,

Toreon main sponsor Colloquium ICT en gezondheidszorg

The Professional Association for Nurses (NVKVV) organises its 23rd Colloquium on ICT and healthcare on 16 May 2019. With this colloquium, the ICT4Care working group brings together a broad range of ICT solutions for the healthcare sector and focuses on the use of ICT to support healthcare and logistics processes in the healthcare industry. An event where Toreon likes to put its shoulders to the wheel. That is why we have decided to work with the event as main sponsor this year.

For many years, this Colloquium and accompanying exhibition has been the meeting place for everyone involved in automation and healthcare. During this event, Toreon wants to emphasize the security aspect of digitization within the healthcare sector. With its many years of experience in ICT security and its extensive range of services and training, Toreon offers an answer to ICT security questions with which the healthcare industry is confronted.

Visit our presentations

If you want to know more about Toreon and ICT security, please visit our presentation of a case study on GDPR in collaboration with Gasthuiszusters Antwerpen GZA at 11h30 or our information session on Threat Modeling at 14h30.

In addition, visitors can always visit the Toreon exhibition stand for an overview of the services that Toreon can offer tailored to the healthcare industry.

Register now

Registration for Colloquium ICT en gezondheidszorg is still possible until the 10th of May.

Register for the colloquium

, ,

Fostering a knowledge economy at Toreon using cryptocurrency

Toreon is proud to announce that we will be launching the Torbuck in the beginning of May, 2019.

Torbuck is our own cryptocurrency. It will enable our employees to value their knowledge and be rewarded for sharing it. Effectively, we are creating a knowledge economy within Toreon.

The Torbuck will be published on the Ethereum blokchain. In May, all of our employees will be able to access their Torbucks using a standard cryptowallet. They will be able to spend Torbucks on external training, as well as get paid by colleagues for their own knowledge sharing efforts. If a Toreon employee organizes an internal training, their colleagues will pay Torbucks to attend.

Our ICO (internal coin offering) came about when trying to solve a few issues we had.

First, as a cyber security consulting company, Toreon is all about people and their knowledge. Our people have to learn constantly. We try to stimulate knowledge creation and exchange as much as possible. Although everyone has a large personal budget for attending external training, internal knowledge sharing never comes easy. Putting it in our company bonus plan has worked only partly. The Toreon management never likes to use a top-down approach, but we’ve found ourselves forced to organize knowledge events ourselves to stimulate knowledge exchange. We needed a good incentive system to reward knowledge sharing.

Second, Toreon is an innovative company. We had identified Blockchain as a technology to watch and have actively tried to learn more about the technology, in order to assess early on what the security challenges could be. Our R&D effort has largely meant listening to other organizations trying out blockchain technology. It seems blockchain is ‘a technology looking for a use case’. We hadn’t really been able to find a project that would allow us to participate in the technology and apply our security knowledge.

Torbuck fills both needs: It allows our people to get rewarded for sharing knowledge. And it allows us to develop our own platform, to learn about blockchain development, its many pitfalls (a very immature technology) and of course security. The Torbuck will be a tool as well as a playground for our techies. Our ethical hacking team can’t wait to launch their attacks!

What’s in the future? If Torbuck is successful, we can expand its use. We could give our clients Torbucks as part of a loyalty program to spend on our services. It could become an integral part of the internal reward system. But first and foremost, it is a way to learn and share knowledge and not just about blockchain.

,

Toreon sponsored the Cyber Security Challenge

The Cyber Security Challenge has become a not to miss event for students and industry professionals. This year Toreon was one of its main sponsors, with a booth in the venue and its own ‘Toreon challenge’.

On Friday Steven and Catherine manned the booth and were subjected to some social engineering attacks by the contestants. Many of these teams were able to capture a part of a challenge solution from us this way. The teams had a lot of fun during this challenge.

At lunchtime the teams battling for the finals on Saturday were announced and the teams that did not make the cut had a chance to play another game. Here all sponsors were role-playing employees of a hacked company and the contestants needed to figure out what happened. This was again a lot of fun seeing how the teams ran from one sponsor to the other trying to ask the right questions and solve the mystery.

On Saturday Toreon hosted one of the sponsor challenges and we opted to create a role-playing game in the style of a ‘choose your own adventure’ game. We received a lot of positive feedback on the style of this challenge; especially the original approach was appreciated by the finalists.

Saturday afternoon we watched the proceedings of the finals where Wouter, one of our interns, was performing exceptionally well. His team was constantly running in second and third place and they were able to grab second place in the end!

During the prize ceremony our managing partner Wouter Avondstondt handed out prizes to two winning teams. They received a copy of Cryptomancer, a role-playing game that combines cyber security with a fantasy setting.

 

, , ,

Keep up to date with the latest Threat Modeling news and insights

Subscribe now to our monthly “Threat Modeling Insider” TMI newsletter – packed full of expert advice and articles to get you started with threat modeling.

Threat modeling has always been a passion and a cornerstone of the security services we provide. It helps to identify and mitigate potential security issues early on, when they are relatively easy and cost-effective to resolve.

This week we start our monthly newsletter “Threat Modeling Insider” (TMI). With this newsletter we promise you valuable and curated content from the field of threat modeling to your inbox on a monthly basis. Topics will include a threat modeling news digest, threat modeling resources, whitepapers, templates and presentations by threat modeling authorities and from our very own Toreon experts.

Subscribe to our monthly “Threat Modeling Insider” TMI newsletter.

A sneak preview

Thursday you’ll receive our first edition of the TMI newsletter including:

Additionally we’ll share updates and news on upcoming appearances and events to catch up with the Toreon team and our training sessions.

In conclusion: interested? Subscribe now and receive your first TMI newsletter on Thursday.

 

, , , , , ,

Toreon presents Threat Modeling workshop at SecAppDev 2019

SecAppDev is an intensive one-week course in secure application development. For the 15th year in a row, SecAppDev organizes a leading-edge software security courses for developers, one of them is Toreon’s Whiteboard hacking (aka hands-on threat modeling).

Our White Board Hacking workshops put together everyone involved, such as product owners, architects and developers, to systematically analyze the application being designed and come up with the security measures needed to make it run securely. All of this happens before a single line of code is written!

Learn more about Whiteboard hacking

At SecAppDev our CEO Sebastien Deleersnyder proposes an action-packed 1 day Threat Modeling workshop as taught at OWASP, Black Hat USA and O’Reilly Security conferences. In groups of 3 to 4, participants are challenged to threat model two real-life use cases: a REST-based web application and an on-site IoT deployment.

Registration for the 2019 edition is now closed, but you can learn more about White Board Hacking at O’Reilly Velocity (San Jose), Black Hat (Las Vegas), HITB (Singapore and Dubai) or DevSecCon (London).

Consult the calendar

, , ,

Toreon @ Niveau S

On the 19th and 20th of December, Toreon will be at the Niveau S event.

This event is targeted at government services and the activities will be an exciting mix of seminars, R&D demonstrations and a job/internship speed dating area. The overall theme is technological innovation and security.

We want to present ourself as a trusted partner for cyber security consultancy and advice and as an innovative player in this market. You will find us in the main hall with a live demo by our innovation department. Don’t be shy and come say hi!

Looking for a new challenge? Learn all about us and working at Toreon, look at our current job openings and book us for a speed date at the event.

In anticipation of this event, we’ve made a promo video that’s worth taking a look at:
Niveau S promo – NL
Niveau S promo – FR

See you in Brussels!

, ,

New Whiteboard Hacking Training: Advanced and for Pentesters

One of Toreon’s key values is the gathering and sharing of knowledge. We try to encourage our own people to do this all the time and actively facilitate this. Knowledge grows exponentially when shared and combined with people of all knowledge levels, even if they come from different IT security domains.

This made us realise that we have a lot of knowledge to share. We see it as our duty to help train top notch IT security specialists. First we started to train the Toreon employees and later on also clients’ employees, which we have been doing for several years now. All this knowledge is now also available for your organisation. The better your people are trained and prepared, the more we can all focus on our main objective: creating a safer digital society.

We have expanded our knowledge base and have finetuned our workshops and trainings and are now also offering them to be booked for conferences and in-house company training.

Our Whiteboard Hacking training has been doing so well (OWASP AppSec Europe 2017 in Belfast, Northern Ireland – Black Hat USA 2017 in Las Vegas, USA – O’Reilly conference 2017, NY, USA) that we’ve developed an advanced version, which is already scheduled for Black Hat 2018 (USA and Europe) and BruCON 2018 (Ghent, Belgium):
BlackHat Las Vegas, USA (August 2018)
BlackHat London, UK ( December 2018)

We recently started with versions for pentesters and DevOps engineers: Offensive whiteboard hacking for penetration testers. Already available at:
– BruCON 2018, Ghent, Belgium (October 2018)
– DevSecCon 2018 London (October 2018)

Check out all the details of our available AppSec trainings.

Contact us for an in-house training offer, tailor made to suit your needs.

, ,

Our ‘Adding Privacy by Design in Secure Application Development’ talk at OWASP London

On 5-June Seba delivered the talk “Adding Privacy by Design in Secure Application Development” at the OWASP Europe conference in London.

Seba addressed the complex GDPR challenge for developers as part of a Secure Development Lifecycle approach.

The presentation covered:

• GDPR requirements covering design, data lifecycle, users and end of life aspects
• Privacy by Design challenge
• Including GDPR in the Secure Development Life Cycle
• Mapping OWASP SAMM to the GDPR
• Integrating privacy in application security classification, awareness training, guidelines, AppSec champions, threat modeling, 3rd parties, security testing and incident management
• Introducing GDPR risk patterns

Our talk focussed on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.

You can download the slides here.

,

Why we sponsor BruCON 2017? Win the last ticket!

Proud sponsor!

We are a proud Diamond sponsor of BruCON 2017 because we:

  • Believe in supporting the IT security community in Belgium.
  • Like the really excellent line-up: http://2017.brucon.org/index.php/Schedule
  • Bring our consultants to the trainings and conference: to increase their knowledge and build our community network.
  • Are on the lookout for new colleagues to join our growing team.
  • Organize the Student CTF. We engage high school and university students of non-security curricula and stimulate them to consider a cyber security career.

We also share our last sponsor ticket. These are in high demand, as BruCON sold out some weeks ago!

How to win your ticket?

Each like/retweet of our blog post on LinkedIn or Twitter before 27 September midnight (CET). These will automatically enter our draw on Thursday. The winner will be announced on Thursday.

Hope to see you  next week!

Pass by our booth to have a chat and enjoy a beer.

The Toreon team