Marina Bochenkova
Marina Bochenkova wears many hats as a cybersecurity analyst focusing on digital forensics, incident response, and OT security, while also dabbling in security awareness and culture. She combines a passion for protecting people, a strong belief in digital privacy as a human right, and an overly-enthusiastic approach to problem-solving. When not defending digital spaces, Marina actively nurtures her already-unhealthy obsession with cats and resorts to baking or martial arts when desperate.
Sessions
“Smart City” has been a trendy buzzphrase used by politicians, city planners, and tech companies for over a decade now — but their shiny promises gloss over dangerous realities.
Downtime and damages in municipalities due to cyberattacks regularly make the news, but we focus primarily on securing and recovering IT systems. Smart Cities by nature use a combination of IT and OT systems but have no established or holistic approach for managing overlapping risks to both. The consequences to security from varied stakeholders involved in Smart City planning and implementation go unexamined. Human hazards, vulnerable devices, and data management issues build on these to create diverse and creative attack paths for all sorts of threat actors.
Smart Cities present a ubiquitous and unique combination of risks which must be comprehensively assessed in order to improve procedural and operational security, reliability, and resilience. By reframing our understanding of what Smart Cities are, we can use and integrate pre-existing actionable strategies to prepare and defend against threats ranging from pandemics to nation-state attacks. As politically motivated cyberattacks expand in reach and collateral radius, we need to prepare our cities for when they become the next battlefield.
We know the world runs on legacy. We know it’s not supposed to. But when vendors or LinkedInfluencers command us to phase out old systems and protocols, it sometimes seems like their expectation-versus-reality connection is faulty.
This talk will walk you through the ~adventure~ of disabling a recently-deprecated Microsoft authentication protocol with numerous security problems: NTLM.
For decision-makers, this is an opportunity to better understand the struggles of on-the-ground IT and security teams trying to bring outdated systems in line with industry standards. For IT and information security peers, this presentation will share valuable resources and “lessons learned” for successfully phasing out NTLM (and similar thorns-in-sides) within their own organizations.