Conference Talks – June 2022

This month, members of NCC Group will be presenting their technical work & training courses at the following conferences:

  • NCC Group, “Training: Mastering Container Security,” to be presented at 44CON (June 13-15 2022)
  • NCC Group, “Training: Google Cloud Platform (GCP) Security Review,” to be presented at 44CON (June 13-16 2022)
  • Jennifer Fernick (NCC Group), Christopher Robinson (Intel), & Anne Bertucio (Google), “Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software”, to be presented at Linux Security Summit North America (June 23-24 2022)
  • Jennifer Fernick (NCC Group) & Christopher Robinson (Intel), “Securing Open Source Software – End-to-End, at Massive Scale, Together,” to be presented at the Open Source Summit North America 2022 – Global Security Vulnerability Summit (June 23-24 2022)
  • Jose Selvi, “Cybersecurity, Intrusion Detection, & Machine Learning,” to be presented at Valencia 2022 Summer School – Challenges in Data Science: Big Data, Biostatistics, Artificial Intelligence, & Communications (June 27-July 1 2022)

Please join us!

Training: Mastering Container Security
NCC Group
44CON
June 13-15 2022

Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them?

This course takes a deep dive into the world of Linux containers, covering fundamental technologies and practical approaches to attacking and defending container-based systems such as Docker and Kubernetes.

In the 2022 version of the course the trainers will be focusing more on Kubernetes as it emerges as the dominant core of cloud native systems and looking at the wider ecosystem of products which are used in conjunction with Kubernetes.


Training: Google Cloud Platform (GCP) Security Review
NCC Group
44CON
June 13-16 2022


Ever more enterprises are moving their operations to the cloud, with customer adoption of Google Cloud Platform (GCP) steadily increasing. How can you ensure your cloud environment is secure?

NCC Group’s GCP security review training is a four-day course dedicated to security consultants and cloud architects interested in learning the principal elements of an environment based in Google’s cloud. It will discuss the techniques and tools necessary to perform a thorough security review and provide an understanding of the major risks, along with security best practices.

The course includes:

  • An introduction to GCP for people new to the platform, including general concepts and a comparison with other cloud providers
  • How to interact with GCP through the Cloud Console, CLI tool and SDK
  • An extensive discussion on the Identity and Access Management services with samples of policies and interesting attacks vectors
  • A review of networking in GCP, including typical topologies and common issues
  • A detailed look at the core services for computation, storage, databases, security and logging & monitoring
  • Tools which can help assess and secure GCP deployments


Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software
Jennifer Fernick (NCC Group), Christopher Robinson (Intel), & Anne Bertucio (Google)
Linux Security Summit North America
June 23-24 2022

Open source software (OSS) is incredibly powerful – and while that power is often used for good, it can be weaponized when OSS projects contain software security flaws that attackers can use to compromise those systems, or even the entire software supply chains that those systems are a part of. The Open Source Security Foundation is an open, cross-industry group aimed at improving the security of the open source ecosystem. In this presentation, members of the OpenSSF Vulnerability Disclosure working group will be sharing with open-source maintainers advice on how to handle when researchers disclose vulnerabilities in your project’s codebase – and we’ll also take any questions you have about this often mysterious topic!


Securing Open Source Software – End-to-End, at Massive Scale, Together
Jennifer Fernick (NCC Group) & Christopher Robinson (Intel)
Open Source Summit North America 2022 – Global Security Vulnerability Summit
June 23-24 2022 (Austin, TX & Virtual)

Open source software is a significant part of the core infrastructure in most enterprises in most sectors around the world and is foundational to the internet as we know it. It also represents a massive and profoundly valuable attack surface. Each year more lines of source code are created than ever before – and along with them, vulnerabilities. In this presentation, we’ll share key lessons learned in our experience coordinating the industry-wide remediation of some of the most impactful vulnerabilities ever disclosed, present a threat model of the many unmitigated challenges to securing the open source ecosystem, share new data which illustrates just how fragile and interdependent the security our core infrastructure can be, debate the challenges to securing OSS at scale, and speak unspoken truths of coordinated disclosure and where it can fail. We will also discuss the Open Source Security Foundation (OpenSSF) and share guidance for how members of the security community can get involved and contribute meaningfully to improving the security of OSS – especially through coordinated industry-wide efforts.


Cybersecurity, Intrusion Detection, & Machine Learning
Jose Selvi (NCC Group)

Valencia 2022 Summer School – Challenges in Data Science: Big Data, Biostatistics, Artificial Intelligence, & Communications
June 27-July 1 2022

The cybersecurity industry is facing many new challenges related with the amount of data they have to manage. In the “at scale” era, the traditional signature-based approach is no longer a solution by itself. In this talk, we will see an example of how we could use machine learning to achieve a false positive reduction in intrusion detection systems..