Speaker

Jennifer Cox

Jennifer Cox

Tenable, Security Engineer

Dublin, Ireland

Jennifer Cox is a Security Engineer at Tenable, a global leader in Vulnerability Management. After studying Theatre and Media Production, she began working at a tech company based in Ireland. Here, she started to learn the tools of the trade and skill sets that enabled her to progress to a tech role. After 11 years, Jennifer joined Tenable in 2016 where she has achieved several promotions and awards, including PCR Top 25 Women in Tech in 2019 and 2020. She works to empower organisations in both private and public sectors in EMEA towards best practices in Cyber Security, Risk Prevention, and Exposure Awareness. She works hard to ensure diversity and inclusion within her industry. Jennifer is an accomplished and results-oriented individual with a strong track record of over-achieving on her goals. She loves the fact that the technology industry changes so quickly, so it’s impossible to get bored.

Area of Expertise

  • Information & Communications Technology

Topics

  • Vulnerability Management
  • Social engineering
  • network security
  • Cloud Security
  • WomenITPros
  • Women in Technology
  • Women Empowerment
  • Women in Leadership
  • cyber security
  • Cyber Security basics
  • Cyberthreats

Securing the Human as your greatest vulnerability

When we think about protecting the organisation from threat actors we often think in terms of configuration, patching, hardening; basically using technical controls. But what can we do to ensure that we protect our intellectual property and sensitive data from access by a compromised employee? In this session, I will use recent real life scenarios to illustrate situations that are often overlooked when practicing vulnerability management today.

In the summer of 2020, hackers used social engineering to target a number of Twitter employees to gain access to internal systems and tools. They were able to compromise a number of high profile accounts - including Joe Biden and Elon Musk, among others, to post cryptocurrency scams and dupe Twitter users.

This isn’t the first time Twitter’s employees have been the source of their own exploitation. Nor is Twitter alone as numerous big companies have suffered similar incursions - including Snapchat, MySpace, and Uber.

How do we get ahead of these risks and deal with them preventatively rather than reactively?

Reducing exposure is no longer just about putting things in place to protect your network from an external attacker. What if the risk is already inside your network? How do you find it? How do you stop it? How do you deter it? It requires a mix of There is education; real-to-life tests; and security configurations that can be put into place to best protect against this kind of attack.

In this session, we will take a journey together through the before, during, and after an attack like this.

I will explain, step by step, how easily this kind of social engineering compromise exposure can happen. The session will outline: how to educate employees about being targeted in this way; how attackers utilise Insider Data, Bribery, and Manipulation to achieve their ultimate goal; and how to educate all employees, technical and non-technical about their awareness of this nature of the attack. Attendees will leave with a sanity check-list to share with employees to help them consider whether a communication is from a hacker or authentic.

During the session, I’ll also cover how, as a security professional, you can identify if an attack is happening - whether it is possible, and if it is not possible; and best practices can be employed to identify behavioural changes in employees, networks, logons among others.

By the time I have completed my presentation I hope to have awoken a curiosity in the listener that will lead them to re-assess their own practices and what they can do to change and improve their ‘human’ security against social engineering in the future.

Jennifer Cox

Tenable, Security Engineer

Dublin, Ireland