SIGS Roundtable Afternoon IT Security Strategy 2020

Different topics which we have to work on in 2020

Implementing a SOC, Social Engineering, Artificial Intelligence, Security Operations, Data Protection, Management Awareness, Cloud Security (will follow)

Save the DateKlick for the .ics file to save the date

Goal Different moderators will introduce a specific topic and share their knowledge in this field as well their plans for 2020 and beyond. Afterwards active discussions, exchange of own experiences under the participants and share/exchange tips and tricks within a specific field.

After one hour, we will change the tables so there’s the possibility to attend at three different discussions in total.

Rules This platform is held under Chatham House Rules!

Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

Vendors and suppliers which don’t help to sponsor and therefore support this platform are not authorized to take part

CPE Credits Earn 5 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation during the registration process.
Location Mövenpick Hotel & Casino Geneva
20, route de Pre Bois
1215 Geneva
Date of Event 30th January 2020
Language English
Schedule see agenda below
Participation Costs Fr. 149.— incl. dinner

 

Agenda

1:30 – 2:00 pm Registration & Coffee
2:00 – 2:15 pm Welcome & Introduction and instructions by SIGS
2:15 – 2:30 pm Move to the roundtable of your choice for the 1st turn
2:30 – 3:30 pm Offered roundtables
Dominique Assing, CISO at Societe Generale Private Banking Switzerland
Experienced Chief Information Security Officer with a demonstrated history of working in the banking industry. Skilled in Network Architecture, Firewalls, ISO 27001, Network Security, and Information Security. Strong information technology professional with a Mastère Sécurité des systèmes informatiques et des réseaux focused in IT Security from Telecom Paris.

Co-moderator: xxx

Implementing a SOC is everything except a technical problem
Having a SOC is an important project for any company and especially for a CISO who is the main sponsor.Very often this kind of project face of many problems and the most difficult are not technical ones, examples:

  • lack of business risk scenarios for critical assets, foundation of detection patterns to define
  • perimeter too large, lack of detailed requirements
  • ressources underestimated regarding target perimeter to monitor

Let’s discuss this challenges and share the different experiences around this topic if you plan to implement a SOC in 2020 or beyond

Ciaran Bryce, Professor at University of Applied Sciences Western
Ciarán Bryce is professor at the University of Applied Sciences in Geneva (HES-SO). His research and teaching interests center on cyber-security and networks. He worked for several years in industry as a software developer before joining the HES-SO in 2017. His current projects look at the design of security tools for cyber-defense in small and micro companies.

Co-moderator: xx

Defending Against Social Engineering Attacks in 2020 and beyond
Social Engineering attacks have become a major concern for companies worldwide. Attackers use a range of techniques (e.g., phishing, vishing, dumpster driving, baiting, tailgating, etc.), often based on psychological manipulation, to gain access to a company’s internal network and data. Social engineering attacks are often used in prelude to, or in combination with, traditional cybersecurity attacks.(/br)
This round table discusses the problem of social engineering attacks today and in the future. We ask how should companies prepare for these attacks in 2020? And what kind of governance strategies need to be put in place?

Olivier Busolini, Head of IT Risk and Cybersecurity at BNP Paribas
Olivier has been involved in IT security for 25 years, in the private and public sectors, across several industries. He experienced different business dynamics, and developed leadership in IT risk and security management, as an integrated part of operational risks, data governance, and digital business activities. He has been holding CISO roles for Swiss banks for the last 10 years. He focuses on managing technology risks and security from a business risk perspective, to deliver cost-efficient risk assurance.

Artificial Intelligence in Cybersecurity 2020 and beyond
Helping CISOs and other security professionals to navigate the AI hype, and make informed decisions

Marc Furrer, Heat IT & Security at Swissquote Bank SA
Marc is Head of IT & Security at Swissquote Bank Ltd in Switzerland. Before joining Swissquote in 2001 as Security Officer, he held various positions as network and security specialist in education, administration and health industry. In 2006 he became Head of IT, overseeing infrastructure and IT security, and since 2012 also covers IT operations.

During the same time the company grew from a start up to a leading company with over 700 employees and expanded its operations from Switzerland to Europe, Middle East and Asia. Marc holds a Master from École Polytechnique de Lausanne and is a Certified Information Systems Security Professional (CISSP).

Data protection in 2020 and beyond
How to you maintain control over your company data, especially Data Loss Prevention Controls, when your company boundaries are expanding and collaboration through Cloud is a requirement.

Open discussion on the subject, either in french or english, left at the choice of the participants.

Ric Longenecker, Group Director of Information Security at Verisure Securitas Direct
Ric Longenecker is an experienced international Information Security Leader with a background in engineering & project management in the Nuclear Sector, followed by a notable career in the United Nations – where he worked to build the UN’s global security programme while based in New York and Geneva. Currently, he is Director of Information Security of Verisure Smart Alarms, the largest home and small business security company in Europe and LaTAM and fastest growing globally. A diverse career has provided wide exposure and the opportunity to lead initiatives in many areas, including strategy and organizational change, programme build, structure, operations and recruitment – as well as Corporate Security, Risk Management, ISO, Privacy, Security Awareness, Cloud & Network Security, APT response, and IOT/OT strategy with a focus on sales and business enablement.

Co-moderator: xxx

Security Operations, what makes them effective?
A hot topic in the industry today is Security Operations – and many companies and organizations are increasing investment and activities in this area. Some moving in-house to managed services, but many more appear to be moving from MSSPs to in-house.

The roundtable will share varies experiences, and also touch on SOAR (Security Orchestration Automation and Response). And whether this is feasible and considerations that might be made before making a bigger investment in 2020.

Cedric Nabe, Group Information Security Officer / Group Data Protection Officer / Group Business Continuity Manager at Edmond de Rothschild
Cedric Nabe is an experienced information security professional with extensive experience in audit and cyber risk management in the Banking sector. He started his career at Deloitte in Miami (USA) before moving back to Switzerland to join the Zurich and finally the Geneva office of Deloitte.

Currently he is the Group Chief Information Security Officer, the Group Data Protection Officer and the Business Continuity Manager. Today his responsibilities includes the definition and the monitoring of the Group cyber security and data protection strategy. Cédric earned his bachelor’s degree from Florida State University.

Data protection: how to efficiently protect data at rest, in transit and in use?
This topic remains a key priority for CISOs and a challenge for CIOs across all industries. Whether it concerns intellectual propriety, client data (banking secrecy) or strategic information, it is very difficult to provide the exco with assurance that all the data loss channels are adequately covered.

The roundtable will aim at sharing experience and challenging each other on way to protect confidential information in its three different states in 2020 and beyond.

Raphaël Spiess, Chief Information Security Officer at Indosuez Wealth Management

Challenging the traditional identity management model in a hybrid IT environment
In order to keep up in our fast-changing business environment, our Information System is more and more complex, made of locally hosted applications and infrastructures, complemented with specialized services available in a service mode. The security department mission remains the same: how to grant an equal information protection in all those systems.

Managing identities and accesses in this hybrid model (on-premise and in the cloud) is complex and traditional Identity and Access Management is not adequate.

The goal of this roundtable is to discuss and brainstorm on the management of identities and accesses in a hybrid architecture models by exploring practical solutions and practices.

Brett Willcocks, Corporate IS Manager at Lundin Petroleum SA
Brett has held many roles in the IT and Security Operations and Management, both in the oil & gas business and in a global pharma company. For the last 12 years, he has been heading up the Information Systems function and more recently, Information Security, in two international oil companies active in North America, Europe, and the Far East.

In his current role, Brett has helped and coached the organisations to move from a small-company “we are OK” type culture, to one where maintaining secure operations is understood and considered an important priority.

Where to start when considering how to secure and protect their interests and how to get the awareness from the senior management?
Many organisations start small, and some will grow over time. While small and growing, the senior management is often hesitant and wary of adding what the management sees as being “big company stuff”: policies, procedures, monitoring, controls.

Over time, management awareness tends to increase through a combination of talking about the risks, actual fraud attempts, security incidents, word of mouth, personal experience, news reports of breaches and disruption in other organisations.

This session is to discuss what can happen next, starting with an example of the journey one organisation has been through, leading to good and concrete results and an evolving plan of action.

3:30 – 4:00 pm Coffee break and move to the roundtable for the 2nd turn
4:00 – 5:00 pm 2nd turn Roundtable Discussions
5:00 – 5:15 pm Move to the roundtable of your choice for the 3rd turn
5:15 – 6:15 pm 3rd turn Roundtable Discussions
6:15 – open end Apéro & dinner (buffet with hopefully something for everyone) and extensive networking

 

The Sponsors of this event are:​


 
 

 
 

 
 
 

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!



Cancellation Policy
Cancellations of registration are free of charge until 30 days before the event. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

Earn CPE Credits for
attending SIGS Events
 

Registration here!

 

 

Participant feedback from the SIGS Roundtable Afternoon 2019 near Zurich

Both the setting (Show-Garden) and the three discussions I could attend were excellent. Congratulations to you and the team for a very successful event.
 
Bester Event, welchen ich in den letzten 4 Jahren besucht habe. Viele tolle Menschen kennengelernt, Knowledge-Austausch auf hohem Niveau!
 
Einmal mehr vielen Dank für diesen hervorragenden Networking Event inklusive inhaltlich sehr wertvollen Round Tables!
 
Thanks to you and the SIGS team for the great organization. I think this format of event is really useful.
 

Positive

  • Location and setting
  • Themes I was very happy with all my round tables. Security Awareness, Threat Hunting, Data Privacy
  • Knowledge of the hosts and other participants
  • Timing ( even though the roundtables could be shorter)
  • Apero and Dinner

Negative ( I am working really hard to find negative points!)

  • The weather

 

Thank you for a very interesting and enjoyable day and some very good discussions.