Security BSides Athens

Abstract: «The Corporate Espionage Case: A Digital Forensics Adventure» is a fictional synthesis drawn on different experiences which serves as a cohesive narrative delving into the fascinating world of digital forensics through the lens of experienced professionals. In this workshop, we will share our journey across multiple DFIR cases, offering a unique glimpse into the meticulous process of analyzing cyber threats, uncovering digital evidence and ultimately piecing together the true story behind cybercriminal activities caring to be forensically-sound every step of the way! Attendees will be guided through the complexities of digital investigations, from phishing attempts and insider threats to initial breach detection, forensic acquisition, analysis and reporting. By exploring real-world scenarios, we aim to illuminate the challenges and triumphs of digital forensics, providing insights into the tools and techniques essential for navigating the digital crime-scene all the way to the courtroom.

Bio: Short Bio Dimitris Georgiou: Dimitris Georgiou is a senior consultant with more than 20 years of experience in IT and Cybersecurity. He is Chief Security Officer and Partner at Alphabit SA, a cybersecurity firm in Athens, Greece. He has diverse studies in the humanities and Computer Science and holds professional certifications in Information Security, Digital Forensics and Payment Security. He is member of BCS, IEEE, ACM and ISC2. He participates at the ISC2 Europe Advisory Council and volunteers as a Member of the Board of the ISC2 Hellenic Chapter. He consults organisations on how to effectively reduce cyber risk, conducts security audits and digital forensics investigations being a registered forensic court expert. He speaks and writes about cyber hygiene particularly caring for the safety of children online.

Short Bio Spiros Pitikaris: Spiros Pitikaris is a Cyber Security Consultant and has been a part of Alphabit for three years. With a BSc and Msc in Cyber Security he also holds professional certifications in Information Security, Digital Forensics and Penetration Testing. He combines a passion for the offensive side of cybersecurity with a keen interest in the defensive realms of digital forensics and incident response. His expertise and interests span various technologies, including application security, threat hunting and malware analysis.

Short Bio Konstantinos Kiriakos: Konstantinos Kiriakos, a computer science engineering graduate, transitioned from the world of software development to pursue his dream in cybersecurity. Drawn to the intricate challenges and complexities of cybersecurity, he embarked on this journey by earning the CC certification from ISC2. Today, he specializes in diverse areas like digital forensics, penetration testing, and consulting. His focus goes beyond identifying vulnerabilities; he actively contributes to evolving organizational defenses in all aspects by building robust security postures and empowering staff through comprehensive training sessions.

BsidesAth Speaker

Special Session 2

Block By Block: Building Your CTI Program

by Andreas Sfakianakis, @Twitter

Abstract: «Block By Block: Building Your CTI Program» is a 2-hour workshop designed to demystify the complexities of CTI and provide a clear pathway for participants to build or enhance their threat intelligence programs.
This workshop is created for individuals keen on grasping the fundamental principles of CTI and eager to translate this understanding into a strategic framework for their organizations. We will embark on a journey through the essentials of CTI, starting with an exploration of foundational CTI concepts and the pivotal role it plays in managing cyber threats. Throughout the session, we will delve into the steps necessary for initiating a CTI program, emphasizing the seamless integration of CTI into existing organisational processes. Moreover, the workshop will highlight practical and easy-to-implement approaches that organizations can adopt for quick wins and building foundational CTI capabilities (key practices, common pain points, and effective techniques). Emphasis will be placed on leveraging technology to enable CTI, developing skillset of CTI analysts, and employing a maturity model to gauge and enhance the effectiveness of CTI initiatives.
Whether you're at the early stages of considering a CTI program or looking to refine and expand your existing capabilities, this workshop offers insights, resources, and perspectives on cyber threat intelligence programs.

Bio: Andreas is a Cyber Threat Intelligence professional with over a decade of experience in cyber security. Having tilted at windmills, Andreas focuses on applying threat intelligence and helping organizations manage threats mostly within the Oil & Gas, Technology, and Financial sectors as well as in European Union’s Agencies and Institutions. Andreas has been contributing to the CTI community since 2012 via reports, his blog, newsletter, conferences, trusted communities, and instructing. His passion for teaching led him to become a SANS instructor for FOR578 Cyber Threat Intelligence course. Andreas’ primary goal is to help organizations establish and mature their cyber threat management programs by bringing decade-long insights from applying CTI. His goals also include the embedding of CTI in the EU policymaking through his collaboration with EU institutions on CTI projects and assessments. Andreas’ Twitter handle is @asfakian and his website is www.threatintel.eu ! Feel free to reach out!

BsidesAth Speaker

Special Session 3

Rising to the Challenge: Cyber Security in Greece

by Konstantinos Papanagnou, @Twitter

Abstract: Join us in a cumulative talk around the Cyber Security Challenge Greece, analyzing how the idea was conceived, some of the challenges encountered, the challenge aftermath, and of course - some walkthroughs of the challenges and a Q&A on potential ideas for next year’s edition.

Bio: Konstantinos is a Senior Penetration Tester at NVISO Security and the Technical Director of the Cyber Security Challenge Greece.

Talk #29