SIGS Special Interest Group
15th SOC Forum

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location This time especially in Berne to bring together both communities:
Welle 7 (at the railway station Bern PostParc)
Schanzenstrasse 5

Further information at

Date of Event 29th of November 2018
Further planned date: 29th of November 2018
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included



1:30 – 2:00 pm Registration & Coffee
2:00 – 2:00 pm Welcome from the moderator
2:00 – 2:30 pm Dr. Serge Droz, VP OS-CERT and Vice-Chair FIRST

Incident Response in the global village – how FIRST brings together security teams
The internet challenges the very notion of a nation state. It does not respect borders, It’s not clear what laws hold and how they are enforced. Yet incident response teams must operate in exactly this environment. Cyber criminals act a internet speeds and thus, so must incident responders. This is challenging for several reasons, but has been don for a long time.

FIRST, the Forum of incident Response and Security teams is a global umbrella organization for incident responders aiming at “Improving
security together”. But what does this mean? What are the challenges, how does FIRST tackle them?

This talk will present you with some of the answer to these questions.

2:30 – 3:00 Olivier Spielmann, Director MSS Operations at Kudelski Security

Overcoming the challenges of cloud monitoring
In 2018 Cloud is assumed. Those days were scepticism about using Cloud services to manage sensible data and services are now far behind for most verticals and organizations. Operational and even Security advantages brought by the Cloud broke the initial hesitations. However, the risks and complexity inherent to the cloud are not yet behind us.

In this presentation we will review what are the most common threats around the usage of cloud, focusing on the complexities around implementing a successful cloud security monitoring solution. Being able to successfully monitor the security of cloud services should be a key component for the success of any security program and we’d like to share our view on what’s the appropriate approach to being successful in overcoming the challenges of cloud monitoring.

3:00 – 3:30 pm Maxim Deweerdt, Instructor at SANS

Goal oriented Defense
Adversaries only have to find one flaw in our defense in order to get in. And they do – consistently. Even with our modern tools, better skilled personnel and board-level awareness, we fail to detect that our environments are breached in a timely fashion. Time for a new mindset: our adversaries have goals in mind while they breach our environment. What if our detection mechanisms would be focusing on those goals?

Enter Goal Oriented Defense. Instead of trying to detect everything, let’s have a look at how Goal Oriented Defense could look like and how it will help you into tuning your detection and focusing on what’s important.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Workshop I (strategic sessions/talks)
by Maxim Deewerdt, Instructor at SANS

Goal oriented Defense (follow up)
This session is a moderated round table discussion to the topic. Max also like to further discuss the MITRE ATT&CK framework and how organisations have implemented this practically.

4:15 – 6:30 pm Workshop II (technical sessions/talks)
Dr. Serge Droz, VP OS-CERT and Vice-Chair FIRST and Dr. Michael Graber, Senior Data Analyst

Data Analytics in a SOC Environment
Does buying a SIEM solve all your problems? How to best do data analytics in a SOC environment: brief demo/PoC and open discussion how to approach the security intel challanges.

6:00 – open end Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A


The Sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events

Registration here!

If it’s the first time you like
to attend, please send us in addition your application