About

The 2nd Jordan Cyber Security Forum is organized for the objectives of fighting cyber-crimes hence securing the organizational cyber space.

In this year; the focus is on securing the Human (the weakest link in the security chain) by conducting awareness and training sessions and our slogan is: “Security by Education” for Protecting Jordan Cyber-space.

It is an occasion and platform for information Security knowledge sharing between participants, speakers, sponsors, and experts from academia and the public-private sector from Jordan and the Middle East. It is also an opportunity to identify emerging technologies; engage in lively debate on current cyber security issue such as the recent Shamoon and Ransomware attacks as well as to network with peers from different institutions across the Middle East countries. The latest up-to-date offerings from the industry's top training & solution providers will be discussed and demonstrated.

Currently; everybody is fully dependent on digital information and the Internet. It is becoming like the air to all of us; we cannot do business without information. Hence; its value is increasing and becoming the target for competitors and malicious individuals and entities. Only when lost or stolen, the value of this processed data is fully grasped. Companies are losing millions of dollars due to the theft of its intellectual property, an individual seeing his or her Personally Identifiable Information PII illegally scattered across the Web, as well as the critical infrastructure having the provision of its services interrupted. The Internet or the cloud services are growing ever fatter with sensitive data and highly skilled criminals show increasing proficiency in getting around the virtual fences and around the safeguards that keep these clouds protected. Our digital assets are continuously under potential danger and multi-level defenses can provide the armor needed so badly.

Objectives

JCSF-2017 will present the latest developments and techniques in the field of Cyber Security and Digital Forensics controls as a unique gathering of cyber Security & Forensics experts from Jordan, Middle East and all over the world.

The objective of the conference is to present the challenges and state-of-the art protection measures & technologies in the domain of information and network security, cyber risk management, threat intelligence as well as cyber forensics to a wider audience from public (governmental) and private (Banking and ISP’s) sector as well as academia. Invitees are high ranking government officials, military professionals, GM’s, CISO’s, CEO’s, experts from the police departments, risk managers, Cybercrime Centers and magistrates from Jordan and every Middle East countries as well as many professionals who are interested in the areas of cyber security & digital forensics are expected to show up in Amman, which will account for a fruitful exchange of knowledge and expertise.

The JCSF-2017 presents several high level local, regional and international key note speakers. The forum will have speeches running in two main domains. The first domain addresses Cyber Security. Topics range from cyber security readiness, Cyber security risk management, Data Center Security, Telecommunication fraud and reverse engineering and malware analysis specially the recent Wanna Cry malware, dark web threats and social engineering. The goal is to discuss and inform on practical organizational methods to secure an organization and deal efficiently with cybercrime.

Sessions will be organized in a second domain for experts dealing with combatting, investigating and detecting Cybercrimes and forensically analyzing cyber-attacks. They will be updated on the recent evolutions and available tools on Mobile Forensics, threat intelligence, Android exploitation techniques and auditing cyber security programs will be presented with real live demonstrations.

Thus Protecting Jordan Cyber-space!


Organizers

Precise Thinking TCT

Precise Thinking TCT

Forum Technical Owner
www.tfkeir.com

Precise Thinking TCT is a leading Information Security, Technology and Digital Forensics training and consulting provider that is based in Amman-Jordan.
Precise Thinking TCT is also the technical owner of the Annual Secure Jordan forums. Since 2011; we have been dedicated to helping local and regional organizations protecting their informational assets from different types of threats. Our service offerings are absolutely unique in terms of quality, content, resource caliber, flexibility and investment amount.

Precise Thinking TCT

General Computers and Electronics (GCE)

Speakers

Mr. Chuck Easttom

Mr. Chuck Easttom

From USA

Chuck Easttom has been in the IT industry for over 25 years and training for over 15. He has 2 master’s degrees and holds 42 industry certifications. He is the author of 23 computer science books and inventor with 10 patented inventions. He is a member of the American Academy of Forensic Sciences (AAFS). He travels around the world teaching computer security and speaking on security related topics. He has conducted computer security training for a wide range of law enforcement officers, various companies, and a variety of government agencies from around the world.

Speech

Two speeches shall be delivered by Mr. Chuck:

  • Phone Forensics:
    An overview of the current state of digital forensics of phones, including a discussion of JTAG and chip-off techniques. Current challenges in phone forensics will be addressed.
  • Mitigating Dark Web Threats:
    A discussion of what the dark web is, what is happening on dark web markets and how to investigate cyber-crimes on the dark web?

Back
Mr. Jeff Felice

Mr. Jeff Felice

From Logical Operations - USA

Jeff Felice is the EVP, Partners & Alliances at Logical Operations. Jeff has over twenty years as a learning professional with nearly a decade involvement in the cyber security training marketplace. Logical Operations offers high-stakes certifications such as Logical Operations Certified CyberSec First Responder (ANSI and DoD 857)) and certificate programmes including Logical Operations Certified CyberSAFE. Logical Operations' CEO is a board member of the National Cyber Security Alliance (NCSA) and works alongside representatives from organizations such as AT&T, Bank of America, Facebook, Google, Intel, Microsoft, Verizon, Visa, and more, to make sure that everyone has the education and resources needed to stay safe and secure online.

Speech

The Fourth Leg of the Cyber Security Stool – Your People

Billions of dollars are being spent each year on hardware and software cyber security solutions along with countless hours developing related policies and procedures. Although having these systems and processes in place are a must for any business today we often forget that cyber security, at its roots, is a social issue. It is people that formulate attacks and it is people who through lack of understanding, preparation, or vigilance enables for breaches to occur.
In this session we will explore how you can better prepare end-users who account for 95% of all cyber incidents. We will also share why it is necessary to take a holistic approach in preparing both Cyber and IT Professionals to better secure against and respond to cyber incidents. Finally, we will explore why cyber security training and certification is more than compliance training and how a sound approach to employee development, paired with the three other legs of the Cyber Security stool, will lead to greater security awareness and quicker response times for your organisation.

Back
Mr. Daoud Abu-Jodom

Mr. Daoud Abu-Joudom

From 7D GRC Advisory - Jordan

A Governance, Risk, Compliance (GRC), Assurance and Financial Services Risk Management and Audit Professional; with 28+ years' experience with leading BIG 4/IT Consulting firms and International Banks in the Middle East, North Africa, and USA. Daoud’s experience covers IT Audit Management, Risk Consulting, Banking IT/Operational Audits, Internal Controls, Internal/External Audits, Regulatory and Compliance Management and financial systems risks and controls.
Daoud is the Founder and Chief Consulting Officer of 7D GRC Advisory. Earlier, Daoud was the VP, Head of IT Audit at Arab Bank, and worked on IT consulting projects with Deloitte ME and Andersen Consulting. Daoud has an MBA/MIS (USA) , a Certified Information Systems Auditor (CISA) and Risk Management Lecturer at the American University of Madaba teaching Risk Management for Micro/Small Businesses; Applications of Risk Management (e.g. GRC, ISO 31000), Auditing, Supervising RM Graduation projects.

Speech

Two speeches shall be delivered by Mr. Daoud:

  • Cyber Security implementation core issues in Financial Institutions: Addressing Governance, Risk, and Compliance imperatives based on NIST Framework (CSF) and COBIT 5
  • Auditing Cyber Security in Financial Institutions based on NIST CSF Framework & ISACA/COBIT 5 Audit/Assurance Program: Evaluating Risks and Auditing Controls

Back
Mr. Malek Alzweiri

Mr. Malek Alzweiri

Pricise Thinking - Jordan

Malek received his BSc. degree in Computer Information Systems form the University of Jordan in 2011. He earned his MSc. degree in Information Systems Security and Digital Criminology from Princess Sumaya University for Technology in 2014. He is currently pursuing his PhD degree in Computer Science with focus on Cyber Threat Intelligence. Malek worked as a Security and Risk Administrator at Orange (Jordan Telecom Group) for two years, and then as the Head of Information Security Section at the University of Jordan for two years. Currently, he is working as a Senior Security Consultant & Trainer at Precise Thinking TCT. His research interests are in the areas of Information Security and Privacy in general, Smart Cards/RFID Security Systems, and Cyber Threat Intelligence.

Speech

Cyber Threat Intelligence (CTI)

Cyber Threat Intelligence (CTI), in essence, is the ability to predict and infer security threats, proactively, in order to respond to current incidents and prevent future attacks from occurring. In this speech, the speaker will explore several emerging open source threat intelligence tools and demonstrate the differences and benefits.

Back
Mr. Rusham Mansoor

Mr. Rusham Mansoor

From Axiom – Sri Lanka

Rusham holds an MBA (UK) Merit, PMP, ACMA (UK) and ACMA (SL) certifications in addition to a Master degree in Telecoms Revenue Assurance; he is also Certified Fraud Analyst. An authority in telecoms fraud management, with over decade of experience in Telecoms Business Assurance practices. Has worked in multiple telecom projects in the region, and has implemented SIMbox prevention mechanisms from scratch and possess system implementation expertise as well. Rusham is also a speaker and trainer in the domain of Telecom fraud and revenue assurance.

Speech

Telecommunication Fraud: SIMBoxing

The annual telecom industry revenue is estimated to be USD 2.25 Trillion, and 2% (USD 45 Billion) of it estimated to be frauds. This percentage may go up to 10% in emerging markets. And the bypass fraud over the last 5 years has grown from mere 1.7% of overall fraud to a staggering 6%. which is estimated at USD 2.7 Billion.
This speech shall discuss different types of Telecom fraud with focus on Voice Bypass (SIMBoxing) and present the latest technique used to fight SIMBoxing in a structured and organized manner with the objectives of creating an upper hand over fraudsters through a real case study.

Back
Mr. Blessen Thomas

Mr. Blessen Thomas

Independent researcher - India

A Security Researcher & Security Consultant who delivers Web Application Penetration Test, Mobile Penetration Test (iOS and Android platform), Vulnerability Assessment and Network Penetration Testing courses for several companies and financial institutions. He holds a B. Tech in Information Technology OSCP - Offensive Security Certified Professional, C|EH - EC-COUNCIL Certified Ethical Hacker and C|HFI - Computer Hacking Forensics Investigator certifications. He has been listed and acknowledged in various “HALL OF FAMES” for various companies such as Oracle, Sony, Kayako, Appcelerator, Hotgloo, Meldium, Splunk and many more for responsible disclosure. He is a Synack Red Team Security Researcher and an active contributor for the OWASP Mobile Testing Guide Project. As a speaker in Hackbeach 2015 conference h is research has been accepted into various security conferences like OWASP Appsec Europe, Italy 2016, RootCon, Philippines 2016 etc. He has successfully trained in CanSecWest 2017, Vancouver Canada , OWASP AppSec, Rome Italy 2016 and many more

Speech

Exploiting Android Security

Today almost all of us depend on mobile apps for daily use for online banking, buying groceries, booking a cab or a flight, order a book to other daily activities.
With mobile application industry booming at an alarming pace, security risks associated to the mobile apps are still not addressed. The customers’ confidential & privacy data are at stake.
In this paper, the common issues that were identified during our research in mobile applications testing shall be discussed as well as other of mobile applications pitfalls. >

Back
Mr. Mohammed Javed Wadood

Mr. Mohammed Javed Wadood

From EPI - Pakistan

EPI Regional Head / Country Manager with strong background in management, sales/marketing and business development in Middle East, Africa and Pakistan. 25 years in the Information Technology industry with extensive experience in exploiting new market opportunities, introducing new technologies, building third party relationships and managing customers and channels for business expansion.

Speech

Effective Data Centers Security

In this speech the presenter will highlight Data center standards and addressing security related issues. He will also discuss the Security set-up at the physical level, Controls for securing the perimeter, Controls for the facility, Why security fails, Process controls, Monitor, review and improve, Audit and control and the different training available on the Security of Data Centers.

Back
Subela Bahatia

Subela Bahatia

Region Business Head- MEA at ITpreneurs– Dubai

Expertise in business development for enterprise customers and channel business in IT security software solutions, products and education sectors. Strong relationship building and maintaining skills with top management in verticals like banks, large enterprises, government and universities. Built and successfully grew the new channel partners for IT security software in middle east and Levant regions. Overachieved sales plan by generating leads as a Product head.

Speech

Security by Education

The only control to protect the weakest link (human element) in the security chain is training and awareness. In this talk the presenter will highlight the importance of security training and awareness and how it will reflect positively and increase return on security investment. Also the NIST Cyber Security NICE approach will be introduced.

Back
Mr. Ahmad Khulaif

Mr. Ahmad Khulaif

From Jordan

Ahmed is BSc graduate of Computer Engineering and a network security professional & malware analyst who is always keen to explore and analyze malware and security issues. He is the founder of a blogger on Malware Analysis and Reverse Engineering who wrote more than 100 articles in team blogs. Ahmad is the Winner of the Jordan Top Hacker competition and scored 11th across Middle East and 511 across the world our of 1400 competitor in the CSAW worldwide information security competition, a speaker at the Jordan Engineering Associate events and trainer as well.
Ahmad maintains many certifications such as CEH, CCNA Cyber Ops, Wireshark Certified Network Analyst, and Linux Administration. Currently, he is working as a Network Security Consultant and System Administrator. His key areas of expertise include: Reverse Engineering, Malware Analysis, Mobile & Web Application Pentesting, DDOS protection, scripting and Red Hat 7.2, Splunk, Vmware Vsphere Esxi Administration.

Speech

Malware Analysis of WannaCry & Shamoon attacks

  • Malware analysis will be discussed with an in-depth knowledge into the world of malware, reverse engineering and testing.
  • The speaker will also present techniques to identifying,
  • isolating and defense against malware, dynamic and static analysis on all major files types,
  • how to recognize common malware tactics, demo tools and techniques for “run time” analysis,
  • debugging and disassembling malicious binaries and network traffic analysis to combat malware.
  • Analysis of the recent WannaCry and Shamoon attacks will be discussed as well.

Back
Mohanned Momani

Mohanned Momani

From KSA

Coming soon

Speech

Social Engineering: The biggest Cyber Security

According to latest research and studies; the biggest cyber-security threat attacking our information assets and privacy is Social Engineering (SE) that is targeting the weakest link (the human) in the security chain. In this speech; the presenter will explain the definition of SE, discuss the different types of Social Engineering (human, computer and mobile based) and demonstrate some case studies of such attacks. Ways to protect against the risks resulting from such attacks will also be explained.

Back
Mr. Aqel M. Aqel

Mr. Aqel M. Aqel

ISACA Riyadh Chapter – KSA

Aqel is CISA, MBA, CSSGB, SMP, CRISC, CGEIT, COBIT 5 Accredited Trainer, IT auditor and consultant specialized in organizational development and e-transformation, in addition to IT governance, risk management and cybersecurity. He participated in many mega projects, national level strategic planning and policymaking as well as organizational level implementation of contemporary concepts and methodologies like strategic management, IT governance, and risk management. Aqel is a CISA coordinator and research director in ISACA Riyadh chapter since 2009. He was behind the efforts to translate COBIT 5 family of products to Arabic such as:
  • Organizational Readiness to e-Transformation (2010, English and Arabic)
  • IT Security, What Is It, And How To Achieve It (2012, Arabic) :
  • Introduction to IT Governance using COBIT (2011, Arabic)
  • Managing IT Human Resources (2013, English)
  • Executing and Governing Strategic plans (2014, Arabic)
  • COBIT approach to maintain healthy cybersecurity status This talk will discuss how COBIT 5 can facilitate addressing and mitigating cybersecurity threats in coordination with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. COBIT 5 structured approach utilizing its tested processes will result the following:
  • More focused and less redundant approach to handle cyber-security threats,
  • Efficient utilization of available security resources, and
  • Maintain Clear responsibilities and structured organizational change.
Speech
Back

Moderators

Mr. Daoud Abu-Jodom

A Governance, Risk, Compliance (GRC), Assurance and Financial Services Risk Management and Audit Professional; with 28+ years’ experience with leading BIG 4/IT Consulting firms and International Banks in the Middle East, North Africa, and USA. Daoud’s experience covers Risk Management Lecturing, Risk Consulting, Banking IT/Operational Audit, Internal Controls, business/operational policies and procedures, Internal/External Audits, Regulatory and Compliance Management and financial systems risks and controls.

Mahmoud Kamel

Mahmoud is a BSc. graduate of Computer Information Systems and currently holds the position of Operations Manager at Precise Thinking TCT in Amman. With more than 15 years of experience in IT and Information Security fields; Mahmoud is professional in managing many information security & forensics training and consulting projects in the region who maintains many industrial certifications such as: E|CIH, SCADA, CCTV and Network+.

Workshops

The conference will have Four workshops running in parallel:
Workshop Title Instructor Duration
Cyber Threat Intelligence in Practice (CTIiP) Chuck Easttom 27-28 of Sep. 2017
Android Exploitation Techniques in Practice (AETiP) T. Blessen 27-28 of Sep. 2017
Practical Reverse Engineering and Malware Analysis (PREaMA) A. Khulaif 27-28 of Sep. 2017
Analysis, Detection and Countermeasure of Telecommunication Fraud: SIMBoxing case study (ADaCoTF) R. Mansoor 27-28 of Sep. 2017

Agenda

Day 1: 27th of September, 2017
08:00 – 09:00 AM

Registration

09:00 to 09:15 AM

Forum opening and welcome speech

09:15 to 10:00 AM

Mr. Chuck Easttom

Dark Web Threats and Mitigation
10:00 to 10:45 AM

Mr. Jeff Felice

The fourth leg of the Cyber Security stool
10:45 – 11:00 AM

Coffee break

11:00 – 11:45 PM

Mr. Daoud Abu-Joudom

Cyber-Security implementation issues in Financial Institutions
11:45 – 12:00 PM Panel Discussion
12:00– 12:40 PM

Mr. Blessen Thomas

Android Exploitation and Security
12:40– 01:20 PM Networking Lunch and salah
01:20 – 02:00 PM

Mr. Ahmed Khulaif

Reverse Engineering & Malware Analysis
02:00 – 02:45 PM

Mr. Rusham Mansoor

Telecommunication Fraud: (SIMBoxing)
02:45 – 03:00 PM

Panel Discussion

Day 2: Thursday 28th of September, 2017
08:30 – 09:30 AM

Mr. Chuck Easttom

Cell Phone Forensics
09:30 – 10:15 AM

Mr. Malek Zeweiri

Cyber Threat Intelligence
10:15 – 10:30 AM

Coffee break

10:30 – 11:20 AM

Mr. Mohammed Javed Wadood

Effective Data Center Security
11:20 – 12:20 PM

Ms. Subela Bahatia

Security by Education
12:20 – 12:35 PM

Panel Discussion

12:35– 01:15 PM Networking lunch and salah
01:15 – 01:45 PM

Mr. Aqel Aqel

CobIT Approach to maintain healthy cyber security status
01:45 – 02:20 PM

Mr. Daoud Abu-Joudom

Auditing Cyber Security in Financial Institutions based on CobIT and NIST Cyber Security Framework
02:20 – 02:45 PM

Mr. Mohanned Momani

The Biggest Cyber Security Threat: Social Engineering
02:45 – 03:00 PM Panel discussions and questions

Venue

  • Holiday Inn Amman - 5 star Hotel

Mahmoud Kamel, Operations Manager
Precise Thinking TCT

 Site : www.tfkeir.com
 Email: info@tfkeir.com

 Cell: +962 79154 8440
 Fixed: +962 6554 4664