SIGS Special Interest Group
13th SOC Forum

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 29th of May 2018
Further planned dates: 20th of September, 29th of November 2018
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included



1:30 – 2:00 pm Registration & Coffee
2:00 – 2:30 pm Omar Benjumea, Cybersecurity Architect at Kudelski Security

The rise of auto-spreading Ransomware
WannaCry, Notpetya or BadRabbit were the first examples of worm-style ransomware which affected organizations all over the world and used advanced lateral movement techniques to enable its spread.

In this presentation we will look into why and how this happened. Furthermore, we will discuss key controls one should consider in order to successfully protecting organizations from future similar incidents.

2:30 – 3:00 pm Uwe Hartmann, Channel Manager Central Europe at LogRhythm

Threats are evolving. A new approach to cybersecurity is required
It’s a simple concept: The earlier you detect and mitigate a threat, the less the ultimate cost to your business. By implementing an effective end-to-end threat management process that focuses on reducing detection and response times, you will have the ability to prevent high-impact security incidents, such as major data breaches. This process is known as Threat Lifecycle Management (TLM) and can help you improve the efficiency of your security operations.

3:00 – 3:30 pm Donald Codling, formerly Unit Chief FBI Cyber Devision
Donald Codling currently serves as CISO and CPO for My Double Check and previously held these roles for Urban FT and Swift Exchange. Prior to these commercial projects, Don worked with the FBI for 23 years and retired as Unit Chief, FBI Cyber Division. While at the FBI, Don supervised a variety of investigative programs with a primary focus overall on international cyber crime and cyber national security operations, and with a particular emphasis on the cyber security challenges that have significant impacts on global financial services, energy and health care industries. His experience also includes the cyber vulnerability aspects of Industrial Control Systems (ICS), digital currencies, theft of intellectual property, foreign counter-intelligence, technical operations, and undercover operations.

Don served as chairman for the Cyber Security for Energy and Utilities Sector in UAE conference in 2014, 2015, 2017 and conceived and hosted three International Cyber Security forums held in Washington D.C. in 2012 , 2013 and 2017.

Don belongs to the ISC2, the International Association of Privacy Professionals (IAPP) and maintains accreditation with his CISSP, CIPP (US) and holds multiple other technical certifications following his government service. Don currently has U.S. Top Secret Clearance (with counter intelligence polygraph) and maintains close ties with various U.S. State Department entities including the Overseas Security Alliance Council (OSAC) and the National Cyber Forensic and Training Alliance (NCFTA).

What will be keeping Cyber Security Professionals awake at night in 2018-and most importantly- what to do about it
Given evolving Cyber security threats any attempt to make rational rather than crystal ball forecasts for cyber security resource allocation (money, time and personnel) in 2018 must have a foundation of not only cyber security best practices (like resilience, data centric security, network segmentation) but extensive use of shared threat intelligence (like SIGS-ISAC).

Incidents have shown time and time again whoever is attacking your neighbor will be attacking you soon…and probably using some of the same attack tools. What has been seen among thought leaders (both commercial side and Government/National Security sides) in North America is a migration of resources using focused ‘business risk intelligence’ to lead companies and government agencies towards data centric security, network segmentation and the ability to recover from an incident effectively.

One of the key drivers towards a more holistic approach to cyber security is the impact of cyber insurance coverage metrics (which factors are critical to show that a firm is following best practices and can recover from an incident) driving “best practices” adoption on the cyber security Train’. Some specific trends regarding evolving ‘insurance metrics’ in North America will be discussed.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Workshop (interactive sessions/talks)
by Donald Codling

This workshop and round table sessions will focus on some best practice … and in some cases painful lessons learned … during my time as the FBI Cyber Divisions Chief Liaison Officer to the U.S. DHS U.S. Cert and ICS-CERT as well as commercial experiences with evolving threat vectors from Nation State and professional ‘hacker’ groups.

Main workshop “Take aways” will include some tips on efficient structures to integrate Cyber threat intelligence off the Deep and Dark web, optimum methods to integrate Law Enforcement or National CERT expertise into SOC platforms and a review of evolving cyber security and data privacy structures in light of IoT and GDPR-literally a perfect storm of challenges for cyber security professionals.

Roundtable will focus on a pair of topics (depends on the time):

  • Example of how to gain trust, support and resources from your Executive Management
  • When does a security professional take a look at what they have in place, and determine what still works and what does not?
  • Cyber Security table top exercises- FROM U.S. DHS-Telecommunications or Heath care sector example/ how to integrate table tops

6:00 – open end Apéro Riche and Networking (so reserve as well the evening!)
The speakers will be onsite for Q&A


The Sponsors of this event are:

Main Sponsor Co-Sponsor

This is a ‘must attend’ event for all Security Operation Professional! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register or send us the application form by email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.