ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Cyber Security Summit Brazil brought to you by CyberEd Talks

July 27-28, 2018 - Sheraton Sao Paulo WTC

View Sessions

WELCOME

https://events.ismg.io/wp-content/uploads/2018/09/css-2018-teaserofficial.mp4

From ransomware to business email compromise to DDoS for extortion, it’s already been a busy year for Brazilian cybersecurity leaders – and 2018 is barely half over.

Do you wish to arm yourself with strategies and solutions to tackle the rest of the year? Then register now for the Cybersecurity Summit Brazil.

This two-day conference brings together thought-leaders, industry professionals and solutions vendors to focus intensely on the security topics that matter most – IoT, cybercrime, machine learning, identity fraud, the insider threat and security metrics to name a few – all with a single goal: Education.

We strive to bring unique speakers and insight. Among the noted speakers at this year’s event: Cel. Marcelo Paiva Fontenele, Chief of ENaDCIBEr, Brazilian Army; Rafael Salema, Leader, Cybernetic Exportation Team, Brazilian Air Force; and Eder Luis Oliveira Goncalves, Computational Forensic Specialist, Brazilian Army.

These are but some of the engaging speakers who will make this Summit unique.

We have intentionally designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals and many others by providing hands-on tools and real-world problems and solutions that attendees can take back to their offices long after the summits end.

Sign up now and join the discussion.

Details

Sheraton Sao Paulo WTC

July 27th & 28th, 2018
View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Rafael Narezzi

Chair, CyberEdTalks

David Brassanini

Chief Operations and Legal Attache, FBI, Brazil

Dra. Patricia Peck

Lawyer, Direito Digital

Eder Luis Oliveira Goncalves

Computer Forensics Specialist, Brazilian Army

Ricardo Tavares

Cyber Security Specialist

Prashant Pillai

Director of the Wolverhampton Cyber Research Institute, University of Wolverhampton

Tom Field

SVP - Editorial, ISMG

Alissa Torres

Incident Response Manager, Cargill

SPEAKERS / Featured Speakers for our Brazil Summit

Rafael Narezzi

Chair, CyberEdTalks Brazil

Dra. Patricia Peck

Lawyer, Direito Digital

Alissa Torres

Incident Response Manager, Cargill

John Walker

Visiting Prof., Nottingham Trent University; Advisory Board, Research Centre in Cyber Security (KirCCS), University of Kent and Fmr Royal Air Force Security and Counter Intelligence

Rafael Salema

Leader, Cybernetic Exportation Team, Brazilian Air Force

Mehdi Talbi

Security Researcher, Stormshield

Ricardo Tavares

Cyber Security Specialist

Eder Luis Oliveira Goncalves

Computational Forensic Specialist, Brazilian Army

Bruno Rodrigues

Research Doctorate, University of Zurich

Prashant Pillai

Director of the Wolverhampton Cyber Research Institute, University of Wolverhampton

Cel. Marcelo Paiva Fontenele

Chief of ENaDCIBEr, Brazilian Army

Tom Field

Senior Vice President, Editorial, ISMG

David Brassanini

Chief Operations and Legal Attache, FBI, Brazil

Ltg. Guido Amin Naves

Official General, Cyber Command, Brazil

Paulo Macedo

Country Manager, Forcepoint

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



  • Friday, July 27th

  • Saturday, July 28th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:25 am
8:00 am - 8:25 am

Registration, Coffee & Networking

8:35 am -
8:45 am
8:35 am - 8:45 am

Opening Remarks

8:45 am -
9:35 am
8:45 am - 9:35 am

The Strategic Direction of the Brazilian Cyber Sector

Speaker:
Ltg. Guido Amin Naves, Official General, Cyber Command, Brazil

English

After three years of the creation and implementation phases of Com D Ciber, as an important step in the establishment of the Cyber Sector in the Brazilian defense, a phase of consolidation of the capacities obtained begins. For this consolidation after studies, it was concluded by a strategic direction for the actions to be carried out in this cycle that begins. The Commander of Cyber Defense will present this strategic direction for the sector, whose consolidation depends on the engagement of all society and the Brazilian State.

The following topics will be addressed:

  • The threat
  • The Cyber Sector in Defense Timeline
  • The current state
  • The searched state
  • The strategic model proposed to achieve the objective

Português

Após três anos das fases de criação e implantação do Com D Ciber, como passo importante do estabelecimento do Setor Cibernético na defesa brasileira, inicia-se uma fase de consolidação das capacidades obtidas. Para esta consolidação após estudos realizados, concluiu-se por um direcionamento estratégico para as ações a realizar nesse ciclo que se inicia. O Comandante de Defesa Cibernética apresentará esse direcionamento estratégico para o setor, cuja consolidação depende do engajamento de toda a sociedade e do Estado Brasileiro.

Serão abordados os seguintes tópicos:

  • A ameaça
  • A linha do tempo do Setor Cibernético na Defesa
  • O estado atual
  • O estado buscado
  • O modelo estratégico proposto para atingir o objetivo
9:40 am -
10:30 am
9:40 am - 10:30 am

Special Keynote - FBI Operations in the Cyber Hyperconnect World

Speaker:
David Brassanini, Chief Operations and Legal Attache, FBI, Brazil

Cybercrime it is a massive industry, trying to get to the end of the tail is always a challenge.

FBI is working across federal agencies in order to be able to share intelligence, allowing the FBI to have visibility and coordinate actions.  Join us to learn more about the reach of the FBI and, more importantly, the cyber criminals!

10:35 am -
11:10 am
10:35 am - 11:10 am

Coffee Break com CyberEdtalks from the Industry

11:15 am -
12:00 pm
11:15 am - 12:00 pm

How Regulations Can Enforce Cybercrime Combat

Speaker:
Dra. Patricia Peck, Lawyer, Direito Digital

English

Internet is the biggest public avenue of the world with all people, assets and data flowing over its digital roads but no effective police to guard the users from cyber criminals' attacks. What is the reason? There is no jurisdiction defined to their actuation. Actually, the increase of privacy rules can somehow difficult the work of the investigation to catch these criminals. Considering that Internet is a private owned marketplace by companies that should be more committed to clients' safety, how new regulations could better enforce the combat of cyber crime on the web? How establish a balance between citizens safety that demands monitoring surveillance in a preventions manner and privacy protection? What should be the road map and the action plan to fight back these attacks? Should antivirus and antispyware become an manufacture obligation when developing IoT devices for instance? Who should pay the price for cyber security? And what should be done with this new kind of criminal much more sophisticated? Do we need new laws? New types of jails? New tools and training to the police and the judges? But one thing is for sure, we are losing this new cyber war. And we need to invest much more in educational campaigns to protect the population against this social-digital threat.

Português

A Internet é a maior avenida pública do mundo, com todas as pessoas, bens e dados fluindo pelas suas estradas digitais, mas sem uma polícia eficaz para proteger os usuários dos ataques dos criminosos. Qual é a razão? Não há jurisdição definida para sua atuação. Na verdade, o aumento das regras de privacidade pode de alguma forma dificultar o trabalho da investigação para capturar esses criminosos. Considerando que a Internet é um mercado privado de propriedade de empresas que deveriam estar mais comprometidas com a segurança dos clientes, como as novas regulamentações poderiam reforçar o combate ao crime cibernético na web? Como estabelecer um equilíbrio entre a segurança dos cidadãos que exige monitoramento de vigilância de forma preventiva e proteção da privacidade? Qual deve ser o roteiro e o plano de ação para combater esses ataques? O antivírus e o antispyware devem se tornar uma obrigação de fabricação ao desenvolver dispositivos IoT, por exemplo? Quem deve pagar o preço pela segurança cibernética? E o que deve ser feito com esse novo tipo de criminoso muito mais sofisticado? Precisamos de novas leis? Novos tipos de cadeias? Novas ferramentas e treinamento para a polícia e os juízes? Mas uma coisa é certa, estamos perdendo essa nova guerra cibernética. E precisamos investir muito mais em campanhas educacionais para proteger a população contra essa ameaça sócio-digital.

12:10 pm -
1:40 pm
12:10 pm - 1:40 pm

Lunch

1:45 pm -
2:25 pm
1:45 pm - 2:25 pm

Dark Intelligence

Speaker:
John Walker, Visiting Prof., Nottingham Trent University; Advisory Board, Research Centre in Cyber Security (KirCCS), University of Kent and Fmr Royal Air Force Security and Counter Intelligence

English

In the beginning, the Genesis age of the Internet offered positive opportunities for connectivity, creativity and commercial opportunities, and shrunk the potential of low cost access to communications to all. However, as time has always demonstrated, no matter the landscape, the dark clouds of criminality and abuse will always form to feed of the public and commercial activities. To this end, the over-complex computerized systems, and the embracement of technology, and an always on-line lifestyle choice have offered up a significant surface of attacks for exploitation and compromise. Be the danger Ransomware, Malware, Exposed WiFi, the Darknet, or support of illicit activities in the form of Drugs, People Trafficking and Child Abuse (exploitation), with levels of adversity continuing to reach even darker depths! Today, in a world of three Cyber Security Classifications, which are:

  • You have been hacked
  • You will be hacked
  • You have been hacked but don't know it

We look into the history of insecure computing, investigate the real-potentials that facilities Cyber Crime, dig into the Dark Web of illicit shopping offerings, and look to the future of regulating the internet. To add the positive, we will also explore the mitigation of good security practice, OSINT (Open Source Intelligence), and First Response Cyber Forensics Engagement to maximize the potential of Cyber Survival in the Electronic World.

Português

No início, a era da Internet na Gênesis oferecia oportunidades positivas de conectividade, criatividade e oportunidades comerciais e reduzia o potencial de acesso de baixo custo às comunicações para todos. No entanto, como o tempo sempre demonstrou, não importa a paisagem, as nuvens escuras de criminalidade e abuso sempre se formarão para alimentar as atividades públicas e comerciais. Para esse fim, os sistemas computadorizados supercomplexos, o acolhimento da tecnologia e uma escolha de estilo de vida sempre on-line ofereceram uma superfície significativa de ataques por exploração e comprometimento. Seja o perigo Ransomware, Malware, Expostos WiFi, o Darknet, ou apoio de atividades ilícitas na forma de drogas, tráfico de pessoas e abuso infantil (exploração), com níveis de adversidade continuam a atingir profundidades ainda mais escuras! Hoje, em um mundo de três classificações de segurança cibernética, que são:

  • Você foi hackeado
  • Você será hackeado
  • Você foi hackeado, mas não sabe

Vamos olhar para a história da computação insegura, investigar os potenciais reais que as instalações do Cyber

2:30 pm -
3:15 pm
2:30 pm - 3:15 pm

Security for Critical National Infrastructure - Challenges and Opportunities

Speaker:
Prashant Pillai, Director of the Wolverhampton Cyber Research Institute, University of Wolverhampton

Critical National Infrastructure (CNI) refer to the various systems, networks, facilities and services upon which daily life depends. One such infrastructure is our power networks that are responsible for providing us with electricity that has become central to the ability of modern societies to function. Apart from being used in homes and industries, several critical infrastructures like hospitals, air traffic control, water and gas supply networks, mobile communication and even the financial sector are dependent upon electricity. A major attack on a nation's power grid would shut down any country. Future Smart Grid technology facilitates the integration of storage and renewables with the grid to ensure sustainability of electricity supply, mitigate rising power outages and help meet the rapidly rising demand for clean energy in urban and rural areas. Reliable, fast and secure communication infrastructure is required to attain these benefits of smart grids. Future smart power grids that aim to use Internet communication to provide such efficient control are vulnerable to various security attacks. This talk also introduces the security and QoS requirements for smart grid communications, Key security vulnerabilities, types of attacks and the arising research challenges are detailed.
3:20 pm -
3:50 pm
3:20 pm - 3:50 pm

Coffee break com CyberEdtalks from the Industry

3:50 pm -
4:30 pm
3:50 pm - 4:30 pm

Training and Knowledge Management in Cyber

Speaker:
Cel. Marcelo Paiva Fontenele, Chief of ENaDCIBEr, Brazilian Army

English

The cyber sector is a reality in our information society. As the government and society as a whole migrate their services into cyberspace, the vulnerabilities and the demand for new knowledge grow as a result of such migration.

It is necessary, therefore, an effective management of this knowledge in order to strengthen cyber security and defense, as well as to optimize the use of the main informational asset: the human being.

The lecture addresses the work and methodology that has been adopted to develop and integrate the management of cyber defense and security knowledge.

Português

O setor cibernético é uma realidade em nossa sociedade da informação. Enquanto o governo e a sociedade como um todo migram seus serviços para o espaço cibernético, crescem as vulnerabilidades e a demanda por novos conhecimentos, fruto de tal migração.

Faz-se necessário, portanto, uma efetiva gestão desses conhecimentos a fim de fortalecer a segurança e a defesa cibernéticas, bem como otimizar o emprego do principal ativo informacional: o ser humano.

A palestra abordará os trabalhos e a metodologia que vem sendo adotada para desenvolver e integrar a gestão dos conhecimentos de defesa e segurança cibernéticas.

4:30 pm -
5:00 pm
4:30 pm - 5:00 pm

Risk-Adaptive Protection: The New Paradigm of Cybersecurity

5:00 pm -
5:45 pm
5:00 pm - 5:45 pm

Secret Panel list with guest audience (Members shall be chosen to debate)

In this session, we will hear from industry leaders and selected attendees, who will join the stage and discuss questions raised throughout the day.  This is a great session of collaboration where everyone can help to build a better sharing network.

5:50 pm -
6:10 pm
5:50 pm - 6:10 pm

Closing Session

6:10 pm -
7:00 pm
6:10 pm - 7:00 pm

Cocktails and Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:25 am
8:00 am - 8:25 am

Registration, Breakfast & Networking

8:35 am -
8:45 am
8:35 am - 8:45 am

Opening Remarks

8:45 am -
9:35 am
8:45 am - 9:35 am

Abusing virtual machines for fun and profit

Speaker:
Mehdi Talbi, Security Researcher, Stormshield

English

  • Virtual machine escape: exploiting vulnerabilities in Qemu to escape from a virtual machine
  • Row-hammer bug: exploiting a hardware bug to authenticate on a co-hosted VM (demo)
  • Mitigations

Português

  • - Escape da máquina virtual: explorando vulnerabilidades no Qemu para escapar de um máquina virutal
  • Bug de arrasto: explorando um bug de hardware para autenticar em uma VM co-hospedada (demo)
  • Mitigações
9:40 am -
10:30 am
9:40 am - 10:30 am

Exhibit & Networking Break

10:35 am -
11:10 am
10:35 am - 11:10 am

Compromising Network Infrastructure From the Caged Environment

Speaker:
Eder Luis Oliveira Goncalves, Computational Forensic Specialist, Brazilian Army

English

The evolution of the defense mechanisms of a server or infrastructure is due to the increase in defense technology or the creativity of the custodian of the asset, in this line Pentest has evolved into a game of cat and mouse where new techniques are learned to overcome the restrictions that the network administrator imposes on us. Who wins the best in this game: Who does hardening or what escapes the restriction and reaches Olympus, in this case the ROOT.

Português

A evolução dos mecanismos de defesa de um servidor ou infra-estrutura é devido ao aumento da tecnologia de defesa ou a criatividade do guardião do ativo, nesta linha Pentest evoluiu para um jogo de gato e rato, onde novas técnicas são aprendidas para superar o restrições que o administrador da rede nos impõe. Quem ganha o melhor neste jogo: Quem faz o endurecimento ou o que escapa a restrição e atinge o Olimpo, neste caso a RAIZ.

11:15 am -
12:00 pm
11:15 am - 12:00 pm

Zero Day – Guarding against Unknown Threats

Speaker:
Ricardo Tavares, Cyber Security Specialist

In this session, noted Cyber Security Specialist, Ricardo Tavares will:

  • Provide real-world insights into how to create an effective cybersecurity action plan;
  • Spell out the core elements of breach prevention, detection and response strategies;
  • Identify security technologies that can play an effective role in supporting a so-called “wartime” strategy.
12:10 pm -
1:40 pm
12:10 pm - 1:40 pm

Lunch

1:45 pm -
2:25 pm
1:45 pm - 2:25 pm

Uncover the Evidence of Compromise From Your Endpoints?

Speaker:
Alissa Torres, Incident Response Manager, Cargill

English

With an estimated 80% of today's malicious code employing anti-detection and anti-analysis mechanisms, security teams are in an intractable arms race. Attackers build or buy evasive malware to extend dwell time and accomplish their cyber objectives. In response, security teams roll out next-gen technologies and adapt their investigative methods to catch up. Despite executive teams' hyper-focus and increased spending on incident response capabilities, a critical and overlooked success factor in many incident investigations is the analyst' depth of knowledge of host-based trace artifact identification and analysis. Analysts need to know where to look for attacker presence and activity when the most obvious artifacts are gone.

In this session, we discuss:

  • How to gain actionable insight into trace endpoint artifacts that reveal threat actors' lateral movement and evasion techniques;
  • Key endpoint indicators of compromise, which increase the fidelity of your threat hunting strategies;
  • How to prepare a training plan for upping the skills of your incident response team to detect and analyze critical tells of adversary.

Português

Com cerca de 80% do código malicioso de hoje, que emprega mecanismos de detecção e anti-análise, as equipes de segurança estão em uma corrida armamentista intratável. Os invasores criam ou compram malware evasivo para estender o tempo de permanência e realizar seus objetivos cibernéticos. Em resposta, as equipes de segurança implantam tecnologias de última geração e adaptam seus métodos de investigação para recuperar o atraso. Apesar do hiper-foco das equipes executivas e do aumento dos gastos com recursos de resposta a incidentes, um fator de sucesso crítico e negligenciado em muitas investigações de incidentes é o profundo conhecimento do analista da identificação e análise de artefatos de rastreamento baseados em host. Os analistas precisam saber onde procurar a presença e a atividade do invasor quando os artefatos mais óbvios desaparecerem.

objetivos de aprendizado

  • Obtenha informações acionáveis
2:30 pm -
3:15 pm
2:30 pm - 3:15 pm

Blockchain against DDOS attack PoC

Speaker:
Bruno Rodrigues, Research Doctorate, University of Zurich

3:20 pm -
3:50 pm
3:20 pm - 3:50 pm

Exhibit & Networking Break

3:50 pm -
4:30 pm
3:50 pm - 4:30 pm

Simple and Discrete Exfiltration C2

4:30 pm -
5:00 pm
4:30 pm - 5:00 pm

Secret Panel list with guest audience (Members shall be chosen to debate)

In this session, we will hear from industry leaders and selected attendees, who will join the stage and discuss questions raised throughout the day.  This is a great session of collaboration where everyone can help to build a better sharing network.

5:10 pm -
5:20 pm
5:10 pm - 5:20 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

DUO Security
Lastline
Splunk
Arbor Networks
Check Point

LOCATION / Venue & Address

Sheraton Sao Paulo WTC
Av. das Nações Unidas
12559 – Brooklin Novo, São Paulo – SP
04578-903, Brazil

WATCH SESSIONS ONLINE

For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.

Become a Member

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data