All presentations are in English – except the ISSS Stream will be in German
Prof. Dr. Igor Podebrad is Group Chief Information Security Officer and Head of Security at Commerzbank AG. In his role he’s responsible for the global and corporate-wide
• Security Strategy
• Security Governance as well as the correspondent Policy Framework
• Security Risk Analysis Management
• Technical Threat Analysis (Penetration Tests)
• Security Consulting & Research
• Security Logging & Monitoring respectively Security Information and Event Management
• Security Enforcement & Control functionality
Before Prof. Dr. Igor Podebrad has worked as an IT Security Architecture Specialist in several projects, followed by management positions in topics like IT Security Standards, Threat Analysis and Forensic as well as Threats Defense.
He has a professorship for topics like IT Forensic and Cyber Crime at the University of Applied Sciences Brandenburg, owns a certificate of economic science from the University of Passau and received his doctorate from the Freie Universität Berlin.
Igor will try to get to the bottom of the following aspects in his session:
Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source Internet software including BIND 8, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first commercial anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a breakthrough European data sharing collective to fight cybercrime.
Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.
Quietly and without fanfare, a small group of powerful technology companies in Silicon Valley have insinuated themselves into the Domain Name System (DNS) resolution path, simply by providing a free service and waiting for the inevitable madness of crowds to drive traffic to that service. Since almost all Internet activities begin with a DNS transaction, this provides dangerous insight to non-contracted parties who have no limits to their use of our data.
In this lecture, Dr. Vixie explains the basic technology involved, and the history of the last 15 years of surveillance capitalism’s DNS agenda. The recent DNS Over HTTPS (DOH) standard will be described, and recommendations will be made for individuals, families, and businesses as to restoring and retaining control over their digital exhaust.
Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology.
He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.
The MITRE ATT&CK framework has gained a lot of traction in the security community as a taxonomy and knowledge base to describe adversary behavior. However, the framework and its related tools have a much broader potential impact and scope. What’s missing is a good understanding of the practical operational use cases and the supporting tools.
This session will fill that gap by explaining the essence of the ATT&CK framework and its operational relevance, identifying ATT&CK use cases in prevention, detection/hunting and response and providing insight into the available tools and systems to convert ATT&CK into practice.
Jeff Hamm has been employed with Mandiant since 2010 and is a Technical Director helping improve operations and internal process in the Managed Defense services. He was formerly assigned to the Europe region, where he managed a team that conducts forensic examinations and incident response. He also works part-time as an adjunct lecturer at NTNU (Norwegian Science and Technology University) in Gjøvik, Norway since 2011. There he provides intense practical labs based on real world computer forensic incidents using both Windows and Linux servers and attacker systems. He has co-authored “Digital Forensics” edited by Andre Arnes in 2017. The book is designed for academia and practitioners.
He was a Deputy with the Oakland County Sheriff’s Office in the State of Michigan, USA for over 11 years. He worked four years with the Sheriff’s Office as a Computer Crimes Detective and Forensic Examiner and three years as a first-line supervisor (Sergeant).
Jeff has significant experience in the computer forensic field and obtained his CFCE (Certified Computer Forensic Examiner) in 2003. He obtained his ACE (AccessData Certified Examiner) in 2008, his EnCE (EnCase Certified Examiner) in 2010, and his GCFA (GIAC Computer Forensic Analyst) in 2010. He has been instructing in the field of computer forensics since 2004 at IACIS (The International Association of Computer Investigative Specialists).
Mandiant provides an annual report of trends that have been observed during investigations, security operation center activities, and penetration testing. The trends can provide a useful tool to assist defending against cyber threat actors.
This year, trends included public attribution by governments, attacks perpetrated against third party providers, the expanse geographically of targeted threat actors, merger and acquisitions with lingering threat actors, and an increased volume of ransomware attacks. We’ll discuss these trends in more detail and will include defensive actions that can be implored or improved to assist with prevention of an attack or eradication of an attacker.
Julien has been working in IT security for more than ten years. Specialized in IAG & PAM, he worked in various positions delivering projects or designing them. He’s now Customer Success Manager for Alsid.
Most, if not all, large enterprises have defined a Business Continuity Plan (BCP) to ensure that business operations continue when adverse events occur. The most mature of those companies, predominantly in regulated industries, have integrated – or are in the process of integrating – cyber resilience in their BCP. But, although cyber risks are now well documented, most of the plans we have seen still underestimate, despite tangible evidences, the one corporate infrastructure that, if disrupted, would shut all operations down.
In this session, we’ll analyze the business continuity impacts of Active Directory attacks. Through real life examples, we’ll analyze a threat that has the power of halting factory, grounding airplanes, preventing employees from accessing their emails, and basically nullifying your business capabilities.
We’ll then provide guidelines as to the steps companies should take to move their Active Directory resilience from zero to good enough to world class, so that they don’t face the media and operational crisis Sony, Target, Delta, and others faced.
Marc Green is an SC vetted information security professional with a focus on threat intelligence and strategy. Marc has over nine years of experience in information security, predominately spent within financial services. As Principal Threat Intelligence Analyst he is primarily involved with intelligence analysis and dissemination, coordinating and contributing to a number of information sharing initiatives, and engaging with trusted partner communities.
Prior to joining Anomali, he led the Threat & Vulnerability Management (TVM) function at a pan-European stock exchange and has consulted on threat intelligence capability maturity. He holds a Bachelor of Science (BSc) and Master of Science (MSc) from Queen’s University Belfast and a Post-graduate Diploma from the UCD Michael Smurfit Graduate Business School, Dublin. He also holds a number of industry certifications.
In a world of threat actors, sandboxes and Artificial Intelligence crawling the dark web, Threat Intelligence can range from being extremely helpful to inundating Analysts with extreme amounts of useless data. In this talk, we’ll present a tour of how Threat Intelligence is generated and curated; how it can be disseminated and analyzed; and, finally, how it can be brought into real-world security operations.
Alexandre Karlov earned his Master degree in Communication Systems with specialization in information security from Swiss Federal Institute of Technology Lausanne (EPFL), then followed with a PhD in cryptology from the same institution which he successfully defended in 2010. He has worked for more than 9 years at Kudelski group first as a cryptography expert and then as cybersecurity program manager.
Dr. Karlov was holding the position of professor at the University of Applied Sciences and Arts Western Switzerland in Yverdon-les-Bains where he taught various subjects related to information security and was leading a number of applied research projects. He is now Vice-President Security at ARCATrust in charge of protecting customers and solution against today’s and tomorrow’s threats.
One of the main risk factors in blockchain systems is the security of private key material used for signing transactions. Therefore, getting access to the private key was historically one of the most interesting exploitation vectors for potential attackers. Today the so-called hardware wallets where the private key is stored in a secure hardware chip are becoming more and more common. At the same time one can observe that successful attacks on these wallets are becoming quite frequent. In the world of organized crime in general and in cybercrime specifically, when big money is at stake, criminals know how to put the right amount of effort to obtain a good return on investment.
In this talk we will review some of the recent attacks aimed at stealing or using the private key including attacks on hardware wallets and we will review some ways of keeping our keys safe.
Currently he is the Chief Risk & Security Officer and partner for Blockchain Propulsion, a business accelerator headquartered in Kanton Zug (the crypto valley) Switzerland. His background is in cyber security & risk specialist with over 20 years experience providing multinational companies with global solutions.
For the last 8 years of his career he was a group level expert (1 of 80) for a global technology company of over 150,000 employees with locations in over 100 countries. He has successfully negotiated contracting Security Governance controls in many different industries for mergers, acquisitions, divestitures and sourcing exchanges (opportunities measured in multiple billions of Euros). Formerly, he was a key privacy expert contributing to EU workgroup 29 on EU privacy for GDPR.
Blockchain has become to be synonymous with crypto currency and initial coin offerings (ICOs) in 2018. The underlying emerging technology is reinventing itself on a monthly basis. New ideas and new solutions are evolving, while key fundamental values of the technology continue to improve.
This session will provide a brief overview of the blockchain technology and the underlying technical developments blockchain can bring (a business approach). Recent news on blockchain and misconceptions. Focus on finding and recognising disruptive business opportunities for applying blockchain solutions (financialization of Risk controls).
The „Inside Threat Risk Detection – Inventory” is an instrument to ensure early detection of potentially hazardous people (e.g. assassins or saboteurs). It can be used as part of the selection of future employees or to detect dangers in existing staff. The tool has been constructed in close collaboration with counter-terrorism forces from Germany, Austria and Switzerland and consists of 16 scales. Six scales were selected by using the assassin personality theory of Endrass (2015), 10 scales were empirically found using the knowledge of the counter-terrorism experts.
Test construction was done by means of modern test theory, the test confirms to the “Rating Scale Model (Fischer, 1991)”. One special focus of the tool is the detection of actions of faking and malingering with three different methods. Traffic lights in the result document at a glance show “risk of violence”, “insider threat risk” and “tendency of aggravation”. The test is currently used by European airlines, public transport companies, police, security companies and energy provider. The tool has already been translated into various languages.
Dr. Hubert Ritzdorf’s passion is to secure the blockchain, he leads an expert team for smart contract security and designs new analysis tools making audits faster and more reliable.
He has audited projects that raised several hundred million dollars, and in the process has found countless critical vulnerabilities. Dr. Ritzdorf has provided design consultation for many blockchain-based systems, exchanges and reviewed several high-level protocols built around smart contracts.
Blockchain is immutable but smart contracts are not un-hackable! Individuals, companies, and organizations are getting actively involved in a still young field with an only recently strong focus on formal security.
The presentation gives an overview of the development of blockchains and smart contracts and afterwards moves on to discuss unique attack vectors on smart contract applications.
In the process, case studies of successful attacks will be shown, as well as manual methods and state-of-the-art research tools presented, which can help to mitigate these.
Peter van Eijk is one of the world’s most experienced cloud trainers. He has developed multiple cloud courses and delivered them on many continents. In the past he has worked for Deloitte as an IT strategy and risk consultant, as a project delivery manager at EDS and Dutch Rail, as Technical Director of an Internet provider, and as a researcher and assistant professor at University of Twente, where he also received a PhD. He has also written extensively in the trade press.
The Certificate of Cloud Security Knowledge (CCSK) demonstrates that you have the skills and knowledge to ensure that cloud services are implemented and utilised within your organisation with the appropriate security controls in place. This includes technical as well as management and governance domains.
The body of knowledge and the CCSK are now at version 4, and include the latest relevant topics including DevOps, big data and IOT.
This one-day workshop will prepare you for the CCSK exam. To speed up your progress and maximize the benefit of the training we recommend that you sign up early and start preparing in advance of the workshop with the online training that will be provided to you. You will also get 3 months access to the support group for passing the exam and applying the knowledge in your work.
More information and registration please at https://www.sig-switzerland.ch/csa-ccsk/
Lior Kolnik is currently Head of Security Research at Demisto, where he designs security playbooks to arm the next generation of blue teams. Before his work in the private sector, Lior served in an elite technological unit of the IDF and completed his CyberSecurity-focused M.Sc.
It is widely known that attackers automate, and defenders must automate as much as possible to respond quicker and stretch resources further – But what does this look like in practical terms?
In this session we will perform a live attack and show how the situation is reflected in both the attacker’s and defender’s points of view. We will dive into the flow and the key defensive elements. Finally, we will analyze the outcomes of the battle and review how it was impacted by the various security automations that were activated.
Patrick Schramböck is security officer since more than 10 years in information security. His master thesis was about security in computer networks and he specialized himself in crypto architecture&security since 2016. Last project was setting up a new crypto custody solution for the bank, which has been audited in december last year. He is working in different crypto projects to make cryptos usable for banks since this area offers new options and threats in comparison to traditional banking services.
Cryptos offer new ways how to transfer and store values. Today several crypto custody solutions are available with different features.
The goal of the presentation is to show and explain important security aspects which needs to be addressed during implementation of a crypto custody solution for financial industry.
Nick Copeland is a systems engineer at Fidelis for 9 years, following them through DLP, Cybersecurity, Endpoint and Deception Technologies. Nick has worked on a wide range of deployments and solutions of the product including pre-sales, post-sales, installation, customisation and occasional engagements as Network SME for Incident Response.
Previous experience includes over 26 years in the networking arena and Unix systems administration, covering switch, router, firewall, IPS, load balancing and currently with APT solutions. Nick holds a BSc hons in Computer Systems and Microelectronics from Queen Mary College, University of London.
This whiteboard session focuses on Deception as an accurate technology to detect infected assets inside the organization while reducing the overhead on the security team and proactively gathering information about the attackers. Current prevention solutions do not provide 100% prevention capabilities. On the other hand, detection solutions trigger too many events and false positive which the security team can’t manage.
In this whiteboard session you will learn more about
In this session you will learn how you can profit from less events and false positive and reach better prevention capabilities in a way your security team can manage.
Andrea Cereghino has joined FireEye as a Cyber Security Consultant since April 2018.
Andrea has over ten years of experience in IT security.
Before joining FireEye, he spent one year as Hear of IT Security at Nord Stream 2. Prior to that he worked over four years as a Senior Security Engineer at Intel Security. Before that Andrea spent a number of years in the banking industry designing and securing the IT infrastructures of some of the world leading banks.
Andrea holds a number of certifications, including the CISSP, CCSP, ITILv2 as well as most Cisco and Juniper certifications.
Learn in this whiteboard session how a single platform can
You will get insights into automated workflows based on best-practice playbooks from frontline security experts. Our Consultant will increase analyst efficiency with guided investigation tips & tools.
The (ISC)² Chapter Switzerland promotes the community and networks specialists for information security who are resident or working in Switzerland or who have close ties to Switzerland. Our mission is to advance information security in a local community by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects.
Come to this session with an open mind and a challenge looking for a solution. Be the 5th person on the stage to discuss if blockchain could or should be a solution for your challenge. Moderated by Jeff and with the speakers from the previous session, we will have an interactive discussion.
Klaus is a business transformation manager with more than 15 years Board level leadership experience with a focus on maximizing the business benefit from innovation, people capability. As a ISO 27001 Lead Auditor/CISSP, Klaus has a good knowledge in IT Security and value add processes as well as IT compliance.
He has led several major transition and transformation programs with a solid track of record delivering top & bottom line business benefit through strategically aligned business transformations. Taken fragmented, decentralized model to a regional or global model, whilst encompassing cultural and process change. As Project Manager global, regional and local, he has made a lot of experience in Outsourcing, Merger & Acquisition, SAP Rollout, Security Organization, IT Processes (ITIL, Cobit, CMMI), Office components, ITSM Servicetools, Reporting, BCM, IT Continuity, Security Awareness Programs and many others.
Asking ‘what is a security incident?’ may seem like something of a silly question, however it can be very complex and can cause high risks. What are the main tasks and who must be involved?
In this roundtable discussion, Klaus will share his experience and you can profit from his lessons learned.
Marco is a result driven professional with nearly 30 years’ experience in IT and 20 years in Security space. He is a natural born Evangelist and Sales Engineer who loves the technology he deals with.
He worked for many companies such as Esker, SCO, Stonesoft, McAfee, Fireeye and managed many European teams and projects.
Joining Qualys in 2018 as Chief Technical Security Officer EMEA, Marco’s responsibility is to deliver Qualys technical vision, to pitch Qualys unique advantages and competitive differentiators to strategic customers and partners, while collecting feedback about customers experience with Qualys solutions across the EMEA region.
Organisations nowadays are realising the value of a process to manage threat and vulnerable surface that is radically different from VA used at tactical level. It is based on new capabilities, new techniques and on transparent orchestration, to interconnect technologies and support other processes.
Let’s give a closer look in this workshop to this evolution, with practical examples of the different steps
Gerald Pernack is an RSA Archer eGRC Solutions Consultant in the EMEA region. He has been helping customers to implement their business requirements in RSA Archer for more than eight years now, with a focus on optimizing and automating GRC programs to provide the maximum possible value to the business.
Before joining RSA, Gerald was an IT Security Presales Consultant at McAfee. His technical background helps him to map IT requirements to business requirements and has made him a key player in the Cyber Risk Quantification initiatives at RSA Archer.
With the constant change in technology and the rising cyber threats, organizations struggle to understand and translate cyber risks into the context of business risk. Many organizations’ current cyber risk management processes are manual, leading to disconnected efforts, ineffective controls, or lots of data with little value. The conversion of IT and security risk into the risk exposure in terms the business understands is one of the most challenging obstacles CISOs face today in terms of showing value to the organization and driving their security strategies. The goal is to translate the understanding of technical risk of the IT Security team into a risk exposure that the business understands and can act upon.
In this interactive session we will walk through a presentation to quantify a cyber risk scenario using the FAIR methodology. This will show how cyber risks can be quantified, helping you to understand what the cost of an event happening could be, whether spending money on additional controls is worth it and how to justify a budget request in a way the board will understand.
Omar Benjumea is a Spanish Security Professional with more than 13 years in the field. After working in variety of different security roles in spanish companies Omar moved to Switzerland in 2014 where he has been building Managed Security Services for the last years. Last quarter of 2018 he moved to Selectron Systems, a Swiss provider of solutions for automation in rail vehicles. From 2016 he’s also collaborating with the UOC (Open University of Catalonia).
We will get an overview from a manufacturer who design and build solutions for automation in rail vehicles on the most common architectures for such vehicles, their evolution and the challenges they are and will face regarding cybersecurity and will look with the attendants into similarities and differences with other Industrial sectors.
Stefan Molls is Director of Technical Account Management at Tanium, a software platform specialised in managing and securing large enterprise environments. In his current role he develops new content for Tanium and supports customers in using Tanium to its fullest possibility.
Before joining Tanium he worked at companies like ThyssenKrupp and Siemens were he specialised in Information Security, Incident Response, Forensics and Red Team assessments.
If he is not with customers, attacking or defending networks he likes to spend way too much time with certifications. Some of his certifications include: CISSP, CISA, OSCP, GXPN, GCFA, GCFE
Technical workshop – live demonstration of risk rating and threat hunting at scale
To be resilient against threats companies need full visibility and control within their environment at scale and with speed. You perform regular vulnerability checks, identify missing patches and monitor suspicious behavior. But still how do you prioritize your assets? Which vulnerability do you fix first, which system will you patch first and which compromise is the most relevant for you?
This session focuses on how you can quickly assess an attack and how to rate your assets based on different factors like lateral movement capabilities and administrative access.
Thomas Cueni joint Tenable as a Security Specialist for Switzerland and Austria. He is a cybersecurity professional with almost fifteen years of technical experience in network and endpoint security, security operations and vulnerability management.
Prior to joining Tenable he was working for FireEye and Blue Coat (now Symantec), where he was doing pre-sales for major global accounts based out of Switzerland.
What if you only needed to remediate 3% of the vulnerabilities impacting your organization?
Let’s face it. When it comes to vulnerabilities, you frequently (always) have way too many to manage and remediate.
That’s about to change. . .
To learn why and how, attend the session “Eliminate Vulnerability Overload with Predictive Prioritization.”
Topics covered will include:
Paul Edon is a senior level Information Technology professional with over 30 years of experience in management, consulting and service provision. Paul has been at Tripwire for 11 years and is the Senior Director for Technical Services. He has extensive experience working in both the public and private sectors, has successfully grown and managed large international service teams and has been instrumental in the design and delivery of global enterprise security solutions.
Dissecting the current threat landscape and analysing major data breaches from the last decade, this session explores how these insights can help us predict the future of cybersecurity. We’ll look at the key factors that many high-profile breaches have in common, and why cybercriminals continue to leverage tried-and-tested tactics to be successful in their attacks. Attendees will learn the emerging trends shaping the future state of cybersecurity, and what foundational controls, industry frameworks and resources organisations can use today to better prepare for tomorrow’s threats.
In this workshop you will learn about:
Ronny Fischer has more than twenty years of experience in the IT security domain, and has worked across most security related areas ranging from
ethical hacking, firewalling, IDS/IPS, SIEM/SOC, IAM, endpoint protection and cloud security to general enterprise security. As Security Evangelist for T-Systems, Ronny acts as a trusted security advisor to T-Systems customers, and guides organizations in their security planning and integration.
Test your knowledge of TOP security topics as part of a team in the form of an interactive awareness measure – the Security Parcours.
Refresh your knowledge in a collegial exchange and learn everything about social engineering, phishing, cyber security, social media and other important security topics with a high fun factor.
In teams of 6-10 people it is necessary to solve concrete tasks on different security topics within 15 minutes at different stations. The procedure is based on the principle of circuit training. Each station is supervised by a “moderator”. After completion of the task, the moderator evaluates the results and provides the participants with final, topic-related rules of conduct.
We bring you into the game. With security.
Carlo has over 25 years’ experience in the financial industry, with specialization in the field of Cyber Security and Information Risk Management. He is currently heading the Cyber Assurance services at UBS globally, focussing on the resilience and assurance of cyber defence capabilities to combat against the ever increasing sophistication of the threat landscape.
Previously held the CISO role at Bank Julius Baer where he was instrumental in uplifting the global information security governance, driving a risk-based strategy and implementing security related services. Prior to that he held several Information Security positions at ING Bank.
Cyber assurance can be obtained by independently testing cyber security control functions and identify potential, previously unknown vulnerabilities and recommend remediation activities to address those vulnerabilities. Testing and will be achieved through simulating the Tactics, Techniques and Procedures (TTPs) of real threat actors, against (where possible) live infrastructure – commonly referred to as ‘Red-Team Testing’.
In this session you can profit from Carlo’s experience in this field and you will get some insides from his lessons learned.