SPEAKING ENGAGEMENTS ARCHIVE

Cyber Security is no longer the plaything of well trained researchers or skilled criminals: it is the lifeblood of our society. Cast aside the false assumption that security is solely for the corporations. It affects us all. Talking to your children, your parents, and your friends about protecting themselves online, could one day save them from becoming the victim of Ransomware, Cyber bullying, extortion, and more.

 

TALES FROM A PROFESSIONAL STALKER

23 - 24 November 2019 - BSides København, Copenhagen, Denmark

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness?

If you do, stop. Blaming the users is so 2018. Reviewing the last 10 years of my professional career, I will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating a safe, inclusive environment for them to learn.

THE FUTURE OF SECURITY

18 - 22 November 2019 - GOTO Copenhagen, Copenhagen, Denmark

Ever wonder why technology seems to be more fail by design than security and privacy based? Also, how is it we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments.

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security.

ONE PHISH TWO PHISH RED PHISH BLUE PHISH

13 November 2019 - DevCon, Bucharest, Romania

Society is changing, consumers are learning the value of their personal data, and will actively avoid organisations that do not treat their information accordingly. Words alone, are simply not enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data? We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. Its high performing teams with a diverse set of talents.

In this talk Zoë Rose covers the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation. Along with the fabulous foundations of a strong security programme. 

HUMANS: RUINING THINGS SINCE FOREVER

3 - 8 November 2019 - Agile Testing Days, Potsdam, Germany

In the last 10+ years of experience in industry, I have realised the number one problem is simply humans. We create solutions without considering by design and by default of privacy and security; we often forget the malicious user and the not-so-malicious, but ever-present, human error.

Whilst overlapping, the concepts of security and privacy are distinctly different. How do you design resilience for lasting solutions that works in a variety of environments that encourages use, growth and adoption.

This talk explores the human response to environments and solutions, the value of diverse teams, and understanding the by design and by default controls between privacy and security.

OFFENSIVE SECURITY

29 October 2019 - Private Event, United States of America

Hackers: the who, what, where, when, and why of offensive security.

ONE PHISH, TWO PHISH, RED PHISH, BLUE PHISH

23 - 25 October 2019 - GOTO Berlin, Berlin, Germany

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.

We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. Its high performing teams with a diverse set of talents.

In this talk Zoë Rose is going to talk about the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation.

TALES FROM A PROFESSIONAL STALKER

17 October 2019 - DSS ITSEC, Riga, Latvia

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018. 

Taking a deep dive into the last 10 years of my professional career, we will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating safe, inclusive environment for them to learn. 

Completion of this talk will include homework - so come prepared! 

MISMATCHED SOCS

9 - 10 October 2019 - Digital Transformation Expo, London, United Kingdom

Maintaining an in-house SOC can be challenging and expensive, so organisations rightly reach out to third-parties to provide this service - however, the responsibilities don’t stop there. This talk covers the wins and losses I’ve seen regarding third-party SOCs, how organisations can properly manage this, and ways to make sure you’ve found the right match.

THROUGH THE EYES OF A HACKER

23-24 September 2019 - PrivSec Dublin, Dublin, Ireland

Hackers, the ever mischievous, malicious beings, that seem to be able to simply look at something and break it. Who are they, how do they become to be, should I be worried? 

Hi, my name is Zoë, and I'm pretty well known as an Ethical Hacker. However, equally as common, no one understands what that actually means. This talk is designed to open your eyes to the world of cyber security through my eyes, what it means to 'be secure' and how you as an individual can make a difference in your personal and professional lives. 

Take notes, I have homework for you! 

OVERCOMING THE FEAR OF THE PHISH

12 September 2019 - CBI Conferences, London, United Kingdom

What makes Phishing so resilient to security controls and awareness training? This talk we will identify, understand, and learn to use the methodology of Phishing and social engineering for our benefit. 

Take aways from this talk include homework! Come prepared. 

JOURNEY INTO SECURITY

14 May 2019 - Uxbridge College Hayes campus, Hayes United Kingdom

How do you get from Student to professional, what variety of roles exist out there, and how do my skills outside of tech relate to my potential roles?

HACKER RAINBOW

9 May 2019 - UCISA IG - Cyber Security Survival Guide, Birmingham, United Kingdom

[Keynote] red, blue, and purple too - what do these colours mean when it comes to embedding security in our systems? This keynote was created to demystify and excite the audience in security by design. Covering both simplified, starter pack like exercises, to full hands on validation - we talked through penetration testing, red teaming, table top, and more.

DISCOVERING SECURITY

3 April 2019 - Aruba H.E.R. @ Atmostphere, Las Vegas, U.S.A.

Join me in my personal discovery of security, challenges, joys, and failures along the way [currently linked to the page, until video is live].

DEMYSTIFYING CYBER SECURITY

17 February 2019 - Young Coders Meetup, London, United Kingdom

Holistic walk through of what Cyber Security is and means to us in our personal and professional lives. Looking through different career options, and my personal journey into security, the young coders learned to investigate their curiosities, failure can be beneficial, and working towards their dream career.

HOW TO WIN USERS AND INFLUENCE BOARDS: TALES FROM A PROFESSIONAL STALKER

25 January 2019 - BSides Leeds, Leeds, United Kingdom

Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stop. Simply blaming the users is so 2018.

This year, let us create security programmes that no only sound cool, but actually work for the humans they are supposed to be training. Let’s influence our clients, teams, friends and family, to take back control of their life in this day of constant connectivity.


To do this, I will be discussing what I have learned in the last 10 years of my career, research done on how our brains learn, and why we do what we do. At the end of the day, being a cyber security rock star is not bullying into submission, it is building a safe place to learn and understand security.

EMPOWERMENT WITH TAILS

13 December 2018 - Ignite Gestalt IT, San Jose, CA, U.S.A.

How to become a privacy advocate, and empower others to take back control.

PART TWO: ETHICAL HACKER'S GUIDE TO SECURITY

28 - 29 November 2018 - SCxSC 2018, Kuala Lumpur, Malaysia

Taking a deeper look into these malicious actors threatening our environments, jobs, our very lives. We will talk through common organisational pitfalls, realise how our world got to this place. Finishingoff where how to take actual steps to a more secure and safer world.

PART ONE: THROUGH THE EYES OF A HACKER

28 - 29 November 2018 - SCxSC 2018, Kuala Lumpur, Malaysia

[Keynote] Who are these hackers the media keeps referring to? How do they think, operate, and most importantly, should I be worried? 

ACHIEVING 7 SECONDS

19 - 22 November 2018 - ØreDev, Malmö, Sweden

This talk is focused on understanding the malicious user and the not-so-malicious, but ever-present, human error. We will review how to embed stress testing throughout the development life cycle, and more importantly how to know if you have an effective tester. We will talk about common issues found in my experience, along with different approaches you can take to change the behaviours of your development team. Security and privacy by design are not simply done, it takes motivation across the organisation, and knowledge on where to start. My hope is that following this talk, you will not only be able to identify where to start but also how to continue to grow in your secure development lifecycle.
add Add to schedule

PRACTICE SAFE NETWORKING

19 - 22 November 2018 - ØreDev, Malmö, Sweden

Have you ever found yourself lost in a server room, or more often a closet, no idea where to start and confused if you are ever going to find the right port? Have you logged into the gateway router, when you're pretty sure you were supposed to be on a switch, and all of the sudden everything stops working, but you are 99% confident you didn't actually do anything? Then this talk is for you! We will discuss the foundations of network architecture. We'll cover what people mean when they say flat network, and why that's harder to diagnose when there are issues. We will walk through two example networks, home and SME, talking about how you can embed security and privacy by design.

WHAT IS SAFE? BABY, DON'T HACK ME, DON'T HACK ME, NO MORE!

13 November 2018 - Cyber Security Leadership Summit Europe, Berlin, Germany

How many times have you heard 'we need a penetration test' and thought to yourself, what actually _is_ a penetration test?!

This talk is aimed at starting to clarify different forms of validation, and how to effectively approach implementation at your organisation. 


THE GOOD, THE BAD, THE ETHICAL HACKER

15 November 2018 - Cyber Security Summit & Expo, London, United Kingdom

This talk looks at what is an ethical hack, how do you choose if that is the most effective validation test for your situation, and how to find the right person(s) to hire.

IF YOU LIKED IT, YOU SHOULD HAVE PUT SECURITY ON IT

24 October 2018 - OWASP London, London, United Kingdom

We no longer live in a world where ignorance on security is even remotely okay, you can't breach a data protection act with the defence that 'oops we didn't realise'. Not only will you owe major fines, but your representational damage will be extravagant. Why is it then, in the media seemingly every day, an insane breach is reported? The reality is, we live in a world of fail by design more than security or privacy by design. The challenge is: * Security is confusing, it is this confusion that leads to negativity and enables a shift to being a taboo topic. * We need things to 'just work' across all situations, environments, and work consistently with a quick to market and competitive price. How did we get here? Well, let's face it, we created a no win market, that organisations can't possibly compete with. There is hope, as the world changes it's approach, which we are doing slowly, we can become a safer and more secure world. In this talk, we will be looking at how to make that first step in our personal and professional lives. Including the steps we can take to change the market to value us and our personal data.

THE PERSON SHE NEEDED

11 - 12 October 2018 - Operation Safe Escape by OSPA, Washington DC, USA

Empowering survivors to take back control of their lives through operational security online, building and maintaining a secure communications system with family and shelters. Along with safe steps you can take right from the start, to build awareness of your environment.

IF YOU LIKED IT, YOU SHOULD HAVE PUT SECURITY ON IT

3 - 4 October 2018 - IP Expo Europe, London, United Kingdom

Organisations know that cyber security is a huge concern, each year they budget for and insure against cyber incidents. However, if you follow any news, we know this fails consistently. Cyber security is confusing, and that confusion often brings negativity, shame, and embarrassment; leading to a lack of effective communication. In this talk, we will identify how to effectively approach a holistic security programme, through awareness, culture, and understanding on how to approach Security by Design.

THE FUTURE OF SECURITY

27 September 2018 - WiBF, London, United Kingdom

Ever wonder why technology seems to be more fail by design than security and privacy based? Also, how is it we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments.

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security. 

HACKERS: MALEVOLENT OR MARVELLOUS?

26 September 2018 - Private Event, Seville, Spain

Open-Source Intelligence is a major piece to the hacker puzzle - to target someone or something, you need to understand it. However, it's also a great tool in our personal security. In this two-hour session I have the privilege of investigating the audience, presenting the findings, and sharing my expertise on how to protect yourself and your company.

FORGET 0-DAYS; LET'S TALK THREATS AND ISSUES THAT REALLY MATTER.

4 - 5 September 2018 - Cyber Security Asia, Kuala Lumpur, Malaysia

Humans are social beings, we have an intrinsic need to come together, whether to celebrate our  achievements or support those in need. The Internet has been fundamental in helping societies connect and our communities grow throughout the world, but this hasn’t come without a cost. 

In this talk, we will look at how we ensure cyber security is seen as a business imperative and not an unnecessary bolt-on, and how we can embed security by design into our business processes.  

LIFE SKILLS OF AN ETHICAL HACKER

5 July 2018  - Cyber Security Summit, Colombo, Sri Lanka

KEYNOTE Speaking to the next generation of cyber security I will be demystifying hackers, the role of hackers in our society, and discussing the life skills of an ethical hacker.

SECURING THE UNSECURABLE

14 June 2018 - RESET 2018, London, England

Panel with Amber Baldet, Stephanie Edwards, Ade Adewunmi, and me - discussing security in the world of Big Data, AI, Blockchain, and IoT.

HACKER ACADEMY

5 June 2018 - BSides London

This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.  

In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training.

IT'S ALL ABOUT THE PRICE TAG, BABY!

25 April 2018 - The Economics of Cyber Security by BrightTALK

As an experienced Ethical Hacker I have worked on both the offensive and the defensive side of cybersecurity to help my clients become more resilient to cyber attack. I have designed and executed various simulated attacks, and incident response exercises based on feasible scenarios and from actual experiences in helping clients respond to data breaches. The one question, asked consistently throughout much of my career has been: “how much does it cost?”

We see in the media, organisations who’ve suffered a breach costing thousands, millions, even hundreds of millions – but where do these values come from? 

In this session, I will walk you through the true cost of a data breach, including the hidden costs which you may not realise until an incident occurs.

ONE PHISH TWO PHISH RED PHISH BLUE PHISH

23 May 2018 - InfoShare, Gdańsk, Poland

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.


We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It’s high performing teams with a diverse set of talents.


In this talk Zoë Rose is going to talk about the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation.

THE KYLE FILES

2 April 2018 - ITV

Scott Helme, Matt Hulll, and I investigate the audience. Revealing how much information they may have unwittingly revealed.

HEAR NO EVIL, SEE NO EVIL, CODE NO EVIL();

22 - 24 January 2018 - NDC Security, Oslo, Norway

Just as developers are getting to grips with effective DevSecOps as a means to minimise cyber security vulnerabilities, Zoë Rose covers the next big challenge facing the developer community; privacy.

Whilst overlapping, the concepts of security and privacy are distinctly different. As developers, we should be challenging ourselves to consider not just technical implications of our work, but also the why and how we can remain ethical in our goal to innovate. 

This talk is going to explore how we balance the exploitation of personal data vs. our shared responsibility to protect our right to privacy.

BBC CLICK LIVE

2018

Scott Helme and I highlight the importance of understanding the information we put online in our ever connected world. By investigating the audience via their social media accounts, 'psychic Joe' presents findings in a new, and a bit silly, way.

OFFENSIVE SECURITY

6 December 2017 - SANS Awareness Summit, London, United Kingdom

What happens when you take non-technical users and show them how to hack? Speaking from first hand experience, absolutely wonderful things! Join David and I while we walk you through our little Offensive Security experiment - training hackers, ethically.

THE TIMES TECH SUMMIT

15 November 2017 - London, United Kingdom

Panel on Security and Trust – How do we get a safe internet for business?

THE HACKER INSIDE

26 August 2017 - Shambala Festival, Northamptonshire, United Kingdom

The media likes to portray “hackers” as these hoodied beings, that magically find a way into systems through advanced tactics often described as being indistinguishable from witchcraft. However, the majority of cases reveal that these “hackers” are simply normal but innovative people. Taking legitimate services and features and exploiting them because of, often, simple bugs in the code. Zoë and David walk through a simple demo and basic steps that can be taken to cover personal security.

MOBILITY CHALLENGES AND SECURITY

Cylance

Zoë Rose (@5683Monkey) focuses her attention on the people who are involved in day-to-day operations and how their mobility is a factor that must be considered in protecting networks. She also digs into the notion of teaching your entire organisation how to hack so they know how to avoid being compromised.

SECURE COMMUNICATIONS

BSides London - London, England

When users and clients ask for "secure comms" they often get excited about shinny new equipment that makes them feel like spies, forgetting the true reason for the request. Speaking from direct experience we will walk through how to build a supporting secure culture, usable secure systems, and maintaining participation that works for your life.

SECURE COMMUNICATIONS

ACSC 2017 - Canberra, Australia

When asked for "Secure Comms" my first question is always: Why? What data are you protecting, and whom are you protecting this from? Without addressing this first major question, any "Secure Comms" system you implement will surely fail - and fail they have! I walk through overlooked requirements, threat mapping lifecycles, and situations where we have failed grandly.

MAKE YOUR MARK IN IT

Directions Red River College - Winnipeg, Canada

Starting your career in any field can be intimidating. You're expected to have a numbers of years experience for entry level positions, but where do you actually start? Speaking from personal experience, I cover I approached starting out, the success and the failures.

NETWORK CONFIGURATION MANAGEMENT

BSides Wpg - Winnipeg, Canada

Any changes made can have a huge impact on your network, having visibility of these changes may not seem important until Monday morning when the whole office is offline. The goal is to give more visibility into large networks with automated tasks. Zoë has created a demo script for auditing logins, daily configuration changes, and snapshots.

 

ZOË ROSE

©2019 by Zoë Rose.