What was it?
It was a Cyber Security conference held in 13th of March, organized by LahtiSec (Lahti information security cluster or community). It was a free conference, and the speakers were forbidden to add any marketing into their presentations (Very nice!). It was aimed to promote mutual trust, advance co-operation and share insights about current topics in the field of information security, and it was first information security conference ever held in Päijät-Häme region (!).
Presentations I watched
- Opening words by Mayor of Lahti
- Sami Laiho (keynote) – Paluu tulevaisuuteen – tietoturva vuosina 2024/2025 (Back to the future, information security in the years 2024/2025)
- Joosua Santasalo – Yli vuosikymmen Microsoftin pilvipalveluiden parissa: Löydetyt haavoittuvuudet, yleiset uhkat ja suojautuminen (Over a decade working with Microsoft Cloud Services: Vulnerabilities disovered, common threats and protection)
- Anne Hautakangas – Kalastajan oikotiet onneen (A fisherman’s shortcuts to success)
Opening words
Opening words by Niko Kyynäräinen. He reflected back to the previous cyber security related incidents happened in Lahti during 2019-2020.
In case you do not remember, the incident caused major problems to the city’s administration and healthcare services, just to mention few.
Sami Laiho – Paluu tulevaisuuteen – tietoturva vuosina 2024/2025 (Back to the future, information security in the years 2024/2025)
Sami highlighted the importance of MFA (Multi-Factor Authenticator) through his presentation. He also noted, that third-party tools and services opens the environment up to more vulnerabilities that could be exploited so it crucial to keep that in mind when considering or procuring those services. He also mentioned, that the total number of vulnerabilities in Microsoft services is on the rise and the importance of monthly patching has become more important than ever before.
Joosua Santasalo – Yli vuosikymmen Microsoftin pilvipalveluiden parissa: Löydetyt haavoittuvuudet, yleiset uhkat ja suojautuminen (Over a decade working with Microsoft Cloud Services: Vulnerabilities disovered, common threats and protection)
Joosua presented his journey from beginning of his career to being a Microsoft Security top 100 researcher. He has discovered multiple vulnerabilities in Azure, AzureAD and M365. He mentioned, that he uses mostly Node.js as the one of the primary tools for research. In his presentation, he showed us multiple demos of various exploits that he had reported to the Microsoft.
Anne Hautakangas – Kalastajan oikotiet onneen (A fisherman’s shortcuts to success)
In her presentation, she presented the most common phishing techniques used by adversaries in 2024-2025. There were multiple very interesting demos of online bank phishing fraud that could be happened in real life and how relatively easy it is to organize such a campaign. She showed us multiple different Phishing-as-a-Service platforms, including their cost and how easy it is to start a phishing campaign with them.
Overall experiences & Conclusion
I really liked the track separation for governance/administrative track and technical track – helped a lot to pick up the most interesting talks. I would recommend the conference for anyone interested in the information security, as it was free of charge. There was also a multiple interesting networking opportunities during the breaks, which is always very insightful to engage discussions with former colleagues and other people working on the same industry. One of the most important part of the conference was that that there were many cloud security aspects in the presentations – I maybe would not attended the conference, if there weren’t any.
I would definitely recommend the conference If you like Lahti and the commute is not an issue – I would recommend attending the conference in next year (if there is continuity for it). In overall, it was great addition to the Finnish information security scene.
You can check out their webpage through this link. Thank you for reading!
Share this post:
Leave a Comment