Press

2014

Troopers 2014 - The IT-Security Conference in Heidelberg Germany



March 18th - Making a Security Awareness Program that Works! Workshop at Troopers!


2011


2010

OCTOBER 26th, 2010 - Toronto, Canada. SecTor 2010 - Canada's Premier IT Security Conference.  Mastering Trust: Hacking People, Networks, Software, and Ideas. - Pete Herzog


Why can't we make the right decision all the time? Our sense of trust is broken. Lies, deceit, fraud, and insinuations make up a large part of crime for a reason. We are bad at trust. It's in our biology. It's why we sometimes make the wrong friends, date the wrong people, buy the wrong car, and do things that in retrospect were really really dumb. Now consider the fact that trust makes up the majority of security decisions from who you let in to what you connect to and you see we have a very big problem. This talk shows you how we are broken, how to analyze and test trusts, how the ISECOM trust metrics work, how they are used to replace risk assessments in many organizations, and how they can help you make better overall decisions.


October 14th, 2010 - North Carolina, USA. Pete Herzog presented the Smarter Safer Better seminar series. 


Using current OSSTMM research to teach how to see through lies, stop yourself from being used or fooled, and how to better decisions by fixing your "gut instincts". It's heavy details on anti social-engineering and a way of applying security awareness that makes sense to non-security people.

More details of the Smarter Safer Better seminar series is available here:

http://smartersaferbetter.org

May 27th, 2010 - Amsterdam, The Netherlands. Outpost24/Lab106, Quality: Back to Basics - Pete Herzog, Managing Director ISECOM: Chairman of the day / event host
May 8th, 2010 - Universidad Camilo José Cela, Madrid, Spain. VI Jornada IEA 

11:15 - 13:00 "Mastering Trust" workshop with Pete Herzog

Pete Herzog presented the latest ISECOM research on operational trust and how to use trust metrics to see through lies, fraud, and deception and make quicker, better decisions.

March 8-12 2010, Troopers'10, Heidelberg, Germany

Pete Herzog presents his Keynote covering on how to combine attack surface metrics and trust metrics to eliminate patching, eliminate risk assessments, and to build more secure infrastructures.

2009

December 1 to 5, Bangalore - India foss.in

Joerg Simon presented "The Fedora Security Spin and the OSSTMM" at foss.in

 Read More 

December 9th, 2009 19:00h - Cardedeu, Spain

Cardedeu Digital


November 27th, Barcelona - Press Release (spanish) by dotfore.es. 

Pete Herzog cautiva a los asistentes en el seminario Las Claves de la Supervivencia Digital

Barcelona, 27 de noviembre de 2009 - ¡Es un crack! Fue la frase más repetida durante el Seminario Las Claves de la Supervivencia Digital organizado por Dot Force los pasados 18 y 19 de noviembre en Barcelona y Madrid. 

 Read More 

November 18th Barcelona, November 19th Madrid. Seminar organized by dotforce.es: Las Claves de la Supervivencia Digital

Con la participación de Pete Herzog como ponente estrella, gran visionario que ha roto los esquemas de la seguridad tal y como hasta ahora la entendíamos, este seminario cubrirá las metodologías más desafiantes en asesoramiento de seguridad, las novedades en gestión documental segura, la interoperabilidad de la firma electrónica dentro del marco legal nacional y europeo y el porqué de la necesidad de proteger las claves de firma en Hardware.

November 1st - The Psychology Today Magazine article, "Everyday Creativity" by Carlin Flora 


The article begins with an example of Pete Herzog doing some basic toy hacking. It's an interesting article that explores how creative non-artistic people can be. It's

something I always felt is the advantage of people over computers for hacking.



 Read More 

October 2009 - "Security Testing by Methodology: the OSSTMM" by Simon Wepfer & Pete Herzog


Security tests are an important part of the risk management process and executives realize the benefits of an independent security test: It introduces a neutral view on the target and can improve security when the proposed sensible measures are successfully applied. But there are often also questions to answer after such an audit.




 READ MORE 

September 2009 - CERN, France & Switzerland. 

Visit to the Atlas and LHCb and Seminar "Securing with the OSSTMM" by Pete Herzog and Nicolas Mayencourt (Dreamlab Technologies AG, Affiliate Partner of ISECOM in Switzerland)

The Open Source Security Testing Methodology Manual is well on its way of being part of the ISO standard for security and a world-recognized standard in its own right. However many of its concepts are not only new but contradict accepted best practices and the current security body of knowledge. This seminar will show you how this came to be, why it's correct, and how the OSSTMM will allow you to not only find perfect security but also to analyze and measure it.

Click HERE to view the presentation: The Official Training Guide for New Superheroes CERN

Click on pictures to enlarge.


September 2, 2009 - ISECOM Chooses Indianapolis as US Center for Hacking Research

INDIANAPOLIS, Sept. 2, 2009 (GLOBE NEWSWIRE) -- The international non-profit security research institute ISECOM has chosen Indianapolis as their U.S. base for projects and research. ISECOM is best known for freely providing the OSSTMM, a worldwide standard methodology for security testing which is used to hack computer systems, trick people, and get around home security sensors and alarms to test their effectiveness

[ READ MORE ]

July 2009 - Peter Herzog and Marta Barceló were interviewed by Anna Mas for the Cardedeu Newspaper "El NAS" (catalan).

Click here to read.

June 30, 2009 - Review of "The Mobius Defense - An Impetus for Application Security" by Tyler Shields
June 16th, 2009 - Amsterdam, The Netherlands - Black Hats Session Part VII: Hacked! And now? 

Pete Herzog was invited by our dutch partner Outposr24/Lab 106 and presented "The Moebius Defense".

Pete Herzog: 'I focused the main presentation on Anti-Guerrilla Warfare tactics, why defense in depth doesn't work, and the new Möbius Defense along with graphics the NEW attack visualization technology we are now using. The presentation is now available here. I did also do a radio/podcast interview with the company Madison Ghurkha who co- runs the event there so as soon as that's available you can hear me defend it.

Listen to the Podcast interview by the company Madison Ghurkha:

gurkhast004.ogg (OGG, 22MB, stereo)

gurkhast004.mp3 (MP3, 26MB, stereo)

2008

October 8 2008, SecTor, Toronto, Canada. "The New New Thieves" by Pete Herzog
October 5 to 10, 2008 - Bolivia, CCBol2008 Congress (XV Congreso Nacional de Ciencias de la Computación) 

Hernán M. Racciatti talked about the OSSTMM and ISECOM.

August 15, 2008 - "Security Audits: Sicherheitsscheck für ICT" (German), Article for Computerworld by Christoph Baumgartner
July 22nd 2008 - Hacking Exposed Linux is available!

Written as an open, collaborative, ISECOM project, this is a completely new re-write for hacking and securing Linux. We got together more than 30 sharp, Linux and security minds to write and review the book to make a great book. Plus, it's ISECOM's first book!

You can get it through Amazon here.

January 22, 2008 - Berne, Switzerland.

Pete Herzog presents the ongoing research into OSSTMM 3 and its practical aspects for business.

2007

November 27, 2007 - Melia Caracas Hotel, Caracas, Venezuela - "Un día Seguro con Sun Microsysyems

Hernán M. Racciatti talked about Security Evaluations, OSSTMM and ISECOM.

September 10, 2007 - The OSSTMM is awarded the Infoworld Bossie Awards: Best of open source in security.
April 2 - 5 2007, Hack in The Box Security Conference - Dubai

Raoul Chiesa - X.25 Networks in the Arab World

ABSTRACT

The presentation will focus on X.25 security issues, positioned in nowadays’ contest and problems.

The main intention is to bring personal and professional know-hows, backgrounds and X.25 penetration testing experiences to the auditorium, with real-life case studies. You will discover how an airplane flying over the Atlantic Ocean uses X.25 packet switching to communicate with the outside world, as well as why many government institutions around the world still uses the reliable frame-relay X.25 networks. The talk will zoom on X.25 on the Arab world, and will detail as well the ISECOM OSSTMM sections related to X.25 professional penetration testing.

February 28, 2007 - FOSDEM videos available - posted by Pete Herzog

I just saw that the FOSDEM videos have been posted (fosdem.org). FOSDEM was a really great event with a lot of energy! It was a real pleasure to speak there. My talk went pretty smoothly and highlights the OSSTMM 3 and the metrics pretty well. You can see it too by downloading it HERE

It's an Ogg/Theora encoded video so you may need VLC to play it (see http://videolan.org/ to get it) or if you know your video stuff you can go directly to the codec page at http://www.theora.org/.

February 24 - 25 2007 FOSDEM 2007, Brussels - Belgium

Pete Herzog is presenting on Security Testing and the OSSTMM.

http://www.fosdem.org/2007/schedule/events/security_testing

February 2007 - FOSDEM, interview with Pete Herzog - posted by Admin

Pete Herzog is an exception among the speakers at FOSDEM 2007. His main focus it not a software project, but a "methodology" -- and one that aims to improve and measure IT security.

What do you want to tell the FOSDEM audience in your talk?

I want to show people that network security testing and analysis is complicated and they shouldn't rely on just their security scanners to tell them the answers. Security verification and analysis is something they should learn to do themselves or else they will miss many of the problems which the tools fail to show.  [ READ MORE ]

February 2007

Article for hakin9 in German by Christoph Baumgartner, Pete Herzog and Martin Rutishauser "Technische Security Audits nach OSSTMM". (GERMAN)

2006

December 2006, Argentina

Hacking In Schools, Article published by Infobae.com about Kwell implementing the Hacker Highschool Project in Argentina.

September 18 - 21 2006, HITBSecConf2006, Kuala Lumpur, Malaysia.

Raoul Chiesa, Director of Communications of ISECOM and Founder and CTO of @Mediaservice.net Srl speaks at the 'Hack In The Box' Security Conference in Malaysia. For detailed information please visit

June 15 - 16 2006, Barcelona - CISO Executive Summit and Roundtable

Pete Herzog, Managing Director of ISECOM, will be joining the panel Legal & Compliance Challenges for Today's CISO - Obstacles & Overlaps  at the CISO Summit in Barcelona.

May 16th to 19th 2006 - Orbit-iEX ‘06, in Zurich at the Solution Park of IX Europe.

Dreamlab / ISECOM will be present at the IX Europe stand at the Orbit-iEX ‘06, in Zurich for more information visit: http://www.orbit-iex.ch/

2005

November 18th, 2005

Article for Computerworld in German by Christoph Baumgartner "Security Tests bringen Licht ins Dunkel". (GERMAN)

November 7th to 11th 2005, Athens. The OSSTMM meets the Hellenic Data Protection Authority (HDPA)

@ Mediaservice.net in collaboration with Datelec Hellas completed with success the educational training, titled “OSSTMM Basic Introduction, Theory and Practice”, on behalf of the Department of Auditors of the Hellenic Data Protection Authority. This constitutes the first part of a broader educational training, titled “Security Testing Path based on OSSTMM by ISECOM”.

CLICK TO ENLARGE

From the left: Ivan Verri (@ Mediaservice.net, Italy), The Auditor's Team at Hellenic Data Protection Authority, Stavroula Ventouri (@ Mediaservice.net, Greece), Raoul Chiesa, ISECOM Director of Communications

@ Mediaservice.net was at the Hellenic Data Protection Authority (Athens), teaching the class "Basic Introduction to the OSSTMM and Proactive Security".

August 2005, Italy

Master TILS OPST Class

CLICK TO ENLARGE

June 21st 2005, Buenos Aires, Argentina, Infosecurity 2005

CLICK TO ENLARGE

Hernan Marcelo Racciatti (left) and Diego San Esteban (right)

May 27th 2005 - Security Management 2005, Buenos Aires, Argentina

CLICK TO ENLARGE

Diego San Esteban

CLICK TO ENLARGE

Hernan Marcelo Racciatti (left) and Diego San Esteban (right)

CLICK TO ENLARGE

Kevin Mitnick (left) and Diego San Esteban (right)

April 2005, OPSA Students after attending a class in Rome held by @ Mediaservice.net S.r.l. 

Fabio Giudici, Manuel Cavalieri, Massimiliano Graziani, Matteo Paolelli, Marco Demma, Fabrizio Sensibile (OPST & OPSA Trainer)

CLICK TO ENLARGE

August 12th, 2005

Article for Computerworld in German by Christoph Baumgartner about the OSSTMM "Sicherheitstests mit Tiefgang". (GERMAN)

August 5th, 2005

Article for Computerworld in German by Christoph Baumgartner about Social Engineering "social Engineering - trau schau wem". (GERMAN)

June 30th 2005, Rome, ISACA Chapter

Speaker: Raoul Chiesa, ISECOM's Director of Communications Title: The End of Ethical Hacking

June 26 - 30 2005 in Washington, DC - DIAAnnual Meeting, the largest Pharmaceutical conference in the US.

ISECOM was represented by Kim Truett and Robert E. Lee.

June 21st 2005, Buenos Aires, Argentina

Hernán Marcelo Racciatti and Diego San Esteban represented ISECOM at the "Infosecurity 2005" event in Buenos Aires. The topic was the OSSTMM and the RAVs.

June 16th - 17th, The 2nd Annual CISO Executive Summit 2005, Geneva - Switzerland

Nick Mayencourt and Martin Rutishauser of ISECOM Switzerland talked about the myth of patching as well as the practicality (or necessity) of VOIP security.

June 3rd 2005, Hotel Sheraton, Buenos Aires, Argentina - Security & Ethical Hacking - Conference & Exhibition

Hernan Marcelo Racciatti and Diego San Esteban presented the OSSTMM and ISECOM's certifications.

May 27th 2005 - Security Management 2005, Buenos Aires, Argentina

Diego San Esteban represented ISECOM.

May 26th 2005, Milan, Crown Plaza Hotel, LINUX WORLD EXPO (Workshop)

Speaker: Fabrizio Sensibile, ISECOM Authorized Trainer

Title: An Introduction to the OSSTMM

May 25th - 26th, IS2 2005 (Information Security Summit), Prague - Czech Republic

Pete Herzog presented the following topics:

"The End of Ethical Hacking"

How one company had their ethical hacking team apply the OSSTMM to gain product insight instead of just finding vulnerabilities.

-Case Study on Security Procurement: gedas Iberia SSL-VPN test lab

-The Open Source Security Testing Methodology (OSSTMM) 3.0

-How Risk Assessment Values (RAVs) 3.0 Work

-OSSTMM Harmonization with Made-to-Order Methodologies

May 25th 2005, Milan, Crown Plaza Hotel, LINUX WORLD EXPO (Keynote Speech)

Speaker: Raoul Chiesa, ISECOM's Director of Communications

Title: The Hacker High School Project

April 7th, 2005 - Hacker High BBC World Report by David Reid

The conventional approach to fighting hacking is for authorities to ban it and punish anything that looks, sounds or smells like it. But forbidden fruits are often the most tempting, and measures designed to halt the hacker's hand can often seem to hackers themselves like a sporting challenge. David Reid reports from the Spanish city of Barcelona, where the battle against hacking has taken a liberal turn. [READ MORE]

March 9-10th, 2005

bSecure Conference, Mexico City, Mexico,

Isecom Associate, Luis Javier Pérez presented the topic "Bluetooth and mobile phones" in the wireless security panel. The talk was centered on bluetooth usage growing and the risks associated with it as well as risks posed by mobile phone use.

The event, sponsored by Mexican security magazine bSecure,focused on the strategies needed to ensure a secure environment, highlighting hacking, spyware, spam, phishing, wireless, forensics, computer crime and best practices for information security.

www.bsecure.com.mx/conference


Specchio - February 2005, "A Scuola di Hacker" - Article about Hacker Highschool by Anna Masera (ITALIAN)


2004

December 15th, 2004, Barcelona, Spain - Pete Herzog and Jaume Abella interviewed by Ona Catalana
November 2004, SIMO - Madrid

Daniel Fernández (founder of Internet Security Auditors, and ISECOM Training Partner) represented ISECOM at a certifications round table at SIMO, the most important computer and telecommunications congress in Spain. Other participants were José Manuel Ballester (President of ISACA), Rafael Ausejo (Product Manager of Sentryware), Javier Pagès (President of ISSA) and Pablo Martín, (Microsoft Ibérica, S.R.L.).

Benefits about the most recognized independent security certifications were presented and commented, like those with the biggest grade of compatibility, complementation and recognition.

The speakers made the participants aware of the need to get those certifications as a quality proof in front of clients who contract security personell of any level, as well as an excellent way to differenciate professionals in the security area.

October 16-23 2004, LAS VEGAS, NV - USA - isestorm 2004
September 28-30 2004, Berlin, Germany - ISSE (Information Security Solutions Europe)

http://www.eema.org/static/isse/

Renowned for its rich content from an independent perspective, ISSE (Information Security Solutions Europe) is the leading European security conference designed to educate and inform leading ICT security professionals, policy makers, and industry leaders, on the latest developments in technology, solutions, trends and best practice on a wide range of security topics.

Nick Mayencourt of Dreamlab Inc and ISECOM Partner presented the topic "OSSTMM Risk Assessment Values: a practical approach towards Measuring Security".

August 12, 2004 - Non-Profit Provides Hacker Re-Training.

As part of their mission to promote security and privacy awareness, the non-profit ISECOM (www.isecom.org) is bringing its week-long forum and cross-training event, ISESTORM (www.isestorm.org), to the University of Nevada, Las Vegas from October 16th to the 23rd with support from UNLV's Rebelcard Services.

September 26, 2004, Toorcon, USA

Robert E. Lee, Dyad Security, Deep Network Analysis: OSSTMM Based Security Testing, An introduction to Unicornscan.

This talk focused on the fundamentals of using the Open Source Security Testing Methodology Manual (OSSTMM - www.osstmm.org) while performing security testing engagements as well as our vision for the future of the security testing industry. It also introduced a new Open Source (GPL) tool, Unicornscan. Unicornscan was built to be a very Scalable, Accurate, and Flexible information gathering engine. During the presentation some of Unicornscan's more exciting features were showed off. Unicornscan  was released for the first time to the public shortly after the talk.

September 24th, Linux World Expo Italy.

Raoul Chiesa, Director of Communications for ISECOM, talked about the OSSTMM and professional security certifications at Linux World Expo Italy. The topic was "Open Source methodologies for proactive IT security"

In the afternoon Mirato SpA and Noicom SpA provided their experiences about using the OSSTMM.

August 18th 2004, Chicago, USA - FFIEC Federal Financial Institutions Examination Council's conference.

ISECOM's Director of Projects and Resources, Robert E. Lee, gave a 90 minute talk on the topic of Vulnerability Testing using the Open Source Security Testing Methodology Manual.

The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions.

June 16-17 2004, Noga Hilton Hotel, Geneva - CISO Executive Summit

Nicolas Mayencourt and Sylvie Reinhardt (DreamLab Inc.) represented ISECOM at the MIS Training’s annual CISO Executive Summit will be an intensive learning and networking experience that will address the unique challenges faced by today’s CISO. The agenda weaves together real business cases and round table debates. The event is designed for IT Directors, Chief Security Officers, Heads of IT Security and senior executives, strategists and their advisors, who want to improve the security of their organisation’s systems for the benefit of their employees and customers.

Learn more at: here or download the brochure.

June 1-2 2004, Paris, France - Intelligence informationnelle 2004 Colloque - 

Pete Herzog at the Information Intelligence Conference in Paris. Learn more at:

http://www.ir2i.com/colloque/04.05/index.php

May 31st 2004, Santiago de Compostela, Spain - Pete Herzog at e-Gallaecia

Denis Pilipchuck, Phil Zimmermann and Pete Herzog visiting Santiago prior to e-Gallaecia.

May 10th, 2004. Hacker Highschool - TV3 News
March 22 - April 3 - isestorm Barcelona www.isestorm.org
March 24-25-26 2004, Buenos Aires, Argentina - Hernan Marcelo Racciatti and Diego San Esteban represented ISECOM at the Latin-American Security Event 'Mas Alla del Password'. 

Organized by The CCAT (High-Tech Education Center, Centro de Capacitacion en Alta Tecnologia) and Convergencia Latina, Latin-America's most expected Information Security conference.

Many of the most distinguished Enterprises, Organizations and security specialists were Speakers at the conference. Subjects ranged from Security Management from the enterprise point-of-view to deeply technical speeches about different methods of explotation of vulnerabilities.

March 22 - April 3 2004 - isestorm Barcelona
March 24-25-26 - Argentina, Security Conference 'Más Alla del Password'
February 26 - OPST Students after attending a class in Torino held by @ Mediaservice.net S.r.l.

Luca Legato - Gabriele Biondo - Davide Carnevali - Lorenzo Migliardi - Fabrizio Sensibile

CLICK TO ENLARGE

February 23-27 2004 - ISECOM at the RSA Conference in San Francisco.
Friday February 27th - Seminar: "Penetration Testing and the OSSTMM"

The Charles W. Fullerton Institute of Analysis held a seminar titled "Penetration Testing and the OSSTMM".

17 February, 2004, "Security Testing and Analysis" lecture

Richard Feist of Nyx Technologies (www.nyxtec.net) completed a 3hr lecture titled "Security Testing and Analysis" to the approx. 30 students of the MSc Info Sec course at Royal Holloway , University of London. The lecture was a cut down form of the OPSA course and gave a good introduction to the class on the OSSTMM and various aspects involved in setting up and delivering OSSTMM based security tests.

February 2004 - OPST Students after attending a class held by Sensecurity Institute in Singapore. 

(Left to Right): Mr Christopher Low (Chief Instructor, Sensecurity), Mr Gordon Tan (Customer Support Engineer, Seven Seas), Mr Alex Neo Chee Teong (Asst Manager, CSIT), Mr Kelvin Goh Kien Ming (PWC), Mr Chiong Yew Heng (Senior Consultant, SAP)

 CLICK TO ENLARGE

2003

November 17th-20th 2003- ISECOM at COMDEX Las Vegas.
November 2003 Red Seguridad n° 7 - La búsqueda de un código deontológico (4.7MB) 
Article by Daniel Fernández Bleda and Pete Herzog. (SPANISH)
May 29th 2003 WEEK IT - «Formare professionisti, non hacker»
Article about the OPST (ITALIAN) by Guido Sintoni.
April 22nd 2003 Ciberpais - Abre en Barcelona una experiencia de 'Hackers' para adolescentes
Article about Hacker High School by Mercè Molist. (SPANISH)

2002

May 30th 2002 - Pete Herzog´s Interview on COMRàdio - (CATALAN & ENGLISH)

La Malla Ràdio - Seguretat informàtica

Parlem de seguretat informàtica amb Pete Herzog, un dels “ethical hackers” més reconeguts a nivell internacional i coordinador de Ideahamster, en el site del qual podem trobar l’ OSTMM, l’ únic estàndard públic per analitzar els riscos de seguretat a la xarxa. També entrevistem Jaume Abella, responsable de l’ àrea de telemàtica i director del màster en seguretat La Salle.