Jump to navigation Jump to content

Speaker

James Birnie

James Birnie

Cyber Security Leader and Fractional CTO

London, United Kingdom

Actions

James first worked in software delivery in the 1990s, when agile and lean were words used to describe gymnasts and pipelines were for carrying oil.

After working in a successful startup for 10 years James drifted into being an ex-software developer while learning about people, processes and systems thinking as a consultant at ThoughtWorks. Following a stint as Head of Platform in a Fintech and VP of Engineering in a Proptech startup, James went back to consultancy with Forrow where he is mainly working on Cyber Security and Post Quantum Cryptography while never drifting too far away from people, systems and delivery of useful outcomes.

Links

Area of Expertise

  • Finance & Banking
  • Real Estate & Architecture

Topics

  • agile
  • Agile Leadership
  • Quantum computing
  • CHAT-GPT

Sessions

How to Train Your Security Dragon

Cyber Security is the last bastion of ticket driven workflows and Waterfall methodology. Both processes actively work against delivering useful outcomes to your business quickly enough to deal with emerging threats such as AI and Quantum. This dynamic leaves your Cyber team firmly on the COST side of every conversation.

How can you evolve your Cyber Security team so that it is viewed as a VALUE generating part of your technology delivery organisation? As a VP of engineering I've helped to change the culture in a startup by focusing on the value generated and enabled by good Cyber Security. As an independent contractor to a UK bank I've helped to transform Cyber Security Delivery and unlock value across the organisation.

In this talk I'll show you how to Train your Cyber Security Dragon, how transformation is achievable and how you too can modernise your cyber security engineering in such a way that it is viewed as a value creator in your organisation.

How to Get Quantum Ready

Back in 2019 I was studying, and even once worked on, quantum computers. Q-Day seemed a long way off then. I spoke then about how when Q-Day comes, not only would a lot of our encryption be obsolete but it would already be too late to do anything about it because those encrypted messages will have been, probably already had been, stolen. Back then, nobody had named that type of attack as a "Harvest now decrypt later" attack, but that was what I was going on about.

Now, Q-Day is not too far away. Many people have been describing the problem in a bit more detail, including what your organisation needs to do in order to get ready for it. But how many people have actually been preparing an organisation for Q-Day? Myself and my colleagues have been doing so at one of our clients, so this is the story of why we are doing it, what we did, what we found and how hard it will be to fix it all.

How to Use (and Abuse) Smart Contracts

The Bybit heist, executed by the Lazarus Group, has been described as the World's biggest ever robbery, amounting to around $1.5Bn. The Axie Infinity Hack (March 2022), also by the Lazarus Group, was said to be in the region of $600M.

As well as both being pulled off by Lazarus, they also share similarities in their MO. Both robberies, for example, exploited weaknesses in the organisational architecture built up around the smart contracts in use by the victims.

In this talk, I'll give an overview of how these two massive hacks went down and I'll zoom in on the Smart Contracts at the centre of each. I've created my own Smart Contracts and will demonstrate exactly how badly written, or badly protected, smart contracts can be an organisation's biggest weakness.

What we can learn from the World's Biggest Heists

Have you heard of Axie Infinity? Its a computer game with an in game economy based on the Ethereum blockchain. So what? You might ask... Well, it became popular, very popular, some say the most popular game in existence. In game economies have always spawned grey IRL economies despite, in many cases, the best efforts of game developers to prevent them. But the in-game economy, based on real crypto-assets, of Axie Infinity grew so big that it became a target for what has been called the biggest robbery of all time - the Sky Mavis hack.

How did this robbery happen? What was the (both sophisticated and age-old) kill chain that enabled it?

After the robbery the story gets even more interesting. Any detective will always tell you, "follow the money!". Crime only pays if you can convert those ill gotten gains into a currency you spend to buy real things. So how do you launder the proceeds from the biggest robbery ever? The answer might be surprising, it winds through a crypto mixer set up to operate as a DAO (Decentralised Autonomous Organisation), following the funds, US Government sanctions (recently ruled illegal by an appeal court), an activist campaign and potentially far reaching privacy consequences for all of us.

In this talk we'll analyse the kill chain of the initial attack, where the money led and how this could affect all of us. I'll go through the main takeaways that everybody should be interested in.

James Birnie

Cyber Security Leader and Fractional CTO

London, United Kingdom

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top