-lasting curiosity, be always curious and try to put yourself in the shoes of others. Decide what enough means to you, define your guiding principles for your decisions (the backbone of your personality), build strategy vision and foresight.
#5 Decide to work on something meaningful and rewarding
-boost your self-awareness, you’ll learn to see the bigger picture, solve intricate puzzles in infosec which can be rewarding. Work with advanced teams and tech, derive value and personal rewards when you work on something you love.
11:40 – 12:10
Ruxandra Olimid, Lecturer
Presentation: Privacy & Security Aspects in Mobile Networks, talk facilitated by Orange Romania
12:10 – 12:40
Nebela Corina Stefania, Big Data & Cyber Security Architect @ Atos
Presentation: Leverage Big Data in Cybersecurity
13:30 – 14:15
Jelena Milosevic, Nurse / Speaker / Independent info security researcher
Presentation: Why I didn’t run away from infosec community
14:20 – 14:50
Valentina Galea, Ethical Hacker at Bit Sentinel
Presentation: The art of being a lady in a hacking world
14:55 – 15:40
Laura Tămaș, Technical Project Manager, TypingDNA
Presentation: Securing sensitive accounts with MFA and Behavioral Biometrics
16:05 – 16:35
Sabina – Alexandra Ștefănescu, Co-Founder of Security Espresso
Presentation: WiFi, a cautionary tale. Leakage, pwnage and just plain silliness
16:40 – 17:10
Lavinia Mihaela Dinca, Ph.D., Data protection and Information Security Analyst
Presentation: Biometric spoofing in the context of biometric key derivation
Eight years ago, when we started building the DefCamp community, one of the things we really cared about was to help people share their personal experiences. No matter their role, backgrounds, or levels of expertise, we focused on creating a context where people felt comfortable discussing the good and the bad in their professional and even personal lives.
The goal was to help them learn from one another and understand what it was like to go through those stages in real life.
Do you remember the 1st edition, the one held at Bran? We’re very fond of those early memories.
This essential element of our mission holds true to this day and it’s one of those things that are unlikely to change in the next decade.
To build on this, we’re starting a series of articles that tell the true stories of people who work in information security. We hope you’ll enjoy reading these personal and genuine accounts that cover a wide range of roles, both technical and non-technical.
What helped me build a professional path in infosec
Laura Tamas highlights one of the most important things in… life:
One thing I would recommend to anyone who tries to build a new career is to engage with experts in the field to acquire knowledge and experience from them.
The internet is an important source of information and access to learning materials, yet real-life examples and hands-on experience are beyond compare. The learning curve is also faster this way.
Our own experience strengthens our belief that it’s all about the people, no matter how far you get in this industry or any other for that matter.
Naturally, having a supportive team is a fantastic asset, especially if you’re new to the field:
I started raising more interest in infosec when meeting the TypingDNA team. Not only are they good professionals, but also very passionate about security and authentication. Make sure you add passion to your expertise because it’s like adding salt to your hashes!
Valentina Galea also talks about the importance of interpersonal relationships. She mentions that empathy is the one thing that got accelerated her learning curve and made it easier to internalize infosec knowledge and practices.
The skill to see and feel things from others’ perspective. It’s the perfect ingredient if you wish to follow a career in infosec.
Jelena Milosevic talks about personal motivation and its role in figuring your way into cybersecurity. She told us that a key catalyst was:
Believing in what I am doing and going for the cause.
Nurturing this personal proclivity towards infosec entails another important discipline:
Being open to learning,to listening and hearing, investing time to search for answers yourself.
With an open mind to learn, listen and hear what infosecurity professionals have to say, I searched for myself for every word whose meaning I didn’t understand. In no time I was juggling with multiple windows open, getting desperate that I know nothing!
So if you’ve ever felt like Jelena, please know this is part of the journey and that you will reach a point where you have strong knowledge and understanding of key concepts. When you get there, the frustration of not knowing enough can be replaced with the excitement of always having something new to learn.
Corina Nebela’s experience echoes Jelena’s advice on determination and a desire to overcome personal barriers:
I took an indirect path in infosec, mixing and matching various job profiles and skills. My personal advice for anyone would be to cross their personal boundaries and to be on a constant quest for knowledge.
Alexandra Stefanescu also brings an interesting perspective to the table. She says the one thing that helped her break into infosec was:
Being able to shadow people and watch them work through complex issues.
It gets really interesting when Alexandra starts talking about the importance of challenging our assumptions and testing them in real-life scenarios.
We often think that professionals know what a problem is the moment they hear about a bug.
We think they know precisely what parameters to type into the command line to get beautifully filtered results from a scan. We think they look at a cryptic error message and, to them, it’s obvious what caused it. This is false.
Being able to sit next to someone and troubleshoot with them, or code with them shows you exactly what the work looks like even after 20 years of experience.
You still google “what was that parameter that showed the time elapsed in hours?”.
You still refer to the RFC, or the manual, or to that one Stack Overflow post you discovered three years ago and bookmarked.
You still slice a list incorrectly when moving from one language to another.
And you still overlook simple settings or skip steps when you’re under pressure.
Watching people push through difficult issues was invaluable for me.
I learned how they think about the most likely cause of a problem. I saw them sketch topologies out on a paper because trying to work through a packet loss problem in their heads would have made them overlook obvious things. I saw them use checklists. I stole the checklists. It was great.
What I noticed about diversity in cybersecurity teams
We talked about diversity in a recent article because it’s a central theme at Ladies in Cybersecurity and a hot topic in the industry across regions and continents. We couldn’t miss the opportunity to see how our speakers relate to this issue and what their experience around it is.
Corina Nebela highlights how important is it to pay attention to diversity in light of the great results it can have for both workplace culture and results:
Such a volatile industry benefits greatly from gender diversity, not only because it ensures the best talent pool as an employer, but also because it leads to diversity of thought which ultimately broadens the innovation spectrum.
Alexandra Stefanescu also speaks about the subtle but impactful risks of monocultures, where people hire others like themselves, breeding uniformity:
When all you have is a hammer, every problem is a nail.
When your team is composed of individuals with the same education, experience, and perspective, you have a laser-like view of a problem, instead of a broad view. You miss things. You make assumptions. You sneak bias into the architecture. In short, you end up with a weaker solution.
I’ve sat in rooms with low-level developers, UI developers, QAs, project managers and the marketing people. Both genders were at the table. We differed across nationalities and across technical backgrounds. The discussion was amazing! You could watch the puzzle being assembled under your eyes.
A project manager would cite a customer complaint, the QA would immediately hop in and describe how they reproduced it and cited the most relevant log messages. The C developer would suggest a possible fix and the marketing person would cut in and cite the RFC – “we are forbidden from doing this”. The UI developer would chime in and say: “hey, maybe the customer assumes this is possible because the UI makes it appear so.”
Having diverse people at a single table saves hours or back and forth emailing, it saves countless iterations and, most importantly, it brings in much-needed perspective on what humans assume when they see a control scheme.
The roles in this anecdote aren’t enough to ensure diversity. You can have a data scientist and a networking engineer whose perspectives align perfectly. Between the two of them, they will never look at a problem from a new angle.
Sure, a man and a woman can be in the same situation. This goes to show that there isn’t a single criterion that ensures diversity.
Diversity is the opposite of homogeneity. When everyone at the table has walked the exact same path to get where they are, their experiences align.
In order to achieve diversity, one must make a conscious effort to hire and promote the people who can act as missing puzzle pieces.
The most uncomfortable thing is that people with perspectives that differ from our own are people who differ from us. Diversity thrives on empathy.
Laura Tamas’s experience speaks to the same essential topics:
Diversity within a workplace clearly yields creativity and allows teams to problem-solve from various perspectives.
From my experience, working in teams with low diversity can lead to the rise of subcultures which involves the risk of decreased efficiency.
Diversity motivates people to embrace exchanging opinions and to leave their comfort zone.
Valentina Galea shares her own story about being the only woman on a team of cybersecurity specialists and how that influences the social dynamic and the work itself:
So far I had only a short time a female co-worker (3 months) so I must say that in this field the ladies presence is very poor.
As from my personal experience, being the lead for almost a year to an ethical hacking testing team – all men – I can tell you it wasn’t easy but surely it brought great benefits.
I always say that is the person who matters, not the gender or age but sometimes the gender can influence approach towards an idea or perspective over a topic.
I strongly believe that teams work well and have amazing results if they cultivate open and honest communication in order to achieve goals.
Jelena Milosevic firmly believes that infosec is an open industry precisely because most people working in it are self-taught:
Infosecurity is, I believe, the only place where you can get the job based on your knowledge and know-how and not only based on a diploma. Because of rapid developments in infosecurity and open source, everyone can find available courses and learn for themselves. So, everyone can do that if they want to.
Still, I could find many people that do understand the need for keeping privacy and security on a high level, even if they didn’t come from tech or security.
One awesome side of the infosec community is that they understand what it’s like to be different and can accept others with their own ways of being different.
We feel incredibly inspired by all these stories and we’re only halfway through! Keep reading for more on-the-ground stories that make cybersecurity exciting and even life-changing to work in.
This needs to change to make infosec more appealing for a wider range of specialists
As far as Alexandra Stefanescu is concerned:
There is no silver bullet for this. A few things need to happen so that their combined effect generates a more diverse workforce.
First, hiring needs to stray from the model of “bringing in more apples in a team of apples”. Cybersecurity is especially welcoming to different technical backgrounds.
Second, people still completing their education need to be exposed to role models they relate to. I think the people in the industry should step forward, if it’s within their possibilities, and become visible to those still in training.
You can’t become something you’ve never seen.
Third, kids need to see how fun and rewarding it is to take things apart and put them back together. There is no child who is bored with a sense of achievement. No girl or boy will say “I built this awesome gadget and it blinks and it whirrs and it moves around – how tedious.”
As adults, we know how happy building something ourselves makes us – that’s why Ikea is thriving. We should not deprive any of our children of this experience.
If you feel like skipping off to doing something you love right now, we completely understand. Genuine and honest stories like these tend to have this effect on people.
When you come back, there’s more where that came from, like this perspective on contributing from Laura Tamas:
In my opinion, cybersecurity is an appealing field of work, but perhaps the reason it doesn’t seem to be welcoming to new entrants is the way it has been marketed.
However, it is our responsibility to contribute to making it more attractive to the workforce regardless of age, gender or ethnic background.
Events such as “Ladies in Cybersecurity” represent great opportunities to bring women in infosec together and therefore build a stronger community.
We definitely should encourage more people to go ahead and promote cybersecurity in their circles.
Speaking of a mindset change, Valentina Galea has something important to say about that:
In Romania, I believe that the most important thing that needs to change is the mindset and education.
I want to share with you the things I heard from my colleagues once I decided to go towards an infosec career: “Are you crazy?”, “haha, you will be a penetration tester? How will you handle penetration as a girl?” Thee questions made me sad at first because they are very judgmental.
Being an infosec professional is, first of all, a professional which means that you need to own your craft.
I started as a graphic designer, I tried also being a VJ in clubs, then a tester at a gaming company but when I discovered what cybersecurity is and looked over a couple of tutorials. I realized that this is what I want to do for the rest of my life.
So what I am trying to say is the fact that in order to increase the diversity in cybersecurity workforce, each and every one of us who will be on stage on March 21 has the responsibility to share their knowledge in order to let the audience understand better what you need to have in order to become an ethical hacker.
The last thing I want to mention is the fact that nowadays people are a little lazy, they stay in the same job they know without looking further and discovering maybe other fields of activity.
It is clear that not everyone can work in infosec but I am sure that there are still artists who might develop a hacker mindset or even among the bankers. In the end, the only limits we have are the ones we set so get out your comfort zone and let’s secure this world!
It may look like our speakers at Ladies in Cybersecurity coordinated their answers but we can assure you they didn’t get that chance. Here’s Corina Nebela highlighting the importance of how we see things and the benefits of broadening our view:
I believe that our mentality is the first thing that has to change.
Unfortunately, many women feel intimidated by this career.
It is important to make women aware that if they take chances, act with confidence and embrace learning everything is possible.
Even if you’re not a woman, this applies to you too. “We’re only afraid of the things we haven’t done enough”, as Paul Jarvis wisely put it.
Jelena Milosevic wraps this section up with a reminder on the importance of teamwork and collaboration, which is really close to our hearts:
We put everything online and connect everything, even when we don’t need it. Sadly, most of the time without even thinking about making it safe and secure.
All of us, infosecurity and non-infosecurity professionals, need to understand that we need teamwork and that infosecurity is part of everything that is digital or online, everything that has software or hardware and that’s connected.
We need to find a way to talk, walk and work together and understand each others’ needs, working for the same goal – safety and security.
An open mind and an open heart certainly help accomplish a lot, don’t they?
Hear more stories live on March 21st
We can’t wait to publish the second “episode” of the What it’s like to work in cybersecurity series but until then, you can join us on March 21st to hear more stories like these and ask questions to our speakers in person at Ladies in Cybersecurity.
Here’s a bit of what you can expect to learn, straight from our experienced speakers:
Laura Tamas will talk about “Securing sensitive accounts with MFA and Behavioral Biometrics”:
Compromised data as a field of interest requires our undivided attention.
There are too many examples of data breaches and cyber-attacks which resulted not only in enormous financial losses but also in public exposure of sensitive information.
In the course of my presentation, I will present a case study to show how TypingDNA ensures a definite improvement in security and the quality of authentication.
The topics of discussion will include behavioral biometrics as a two-factor authentication method as well as other types of factors which our clients can adopt as additional layers of security.
Jelena Milosevic will tell us all about “Why I didn’t run away from the infosec community”:
By talking about my journey as a nurse and as a woman in infosecurity, I’ll try to explain the situation, to point out the things that helped me keep going and not give up.
At the same time, I’ll talk about the position of women in the world, in the infosecurity community and how we can get the place we deserve to have.
I want to show that if you really want to do something, especially in and with the infosecurity community, you can do it and that you’ll be welcomed, heard and supported.
Corina Nebela will share her experience on what it takes to “Leverage Big Data in Cybersecurity”:
My presentation will encapsulate a non-conventional approach to cybersecurity by leveraging big data and machine learning capabilities.
And Alexandra Stefanescu already has us curious to hear her talk about “WiFi, a cautionary tale. Leakage, pwnage and just plain silliness”:
My talk centers on the current state of WiFi.
The protocol has been around for quite a while and the bar of entry for..
Last November, one of the DefCamp speakers came to me after her talk and we shared our enthusiasm about a key improvement in the community dynamic:
“I can’t believe there are so many women attending!”, she said.
Truth be told, we were also delighted to notice that.
Last year we had more women than ever at DefCamp which is a great sign that our mission to cultivate diversity and inclusion is working. However, we know this is not our exclusive merit. Many factors came into play and we still have a long way to go.
The DefCamp community turns 10 this year and we’re taking a moment to renew our commitment to empowering people from all backgrounds, no matter their gender, to build and enjoy a career in the cybersecurity industry.
To celebrate, we’re getting together a bunch of generous, highly skilled people to share their best knowledge, and experiences.
The best part? You don’t have to wait until November because it’s happening next month!
Whoa, tell me more!
During the last decade, we learned how important diversity is for the infosec industry.
We observed how people sharing the same passion come together naturally to form teams and strive for top performance. What’s more, anyone’s who’s been in the field for a couple of years can tell you that you need a varied set of skills and knowledge and a mindset that spans over technical and non-technical disciplines (psychology, sociology, etc.) to thrive in cybersecurity.
Precisely because we seek to expand how we nurture and support the community, this year we’re inviting more people with diverse roles and backgrounds to teach what they know.
Next month, we choose to put infosec female specialists in the spotlight in a brand-new event:Ladies in CyberSecurity!
When? Where? I need to know more!
Here’s everything you need to know about the event.
On March 21 we’re getting together at Impact Hub Bucharest for a full day to focus on improving our expertise, sharpening our skills, and building relationships with new people in the industry and beyond.
Now you may be wondering: is this for me (even if I’m not a woman)?
What stays the same is that everyone can learn valuable lessons to build their career in cybersecurity from our experienced guests.
You can expect to participate in no-bullshit, high-value conversations that focus on giving you practical advice on how to further your career.
These are some of thetopics we’ll dive into, guided by our awesome guests:
Why and how to enter the field of cybersecurity
How to develop in-demand infosec skills
What lessons the speakers learned from their successes and failures
Which innovations in IT security are making a difference and are worth following
Which cybersecurity threats are doing real damage and what infosec pros are doing to curb them.
It gets even more exciting that you can get some hands-on experience during the workshops and one on one sessions!
Two awesome guests have already confirmed with more to be announced shortly!
Our keynote speaker is Christina Kubecka whose career spans over 20 years. Her expertise extends over roles, continents, and industries. Christina has led teams and companies from the US to South Korea, training them in both defensive and offensive infosec tactics. Get to know her better: listen to her latest interview on the Darknet Diaries podcast.
You may already know Jelena Milosevic who joined us last year at DefCamp #9. She is a nurse, speaker, and an independent infosecurity researcher who’s set on improving how the healthcare system handles security and data privacy.
It was her who rejoiced that more and more women are starting to attend DefCamp and we’re really excited to have her back in Bucharest!
We hope the news about Ladies in Cybersecurity reaches as far as possible because our call for papers is also open! This conference is all about giving female infosec pros a chance to shine, so we’d love it for you to apply with your paper here or send this link to someone who might be a good fit.
Why it matters to get more women into infosec
No matter if you’re working in cybersecurity or following the action from the sidelines, you most likely know that demand for skilled people in the industry far outweighs what the labor force can offer.
“In 2015, Frost & Sullivan forecasted a 1.5 million worker shortage by 2020. In light of recent events and shifting industry dynamics, that forecast has been revised to a 1.8 million worker shortage by 2022.”
Even though women reported higher levels of education than men and in spite of 52% of women under the age of 29 having a computer science undergraduate degree, another report shows “the proportion of women in cybersecurity is stagnant”.
One of the most common issues is that many organizations have long-established cultures with a homogenous leadership team. As a result, they tend to hire people like themselves, which feels comfortable.
Another issue is that “white men are actually promoted based on potential […] whereas women and people of color are promoted based on what they’ve achieved.”, as Sallie Krawcheck points out.
A third issue is something I’ve seen women in infosec deal with frequently: discrimination. A whopping 51% of women working in cybersecurityhave experienced it (in North America and Latin America), compared to 15% of men.
Discrimination comes in many shapes and sizes and can deter women from either entering the infosec workforce or leave the industry for a more accommodating culture.
In this context, the only way to make a real difference and make cybersecurity appealing and welcoming to women is to proactively focus on it and to foster diverse viewpoints and perspectives.
Our mission has always been to be as inclusive as possible and create opportunities for anyone who’s committed to study and practice infosec.
We hope Ladies in Cybersecurity is another way to amplify this message and help it reach as many smart, driven people as possible, both female and male.
Where can I get my ticket?
We’re expecting 150+ members of the community to join us in this cozy event packed with quality networking opportunities.
If you’re ready to join us, you can already get your ticket on the website. For 20 EUR, you get to fuel up on great knowledge and meet like-minded people who share your values and interests.
We can’t think of a better way to spend a sunny Thursday on March, 21st, at Impact Hub Bucharest, can you?
At DefCamp, partners aren’t just a name on a screen. They recognize the value of contributing to growing the community, and they walk the talk.
Partners are highly involved in setting up competitions in the Hacking Village, they share their knowledge and experience on stage, and they’re happy to guide attendees by answering any and all their questions.
Ixia is one of those partners and a key part of the regional and international infosec community. That’s exactly why we wanted to show you this year’s conference from their perspective.
One of the pieces of feedback we received is that there’s SO much going on at DefCamp that there’s a real fear of missing out. However, mixing it up a bit can be a welcome change of pace!
Our partners at Ixia noticed that what keep attendees engaged are the “hacking challenges from the Hacking Village, especially when they meet with others to brainstorm.”
As an infosec conference, we know that nothing beats getting hands-on. Here’s what else creates opportunities to connect and learn:
Products demos from the stands bring up discussions and interest, while post-presentation discussions also bring together speakers with participants.
Getting more context about the infosec industry and understanding how people work is what helps specialists go from enthusiasts to professionals. No wonder the Ixia team noticed that:
People are very interested in what type of activity we do, whether we do offensive security or security research.
One way to get your hands “dirty” is to learn what opportunities there are for infosec specialists to engage in projects that matter. We strive to make this happen by publishinghelpful interviews and by bringing our partners’ teams on stage, so they go in depth about their subject matter.
Here’s what Ixia focused on this year:
We had picked a wide variety of topics for this year, our main focus being the Threat Intelligence research that we do here at Ixia.
However, topics like digital rights and net neutrality are something that affects us in our day to day work.
Both talks were followed by intense Q&A sessions which left us wishing we had more time to spend with the speakers. Thankfully, they’re super generous and open to talking more about the subject whenever you approach them, so don’t hesitate to do so.
Asides from being organizers, our partners are also attendees, and we often seek feedback from them regarding what worked, so we’ll know to do more of it at the next conference.
The Ixia team enjoyed the fact that:
The Hacking Village had a much wider and diverse variety of challenges. Also, the lightning talks on day 2 were a very good addition for shorter talks!
If you haven’t had a chance to share your feedback on DefCamp #9, we’d love to hear from you! You cancontact us on the website or pick a social media channel that works for you.
So now that DefCamp is turning 10 (no pressure!), we sought to better understand how to use this opportunity to bring infosec specialist and the business community together like never before.
We’re humbled that our partners from Ixia, Keysight business, think that:
DefCamp is the most important security conference in this region. Being here for 10 years and improving year over year, it shows that the local and regional infosec ecosystems have reached a certain level of maturity.
Only a few weeks have passed since DefCamp #9, but we’re already planning for next year! Hang on tight because it’s going to be one wild ride!
DefCamp is powered by Orange Romania, and it’s organized by the Association “Research Center for Information Security in Romania” (CCSIR).
DefCamp 2018 is sponsored by Ixia, Keysight Business, SecureWorks and Intralinks as Platinum Partners and it’s supported by IPSX, Bit Sentinel, TAD Group, Enevo, Crowdstrike, CryptoCoin.pro, Siemens, Alef, UiPath, Atos and Kaspersky Lab.
The latest edition of DefCamp was all about 8th’s & 9th’s.
Well, first of all, it was the 9th edition of DefCamp. And guess what? It happened on November 8-9, welcoming over 1800 attendees from all over the world in Bucharest. It actually exceeded all expectations, because it was the largest conference so far. Not convinced? See the video overview before reading the details:
DefCamp 2018 - Official Overview - YouTube
Over 60 speakers kept the audience focused and engaged in all 3 tracks with briefings covering the hottest infosec topics. Surely you remember how day 1 day started, isn’t that right?
In Track 1, we had Cristian Patachia who talked about inspiration and evolution. He reflected on the long-term, trusting partnership between Orange Romania and DefCamp that helped the conference grow every year and increase awareness about the importance of cybersecurity.
In Track 2 we had Konrad Jędrzejczyk who delivered a very practical presentation about Wifi Hacking and in Track 3, we had Dan Demeter who talked about disinformation and its impact on our societies.
Our amazing hosts and moderators, Andra Zaharia, Sabrina Herlo and Andreea Cutlacai succeeded in making our speakers feel welcomed while keeping DefCamp attendees up to date with everything that happened during the event.
The Hacking Village was once again one of the main attractions at DefCamp as it hosted 14 competitions. Prizes in cash and gadgets were also involved, so attendees were very keen to engage and win them all.
On Friday, November 9th, we had almost two dozen winners on stage. It feels thrilling to see young passionate people who push beyond the limits while testing their offensive skills in a controlled environment. Because we wanted to give everyone a taste of the action, we even held a raffle for the luckiest attendees. From gadgets to EA games, there were some interesting prizes at stake!
All in all, DefCamp 2018 brought to the audience engaging presentations from some of the best infosec professionals who shared actionable tips and valuable insights:
Speakers talked about current, practical challenges while also inspiring attendees to think beyond their day to day practice and evaluate their impact in shaping and changing the web for the better which is a great first step towards the world digitalization
Jayson E. Street called for teaching responsibility beyond our field, to help others understand why information security matters and what its real-life impact is
Stefan Tanase questioned why the internet is increasingly fragmented and affected by Balkanization
Tech talks walked attendees through the practical aspects and challenges of building application security from scratch or responding to threats against ICS environments.
Dan Demeter emphasized the importance of combating fake news through user education, high-quality journalism, and fact-checking other sources.
Mike Spicer, the #WifiCactus father, encouraged the audience to nurture their curiosity about something by following this: build it, test it, try it. That’s the best way to learn.
Alex “Jay” Balan advised the participants to treat everything that “you share with others as being compromised”.
Kirill talked about mobile security and demonstrated how hackers can connect to the SS7 protocol of a mobile network, and attack subscribers of any operator around the world.
In terms of privacy, we learned about the benefits of using the multi-factor authentication system to add multiple layers of security and reduce the risks of data loss.
To better fight against cyber threats such as APTs, organizations need to identify their assets, know about its vulnerabilities (weak points), and find out more about the enemies using threat intelligence, tools, tactics, endpoint solutions.
All things considered, we’ve seen that:
Talent is increasingly more appreciated and sought
More tech students are paying attention to what happens in the field
There are a lot more information and experience-sharing, more than ever before
DefCamp provides an open, safe place for infosec pros and apprentices can learn from each other
During the two-day conference, the Wi-Fi infrastructure was developed by Orange. It has was accessed by more than 1,200 visitors, who were connected on average 3 hours and 30 minutes, the highest number of participants being at 11:00 from each day of the event.
Ioan Constantin, Cyber Security Expert @Orange mentioned after the event that:
“DefCamp has constantly bridged the gap between young, skillful people and companies actively involved in innovation in the information security field. There are a great dynamic and an ever-shifting playing field in the infosec and cybersec business, with technologies coming in and going out of scope in the blink of an eye.”
Teodor Ceaușu, Country Manager @Ixia, a Keysight Business said that “Taking into consideration the ever-increasing impact of cyber security in this day and age, with vulnerabilities growing across platforms, it is important to keep up with the threats that constantly emerge, and DefCamp has a tremendous role in bringing together the latest information and knowledge available globally”. Moreover Dan Mihailescu added the fact that DefCamp Hacking Village is one of the most attractive point of the conference as it “connects the people, especially when they meet with others to brainstorm”.
DefCamp is powered by Orange Romania and it’s organized by the Association “Research Center for Information Security in Romania” (CCSIR). DefCamp 2018 was sponsored by Ixia, Keysight Business, SecureWorks and Intralinks as Platinum Partners and it’s supported by IPSX, Bit Sentinel, TAD GROUP, Enevo, Crowdstrike, CryptoCoin.pro, Siemens, Alef, UiPath and Kaspersky Lab.