xorl %eax, %eax

Archive for the ‘conferences/trainings’ Category

DeepINTEL 2020

leave a comment »

On 18 November 2020 I got the opportunity to present at DeepINTEL. This is an Austria-based TLP:AMBER conference for intelligence. Because of that I cannot say much about it but I’ll try to share some insights without exposing any sensitive information.

At DeepINTEL 2020 my presentation was about GEOINT based on some cases I worked on throughout 2020 while supporting a few investigative groups and organizations, outside of my professional career. In addition to that, the last 3 years I had completed several GEOINT trainings and certifications. So in that presentation I shared some real world examples and practical techniques for GEOINT analysts. However, that was a TLP:AMBER talk so I cannot share anything else in a public blog post.



This was my first time presenting at DeepINTEL and I was positively surprised with the level of professionalism, skill level of the participants, and that rare atmosphere of active participation. DeepINTEL didn’t have a large audience or dozens of tracks with talks, but everyone was actively participating with the goal of knowledge sharing in a quite open discussion. The organizers went to great extends to ensure the privacy of everyone involved and that was also reflected to all the participants.

If you are looking for a high quality conference about intelligence that reminds you more of a community gathering rather than an industry event, then you’ll love this event. Personally I cannot wait for the next one! :)

Written by xorl

January 21, 2021 at 11:57

FIRST Cyber Threat Intelligence Webinar Series: Building an intelligence-driven organization

leave a comment »

Just like for most people that speak at conferences, this year has been quite unusual for me too. Recently, I gave my talk, Building an intelligence-driven organization, and it was a new experience for me. Talking to an industry conference remotely. So, here is how this went.



In 2019 I submitted a talk in the CFP of FIRST Cyber Threat Intelligence Symposium that was scheduled to take place in Zurich in March 2020. I received some feedback and after some back-and-forth, in February 2020 I received an email that a version of my talk with some minor adjustments was accepted. Getting accepted to talk at this event for me was one of the biggest highlights of my professional life in 2020, but as we all know… COVID-19 happened.

Again, after various back-and-forth, the awesome FIRST CTI organisers team decided to run the event online in the first weeks of May 2020 and rename it to FIRST Cyber Threat Intelligence Webinar Series. That worked out nicely, and the entire event was great. Based on this small experience I gained from this, here are some recommendations for any “remote” conference speakers:

  • Find a quiet place
  • Make sure you have good internet connectivity
  • Good audio/video hardware
  • Test your setup and content in a test conference call before the event
  • Test your setup and content a few minutes before the presentation once again
  • Keep everything you might need close by (water, notes, etc.)
  • Turn off mobile phones, pagers, chat applications, or anything else that can cause interruptions or unwanted noise (jewellery, cables/cloths touching the mic, etc)
  • It’s easier to derail when presenting in this format, be focused and plan carefully your talk
  • Depending on the talk, you might not have video which means the non-verbal communication is removed from the equation so you have to rely more on the way you present your content
  • If you do have video, make sure your appearance, the lighting and background are professional and not distracting your audience from the actual content
  • It’s much harder to assess audience’s engagement throughout the talk, so make sure that you ask for a lot of feedback afterwards

Just to be clear, I am not saying that I succeeded in all of the above. Just that I realized the importance of those throughout this process. Hopefully that will be useful to future “remote” presenters. :)

Written by xorl

May 15, 2020 at 09:44

FIRST TC (Amsterdam 2019): Incident response in the age of serverless

leave a comment »

This year has been super busy. Many new challenges, achievements and learnings. One of my personal highlights for this year was the contribution to the Forum of Incident Response and Security Teams (FIRST) Technical Colloquium in Amsterdam with a presentation about serverless security.

The presentation was titled “Incident response in the age of serverless: A case study on GCP” and it was presented together with one of the smartest security professionals I know, Willem Gerber (@adrellias).

You can find the slidedeck here.

Written by xorl

December 17, 2019 at 13:04

BSides Cyprus 2019: Beyond phishing emails

leave a comment »

This year at the Cyprus University of Technology (CUT) in the heart of Limassol, Cyprus the first ever BSides Cyprus security conference took place. It was a great honour that my talk was accepted. The whole conference was an amazing, well organized event with great atmosphere and lots of great talks. Thanks for everything! Hopefully I’ll see you again next year!

My talk was about spear-phishing delivery techniques beyond email. Anything from using mobile messaging platforms, to popular cloud services, QR codes, all the way to my personal favourite, targeted advertisements on social media platforms.

The slidedeck is available here.

Written by xorl

December 16, 2019 at 17:12

Fox IT Crisis Management training

leave a comment »

A couple of months ago I uploaded the following photo on my Twitter and I got a few questions about it. Short answer: No, I don’t work for Fox IT! That was a trophy for the winning team of a crisis management training delivered by Fox IT that I had attended.



I have no good experience with Fox IT’s technical services (forensics, incident response, etc.), but that might be just me so I don’t want to bias your decisions. In any case, this training was quite fun and useful. It was a full day event where you were split to teams with diverse backgrounds and you were given pieces of information about a security incident which was large enough to require crisis management procedures. The idea was that you had certain amount of time to provide your actions for each stage and then there was an overview of all the teams’ actions along with the recommended ones by Fox IT.

That kind of training can be useful for an organization for a few different reasons. Apart from the apparent knowledge sharing, it acts as a team building event, but more importantly, you can see how aligned your organization’s employees (or colleagues) are on the actions required during a crisis. Obviously, each team will have slightly different results. However, if you see a huge deviation between teams it means that you probably have serious internal issues as your employees (or colleagues) do not have he same mindset for prioritization when dealing with crisis or serious security incidents.

To conclude, although I had no good prior experiences with Fox IT’s technical departments, that training was fun and useful so… Well done guys!

Written by xorl

March 21, 2018 at 22:18