SPEAKING ENGAGEMENTS ARCHIVE

Cyber Security is no longer the plaything of well trained researchers or skilled criminals: it is the lifeblood of our society. Cast aside the false assumption that security is solely for the corporations. It affects us all. Talking to your children, your parents, and your friends about protecting themselves online, could one day save them from becoming the victim of Ransomware, Cyber bullying, extortion, and more.

KEYNOTE

KEYNOTE

KEYNOTE

KEYNOTE

KEYNOTE

WORKSHOP

The Evolving Security Landscape: Trends to Expect in 2021 and Beyond

Panel

PrivSec Global 

30 November 2020

What is the current state of cybercrime and what are common times of incidents being reported? We explore the true extent and cost of security breaches, developments in the attacker ecosystem and how businesses can protect and defend against these. Our panelists will also look to future trends, outlining what new risks businesses should expect in 2021 and beyond. 

Hear no Evil, See no Evil, Code no Evil();

Lightning Talk 

Fusion Hub

26 November 2020

"You are given temporary access to someone's intimate life details, your job, is to protect it." In this lighting talk we cover the reality of a developer's role in society, the importance of embedding security and privacy controls from the conception of the idea, and throughout the life cycle. Along with enforcing by default, to protect your consumers. 

Speak Easy: interview with Zoë Rose

Podcast

The Beer Farmers

25 November 2020

Chat between Sean Wright, Mike Thompson, Scott McGready, Ian Thornton-Trump, and Zoë Rose - discussing the cyber security industry, trends, BeerCon2, what the future holds, and the critical importance of understanding motivations.

Mitigating the Security Risks and Challenges of Office 365

Lightning Talk 

InfoSecurity 

30 July 2020

Office 365 suites is no fully integrated with many businesses - large and small - and used to store and share massive amounts of important and potentially sensitive corporate data. Therefore, the security risks of implementing such services must be at the forefront of organisation's minds. 

In this Webinar, a panel of experts will discuss the security risks surrounding the use of Office 365 and outline best practice suggestions for ensuring data remains safe whilst using complex cloud-based services. 

Learning from the Honda Ransomware Attack (Restore it all podcast #54)

Podcast

BackupCentral

29 June 2020

Speaking with W. Curtis Preston (@wcpreston), we discuss lessons learnt from the ransomware attack on Honda, and "common sense" things organisations can do to protect data.  

Hat to Hat Debate

Debate

IsolationCon

19 April 2020

The Many Hats Club presents a full day of talks live streamed from a variety of perspectives in order to raise funds for Médecins Sans Frontières UK and Médecins Sans Frontières. Joining Lisa Forte, Ian Murphy, Kevin Fielder, and Scott McGready 

Episode 156 - Stalking solutions with Zoë Rose

Podcast

The Privacy, Security, & OSINT Show 

Michael Bazzell 

7 February 2020

This week Zoë Rose joins me to discuss solutions for stalking victims, an update on the census show last week, the latest privacy news, and  and OSINT tip for obtaining archived interior images of homes. 

24-Hour Fundraiser

Lightning Talk

BeerCon1

7 December 2019

In collaboration with The Beer FarmersThe Many Hats Club, hosting a 24-hour virtual conference in order to raise money for two charities our community holds close to its heart; the Electronic Frontier Foundation (EFF) as well as Mental Health Hackers

Tales from a Professional Stalker

Lecture style talk

BSides København

Copenhagen, Demark

23 - 24 November  2019

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness?

If you do, stop. Blaming the users is so 2018. Reviewing the last 10 years of my professional career, I will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating a safe, inclusive environment for them to learn.

The Future of Security 

Lecture style talk 

GOTO; Copenhagen

Copenhagen, Denmark

18 - 22 November 2019

Ever wonder why technology seems to be more fail by design than security and privacy based? Also, how is it we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments.

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security.

One Phish, Two Phish, Red Phish, Blue Phish

Lecture style talk

DevCon

Bucharest, Romania

13 November 2019

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.

We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills. 

Voices from InfoSec with Zoë Rose 

Podcast

Breaking Badness

6 November 2019

Welcome to a special edition of Breaking Badness. In this bonus episode, you’ll hear from cyber security specialist and ethical hacker, Zoë Rose. Co-hosts Tarik Saleh and I sat down with Zoë (and her ferrets) to discuss her life as a cyber security consultant, experience in the industry, and advice for fellow practitioners.

Humans: Ruining Things Since Forever

Keynote

Agile Testing Days

Potsdam, Germany 

3-4 November 2019

In the last 10+ years of experience in industry, I have realised the number one problem is simply humans. We create solutions without considering by design and by default of privacy and security; we often forget the malicious user and the not-so-malicious, but ever-present, human error.

Whilst overlapping, the concepts of security and privacy are distinctly different. How do you design resilience for lasting solutions that works in a variety of environments that encourages use, growth and adoption? This talk explores the human response to environments and solutions, the value of diverse teams, and understanding the by design and by default controls between privacy and security

Offensive Security 

Interactive talk 

Private Event 

United States of America

29 October 2019

Hackers: the who, what, where, when, and why of offensive security. Along with what financial institutions can do to embed resilience within their organisation. 

One Phish, Two Phish, Red Phish, Blue Phish

Lecture style talk

GOTO; Berlin 

Berlin, Germany 

23-25 October 2019

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.

We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills

Tales from a Professional Stalker

Lecture style talk 

DSS ITSEC

Riga, Latvia 

17 October 2019

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018. 

Taking a deep dive into the last 10 years of my professional career, we will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating safe, inclusive environment for them to learn. 

Mismatched SOCs

Lecture style talk 

Digital Transformation Expo

London, United Kingdom 

9-10 October 2019

Maintaining an in-house SOC can be challenging and expensive, so organisations rightly reach out to third-parties to provide this service - however, the responsibilities don’t stop there. This talk covers the wins and losses I’ve seen regarding third-party SOCs, how organisations can properly manage this, and ways to make sure you’ve found the right match.

Through the Eyes of a Hacker

Lecture style talk 

PrivSec Dublin 

Dublin, Ireland

23-24 September 2019

Hackers, the ever mischievous, malicious beings, that seem to be able to simply look at something and break it. Who are they, how do they become to be, should I be worried? This talk is designed to open your eyes to the world of cyber security through my eyes, what it means to 'be secure' and how you as an individual can make a difference in your personal and professional lives. 

Overcome the Fear of the Phish

Lecture style talk 

CBI Conferences 

London, United Kingdom 

12 September 2019

What makes Phishing so resilient to security controls and awareness training? This talk we will identify, understand, and learn to use the methodology of Phishing and social engineering for our benefit. 

Zoë Rose and Paul Holland: Mentoring at BSides London to Protect Data and the Future

Podcast

Cylance

5 August 2019

Paying it forward: Zoë Rose and Paul Holland are putting in the work to help educate peers and colleagues on hacking and protecting data integrity. 

A Day in the Life of an Ethical Hacker

Vlog

Tripwire

5 August 2019

Ever wonder what it's like to be an Ethical Hacker? Zoë Rose walks us through a typical day in her life as an ethical hacker / cyber security consultant at Baringa Partners. 

What is Vulnerability Management, and Why Does it Matter? 

Vlog

Tripwire

5 August 2019

Vulnerabilities are everywhere - and they're not going anywhere soon. Zoë Rose, cyber security consultant at Baringa Partners, tells us why effective vulnerability management should be a vital part of your overall security posture. 

The Biggest Cyber Threat isn't a Zero-Day

Vlog

Tripwire

5 August 2019

The biggest cyber threat is not the latest zero-day or fast-spreading malware. Cyber security consultant Zoë Rose explains what affects our industry the most and what security professionals can do about it now. 

Datanauts 167: Patch Now or Later? The Delicate Art of Vulnerability Management 

Podcast

Datanauts

1 July 20

19

Somewhere in your network, there's at least one exploitable vulnerability. Maybe it's a really bad one. Maybe it's not that bad. Do you know? 

Journey into Security 

Interactive talk 

Uxbridge College Hayes Campus

Hayes, United Kingdom 

14 May 2019

How do you get from Student to professional, what variety of roles exist out there, and how do my skills outside of tech relate to my potential roles?

Hacker Rainbow

Keynote

UCISA IG - Cyber Security Survival Guide

Birmingham, United Kingdom

9 May 2019

Red, blue, and purple too - what do these colours mean when it comes to embedding security in our systems? This keynote was created to demystify and excite the audience in security by design. Covering both simplified, starter pack like exercises, to full hands on validation - we talked through penetration testing, red teaming, tabletop, and more.

Seminar round-up: Cyber Security and the Internet in investment arbitration 

Panel

Hogan Lovells

London, United Kingdom

11 April 2019

On 11 April 2019 the Hogan Lovells International Arbitration team hosted a seminar on cyber security and the Internet in International Investment Arbitration. It was a throughly interesting and informative session. Our twin panels of preeminent lawyers and industry experts delivered an insightful discussion, followed by a lively Q&A session. 

Discovering Security 

Keynote

Aruba H.E.R. at Atmosphere

Las Vegas, United States

3 April 2019

Looking at a autopsy view of my career, alignment with general life, failures, and lessons learnt along the way.

Mobility Field DayExclusive at Aruba Atmosphere 2019 - OpenConfig

Panel

Tech Field Day at Atmosphere

Las Vegas, United States

3 April 2019

Listen to the panel of Mobile Field Day Extra (#MFDx) at Aruba Atmosphere 2019 (#ATM19). 

Mobility Field DayExclusive at Aruba Atmosphere 2019 - Cloud and Security

Panel

Tech Field Day at Atmosphere

Las Vegas, United States

3 April 2019

Listen to the panel of Mobile Field Day Extra (#MFDx) at Aruba Atmosphere 2019 (#ATM19). 

Demystifying Cyber Security 

Interactive talk 

Young Coders Meetup 

London, United Kingdom 

17 February 2019

Holistic walk through of what Cyber Security is and means to us in our personal and professional lives. Looking through different career options, and my personal journey into security, the young coders learned to investigate their curiosities, failure can be beneficial, and working towards their dream career.

How to Win Users and Influence the Board

Keynote

BSides Leeds 

Leeds, United Kingdom 

25 January 2019

Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stop. Simply blaming the users is so 2018.

This year, let us create security programmes that no only sound cool, but actually work for the humans they are supposed to be training. 

Empowerment with TAILS

Lighting talk 

Ignite Gestalt IT 

San Jose, United States of America 

13 December 2018 

Lighting talk: how to become a privacy advocate and empower others to take back control.

Cyber Security must be a key part of Bank's risk management strategy

Podcast

Islamic Finance News

4 December 2018

Considering that most cyber attacks are financially motivated, banks are choice targets for malicious actors. Hence, implementing a holistic cyber security strategy must be a key part of their risk management strategy. Marc Roussot explores. 

Part Two: Ethical Hacker's Guide to Security 

Workshop

SCxSC

Kuala Lumpur, Malaysia 

28-29 November 2018

Taking a deeper look into these malicious actors threatening our environments, jobs, our very lives. We will talk through common organisational pitfalls, realise how our world got to this place. Finishing off where how to take actual steps to a more secure and safer world.

Part One: Through the Eyes of a Hacker

Keynote

SCxSC

Kuala Lumpur, Malaysia 

28-29 November 2018

Who are these "hackers" the media keeps referring too? How do they think, operate, and most importantly, should I be worried? 

Achieving 7 Seconds

Lecture style talk 

ØreDev

Malmö, Sweden

19-22 November 2018

This talk is focused on understanding the malicious user and the not-so-malicious, but ever-present, human error. We will review how to embed stress testing throughout the development life cycle, and more importantly how to know if you have an effective tester. We will talk about common issues found in my experience, along with different approaches you can take to change the behaviours of your development team. 

Practice Safe Networking

Lecture style talk 

ØreDev

Malmö, Sweden

19-22 November 2018

Have you ever found yourself lost in a server room, or more often a closet, no idea where to start and confused if you are ever going to find the right port? Have you logged into the gateway router, when you're pretty sure you were supposed to be on a switch, and all of the sudden everything stops working, but you are 99% confident you didn't actually do anything? Then this talk is for you! 

What is Safe? Baby, don't hack me, don't hack me, no more! 

Lecture style talk 

Cyber Security Leadership Summit Europe

Berlin, Germany 

13 November 2018

How many times have you heard 'we need a penetration test' and thought to yourself, what actually is a penetration test?! This talk is aimed at clarifying different forms of validation, and how to effectively approach implementation at your organisation.

The Good, The Bad, The Ethical Hacker

Lecture style talk 

Cyber Security Summit & Expo

London, United Kingdom 

15 November 2018

This talk looks at what is an ethical hack, how do you choose if that is the most effective validation test for your situation, and how to find the right person(s) to hire.

If you liked it, you should have put security on it

Lecture style talk 

OWASP 

London, United Kingdom

24 October 2018

We no longer live in a world where ignorance on security is even remotely ok, you can't breach a data protection act with the defence that 'oops we didn't realise'. Not only will you owe major fines, but your representational damage will be extravagant. Why is it then, in the media seemingly every day, an insane breach is reported? The reality is, more often it's fail by design than security by design. 

The Person She Needed 

Lecture style talk 

Operation Safe Escape by OSPA

Washington DC, United States 

11-12 October 2018

Empowering survivors to take back control of their lives through operational security online, building and maintaining a secure communications system with family and shelters. Along with safe steps you can take right from the start, to build awareness of your environment.

If you liked it, you should have put security on it

Lecture style talk 

IP Expo Europe

London, United Kingdom 

3-4 October 2018

Organisations know that cyber security is a huge concern, each year they budget for and insure against cyber incidents. However, if you follow any news, we know this fails consistently. Cyber security is confusing, and that confusion often brings negativity, shame, and embarrassment; leading to a lack of effective communication. In this talk, we will identify how to effectively approach a holistic security programme, through awareness, culture, and understanding on how to approach Security by Design.

The Future of Security 

Keynote

Women in Banking and Finance 

London, United Kingdom 

27 September 2018

Ever wonder why technology seems to be more fail by design than security by design? How is it, we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments?

 

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security in mind, and how we can be a part of the shift to embedding security

Hackers: Malevolent or Marvellous? 

Interactive talk 

Private Event 

Seville, Spain

26 September 2018

Open-Source Intelligence is a major piece to the hacker puzzle - to target someone or something, you need to understand it. However, it's also a great tool in our personal security. In this two-hour session I have the privilege of investigating the audience, presenting the findings, and sharing my expertise on how to protect yourself and your company.

Forget 0-days; let's talk threats and issues that really matter 

Lecture style talk 

Cyber Security Asia 

Kuala Lumpur, Malaysia 

4-5 September 2018

Humans are social beings, we have an intrinsic need to come together; whether to celebrate our  achievements or support those in need. The Internet has been fundamental in helping societies connect, allowing our communities grow throughout the world, but this has come at a cost. In this talk, we will look at how we ensure cyber security is seen as a business imperative and not an unnecessary bolt-on, and how we can embed security by design into our business processes.  

Life Skills of an Ethical Hacker 

Keynote

Cyber Security Summit

Colombo, Sri Lanka

5 July 2018 

Speaking to the next generation of cyber security I will be demystifying the broad term "hackers", the role of ethical hackers in our society, and discussing the life skills of an ethical hacker.

Conversations with Zoë Rose

Vlog

Predica

Gdańsk, Poland

17 June 2018

The conversation with Zoë Rose, cyber security consultant and Ethical Hacker at InfoShare 2018.

Securing the Unsecurable

Panel

RESET 2018 

London, United Kingdom 

14 June 2018

Panel with Amber Baldet, Stephanie Edwards, Ade Adewunmi, and me - discussing security in the world of Big Data, AI, Blockchain, and IoT.

What is Oversharing on Social Media? 

Campaign

Nationwide Building Society

United Kingdom 

7 June 2018

Humans are social beings; we are collaborative and want to build out communities. This is natural. As we advance, technology has been created to enable us to build these bigger communities around the world. Unfortunately, not all of our 'Facebook friends' or 'LinkedIn connections' have our best interests at heart.

 

In order to understand this, Nationwide surveyed more than 1,000 British young people aged 16 - 25. As their spokesperson, I presented these statistics to over 306 million citizens. 

Hacker Academy 

Workshop

BSides London 

London, United Kingdom 

5 June 2018

This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.  

 

In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training.

One Phish, Two Phish, Red Phish, Blue Phish

Lecture style talk 

InfoShare 

Gdańsk, Poland

23 May 2018

Society is changing. Consumers value their personal data and will actively avoid organisations that do not take cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data? In this talk Zoë Rose is going to talk about the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation.

It's all about the price tag, Baby! 

Webinar

The Economics of Cyber Security by BrightTALK

25 April 2018

As an experienced Ethical Hacker I have worked on both the offensive and the defensive side of cyber security to help my clients become more resilient to cyber attack. I have designed and executed various simulated attacks, and incident response exercises based on feasible scenarios and from actual experiences in helping clients respond to data breaches. The one question, asked consistently throughout much of my career has been: “how much does it cost?”

We see in the media, organisations who’ve suffered a breach costing thousands, millions, even hundreds of millions – but where do these values come from? 

The Kyle Files

Television episode

ITV 

2 April 2018

Season 4 episode 5, Scott Helme, Matt Hull, and I investigate the audience – revealing how much information they may have unwittingly revealed.

Hear no evil, see no evil, code no evil();

Lecture style talk 

NDC Security 

Oslo, Norway 

22-24 January 2018

Just as developers are getting to grips with effective DevSecOps as a means to minimise cyber security vulnerabilities, Zoë Rose covers the next big challenge facing the developer community; privacy.

Whilst overlapping, the concepts of security and privacy are distinctly different. As developers, we should be challenging ourselves to consider not just technical implications of our work, but also the why and how we can remain ethical in our goal to innovate. This talk is going to explore how we balance the exploitation of personal data vs. our shared responsibility to protect our right to privacy.

BBC Click LIVE 

Live event 

BBC Click LIVE 

27 November 2017

Scott Helme and I highlight the importance of understanding the information we put online in our ever connected world. By investigating the audience via their social media accounts, 'psychic Joe' presents findings in a new, and a bit silly, way. 

Offensive Security 

Lecture style talk 

SANS Awareness Summit

London, United Kingdom

6 December 2018

What happens when you take non-technical users and show them how to hack? Speaking from first-hand experience, absolutely wonderful things! This talk discusses our little Offensive Security experiment - training hackers, ethically.

The Times Tech Summit

Panel

The Times Tech Summit

London, United Kingdom

15 November 2017

Panel on Security and Trust – How do we get a safe internet for business? 

Insecurity Podcast: Zoë Rose OpSec for Personal Security 

Podcast

Cylance 

6 November 2017

Originally a military term, OpSec has become an important part of business processes and even our personal safety online. Practicing OpSec is important to protecting intellectual property and employee's personal information. In this episode of the InSecurity Podcast, how Shaun Walsh is joined by special guest Zoë Rose who explains how to protect critical information and determine threats to your personal security, and how practicing OpSec when posting on social media and elsewhere online can help keep you and your family safe.

The Hacker Inside

Interactive talk 

Shambala Festival

Northamptonshire, United Kingdom

26 August 2017

The media likes to portray “hackers” as these hoodied beings, that magically find a way into systems through advanced tactics often described as being indistinguishable from witchcraft. However, the majority of cases reveal that these “hackers” are simply normal but innovative people. Taking legitimate services and features and exploiting them because of, often, simple bugs in the code. 

Mobility Challenges and Security

Interview 

Cylance 

13 July 2017

Zoë Rose focuses her attention on the people who are involved in day-to-day operations and how their mobility is a factor that must be considered in protecting networks. She also digs into the notion of teaching your entire organisation how to hack so they know how to avoid being compromised.

Secure Communications

Lecture style talk 

BSides London

London, United Kingdom

7 June 2017

When users and clients ask for "secure comms" they often get excited about shinny new equipment that makes them feel like spies, forgetting the true reason for the request. Speaking from direct experience I will walk through how to build a supporting secure culture, usable secure systems, and maintaining participation that works for your life.

Secure Communications

Lecture style talk 

ACSC 2017

Canberra, Australia

14-16 March 2017

When asked for "Secure Comms" my first question is always: Why? What data are you protecting, and whom are you protecting this from? Without addressing this first major question, any "Secure Comms" system you implement will surely fail - and fail they have! I walk through overlooked requirements, threat mapping lifecycles, and situations where we have failed grandly.

Make your mark in IT 

Lecture style talk 

Directions by Red River College 

Winnipeg, Canada

3 February 2016

Starting your career in any field can be intimidating. You're expected to have a numbers of year's experience for entry level positions, but where do you actually start? Speaking from personal experience, I cover how I approached starting out; successes and the failures.

Network Configuration Management

Interactive talk 

BSides Winnipeg

Winnipeg, Canada

19 November 2015

Any changes made can have a huge impact on your network, having visibility of these changes may not seem important until Monday morning when the whole office is offline. The goal is to give more visibility into large networks with automated tasks. Zoë has created a demo script for auditing logins, daily configuration changes, and snapshots.

©2020 by Zoë Rose