Infosec Europe 2025, day 1 (Tuesday)

Infosecurity Europe, informally known as Infosec, is a conference come trade show hosted in London's ExCel centre. I didn't attend Infosec in 2024, so this will be my first conference in two years. As in previous years entry to the conference is free, and I'll be publishing a summary of my notes here.

This is the first time I'll be attending a conference as a representative [1] of my own company, Jonco IT & Security Ltd.

Arrival & check in

I arrived quite early so had time to grab a cuppa and a sausage roll - £6 so about the same as home despite being in London. While walking to check in I bumped into Thom Langford of The Host Unknown podcast. Nice chap, and I was able to thank him for sharing about his mental health at Infosec 2023.

Badge holders (the pouches, not people with badges!) this year are cardboard rather than clear plastic. Better for the environment and means I can recycle it later rather than chucking it in landfill 😊.

My agenda

Having planned my agenda a week or so ago I'm hoping there aren't too many changes to the schedule - I've found one time change and one title change already. My schedule is pretty packed (fairly common for when I go to conferences) and I had to remember to factor in lunch.

Not unsurprisingly there are sessions that mention "AI", and I'm particularly interested in governance and security usage for it as a tool. I've picked some talks on geopolitical implications too, as that seems to be increasingly important in today's world. I'm very keen to keep up-to-date with incident response techniques and relevant case studies, so I've selected talks about those too.

Finding the various stages was easy due to the provided app. Nonetheless, I'd done my best to stick to a few locations to reduce the risk of me getting lost!

So, day one's talks...

Opening keynote: Black Holes and Quantum Computers - Quantum Computers might change everything, eventually

Our opening keynote took place after a welcome and introduction by Graham Cluley (of Smashing Security and The AI Fix fame). Graham gave a very brief talk about the history of malware, including a photo of an Amstrad 1512 computer with dual 5.25" floppy disk drives - I used to have one of those. Memories! [2]

Well known science TV personality (at least in the UK), Professor Brian Cox gave the opening keynote which included information on the cosmos, maths, and quantum entanglement. We also covered how black holes erase information, which is contrary to the laws of nature. It was an interesting talk, but I struggled to link it to cyber security. I did like the professor's comment that "space time is a quantum error correction code" though.

SecOps without silos: modernise and unify your SOC with AI

This talk wasn't on my original plan, but I had some time and managed to get along. As a vendor presentation this was useful for understanding what changes were coming in the Microsoft Defender and Microsoft Sentinel products.

Essentially, Microsoft has observed that many companies have over 80 security tools, covering endpoint security, backup, log aggregation, Security Information and Event Management (SIEM), etc. and that this results in delays handling incidents. They noted that they contributed to this problem, so are combining some of their consoles.

What I found interesting is that Microsoft has a feature called "attack disruption", which takes data from multiple sources to automatically determine a) that an attack is taking place and b) take steps to stop the attack and begin containment. The example they gave was that a phishing email (seen by Exchange Online) could lead to an account compromise (seen by Entra and the user logging in from an unusual location). Attack disruption would see these log entries, determine something was wrong, and isolate the user before human analysts had noticed.

Oh, and then there's Security Copilot - there had to be "AI" somewhere. This is embedded in the various admin portals but also has a direct interaction portal of its own to allow more detailed sessions.

It'll be interesting to see what licence tiers have these features, and how they work.

The Cyber Cold War? Geopolitics driving cyber threat

“States don’t do hacking for fun, there’s always a reason”. 
Paul C, UK NCSC

This talk was given by Paul C from the UK NCSC and looked at the cyber security angle and state actors (another speaker is covering the geopolitical angle in more depth on Wednesday). I liked the quote I've highlighted above, which was paired with "if you can't see the cyber security angle of the attack you must have missed it, as it's something all state actors are now doing" (paraphrased).

Paul reminded us of some of the state attacks of the last 20ish years and explained how states are aware that if they attack something like the water supply, this still helps the attacker. While the victim is making sure their people have water (or power, or any other critical resource), their attention is diverted to other areas.

Looking to more recent events, Paul commented on how "good cyber security can help you obtain a strategic advantage". This was specifically in relation to recent drone attacks by Ukraine against Russia, that reportedly Russia didn't know were coming. My day-to-day life doesn't see my trying to gain strategic advantage in global conflict, but I'd suggest his comment holds true for the world of business too.

The Imposter Guide to Hacking

Originally this talk was titled "Stop Robbing Banks (Like you’re in the 1900’s)", but the name change (and possibly topic change) made a lot of sense. Jayson E Street took us through some anecdotes of various penetration testing (ethical hacking) jobs he's done, including intentionally crashing a drone with an exploit on its memory card.

We were reminded that the job of a penetration tester / red teamer is not to test your client's employees, it's to educate them. I particularly like this quote:

The red team only exists to make the blue team better.

Jayson finished his talk by explaining to us that he's nothing special, and that just because he's on stage, and is well known, doesn't make him better than us. He shared the fact there are many others doing good things, including us in the audience, who could share our experiences. This was a nice pep talk 😊.

I first came across Jayson when he was interviewed on the Phillip Wylie show, episode "Jayson E Street: Escaping Darkness". Worth a listen.

ISC2 member reception

I'm a professional member of ISC2, the organisation that manages the CISSP certification [3], and ISC2 hosted a reception with drinks and nibbles. I went along and did some networking. I had been expecting a talk as part of the reception but that seemed to change.

Ransomware 3.0: How Attackers Are Changing Their Thinking

You don't need to buy the next shiny cyber tool, you need to get the hygiene right.

This was a panel event where the panellists shared their experiences of ransomware and provided insights into how threat actors are operating. The quote I've put above, about getting the hygiene right, highlights how organisations can do a lot to protect themselves without necessarily having a huge budget or chasing the latest "shiny" tool.

We were reminded of the need to have a robust supply chain, ensuring that suppliers have good security processes to reduce the risk of an attack on them affecting their customers. Frequently companies get successfully attacked because a supplier was successfully attacked first.

Dwell time, the amount of time an attacker is in a victim's network / system before triggering their attack (e.g. ransomware) is decreasing. This seems to be because attackers are trying to avoid law enforcement getting involved before they've been paid. Additionally, attackers are sometimes jumping directly to data theft and extortion, rather than encryption and ransomware.

Something organisations can do to help protect themselves is to share their experiences, both of successful attacks and of things they're seeing. In the case of successful attacks, sharing how the attackers got in could make a difference to the next organisation. The problem with sharing is the potentially sensitive information that would be shared along with it (everything from "ah, we've been breached" to "we are running this really old thing"). Law enforcement organisations could share more too, but their barrier can be the risk of impacting an ongoing investigation.

One of the panel negotiates with the ransomware gangs (a way to either reduce payment or stall for time) and was able to share that sometimes the attacker has no idea who they've compromised. The attacker has to ask "what company are you?" which demonstrates that often these attacks aren't targeted - as such don't think "no-one would want to attack me!".

Banner image: The Infosecurity Europe 2025 "hero image". Copyright Reed Exhibitions Limited ("RX"), used without permission (but I'd suggest fair use).

[1] - Admittedly the sole representative!

[2] - I recall receiving an ISP CD in the post, probably AOL, and inserting it in the 5.25" floppy disk drive to see if it would fit. Getting it out wasn't something my much younger self could accomplish, so I had to get Dad to help. He was not that pleased!!

[3] - You can read about my experience gaining the CISSP in my blog post from 2020.