Beatriz Saura Alberdi
She is a graduate in law from the University of Alicante and holds a doctorate in law from Miguel Hernández University. She has taught at the Faculty of Social Sciences and Law at Miguel Hernández University, where she was appointed member of the faculty and head of the Civil Law department.
She has been a temporary Judicial Secretary at the Central Court of Instruction No. 5 of the National High Court. She has been a Temporary Prosecutor at the Provincial Prosecutor’s Office of Madrid.
She regularly gives lectures at conferences, master’s and training courses on legal matters at various universities, bar associations and business schools. She is currently Director of the International Compliance Officer Course at the ISDE Law Business School.
She has published several articles in legal and news publications, such as Confilegal and El Economista, as well as technical articles in journals of Professional Associations and prestigious legal publishers such as Tirant Lo Blanch, Thomson Reuters Aranzadi and SEPIN.
She was the co-author, along with Eloy Velasco Núñez, of the book Cuestiones prácticas sobre responsabilidad penal de la persona jurídica y compliance: 86 Preguntas y respuestas [Practical Aspects of Legal Person Criminal Liability and Compliance_ 86 Questions and Answers]” Editorial Aranzadi 2017. She was also co-director with Mr Eloy Velasco Nuñez of the book “Delitos que pueden cometer las empresas” [Crimes Companies Can Commit], Editorial SEPIN, 2019.
She is Joint Head of the Compliance Section of the Madrid Bar Association and President of the International Compliance Research Centre.
Alfonso Muñoz Muñoz
PhD in Telecommunications Engineering from the Polytechnic University of Madrid (UPM, 2010) and postdoctoral researcher in computer network security at the University Carlos III of Madrid (UC3M).
A professional with more than 18 years of experience, he has worked on advanced projects with European organisations, state security forces and multinationals (global 500 and IBEX-35). For more than a decade he has been involved in the design of secure architectures, technical security assessment (hacking), forensic analysis and security in mobile environments and wireless networks, leading technical teams, managing their budget in various areas of cybersecurity, and scientific research and innovation teams, in universities and private companies. He’s a lover of agile management and resource optimisation.
Alfonso is a regular speaker at major security conferences (STIC CCN-CERT, DeepSec, HackInTheBox, Virus Bulletin, Ekoparty, Blackhat Europe, BSIDES Panama, RootedCon, 8.8, No cON Name, GSICKMinds, Cybercamp, Secadmin, JNIC, Ciberseg, X1RedMasSegura, Navaja Negra, T3chfest, etc.), has published more than 60 publications of impact in the area (IEEE, ACM, JCR, ...), patents, books and opensource cybersecurity tools. He is certified as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CEHv8 (Certified Ethical Hacker), CHFIv8 (Computer Hacking Forensic Investigator), CES (Certified Encryption Specialist), OSWP (Offensive Security Wireless Attack), CriptoCert Certified Crypto Analyst and CCSK (Certificate of Cloud Security Knowledge).
His work as a cybersecurity professional has been recognised by numerous academic and professional awards (Hall of fame Google, Security Bulletins Microsoft, ...), including in 2018 as one of the 25 most influential people in Spain in the field of cybersecurity and in 2019 as one of the 50 most relevant people in the protection of digital assets (TOP 50 Cybersecurity Blue Team). He has been interviewed by the main Spanish media and is often consulted on problems of social impact derived from cybersecurity and privacy. He is a lecturer in different cybersecurity master's degrees in public and private universities, as well as co-editor of the thematic network CRIPTORED, the oldest and most influential informative network on these issues in Spain and Latin America. This network has received recognition and awards from the most significant players in the cybersecurity community in Spain (RedSeguridad Magazine, SIC Magazine, Antonio Ropero-RootedCon Awards, etc.).
In recent years he has combined his professional work with the launch of the start-up CriptoCert, a company dedicated to training and education in cryptography, publishing the world's first professional certification in this discipline.
Forensic liability analysis of computer content in the enterprise
- Speaker: Beatriz Saura Alberdi
- Topic: Technological research and case law
- Content of the workshop:
- Corporate internal investigations; regulations and case law.
- Forensic analysis of computer devices to obtain evidence.
- Recording compliance evidence in a blockchain system.
Cryptocurrencies as an object of crime
- Speaker: Isaac Francisco Pérez Pérez
- Topic: Cryptocurrencies in cybercrime
- Content of the workshop:
- General concepts.
- Concept of cryptocurrency.
- Underlying technology. Blockchain. Cybersecurity in transactions.
- The legal approach cryptocurrency (legislation and case law).
- The anonymity and value of cryptocurrency as a lure in cybercrime.
- Cryptocurrencies as a target of cybercrime.
- The role of cryptocurrency in crime. Object of desire.
- Major crimes related to cryptocurrencies.
- New offences related to cryptocurrencies. Amendments to the law.
- New regulation of cryptocurrency platforms.
- Practical approach.
- Real cases investigated in the Audiencia Nacional.
- Cryptocurrency transactions. Tracking.
- Crime prevention.
- Questions from the floor.
- General concepts.
Investigating under supposed identities
- Speaker: Ruth Sala Ordoñez
- Topic: Technological research and case law
- Content of the workshop: The ease of access to the Internet has fostered the growing use of the Internet as a facilitating instrument of searches by investigators for any data that helps to find out the crime and the identity of the criminals. The workshop places special emphasis on all the roles that admit the use of the supposed identity for the investigation, the suspicions derived from obtaining the evidences of the virtual environment and its possible qualification as legal or illegal.
- Results of the previous questionnaire.
- Normative, legal and doctrinal study of the undercover agent and the undercover online agent.
- Principles of action, limits to its activity, probative value of the results obtained with its activity.
- The intelligence report obtained in open sources OSINT.
- Concept and fundamentals.
- The subject responsible for the OSINT intelligence report (Judicial Police Agent; the individual investigator; the expert).
- The supposed identity: consequences of the incorporation into the judicial process of the evidence obtained under the presumed identity.
- The probative value of the OSINT report.
Ethical and cybersecurity risks in adopting emerging technologies
- Speaker: Pablo Ballarin Usieto
- Topic: Risk management in adopting emerging technologies
- Content of the workshop:
- Introduction
- Cybersecurity risks in emerging technologies
- Concepts
- Particularities of IOT/IA architectures and their vulnerabilities
- Attack vectors and types of attacks on AI/IOT platforms
- Theoretical risk analysis of an IA/IOT platform
- Baseline for securitisation of an IA/IOT platform
- Real-life example of a risk analysis of a Brain-Computer Interface product.
- Class exercises: identifying risks in given scenarios and defining protection baselines.
- Ethical risks in emerging technologies
- Ethical principles in emerging technologies
- User and societal impact
- Applications that do not follow these principles
- What is trusted AI?
- Example guidelines: EU Ethical Design Guidance, Montreal Ethical AI Declaration, Beijing AI Principles
- Aligning AI with ethical principles
- Real-life example of an assessment of the ethical principles of an AI
- Exercises: Identifying issues in given scenarios, and finding possible approaches to solutions
Cross-cutting and comprehensive cybersecurity: governance
- speaker: Estevenson Solano
- Topic: Cybersecurity gobernance
- Content of the workshop:
- Governance, Risk and Compliance (GRC)
- Controls Management
- Laboratory 1
- Regulations, Standards and Frameworks
- Organisational Security Policies
- Laboratory 2
- Privacy and Sensitive Data
- Integrative Laboratory
Cybersecurity and compliance
- Speaker: Eloy Velasco Núñez
- Topic: International law applicable to cyberspace.
- Content of the workshop:
- Regulatory scope of cybersecurity in the European Union: present and future.
- Practical compliance: criminal prevention and avoidance or reduction of risks in the use of technology. Mr. Eloy Velasco. High Court judge.
- Technological enterprise and technologized enterprise: towards a horizon of normality post-COVID-19.
Threat detection at scale using osquery and osctrl
- Speaker: Javier Marcos de Prado
- Topic: Digital Forensics and Incident Response (DFIR).
- Content of the workshop:
- Introduction to the need to deploy detection infrastructure, in both corporate and production environments, using practical examples.
- List of the steps necessary for the automation and deployment of osquery as an agent within a distributed and scalable network.
- Showcase of the centralised server or TLS endpoint (osctrl), and the configuration and use of its different components for threat detection, incident response and fleet management.
Identifying vulnerabilities and exploitation in Windows applications
- Speaker: Pablo San Emeterio
- Topic: security advisories and vulnerability identification.
- Content of the workshop:
- Introduction X86 Architecture.
- Introduction disassemblies.
- Searching for vulnerabilities in the code.
- Vulnerability verification.
- Exploitation of the vulnerability.
- Bypassing protections.