Trip report on the Common Cyber Good - UK FCDO conference on "Bridging the Gap"

[Andrew van der Stock]

Hi Board,

As one of my OKRs this year, forming closer relationships with other like-minded organizations is high on my agenda. To that end, we attended the Bridging the Gap one day conference in London on Wednesday. 

The first part of the day was very useful learning about some of the challenges in securing high value individuals. In our organization, there are a few of us who need better security awareness and security configuration than most, because we have access to bank accounts and private information. On the eve of the conference itself, we received three very believable spear phishing attacks, but luckily, they made a basic mistake I'll tell you about in Amsterdam. Long story short, I will be investigating what more we can do to protect OWASP from these threats, and now I have some contacts for incident management with AccessNow, a not for profit that specializes in helping other not for profits get through being hacked, a contact with Amnesty International who is going to look for us into an organizational representative, and a contact with Quad9, who provides a threat intelligence protected DNS service, which blocks known hostile C&C servers and so on. This was incredibly valuable in itself.

The second part of the day was discussing how to build funds. Common Good Cyber are putting together a $50m fund to help fund non profits like us. I sat on the table with Phil Reitinger, and I will spend more time with them to see how we can both assist in the fundraising, but also, in getting some funding for us from them.

On Monday night, I had dinner with Sam and Shruti Kulkarni from the Education Committee. Many great discussions were had, and I have a bunch of action items to follow up. I wish I had taken my notebook to dinner!

On Wednesday night, I had dinner with Sam and Grant, and a bunch of other app sec leaders thanks to SemGrep sponsoring the dinner. It was a great evening, and I got to speak with a few folks who I will follow up with and hopefully might lead to a new corporate supporter or two. At the very least, I was able to have a great discussion with a CISO from a major bank. Sam is very well connected! 

All in all, a really valuable visit. 

thanks,

Andrew