SIGS Special Event – Cyber Security Strategy – what should be covered?


Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 3.75 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 30th of November 2016
Language English
Schedule see agenda below
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and aperitif included


2:30 – 3:00 Registration & Coffee
3:00 – 3:05 Welcome & Introduction by the moderator Stefan Strobel, CEO and founder at cirosec GmbH
3:05 – 3:35 Ilia Kolochenko, Chief Executive Officer and Founder at High-Tech Bridge

Why we still cannot stop cybercrime – a global overview
The growth of global cybercrime is significantly outperforming the growth of effective cyber security. More companies are becoming victims of this type of crime despite rising security budgets.

This presentation will review the causes of cybercrime, and discuss how companies can mitigate the risks in a simple, efficient and effective way without spending a fortune on vendors’ solutions. We also discuss what should be covered for an effective Cyber Security Strategy.

3:35 – 4:05 Darron Gibbard, Chief Technology Security Officer at Qualys

2016 State of Vulnerability Exploits
More than 6000 new unique vulnerabilities will likely be disclosed in 2016. CSOs, CISOs and IT security professionals are expected to keep their organizations safe from new flaws and existing vulnerabilities. This constant deluge of vulnerabilities is hard to address and many IT departments ask for prioritization information.

In this presentation we take a look at using exploit information to drive remediation.

4:05 – 4:35 Stefan Strobel, CEO and founder at cirosec GmbH

APTs today: how to detect, prevent and deal with targeted attacks
Recent discussions on targeted attacks or APTs reveal that currently established detection methods are neither capable of stopping nor detecting a sophisticated attacker who uses individual malware. Even the additional use of event correlation or SIEM solutions can hardly get us any further. New technical approaches such as sandbox analysis, C&C traffic detection or specialized manipulation detection on endpoints are to close this gap today.

The talk by Stefan places the numerous detection technologies including additional topics like SIEM, vulnerability management and threat intelligence (TI) in an overall context, evaluates them and presents prospects.

4:35 – 5:10 Break
5:10 – 5:40 Carlo Hopstaken, Group Information Security Office at UBS AG

Using Threat Intel to steer you Cyber Capability requirements and risk appetite
In this session a brief overview will be provided on an approach how a firm can define their required cyber capabilities, report on residual risk, drive improvement initiatives, and discuss risk appetite with senior management.

5:40 – 6:10 Thomas Dullien, formerly Google staff and CEO at zynamics (aquired by Google)

Re-architecting a defendable Internet
One of the principal reasons why securing infrastructure is difficult is the fact that the networked world has an extra dimension that the real world does not have: In the real world, we have the dimension of ‘ownership’ and ‘possession’ of objects, where usually being in possession implies that one also has control over an object. In the virtual world, the dimension ‘control’ is independent – I can legally own my computer, and have it in my hands, but have no control over it.

Unfortunately, our infrastructure was never designed to establish who is in control of a given device. This talk outlines what would be necessary to construct a software and hardware infrastructure which allows a person to establish that he is truly in control of a device.

6:10 – 6:30 Panel Discussion moderated
6:30 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A


The Sponsors of this event are:

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.

Mobile Menu