SIGS Roundtable Afternoon

Artifical Intelligence, Cloud, Data Privacy, Fraud, Security Awareness, Strategic Risk Management, Threat Hunting and more

Save the DateKlick for the .ics file to save the date

Goal Different moderators will introduce a specific topic and share their knowledge in this field. Afterwards active discussions, exchange of own experiences under the participants and share/exchange tips and tricks within a specific field.

After one hour, we will change the tables so there’s the possibility to attend at two different discussions.

Rules This platform is held under Chatham House Rules!

Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

Vendors, Suppliers and Consultants which don’t help to sponsor and therefore support this platform are not authorized to take part

CPE Credits Earn 5 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Traumgarten
Zürcherstrasse 63
8800 Thalwil

Some impressions you can find here

There are enough parking places for free

Public transport: there’s a bus from the railway station almost directly to the Traumgarten – check here
We also will organize a shuttle bus from the Traumgarten to the railway stations and vice versa.
Date of Event 22nd August 2019
Language English
Schedule see agenda below
Participation Costs Fr. 95.— per participants
Roundtables, Apéro, Dinner and all beverages included

 

Agenda

1:00 – 2:00 pm Registration & Coffee
2:00 – 2:15 pm Welcome & Introduction by SIGS and the moderator of the day

.

.

2:15 – 2:45 pm Keynote (tbd)
.

.
.

2:45 – 3:00 pm Move to the roundtable of your choice for the first turn
3:00 – 4:00 pm Offered roundtables
Marc Etienne Cortesi, Head Information Security & Compliance at Baloise Group
Marc is the CISO of Baloise Insurance Group. Holding a ETH Master in Computer Science, his way led him from Software Development over Project Management and Auditing to the infinite wides of information security. Beside IT, Marc loves wine and Basketball.

Building a Security Awareness Ambassadoring Program
I would like to initiate a discussion on how to establish a positive security culture within an organisation. One part of our group-wide information security awareness concept is building an ambassadoring program. What are your experiences in setting this up? What were your DO’s and DON’T’s? I am looking forward to an interesting discussion.

Djamel Djedid, Global IT Leader at DHL SUPPLY CHAIN
Djamel Djedid drives some of hottest analytics industry trends: analytics cloud services and company-wide data governance. He’s spent the past 3 years defining, evangelizing and implementing these game changers for modern companies.

An IT and business passionate with deep tech industry knowledge, Djamel has championed specifically master data management in DHL across all functions, globally. He has mastered the technology elements and navigated through the organizational, cultural and legacy challenges – to support DHL digitization strategic agenda.

As a top-performing professional with robust experience of designing, managing and implementing critical IT solutions and transformation programs Djamel combines technical expertise with exceptional people-management skills to reach business objectives and deliver high quality results.

Throughout his 20-year tenure with DHL, Djamel has delivered results on both strategic and tactical levels in areas such as service improvement, technology modernization, analytics, master data and recently data governance.

On prem vs. Cloud infrastructure assessment
Once upon a time, a company was running 3 large global data centers with a full centralization and on-prem server approach. In just 5 years’ time this company has shifted to a “cloud-first” credo – and it is a large company, the world’s largest logistic company. But how and why did this shift to the cloud happened? What are the practical implications and are they already some measurable outcomes? The story still goes on, but there is already a lot to share on the recent dynamics.

Let’s discuss the experience we have made and get some ideas for your own cloud journey.

Dimitri Dorodin, SOC Lead at JTI – Japan Tobacco International, Madrid
Further details please check LinkedIn

Co-moderator: Advisory Chief Information Security Officer (CISO) at ServiceNow
Further details please check LinkedIn

How automation can improve the consistency and effectiveness of your SOC?
(Details will follow)

Martin Ebner, CISO in an organisation within the Ministry of Defence Austria
HR Ing. Martin Ebner, BSc MSc, AUT is currently CISO and Information Security Expert at Ministry of Defence Austria. He graduated in different academic courses and studies like Mechanical Engineering, Automatization and Robotics, IT Security, Technical Management, Environmental Protection and Process Engineering.

In the past, he worked in different positions in several fields within the military forces – as officer and civilian. Martin specializes in management and information security. He has set up the first information system linked to the internet, cofounded organisations for ITSec in the Ministry, in different organisations and teams.

Security Requires Prevention and not Reaction!
Reaction is a medium of mitigation and not prevention. However, prevention requires tactical, operational and strategic predictions and should be based on analyzes of existing historical data which also can be used to predict probabilities.

The consideration of 12 layers – means OSI model extended to the user, his social environment, political embedding, cultural and religious barriers – has become necessary, to comprehend security holistically (we are far away from understanding).

Data gathering
How can I get all the information I need for a comprehensive analysis?

Data analysis
It’s not easy and no longer manually analyzable. What for information do we need to be able to answer relevant questions?

Prediction
Tools of visualization, simplification, correlation and last but not least AI are needed. Here I also see one of the important topics for the future: interpretation of the information with AI and the associated (pre-) prediction. The question of whether human prediction and interpretation will still exist in the future may be discussed provocative.

Prevention
Today, actions and control are already supported by machines and prevention must be done in two important ways: changes in the natural as well in the technical environment.

At this table I’d like to discuss how we can gain the right information to get a useful prediction and therefore a good strategic Risk Management.

Serge Faller, Information Security Manager EMEA & APAC at Fossil Group Europe GmbH
Serge is working in Information Security since almost 20 years and was holding various positions in this field, from consulting & advisory mandates up to the CISO. He is specialised in organisational information security and is currently representing Fossil’s CISO in the regions EMEA & APAC.

Artificial Intelligence and Information Security & Risk Management – and now?
What exists, what is missing, what are the risks, what are opportunities, do we see trends? We read and hear lots of questions and assumptions around AI, not only in Information Security but in almost all IT relevant topics. But what does this really mean for our daily practice? Where are algorithms ending and where does true artificial intelligence starts? And can this all be a game changer in information security & risk management?

Ideally this round table session will create the fundament to support you for the near future and develop a network in Switzerland on this subject.

Todd James, Director, Head of Detection Content Enhancements, Cyber Defense, Chief Information Security Office at UBS AG
For over five years, I have been with UBS Cyber Operations based in Zurich. I am currently the Head of the Detection Content Enhancements Team and a Senior Attack and Threat Analyst.

Our primary focus is the creation of content to detect malicious activity. My daily tasks also include incident response, threat intelligence analysis, post attack triage, and reporting. Other parts of my job include; SOAR workflow, identifying and addressing coverage gaps, as well as motivating and mentoring our junior analysts to see beyond isolated events and view the whole picture.

Previously, I worked as a security analyst at Swisscom Managed Security Services in Zurich protecting large enterprise customers.

Threat Hunting – Where do you start?
Everyone wants do to hunting, it’s the cool kid but no one actually know where to start and what they need. Let’s do machine learning and AI to hunt, sure…

If your organization doesn’t have the fundaments, you won’t be hunting, won’t be finding anything, and you surely won’t be doing any advance analytics either.

This roundtable should help to address these issues and realistically set expectations.

Stefan Keller, Senior Expert Security, Compliance and Privacy at a major Pharma company
Stefan Keller works in the Security & Privacy Governance Team of a major Pharma company. Combining technical, security management and privacy backgrounds, he mixes well with IT, procurement and legal colleagues.

Stefan is a EuroPrise Certfied Technical and Legal Expert, and collects privacy/security certs as a hobby (CISSP, CISM, CIPP/E, CFE, ISO 27001 LA). He is also one of the co-chairs of the IAPP KnowledgeNet Chapter Switzerland.

Security is from Mars, Privacy from Venus – Misunderstandings between Privacy and Security People
At this table, we’d like to discuss what can go wrong between privacy and security colleagues, where there is common ground and where people misunderstand each other.

  • How are privacy and security risks different?
  • What is the difference between a Data Protection Impact Assessment and Security Assessment?
  • Which are burning issues for security persons compared to privacy persons?
  • Does ISO 27001 help?
  • What are privacy certifications good for
  • etc.
Bruce Nikkel, Professor at the Bern University of Applied Sciences
Bruce Nikkel is the Head of Cybercrime Intelligence & Forensic investigation at UBS, and Professor of Digital Forensics at Berner Fachhochschule.

The Future of Cyberfraud
This roundtable will discuss trends in cyberfraud and financially motivated cybercrime. We will talk about the direction cyberfraud is evolving and what we can expect to see in 5-10 years.

4:00 – 4:30 pm Coffee break and move to the roundtable for the 2nd turn
4:30 – 5:30 pm 2nd turn Roundtable Discussions
5:30 – 6:30 pm Apéro
6:30 – open end Dinner (buffet with hopefully something for everyone) and extensive networking

 

The Sponsors of this event are:​


 
 

 
 

 
 

 
 

 
 

 
 

 
 

 
 
 

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!



Cancellation Policy
Cancellations of registration are free of charge until 30 days before the event. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

Earn CPE Credits for
attending SIGS Events
 

Registration here!