Beste bezoeker, u bezoekt onze website met Internet Explorer. Deze browser wordt niet meer actief ondersteund door Microsoft en kan voor veiligheids- en weergave problemen zorgen. Voor uw veiligheid raden wij u aan om een courante browser te gebruiken, zoals Google Chrome of Microsoft Edge.
Search
Close this search box.

Cyber Booked: 5 Cybersecurity authors in the spotlights

By Mirjam Moerkamp and Barry Derksen

On the 23rd of May 2024, the Dutch Chapters of ISACA, ISC2 and OWASP together with the Secure Software Alliance (SSA) hosted a successful fully booked First Edition of Cyber Booked, a unique event showcasing predominantly Dutch authors of Cybersecurity books. The turnout was great, and everybody was excited to learn from the authors!

Program overview

This First Edition featured Bart de Best (Continuous Security), Bram de Bruijn (Security Innovation Stories), Brenno de Winter (Survival Gids voor de Digitale Jungle), Chris van ‘t Hof (Helpende Hackers and Cyberellende was nog nooit zo leuk) and Tiago Teles (Emerging Tech, Emerging Threats).

Opening Cyber Booked

In parallel sessions, Bart and Tiago kicked-off the presentations. Bart discussed his book in the context of the 15 books of his Continuous Everything suite. In his presentation he addressed the questions: how can you integrate continuous security in your DevOps way of working (WoW) and how does continuous security keep an organization in control?

According to Bart, to integrate security into the DevOps way of working, we need to transform the Information Security Management System (ISMS) into an Information Security Value System (ISVS). Continuous security, once integrated into the DevOps way of working, increases the security control frequency and shortens the time to market through increased deployment frequency. It also supports control by design ensuring controls are built in to mitigate risks supporting the automation of evidence enabling continuous monitoring and auditing. Bart extensively described a lot of variables concerning continuous security within the DevOps cycle. Security architecture principles, security practices, governance and continual improvement are important for the integration into DevOps WoW as discussed by Bart during the presentation (see picture below).

Bart de Best explaining Continous Security

Tiago gave an interesting presentation on emerging technologies using references to technologies introduced in the past and how we predominantly tend to be wary of these new innovations. The introduction of the automated lift for example was met with apprehension and distrust given that passengers had always relied on manually operated lifts. Over time, this distrust was replaced with confidence. The same apprehension can be seen with regards to autonomous vehicles c.q. self-driving cars. Emerging technology like Artificial Intelligence can be broken down into what he referred to as “the Good, the Bad and the Ugly”, the potential of these technologies can be beneficial to us, but they also introduce potential dangers and vulnerabilities. One of his statements, that really stuck with me, is that the pace of change or technology has never evolved as rapidly as now, yet it will never be this slow again. 

Tiago Teles, ‘The Good, the Bad & the Ugly’

After the coffee break, Bram and Brenno were up. Brenno captivated the audience with his presentation on how to survive the digital jungle. With great historical facts and present-day examples Brenno helped the public feel the importance of protecting what we have and know. Assuming safety is not possible as, for example, the Titanic example (picture) taught us. And, although Brenno likes cats, most of the examples with respect to protection were given using zebra’s (zebra’s work together, some can drink while others are keeping watch in order to protect the herd). Brenno also warned the audience that new technology can be misused, e.g. a full self-driving car can also carry a bomb to a predetermined place. Finally, expect the unexpected, referring to The Black Swan by Nicolas Taleb, 2008., such as the COVID epidemic which rapidly changed the world we live in.

Brenno de Winter - First aid survival kit Digital Jungle

In parallel, Bram shared insights from his book based on 20 interviews with experts in the field. He explained that the Netherlands is losing its frontrunner position in innovation (according to the National Cyber Power Index 2022 in comparison to 2020). Innovation doesn’t necessarily have to be something disruptive or radically new. It can also be incremental or sustaining (with low technology newness but increasing impact on the market). One of the insights he discussed is that the market is still immature. As a result, customers experience solution uncertainty, which limits the adoption of new solutions. This is triggered by the control paradox and FUD (Fear, Uncertainty and Doubt). It was an interactive session with the audience sharing their own ideas and experience with respect to the insights.

Bram de Bruijn discussing insights from his book

Chris van ‘t Hof was our closing keynote speaker. He wrapped up the evening with an engaging presentation on coordinated vulnerability disclosure, the subject of both his books. He talked about how the Netherlands became one of the first countries to release a guideline on vulnerability disclosure and how the government is open to hackers if they do it for good. Cracking codes dates as far back to the time when Alan Turing cracked Enigma and even further back to medieval times. He also discussed the three underlying principles of responsible disclosure: societal need, proportionality and subsidiarity using examples from the past such as the Diagnostiek voor U case. These three principles also form the DIVD Code of Conduct. The Dutch Institute for Vulnerability Disclosure (DIVD) was established in 2019 and uses a platform to continuously scan for vulnerabilities and report any findings to the owners of the systems. DIVD ‘aims to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them’. Bottomline, hackers see things differently and help organizations improve their security by uncovering and reporting vulnerabilities they find.

Chris van ‘t Hof, DIVD Code of Conduct

After the event, there was plenty of time for drinks, meeting & greeting the authors and book signing! All in all, a very successful evening and we look forward to organizing a Second Edition in 2025!

Picture of Mirjam Moerkamp

Mirjam Moerkamp

Mirjam Moerkamp CISSP is an ISACA NL board member.

Picture of Barry Derksen

Barry Derksen

Prof. dr. Barry Derksen is an ISACA NL board member and chairman of the ISACA NL Review Board.

Gerelateerde berichten

  • ISACA NL Journal ·

The AI <> Frikandel Conundrum

By Daniela de Almeida Lourenço, MSc, CISM, CISSP, C|CISO - Artificial Intelligence (AI) is a field of work that has seen immense breakthroughs in the last few years, given its application in the tangible world. AI Technology already indicates a dramatic shift in human resource management and technology dependency. Notwithstanding the advantages, the implementation of this technology without a mature and informed strategy may not be as beneficial as imagined and, in some cases, counterproductive. What does this have to do with the Netherlands' favourite deep-fried snack? This article will share insights on the risks of rushed AI adoption and provide recommendations to assist in the governance of this emerging technology.

Plaats een reactie

Deze site gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.

We gebruiken functionele en analytische cookies om ervoor te zorgen dat de website optimaal presteert. Als u doorgaat met het gebruik van deze site, gaan we ervan uit dat u hiermee akkoord gaat. Meer informatie vindt u in onze Privacyverklaring.