SIGS Special Interest Group
16th SOC Forum

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the hotel shuttle

Date of Event 9th of May 2019
Further planned date in 2019: 3rd of September and 5th of December 2019
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included



1:30 – 2:00 pm Registration & Coffee
2:00 – 2:00 pm Welcome from the moderator
2:00 – 2:45 pm Vladimir Had – UBS ISE Cyber Security – Attack Monitoring, Analytics and Tooling – Solution Architect
Marek Pietrzyk – UBS ISE Cyber Security – Attack Monitoring, Analytics and Tooling – Program Manager

Security Analytics Platform advancing SIEM to the next level
In this session you will learn from hands on experience while building and operationalizing Security Analytics Platform at UBS.

Traditional Cyber Security solutions (SIEM) have been mostly focusing on detection of known attacks utilizing various techniques such as rule-based, signature-based or heuristic approaches. Although it works fine for detection of known attacks, the gap exists when focusing on known unknowns – for example the detection of botnet communications, “sleeping” infected machines or cyber-attacks spanning over long periods – to name a few of critical persisting cyber threats. One of possible countermeasures to that is automated anomaly detection, by processing of security events with Big Data Analytics and Machine Learning technologies.

This session describes how Security Analytics Platform has been successfully implemented in the complex globally operating organization. It explains cyber security drivers, unorthodox setup of a project team, expandable platform’s architecture, technology challenges and the most important lessons learned – from technology, architecture and management perspectives.

2:45 – 3:15 pm Roman Hüssy, Head of

Fighting botnets with Open Source Threat Intel is a non-profit project which operates various trackers with the goal of providing open source threat intelligence, helping internet service providers and network operators to protect their network from malware and botnets. T-Security researchers, vendors and law enforcement agencies rely on data from, trying to make the internet a safer place.

In this session we will explain you how, a non-profit project to fight cybercrime, works and how you can use the Open Source threat intelligence data it produces to protect your network.

3:15 – 3:45 pm Maxim Deweerdt, Instructor at SANS

Goal Oriented Defense
Adversaries only have to find one flaw in our defense in order to get in. And they do – consistently. Even with our modern tools, better skilled personnel and board-level awareness, we fail to detect that our environments are breached in a timely fashion. Time for a new mindset: our adversaries have goals in mind while they breach our environment. What if our detection mechanisms would be focusing on those goals?

Enter Goal Oriented Defense. Instead of trying to detect everything, let’s have a look at how Goal Oriented Defense could look like and how it will help you into tuning your detection and focusing on what’s important.

3:45 – 4:30 pm Break
4:30 – 6:00 pm Workshop I (strategic sessions/talks)
by Maxim Deweerdt, Instructor at SANS

Follow-up of the previous session from Max: in the moderated panel discussion, I’d like to further discuss the MITRE ATT&CK framework and how organisations have implemented this practically.

4:30 – 6:00 pm Workshop II (technical sessions/talks)
by Lior Kolnik, Head of Security Research at Demisto

The Automated Playbook for Phishing Investigations
Have you ever investigated an email reported by an employee as potential phishing?

There are a variety of tools and information sources that go into such an investigation, and each team member may do things differently, unless you use a shared playbook built according to lessons learned as a team. Automating the investigation enables you to accelerate the time to response – so you can block the phishing link or attachment before other users who were targeted have a chance to interact with them.

In this technical workshop we will build and run a security automation playbook to tie all of those tools together to investigate and respond to phishing emails, based on our experience implementing phishing playbooks with Fortune100 blue teams worldwide.

6:00 – open end Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A.


The Sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events

Registration here!

If it’s the first time you like
to attend, please send us in addition your application