The day-long event consisted of multiple tracks besides the keynotes. Of the four tracks, two will
be really technical, and two managerial. Keep an
eye on this website for the most up-to-date information.
Please note! There is a
maximum number of participants per session. We would like to
create an informal setting and promote interaction.
The BHS will be hosted by Chris van ‘t Hof, internetsociologist, presentor & author of the book Helpful hackers.
Chris van ’t Hof is an independent researcher, writer and presenter in information technology.
We are proud to have Adam Laurie (RFIDIOt, Aperture labs) to give a keynote 'Stop laughing! CYBER Security is cool now!'. Adam Laurie is a security consultant working the in the field of electronic communications,
and a Director of Aperture Labs Ltd. who specialise in reverse engineering of secure embedded systems.
Michel van Leeuwen is Head of the Cybersecurity Policy Department (National Coordinator for Security and Counterterrorism), Ministry Security and Justice in the Netherlands.
Michel van Leeuwen will give a keynote speech ‘Cybersecurity, Next Steps in Policy in the Netherlands and EU’.
Ralph Moonen, Technical Director at Secura, will present recent research that Secura performed regarding several topics, including the security of SSL certificates in the Netherlands, and the security of 4G voice communication (Voice-over-LTE, or VoLTE).
We have discovered weaknesses in certain widely used devices and 4G-networks and will provide you with new insights into the risks.
Side Track (Management)
Security Compliance & Certification
How to measure the security of your software? How to benchmark the security of your organisation?
This all depends on clear frameworks, guidelines and standards. In this track, new developments will be discussed such as the Guideline for Cloud Service Providers
by the European Banking Authority, the Baseline Security Product Assessment (BSPA) scheme of the AIVD and the Meta-Security
Scheme by the European Cyber Security Organisation (ECSO).
Miranda Chilvers (Supervisor Operational Risk at De Nederlandsche Bank) will present the
scope of the EBA guideline and the relevance, important for cloud-service providers.
Two developers of the BSPA scheme (AIVD) will present the design of the scheme, its first results and experiences.
The session will be closed with an interactive panel discussion between all experts and interested parties.
GDPR – Privacy by Design and Accountability
GDRP is alive now! GDPR is effective in all European Countries since May 25 2018. How do we guarantee privacy compliance
in our processes? Challenges in getting processes work properly and identify privacy security issues, address them and implement the
necessary controls in an adequate way?
In this management stream we cover two important aspects that appear to be question marks for organisations
which are eager to stay in control: Fabian van den Broek (Open University and Radboud University) will speak about Privacy by Design.
Wolter Karsenberg RD (member of the Knowledge Group Privacy Audits of the NOREA) will
speak about Accountable Privacy. We will finish the session with an interactive debate.
Side Track (technical)
This track will focus on Red Teaming. From OSINT to Purple Teams and data exfiltration. We will present our latest insights and share techniques for blue teams also. Instead of just testing your applications, why not test your whole organisation?
Neal Conijn (Senior Consultant Red Teaming & Security Intelligence at SoSecure) will speak about predictive threat modelling and the physical side of Red Teaming.
IoT -SCADA embedded
This technical track will cover topics including hardware security and vulnerabilities in SCADA/ICS networks. And we might just even throw in a technical talk about blockchain security ;-) If you are interested in new technologies that are going to impact our lives
and want to learn about their vulnerabilities, this is the track to go to.
PGP Key Signing Party
During this year's BHS edition we will organise a PGP Key Signing Party.
PGP is a popular method to provide end-to-end encryption for email communication. The PGP public key infrastructure relies on a web-of-trust where
users are validated by other users. A key signing party is a get-together of people who use the PGP encryption
system with the purpose of allowing those people to sign each other's keys, thereby strengthening the web of trust.
This session is intended for experienced PGP users and will not be an introduction on how to use or configure PGP.
In fact, computers are not even used during a PGP Key Signing.
To attend to PGP Key Signing Party make sure of the following:
- keys uploaded to the public keyservers
- bring a government issued identity document
- bring several paper copies of your PGP fingerprint (business cards
with PGP ID are ideal)