SIGS Kick Off – IT Security Strategy 2018 and beyond:
Challenges & Priorities



Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

Vendors, Suppliers and Consultants which don’t help to sponsor and therefore support this platform are not authorized to take part

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Eventalm
Meienbreitenstrasse 9
8153 Rümlang
Date of Event 18th of January 2018
Language English
Schedule see agenda below
Participation Costs Fr. 95.— per participants
Speeches, Apéro, Dinner and all beverages included
Especially No contact details or email addresses will be provided to any sponsor. The presentations will not be published after the event – it’s a closed community!



1:00 – 2:00 pm Registration & Coffee
2:00 – 2:15 pm Welcome & Introduction by SIGS and the moderator Amar Singh, CISO and Founder at Cyber Management Alliance
Amar Singh is an industry influencer and leader, founder of a not-for-profit organization and the Cyber Management Alliance and Chair of ISACA’s UK Security Advisory Group.

Amar is engaged as a trusted business and cyber security advisor, mentor to C-level executives, and a consultant to organizations who need to reduce their risk exposure, deploy post incident remediation, build security teams, increase cyber resiliency and mature their information security and data privacy posture.

2:15 – 2:45 pm Dr. John I. Meakin, formerly Chief Security & Risk Officer at Burberry UK
Dr. John I. Meakin has recently retired as a Chief Security & Risk Officer and now advises a number of businesses on cyber risk. Dr. Meakin is a specialist in information and systems security with more than 25 years experience. Most recently he was Chief Security Officer for the luxury goods conglomerate Richemont International SA (Cartier, Montblanc, Piaget, etc) in Geneva, with oversight over physical, information and cyber security.

Previously, he has built and led security functions in a range of Banks, notably the Royal Bank of Scotland, Dresdner Bank and Standard Chartered Bank. He has also been Chief Information Security Officer of BP and Reuters. He was a founding board member of the Jericho Forum, and has served on the Customer Advisory Boards of the specialist security product companies Skybox Security, Qualys, Veracode and Watchfire, as well as Microsoft, IBM and HPE.

He is a regular speaker at industry conferences and public forums on a variety of risk and security topics. He has a Ph.D. in experimental solid state physics from Cambridge University.

Cyber Security for Digitised Business 2018 and beyond
John will discuss how the key trends behind steadily “digitising” businesses affect the cyber threats and the business organisation and process pressures that the CISO must face. He will lay out how a CISO can rise to these challenges and what constitutes an effective cyber security strategy in response. He will advocate a change in “philosophy” on the part of the CISO in partnering with the front-line business management to achieve a secure, digitally transformed business.

2:45 – 3:15 pm Florian Schütz, Head IT Risk & Security at Zalando SE
As Head of IT Risk and Security Florian is responsible for the protection of the core platform and the complete value chain of Zalando. With his teams Florian rethinks how security can be done in an agile, de-centralised, fast growing organisation that grants its more than 1´700 IT Engineers large degrees of autonomy.

In his spare time, Florian loves to travel. Preferably he enjoys to make his travel more adventurous going by motorcycle and explore the world off the beaten track.

E-Commerce Security Challenges in 2018 and beyond
In his presentation Florian will talk about future challenges such as efficient identity and access management in increasingly distibuted systems, dynamic risk assessments to drive security investments and privacy protection, especially in relation to GDPR. Florian will focus on using examples from E-Commerce but also outline why these challenges are relevant for other industries as well.

3:15 – 4:00 pm Break
4:00 – 4:30 pm Jonathan Sinclair, Associate Director Information Security at Celgene International
Jonathan Sinclair is an active IT security professional whose operated successfully at all levels of the corporate chain, with roles including: developer; engineer; pen-tester; reverser; service owner; architect and director.

He’s spent most of his professional career focused around the pharmaceutical area, however he’s also consulted and deployed security solutions to the financial, governmental and NGO business verticals.

Alongside his professional engagements he was the founding member of the Swiss Honeynet Project, has conducted research into unique stains of malware, presented on the emerging topic of Explainable AI, contributed to the fileless malware knowledge base and published papers on the legal ramifications of autonomous vehicles.

The cyber security hype-cycle is upon us. Is there a wave to be ridden or shall we keep our heads down until the disruption passes?
The pace of emergent technologies and techniques is ever increasing and we find ourselves in a moment where it feels that everything is new: augmented reality, data lakes, server-less architecture, machine learning, back-flipping robots, behavioral detection, etc.

Is this really something innovative or are old ideas being recycled? In this presentation I will give you an idea about what I see will be important for 2018.

4:30 – 5:00 pm Stephan Pfirter, Divisional Information Security Officer at UBS AG
Stephan Pfirter is a Divisional Information Security Officer of UBS AG. He has more than 17 years of experience in Information Security , where he held various technical and managerial roles.

His current mandate includes enabling the business, whilst at the same time protecting the organisation by properly balancing cost, benefit and the level of residual risk.

A topic in 2018 and definitively as well beyond
Dear CISO, your board is pushing back on you? Then it’s time to rethink your approach!

Your board is (getting) tired of you constantly asking for more money to fix security? They seem to not understand the need and urgency? Maybe rightly so!

In my presentation I will show you the typical reasons for this reaction and potential ways out. Maybe some hints you can use in 2018 and as well in future.

5:00 – 5:30 pm Herbert Abben, Director SANS Institute EMEA
Herbert Abben has been a leader in the IT training industry for 25 years. Among other responsibilities, he has founded and established the New Horizons Training Center network in Germany, created and provided a job portal exclusively for the Microsoft partner channel and worked for several years in the global advisory council of Microsoft Learning.

Today, he is Director of the SANS Institute EMEA, responsible for the DACH region. In his spare time he plays tennis and is also active in the field of training: communication training for medium and small companies in his community is his hobby.

The shortage of skilled IT security professionals – more important than technology!?
In the last 20 years, the topic of cybersecurity has often been reduced to the investment of hardware and software. The HR-development and -recruiting process has been, and still is, neglected. Combined with the requirements of Generation Z and demographic challenges, it is now necessary to attract newcomers and career changers into the IT security industry.

In his presentation, Herbert Abben discusses some new and innovative ways in order to win the “war for talent”.

5:30 – 6:00 pm Podiums Discussion moderated by Amar Singh
6:00 – 7:00 pm Apéro
7:00 – 8:30 pm Dinner (buffet with hopefully something for everyone)
8:30 – 9:00 pm Severin Wischmann, Senior Penetration Tester & IT Forensics Specialist at Oneconsult
Severin Wischmann has studied computer science at the Swiss Federal Institute of Technology (ETH) in Zurich, one semester of which he spent in Sweden at Lund University. During his master studies he specialized in IT security and wrote his master thesis in the field of hardware security.

Severin has worked as a teaching assistant at the ETH focusing on programming and as a software engineer for an e-commerce company doing web application development. He joined Oneconsult in October 2014 as a penetration tester and IT forensics specialist and became a senior penetration tester in April 2017.

Severin is an Offensive Security Certified Professional (OSCP), a GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), holds the GIAC Reverse Engineering Malware (GREM) certificate, is an OSSTMM Professional Security Tester (OPST) and an OSSTMM Professional Security Analyst (OPSA).

Phishing – one click away from disaster
While operating systems and their default software like browsers getting more and more secure, hackers rely on users being the vulnerability. Social engineering, the art of creating a scenario where a person behaves as the attacker intends him/her to do, is used in various scenarios, such as the CFO fraud or phishing campaigns.

Employees are often trained to not open attached documents in emails received from unknown senders and to never enter any credentials as neither a financial institute nor the IT desk would ever ask for them. But a lot of users will still click on embedded links. This is mostly due to curiosity, but also has a lot to do with company guidelines and practices. A lot of emails still contain legitimate links, which just lowers users’ awareness of security risks associated with visiting arbitrary websites.

In this segment potential risks of visiting arbitrary websites as well as embedding advertisements from third parties are demonstrated with a practical demonstration.

9:00 – open end Desert, Networking and Know How Sharing to the topic IT Security Strategy 2017


The Sponsors of this event are:​








This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here

Cancellation Policy
Cancellations of registration are free of charge until 60 days prior to the event. Cancellations received after this point will incur 50% of the admission fee. 30 days prior to the event we have to invoice the full amount if you cancel. You will get back payment for the respective amount.
In any case, however, a delegate may be sent at no additional cost