7th SIGS Technology Conference 2020 – Cyber Security Day 2020


CyberProof, Tony Velleca, CEO

Tony is the CISO at UST Global and CEO of CyberProof, a UST Global company. As the visionary leader behind innovative cyber solutions, Tony is driving the rapid growth of CyberProof and leveraging its capabilities to keep UST Global on the forefront of security.
Tony previously co-founded and was the CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000. Before huddle247.com, he worked for Boeing (formerly McDonnell Douglas) and Rolls-Royce, Inc., where he spent most of his career in conceptual design and optimization of propulsion systems for next-generation commercial and military aircraft.
Tony holds a BS degree in Aerospace Engineering from Georgia Institute of Technology and an MBA (Honors) from University of California, Irvine.

Is AI Working? How AI is Disrupting Security Operations

Organizations across a wide range of industries are talking about increased AI adoption this year. In the world of cyber security, AI has enormous potential: It is crucial for Level 1 SOC analysts who need to enrich alerts and address the problem of “alert fatigue,” and helps Level 2 analysts in processing large quantities of data – aiding human decision-making and prioritizing next steps. Yet, there are inherent dangers in applying AI to ever-increasing fronts of activity – as AI is effective as a cyber security tool only when bots are “trained” by people with the necessary expertise.
Learning Outcomes:

  • Probe how Level 1 and Level 2 analysts can leverage AI
  • Explore “alert fatigue” and how AI contributed to the explosion of alerts SOCs handle
  • Identify limiting factors in applying AI to ever-increasing fronts of human activity
  • Understand “reinforcement learning” and why it is crucial to successful AI implementation
  • Highlight the key role of high-level cyber experts in facilitating faster detection and response

Farsight Security, Paul Vixie, CEO and Co-Founder

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source Internet software including BIND 8, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first commercial anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a breakthrough European data sharing collective to fight cybercrime.

Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

Consent, Alignment and Cooperation in the Internet Era

Much of the actions and habits of humans from the real world (the so-called "Meatspace") are relatively clearly reflected on the Internet (cyberspace). However, for some parts of the human puzzle there is no obvious place on the playground of the Internet, which has led to an unexpected change in society through its digital nervous system, the Internet.

Are we only in the post-Westphalian age or - as many claim - in a post-national age?

Freddy Dezeure, Trusted Advisor, Board and Advisory Board Member in startup companies and C-Suite trainer

Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.

MITRE ATT&CK: The Sequel

MITRE ATT&CK has become very popular in the past year. This session helps you to put the Framework into practice, using realistic examples, demonstrating available community tools and showing how to use analytics to identify adversarial techniques in your network. It will also provide an example of ATT&CK based purple teaming. You will gain valuable insights and return home with useful resources.

Workshops and Roundtables

Cloud Security Alliance Dutch Chapter, Peter van Eijk, Board Member

Peter van Eijk is one of the world’s most experienced cloud trainers. He has developed multiple cloud courses and delivered them on many continents. In the past he has worked for Deloitte as an IT strategy and risk consultant, as a project delivery manager at EDS and Dutch Rail, as Technical Director of an Internet provider, and as a researcher and assistant professor at University of Twente, where he also received a PhD. He has also written extensively in the trade press.

CSA Training Certified Cloud Security Knowledge (CCSK)

The Certificate of Cloud Security Knowledge (CCSK) demonstrates that you have the skills and knowledge to ensure that cloud services are implemented and utilised within your organisation with the appropriate security controls in place. This includes technical as well as management and governance domains.
Further information and registration (separately) at https://www.sig-switzerland.ch/csa-ccsk/

Corelight Inc., Achim Kraus, Solutions Engineering CEUR

Achim works since more than 30 years in the industry maintly at Cyber Security Startups bringing new Technologies to the market. He has been involved in applying technology in the Email Security and Next-Generation Firewall space having a significant impact changing a market how we apply Security Technology today.

SoLately he worked in SOC environments applying NBA, EDR and Security Analytics Technologies. His current workspace is at Corelight who provides Networking Traffic Analytics producing Security Monitoring Data into State of the Art SOC environments. He prefers to work at the front with customers and service providers solving Cyber Security Challenges.

Demystifying The Hunt: How to Assess Threat Hunting Readiness and Prepare for the Next Step?

Many organizations want to threat hunt, but don’t know where to begin, how to measure success, or how to scale an effective program. The bar to successful hunting can appear intimidatingly high, reachable by only the most sophisticated, well-staffed SOCs, but the reality is that one individual, with the right data and some directional guidance, can begin their hunting journey today and start making immediate security contributions to their organization.

This round table discussion is an opportunity to share experiences and learn from peers discussing the threat hunting maturity model based on real world examples and best practices - what works & is doable, what is hard to achieve, what’s your next best move.

Credit Suisse AG, Kai-Michael Schramm, IT S&A Security Architecture

Kai Schramm graduated in 2006 with Ph.D. with a focus on side channel attacks and cryptanalysis. Since then he worked in various companies, in the areas of information risk management and cyber security. Kai is working as a cyber security architect and strategist in the IT Strategy & Architecture team at Credi Suisse.

Kai has been responsible for developing an encompassing security strategy for Credit Suisse which spans all areas of security, delivering end-to-end security services that enable a resilient and safe business environment and drive innovation in line with strategic business and IT goals with a focus to protect the reputation of the CS brand and maintain client trust.

How to Develop and Execute a Security Strategy

Example of the systematic development and execution of a security strategy at CS driven by various factors such as top down strategies, capability roadmaps, internal stakeholder demand, SWOT analysis and numerous rounds of syndication and project portfolio alignment.

Exabeam, Exabeam Moderator

(Details will follow)

Rebooting the SOC

Abstract: Security Operations Centres are commonplace in today’s enterprise. Most have grown organically over the years, from a people, process, and technology perspective. Organic growth unfortunately fosters some challenges, which can sometimes be difficult to unpick. Consider if you could start over again, with the learnings you have gained… What would your rebooted SOC look like?

During this roundtable session, join your peers to share your learnings, and discuss what you would do differently if you could reboot your SOC.

Freddy Dezeure, Trusted Advisor, Board and Advisory Board Member in startup companies and C-Suite trainer

Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.

Workshop: Frameworks, Mappings and Metrics: Optimize Your Time as CISO or Auditor

Many organizations are already using cybersecurity frameworks like ISO 27000 or NIST CSF. However, overarching cybersecurity regulations with cross-sector compliance obligations for “critical” or “vital” infrastructure have recently been issued. This is for example the case in the EU (the NIS directive and its national transpositions and the GDPR). In addition, most organizations are also required to comply with sectoral regulatory requirements and these vary sometimes significantly by country or region. A good example is the financial sector, with myriad regulations imposing different requirements across the globe.

As a result, CISOs spend almost half of their time on compliance activities, addressing similar concerns but tailoring responses to slightly different requests from their Board, their internal auditors, external auditors, clients and regulators.

This training will provide guidance to reduce duplication of efforts and to become more effective in managing cyber-risks. Participants will learn about the recent evolution in Frameworks, Mappings between Frameworks which can be used to translate internally used models to references used by other stakeholders and Metrics allowing more control for the CISO and help him/her to report on the way risk is managed and mitigated. It will provide insights in what works in practice, by sharing real-world experience.

Further details and registration (separately) at https://www.sig-switzerland.ch/frameworks-mappings-and-metrics/

JTI (Japan Tobacco International), Sami Haqqani, Information Security Awareness Manager

Sami has been involved in the Information Security field for more than 25 years. He has wide experience in different areas of the information security field and has been involved in system security administration, conducting data centre and application security reviews, developing, and managing information security governance activities, such as policy and risk management, change control, BCS and DRP.

Throughout his career, he has always had to address the challenge of making employees aware of information security issues. He quickly came to the realization that merely attaching responsibility for awareness to an already long list of responsibilities and activities was not the most effective method of addressing what is possibly the biggest threat to an enterprise’s information resources. As a result, he presented a business case to management for the creation of a position dedicated to ensuring that employees understood what Information Security means and its importance to the well-being of the organization and employees. For the last three years, he has held this position at JTI.

To find out more about Sami’s work experience check his LinkedIn profile.

An approach to make employees cyber-secure

Information Security experts have long lived with the thought that the bad guys only need to find one weakness to gain entry to our crown jewels. And so, we have developed a whole host of technical solutions to try and create layered defenses to keep the bad guys out.

But, have we forgotten that arguably the weakest point in this ever-connected world is the squishy carbon-based life form using the devices?

What are we doing about making our family, friends and colleagues more resilient and robust? How is Information Security Awareness handled at your organizations? How can we make it better and more effective?

This will be a story of how one organization radically rethought its approach to making its employees cyber-secure and an opportunity to share ideas and experiences on how to be more effective in this area.

Kenna Security, Simon Black, Pre-Sales Systems Engineer EMEA

Simon’s role as systems engineer and technical lead includes supporting end user engagements for enterprise accounts as well as channel and MSSP partners. Prior to Kenna, Simon was an Enterprise Pre-Sales Technical Account Manager with Qualys for two and a half years. He has worked as a technical security lead/specialist since 1998 within partners, distributors and vendors such as Azlan, (part of TechData), Symantec and Citrix.

Kenna Security, Stephen Roostan, VP EMEA

Stephen has over a decade of experience in cyber security and transformation projects, his role at Kenna is to rapidly grow the EMEA organisation to meet the customer demand for risk-based vulnerability management. Prior to Kenna he held senior sales roles at Forcepoint, Citrix and Imperva, focusing on IT solutions for complex, enterprise requirements. Steve has a passion for driving equality, alongside enabling flexibility at work for modern living. He has held steering committee roles in companies looking to close the gender pay gap and develop careers for working parents, and strives to find and support equality initiatives across the workplace and industry.

Risk-based, time-critical vulnerability management: 4 Steps for Success

Join Steve and Simon to find out how to leverage data science through the lens of cyber risk to quickly deliver multiple value streams across an organisation. This session will show how to empower security, devops, and management with a “self-service” approach that both improves cyber security, and delivers measurable efficiency gains to both IT Security and Development teams.

  • Assessing the scale of the problem, including research from The Prioritization to Prediction report series, an ongoing research initiative with the Cyentia Institute
  • Comparing vulnerability management strategies and benchmarking against industry metrics
  • Defining how success should be measured in your organisation
  • How to deliver a risk-based, self-service approach that enables ITOps/DevOps to be part of the remediation task force

Klaus Haller, IT Project Manager and Solution Architect

Klaus Haller is a Senior IT Project Manager and Solution Architect with experience in Data Management & Analytics, Information Security and Compliance, Business Analysis, and Software Engineering and Testing. He likes applying his analytical skills and technical creativity to deliver solutions for complex projects with high levels of uncertainty.

Klaus is a Computer Science graduate from TU Kaiserslautern (Germany) and the Swiss Federal Institute of Technology (ETH) in Zurich and publishes frequently articles reflecting his work experience in the IT industry. To find out more about his work, check his homepage: http://www.klaus-haller.net

Data-driven Organizations: What's new for information security?

With data being the new oil, IT and information security organizations have to reinvent themselves. Old-fashioned security mechanisms such as anti-virus software, firewalls, access control, and physical security remain important. However, new technologies such as big data and data lakes pose new technological as well as compliance, process, and reputational challenges. In other words: Companies have to learn how to secure the “new oil”, i.e., their data and information, as good as possible while enabling the business to innovate by providing smooth and dynamic access to information when needed.

This round table discussion is an opportunity to share your experiences, to ask your questions, and to learn from your peers.

Mandiant, Alister Shepherd, Managing Director for the Middle East & Africa and the Government Services Lead for EMEA

Please check his details here

Mandiant's Introduction to Cyber Crime for Executives

The Mandiant Introduction to Cyber Crime for Executives was developed to educate senior staff on cyber-crime and incident response. During the course, instructors will walk students through a scenario based on real world intrusions involving sophisticated attackers. The scenario is provided from both the attacker and victim perspectives.
Further information and registration (separately) at https://www.sig-switzerland.ch/cyber_crime/

Qualys, Marco Rottigni, Chief Technical Security Officer EMEA

Marco is a result driven professional with nearly 30 years’ experience in IT and 20 years in Security space. He is a natural born Evangelist and Sales Engineer who loves the technology he deals with.

He worked for many companies such as Esker, SCO, Stonesoft, McAfee, Fireeye and managed many European teams and projects. Joining Qualys in 2018 as Chief Technical Security Officer EMEA, Marco’s responsibility is to deliver Qualys technical vision, to pitch Qualys unique advantages and competitive differentiators to strategic customers and partners, while collecting feedback about customers experience with Qualys solutions across the EMEA region.

Open discussion – How do you workflow your security?

We all work within technology landscapes, rich of a very varied digital biodiversity. Starting with thought-provoking questions, we will discuss about the best practices to cope with these cyber-species.

From understanding what we have to assessing the vulnerable surface; from prioritizing the remediation based on exposure and exploitability to patching; from measuring the effectiveness of security programs to validating the compliance posture.

Do we have workflows in place? Do we have the right capabilities? Is there room for improvement?

Ricoh USA, Inc., David Levine, Vice President Corporate and Information Security, CSO

David Levine is Vice President of Corporate and Information Security & CSO for Ricoh USA, Inc. In this role, he has responsibility for operational security, security strategy, security policy, corporate and physical security, access management, eDiscovery and litigation support and some compliance functions. Levine chairs Ricoh’s Security Advisory Council, leads Ricoh’s Global Virtual Security team and is routinely engaged in customer opportunities to discuss risk and security.

Levine has held a wide and diverse variety of positions during his 24-year tenure with the company, including IT engineering, project management, vendor management, Six Sigma and Technology Infrastructure and End User Services leadership, giving him a great perspective on technology, the business and security.

Levine is a member of Forrester Research’s Security & Risk Leadership Board, the FBI’s InfraGard Program and is an Atlanta Governing Body Co-Chair with EVANTA. Levine is a frequent speaker and writer. He holds a Bachelor of Arts degree in Information Systems with minors in Computer Science and Business from Eckerd College.

Third Party Risk Management, the Chaos Continues!

This is a topic I have both written and spoken about in the past and quite frankly I haven’t seen much progress over the past few years. We all need a way to evaluate and determine the risk associated with our partners/third parties/solution providers etc., but we still struggle with effective and or meaningful ways to do so. Join me for this interactive roundtable discussion while we discuss explore what’s working today, what’s not working and ideas for solving the problem!

Spoiler Alert – A 700+ question Yes and No answer spreadsheet isn’t the answer!

Swiss Mobiliar, Thomas Schaefer, Expert in the CISO Office

For more than ten years he has been working for Swiss Mobiliar, nearly ten years as Head of IT-GRC, mainly responsible for risk management in IT and IT security. Until his retirement in summer of 2020 he will continue to support the CISO Office.

Formerly, he had different roles and functions (primarily developer, project manager, line manager ...) in various companies, working on a broad range of topics like ERP for mail order, engineering for life science, customer specific software development in technical environment, environmental measurement technology, semiconductor manufacturing and photogrammetry/cartography.

Smart Change Selection by yourself - not the ones pushed by the experts!

We are living in a world where change is the only constant. Topics like digitalization, cloud transformation, agility, devops and a lot more up to climate change are to be considered when developing an enterprise, a strategy or even a service or a product. The mass of possibilities is overwhelming. Therefor it is an imperative to find a way to select the right topics, the changes important in the local context, not the ones pushed by the experts on the green table. Smart change selection is the key.

At this roundtable, we will discuss how to identify and select the most important smart changes for your strategy or services.

Ted Demopoulos, Independent Consultant

Ted Demopoulos’ professional background includes over 30 years of experience in Information Security and Business, including over 25 years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other startups.

He is a frequent speaker at conferences, conventions, and other business events, author of "Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far" and two other books.

Ted conducts Leadership and Information Security Bootcamps for The SANS Institute, and is the principal of Demopoulos Associates, a consulting organization specializing in information security.

Critical Professional Skills for Cyber Security Professionals

Like many security professionals, Ted Demopoulos began his career as a pure technologist. “Getting better” simply involved “becoming more technical” – learning new technologies, existing technologies better and the like.

However, there are other critical professional skills besides technical ones, skills that make us more efficient, more listened to, and more effective. Certainly, these include communication skills, planning, leadership, time management (or simply getting the most important things done) and many more.

In this session we will discuss what the most important professional skills are for cyber security professional and ways to improve and become a more effective and efficient cyber security professional, one who is listen to more often and who gets more important tasks done.

Event Partner

Media Partner