#1 Embedded Systems Security Days

More and more devices communicate and are connected with each other. In addition to numerous advantages, this development brings with it new challenges and dangers, especially with regard to security. How can security vulnerabilities be avoided right from the start? What threats do I need to protect my system from? What security measures do I have to take? Many of our customers ask themselves these questions. And we will answer them!

That’s why we – Alpha Strike Labs and Limes Security – are pleased to announce the first Embedded Systems Security Days. We are convinced that only through appropriate training and improvement of the security know-how of developers and project members can products be made more secure throughout their entire life cycle. For this transfer of knowledge, we have succeeded in winning two outstanding trainers in this field: Adam Shostack and Peter Panholzer. Adam Shostack – also known as “the guy who wrote the book” (Threat Modeling: Designing for Security) – will offer his worldwide known training on threat modeling at the Embedded Systems Security Days. A very rare opportunity to attend this training in Europe.

In addition to professional training, the Embedded Systems Security Days also focus on networking the participants. In addition there is an extensive offer at Networking meetings and numerous opportunities to exchange themselves

Secure Product Development

If you don’t want to leave the security and therefore the quality of your products to chance, you have to choose a proactive approach. Only by integrating security into the development processes and by an organization that knows how to deal with the topic professionally, can high-quality products that are in line with the market be created.

With the help of the IEC-62443-4-1 standard part, you can integrate security into software development to make your products sustainably secure. You will understand which methods and measures are useful for integrating security into your development processes and get to know useful tools for checking and improving product security.

  • IEC 62443-4-1 Introduction (Principles & Requirements)
  • Security Management (product classification, security organization, security training, integrity protection, protection of the development environment, selection of secure components)
  • Specification of security requirements
  • Secure by Design & Secure Implementation
  • Security Verification & Validation Testing
  • PSIRT & Security Update Management
  • Security Guidelines

 

  • Language: German (If there are enough interested parties, English can also be offered)
  • Trainer: Peter Panholzer
  • Time: 9:00 – 17:00
  • Incl. food + drinks:
    • Welcome coffee with Danish pastry
    • Morning coffee break
    • Business Lunch
    • Afternoon coffee break

Day 1 - Evening Program

Zero Downtime: Blackout Edition

Transform yourself as a participant from a person affected to a participant: In the ICS cyber security simulation game, you become the defender of your corporate values. Several teams compete against each other and learn to simulate reality. The simulation game is based on a serious idea: The participants learn about current IT threat scenarios and adequate security concepts as countermeasures on the front line. Through the direct involvement of each individual, the learning content anchors itself strongly and sustainably, at the same time teamwork is in demand. In the end, the company that has best mastered the challenges is chosen as the winner. The simulation game is moderated by a security expert and the results are briefly summarized after each round. The participants play in groups at a table with a game board in combination with a tablet. For the participation no special previous knowledge is necessary and the simulation game is also well suitable for beginners.

 

Threat Modeling Basics

Threat modeling is the best way to create awareness and visibility for security and to increase the value of security early in the project. A systematic, structured and comprehensive analysis of the product or service is carried out and consideration is given to what can go wrong from a security point of view. In a Hands-On Threat Modeling, an example system is analyzed and examined by the lecturer using the 4-Way Framework for Threat Modeling:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good job?

 

  • Language: English
  • Trainer: Adam Shostack
  • Time: 9:00 – 17:00
  • Incl. food + drinks:
    • Welcome coffee with Danish pastry
    • Morning coffee break
    • Business Lunch
    • Afternoon coffee break
  • Dinner together & Open Bar

Day 2 - Evening program

The Embedded Systems Security Days focus not only on networking systems, but also on networking between the participants. In order to create a cosy atmosphere for it we organize a common dinner in a relaxed atmosphere in the evening of day 2. Afterwards there is the opportunity to deepen new acquaintanceships with free refreshments.

 

Threat Modeling Deep Dive

On the last day the learned knowledge is applied and extended in depth. The most diverse approaches are discussed, common mistakes are clarified and practical solutions are shown.

The participants learn in detail

  • Different types of system modeling including data flow diagrams
  • Developing diagrams from an architecture or pen test perspective
  • Using STRIDE and STRIDE per element to find threats
  • Using a kill chain in threat modeling
  • Strategies and tactics for mitigating problems
  • Assessing threat models
  • Common traps and mistakes
  • Differences between approaches
  • Fluency in discussing approaches

 

  • Language: English
  • Trainer: Adam Shostack
  • Time: 9:00 – 15:00
  • Incl. food + drinks:
    • Welcome coffee with Danish pastry
    • Morning coffee break
    • Business lunch
    • Afternoon coffee break
  • Joint journey to the ITSecX conference

Day 3 - Evening program

At the end of the Embedded Systems Security Days there will be the possibility to visit the ITSecX conference in St.Pölten. As keynote speaker our trainer from Day 2/3 Adam Shostack is invited.

Alpha Strike Labs and Limes Security will organize a free trip together after the training.

IT-SECX 2019

The symposium of the FH St. Pölten on IT security on 08.11.2019 The conference IT-Security Community Exchange 2019 (IT-SECX 2019) is a platform that offers security enthusiasts the opportunity for mutual exchange. The University of Applied Sciences St. Pölten will open its doors on 08.11.2019 from 16:00 to 24:00 for the “somewhat different” conference under the motto:

‚Resilient Software – From Threat Modeling to Penetration Testing‘.

At the conference, international security specialists will talk about current security developments.

Adam Shostack

Adam helped found the Common Vulnerabilities and Exposures (CVE), the Privacy Enhancing Technologiers Symposium and the International Financial Cryptography Association. He has held leading positions in a number of successful Information Security & Privacy startups. He is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security. Adam Shostack is currently Principal Program Manager in the Microsoft Trustworthy Computing Usable Security Team, where he co-developed the Microsoft Secure Development Lifecycle (SDL) Threat Modeling Tool and the Elevation of Privilege Threat Modeling Game as part of the SDL Team.

Adam is a globally recognized expert and innovator in the field of secure software development and holds Threat Modeling trainings worldwide.

 

Peter von Limes Security

Peter Panholzer

Peter Panholzer is managing director of Limes Security and industry veteran of the first hour at Industrial Security and secure software development. He led the development of the early secure software development (SDL) initiatives at Siemens and co-authored the security extension to the CMMI standard “Security by Design with CMMI for Development”.


PLAN

Number

minutes

Price

Price for 1 minute

Early Bird

€ 2.699,-


Limited contingent

till 08.08.2019

Regular

€ 2.999,-


Most Popular

09.08.2019-30.09.2019

Late

€ 3.399,-


For the spontaneous

from 1.10.2019


FAQ

Hilton Vienna Plaza (Schottenring 11) - Wednesday 6.- Friday 8. November 2019
The training is aimed at:
  • Embedded Systems Developer
  • Project manager
  • Security professionals who want to work more systematically and cooperatively with product and service delivery teams.
  • A hardcover edition of Threat Modeling: Designing for Security.
  • Course materials (digital & print)
  • Threat Modeling Wallet Cards
  • A set of the “Elevation of Privilege” card game
  • Official Certificate of Completion
  • Joint transport to the ITSecX conference in St.Pölten in the evening. https://itsecx.fhstp.ac.at/
Catering during the training is included.
  • Welcome coffee with Danish pastry
  • Morning coffee break
  • Business Lunch
  • Afternoon coffee break
  • In the evening of day 2 a dinner together with Open Bar is included.
    For group discounts from 3 persons please contact vienna@alphastrike.io. Thank you!

    About the organizers

    Limes Security was founded by Peter Panholzer and Thomas Brandstetter, two industry veterans who have been at the forefront of industrial security and secure software development from the very beginning. Limes Security is a 100% Austrian, owner-managed company. Limes Security offers up-to-date security knowledge in the form of security services and also actively invests in security research itself. As one of the most successful and dynamic technology centers in Europe, the Softwarepark Hagenberg as a business location supports this. The synergy of companies, university institutes and research and training centres creates an atmosphere of innovation, creativity and professionalism – the ideal environment for Limes Security. To the company website
    Alpha Strike Labs GmbH is a young company with a focus on IT/OT security in the industrial environment and offers professional services in the area of IT and OT security. From distributed production facilities to pacemakers to highly secure data rooms – our team works on many interesting projects and helps to make systems and solutions resistant to hacker attacks. In addition, we present our latest research results several times a year at IT security conferences and are a very active part of the security community. To the company website