Home Mail Site Map
||||||||||
Prvi v Sloveniji certificirani po standardu ISO/IEC 27001

IT Slovenija
Webinarji
Foto Galerije

12.04 » Kako izgleda konferenca ZAUH v živo!?

11.04 » ZAUH 2018 - že 10. leto zapored!!!

21.02 » Utrinki delavnice Sistem upravljanja varstva osebnih podatkov

Izobraževanja › Upravljanje varnosti › Konferenca

Konferenca HEK.SI 2018

Konferenca HEK.SI 2018

Četrtek, 5.4.2018 in petek, 6.4.2018
Ljubljana, Gospodarsko razstavišče

2. nadstropje, dvorana Urška 1, 2, 3 in 4

IT in računalniški strokovnjaki, informatiki in vsi ostali, ki vas zanima področje etičnega hekinga, vabljeni, da se nam 6. leto zapored pridružite na konferenci etičnega hekinga HEK.SI ter se skupaj z nami vživite v delo etičnega hekerja.

S prikazom etičnih napadov in tehnik, ki se jih poslužujejo napadalci, ter primerov napadov in vdorov iz prakse, bomo zopet poskrbeli za visok nivo adrenalinskega vzdušja.

 

Četrtek, 5.4.2018
08.00 - 08.30 Prihod udeležencev in registracija
08.30 - 08.45 Pozdrav in uvodni nagovor organizatorja
Aleksander Šinigoj, Palsit d.o.o.
08.45 -09.15 OWASP ZAP Scripting – To Infinity and beyond!
Mane Piperevski, Piperevski & Associates
09.15 - 09.45 (Advanced) Android Mobile Application Hacking
Mislav Boroš, INFIGO IS d.o.o.
09.45 - 10.15 Kako čim ceneje izboljšati stanje varnosti v podjetju?
Andrej Vnuk, ALEF Distribucja SI d.o.o.
10.15 - 10.45 ODMOR ZA KAVICO IN MREŽENJE
Sekcija 1 2
10.45- 11.15 Hackers, Threats and Cyber Defence: the S&T Slovenija approach
Andrej Skamen in Marko Jenko, S&T Slovenija d.d.
Core Banking Systems, Crypto coins and other business solutions are under attack
Balázs Hambalkó, Balasec
11.15 - 11.45 Varnostne ranljivosti, odgovorno poročanje in pametne pogodbe
Gregor Pogačnik, Fundacija SICEH
CVE-Scraper
Alex Conti, Politecnico di Milano
11.45 - 12.15

NAT64 eksperimenti v Go6Lab-u in orodje NAT64Check 
Jan Žorž, Go6 / Internet Society

Designing practical Audit Trails in Oracle 
Pete Finnigan, Oracle Security specialist
12.15 - 13.00 ODMOR ODMOR
13.00 - 13.30 Zlorabe in pasti blockchain sveta
Tadej Hren, SI-CERT
onyx - unique search engine that crawls entire web and identify outdated platforms
Primož Cigoj, Institut Jožef Stefan
13.30- 14.00 Problematika posesti dokaznega gradiva v elektronski obliki
Tadej Stergar, Inštitut za forenziko informacijskih tehnologij
Zloraba shranjenih profilov wifi omrežij
Andraž Jelenc in Anže Nunar
14.00 - 14.30

Bo leto 2018 prelomno za kibernetsko varnost v Sloveniji?
Gorazd Božič, SI-CERT

14.30 - 15.00 Hekerski vdori in nov zakon o informacijski varnosti
Gregor Potočnik, član delovne skupine za pripravo zakona o informacijski varnosti
15.00 - 15.30

OKROGLA MIZA: Kakšen zakon potrebujemo v Sloveniji za zaščito pred hekerji?

  • Kakšen zakon potrebujemo v Sloveniji za zaščito pred hekerji?
  • Kakšni so novi zakoni, ki prihajajo na tem področju?
  • Komu poročamo o hekerskih vdorih po novem ZVOP-2 (GDRP) in komu poročamo po ZIV (novi Zakon o informacijski varnosti)?

Udeleženci:
Tadej Vodopivec, Comtrade d.o.o.
Gregor Potočnik, član delovne skupine za pripravo zakona o informacijski varnosti
Boris Vardjan, SKB d.d.
Matej Kovačič, Institut Jožef Stefan
Boštjan Kežmah, CEPRIS d.o.o. 

 

Petek, 6.4.2018
08.00 - 08.30 Prihod udeležencev in registracija
08.30 - 09.00 Kdaj bo po ZVOP-2 (GDPR) o hekerskem vdoru upravljavec moral obvestiti Informacijskega pooblaščenca?
Mojca Prelesnik, Informacijska pooblaščenka Republike Slovenije
09.00-09.30 How we introduced NIS Directive into Croatian legislation? 
Jurica Čular, Croatian Goverment's CERT
Sekcija 1 2
09.30 - 10.00 Kako v podjetju izvesti penetracijski test s pomočjo etičnega hekerja?
Matej Lamut Skok, NLB d.d.

Privacy and ethical issues of ethical hacking
Matjaž Pušnik in Taja Andrej, KPMG d.o.o.

10.00 - 10.30 mBills - mobilna denarnica, ki prispeva k etičnosti in transparentnosti plačevanja
Jerica Urbančič in Primož Zupan, MBILLS d.o.o.
Why everybody should do CTF/Wargames?
Miroslav Štampar, Croatian Goverment's CERT
10.30 - 11.00 ODMOR ZA KAVICO IN MREŽENJE ODMOR ZA KAVICO IN MREŽENJE
11.00 - 11.30

Postavitev pentest laboratorija v domačem okolju
Boštjan Špehonja, Unistar LC d.o.o.

Princess and the beast in the cyberworld
Aleksandar Mirković, eSigurnost
11.30 - 12.00 Human Firewall
Gorazd Rolih, Slovenska vojska
The PENtesting is mightier than the sword
Matija Verić, Atia Consulting
12.00-12.45 ODMOR ODMOR
12.45 - 13.15 Protislušni pregled 
Aleš Ažman, Detekta d.o.o. in Tibor Tajnšek, Detektivsko Varnostna Agencija Dva Fokus d.o.o.
The experience of CERT-UA in cyber threat counteraction 
Yevheniia Volivnyk, CERT-UA
13.15 - 13.45 My toaster is a criminal 
Urban Suhadolnik
"Meglena" tehnologija
Elijah Hlastan in Žiga Deutschbauer, Fogy Tech
13.45 - 14.15 Kako lahko pred hekerji in izsiljevalskimi virusi zašcitite svoje lastno okolje?
Miha Pihler, Mikeji d.o.o.
14.15-15.00

OKROGLA MIZA: Izsiljevanje ne-etičnih hekerjev - plačati ali ne plačati?
(z Bitcoini, Monero, Zcash in drugimi načini plačil)

  • Kako lahko podjetje prikaže izsiljevanje v primeru odkupnine?
  • Kaj če bodo podjetja izkoriščala to možnost za pranje denarja, glede na to, da gre denar v neznano?
15.00 Zaključek in nagradno žrebanje

Moderatorja: Borut Likar in Tadej Vodopivec

 

LETOŠNJE VSEBINE:

  • My toaster is a criminal, Urban Suhadolnik
    Zakaj je varnost v IoT in ostalih embedded napravah pomembna in kakšne so posledice, če (ker) se tega ne držimo?
  • How we introduced NIS Directive into Croatian legislation?, Jurica Čular, Croatian Government's CERT
    On May 9, Croatia will, along with other EU member states, introduce new cyber legislation as a result of NIS Directive transposition. Creating a policy in dominantly non regulated environment was a challenging process that involved many stakeholders with different cyber awareness potential. This talk will bring insight into key stakeholders involved with new policy and detailed explanations of Croatian approach used to tackle with key NIS Directive demands.

  • Why everybody should do CTF/Wargames?, Miroslav Štampar, Croatian Government's CERT
    This presentation covers different aspects of CTF/Wargames that author finds particularly important in self-learning of any individial involved in information security field. Most of all, by presenting couple of cases that could be found (freely) on Internet, audience should get a better picture of vast range of possibilities that could help them to become better at everyday job activities. Instead of sitting helplessly and watching bad guys win the (online) fight, everybody should try harder and prepare by learning (solving) something new each day.

  • Core Banking Systems, Crypto coins and other business solutions are under attack, Balázs Hambalkó, Balasec
    What is it? You think you own it because you have bought it. But it's useless for you, thanks for the people's approach. It's IT Security at your system!
    I will be talking about what are the reasons the enterprise level companies/solutions (banks, agencies, Core Banking Systems, Crypto coins, and so on...) are still suffering
    and are being under (successfull) attack. Based on some true story I encountered in 2017 ...

  • CVE-Scraper, Alex Conti, Politecnico di Milano
    During pentest activity the most painful part is reporting the issues found. We are struggling to improve our reporting method, decreasing in the meanwhile the time we spend on it. We think that in this way it's possible to focus on the real pentest activity, more useful and a lot more enjoyable! I have an idea to make vulnerability reporting faster and also to make it easy find software vulnerabilities, exploits and remediations. Online there are plenty of sites that make available CVEs for a specific software version and there are also many places where it is possible to find exploits. In order to automate this process I thougth to download and maintain updated some CVE's databases, indexing vulnerabilities and looking for details offline. Alternatively the search could be made online in real-time, in order to waste the less space possible on disk.

  • Varnostne ranljivosti, odgovorno poročanje in pametne pogodbe, Gregor Pogačnik, Fundacija SICEH
    Pogledali bomo primere ranljivosti v pametnih pogodbah (na Ethereumu) zaradi katerih je "izginilo" več milijonov. Vedno več organizacij ponuja nagrade za odgovorno razkritje varnostnih pomanjkljivosti. Nagrade so včasih le simbolične, drugič pa gre za relativno visoke zneske. Kakšna je realna cena za popolno izkoriščenje določene ranljivosti na sivem trgu, lahko le grobo ocenimo. Je pa številka verjetno pogosto višja od nagrad. Pri pametnih pogodbah po drugi strani točno vemo s kolikšnimi sredstvi imamo opravka. To še toliko bolj poveča izziv, kako motivirati raziskovalce v odgovorno poročanje.
  • mBills - mobilna denarnica, ki prispeva k etičnosti in transparentnosti plačevanja, Jerica Urbančič in Primož Zupan, MBILLS d.o.o.
    mBills je mobilna denarnica, ki uporabnikom omogoča plačevanje z mobilnim telefonom 24/7/365 v realnem času: hitro, varno, enostavno, ugodno. Po drugi strani pa je mBills enotna odprta rešitev za mobilno plačevanje, v katero se enostavno vključi katerokoli podjetje. Vizija MBILLS, ki od 1. decembra 2017 nastopa s podporo Petrola, je omogočiti uporabnikom, da bodo lahko kadarkoli, kjerkoli in komurkoli plačevali s telefonom. Na drugi stranki si podjetja (od prodajalca na stojnici, prodajnih avtomatov, taksijev pa vse do velikih nakupovalnih centrov) želijo sprejemati negotovinska plačila na enostaven, hiter in cenejši način, kar mobilni telefoni nedvomno omogočajo. MBILLS že danes uspešno zasleduje svojo vizijo – omogoča namreč plačevanje v vseh situacijah, ki jih našteva raziskava Evropske centralne banke o uporabi plačilnih sredstev v evro območju: plačevanje v trgovinah in na bencinskih servisih, nakazovanje denarja prijateljem na telefonsko številko, plačevanje v restavracijah, na smučiščih, spletno nakupovanje, plačevanje mesečnih položnic, plačevanje v mobilnih aplikacijah, plačilo s slikanjem QR kode in plačila na avtomatih.

  • (Advanced) Android Mobile Application Hacking, Mislav Boroš, INFIGO IS d.o.o.
    There are numerous books and tutorials out there describing the basics of Android mobile application security, however, most of them heavily rely on tool usage.
    While tools certainly help, in many situations they simply do not work as intended and leave you in a blind-alley with the deadline approaching.
    This presentation will demonstrate some examples of how to efficiently reverse and modify tested Android applications, based on dozens of mobile application penetration tests performed by INFIGO IS.
    Instead of blindly using different tools, we will get our hands dirty and show how to bypass and intercept custom encryption modes, manually remove different security controls (like certificate pinning and jailbreak detection) and even quickly develop custom testing applications while recycling the original application code.

  • Protislušni pregled, Aleš Ažman, Detekta d.o.o. in Tibor Tajnšek, Detektivsko Varnostna Agencija Dva Fokus d.o.o.
    - Hollywood ali realnost?
    - Protislušni pregled (Technical Surveillance Counter Measures (TSCM) )
    - INFOSEC & TSCM
    - Naprave za prisluškovanje in snemanje
    - Izvajanje pregleda

  • Zloraba shranjenih profilov wifi omrežij, Andraž Jelenc, FRI in FMF
    Življenje bi si danes težko predstavljali brez brezžičnega interneta. Omogoča nam, da lahko pošiljamo elektronsko pošto in brskamo po spletu brez, da bi za seboj vlekli mrežni kabel. V prihodnosti se bo pomembnost te tehnologije le še povečala, saj bodo prek wifija komunicirali tudi vodni števci, hladilniki in srčni spodbujevalniki. Velik del brezžičnih omrežij predstavlja wifi, katerega varnost v veliki večini temelji na varnostnih protokolih WPA (v preteklosti WEP). Vendar pa nam to prav nič ne koristi, če se naprava samodejno poveže na dostopno točko v napadalčevi lasti. Privzete nastavitve napravi narekujejo, da naj se samodejno poveže na znano dostopno točko, kar lahko izkoristimo, da postane man-in-the-middle. Do popolnega nadzora nad omrežjem in vašimi napravami pa od tod ni več daleč.

  • Kako v podjetju izvesti penetracijski test s pomočjo etičnega hekerja?, Matej Lamut Skok, NLB d.d.
    Vsa podjetja se trudijo, da zagotovijo čim boljšo varnost svojih IT sistemov. Ocenjujejo tveganja, nameščajo varnostne popravke, trudijo se z varnim programiranjem aplikacij, vzpostavljajo zaščitne in nadzorne sisteme za preprečevanje ter zaznavo vdorov, itd. Ali so ti ukrepi dejansko uspešni, se najbolje preveri s simulacijo napada, ki uporablja podobne tehnike, kot bi jih pravi napadalci. Tema predavanja je organizacija penetracijskega testa: kako izbrati sisteme za preverjanje, kaj naj penetracijski test obsega, kateri so najpomembnejši kriteriji pri izbiri izvajalca ter kako uporabiti ugotovitve in priporočila, ki jih dobimo od izvajalca testiranja.

  • The experience of CERT-UA in cyber threat counteraction, Yevheniia Volivnyk, CERT-UA
    Presentation of CERT-UA team activity. APT attacks on the information systems of Ukraine. Cyber Incident Response Center.

  • Human firewall, Gorazd Rolih, Slovenska vojska
    Informacijska tehnologija je danes z nami praktično povsod. Precej nam je olajšala življenje, po drugi strani pa nas tudi ogroža. Kakšno vlogo imamo pri tem ljudje, bo poskušal ugotoviti major Slovenske vojske Gorazd Rolih, ki že vrsto let dela na področju informacijske varnosti in ga med drugim zanima tudi psihološki vidik.

  • Hackers, Threats and Cyber Defence: the S&T Slovenija approach, S&T Slovenija d.d.
    Hekerji in etični hekerji. Napadalci in obramba. Gre za konstantno bitko med dvema stranema, vmes pa imamo uporabnike, njihove podatke in način dela z njimi. Predavanje bo prikazalo glavne poudarke te bitke, kot so recimo nekatere tehnike hekanja, kako poiskati in reagirati na grožnje ter kako zgraditi primerno kibernetsko obrambo. Prikazali bomo tudi izkušnje ekipe S&T Slovenija d.d. na področju kibernetske obrambe in nekaj primerov.

  • Designing practical Audit Trails in Oracle, Pete Finnigan, Oracle Security specialist
    Pete will present the situation faced by most DBAs. An Oracle database that has limited audit trail settings provided by Oracle by default. These settings have been enabled since version 10.2 but do they work" do they provide accountability? - lets see. Pete will breifly introduce two web applications that are developed with Oracle as the back end and show how during hacking the applications and revealing such details  as credit card numbers (PCI)c and customer details (GDPR) how well Oracles default audit trails perform; do they catch the actions performed, can we detect what happened and by who. Then Pete will introduce the features of a simple policy based toolkit that he has created himself for the Oracle database and install this. he will then hack the database again and see if the results are instantly better; they should be.

  • NAT64 eksperimenti v Go6Lab-u in orodje NAT64Check, Jan Žorž, Go6 / Internet Society
    As many mobile operators were moving to IPv6 only which is incompatible with IPv4 on the wire, it’s necessary to employ transition mechanisms such as 464XLAT or NAT64. The Go6lab NAT64/DNS64 testbed was therefore established so that operators, service providers, and hardware and software vendors can see how their solutions work in these environments. 
    This has already generated significant interest, and instructions on how to participate are available on the Go6lab website.
    When using NAT64 there are many things that need to be checked to ensure they work correctly. NAT64check has therefore been developed to allow websites to be checked for consistency over IPv4, IPv6-only and NAT64, as well to compare responsiveness using the different protocols. This allows network and system administrators to easily identify anything is ‘broken’ and to pinpoint where the problems are occurring, thus allowing any non-IPv6 compatible elements on the website to be fixed. For example, even if a web server is not running IPv6 (why not?), hardcoded
    IPv4 addresses can cause NAT64 to fail.

  • onyx - unique search engine that crawls entire web and identify outdated platforms , Primož Cigoj, Institut Jožef Stefan
    Onyx is a solution to create a unique search engine that crawls entire web with one and only purpose to index current running software version and identify outdated ones. Based on the security hole and indexed version of the software would be possible to assess the potential damage. Owners of the websites who are running vulnerable software could be warned to update their software. Based on collected data (indexed websites) it would be possible to predict and define geographical damage, as geo location of each server is available to retrieve while indexing websites. Estimated damage caused could be calculated and reported, geographically and in numbers of users.

  • Predajaj znanje naprej, pomagaj pri varnosti (Share your knowledge, help with security), Elijah Hlastan in Žiga Deutschbauer, Fogy Tech
    Have you ever sat in a café and logged onto Facebook? Maybe your bank account? Did you ever wonder who else was logging on with you, watching what you do, stealing your credentials? 
    As hackers, we think about these problems regularly. Which is why we are creating a product to protect individuals from data theft. Come and interact with us as we present our product in development, and share your ideas with us as we work to build a safer browsing experience for others.
    The world of cyber security is strange and uncertain. You could almost say the future is a bit FOGy.

  • The PENtesting is mightier than the sword, Matija Verić, Atia Consulting
    The PENtesting is mightier than the sword - We will cover why is Penetration testing important, what are the prerequisites for both, a customer and a penetration tester, to make the best out of the project. Furthermore, we’ll be showing selected information from the real cases.

  • Princess and the beast in the cyberworld, Aleksandar Mirkovic, eSigurnost
    From zero to full control
    Demo will include:
    Evil twin attack, Java aplet exploit and WannaCry exploit, priviledge escalation, hashdump and lateral movement on network.
    I will create a fairy tale about a Company Manager sending some emails from coffeshop being unnoticable hacked, and unintencionaly bringing hacker into company, so hacker can hack the whole company from inside.

     

     


Cena znaša 496 € + DDV (za 2 dni). 

4. aprila 2018 bosta v sklopu konference HEK.SI vzporedno potekali tudi 2 praktični delavnici: 

1. Hands On Hacking: ICT Forensics - What Every Security Officer MUST Know about FORENSICS?

2. Hands On Hacking: Kako izvesti notranji penetracijski test?

Cena posamezne delavnice znaša 297 € + DDV. 

V primeru, da se prijavite na konferenco in delavnico, prihranite 147 €. 

Več informacij je na voljo na spletni strani www.hek.si

Zagotovite si svoje mesto na HEK.SI 2018!

 

Kristina Velišček
kristina.veliscek@palsit.com
05 338 48 51

 

 

* Kosilo in vsi prigrizki so vključeni v ceno programa.

 

ZLATI SPONZOR

  S&T         Infigo     

  ALEF distribucija  
 

BRONASTI SPONZORJI

SIQ       SI-CEH   

  Comtrade  

 

MEDIJSKI SPONZORJI

Računalniške novice           Monitor pro    

 Revija avtomatika 

Stališča, ki so predstavljena v prezentacijah, so stališča avtorja in ne organizacije, iz katere avtor prihaja niti organizacije, ki dogodek organizira.



Predavatelji

Urban SuhadolnikUrban Suhadolnik
Urban Suhadolnik je študent 2. letnika Fakultete za računalništvo in informatiko. Z računalništvom se ukvarja že od otroštva. V zadnjih dveh letih pa se je začel poglobljeno ukvarjati in udeleževati konferenc s področja računalniške varnosti in etičnega hekanja.

 

 

Jurica ČularJurica Čular, Croatian Government's CERT
Jurica Čular graduated at Faculty of electronics and computer science, Zagreb, Croatia as Master of Computer Science. Got an MBA in finance and marketing at Kelley School of Business, Indiana University. Holds several information security certificates CISA, CISSP, ISO 27001 LA. Worked as an information security consultant for financial institutions and for Deloitte. Currently working as an expert advisor in Information Systems Security Bureau.

Miroslav ŠtamparMiroslav Štampar, Croatian Government's CERT
IT Security Advisor - Expert at Croatian Government's CERT, part of the Information Systems Security Bureau (ZSIS). Born in 1982, writing and breaking computer code for as long as he can remember. A PhD candidate with Master's Degree in Computer Science at Faculty of Electrical Engineering and Computing (FER), University of Zagreb, Croatia. Also, open source contributor (sqlmap, Maltrail, tsusen, ipsum, etc.) and Croatian Chapter Lead for The Honeynet Project.ž

Balázs HambalkóBalázs Hambalkó, Balasec
Balázs is a Penetration tester, Researcher and SQL FAN. He has always had a strong fascination with Network Security (esp. Layer 2), MsSQL related security issues, and he is also interested in exploit development. He started his career in IT Security field 17 years ago with Reverse Engineering. Now he performs web application tests, exploit developments, infrastructure tests and configuration reviews. Sometimes he is asked for an MsSQL Performance Tuning project. He spends his free time with developing his ability in kernel exploits field, hiking, or playing table-tennis. Balázs proudly holds the Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Certified Security Analyst (ECSA), Certified Ethical Hacker (CEH), MsSQL 2012 MCSA, MsSQL 2008 MCTS.

Mane PiperevskiMane Piperevski, Piperevski & Associates
M-r Mane Piperevski is security expert with over 10 years of experience and expertise in field of Ethical Hacking/Penetration Testing and ICT Forensics. He works currently as CEO and IT Security Consultant at Piperevski&Associates and he is also contributor to open software security community as OWASP Chapter Leader for Macedonia. Recently published white papers “Hacker Attacks - Undetectable attacks from trojans with reverse communication” and “Hacking Attacks - Security Threats in IPv6 networks”. Holder of numerous security certifications (C|EH, E|CSA, C|HFI, E|CIH, E|CSP .NET, MCSA, MCSE, MCITP, C|EI, MCT) and Europe highly ranged Cyber Crime instructor and trainer.

Alex ContiAlex Conti, Politecnico di Milano
I'm about to graduate in Physics at Università degli Studi of Milan. Thanks to courses I attended during my career I learned more about new programming languages. I experienced computer security for the first time by attending for pleasure professor Zanero’s course “Computer Security”.
Enthusiast of robotics and Artificial Intelligence I stepped in Computer Science by building and programming robots. Among the platforms I used are BasicStamp BS2 (upgraded by himself to BS2sx), Arduino Uno and Lego Mindstorm NXT.

Gregor PogačnikGregor Pogačnik, Fundacija SICEH
Gregor Pogačnik je zaposlen v podjetju Sportradar d.o.o. Delal je kot razvijalec programske opreme ter vodja sistemskih administratorjev. Zadnje čase poskuša izboljšati efektivnost razvoja (CI/CD) ter povezati oba svetova ("DevOps"). V tej vlogi ne zanemarja pogleda na računalniško varnost, pri čemer se z izkoriščanjem ranljivosti v kontroliranih okoljih ukvarja bolj ljubiteljsko. Zanimajo ga porazdeljeni sistemi in kriptologija, zaradi česar je tudi navdušen nad tehnologijami veriženja blokov in kriptovalutami. Je član ACM, Bitcoin društva Slovenije in predstavnik strokovnega sveta Fundacije SICEH.

Primož ZupanPrimož Zupan, MBILLS d.o.o.
mag. Primož Zupan  je direktor MBILLS. Prvi Idea manager v Sloveniji, ki je pomagal preko internega inkubatorja ideji mBills premostiti razvojne težave do vzpostavitve startupa. Kot idea manager se je razvil v Halcomu. Njegove delovne izkušnje pred tem vključujejo pozicije: direktor prodaje v IT startupu Salviol, vodja kabineta Ministra za delo, družino in socialne zadeve, prodajni predstavnik IBM Slovenija. Odlikujejo ga močen entuziazem, strast, optimizem, dostopnost do ljudi, skrb za sodelavce in močan socialni kapital.

Jerica UrbančičJerica Urbančič, MBILLS d.o.o.
Jerica Urbančič je vodja marketinga v MBILLS. Včasih se mora pri svojem delu preleviti v »čarodejko za vau trenutke«, saj so v središču digitalizacije uporabniki, ki jih moraš navdušiti in v njih zanetiti iskrico zanimanja. Kot psiholognja odlično razume navade in vedenje ljudi, kar s pridom uporablja pri svojem delu. Jerica je mlada profesionalka, ki jo krasijo ambicioznost, strast do dela in neumorna energija, s katero se loteva vseh izzivov, ki ji pridejo na pot.

Mislav BorošMislav Boroš, INFIGO IS d.o.o.
Mislav Boroš graduated in 2012 in the field of Computer Science at the Faculty of Electrical Engineering and Computing in Zagreb, Croatia.
During the 4 years of active duty military service as an army officer he took part in international NATO courses and activities related to cyber security.
Since December 2016, he is working as an Information Security Specialist at INFIGO IS, mainly on penetration testing projects.

Aleš AžmanAleš Ažman, Detekta d.o.o
Aleš Ažman je zasebni detektiv z licenco, zaposlen v podjetju Detekta, detektivsko-varnostna agencija in svetovanje d.o.o. Ima dolgoletne izkušnje iz vojske, posebej s področja CIMIC, saj je bil kot častnik SV tudi inštruktor v centru odličnosti Nata (CCOE) na Nizozemskem. Pridobljene izkušnje iz mirovnih operacij in šolanj v različnih oboroženih silah po svetu uspešno prenaša v civilno okolje. Kot zasebni detektiv se dnevno srečuje z izzivi na različnih področjih detektivskega dela, od vdorov v zasebnost, nezvestobe, preverjanja zaposlenih, do iskanja skritih oseb in njihovega premoženja. Orodje, ki ga pri svojem delu uporabljala je največkrat prav svetovni splet.

Tibor TajnšekTibor Tajnšek, Detektivsko Varnostna Agencija Dva Fokus d.o.o.
Tibor Tajnšek je pričel svojo poslovno pot kot licenciran samostojni detektiv leta 2006. V letu 2015 je ustanovil in postal direktor detektivsko varnostne agencije DVA FOKUS d.o.o., ki ponuja celoten spekter detektivskih storitev,
ukvarja se pa tudi z varnostnimi pregledi in varnostnim svetovanjem. Prav tako je od leta 2006 pooblaščeni sodni vročevalec in uspešno vroča pisanja vseh sodišč po Sloveniji. Že nekaj let aktivno sodeluje pri izobraževanju novih detektivov kot
predavatelj na Centru za poklicno usposabljanje v programu Detektiv; Izvajanje detektivskih upravičenj in občasno sodeluje kot predavatelj na Fakulteti za varnostne vede. Je član "The Israeli bureau of private investigators", kjer se je tudi izobraževal in pridobil
obširna strokovna znanja. Svoje mesto zaseda v upravnem odboru Detektivske zbornice Slovenije.

Mojca prelesnikMojca Prelesnik, Informacijski pooblaščenec Republike Slovenije
Mojca Prelesnik je univerzitetna diplomirana pravnica s pravosodnim izpitom.
Avtorica strokovnih člankov in soavtorica knjig s področja dostopa do informacij javnega značaja, varstva zasebnosti in osebnih podatkov, predavateljica na številnih izobraževanjih, usposabljanjih in strokovnih konferencah ter srečanjih (s področja širše javne uprave, delovnega prava, inšpekcijskih postopkov, zdravstva, šolstva, arhivov, gospodarstva, itd.).
Poleg pravnega znanja ima tudi izkušnje na področju zakonodajnega postopka, managerskega dela, vodstvene in organizacijske sposobnosti s področja dela javne uprave, vodenja in finančnega poslovanja. 
Z dostopom do informacij javnega značaja se je začela ukvarjati že leta 2002 na Ministrstvu za informacijsko družbo, kjer je sodelovala pri pripravi predloga zakona o dostopu do informacij javnega značaja in bila v času zaposlitve tudi uradna oseba po ZDIJZ. 
Področje varstva osebnih podatkov je postalo njeno delovno področje leta 2006, ko se je Pooblaščenec za dostop do informacij javnega značaja preoblikoval v Informacijskega pooblaščenca in pridobil pristojnost dotedanjega Inšpektorata za varstvo osebnih podatkov pri Ministrstvu za pravosodje. 
Znanje in izkušnje, pridobljeno v času zaposlitve, najprej na Ministrstvu za informacijsko družbo in nato pri Informacijskem pooblaščencu, je kot generalna sekretarka Državnega zbora lahko še dodatno nadgrajevala v praksi in dobila vpogled v poslovanje kot predstojnica upravljavca številnih zbirk osebnih podatkov in zavezanca za dostop do informacij javnega značaja. Iz letnih poročil po ZDIJZ izhaja, da je Državni zbor v obdobju 2008-2014 izkazal visoko stopnjo dostopnosti do informacij javnega značaja in transparentnega poslovanja. Kot upravljavec zbirk osebnih podatkov je Državni zbor v istem obdobju bistveno izpopolnil in izboljšal zavarovanje zbirk in zaščito osebnih podatkov.

Matej Lamut SkokMatej Lamut Skok, NLB d.d.
Matej Lamut Skok že 30 let deluje v IT-ju. V začetku kot razvijalec programske opreme, zadnjih 15 let pa v Novi Ljubljanski banki opravlja naloge varnostnega inženirja. Diplomiral je na Fakulteti za elektrotehniko in magistriral na Ekonomski fakulteti v Ljubljani. Je nosilec strokovnega naziva CISA ter certifikata CIS – SIQ Information Security Manager.

 

Yevheniia VolivnykYevheniia Volivnyk, CERT-UA
Yevheniia Volivnyk graduated from the Institute of Special Communication and Information Protection of the National Technical University of Ukraine "Kyiv Polytechnic Institute". Since 2015, she is working as an Information Security Specialist at the State Center of Cyber Defense and Cyber Threats Counteraction of the State Service of Special Communications and Information Protection of Ukraine.

Andraž JelencAndraž Jelenc, FRI/FMF
Andraž Jelenc je študent zaključnega letnika dodiplomskega študija računalništva in matematike, ki ga skupaj izvajata FMF in FRI. Raziskuje na področju računalniške varnosti in kriptografije pri čemer sodeluje z Laboratorijem za kriptografijo in računalniško varnost na FRI. Osredotoča se na odkrivanje inovativnih načinov lomljenja klasičnih šifer, avtomatizacijo napadov na brezžična omrežja ter alternativne metode avtentikacije končnega uporabnika.

Anže NunarAnže Nunar, FRI/FMF
Anže se je z računalnikom srečal še preden je začel obiskovati vrtec, z osnovami kriptologije pa kmalu zatem, ko je bil njegov oče, po večkratnem sesutju operacijskega sistema, prisiljen računalnik zakleniti z BIOS geslom. Prvo geslo mu je kmalu uspelo ugotoviti, saj tričrkovnih kombinacij res ni veliko, kajne? Oče nad tem sicer ni bil najbolj srečen, navdušenje, kaj vse se skriva v svetu kriptologije (in matematike) pa je bilo vedno večje. Anže trenutno zaključuje interdisciplinarni magistrski študijski program Računalništvo in matematika na Fakulteti za matematiko in fiziko Univerze v Ljubljani.

gorazd rolihGorazd Rolih, Slovenska vojska
Major Gorazd Rolih na Poveljstvu sil Slovenske vojske vodi odsek za kibernetsko delovanje. Večino svoje kariere v Slovenski vojski se ukvarja z informacijsko tehnologijo, zadnjih 10 let, vmes tri leta v NATO, pa z managementom informacijske varnosti.

 

 

Gorazd BozicGorazd Božič, SI-CERT
Gorazd Božič je vodja nacionalnega odzivnega centra za omrežne incidente SI-CERT (Slovenian Computer Emergency Response Team). Odzivni center SI-CERT v okviru javnega zavoda ARNES od leta 1995 dalje preiskuje vdore v računalnike, okužbe z računalniškimi virusi in pomaga uporabnikom pri raznovrstnih drugih zlorabah na internetu, tudi preko programa ozaveščanja varninainternetu.si. Med letoma 2000 in 2008 je Gorazd Božič predsedoval evropski skupini odzivnih centrov TF-CSIRT in je predstavnik Slovenije v upravnem odboru Evropske agencije za omrežno in informacijsko varnost ENISA.

Pete FinniganPete Finnigan, Oracle Security specialist
Very experienced and expert in the area of securing Oracle databases. Pete has a deep understanding of every aspect of auditing, designing and teaching in the areas of Oracle security.
Pete is a member of the OAK table - a group of Oracle scientists and also an Oracle ACE for security.
Pete has sucessfully performed security audits for major world wide and UK companies, government organisations and departments. Pete has also taught Oracle security audit and hacking practices to many organisations ranging from commercial, military to government and private sector.
A sought after speaker at many events world wide including events such as PSOUG, UKOUG, RISK and BlackHat. Pete has also been published many times in many media and has also authored the book Oracle security step-by-step as well as two chapters of the Oak Table book for Apress. He will also release his new book - Oracle Incident response and forensics - with Apress in December 2017
Pete is also an accomplished C programmer, shell scripting, PL/SQL, .NET languages, Perl and has a passing aquantence with many other programming languages.
Pete is familiar with all Oracle security technologies including but not limited to, TDE, VPD, OLS, Audit trail design and implementation, FGA, Security audits of Oracle, design work, encryption, PCI, RBAC, Secure application roles, security triggers and much more.
His company also produces and licenses http://www.petefinnigan.com/products/pfclscan.htm a powerful framework based database security vulnerability scanner. We also protect PL/SQL code with our tools http://www.pfclobfuscate.com and locally in the UK we also help clients comply with the EU cookie privacy laws by conducting web site audits - see http://www.pfclcookie.co.uk

Matija VerićMatija Verić, Atia Consulting
Matija Verić is an IT professional with more than 17 years of professional experience and long international business development and sales history, who managed and/or developed business for some of the key IT players all over Europe, strongly focused on information security.

 

 

Jan ŽoržJan Žorž, Go6 / Internet Society
Jan Žorž started his professional career in RS-232/VAX VMS world in 1992 and continued through Novell and Windows environments all the way to Solaris and other UNIX derivatives that today represent the native environment for the majority of his projects. Jan is the Internet Society's Operational Engagement Programme Manager. He works on operational initiatives to ease the deployment of IPv6 and other technologies. He is also working to help the industry document best-current operational practices and to improve operator feedback to the IETF.
Jan is one of the pioneers of SiOL, the Slovenian national ISP, and has been involved in the organization from the beginning. Among other activities, he began experimenting in 1997 with Internet streaming multimedia content. Based on these experiments, he successfully accomplished projects such as "Dhaulagiri '99 Live" (an Internet multimedia transmission of Tomaz Humar's solo climb of the south wall of Dhaulagiri (called Death Zone in the Himalayas), "Ski Everest Live 2000" (an Internet live-video transmission and monitoring of extreme skiing from the summit of Mt. Everest by Davo Karnicar) and other similar projects. Together with two other members of the team "Dhaulagiri '99 Live", Jan received a media award/statue "Victor" for special achievement.
For the last seven years, Jan has been working as a consultant in the IT field, specializing in IPv6. He co-founded the Go6 institute (not-for-profit), a Slovenian IPv6 initiative whose main objective is to raise IPv6 awareness in Slovenia and alert the community to the fact that we are approaching extensive changes on the Internet.
Due to the success of Go6 Institute, Slovenia is currently leading the EU as the country most prepared for IPv6 (according to the RIPE NCC's IPv6 RIPEness study). Jan has been invited to present around the world on his work, the model of the Go6 platform, IPv6 awareness raising and deployment at the national level. These speaking engagements have included conferences such as RIPE Meetings, Google IPv6 Implementors Conference 2010, Internet Governance Forum meetings, OECD meeting, World IPv6 Congresses (Paris and London), as well as national forums in Germany, Greece, Norway, Macedonia, Oman, Brazil and many others.
Jan is also primary co-author of a very successful procurement (specification) paper, published as official RIPE Best Current Practice document RIPE-501, titled "Requirements For IPv6 in ICT Equipment". This document is translated into more than 10 languages and is used around the world by enterprises and governments when requesting IPv6 features in ICT equipment purchases. RIPE-501 was recently replaced by RIPE-554, also co-authored by Merike Kaeo, Sander Steffann and Jan Žorž.

Primož CigojPrimož Cigoj, Institut Jožef Stefan
His main areas of interest are information security, digital forensics, fight against cybercrime, and cloud computing. Moreover, he is a Certified Ethical Hacker since this year and has over 15 years of experience carrying out security checks and penetration tests. He has completed internet security reviews and penetration testing in complex environments including banks, insurances companies, ministries, schools and companies with critical infrastructure.
Currently, he is employed by Jožef Stefan Institute in Ljubljana, Slovenia. Besides that, he is completing the doctoral dissertation in the information and communication technologies at the Jožef Stefan International Postgraduate School. Primož Cigoj participates in European Funded H2020 projects including the LIVE-FOR project (Criminal Justice Access to Digital Evidences in the Cloud – LIVE-FORensics). Besides that, Primož Cigoj is a CEO of SME software Development Company, RSteam d.o.o. based in Ljubljana, Slovenia, with strong background in web and mobile application development with over 10 years of programming experience.
Moreover, he is the Internet Society (ISOC) representative in Slovenia since 2011. ISOC is a global cause-driven organization governed by a diverse Board of Trustees with dedication to ensuring that the Internet stays open, transparent and defined by the user.

Andrej VnukAndrej Vnuk, ALEF Distribucija SI, d.o.o.
Andrej Vnuk se že več kot 20 let ukvarja z varnostjo v IT. Po dolgoletnem postavljanju in vzdrževanju rešitev kot so požarne pregrade, VPN, spletni prehodi, zaščita elektronske pošte in druge, se je v zadnjih letih posvečal predvsem odkrivanju ranljivosti in širjenju »vere v Splunk«. Redno je predaval tudi na javnih dogodkih in konferencah s področja informacijske varnosti. Od lani je v vlogi distributerja računalniških rešitev zadolžen za širjenje partnerske mreže, ozaveščanje javnosti in iskanje novih rešitev s področja upravljanja varnosti in omrežij. Trenutno je regijski tehnični in prodajni koordinator za programa Flowmon in KEMP.

Boštjan ŠpehonjaBoštjan Špehonja, Fundacija SICEH
Boštjan Špehonja je specialist informacijske varnosti ter soustanovitelj Fundacije SICEH. Zaposlen je v podjetju Unistar LC, kjer je odgovoren za izvajanje varnostnih pregledov in penetracijskih testov. Ima širok nabor izkušenj, saj mu je pregled svojega IKT okolja zaupalo že veliko organizacij, kot so podjetja s kritično infrastrukturo, banke, zavarovalnice, ministrstva ter veliko drugih podjetij. Izvaja tudi izobraževanja ter praktične delavnice na temo varne uporabe interneta in je certificirani etični heker (CEHv9).

Elijah B. Hlastan, Fogy Tech
As a security enthusiast, I am happiest when I can solve riddles in security breaches, whether in my home, school or elsewhere. After finishing computer high school this coming spring, I plan to build a career in cyber security and penetration testing. My end goal is to help protect people from the crimes that occur daily on the deep web. At the moment, my partner and I are in the beginning stages of a start-up product through our new company FOGy.

Žiga Deutschbauer, Fogy Tech
My name is Žiga Deutschbauer and I am a eighteen years old student, coming from Slovenia. I am currently attending High school for electronics and computer science in Velenje. I am in fourth year of a program to become a computer technician.
I was always seen as advanced kid, always one of the smartest in class. I had been an excellent student all my years of schooling. My strongest subjects are math and computer programming. But only attending school has never satisfy my need of wanting to know and to learn more.
I have been competing in math competitions since I remember and in last two years I have also won gold awards. In my free time I am on the computer a lot where I improve my programming knowledge with learning different computer languages and trying to make programs with cmd and linux terminal.
But that is just not enough for me, like I said: I want adventure. Not only it would be an adventure and one of the best experience, but it would also be an opportunity for me to feed my brain with more knowledge which would be an excellent foundation for me to build a career doing things I am passionate about.

Matjaž PušnikMatjaž Pušnik, KPMG Poslovno svetovanje, d.o.o.
Matjaž je vodja oddelka IT svetovanje v podjetju KPMG poslovno svetovanje, d.o.o. ter ima več kot 15 let izkušenj v zelo zahtevnih domačih in mednarodnih poslovnih in informacijskih okoljih na področju IT svetovanja in revizije informacijskih sistemov. Njegovo delo zajema predvsem izvajanje pregledov in revizije informacijskih sistemov, dajanja zagotovil za finančne in nefinančne družbe ter svetovanje na področju informacijskih tehnologij.
Je član organizacije ISACA in imetnik naslednjih certifikatov: CISA (certificiran revizor informacijskih sistemov), CRISC (certificiran strokovnjak za upravljanju tveganj in nadzor informacijskih sistemov) ter PRIS (preizkušen revizor informacijskih sistemov).

Taja AndrejTaja Andrej, KPMG Poslovno svetovanje, d.o.o.
Taja je svetovalka v oddelku IT svetovanje v podjetju KPMG poslovno svetovanje, d.o.o.. Ima večletne izkušnje na področju svetovanja na področju informacijske varnosti, vzpostavljanja sistemov varovanja informacij ter izvedbi presoj po standardu ISO 27001 ter svetovanja na področju varstva osebnih podatkov in zasebnosti.
Je članica organizacije ISACA in imetnica naslednjih certifikatov: CISM (certificiran manager informacijske varnosti) in ISO 27001 Lead Auditor.

KOTIZACIJA IN PRIJAVA
Cena: 496,00 EUR + 22% DDV
Kotizacijo prosim poravnajte najkasneje 7 dni po prijavi na TRR: 02241-0090950979. Brez poravnane kotizacije v celoti vstop v dvorano ne bo mogoč. Skrajni rok za morebitno (pisno) odpoved je 14 dni pred izobraževanjem. Če se boste odjavili po tem roku, vam bomo zaračunali administrativne stroške (70% kotizacije), za odjavo teden dni pred dogodkom pa kotizacija zapade v celoti.

 

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete tukaj.