Presentations

This page contains the slides for a number of presentations I have given throughout the years. Some of the slides might be incomplete due to the need to redact certain details in order satisfy classification requirements.

Despite what some of the slides might say, the entire content on this page is to be treated as [TLP:CLEAR] and can be shared with whomever you like.

English

"Hoodies & Hodlums - A Match Made in (Heaven|Hell)?"

hoodies_and_hoodlums_a_match_made_in_heaven_censored.pdf

8 MB

This presentation, given at Underground Economy 2024, takes a look at the interaction between cybercrime actors and more traditional (organised) crime, sketching out the ways of mutual cooperation and, based on relevant current examples, what the risks arise from this for companies and organisations

"Your Phishing assessments are bad and you should feel bad"

your_phishing_assessments_are_bad_and_you_should_feel_bad_censored.pdf

542 KB

Sending malicious emails to employees in order to gauge a perceived security awareness is becoming ever more popular with companies large and small taking part in such Phishing assessments. Despite their popularity, there are a ton of issues with how we do these things. At best, these issues cause them to be actively useless exercises, at worst, they can end up decreasing your security or even have a significant negative impact on your internal culture and erode trust.

This talk, given at DeepSec 2022, looks at how we mostly do these assessments, the various ways that are wrong about it and even tries to provide a few suggestions on how we, as security professionals, can do well.

"How do you do, fellow threat actor?"

how_do_you_do_fellow_threat_actor_censored.pdf

1 MB

This presentation was given at DeepIntel 2022 at a time when cyberattacks in the context of the Russian invasion were consuming a lot of attention. This talk attempted to highlight some other important developments and incidents that have happened throughout the year 2022.

German

"Informationszufluss statt Datenabfluss"

informationszufluss_statt_datenabfluss_censored.pdf

894 KB

This presentation was given at Domain pulse 2024 in Vienna, explaining the concept and varied tasks and challenges of Computer Emergency Response Teams.

"Lügen haben kurze Beine"

disinfo censored.pdf

14 MB

This presentation, an overview about disinformation - what it is, how it works, historical development, current example, outlook - was given to a very mixed audience that included everything from board level management to student interns.