Projects and Assignments

SANS Institute

More Practical Fun with InfoSec

Following last year's participation in the fun and educational capture-the-flag event KringleCon, Mike once again dusted down his programming skills and mastery of obscure linux commands to take on the 12 information security challenges provided by the SANS team in KringleCon 2. This year he fared better than last time, completing all 12 problems within the allotted time (just!). This year's challenges included a lot of network and logfile analysis via tools like Splunk and RITA, as well as a programming a practical application of machine learning to break a CAPTCHA. There was also a tricky crypto code reverse-engineering challenge that brought back happy memories on 6809 assembler programming.

If you're brave, you can read all about it here.

At the awards ceremony held on 13th February 2020, Mike received a "honorable mention" award, putting him in a cohort of 125 award winners from a total of 14,912 people who entered the challenge.

Major International Energy Company

Pre-sale information analysis and publication

Building on earlier work, Cogitant developed documents describing the IT landscape associated with a set of offshore business assets. Using this material, Mike supported early discussions with the prospective buyer covering potential asset transfers and transition planning. The sale was completed in January 2020.

International Fortune 500 Utilities and Energy Business

Preparing an IT update for Board presentation 

Working with the CIO of this large and complex international business, Cogitant prepared a pre-read and presentation slide deck covering information security, risk management and organisational change topics for discussion with the client's Board Audit Committee. Key challenges included presenting technical topics (AD consolidation, cloud adoption, IT risks and mitigations) and complex data (skills and staffing, infrastructure statistics) in meaningful and enlightening ways to a critical but non-technical audience.

Major International Energy Company

Due Diligence and Planning for a Significant New Business

Cogitant has worked over an extended period with this client preparing and reviewing plans for a major new Joint Venture to be undertaken with one of the largest companies in Asia. The JV will include fuels retail and aviation activities, building on existing upstream relationships between the parties. Mike built a detailed picture of the counterparty's existing business and IT activities based on Virtual Data Room contents and other sources. He also participated in due diligence visits to the counterparty's offices and sites, reviewing materials collected and preparing reports for the client.

Heads of Agreement were signed in August 2019, with the first in a series of detailed business agreements being signed in December 2019. Mike continues to support transition planning activities with the client and counterparty teams.

Major International Energy Company

Simultaneous sell-side and buy-side Due Diligence

Cogitant's client was seeking to create a new Joint Venture business in a highly fragmented market, based on a combination of its own bioenergy business assets and those of a competitor. Working initially with minimal access to IT teams in either business, Mike developed the sell-side IT prospectus for the client's business, alongside analysing information about the counterparty from public domain sources and their virtual data room.  Working with multiple information sources, Mike built a detailed overview of IT assets in both businesses, preparing the way for development of JV legal transaction documents and initial IT transition plans.

The deal completed with the launch of the new JV business in December 2019

Major International Energy Company

Building a Robust Software Inventory and Advising on Negotiation Approach

This client intended to divest its stake in a long-standing JV. While not the JV operator, it had over a long period provided the JV with rights to use software under subsidiary clauses in its corporate agreements. Under the plans to diivest, our client needed to account for the licensing position in detail, and arrange to pass on to the JV partner and / or counterparty any rights that were deemed "belonging to the JV". Cogitant's task was a complex analytical one, taking large volumes of unstructured data in the form of spreadsheets, reports and emails spanning a 20-year period and distilling them into a coherant view of the current position and recommendations for action.

Having provided the negotiation and procurement teams with a secure evidence-based position to work from, Mike also supported the negotiations taking place at local level. The divestment completed successfully in October 2019.

SANS Institute

Completing a Series of Red-Team /  Blue-Team CTF challenges

Each year the SANS Institute - the internationally renowned cyber-security training and knowledge-sharing organisation - organises a capture-the-flag (CTF) competition in which security experts are invited to complete a series of red-team (i.e. simulated computer hacking) and blue-team (i.e. defending against attack) challenges, to develop and demonstrate their understanding of cyber-security risks.

The 2018 challenge dubbed KringleCon included a virtual conference with content from SANS team members and collaborators, along with 12 CTF challenges of varying difficulties. Mike joined KringleCon for some post-Christmas entertainment and to update his practical knowledge of cyber threats, completing ten and a half out of the twelve challenges unaided and within the competition time limits. He completed the final challenges with a bit of help from other participants after the deadline. You can read about the challenges (which are still open for you to try if you're interested) here and Mike's notes on completing the challenges here.

SANS reported that out of 17,460 participants in the challenge, around 730 made it as far as question 10, with around 650 completing the entire challenge.

International Fortune 500 Utilities and Energy Business

Preparing Board-level briefing on proposed cyber-security governance

Cogitant worked with the VP for Information Technology to prepare a short Board update covering proposals to update cyber-security organisation and processes.