Heather
Gray

HexCon21 Day 1 Highlights: Informative sessions from industry experts

Heather Gray

Sep 22, 2021

17 min read

HexCon 21 kicked off with plenty of exciting sessions where industry leaders well known within their respective fields answered some of the burning questions organizations had in securing endpoints, successfully implementing remote work, maintaining compliance with regulatory standards and building good leadership and managerial skills.

Here’s a quick recap on what went on in Day 1 of HexCon 21:

Keynote: A year of persistence

Apu Pavithran, founder and CEO at Hexnode welcomed everyone to HexCon21. He spoke about the challenges faced last year and Hexnode’s inspirational story of perseverance. Hexnode gained widespread recognition for its growth from notable firms like Gartner, G2 among many others.

The keynote included other important announcements related to Hexnode certification, feature announcements and the much-awaited Partner Relationship Management portal and its multiple dimensions. Rachana, CMO at Hexnode, announced the next partner summit in April 2022 and shared Hexnode’s vision for its partners.

With an emphasis on the crucial step in the direction of vision, Rachana explains what the Partner Relationship Management portal will brings for its partners. The keynote ended with the announcement of a new certification course in Hexnode academy- Fundamentals of UEM.

Keynote: Corporate training

What does it take to find the moral strength to fight challenges that life keeps throwing your way? How do you provide employees the inspiration to work in their full potential? As a motivational speaker Nick Vujicic has inspired a lot of people over the years. In this session, he shared some key pointers that he used in his own life to make it more fulfilling:

  • Processing your emotions
  • Being grateful
  • Seeing challenges as opportunities
  • Resetting short-term and long-term goals
  • Managing time efficiently

And most important of all, dreaming big and never giving up.

 

Device sieve IoT

“Bryson
Bryson Bort’s session on Device Sieve IoT
 

Bryson Bort, founder and CEO of Scythe gave an informative session on the basics of IoT and the vulnerabilities that comes with using these IoT devices both within the office and at home. We next got to hear about the different categories of threat monitoring in detail. Various statistics on stagefright and global attack trends were discussed. The session also highlighted some of the active campaigns that are happening against IoT, these include:

  • DDoS
  • Ransomware
  • Cryptojacking
  • Lateral vector

Next, he talked about the history of attacks and the different attacks that happened within the past couple of years. The session ended with Bryson Bort demonstrated some of the widely known IoT attacks such as the lateral movement which was responsible for hacking a casino via a fish tank and the Merai style approach.

A more natural way to be a successful leader

“Natural
Natural way to become leaders
 

There are a lot of sessions out there on how to build better leadership. What makes this session unique is the natural approach businesses can take in improving their leadership quality. Horticulture and a corporate environment are polars apart, they can’t have anything in common right?

John Loflin with his session on ‘A more natural way to be a successful leader’ proved us wrong. With 26 years of experience in training people on how to be efficient leaders, he effectively showed how caring for a plant is not so different from caring for an employee. All it takes is to provide them with the right environment to flourish and cut back all the inhibiting factors that stops them from developing as a team.

Most leaders tend to take a more mechanical approach to solving problems, they always focus on the present but by thinking like a gardener, leaders can be much more proactive and harness a culture within their team where room for constant improvement and change is always spotted.

Like John Loflin said in the session, all it takes is four words – Grow, Cultivate, Prune and Harvest. Growth is all about creating that ideal environment where employees can grow and find the driving factors that leads them to make decisions on their own.

Cultivate the actions leaders need to ensure employees thrive in the environment they’ve set up; this would include asking them the right questions and making them feel comfortable enough to offer more information that could contribute to your growth as an organization.

Pruning would include reallocating resources that are not essential and make businesses focus on what’s important. Harvest means celebrating each and every moment you’ve made it as a team.

Trust or not trust? Is there a new mindset about Cybersecurity using Zero Trust?

What is zero trust and what are the principles that govern the idea of zero trust? This is what Filipi Pires, a principal security engineer helped uncover. Zero trust unfortunately does not provide an all-round answer. It depends on the business’s environment, which would include users, access intelligence and resources.

Maintaining adequate security is key, the session highlighted some of the ways in which this can be achieved:

  • Authenticate all networks
  • Monitor all devices and services
  • Set policies according to the value of services or data
  • Control access to services and data

The session came to a close with Filipi Pires discussing all the testing tools businesses can use and talked about the components that make up a good zero trust security framework.

Burnout – The greatest threats to your organization’s security

Chole Massdaghi, Founder of WeAreHackerz and a Growth Strategy Consultant gave an enlightening session on the ill effects a burnout can cause on the security industry.

In addition to stressing on the importance of maintaining work-life balance, the session touched upon various other topics, some of which included identifying the signs of a burnout in an employee, the reality of working in the security industry and the reasons why employees easily become burned out especially while working remotely.

The session closed with Chole Massdaghi sharing some vital tips for managers and employees to function efficiently as a team.

Transitioning from Healthcare to cybersecurity

“Transitioning
Transitioning from Healthcare to Cybersecurity
 

Changing your career plans is not an easy thing to do. It comes with a set of challenges that deters people from making the right move and being in a field where they feel they can contribute a lot more. Wendy Ng, a cloud security architect lead in OneWeb gave us an inspiring session that detailed her transition from healthcare to cybersecurity.

With the number of connected systems and devices steadily growing, Wendy Ng stressed on the importance of cybersecurity and the role it would be playing in the future.

She then went on to talk about how vital it is to stick to your commitment on choosing a new career and face the challenges that comes with it bravely.

We next got to hear how important it was to keep sharing your experience and insights with other members within your community and ended the session by mentioning how confidence and applicability can help you achieve what you need, no matter how difficult your circumstances maybe.

Getting API security right

Have you ever wondered whether the APIs you use are really secure? This session taken by Dr. Philippe De Ryck, founder of Pragmatic Web Security, might convince you otherwise. He began the session by sharing a story where vulnerabilities were spotted in the API of Harbor, a container registry. It allowed anyone to become an admin simply by setting a flag has_admin_role = True.

Next, we got to see some statistics where vulnerabilities were spotted within the APIs of several healthcare apps. He then went on to give some pointers to build more secure APIs. Some of the takeaways we got from the session include:

  • The security measures that can be implemented between the client and APIs
  • The importance of testing APIs in their natural environment
  • Implementing a sound authorization policy and ensuring the policy checks function level and object level access
  • The careful use of up-to-date JWT libraries

The session ended with Philippe De Ryck stressing on the importance of using private keys instead of HMACs and using explicit typing for your JWTs.

Practical approach to product security and building a security focussed organization

“Building
Building an organization focused on security
 

Building a security focused organization is not as difficult as it sounds. Tamaghna Basu, CEO of DataSECURE gave an informative session on how organizations can improve their security infrastructure. The session began with a startling statistic that showed the rise of data breaches and hacks across various industries. One of the key takeaways we learnt was how hackers have shifted their focus from targeting large scale enterprises to SMEs.

The second half of the session focused on the four main priorities of CISO’s and the various security measures that can be implemented to make them more secure. These include:

  • People
  • Process
  • Technology
  • Compliance

The session closed with Tamaghna Basu sharing the various ways in which organizations can become fully secure.

How to identify thefts affect adults, children and seniors

We have all heard about identity thefts and data exposure, it’s no longer confined to a small section of our society. It affects everyone from adults, children to seniors. Dana Mantilia, an identity theft and cybersecurity professional and the founder of Identity protection planning gave us a detailed session about data exposure and its various consequences.

The session begins with the history of media influencers all the way from radio to the present-day smart phone revolution and the social media explosion. She then brings forth the real motto behind these social media we are using- creating addiction #notbyaccident.

Dana then goes on to focus on the what we usually tend to forget- When something is ‘Free’ your Data is what you are paying the platform. The session then addresses some major concern- the increasing impact of bullying and the scary impact these have on the self-image of children and seniors being a huge target in identity theft scams. The speaker then ends the session by focusing about the various scams that we encounter like the phone and online scams that we really need to be cautious about.

What’s new in Apple Management?

Bradley Chambers is an authoritative figure on Apple Device Management. Being a regular contributor in 9to5 mac, his blogs are widely read by enterprise admins, school admins and general Apple users. Apple conducts the WWDC events every year, where new features and updates are unveiled. So, what are the couple of things that Mac users need to watch out this year?

The session focused on three key topics:

  • Declarative MDM
  • Erase all contents and settings
  • Adding a Mac with your iPhone’s Apple Configurator

With Declarative MDM, the devices can apply some of the management logic on themselves and free the MDM server from managing each and every aspect of the device. This can be an incredible time saver and spare admins the worry that comes with detecting any lag from the MDM server.

The ‘Erase all contents and settings’ was initially only found in iPhones. Now, with feature being available in Mac, admins can simple use the command ‘erase all contents and settings’ from their MDM portal and have the device set up for the next user. This feature also comes in handy when devices go missing. A Mac can now be binded to ABM/ASM using the Apple Configurator from your iPhone. The session closed with Bradley Chambers discussing the benefits these roll outs can bring to IT admins.

Mobile app risks lurking in the Public App Stores: What they are and what to do about it?

Do you know that the 69% of all digital traffic and time is spent in mobile vs. web apps? Inspite of this shocking statistics, many organizations still lack a real security program for their mobile applications. Brian C Reed, Chief mobility officer at NowSecure Mobile AST, pointed out this negligence and covered various aspects like global application supply chain, risk management capabilities and solutions.

The session began with the various mobile app risks that hide in our app stores and covered the differences between a malware and vulnerable apps. Citing examples from healthcare, Brian points out how, many of the apps that stores sensitive data can easily fall into unsafe hands, once breached.

The session then covered mobile app supply chain risk management and the various risks associated with them. It also emphasizes the need to establish tiered mobile app risk policy and prevent the deployment of high-risk apps to mitigate the risks associated with them. Brian concludes the session by focusing on the importance of following a three-pillar maximum security approach to keep a check on all app related threats.

Building a positive and healthy workplace

“Building
Building a Positive and Healthy Workplace
 

Tammy Dunnett, CEO of Relationship Revolution started the session by sharing a personal experience working with an abrasive leader. She then went to share some key insights to identify workplace bullies and how management can help employees maintain the peaceful and productive workplace that they wish for. The entire session revolved around these four topics:

    • Definition of a workplace bully
    • Two strategies needed to build insight and empathy
    • Three core elements of a successful intervention
    • Boss Whispering – a proven coaching method

The session ended with Tammy sharing the advantages of a successful intervention and the outcomes of Boss Whispering where abrasive leaders could resolve issues by being insightful and empathetic.

The human element in cybersecurity

Many organizations around the world succumb to cybersecurity incidents. How does this happen? Why is it so easy for hackers to hack into a corporate network? Dr. ir Johannes Drooghaag and his team in Spearhead Management helped to answer those questions. The session on ‘The Human Element in Cybersecurity’ is the culmination of all the results they’ve found in researching the outcomes of cybersecurity for the past 6 years. And the root causes? They can be boiled down to these four:

    • Usage
    • Technology
    • Management
    • Configuration

Johannes Drooghaag instructed on the importance of regularly managing, monitoring, patching and updating the technology we use as most cybersecurity incidents occur due to an abundance of technology. Management can be cited as the major initial root cause of cybersecurity.Not having enough managerial controls can lead to the improper configuration and usage of the technology in place.

Cybersecurity is built on three major frameworks – patch management, access management and segregation and segmentation. The session included plenty of statistics that clearly showed the importance of implementing these frameworks within the organization to minimize the occurrence of cybersecurity incidents. It wouldn’t hurt to do a continuous risk evaluation as well.

Privacy in the cloud by financial institutions

Paul Lanois is a European technology and privacy professional at Fieldfisher. Before being an attorney practicing in California and New York, he was the Vice President and Legal Counsellor in a leading international bank in Switzerland. He gave a session on the relevance of maintaining privacy and EU Compliance within the financial industry and how cloud-based solutions can help businesses be compliant with various regulatory requirements.

The adoption of cloud-based solutions was really slow as organizations were hesitant about implementing it. It took a while for it to achieve the mass adoption that it has today.

He talked about the various challenges businesses had to face before adopting cloud-based solutions and the benefits they could tap into after bringing onboard cloud-based solutions into their workspace. Despite the increased rise of cloud adoptions, there still are a couple of key challenges businesses had to look into while choosing a cloud-based solution, these include:

    • Lack of visibility
    • Insecure APIs
    • Data breaches
    • Regulatory compliance requirements
    • Cyberattacks

He next shared solutions for combating these challenges, such as the adoption of a strong cyber risk management framework and the identification of risks. Paul Lanois further stressed on the importance of choosing the services of a reliable cloud provider who has all the critical security solutions in place. The session closed with Paul Lanois sharing various steps financial firms would need to consider.

Surprising low-cost habits to achieve compliance and cybersecurity

“Surprising
Surprising low cost habits to achieve compliance and security
 

Adam Sbeta, a Security Analyst from CyberCrime Experts briefly talked about some of the low-cost habits organizations can implement to stay one step ahead of cybercriminals. These include:

    • Re-assessing traditional tools
    • Making proper technical and business decisions
    • Offset risk and cost with software compliance

We next got to see the different versions of ransomware and the cybercrime trend that is expected by 2025. He further stressed on the importance of evaluating vendors well and the good password habits businesses need to follow to ensure the protection of sensitive information. The session ended with Adam Sbeta sharing some key takeaways that organizations can implement to secure their endpoints and networks.

Data is the new oil

Have you ever wondered the impact automated cars could have on businesses and society? Barrie Kirk, P.Eng and Executive Director of CAVCOE talked about both the benefits and downsides of Connected and Automated Vehicles (CAVs). The session highlighted on:

    • What CAVs are
    • Its impact on businesses, government and society
    • Its impact on the data ecosystem

The differences between passenger and non-passenger CAVs were discussed and the use cases of each was talked about in detail. Barrie Kirk made it clear the data of CAVs was incredibly valuable is priced to be three times of that of the vehicle. He then talked about some of the issues of maintaining and securing data such as data ownership and privacy.The session closed with Barrie Kirk, pointing out some of the industries that could benefit from implementing CAVs and shared tips for industries that could be impacted due to this implementation.

The state of endpoint defense in 2021

Adrian Sanabria, the founder, Security Weekly Labs took an exciting session on the state of endpoint threats, their defenses and some of the strategies for success. He then explains the change in the threat landscape in the last 5 years; increasing ransomware and extortion attacks and how blockchain technology has made every transaction transparent, including the ransoms that are being paid.

The session then covered the various changes that the market experienced all the way from the 2000s. With a focus where endpoints fit today, the speaker focuses on the endpoint security products that focus on prevention, detection and even responds to threats. The session then focuses on some essential endpoint strategies.

Some good general strategic cybersecurity principles include:

    • Understand what attackers want and how they go about getting it
    • Don’t give them what they expect to find
    • If you don’t need it, get rid of it

The speaker then concludes the session with an emphasis on the effective endpoint defense strategies like hardening, zero trust, team training, testing your defenses and the practice of tech refresh.

We also got to see some informative sessions by the Hexnode team on efficiently managing Android, Windows and macOS devices.

Don’t worry, there’s still more fun coming right up! Stay tuned for Day 2 where there’ll be more exciting sessions in store.

Share
  •  
  •  
  •  
  •  
  •  

Heather Gray

Technical Blogger @ Hexnode. Reading and writing helps me to stay sane.

Share your thoughts