1. Cyber Services Plc 2015

2. BRIEF SUMMARY  Founded in 2015  Founders and members are security veterans with proven international reputation  Resources available:  10+ Senior consultants  20+ Developers  20+ Testers  Qualifications of the team  9 Certified Ethical Hacker (KCEHA)  3 International CEH  4 Offensive Security Certified Professional (OSCP)  Services:  Ethical hacking  Cyber threat analysis  Cyber (defence) exercises (planning, execution)  Multi-level information security awareness trainings – Gamification  Information security and IT security courses, development  Reputation management  Key references  NATO  UAE Dubai  ZAIN Kuwait  EU Council  Hungarian Government

3. KEY EXPERTS Anett Mádi-Nátor Director of International Operations  Senior cyber security expert (strategic, administrative) and trainer  10 years working experience for government, NATO, European Union, and private sector incl. critical information infrastructure (approx. 400 projects on 5 (sub)continents)  Recent positions include HUN MilCIRC Head of Coordination, NATO Cyber Defence Capability Team Chair, NATO Cyber Coalition Exercises Core Stategic and Administrative Planner  HUN NSA CDMA Administrative Head  KÜRT Ethical Hacking Course Lead of Strategic Communication and Project Management Module Ferenc Frész CEO  Senior cyber security expert (strategic, technical) and trainer  Approx. 20 years working experience for government, NATO, European Union, and private sector incl. critical information infrastructure (more than 1400 projects on 5 (sub)continents)  Recent positions include HUN MilCIRC Technical Head, HUN National Rep. to NATO Cyber Defence Capability Team, NATO Cyber Coalition Exercises Core Technical Planner  HUN NSA CDMA Head, Founder and Lead Trainer of KÜRT Ethical Hacking Course

4. THE TEAM Resources  10+ Senior consultants, advisors  20+ Developers  20+ Tester s Qualifications  9 Certified Ethical Hacker (KCEHA)  3 International CEH  4 Offensive Security Certified Professional (OSCP) Core competencies  Analysis of complex IT systems  Hardening project professional support  IT and information security expert activity  Information security process support  Planning and management of IT projects  System design and documentation  Development  Incident management (log analysis, log management, and investigating network activities)  Supervision of qualified IT networks  Installation and support of qualified servers  Testing

5. ETHICAL HACKING  Black Box, Grey Box, White Box testing  External infrastructure testing  Internal infrastructure testing  Web application testing  Mobile network testing (3G, 4G, Wi-fi, etc.)  Automated, manual, and hybrid vulnerability assessments  High profile targeted tests for special purposes  Applied methodology may include steps as  Reconnaissance  Scanning  Testing  (Exploitation)  Report of findings - documentation

6. CYBER THREAT ANALYSIS  Focuses on revealing and identifying modern, so called asymmetric threat actors  Enables proactive decision making  Enables identifying and analysing hacktivist teams, hacker groups and state sponsored malicious threat actors  Gives ability to protect and to prepare for any potential cyber attacks.

7. CYBER DEFENCE EXERCISE  Cyber (defence) exercises serve the purpose of testing, developing, and training the ability of organisations and commercial entities to defend their networks and information protection systems from various challenges that those are to face when operating in the virtual space.  A well-developed cyber exercise tests systems and networks to make sure that those are able to keep pace with evolving threats. The human factor matters as well, as exercises also test individual and collective skills and expertise of cyber specialists of organisations and companies.  Exercises provide the opportunity to involve all experts from technical fields up to the highest level decision making entities, even from remote locations.  One important internal goal of such exercises is to exchange critical cyber information and promote a collective defence approach in a rapid manner. Then coordinated response approaches may be developed and followed in due course for real life situations, to mitigate and eliminate virtual attacks to result in consequences that are real and potentially destructive.  Cyber exercises may be developed at various levels from table-top (mostly administrative) to fully developed and highly technical formats.

8. MULTI-LEVEL INFORMATION SECURITY AWARENESS PROGRAMS Multi-level (corporate-wide) information security awareness programs and campaigns for general users, system administrators, system developers, privileged users, internal trainers  Contact sessions  E-learning and campaigns through social media (apps)  Technical and social challenges  Gamification  ’Policy in Practice’  ’Train the Trainer’

9. (IT) SECURITY COURSES AND DEVELOPMENT  Cyber treat analysis  Log analysis and log management  Network forensics  Social engineering  Incident handling and management (incl. early warning, incident response, and incident mitigation)  IT project communication (strategic approach)  Cyber defence management

10. REPUTATION MANAGEMENT  Real-time influencer monitoring  Implementing communicational content search engine optimizing strategy for existing and future search terms on the client organisations and commercial entities  Real-time content creation  Real-time link shield building  Proactive actions before important initiatives of client organisations and commercial entities

11. KEY REFERENCES  Ethical Hacking Trainings for approx. 10 years (English, Hungarian) – duration varies b/w 2 weeks – 10 months  KÜRT Academy Ethical Hacking Course for 6 years  NATO Cyber Coalition Exercises – Core Strategic, Administrative, and Technical Planning (incl. Enterprise, Allies, Partners), 2012 – 2015  HUN MoD MilCIRC Capability Development, internal trainings for CTAC and forensics, 2015  UAE Dubai Smart Government GWISAP – Government Wide Information Security Awareness Program, program managers, content developers for ’Train the Trainer’ module, 2013 – 2014  HUN National Security Authority Cyber Defence Management Authority development, internal training of employees incl. CTAC, network forensics, log analysis, etc., 2011 – 2014  SME IT Security trainings for the HUN government IT service provider incl. information sec. awareness  EU Council SME IT Security Awareness course, course developers and trainers, 2012  ZAIN Kuwait – SME IT security awareness and IT professional courses, information security awareness campaigns 2010 – 2015  Global Conference on CyberSpace 2015 – Responsible Disclosure Initiative, founders (Global Forum on Cyber Expertise)

12. THANK YOU.