Saturday:
21:00 Welcomingg words from Disarray organization and right after that: KEYNOTE – Dr.Sc.Tech Antti Hakkala
Antti is an University Teacher in Communication Systems and Cyber Security at Department of Computing, University of Turku, Finland. He received his doctoral degree [D.Sc.(Tech.)] in Communication Systems in 2017 from the University of Turku. Antti has over 10 years’ experience in teaching engineering students on cyber security and communication systems engineering, and has supervised over 100 Bachelor’s and Master’s theses.
Sunday
- 10:00 – Silvan Gebhardt, OpenFactory Nordic Oy
- TBA
- 10:45 – Satu Korhonen, Solita – PO of empowering people to succeed with AI
- Hacking generative AI
- Generative AI is built on foundation models like f.ex. ChatGPT from OpenAI or Claude from Anthropic. These foundation models are trained utilising large parts of the internet and predict the next word based on the context given to them. These two things cause hallucinations and other fascinating phenomena that can help hack the models and circumvent their safeguards.This talk explores some of these.
- Satu is a Product Owner of AI empowerment, enabling people to succeed with AI. She has a background as a teacher with PhD in Education, MEng in Artificial Intelligence and has worked as a machine learning engineer combining data scientists and business people in creating secure, safe and robust machine learning solutions that bring long-term business value. She thrives with complicated problems with a plethora of necessary viewpoints to create AI solutions that are safe and secure for everyone.
- Hacking generative AI
- 11:30 – Ilmari Luoma, Leading Security Expert @ CGI Cybersecurity Center
- Weathering the Storm: Surviving an Extinction Event
- Two personal accounts of APT cases compiled into one story. The talk will walk you through the most difficult (and stressful) incident response cases of my career (at least so far) and provide insights how my mindset changed after dealing with two full-blown ICT-environment compromises, one of which was a ~400 000 employee global company.
- Ilmari has been doing security for 18 years and for the last 8 years he has been focusing on cyber. Ilmari is currently the leading security expert in CGI Cybersecurity Center and his responsibilities include security architecture, incident response, contingency planning and crisis management.
- Weathering the Storm: Surviving an Extinction Event
- 12:15 – Otto Salminen, Tech Lead of Secure Software Development at Gofore
- Red team exercises and automated pen testing for Azure
- Let’s find out if it’s possible to run red team exercises on Azure and how. What are the common weak points on cloud application setups and how to take precautions to detect and alert about problems automatically.
- Otto is a seasoned web application developer from Tampere with recent history on building DevSecOps for teams, architecting cloud infra and helping peers to create more secure code.
- Red team exercises and automated pen testing for Azure
- 13:00 – Juha Leivo, KONE
- Storing secrets – one way of dealing with it
- I kept saying to my developers, “No secrets in clear text files!”, then I had to walk the talk with my own development work, so here we are. One man’s attempts to reduce secret exposure during development work and within home lab. A brief why, implementation evaluation and current solution.
- Juha is a Principal security engineer at KONE. His current work is about automating code analysis and vulnerability management in KONE. Before moving to SecDevOps world he was Lead security consultant at Nixu’s Digital Forensics and Incident Response unit. Juha has over 18 years of experience in working in cybersecurity. He began as a security administrator for ultra-secure systems and since then he has worked in many different positions ranging from secure system designto management, to teaching Security Development Lifecycle workshops at Microsoft. At Nixu, Juha was the lead investigator in dozens of cyber incident cases in Finland and globally. Besides solving cyber incidents, Juha developed new tools for the DFIR team. As of late, he has fallen head over heels with tinkering (local) LLMs. His digital skills are complemented by a quarter a century of practicing self defense with over a decade of teaching.
- Storing secrets – one way of dealing with it
- 13:45 – Juho Jauhiainen, Accenture – InfoSec tryhard / human
- Why would anyone (not) want to work in cybersecurity?
- The cybersecurity community around the world is very exclusive. It is hard to get in and hard to stay afloat. This talk is about my own experiences over the years and tips on how to achieve your goals.
- Juho is a DFIR professional, a malware analyst, a speaker, and an instructor. He is currently working as a RITA (Rapid Intelligence & Tactical Analysis) lead for Europe and helping out organisations with their incident response globally. In addition to his current position, he has DFIR and malware analysis experience from various private and public sector organizations. In his freetime, he used to host award-winning Finnish podcast Turvakäräjät and run Helsinki security meetup group HelSec. Currently he teaches forensics at National Defence Training Association of Finland. Since 2021, Juho has been recognized as one of the top-100 IT influencers in Finland by TIVI magazine. Juho is CISSP, GSP, GX-FA, GX-IH, GCFA, GCFE, GCTI, GMON, GREM, and OSCP certified, and holds a master’s degree in Information Security and Cryptography.
- Why would anyone (not) want to work in cybersecurity?