SIGS Kick Off

IT Security Strategy 2020 and beyond: Challenges & Priorities

Save the DateClick on the .ics file to save the date

Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

From Consultancies and Resellers/ Integrators are only technical peoples allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Eventalm
Meienbreitenstrasse 9
8153 Rümlang

Shuttle service from the train station available

Date of Event 16th January 2020
Language English
Schedule see agenda below
Participation Costs Fr. 95.— per participants
Speeches, Apéro, Dinner and all beverages included
Especially No contact details or email addresses will be provided to any sponsor. The presentations will not be published after the event – it’s a closed community!

 

Agenda

1:00 – 2:00 pm Registration & Coffee
2:00 – 2:15 pm Welcome & Introduction by SIGS and the moderator of the day

Todd James, Director, Head of Detection Content Enhancements, Cyber Defense, Chief Information Security Office at UBS AG

For over five years, I have been with UBS Cyber Operations based in Zurich. I am currently the Head of the Detection Content Enhancements Team and a Senior Attack and Threat Analyst.

Our primary focus is the creation of content to detect malicious activity. My daily tasks also include incident response, threat intelligence analysis, post attack triage, and reporting. Other parts of my job include; SOAR workflow, identifying and addressing coverage gaps, as well as motivating and mentoring our junior analysts to see beyond isolated events and view the whole picture.

Previously, I worked as a security analyst at Swisscom Managed Security Services in Zurich protecting large enterprise customers.

2:15 – 2:45 pm Erik Dinkel, Chief Information Security Officer (CISO) at University Hospital Zurich
Erik Dinkel started at the University Hospital Zürich (USZ) as Chief Information Security Officer (CISO) in June 2018. Before he worked for more than 10 years at Credit Suisse as Risk Manager and Head of the Access Governance Center. Erik has a master’s degree in political science from the University Zurich and a CAS in Business Administration as well as a CAS in Information Security and a BSI certification as Information Security Officer.

Information Security Management System at the University Hospital Zürich – current status and future development
In this presentation, Erik will provide insides about:

  • Why we implemented an Information Security Management System (ISMS) at USZ
  • How our ISMS is currently implemented
  • What we already achieved with our ISMS
  • Next steps to further develop and optimize our ISMS
  • Our ISMS vision for 2020 and beyond

2:45 – 3:15 pm Marcel Zumbühl, CISO at Swiss Post Group
Marcel Zumbühl graduated as Master of Science at University of Berne in Computer Science and Business Administration. Before joining Accenture and Swisscom, where he built up the company’s security organization to effectively manage the whole security and safety portfolio encompassing cyber defence, business continuity and crisis management.

In 2015 he changed industry to build and deliver the customer facing security of Credit Suisse’s global digital private banking. Marcel then became responsible for security steering of the digital global Compliance and Regulation Affairs. In summer 2018 he was appointed CISO of the Swiss Post Group and joined the Group IT Board. Marcel Zumbühl lectures in risk management and risk communication at ETH Zurich since 2009 and is frequently leading workshops at conferences both internationally and in Switzerland on Security, Privacy and Trust.

Information Security Post – A glance behind the curtain

  • Managing Security and setting the strategy in a large multi-industry environment
  • Current trends, ideas and experiences

.

3:15 – 4:00 pm Break
4:00 – 4:30 pm Marc Ph. Stoecklin, Department Head Security Research at IBM Research
Marc Ph. Stoecklin is a Principal Research Scientist, Global Lead “AI for Cybersecurity”, and head of the Security Research department at IBM Research in Zurich. He leads IBM’s research activities on applying artificial intelligence (AI) to cyber security and threat management in cloud and enterprise, as well as teams specializing on quantum-safe cryptography, quantum-safe cloud solutions, security and privacy of blockchain, and systems security analysis.

Marc has a proven track record in inventing innovative security solutions and transferring them into new IBM products and services, such as Watson for Cyber Security, QRadar Advisor, or Tivoli Network Flow Analyzer. Marc holds a PhD degree in Computer, Communication and Information sciences from École Polytechnique Fédérale de Lausanne (EPFL), Switzerland.

Security meets AI – A tale of two duels
Machine learning and artificial intelligence have become incredibly powerful and accessible. High-quality datasets and massive computing power enabled the creation of models whose accuracy exceeds that of humans. Companies have started to embrace and infuse ML/AI into their products, such as speech-to-text, image recognition, or prediction.

However, we must face the truth about technology: any tool or technology can be the target of adversaries or misused for nefarious objectives, and AI is no different. With practical examples this talk will illustrate how AI technologies can be misused and weaponized by attackers as well as how AI-based solutions can be attacked; and what we can do about it.

4:30 – 5:15 pm Dr. Jean-Marc Rickli, Head, Global Risks and Resilience at Geneva Centre for Security Policy
Dr. Jean-Marc Rickli: is the head of global risk and resilience at the Geneva Centre for Security Policy (GCSP) in Geneva, Switzerland. He is also a research fellow at King’s College London and a non-resident fellow in modern warfare and security at TRENDS Research and Advisory in Abu Dhabi. He is a senior advisor for the AI (Artificial Intelligence) Initiative at the Future Society at Harvard Kennedy School and an expert on autonomous weapons systems for the United Nations in the framework of the Governmental Group of Experts on Lethal Autonomous Weapons Systems (LAWS). He is also a member of The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems and the co-chair of the NATO Partnership for Peace Consortium on Emerging Security Challenges Working Group.

Prior to these appointments, Dr. Rickli was an assistant professor at the Department of Defence Studies of King’s College London and at the Joint Command and Staff College in Doha. He was also an assistant professor at the Institute for International and Civil Security at Khalifa University in Abu Dhabi. Dr. Rickli received his PhD and MPhil in International Relations from Oxford University, UK, where he was also a Berrow scholar at Lincoln College.

His latest book, published by Georgetown University Press in June 2019, and co-written with Dr. Andreas Krieg is entitled Surrogate Warfare: The Transformation of War in the Twenty-first Century

Security implications of AI and other emerging technologies?
Recent advances in artificial intelligence driven by growing computing powers, rising amount of generated data and improvement of machine learning algorithms have led to major breakthroughs recently such as the series of Alpha algorithms by Google’s Deepmind or Libratus by Carnegie Melon University.

The speed of this technological growth is exponential and the proliferation of this technology is both horizontal (across states) vertical (from state to non-state actors). This raises alarming prospects about the potential malicious uses of this technology and the way to prevent them. Moreover the concentration of key actors in AI in a few countries is leading to new geostrategic realities.

5:15- 6:00 pm Raffael Marty, VP Research and Intelligence
Raffael Marty is a chief research and intelligence officer in Silicon Valley. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research, and strategy to the company. Marty leads Forcepoint X-Labs, a specialized group that is dedicated to behavior-based security research and developing predictive and artificial intelligence to differentiate Forcepoint’s human-centric product portfolio.

Marty grew up in Switzerland and holds a master’s degree in computer science from ETH Zurich. He worked at IBM research in Rueschlikon before he moved to the Silicon Valley in 2003, where he was fortunate to work at two companies that became some of the largest success stories in cyber security: ArcSight and Splunk. Exploring the thrill of startups, Marty launched two companies; PixlCloud, a visual analytics company, and Loggly, the first cloud-based log management solution.

Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
The cyber security industry has spent trillions of dollars to keep external attackers at bay. To what effect? We still don’t see an end to the cat and mouse game between attackers and the security industry; zero day attacks, new vulnerabilities, ever increasingly sophisticated attacks, etc. We need a paradigm shift in security. A shift away from traditional threat intelligence and indicators of compromise (IOCs). We need to look at understanding behaviors. Those of devices and those of humans.

What are the security approaches and trends that will make an actual difference in protecting our critical data and intellectual property; not just from external attackers, but also from malicious insiders? We will explore topics from the ‘all solving’ artificial intelligence to risk-based security. We will look at what is happening within the security industry itself, where startups are putting placing their bets, and how human factors will play an increasingly important role in security, along with all of the potential challenges that will create.

6:00 – 6:30 pm Podiums Discussion moderated by Todd James, Director, Head of Detection Content Enhancements, Cyber Defense, Chief Information Security Office at UBS AG
6:30 – 7:00 pm Apéro
7:00 – 8:30 pm Dinner (buffet with hopefully something for everyone)
8:30 – 9:00 pm Max Moser, Owner/Hacker and Senior Security Consultant at modzero ag
Max Moser worked in the IT security field for many decades. He has helped national and international companies, public authorities and institutions to analyze and improve their security posture. He specializes in protocol analysis, research, and highly specific penetraion testing of complex environments. He is also the CEO of modzero, a multi-unit company with 12 employees solely focusing on highly technical security analysis.

modzero is supporting companies and corporations from various market sectors including telecommunications, pharmaceuticals, insurance and banking. He presented several research project results at well-known international security conferences and his expertise is well represented in national and international media.

TIBER-EU – Panacea or rather the beginning of the end?
Security audits in organizations have been conducted for many decades in various shapes and forms. Despite this, we hear about successful cyber attacks by adversaries with diverse and significant impacts against companies or individuals almost every day. Keeping that in mind, we could conclude that by choosing the wrong vendor or following the wrong procedures, this expectations could not be met. The TIBER-EU framework for the assessment of the resilience against cyber attacks attempts to improve the results through clear guidelines and holistic examination of companies, to universally increase security levels. The scope of the framework is extensive and the requirements for all involved parties and individuals have been formulated more precisely and extensively than in any previous framework.

What is TIBER-EU and what is its use? Will it increase security or just the costs of security checks? Panacea, blessing or rather the beginning of the end? Max Moser will provide practical insights into a framework that will potentially regulate security testing in the financial sector.

9:00 – open end Desert, Networking and Know How Sharing to the topic IT Security Strategy 2020

 

The Sponsors of this event are:​


 
 

 
 

 
 

 
 

 
 

 
 

 
 

 
 

 

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!



Cancellation Policy
Cancellations of registration are free of charge until 30 days before the event. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

Event Partner

Registration here!