SIGS Special Interest Group
1st MISP Forum

Save the DateClick on the .ics file to save the date

Target Audience MISP Platform Operators and peoples who plan to become one (technical peoples)

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4.5 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location PFLab (PostFinance)
Engehaldenstrasse 26

Date of Event 11th of December 2018
Further planned date for 2019: TBD
Language English
Participation Costs This time for free
Organization, presentations, beverages included



1:30 – 1:45 pm Registration & Coffee
1:45 – 2:00 pm Welcome from Fabienne Bürkli, Innovation Enabler PFLab & Innovation at PostFinance

Short introduction about the PFLab and it’s goals

2:00 – 2:30 pm Bojan Simetic, Information Security Specialist at UN/ICC (International Computing Centre)

Common Secure – Joint Cyber Threat Intelligence initiative within the UN. Benefits and lessons learned
Timely, relevant and actionable threat and incident information sharing enhances participating UN agencies’ ability to prepare for, respond to and mitigate risks associated with cyber threats. Common Secure offers continuous and reliable information gathering and filtering where sources are at other agencies, commercial security firms, service providers, multinational law enforcement agencies and other trusted resources. Effective information security management in conditions of limited budget and severe understaffing means less money spent recovering from breaches and proved that moving from a reactive InfoSec program to a proactive one with collective defense support proved to be the best option.

In this presentation you will hear about the lessons learned in this initiative and how UN is managing the Threat Intelligence information in their MISP platform.

2:30 – 3:00 pm Christian Das Neves, Security Analyst at Swiss Federal Departement of Defence

Threat Actor profiling with better IOC’s and MISP
As defenders we can benefit from creating a profile of attackers targeting our company. By keeping track of adversary techniques we can improve our responsiveness and prevent possible attacks. To have a big picture of what is going on and to detect changes on tactics we should be able and willing to share intelligence with each other. That is where MISP comes into play.

We are all aware of common IOC we can leverage for Incident response like IPs and Domains. In this talk we will look for other source of information we can gather from our incidents response that may be useful in profiling a possible adversary. With a few examples on how to create, store and share this profiles within MISP.

3:00 – 3:30 pm Mathieu Louvet, Manager Cyber Operations at Philip Morris International & Gabi Gerber, Security Interest Group Switzerland

Join the SIGS-ISAC sharing group on MISP instance for Private Sector
The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents.

CIRCL is supporting the SIGS-ISAC by hosting a sharing group for its members on their MISP instance for Private Sector.

Learn how to join the SIGS-ISAC sharing group on the MISP platform to access and share threat intelligence data with peers from the private sector in Switzerland and beyond.

3:30 – 4:00 pm Coffee Break

4:00 – 6:00 or longer if needed Roundtable discussion

We will discuss the need from the market and the actual challenges. The speakers will support you with their experience.

Goal will be to define if frequent MISP Forums can bring a value add to the market and if yes, what are the most important topics and challenges for eventually further agendas. In addition to gather information/ideas how the forums should be organized if there’s a need.


The Sponsor of this event is:


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share to use it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.