SPEAKING ENGAGEMENTS ARCHIVE
Cyber Security is no longer the plaything of well trained researchers or skilled criminals: it is the lifeblood of our society. Cast aside the false assumption that security is solely for the corporations. It affects us all. Talking to your children, your parents, and your friends about protecting themselves online, could one day save them from becoming the victim of Ransomware, Cyber bullying, extortion, and more.
Co-Host: Imposter Syndrome Network
TECH FIELD DAY
Profile: Tech Field Day Delegate
PODCAST ARCHIVE
Hear no Evil(); See no Evil(); Code no Evil();
Remote conference
Technology Day INNOQ
30 November 2022
It's all the fault of developers... right? Afterall, we face a world of fail by design, security becoming more an afterthought. All the while technology continues to play a bigger and bigger role in society. From our personal lives, the operations of businesses and governments, to transportation; the list goes on.
In fact, it's difficult to think of any aspect where technology does not have an influence or impact. In this talk, we will cover a developer’s role in security, the value of embedding security and privacy from the conception of the idea, to protect consumers. Additionally, we will talk through some real-life examples of where things didn't go to plan.
Strange Hill to Die on: Building an Effective Security Programme Whilst Balancing Egos
Lecture style talk
Information Security Forum World Congress
Manchester, United Kingdom
12 - 15 November 2022
The struggle of embedding effective security programmes within enterprise organisations, in a way that changes behaviours can become an overwhelmed monster. Disjointed approaches, missing foundations, inability to properly measure success or failure, and limited collaboration can lead to failure before they even begin.
Becoming an expert
Podcast
Cisco Champion Radio Unfiltered
05 November 2022
Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being bold enough to take the right chances. It takes time and effort. It takes taking yourself out of your comfort zone.
IN the third part of our three-part series, Cisco Champions explore what it means to be an expert - in particular, they discuss tips on becoming an expert, what servces as motivation and how to deal with imposter syndrome, and even share their own personal stories.
How to Win Users and Influence the Board: Embedding Security Effectively.
Lecture style talk
Cyber Security Show Madrid, Spain
26 - 27 October 2022
Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stope. Simply blaming the users is so 2020.
Instead, lets create security programmes that not only sound cool, but actually work for the humans they are supposed to be training.
Hear no Evil, See no Evil, Code no Evil();
Lecture style talk
Full Stack Europe
Antwerp, Belgium
6 & 7 October 2022
As technology continues to play a massive role in our society, this ever growing demand on developers to build functional and secure solutions will only increase. What role do developers play in securing our society, and how can they begin the journey to security by design - instead of fail by design?
269: Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words
Podcast
Smashing Security
07 April 2022
There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using?
Building Blocks of an Effective Security Programme
Lecture style talk
Cloud Expo Europe
London, United Kingdom
02 March 2022
Organisations small and large struggle with the same idea, how to embed security by design and by default - in a way that actually changes behaviour. Throughout my career I have seen time and again organisations attempt to address this concern, without foundations and ineffective metrics, causing failure before they have even begun...
Are You Ready for the Digital Acceleration 2025?
Panel
ME CISO
18 February 2022
The leading voices of this interactive panel discussion will exchange insights on to how to transition from global IT strategy to the next-gen digital innovation; and what developments lead CISOs to identify business areas that are vital for continued growth and development.
Cyber Resilience: business continuity and cyber incidents and how to address them
Panel
GRC World Forums
01 December 2021
In cyber security, as in virtually every field, prevention is always better than cure. But in a landscape abundant with zero-day attacks and emerging threats, how can organisations protect themselves from the unknown?
Investigator's Operational Security
Virtual Talk
Private Conference
17 November 2021
Having been the victim and then the responder when it comes to investigating domestic abuse and violence, cyber bullying, and further incidents - this talk is designed to cover investigating safely from real-life experiences. Top down we will talk about policies and procedures, failures in process, levels of anonymity, and cyber security for the investigator.
Data Security: From Creation to Sharing
Panel
InfoSecurity
London, United Kingdom
09 September 2021
All organisations need to ensure their employees have quick and easy access to data so they can be productive as possible. Sadly, this this approach often increases the risk of data breaches occurring, particularly among hybrid workforce's operating outside of corporate buildings...
How to implement an IAM roadmap with effective ongoing demand-management practices to align business needs
Panel
GRC World Forums
08 September 2021
Organisations often lack mature roadmaps, creating point-in-time roadmaps but not actively managing or working from them over time. In other cases, organisations lack a roadmap at all...
The Right to Privacy: Navigating Personal, Physical, and Digital Safety
Podcast
Tripwire: The State of Security
27 January 2021
What is the current state of cybercrime and what are common times of incidents being reported? We explore the true extent and cost of security breaches, developments in the attacker ecosystem and how businesses can protect and defend against these. Our panelists will also look to future trends, outlining what new risks businesses should expect in 2021 and beyond.
The Evolving Security Landscape: Trends to Expect in 2021 and Beyond
Panel
PrivSec Global
30 November 2020
What is the current state of cybercrime and what are common times of incidents being reported? We explore the true extent and cost of security breaches, developments in the attacker ecosystem and how businesses can protect and defend against these. Our panelists will also look to future trends, outlining what new risks businesses should expect in 2021 and beyond.
Hear no Evil, See no Evil, Code no Evil();
Lightning Talk
Fusion Hub
26 November 2020
"You are given temporary access to someone's intimate life details, your job, is to protect it." In this lighting talk we cover the reality of a developer's role in society, the importance of embedding security and privacy controls from the conception of the idea, and throughout the life cycle. Along with enforcing by default, to protect your consumers.
Speak Easy: interview with Zoë Rose
Podcast
The Beer Farmers
25 November 2020
Chat between Sean Wright, Mike Thompson, Scott McGready, Ian Thornton-Trump, and Zoë Rose - discussing the cyber security industry, trends, BeerCon2, what the future holds, and the critical importance of understanding motivations.
Mitigating the Security Risks and Challenges of Office 365
Lightning Talk
InfoSecurity
30 July 2020
Office 365 suites is no fully integrated with many businesses - large and small - and used to store and share massive amounts of important and potentially sensitive corporate data. Therefore, the security risks of implementing such services must be at the forefront of organisation's minds.
In this Webinar, a panel of experts will discuss the security risks surrounding the use of Office 365 and outline best practice suggestions for ensuring data remains safe whilst using complex cloud-based services.
Episode 156 - Stalking solutions with Zoë Rose
Podcast
This week Zoë Rose joins me to discuss solutions for stalking victims, an update on the census show last week, the latest privacy news, and and OSINT tip for obtaining archived interior images of homes.
24-Hour Fundraiser
Lightning Talk
BeerCon1
7 December 2019
In collaboration with The Beer Farmers & The Many Hats Club, hosting a 24-hour virtual conference in order to raise money for two charities our community holds close to its heart; the Electronic Frontier Foundation (EFF) as well as Mental Health Hackers.
Tales from a Professional Stalker
Lecture style talk
BSides København
Copenhagen, Demark
23 - 24 November 2019
Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness?
If you do, stop. Blaming the users is so 2018. Reviewing the last 10 years of my professional career, I will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating a safe, inclusive environment for them to learn.
The Future of Security
Lecture style talk
GOTO; Copenhagen
Copenhagen, Denmark
18 - 22 November 2019
Ever wonder why technology seems to be more fail by design than security and privacy based? Also, how is it we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments.
In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security.
One Phish, Two Phish, Red Phish, Blue Phish
Lecture style talk
DevCon
Bucharest, Romania
13 November 2019
Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.
We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills.
Voices from InfoSec with Zoë Rose
Podcast
Breaking Badness
6 November 2019
Welcome to a special edition of Breaking Badness. In this bonus episode, you’ll hear from cyber security specialist and ethical hacker, Zoë Rose. Co-hosts Tarik Saleh and I sat down with Zoë (and her ferrets) to discuss her life as a cyber security consultant, experience in the industry, and advice for fellow practitioners.
Humans: Ruining Things Since Forever
Keynote
Agile Testing Days
Potsdam, Germany
3-4 November 2019
In the last 10+ years of experience in industry, I have realised the number one problem is simply humans. We create solutions without considering by design and by default of privacy and security; we often forget the malicious user and the not-so-malicious, but ever-present, human error.
Whilst overlapping, the concepts of security and privacy are distinctly different. How do you design resilience for lasting solutions that works in a variety of environments that encourages use, growth and adoption? This talk explores the human response to environments and solutions, the value of diverse teams, and understanding the by design and by default controls between privacy and security
One Phish, Two Phish, Red Phish, Blue Phish
Lecture style talk
GOTO; Berlin
Berlin, Germany
23-25 October 2019
Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.
We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills
Tales from a Professional Stalker
Lecture style talk
DSS ITSEC
Riga, Latvia
17 October 2019
Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018.
Taking a deep dive into the last 10 years of my professional career, we will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating safe, inclusive environment for them to learn.
Mismatched SOCs
Lecture style talk
Digital Transformation Expo
London, United Kingdom
9-10 October 2019
Maintaining an in-house SOC can be challenging and expensive, so organisations rightly reach out to third-parties to provide this service - however, the responsibilities don’t stop there. This talk covers the wins and losses I’ve seen regarding third-party SOCs, how organisations can properly manage this, and ways to make sure you’ve found the right match.
Through the Eyes of a Hacker
Lecture style talk
PrivSec Dublin
Dublin, Ireland
23-24 September 2019
Hackers, the ever mischievous, malicious beings, that seem to be able to simply look at something and break it. Who are they, how do they become to be, should I be worried? This talk is designed to open your eyes to the world of cyber security through my eyes, what it means to 'be secure' and how you as an individual can make a difference in your personal and professional lives.
Overcome the Fear of the Phish
Lecture style talk
CBI Conferences
London, United Kingdom
12 September 2019
What makes Phishing so resilient to security controls and awareness training? This talk we will identify, understand, and learn to use the methodology of Phishing and social engineering for our benefit.
What is Vulnerability Management, and Why Does it Matter?
Vlog
Tripwire
5 August 2019
Vulnerabilities are everywhere - and they're not going anywhere soon. Zoë Rose, cyber security consultant at Baringa Partners, tells us why effective vulnerability management should be a vital part of your overall security posture.
Hacker Rainbow
Keynote
UCISA IG - Cyber Security Survival Guide
Birmingham, United Kingdom
9 May 2019
Red, blue, and purple too - what do these colours mean when it comes to embedding security in our systems? This keynote was created to demystify and excite the audience in security by design. Covering both simplified, starter pack like exercises, to full hands on validation - we talked through penetration testing, red teaming, tabletop, and more.
Seminar round-up: Cyber Security and the Internet in investment arbitration
Panel
Hogan Lovells
London, United Kingdom
11 April 2019
On 11 April 2019 the Hogan Lovells International Arbitration team hosted a seminar on cyber security and the Internet in International Investment Arbitration. It was a throughly interesting and informative session. Our twin panels of preeminent lawyers and industry experts delivered an insightful discussion, followed by a lively Q&A session.
Demystifying Cyber Security
Interactive talk
Young Coders Meetup
London, United Kingdom
17 February 2019
Holistic walk through of what Cyber Security is and means to us in our personal and professional lives. Looking through different career options, and my personal journey into security, the young coders learned to investigate their curiosities, failure can be beneficial, and working towards their dream career.
How to Win Users and Influence the Board
Keynote
BSides Leeds
Leeds, United Kingdom
25 January 2019
Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stop. Simply blaming the users is so 2018.
This year, let us create security programmes that no only sound cool, but actually work for the humans they are supposed to be training.
Cyber Security must be a key part of Bank's risk management strategy
Podcast
Islamic Finance News
4 December 2018
Considering that most cyber attacks are financially motivated, banks are choice targets for malicious actors. Hence, implementing a holistic cyber security strategy must be a key part of their risk management strategy. Marc Roussot explores.
Part Two: Ethical Hacker's Guide to Security
Workshop
SCxSC
Kuala Lumpur, Malaysia
28-29 November 2018
Taking a deeper look into these malicious actors threatening our environments, jobs, our very lives. We will talk through common organisational pitfalls, realise how our world got to this place. Finishing off where how to take actual steps to a more secure and safer world.
Achieving 7 Seconds
Lecture style talk
ØreDev
Malmö, Sweden
19-22 November 2018
This talk is focused on understanding the malicious user and the not-so-malicious, but ever-present, human error. We will review how to embed stress testing throughout the development life cycle, and more importantly how to know if you have an effective tester. We will talk about common issues found in my experience, along with different approaches you can take to change the behaviours of your development team.
Practice Safe Networking
Lecture style talk
ØreDev
Malmö, Sweden
19-22 November 2018
Have you ever found yourself lost in a server room, or more often a closet, no idea where to start and confused if you are ever going to find the right port? Have you logged into the gateway router, when you're pretty sure you were supposed to be on a switch, and all of the sudden everything stops working, but you are 99% confident you didn't actually do anything? Then this talk is for you!
What is Safe? Baby, don't hack me, don't hack me, no more!
Lecture style talk
Cyber Security Leadership Summit Europe
Berlin, Germany
13 November 2018
How many times have you heard 'we need a penetration test' and thought to yourself, what actually is a penetration test?! This talk is aimed at clarifying different forms of validation, and how to effectively approach implementation at your organisation.
If you liked it, you should have put security on it
Lecture style talk
OWASP
London, United Kingdom
24 October 2018
We no longer live in a world where ignorance on security is even remotely ok, you can't breach a data protection act with the defence that 'oops we didn't realise'. Not only will you owe major fines, but your representational damage will be extravagant. Why is it then, in the media seemingly every day, an insane breach is reported? The reality is, more often it's fail by design than security by design.
The Person She Needed
Lecture style talk
Operation Safe Escape by OSPA
Washington DC, United States
11-12 October 2018
Empowering survivors to take back control of their lives through operational security online, building and maintaining a secure communications system with family and shelters. Along with safe steps you can take right from the start, to build awareness of your environment.
If you liked it, you should have put security on it
Lecture style talk
IP Expo Europe
London, United Kingdom
3-4 October 2018
Organisations know that cyber security is a huge concern, each year they budget for and insure against cyber incidents. However, if you follow any news, we know this fails consistently. Cyber security is confusing, and that confusion often brings negativity, shame, and embarrassment; leading to a lack of effective communication. In this talk, we will identify how to effectively approach a holistic security programme, through awareness, culture, and understanding on how to approach Security by Design.
The Future of Security
Keynote
Women in Banking and Finance
London, United Kingdom
27 September 2018
Ever wonder why technology seems to be more fail by design than security by design? How is it, we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments?
In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security in mind, and how we can be a part of the shift to embedding security
Hackers: Malevolent or Marvellous?
Interactive talk
Private Event
Seville, Spain
26 September 2018
Open-Source Intelligence is a major piece to the hacker puzzle - to target someone or something, you need to understand it. However, it's also a great tool in our personal security. In this two-hour session I have the privilege of investigating the audience, presenting the findings, and sharing my expertise on how to protect yourself and your company.
Forget 0-days; let's talk threats and issues that really matter
Lecture style talk
Cyber Security Asia
Kuala Lumpur, Malaysia
4-5 September 2018
Humans are social beings, we have an intrinsic need to come together; whether to celebrate our achievements or support those in need. The Internet has been fundamental in helping societies connect, allowing our communities grow throughout the world, but this has come at a cost. In this talk, we will look at how we ensure cyber security is seen as a business imperative and not an unnecessary bolt-on, and how we can embed security by design into our business processes.
What is Oversharing on Social Media?
Campaign
Nationwide Building Society
United Kingdom
7 June 2018
Humans are social beings; we are collaborative and want to build out communities. This is natural. As we advance, technology has been created to enable us to build these bigger communities around the world. Unfortunately, not all of our 'Facebook friends' or 'LinkedIn connections' have our best interests at heart.
In order to understand this, Nationwide surveyed more than 1,000 British young people aged 16 - 25. As their spokesperson, I presented these statistics to over 306 million citizens.
Hacker Academy
Workshop
BSides London
London, United Kingdom
5 June 2018
This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.
In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training.
One Phish, Two Phish, Red Phish, Blue Phish
Lecture style talk
InfoShare
Gdańsk, Poland
23 May 2018
Society is changing. Consumers value their personal data and will actively avoid organisations that do not take cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data? In this talk Zoë Rose is going to talk about the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation.
It's all about the price tag, Baby!
Webinar
The Economics of Cyber Security by BrightTALK
25 April 2018
As an experienced Ethical Hacker I have worked on both the offensive and the defensive side of cyber security to help my clients become more resilient to cyber attack. I have designed and executed various simulated attacks, and incident response exercises based on feasible scenarios and from actual experiences in helping clients respond to data breaches. The one question, asked consistently throughout much of my career has been: “how much does it cost?”
We see in the media, organisations who’ve suffered a breach costing thousands, millions, even hundreds of millions – but where do these values come from?
Hear no evil, see no evil, code no evil();
Lecture style talk
NDC Security
Oslo, Norway
22-24 January 2018
Just as developers are getting to grips with effective DevSecOps as a means to minimise cyber security vulnerabilities, Zoë Rose covers the next big challenge facing the developer community; privacy.
Whilst overlapping, the concepts of security and privacy are distinctly different. As developers, we should be challenging ourselves to consider not just technical implications of our work, but also the why and how we can remain ethical in our goal to innovate. This talk is going to explore how we balance the exploitation of personal data vs. our shared responsibility to protect our right to privacy.
BBC Click LIVE
Live event
BBC Click LIVE
27 November 2017
Scott Helme and I highlight the importance of understanding the information we put online in our ever connected world. By investigating the audience via their social media accounts, 'psychic Joe' presents findings in a new, and a bit silly, way.
Offensive Security
Lecture style talk
SANS Awareness Summit
London, United Kingdom
6 December 2018
What happens when you take non-technical users and show them how to hack? Speaking from first-hand experience, absolutely wonderful things! This talk discusses our little Offensive Security experiment - training hackers, ethically.
Insecurity Podcast: Zoë Rose OpSec for Personal Security
Podcast
Cylance
6 November 2017
Originally a military term, OpSec has become an important part of business processes and even our personal safety online. Practicing OpSec is important to protecting intellectual property and employee's personal information. In this episode of the InSecurity Podcast, how Shaun Walsh is joined by special guest Zoë Rose who explains how to protect critical information and determine threats to your personal security, and how practicing OpSec when posting on social media and elsewhere online can help keep you and your family safe.
The Hacker Inside
Interactive talk
Shambala Festival
Northamptonshire, United Kingdom
26 August 2017
The media likes to portray “hackers” as these hoodied beings, that magically find a way into systems through advanced tactics often described as being indistinguishable from witchcraft. However, the majority of cases reveal that these “hackers” are simply normal but innovative people. Taking legitimate services and features and exploiting them because of, often, simple bugs in the code.
Mobility Challenges and Security
Interview
Cylance
13 July 2017
Zoë Rose focuses her attention on the people who are involved in day-to-day operations and how their mobility is a factor that must be considered in protecting networks. She also digs into the notion of teaching your entire organisation how to hack so they know how to avoid being compromised.
Secure Communications
Lecture style talk
BSides London
London, United Kingdom
7 June 2017
When users and clients ask for "secure comms" they often get excited about shinny new equipment that makes them feel like spies, forgetting the true reason for the request. Speaking from direct experience I will walk through how to build a supporting secure culture, usable secure systems, and maintaining participation that works for your life.
Secure Communications
Lecture style talk
ACSC 2017
Canberra, Australia
14-16 March 2017
When asked for "Secure Comms" my first question is always: Why? What data are you protecting, and whom are you protecting this from? Without addressing this first major question, any "Secure Comms" system you implement will surely fail - and fail they have! I walk through overlooked requirements, threat mapping lifecycles, and situations where we have failed grandly.
Make your mark in IT
Lecture style talk
Directions by Red River College
Winnipeg, Canada
3 February 2016
Starting your career in any field can be intimidating. You're expected to have a numbers of year's experience for entry level positions, but where do you actually start? Speaking from personal experience, I cover how I approached starting out; successes and the failures.
Network Configuration Management
Interactive talk
BSides Winnipeg
Winnipeg, Canada
19 November 2015
Any changes made can have a huge impact on your network, having visibility of these changes may not seem important until Monday morning when the whole office is offline. The goal is to give more visibility into large networks with automated tasks. Zoë has created a demo script for auditing logins, daily configuration changes, and snapshots.
Getting started in IT
Podcast
Cisco Champion Radio
15 July 2015
Today we will be talking about getting started in IT with Cisco Champions Rowell Dionicio and Justin Parisi. Our guest hosts this week are Networking Academy members Tim Harmon, and Nick Saylor. Along with Network Academy guests: Jason Lachowsky, Sergio Salas, Nathan Pan, Ben Shirer, and Zoë Rose.