Johannesburg Chapter – March 2020


Chapter Overview

Date: Thursday, 12th of March 2020

Time: 8.00 am – 3.00 pm

Venue: Montecasino, Fourways

Location: Gauteng, South Africa

Overall Theme: Community is Shaping

Areas of focus:

Benchmarking Strategy for Learning:

  • People
  • Process
  • Technology

This Alliance Chapter will focus on building a decision making and decision influencing community focused on impacting the ICT division, Information and Cyber Security of enterprises and upper mid-market organisations from the Gauteng province in South Africa.


  • From Start

    Varonis Executive Exchanges

    With business moving to the cloud, the concept of a “secure perimeter” has become a thing of the past, and many organizations are pivoting their security strategy to be data-centric. What steps should you be looking at to start on this pathway? We will be hosting a maximum of 6, one-on-one, 30-minute executive exchanges with Varonis to personalise and better understand your pain-points in this area of the business.

    Whitepaper – ZeroTrust

  • 0830


    Arrival and networking prior to the content being divulged

  • 0900

    Welcome Remarks & House Keeping

  • 0915

    Session 1 Open Forum

    Session Leader: Steve Jump – Head: Corporate Information Security Governance, Telkom

    Session Title: Cyber Risk Ontology

    To establish an unambiguous terminology to communicate actual cyber risk across business groups and management levels. From technical attack level through to strategic risk. Allowing effective value based actions to be both taken and funded.


    Cyber Risk Ontology

  • 1000

    Session 2 - KnowBe4

    Session Leaders: 

    Anna Collard – Managing Director Popcorn Training

    Liza Weschta – Head of Sales and Marketing: Africa

    Organisation: KnowBe4 Africa, Formerly Popcorn Training

    Session Title: KnowBe4 Security Awareness – Best Practices

    Focus of the Session: 
    • Security Awareness – best practices
    • Incentives, yes or no?
    • Keeping engagement
    • Showing Return of Investment/metrics
    • What’s coming soon
    • Social engineering is #1 attack vector
    • Sharing what works and what doesn’t work
    • People can transform to become our strongest security assets – we just have to enable them.

    African Cybersecurity Research Report




  • 1030

    Networking Break


  • 1100

    Session 3 Open Forum

    Session Leader: 

    Oscar Stark – Chief Specialist: Strategic Architecture, Liberty

    Session Title: Trust Experience – who do you really trust?

    So your organisation is going digital, transforming the business and implementing technologies like Artificial Intelligence and Blockchain. And now you are bombarded with acronyms like customer experience (CX), and user experience (UX). But have you thought of the trust experience (TX)?  Trust serves as fundamental anchor to enable transactions and lives in the fabric of the organisation.  Trust is however not considered when building out experiences for customers to engage with the organisation or how new technologies implemented would impact it.  What is more alarming, is when people assume that the security mechanisms they implement will naturally instil trust, but actually has the converse impact. This generally unowned territory of trust gets associated with information security and cyber, but what can professionals do to make trust a deliberate outcome?

    This talk will delve into:

    • What trust experience (TX) is;
    • How one can be deliberate in designing trust into your engagement with customers;
    • How trust experience relates to threat modelling, and
    • How trust will serve as a business differentiator going forward

    Some discussions points:

    • Does your organisation even consider the customers trust experience and expectations?
    • If you where to tackle this topic, who would you partner with in your organisation?
    • What measures would you use to check that you are making an impact?
    • Do you think the topic is even relevant?


    Who do you TRUST

  • 1145

    Session 4 - Microsoft

    Session Leaders:

    Colin Erasmus

    Johannes Kanis

    Organisations: Microsoft

    Session Title:

    Let Microsoft Security and AI Help Protect Your Business with Intelligent Security


    With more than 3,500 global security experts and $1B invested annually in research and development, we are making AI and automation work for our customers. Our business ready security solutions reduce noise by 90 percent, eliminate time-consuming tasks, and automatically remediate 97 percent of end-point threats. To help customers with these challenges, we recently released Microsoft Azure Sentinel which is a cloud-native security information and event manager (SIEM) solution that provides limitless cloud speed and scale, integration with existing tools and data sources, and faster threat protection with AI by your side.




  • 1215

    Networking Lunch


  • 1300

    Session 5 Cloud Security Workshop

    Session Leader: Justin Williams – Executive: Group Information Security, MTN Group

    Session Title: Practical approaches to dealing with key Cloud challenges and Risks

    Contextualised overview:

    The Cloud is here whether you like it or not. Increased pressure from internal organisational customers and external solution providers is forcing organisations to progress on the cloud journey regardless of reservations.

    There are several key components to security in any infrastructure—and the cloud is no exception. What is different about security in the cloud is where the responsibility for managing different security components lies.

    With an on-premises solution, your organization is solely responsible for all aspects of security. In the cloud, a cloud service provider (CSP) may take responsibility for certain components of their infrastructure. Here’s a table showing the typical allocation of responsibility for different IT security components for specific types of cloud services:

    Responsibility for Key Security Components in the Cloud

    IT Security Component IaaS PaaS SaaS
    User Access You You You
    Data You You You
    Applications You You CSP
    Operating System (OS) You CSP CSP
    Network Traffic You CSP CSP
    Hypervisor CSP CSP CSP
    Infrastructure CSP CSP CSP
    Physical CSP CSP CSP


    It’s important to note that this table only represents a typical allocation of responsibility. Cloud service providers may have different allocations of responsibility outlined in their service agreements. The complexity only grows where application and service providers are introduced who are providing services built on top of the cloud provider as the responsibilities marked as CSP may now be distributed between multiple parties and tends to be even more vague.

    Given this complexity, let us use the power of our community to further explore the key risks and challenges, share some of our experiences and challenges and possible solutions.

    6 Subsections (and related questions)

    1. Lack of transparency, visibility and control
    2. Vendor lock-in
    3. Application of the Lockheed Martin Cyber Kill Chain in the cloud
    4. Cloud as an opportunity to optimise limited security budget
    5. Technical compliance challenges
    6. Legal, regulatory and governance compliance challenges

    Expected outcomes and action areas (tangible returns)

    1. Possible solutions, successes and failures
    2. Sources of useful references material in relation to the section
    3. Recommendations for tools and services which organisations have successfully used in addressing the challenges

    Cloud Security


    Cloud Workshop

  • 1400

    Session 6 Security Analytics Open Forum

    Session Leader: Pragasen Pather – GM: Governance Risk and Security, Sun International

    Session Title: Security Analytics

    Session Synopsis: 

    Not all organisations have extensive experience of Security Analytics in the region but the adoption is inevitable.

    This session will provide those who have, an opportunity to benchmark, those who are tasting, some insight into lessons learnt from those who have and the rest, the benefit of both.


    Security Analytics

  • 1430

    Session 7 Open Forum

    Session Leader: Leigh Thomas – Director, CISO Alliances

    Session Title: “I heard of this incident, and I learnt…..”

    Rules of Engagement

    1. No names, brands, regions mentioned
    2. No finger pointing around the room for further insight
    3. No content to be shared after the Chapter
    4. Only sharing the intel that can help us and others to avoid costly and timely similar instances – The cost of the breach if quantifiable


    • How to avoid this breach impacting you as a community

  • Dependant on Session 7

    Closing Remarks & the Next Steps

    How we collate feedback and we plan to grow out the regions educational meetings.

    Highlight the chapters outcomes and action the community can make from content explored.

This content has been restricted to logged in users only. Please login to view this content.
This content has been restricted to logged in users only. Please login to view this content.