SIGS Special Interest Group
15th SOC Forum

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the hotel shuttle

Date of Event 5th of February 2019
Further planned date in 2019: 9th of May, 3rd of September and 5th of December 2019
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included



1:30 – 2:00 pm Registration & Coffee
2:00 – 2:00 pm Welcome from the moderator
2:00 – 2:30 pm Michael Meli, Chief Information Security Officer at Bank Julius Bär & Co. Ltd.

The CISO perspective – what is beyond SOC?
SOC capabilities have significantly evolved over the past 15+ years.

  • Where do we stand now?
  • What is state of the art? Where do fully automated level 0, or Artificial Intelligence fit in perspective?
  • More specifically, how useful is a SOC nowadays, and what’s lurking at the next corner?
2:30 – 3:00 pm Florian Schütz, Head Technology at SIX Managed Security Services

Intelligence-Driven Threat Detection, Engineered for Speed and Quality
Organizations tend to spend lots of time and money on Intrusion Detection Systems that don’t detect, WAFs in monitoring mode without anyone monitoring for alerts, SIEMs that don’t correlate and Incident Response processes that exist on paper only. In this session, Florian will present SIX’s approach to treating incident investigation as a software project.
Topics will include:

  • Organizing for Detection
  • Engineering threat investigations for speed and quality
  • Integrating threat intelligence into the response process
3:00 – 3:30 pm Florian Lukavsky, CEO at SEC Consult Switzerland

The Internet – built to outlast nuclear war but fails at smart toasters
The existence of botnets like Mirai or VPNFilter shows that attackers have now begun to use the Internet of Things for their own purposes. They are on the fertile ground because millions of devices are exposed on the Internet and waiting to be hacked.
We have automatically analyzed the firmware of thousands of IoT devices, looking at various security issues. Vendor backdoors, embedded cryptographic keys, and outdated software versions are commonplace. In this talk, the results of the “large-scale” firmware analysis will be presented. Besides, vulnerabilities found in device types that are in the focus of attackers are highlighted.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Workshop I (strategic sessions/talks)
by Florian Schütz, Head Technology at SIX Managed Security Services

Continuing the input talk, we’ll assemble a detection use case from end to end.

Topics will include:

  • Organizing for Detection
  • Engineering threat investigations for speed and quality
  • Integrating threat intelligence into the response process

4:15 – 6:00 pm Workshop II (technical sessions/talks)
by Khalil Bijjou, Senior Security Consultant at SEC Consult Switzerland and Holger Sontag, Cyber Security Consultant at CyberTrap Software GmbH

Well, that escalated quickly! – a penetration tester’s approach to privilege escalation
Companies engage security experts to penetrate their infrastructures and systems in order to find vulnerabilities before malicious persons do. During these penetration tests, security experts often encounter Windows endpoints or systems and gain low privileged access to these. To fully compromise the system, privileges have to be escalated.

Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and apply these.

This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods and techniques and names suitable tools and commands. These methods and techniques have been categorized, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed.

In the second part of the workshop we will give you some insides into Deception Technology. Deception Systems offer a new way to not only identify attacks, but also to watch them perform and thus get a deeper insight of an attack. Learn more about case-specific threat intel that can be gained from the in-depth forensics possible in deception systems.

6:00 – open end Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A and in addition you have the possibility to get a demo from CyberTrap if you are interested.


The Sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events

Registration here!

If it’s the first time you like
to attend, please send us in addition your application