All presentations are in English – except the ISSS Stream will be in German
Richard is Akamai’s EMEA Director of Security Technology and Strategy. With over 20 years’ experience, Richard is responsible for designing and building secure solutions for some of the world’s most influential organisations. Starting out as a hardware engineer, his career has progressed alongside the tech industry as a whole, transitioning from a hardware to a software focus.
Richard is an industry expert in cloud computing, enterprise software and network security. During his time at Akamai, Mirapoint and Prolexic, he has had a strategic role across a broad range of projects, including the transformation of the UK’s largest corporate email implementation, and the deployment of DDoS solutions for multinational organisations to protect critical infrastructure and sensitive data. He is a chartered member of the BCS and CISSP, and is a thought leader in the industry.
Legacy, perimeter-centric security models have proven ineffective. They simply aren’t capable of safeguarding today’s mobile, agile, and hyperconnected workforce and business strategies.
So how can executives maintain the integrity and defense of enterprise data, applications, users, and devices in today’s intensifying threat landscape? A zero trust security model is necessary.
Leadership teams must embrace a “verify but never trust” principle to preserve the health of their networks. Adopting this architecture will enable the organization to evolve, responding to both threats and business processes alike, with confidence and agility.
Laura leads the research organization that serves Infrastructure & Operations Professionals, Security & Risk Professionals, and Sourcing & Vendor Management Professionals. Her team’s research agenda encompasses designing, building, operating, securing, and sourcing the systems, technologies, and processes that firms need to win, serve, and retain customers.
Previous Work Experience
Previously at Forrester, Laura was the Global Council leader for Forrester’s CIO Group and launched Forrester’s Information & Knowledge Management Council. She has also served as research director for both the I&O and S&R research teams. As a Security & Risk analyst, Laura researched operating system security, security architecture, network security, and security incident response, and she served as the chairperson for Forrester’s inaugural Security Forum event.
Prior to joining Forrester, Laura was a senior technologist at Razorfish, a New York consultancy, where she led teams of software developers responsible for eCommerce fulfillment systems, wireless content delivery applications, and real-time trading system interfaces for Fortune 500 clients. Before working at Razorfish, Laura built XML content management systems at PC World Communications in San Francisco. While living in Buenos Aires, Argentina, Laura worked as a translator.
Laura’s work has enjoyed wide exposure in the media, including BusinessWeek, The Economist, The New York Times, and The Wall Street Journal. Laura has also appeared on CBC, CNN, CNBC, and Reuters Television, and she is a frequent speaker at national and international executive conferences.
Laura holds a B.A. in literature and a certificate in Latin American studies from Harvard University. She also attended the University of Buenos Aires.
Amazon’s EC2 service is now a teenager, and today, the default question for most new applications is “Why shouldn’t I build this in the cloud?” And if we adhere to security and privacy by design principles and take advantage of all the controls available from cloud providers, we can achieve security that’s as good or better than what most organizations can achieve in their own infrastructure given resource constraints.
So, onward and upward, right? Yes, but: regulation will force (geographic) fragmentation. Our biggest challenges will revolve around ensuring that data follows the rules about where it can live and be used. This will drive cost and complexity for organizations working across regulatory boundaries.
In this session, we’ll look at the possible solutions to these complexities and their timelines.
Christian joined Kaspersky Lab in 2007 and joined the Global Research and Analysis Team as Junior Malware Analyst the following year. In 2014 he was appointed Head of GReAT, DACH, in order to lead the German division of the Global Research and Analysis Team.
Christian specializes in malware trends, mobile threats, and devices in the field of IoT, in which he researches vulnerabilities and privacy related issues. He’s also passionate about monitoring and analysing gaming related threats. He’s a regular speaker at IT exhibitions and security events around the globe.
Beyond the more common cybercriminal activities being out and about, advanced threat actors are lurking. But just a few cyber-security teams in the world are capable of investigating such sophisticated cyber-attacks. Learn about the latest threat intelligence from Kaspersky Lab’s Global Research & Analysis Team (GReAT) – a worldwide group of top notch cyber-security experts, always on the hunt for the latest malware.
This presentation will reveal striking aspects of as yet uncovered operations as well as trends and future developments, including current, new and uprising technologies such as IoT and cloud-infrastructure.
Alex Teteris has more than 20years experiences in IT leadership roles, mainly in positions around Network Delivery and Security Operations. He was three years the Global Head of Network, Security and Datacenter for a larger Swiss Chemical Company with over 18,000 user. Since June 2018 he is part of the Zscaler team as the Principal Technologist and Evangelist for EMEA.
In this session you will learn how the world will change within the digital transformation and what this means for IT Security. With applications moving to the cloud and employees leaving the corporate network for increased flexibility of work, the Internet is becoming the new corporate network and the cloud the new data center.
This means digitisation goes along with a network architecture paradigm shift: The old IT world of Hub& Spoke networks competes against modern requirements of local Internet breakouts at each location with direct to Internet access. Companies must adapt their security and network infrastructure accordingly to cope with the new requirements of the cloud.
For 20 years Stefan Frei has been involved with cyber security at the interface of society, economy and technology, from the perspective of both the attacker and the defender. He has worked in the areas of penetration testing, defense effectiveness testing, security architecture, and data analytics at home and abroad.
Stefan Frei is an accomplished security writer, authored numerous influencing papers, and frequently speaks at leading security conferences (e.g. BlackHat,
DefCon). He is the head of the Supply Chain Security working group of ICT Switzerland and teaches Cyber Security at ETH Zurich.
At Accenture Cyber Defense, he specializes in using threat intelligence and advanced end- to-end attack simulations to help organizations protect themselves from highly sophisticated and targeted attacks.
In today’s world we deploy, operate, and rely on an growing number of digital devices. Many such devices fulfill critical functions in the industry or critical infrastructures of countries. With the increasing reliance such devices and third party components the security and integrity of the supply chain is a growing, but neglected concern. The recent past has demonstrated that software as well as hardware can be compromised or backdoored, by design and upon delivery, with or without the consent or knowledge of the supplier.
This talk is about the important but largely overlooked risks of the digital supply chain, and key lessons on how society secured critical technologies in the past. The talk concludes with vision why Switzerland is uniquely positioned to become a global leader in this domain.
Udo is a lawyer, specialized in IT law, with 15 years of professional experience. He works with many clients from the banking and Fintech sector and has years of inhouse experience in legal departments. Udo believes that legal advice should lead to pragmatic and practical solutions and does not like litigation in IT law very much, because he considers it uneconomical in most cases and waste of time.
Before becoming a lawyer, he was an IT administrator, consultant and software author for about 10 years. Udo also has four years of inhouse experience at the legal department of a telecommunications systems company. One of his key projects was to give comprehensive legal advice for a cloud-based telephony and collaboration product that was introduced worldwide.
This presentation will provide, among others, a legal view on
Stephan Fritsche, Dipl. Ing. (FH) Computer engineering, started his career after graduating as a specialist for routing and switching systems, followed by business development positions at system integrators and a distributor. At Nortel Networks, he held various channel positions, including managing large partners and being responsible for 2-tier business in Germany. At Cisco, he guided large partners into the data center and cloud world.
For the last few years he has consulted customers as a Product Sales Specialist in the Data Center & Cloud sector. In 2017, he stared working at Check Point Software Technologies and took over responsibility for the Cloud business in Central Europe.
Which concept is the best for Lift & Shift, Cloud Native and Re-Architect. Deploy the right architecture, protect the network data plane and control plane.
In this workshop you will learn more about:
Peter van Eijk is one of the world’s most experienced cloud trainers. He has developed multiple cloud courses and delivered them on many continents. In the past he has worked for Deloitte as an IT strategy and risk consultant, as a project delivery manager at EDS and Dutch Rail, as Technical Director of an Internet provider, and as a researcher and assistant professor at University of Twente, where he also received a PhD. He has also written extensively in the trade press.
Cloud computing is a disruptive innovation, changing a lot of assumptions on how we are to run information technology. Cloud Computing is inevitable and increases the scale at which we manage IT and IT security. Cloud security is not just about new technology, but also about how risk management on a bigger scale. Cloud security’s main challenge is how to allocate and automate risk and security decisions across multiple providers. This workshop will also introduce the attendants to the Cloud Security Alliance Body of Knowledge on cloud security (CCSK).
Linda Strick has worked more than 30 years with the Fraunhofer-Institute FOKUS in Berlin, Germany. Since August 2018 she is in the free block of part-time employment prior to retirement. During her active work she has worked in the area of Cloud Computing over the last 9 years, recently she has focused on cloud security and privacy, standardization and certification processes.
She started in 2016 with Innovation Management and Technology Transfer and supported within Fraunhofer-Institute FOKUS the process of innovation findings and technology transfer. She has long experience with the public sector and pre-commercial procurement as a new instrument for innovation in the public sector. She has been working with national and international projects, in standardization organizations and published several papers, amongst other Cloud Computing for the public sector (2010). She has coordinated several EU Projects, recently a Horizon 2020 project “European Security Certification Framework for Cloud services”.
She is a member of the European Open Science Cloud High Level Expert Group (EOSC HLEG) and a member in the Cloud Stakeholder Working Group on Cloud Security Certification. She is also Member of the Cloud Security Alliance and responsible for the further development of the CSA European GDPR Center of Excellence. By joining CSA, she complements her activities towards Cloud Computing with an essential aspects of security, privacy and certification and testation.
The Cloud Security Alliance (CSA) has created the CSA Code of Conduct for European Data Protection Regulation (GDPR) Compliance. It aims to provide Cloud Service Providers a solution for GDPR compliance and to provide transparency guidlines regarding the level of data protection offered by the CSP.
This session gives insight into the tool supporting the evaluation of the level of personal data protection and gives examples for CSPs to comply with EU pesonal data protection legislation in a structure way.
Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings.
He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Network Automation, Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.
Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.
This Vendor-independent Workshop Provides You
Traditional networking engineers entering the world of public cloud for the first time often feel like Alice in Wonderland. Everything looks and sounds familiar, and yet it all feels a bit different – ACLs sit in front of servers instead of on a router, there is no router, NAT happens somewhere behind the scenes…
This whole day workshop will help demystify the networking aspects of Microsoft Azure. We’ll start with the high-level concepts, cover security aspects, and conclude with complex routing and hybrid cloud implementations.
This workshop is to book separately at https://www.sig-switzerland.ch/microsoft_azure_networking/
Andras Khan CIPPE CIPM. Andras joined Microsoft in 2000 and is currently responsible for a portfolio of solutions embracing data privacy, data protection, security and collaboration for the largest customers of Switzerland. He is also one of the founding members of the Microsoft Data and Privacy Advisory Council, which is chaired by the Microsoft global chief privacy officer. He has been involved in several Virtual teams on Microsoft’s own implementation of the GDPR.
This session will feature a roundtable panel based on the previous speakers of the day, who will be discussing various practical experiences and guidance on common challenges regarding cloud governance, cloud security and GDPR. During this session, the audience will also be encouraged to share their experience or feedback on the various topics discussed by the panel. Come and learn from your peers, as well as share your experience and build your network.
The session will be moderated by Andras Khan from Microsoft.
Neil holds 20 years experience in the Information Security industry with 10 years financial services experience in the insurance and banking arena. Neil is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program alongside CERTs to position the threat landscape, offer mitigation advice and threat analysis innovation. Neil is also co-founder and board member of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role, engage and support interest in the infosec industry and offer advice and tools to move organisations towards improved risk and data-centric strategies.
As organisations move ahead with their digital transformation programmes into the cloud, their security strategies must also change to become cloud-first and/or cloud-centric. With the emergence of new cloud security standards, codes of conducts, compliance certifications and the evolving threat now targeting cloud instances of IaaS, PaaS and SaaS, a security transformation is necessary to stay up-to-date and relevant.
In this session, Neil Thacker, CISO EMEA for Netskope, will share insights and best practices on:
Franck Braunstedter currently heads the cloud security & cyber defence teams at NTT Security. Previously he was head of cyber security for an international biotech company headquartered in Switzerland.
Franck has 20 years IT security background and has implemented several cloud migration projects. As cloud security specialist, he focuses on compliance automation, continuous configuration and DevOps, ensuring security teams are participating as active business enablers in current IT transformation projects and not as show stoppers.
Compliance Automation and Configuration Automation are a must have for cloud environments. This ensures a hardened infrastructure and full compliance and helps to rapid response. But the implementation of these solutions is typically very complex.
NTT Security illustrates the challenges in practice and demonstrates the benefits of the two automation technologies, if successfully integrated and working “hand in hand”.
Efrain Castaneda Mogollon is an international legal professional with expertise in Law and Technology, Privacy and Data Protection. Efrain is an attorney at law and holds a law degree (J.D.) from Mexico and an MPhil with accent on regulation of emerging technologies, from Tilburg University School of Law in the Netherlands. In conjunction with his legal background, Efrain is a certified international privacy professional (CIPP/E) and holds an Honour Code Certificate by Harvard School of Economics for having successfully completed and received a passing grade (1st of the class) on a distance-learning course titled Innovating in Health Care (BUS5.1x).
Efrain has worked in the Netherlands, Italy, Belgium and in the UK conducting privacy legal research for various EC-funded demonstration projects and initiatives in the fields of security, community policing, and health. Recently, Efrain has been mapping different data protection laws across the globe, outlining privacy compliance requirements intended to help a wide spectrum of public and private organisations.
Managing third-party cloud vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more.
In this session, we’ll breakdown a six-step approach to automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.
Peter R. Bitterli, bekannt als ausgewiesener IT-Revisions-Experte mit langjähriger Erfahrung als Revisor sowie als Inhaber der Ausbildungsfirma ITACS Training AG. Peter R. Bitterli ist Mit-Autor diverser Publikationen in Sachen IT-Governance und Revision sowie Mit-Autor entsprechender Standards. Er ist Gründer des ISACA Switzerland Chapter und verfügt über mehrere Dekaden an Berufserfahrung.
Was macht eine “gute” Evidenz für die Nachvollziehbarkeit digitaler Prozesse aus? Das nachverfolgen und nachvollziehen von Tätigkeiten und Prozessen im digitalen Umfeld ist hochbedeutend – Peter Bitterli wird dazu einige Beispiele aus der Praxis erläutern.
Mehmet Yaliman, currently a Senior Regional Solutions Architect at Ping Identity with focus on the DACH-region, has been in the IAM Space for a decade in various roles, working on the Customer, System Integrator and Vendor fronts.
Starting as an IAM Specialist at the Turkish System Integrator Biznet, where he was part of major IAM implementation projects for leading enterprises in the Turkish market, he continued his career at Ping Identity as a Solutions Support Engineer, later leading the EMEA-team. He then moved to Germany to join E.ON as an IAM Architect, and rejoined Ping Identity in 2018 for his current role.
As APIs are becoming a crucial way of accessing data and services, acting as a multiplier for organizations to develop disrupting solutions, the security thereof also becomes more and more relevant. Classical security paradigms laid out for web resources fall short of providing an effective protection against API-specific threats, why new approaches such as leveraging the strength of Artificial Intelligence are emerging. Join us in this session to get an overview of API-specific attacks, the limits of a classical defense approach and how AI can strengthen the security posture of an organisation with regards to their APIs.
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes.
Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange.
A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.
Much compute and storage is gone or going to the cloud. Well established best practices for security exist but not directly applicable anymore. Ephemeral instances escape classic security tooling, but there is potential for permanent damage. This presentation will walk through Amazon AWS and Qualys to give specific examples of the problems and how they can be addressed.
David Levine is Vice President of Corporate and Information Security & CSO for Ricoh USA, Inc. In this role, he has responsibility for operational security, security strategy, security policy, corporate and physical security, access management, eDiscovery and litigation support and some compliance functions. Levine chairs Ricoh’s Security Advisory Council, leads Ricoh’s Global Virtual Security team and is routinely engaged in customer opportunities to discuss risk and security.
Levine has held a wide and diverse variety of positions during his 24-year tenure with the company, including IT engineering, project management, vendor management, Six Sigma and Technology Infrastructure and End User Services leadership, giving him a great perspective on technology, the business and security.
Levine is a member of Forrester Research’s Security & Risk Leadership Board, the FBI’s InfraGard Program and is an Atlanta Governing Body Co-Chair with EVANTA. Levine is a frequent speaker and writer. He holds a Bachelor of Arts degree in Information Systems with minors in Computer Science and Business from Eckerd College.
Public cloud apps like Office 365 and AWS can provide your organization with increased speed and agility, but also come with security & compliance challenges that only increase as your organization expands its cloud footprint. We will discuss how leading organizations protect data as their cloud presence expands.
Florian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of IoT devices as a CREST certified, ethical hacker.
Today, Florian Lukavsky heads SEC Consult in Switzerland. With offices in Europe, USA, and APAC, SEC Consult is an international leader in application security services, information security consultancy. Having defined security standards and regulations in Germany and Austria, SEC Consult and Florian are now devoting their expertise to aid Swiss organizations to be ahead of cyber criminals.
What are the main attack vectors for IoT devices? How are IoT devices abused by cyber-criminals? What are strengths and weaknesses of IoT clouds? In a world of connected “everything”, join Florian Lukavsky in a round table discussion to elaborate on common security challenges of IoT and develop strategies to minimize risks posed by those connected devices.
Umberto Annino, eidg. dipl. ICT-Security Expert und -Wirtschaftsinformatiker, arbeitet seit 1992 in der ICT und hat Erfahrungen in den Bereichen Anwendungs- und Systementwicklung, Projektleitung und Information Security Management & Consulting gemacht. Heute ist Umberto Annino als Head Security Governance bei SIX Group tätig, mit Fokus auf Informationssicherheit sowie regulatorische und rechtliche Anforderungen an Cyber-Sicherheit. Er ist nebenbei als Dozent für Cyber-Security, IT Risk Management und Datenschutz tätig und amtet im ISACA Switzerland Chapter im Vorstand als Ausbildungs- und Zertifizierungs-Koordinator sowie als Präsident der ISSS Information Security Society Switzerland. Daneben ist er im Beirat des Unternehmen SwissFinLab, in der Kommission Cybersecurity von ICTswitzerland und im Cybersecurity Beirat der Schweizerischen Akademie für technische Wissenschaften (SATW) tätig.
Systematisches Risikomanagement in der IT ist leider noch eine junge Disziplin. Entsprechend liegt wenig “best practise” vor und auch auf statistische Grundlagen kann selten referenziert werden. Im Vortrag werden verfügbare, bestehende Werkzeuge (Standards, Frameworks, Tools) vorgestellt und verglichen, sowie deren Tauglichkeit für das Risikomanagement bei “digitaler Transformation” erläutert. Auf dass die Transformation eines “nicht so sicheren traditionellen Prozess” in einen “sicheren digitalen Prozess” vollzieht!
Daniel Coray leitet bei der SIX Group den Bereich Cyber Defense, seine Themenschwerpunkte umfassen Incident Response, Threat-Intelligence/Hunting, CERT, Vulnerability Management, IT-Forensics ,Cyber-Resilience und Red Teaming.
Er agiert als Berater im Managed Security Service und Security Operation Center und ist Teilnehmer in verschiedenen Security Gruppen.
Von 2013 – 2016 war er als Leiter des Swisscom Security Operation Center (SOC MSS) tätig.
Er bezeichnet sich als ein open-minded IT-Security Leader mit mehr als zehn Jahren Erfahrung in der Security Branche, als Security Engineer, Security Consultant und als Leiter von Security Operation Center (SOC) und Computer Security Incident Response Team (CSIRT) Organisationen.
Digitalisierung und Sicherheit: Zwei Seiten einer Medaille
Die Digitalisierung von Geschäftsprozessen steht für viele Unternehmen ganz oben auf der Agenda und ist im globalen Wettbewerb unabdingbar. Die zahlreichen damit einhergehenden rein funktionalen Anforderungen und die damit verbundenen Veränderungen des Geschäftsumfeldes bringen viele Unternehmen bereits an ihre Belastungsgrenzen. In der Folge werden nicht-funktionale Anforderungen wie der sichere Betrieb und Schutz vor Angriffen oft nur unzureichend umgesetzt. Auch verfügen nur die wenigsten Unternehmen ausserhalb der Finanzindustrie über die notwendige Erfahrung im Umgang mit Informations-Sicherheit. Unvollständige oder missverstandene Anforderungen und «fundiertes Halbwissen» führen daher oftmals zu zwar teuren aber dennoch unzureichenden Sicherheitskonzepten. So sind ganzheitliche Sichtweisen und praktikable Lösungen gefordert, um die Digitalisierung erfolgreich zu gestalten.
Digitalisierung und Automatisierung: Wie lange braucht es SOC, RedTeams und Pen-Tester?
Mit der Digitalisierung kommt auch “machine learning” und Künstliche Intelligenz. Schon heute kann die schiere Datenmenge nur bewältigt werden, wenn konsequent automatisiert wird bei der Überwachung der Sicherheit. Doch wie sieht die Situation in den nächsten Jahren aus – automatisieren wir unsere eigenen Jobs weg und wird es SOC (security operation centers), RedTeams und Penetration-Tester noch brauchen?
Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cyber security, human manipulation and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. Mr. Brack is accessible, real, professional, and provides topical, timely and cutting edge information. Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly – inspire and empower action.
Dominik wird in dieser Session über Drohnen, Drohnenrisiken und Gegenmaßnahmen sprechen. Drohnen sind zu einem inhärenten Risiko geworden, nicht nur für kritische Infrastrukturen, sondern auch für öffentliche Veranstaltungen (Sport, Konzerte) und die Privatsphäre. Er wird über den speziellen Risikokatalog sprechen, den er für ein kleines, hochspezialisiertes Start-up namens DroneGuard entwickelt hat. Der Katalog enthält über 140 detaillierte Drohnenrisiken – von der Nutzlast von Drohnen (Sprengstoff, Chemie usw.) bis hin zu Cyberrisiken wie Signal Hacking & Disruption (WiFi, GSM, Bluetooth, RFID, etc.).
Dominik wird auch das Risk Management Framework aufzeigen, welches er durch persönlichen Erfahrungen mit einer Nutzlastdrohne und den Cyber Risiken in diesem Zusammenhang gemacht hat.
Diese Session ist für alle, die kritische Infrastrukturen aus physischer Sicht schützen müssen oder sich beziehungsweise ihr Unternehmen vor Auswirkungen in Sachen Datenschutzfragen absichern wollen.
Ronny Fischer has more than twenty years of experience in the IT security domain, and has worked across most security related areas ranging from
ethical hacking, firewalling, IDS/IPS, SIEM/SOC, IAM, endpoint protection and cloud security to general enterprise security. As Security Evangelist for T-Systems, Ronny acts as a trusted security advisor to T-Systems customers, and guides organizations in their security planning and integration.
In this workshop participants will consider Enterprise Cloud Security, with a focus on those security topics which are important for enterprises moving to, or considering a move to, cloud services. In particular areas such as Network Security with IaaS Cloud services, Data Storage, Compliance, Identity and Access Management + Integration into a local SIEM will be considered.
The workshop goal is to give attendees a good understanding of cloud associated security issues, and examples of how various aspects of cloud security are approached by various organizations. Best practices guidelines will be identified and discussed in the session.
Thorsten has been working in IT and cybersecurity for over 19 years, holding Consulting and Management roles at numerous IT security vendors and integration partners. Thorsten currently consults customers and prospect on their digital transformation journey. He was awarded with an MBA by the university of Wales in 2014 for his study about strategic management consulting. Thorsten is accredited as CISSP, CISM and Ethical Hacker.
In a world facing innovative attacks modelling the DevOps “move fast and break things” process itself, IT security now needs to adopt – automate everything. Automate security. Automate yourself out of your old job, and into your new one.
The DevOps momentum provides opportunities for IT Security to become innovators all over again. Join this presentation by Thorsten Geissel to hear how companies are achieving a balance between security and agility in a world with shifted priorities.
Rainer Rehm is Data Privacy Officer (DPO) and Chief Information Security Officer (CISO) for the Central Europe Region. As DPO, he is responsible for identifying and merging business and technical digitisation efforts among companies and organisations. With this function, customers now have at their disposal access to critical data security and data protection to help them transform their networks and move applications to the cloud securely.
Rainer was most recently responsible for the construction and development of the digital logistics and transport platform, RIO, where he was a security architect, and held the role of data protection coordinator at MAN Truck & Bus. Prior to that, he worked in the areas of information security, business continuity management and risk management at Siemens and later for the joint venture, Nokia Siemens Networks (NSN), where he introduced security solutions based on enterprise requirements.
Rainer is also the founder of the Information Security Academy IS@R² in Munich. In Germany, he co-founded one of the first (ISC)² chapters and continues to serve on the Board of Management. He is also a member of the European Advisory Council (EAC), a committee representing (ISC)² members in the EMEA region.
When your business is transitioning into the Cloud, is your workforce ready for it? There is more than just rolling out new devices and tools.
Cloud means new technologies and new ways of working which is not always easy for your workforce. What exactly happens when you transforming into the “new world”? What are the biggest challenges your users are affected with? How you can make sure that new ways of working not open new ways of misbehaviors? How to make sure you don’t create new security issues just because of new processes your users are not familiar with till today?
In this session we will discuss new behaviors and define new use cases for your users and how you can prepare your staff to be ready for this “new world”.