4th International Congress of Information Security

Experts from the EU CyberNet Project and the Latin American and Caribbean Cyber Competence Centre participated as speakers during the celebration of the 4th International Congress on Information Security in La Paz, Bolivia from November 28 to 30.

The event brought together national and international specialists and experts in information security, with the aim of sharing their knowledge, experiences and good practices in current and trending topics in Cybersecurity, analyzing future challenges in the local and global context through conferences and technical workshops in different disciplines of cybersecurity.

As part of the regional support to Latin America and the Caribbean offered by LAC4, professionals from the EU CyberNet expert pool facilitated conferences in:

Systems Engineer specialized in cybersecurity, digital forensics, cybercrime investigation and incident response. In charge of the 24/7 Contact Point Unit for the Budapest Convention and Director of the National CSIRT of the Dominican Republic.

  • Establishing a quality vulnerability management program:
    Vulnerability management is the ongoing and regular process of identifying, assessing, reporting, managing, and remediating cyber vulnerabilities in endpoints, hardware, and systems. The presentation highlighted the importance of creating solid vulnerability management processes, since these can improve the security posture of organizations and reduce the danger in the face of emerging threats.
  • Prevention, detection and response to threats outside and inside the network:
    The cyber threat landscape is rapidly evolving, and protecting against potential cyberattacks requires rapid monitoring and response. The longer a cybersecurity incident passes before its resolved, the greater the potential damage and expense to the organization. The session focused on how to address these threats as the responsibility of an organization’s Security Operations Center (SOC).

Consulting Director at Holistics GRC since September 2017. She has a degree in Public Accounting and more than 20 years of experience as an auditor and consultant. She is a professor at the Instituto Tecnológico de Estudios Superiores de Monterrey, in addition to having certifications and accreditations such as CRISC, CISA, CDPSE, GRCP, COBIT 5 & COBIT 2019 Accredited Trainer, LA ISO 37001: 2016.

  • Third-party risk management:
    The new IT supply models make it necessary to work with third parties, which is why they carry out internal control functions. To select the one that represents the least risk, Third Party Risk Management processes must be followed. During the session, the participants learned the TPRM Plus methodology to carry out this analysis and reduce the risks involved in contracting third parties in IT and OT matters.
  • ICS/SCADA Audit of Critical Infrastructures:
    Given the growing convergence of IT/OT (Information Technologies with Operation Technologies) it is important to evaluate this convergence so that there are no risks that could interrupt operations, fail to comply with regulations and even more so that endanger physical security of people to a greater extent in those critical infrastructures of different sectors, Energy, Transport, Pharmaceutical. It is important to highlight that it must be evaluated with a holistic approach to identify the cause and define the solution proposal and manage the risks around the convergence of IT/OT.

Deeply passionate cybersecurity analyst with extensive experience in ethical hacking, malware analysis, and threat analysis.

  • Reverse engineering and malware analysis laboratory:
    Malware analysis and reverse engineering are fundamental pieces to discover, detect and eliminate persistence left by cyber attackers, likewise, for the analysis of different threats, to improve the security posture of organizations, the assistants learned how to use be skills to improve the incident response process.
  • Offensive security techniques:
    Bad programming practices and failures in system configurations lead researchers every day to discover new vulnerabilities. In this workshop, attendees will learn how to discover existing vulnerabilities in their systems, how to remedy them, how they can find and exploit these flaws in their systems to keep the security of their services up to date.