La Casa de Papel = (POS * Security Mindset) + Research / Con Artist Skills + SE
2023-09-08, 21:35–22:20 (Europe/Berlin), Tesla

La Casa de Papel for Point-of-Sales systems, Point-of-Interaction devices, virtual/physical payment systems, acquirers, card issuers, payment processors. A topic that many of you have heard being presented here and there, but, this is how it all started...

One aspect of having a security mindset means you can do threat modelling on-the-fly. It has been 10 years since this work/research started which involved several trips around the globe, working hands-on in the payment card industry, and countless think-outside-the-box hours. Oversights, weaknesses, logic flaws and different types of vulnerabilities identified in the process, were communicated behind closed doors to the respective stakeholders and special research groups, at that point in time.

A tail of using your “superpowers” and 'ethical hacking' skills-set for good!
=> Follow: @drgfragkos

After ~20 years in the UK, Dr Greg moved to the UAE when he was invited to be part of the thought leadership initiative to safeguard the future of a smart-led digital ecosystem. Among the many interesting projects, the most well-known has been his role as the vCISO for EXPO 2020 Dubai. His current role remains for the time-being confidential.

Back in London he was part of the EY Cyber team in OTS/TAS, delivering a globally market-leading proposition that he helped shape and structure, in order to provide decision makers in multi-m/billion investments (M&A) the ability to identify & quantify the risk-exposure in existing & emerging Cyber threats.

During his 20 years of experience, he has engaged with companies around the world sharing his expertise and ensuring that business entities within different sectors (such as banking, payments, maritime, defense & space) have in place security-in-depth practices. His background includes thought-leading security research, experience in defending mission-critical systems and leading technical security assessments, exposure to the CyberDefense department of the military and protecting high-value assets.

BSc in Software Engineering, MSc in Computer Systems Security and as part of his PhD he designed/implemented (PoC) the intelligent engine of what you would call today a next-gen SIEM/XDR with "notional understanding" of network events (a "flavour" of AI/ML) for real-time Threat Assessment.

Background, experience, and studies include: Glamorgan ISRG, accepted at the Applied Cyber Security at MIT, and Harvard's Cybersecurity Managing Risk, which can be invaluable when it comes to identifying hidden risks & safeguarding digital ecosystems of high complexity, backed-up by proven research & based on what is indeed considered best practices and state-of-the-art.

Dr. Greg has presented in security conferences, workshops, and summits over the years. Among other responsibilities, he has assisted ENISA as part of the NIS Experts in reviewing and designing incidents for Cyber Europe. Organizer for Security BSides Athens and Amsterdam, and OWASP London Chapter leader. Thinking ahead and outside-the-box when dealing with InfoSec challenges, is one the key characteristics of his talks.