About

The 2nd Jordan Cyber Security Forum is a forum that has been organized for the objectives of fighting cyber-crimes by securing the organizational cyber space.

It is an occasion and platform for information Security knowledge sharing between participants, speakers, sponsors, and experts from academia and the public-private sector from Jordan and the Middle East. It is also an opportunity to identify emerging technologies; engage in lively debate on current cyber security issue such as the recent Shamoon and Ransomware attacks as well as to network with peers from different institutions across the Middle East countries. The latest up-to-date offerings from the industry's top training & solution providers will be discussed and demonstrated.

Currently; everybody is fully dependent on digital information and the Internet. It is becoming like the air to all of us; we cannot do business without information. Hence; its value is increasing and becoming the target for competitors and malicious individuals and entities. Only when lost or stolen, the value of this processed data is fully grasped. Companies are losing millions of dollars due to the theft of its intellectual property, an individual seeing his or her Personally Identifiable Information PII illegally scattered across the Web, as well as the critical infrastructure having the provision of its services interrupted. The Internet or the cloud services are growing ever fatter with sensitive data and highly skilled criminals show increasing proficiency in getting around the virtual fences and around the safeguards that keep these clouds protected. Our digital assets are continuously under potential danger and multi-level defenses can provide the armor needed so badly.

Objectives

JCSF-2017 will present the latest developments and techniques in the field of Cyber Security and Digital Forensics controls and will be a unique gathering of cyber Security & Forensics experts from Jordan, Middle East and all over the world.

The objective of the conference is to present the challenges and state-of-the art protection measures & technologies in the domain of information and network security, cyber risk management, threat intelligence as well as cyber forensics to a wider audience from public (governmental) and private (Banking and ISP’s) sector as well as academia. Invitees are high ranking government officials, military professionals, GM’s, CISO’s, CEO’s, experts from the police departments, risk managers, Cybercrime Centers and magistrates from Jordan and every Middle East countries as well as many professionals who are interested in the areas of cyber security & digital forensics are expected to show up in Amman, which will account for a fruitful exchange of knowledge and expertise.

The JCSF-2017 presents several high level local, regional and international key note speakers. The forum will have speeches running in two main domains. The first domain addresses Cyber Security. Topics range from cyber security readiness, Cyber security risk management, Data Center Security, Telecommunication fraud and reverse engineering and malware analysis specially the recent Wanna Cry malware, dark web threats and social engineering. The goal is to discuss and inform on practical organizational methods to secure an organization and deal efficiently with cybercrime.

Sessions will be organized in a second domain for experts dealing with combatting, investigating and detecting Cybercrimes and forensically analyzing cyber-attacks. They will be updated on the recent evolutions and available tools on Mobile Forensics, threat intelligence, Android exploitation techniques and auditing cyber security programs will be presented with real live demonstrations.

Organizers

Precise Thinking TCT

Precise Thinking TCT

Forum Technical owner
www.tfkeir.com

Speakers

Mr. Chuck Easttom

Mr. Chuck Easttom

Chuck Easttom has been in the IT industry for over 25 years and training for over 15. He has 2 master’s degrees and holds 40 industry certifications. He is the author of 20 computer science books and inventor with 7 patented inventions. He is the Chair of the Board of Information Security and Computer Forensics for the American College of Forensic Examiners and a Diplomat of the American College of Forensic Examiners. He travels around the world teaching computer security and speaking on security related topics. He has conducted computer security training for a wide range of law enforcement officers, various companies, and a variety of government agencies from around the world.

Agenda

Coming soon

Back
Mr. Daoud Abu-Jodom

Mr. Daoud Abu-Jodom

Governance, Risk, Compliance (GRC), Assurance and Financial Services Risk Management and Audit Professional; with 28+ years experience with leading BIG 4/IT Consulting firms and International Banks in the Middle East, North Africa, and USA. Daoud’s experience covers Risk Management Lecturing, Risk Consulting, Banking IT/Operational Audit, Internal Controls, business/operational policies and procedures, Internal/External Audits, Regulatory and Compliance Management and financial systems risks and controls. Daoud was the VP, Head of the IT Audit at Arab Bank Group where he established and headed the IT Audit function for the Group, he applied COBIT as the IT Governance/Assurance framework to conduct Risk-Based Audits on Banking IT, Risk Management, Compliance, and Operational including Information Security and Business Continuity; Managed Special investigations of systems-related incidents; Participated in special task forces and committees to report on audit findings and root cause analyses to Senior Management. Daoud also worked as the Consulting Manager at Deloitte ME where he managed Deloitte’s IT consulting practice in Saudi Arabia. Daoud also worked with Andersen Consulting on several Assurance/QA projects. Throughout his career, Daoud worked on evaluating Governance structures, Risk and Compliance Management Processes, Internal controls, policies and procedures, and performance management. Daoud has an MBA/MIS (USA) , a Certified Information Systems Auditor (CISA) and Risk Management Lecturer at the American University of Madaba teaching advanced courses such as Risk Management for Micro/Small Businesses; Applications of Risk Management (e.g. GRC, ISO 31000), Auditing, Supervising RM Graduation projects and men Daoud was the VP, Head of the IT Audit at Arab Bank Group where he established and headed the IT Audit function for the Group, he applied COBIT as the IT Governance/Assurance framework to conduct Risk-Based Audits on Banking IT, Risk Management, Compliance, and Operational including Information Security and Business Continuity; Managed Special investigations of systems-related incidents; Participated in special task forces and committees to report on audit findings and root cause analyses to Senior Management. Daoud also worked as the Consulting Manager at Deloitte ME where he managed Deloitte’s IT consulting practice in Saudi Arabia. Daoud also worked with Andersen Consulting on several Assurance/QA projects. Throughout his career, Daoud worked on evaluating Governance structures, Risk and Compliance Management Processes, Internal controls, policies and procedures, and performance management. Daoud has an MBA/MIS (USA) , a Certified Information Systems Auditor (CISA) and Risk Management Lecturer at the American University of Madaba teaching advanced courses such as Risk Management for Micro/Small Businesses; Applications of Risk Management (e.g. GRC, ISO 31000), Auditing, Supervising RM Graduation projects and mentoring.

Agenda

In a time of growing threats and evolving circumstances, adopting and maintaining a robust cyber security profile in Banks is vital. Valuable information and assets must be protected, but the mission goes beyond that. An enterprise’s cyber stance should fit into a larger comprehensive structure of the governance and management of enterprise IT. Given this importance to enterprise strategy and results, cyber security as part of an entire GRC structure is no longer just a “tech” issue. It is the foundation upon which enterprise innovation and transformation takes place. For the Banking industry there are various strict regulatory and industry requirements along with myriads of frameworks and standards to manage implementing robust internal control environments to manage Cyber Security. A viable enterprise solution for cyber security is to adopt a framework to manage frameworks. This is accomplished with the intersection of the NIST Cyber Security Framework and COBIT 5 as an overarching framework. NIST Cyber Security Framework (CSF) was developed by the National Institute of Standards and Technology (NIST) adopting a risk-based approach to managing cyber Security. ISACA participated in the CSF's development and helped embed key principles from the COBIT framework into the industry-led effort. NIST CSF offers a structured way to communicate organizational priorities, risk management considerations and specific activities to reduce Cyber Security risks across executive, business, and technical levels.

Back
Mr. Malek Alzweiri

Mr. Malek Alzweiri

Malek received his BSc. degree in Computer Information Systems form the University of Jordan in 2011. He earned his MSc. degree in Information Systems Security and Digital Criminology from Princess Sumaya University for Technology in 2014. He is currently pursuing his PhD degree in Computer Science with focus on Cyber Threat Intelligence. Malek worked as a Security and Risk Administrator at Orange (Jordan Telecom Group) for two years, and then as the Head of Information Security Section at the University of Jordan for two years. Currently, he is working as a Senior Security Consultant & Trainer at Precise Thinking TCT. His research interests are in the areas of Information Security and Privacy in general, Smart Cards/RFID Security Systems, and Cyber Threat Intelligence.

Agenda

Cyber Threat Intelligence (CTI), in essence, is the ability to predict and infer security threats, proactively, in order to respond to current incidents and prevent future attacks from occurring. In this speech, the speaker will explore several emerging open source threat intelligence tools and demonstrate the differences and benefits.

Back
Mr. Rusham Mansoor

Mr. Rusham Mansoor

Rusham holds an MBA (UK) Merit, PMP, ACMA (UK) and ACMA (SL) certifications in addition to a Master degree in Telecoms Revenue Assurance; he is also Certified Fraud Analyst. An authority in telecoms fraud management, with over decade of experience in Telecoms Business Assurance practices. Has worked in multiple telecom projects in the region, and has implemented SIMbox prevention mechanisms from scratch and possess system implementation expertise as well. Rusham is also a speaker and trainer in the domain of Telecom fraud and revenue assurance.

Agenda

The annual telecom industry revenue is estimated to be USD 2.25 Trillion, and 2% (USD 45 Billion) of it estimated to be frauds. This percentage may go up to 10% in emerging markets. And the bypass fraud over the last 5 years has grown from mere 1.7% of overall fraud to a staggering 6%. which is estimated at USD 2.7 Billion.
This speech shall discuss different types of Telecom fraud with focus on Voice Bypass (SIMBoxing) and present the latest technique used to fight SIMBoxing in a structured and organized manner with the objectives of creating an upper hand over fraudsters through a real case study.

Back
Mr. Blessen Thomas

Mr. Blessen Thomas

A Security Researcher & Security Consultant who delivers Web Application Penetration Test, Mobile Penetration Test (iOS and Android platform), Vulnerability Assessment and Network Penetration Testing courses for several companies and financial institutions. He holds a B. Tech in Information Technology OSCP - Offensive Security Certified Professional, C|EH - EC-COUNCIL Certified Ethical Hacker and C|HFI - Computer Hacking Forensics Investigator certifications. He has been listed and acknowledged in various “HALL OF FAMES” for various companies such as Oracle, Sony, Kayako, Appcelerator, Hotgloo, Meldium, Splunk and many more for responsible disclosure. He is a Synack Red Team Security Researcher and an active contributor for the OWASP Mobile Testing Guide Project. As a speaker in Hackbeach 2015 conference h is research has been accepted into various security conferences like OWASP Appsec Europe, Italy 2016, RootCon, Philippines 2016 etc. He has successfully trained in CanSecWest 2017, Vancouver Canada , OWASP AppSec, Rome Italy 2016 and many more

Agenda

Today almost all of us depend on mobile apps for daily use for online banking, buying groceries, booking a cab or a flight, order a book to other daily activities.
With mobile application industry booming at an alarming pace, security risks associated to the mobile apps are still not addressed. The customers’ confidential & privacy data are at stake.
In this paper, the common issues that were identified during our research in mobile applications testing shall be discussed as well as other of mobile applications pitfalls.

Back
Mr. Mohammed Javed Wadood

Mr. Mohammed Javed Wadood

EPI Regional Head / Country Manager with strong background in management, sales/marketing and business development in Middle East, Africa and Pakistan. 25 years in the Information Technology industry with extensive experience in exploiting new market opportunities, introducing new technologies, building third party relationships and managing customers and channels for business expansion.

Agenda

In this speech the presenter will highlight Data center standards and addressing security related issues. He will also discuss the Security set-up at the physical level, Controls for securing the perimeter, Controls for the facility, Why security fails, Process controls, Monitor, review and improve, Audit and control and the different training available on the Security of Data Centers.

Back
Subela Bahatia

Subela Bahatia

Coming soon

Agenda

Coming soon /a>

Back
Ahmed Khleif

Ahmed Khleif

Coming soon

Agenda

Malware analysis will be discussed with an in-depth knowledge into the world of malware, reverse engineering and testing. The speaker will also present techniques to identifying, isolating and defense against malware, dynamic and static analysis on all major files types, how to recognize common malware tactics, demo tools and techniques for “run time” analysis, debugging and disassembling malicious binaries and network traffic analysis to combat malware.

Back
Mohanned Momani

Mohanned Momani

Coming soon

Agenda

Coming soon

Back

Moderators

Mahmoud Kamel

Mahmoud is a BSc. graduate of Computer Information Systems and currently holds the position of Operations Manager at Precise Thinking TCT in Amman. With more than 15 years of experience in IT and Information Security fields; Mahmoud is professional in managing many information security & forensics training and consulting projects in the region who maintains many industrial certifications such as: E|CIH, SCADA, CCTV and Network+.

Workshop

The conference will have Four workshops* running in parallel:
Workshop Title Instructor Duration
Android Exploitation Techniques T. Blessen 27-28 of Sep. 2017
Reverse Engineering and Malware Analysis (With emphasis on Wanna Cry) A. Khlaif 27-28 of Sep. 2017
Telecommunication Fraud (SIMBoxing) R. Mansur 27-28 of Sep. 2017
Cyber Security Risk Management in Practice M. Momani 27-28 of Sep. 2017

Workshop registration is not part of the conference participation fees


Agenda

Coming soon

Location

  • Venue: Royal Scientific Society (RSS) – Amman - Jordan
  • Accommodation
  • Travel Information

Mahmoud Kamel, Operations Manager
C|IH, Network+, CCTV & SCADA
Precise Thinking TCT

 Site : www.tfkeir.com
 Email: mkamel@tfkeir.com

 Cell: +962 79154 8440
 Cell: +962 77224 6640