After just two years, BSides Cairo is already changing the cultural perception of information security in Egypt and its surrounding regions

In a university campus adjacent to the River Nile, in the heart of downtown Cairo, information security professionals and enthusiasts from across Egypt and elsewhere gathered for a two-day event that had one mission: to grow the region’s cybersecurity industry.

BSides Cairo, the only security conference in Egypt focused on information exchange, began in 2019 with this aim, despite the challenges that lay before it in making security research a socially acceptable activity to meet around.

Egypt, which was ranked as highly committed to developing its cybersecurity strategy in the UN’s 2018 Global Cybersecurity Index (PDF), remains a country where infosec learning resources are scarce, with data security laminated as an afterthought.

Not long after the conference wrapped up its second edition this February, The Daily Swig sat down with Amgad Magdy, the co-founder of BSides Cairo and the MITRE ATT&CK Community for Middle East and Africa, to learn about how he followed his passion to create an information security community, and ended up at the forefront of change.

How many people attended this year’s BSides Cairo?

Amgad Magdy: We had around 130 people attend BSides Cairo this year, and 80% of these attendees were students. 20% were professionals. Most of our international attendees came from the Gulf region.

At last year’s edition (2019) we had approximately 120 attendees, and most of these were students and international professionals.

BSides Cairo is going into its third edition in 2021. How did the event first start?

AM: I started alone. No one knew who I was, so I was unable to get support, aside from my family and friends.

Egypt and the regions that surround it are business-focused markets, which is not the information sharing environment that we want to create at BSides Cairo. For this reason, no companies support us locally.

This year, one company supported us – a local company here in Cairo called Fixed Solutions. Internationally, we’ve had companies support us like Google, Hack The Box, Dreamlab Technologies, Binary Ninja, PentesterLab, and Hak5.

Is it easy to learn about information security in Cairo?

AM: It’s not easy to learn about information security in Cairo, or in Egypt. These difficulties impact access to resources, like availability of books and particularly internet, which the government controls.

In the UK, for example, you’ll find workshops on hardware hacking at BSides conferences, but here in Cairo, we can’t hold such events. But we try to learn and come up with workarounds.

Can you give us an example of a type of workaround that you may do?

AM: The government blocks VPN use so we have a problem when using VPNs for learning activities. We had a competition at BSides Cairo for Hack the Box but, with websites like this one, we need access through VPN.

We always use workarounds and do something to access the internet for learning activities.

READ MORE NIST puts forward regional roadmap to fill the cyber skills gap

How does BSides Cairo aim to help students in the region learn about information security?

AM: It’s my mission to help students learn more about information security and try to do more for the industry here in Cairo and throughout the Gulf and African regions.

I want to integrate professionals into the student community so that they can share knowledge together. The students who attended this year were from all cities around Cairo. Our tickets are inexpensive ($13), which helps them attend.

There are no undergraduate university programs that specialize in cybersecurity [in Egypt], but we have well-known programs for postgraduate students. There are only two of these in Cairo.

BSides Cairo founders Amgad Magdy, left, and Ramy Sherif, right, at this year's conference

People outside of Cairo have low internet access and low access to public resources like libraries. There is a community for security but it’s difficult to build connections due to the expense of internet and long distance between Cairo and other cities.

I want to develop some workshops outside of Cairo for this reason. People in these areas haven’t the resources and they don’t have anyone to mentor them, especially in information security. I think people outside of cities, outside of any city throughout the world, has the right to learn.

In Western countries, there’s a big focus on a shortage of cybersecurity workers. Is this the same in Egypt?

AM: In Egypt and in the Gulf region there is a need for information security professionals, but it’s not the same as in the US because we have a different perspective of information security.

Cairo is a technology market, or a technology product market. We don’t have R&D centers here, we just pay for solutions from Europe and the US to secure our organizations, whether firewalls or end point detection, for example. But the market still needs talent and we have a skills shortage.

That’s one of our missions at BSides Cairo: to help students start projects or get internships; to help people get hired from other regions.

BSides Cairo, for me, is not just an event – it’s a mission to change culture in Cairo, and a mission to change mindsets in the Middle East.

Are you seeing the practice of information security slowly becoming more accepted in Egypt due to events like BSides Cairo?

AM: I think the perception of information security in Cairo can change, in two or three years from now.

Every year BSides Cairo has a new edition, a new challenge, and sees more people learning about information security.

This year we changed our plan by not only having foreign speakers from Europe or the US, but by having speakers from Gulf regions, local speakers from Egypt, and students presenting on our rookie track.

We’re trying to change people’s mindsets about information security, but we need time.

Why is it important to build those connections with other countries in the Gulf region?

AM: It’s really important to have connections between the Middle East and Africa because of the knowledge that can be shared about cyber operations.

The main difference between threat actors here and in the UK, or any country in Europe, is motivation.

The motivation of our threat actors is mainly political, or financial. For example, in the Gulf Region, for Saudi Arabia Emirates, Qatar, threat actors will be attacking for political reasons. In Egypt and Africa, you will see more of actors targeting the financial sector.

At BSides Cairo we announced our aim to build a new MITRE community for the Middle East and African regions. We’ve used information from the MITRE framework in Europe to start building this community.

Our MITRE community will try to change the mindset of security by studying the behaviors of threat actors to better inform products, an organization’s defenses, and to better assess the techniques and tactics used by threat actors in our regions and share it with other regions.

BSides Cairo 2020 ran from February 14-15, 2020. Watch for information on the conference’s next edition via the BSides Cairo Twitter page.

YOU MIGHT ALSO LIKE Oman ramps up security efforts amid surge in malicious web traffic