SIGS Technology Summit Speakers in 2016

All presentations are held in English

Key Notes

Cyber Management Alliance Ltd., Amar Singh, CEO & Founder
Amar Singh is an industry influencer and leader, founder of a not-for-profit organisation and the Cyber Management Alliance and Chair of ISACA’s UK Security Advisory Group. Amar is engaged as a trusted business and cyber security advisor, mentor to C level executives, and a consultant to organisations who need to reduce their risk exposure, deploy post incident remediation, build security teams, increase cyber resiliency and mature their information security and data privacy posture.

Amar’s client profile includes News International (now News UK), Siemens, the BBC, Reuters, BP, ATOS, Gala Coral, Cable & Wireless, SABMiller and many more. Several of the world’s prestigious media organisations and publications regularly seek and publish Amar’s counsel and guidance, including: The BBC, Financial Times, Al Jazeera, The Economist, The Guardian and The Daily Telegraph The Economist’s Intelligence Unit (EIU) invited Amar to the London Stock Exchange to share his insights on information risk management Amar launched The Financial Times’ CISO video series Amar has featured in a number of prestigious publications including: Institute of Chartered Accountants for England and Wales The Counter Terror Business Magazine Regular contributor to publications including Computer Weekly, SC Magazine, InfoSec and others Featured on the cover of SC Magazine

Closing Note

Now or Never! Why we need to get Cybersecurity right today!
There is no going back now. No turning the clock back. Cyberspace, the Internet, the connected world – call it what you may, is increasingly becoming an integral part of our daily lives.

Furthermore, the line between virtual cyberspace and the real world is starting to blue as cyber attacks start to impact the physical world. In the near future, our very lives will depend on the security, the stability and the integrity of our connected world. Ignoring the safety of Cyberspace will have dire consequences wrong may have long standing consequences to our lives. It’s now or never.


Why the CISO should report to the board – based on the example of an Incident Response Approach to Cyber Attacks
Everyone’s talking about incident management but is anyone actually doing it right? Or are you not able to do it right because you don’t get the needed support from the board?

Join Amar Singh in an interactive workshop where you will work to map out and create a live cyber incident response plan. This is your chance to get involved and share your insights and experience and learn from your peers. In addition you will get valuable insight how you can reach the appropriate attention from your management.

e3 CSS AG, Michael Hoos, CEO

Developing a security product in Europe was always his dream. E3 CSS AG made the dream come true by developing Centraya in Zurich. After working 16 years for Symantec as Senior Director for Specialist Sales, Presales and Consulting he took the opportunity to be part of a security product development here in Europe from day 0 on. Since 2014 the team and Michael work on Centraya – a central cloud access security broker.
Michael works since 1997 in the IT security industry. He has been responsible for some of the largest IT security projects in Central Europe – from endpoint protection to gateway security.

Safe Harbor, Privacy Shield and Espionage: go Cloud or stay home?
“I have nothing to hide” is one of the common answers if you talk about data privacy. “We will screen what we get” seems to be the approach of secret services all around the globe. It was already tough to stay in control of your company internal digital assets. And now they are moved to the cloud. Who has access, who has control? How can I stay compliant with data privacy requirements or other regulations.
The key note tries to provide an overview of current challenges as well as an approach that we call “customer enforced trust”.

ISF Limited, Steve Durbin, Managing Director
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. He is a frequent speaker and commentator on technology and security issues.

Steve has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. He has served as an executive on the boards of public companies in the UK and Asia in both the technology consultancy services and software applications development sectors.

Steve has also served as a Digital 50 advisory committee member in the United States, a body established to improve the talent pool for Fortune 500 boards around cyber security and information governance. He was ranked as one of the top 10 individuals shaping the way that organizations and leaders approach information security careers in 2014. Steve is currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators. He is a Chartered Marketer and a Fellow of the Chartered Institute of Marketing.

The emerging threat landscape: how to keep ahead in cyberspace
As information security threats intensify, organisations risk becoming disoriented as they grapple with complex technology, an explosion of data, increased regulation, and a debilitating skills shortage.

Prompt action is required to interpret an increasingly complex threat horizon which could place organisations and their goals at risk.

Venafi, Kevin Bocek, Vice President Security Strategy & Threat Intelligence
Kevin Bocek is responsible for security strategy and threat intelligence at Venafi. He brings more than 16 years of experience in IT security with leading security and privacy leaders including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, nCipher, and Xcert.

He is sought after for comment by the world’s leading media such as Wall Street Journal, New York Times, Washington Post, Forbes, Fortune, BBC, Süddeutsche Zeitung, USA Today, Associated Press, Guardian, and Telegraph along with security press including SC Magazine, Dark Reading, and Network World.

World at a crossroad – “Will we be able to secure our cyber world, or not?”
A new perspective and approach
All signs point to a future world of more complex and harder-to-detect cyber threats. How can we defend our business if we don’t know what is friend or foe, trusted or not, as perimeters fade, software growth explodes, DevOps moves faster, and security controls fail? Already 8 out of 10 European CIOs believe the investments we’re making in traditional security solutions are not working.

The foundation of cybersecurity in our organisations are the tens of thousands of keys and certificates the authenticate and encryption communications for websites, virtual machines, software, mobile devices, containers and cloud servers. Protected, they ensure trust and privacy in digital communications and connections. But if just one critical key or certificate is left unmanaged or unprotected, the entire cybersecurity foundation is placed in jeopardy.

With Gartner expecting 50% of network attacks to come over encrypted TLS traffic by 2017 and certificates of all types the interest of cybercriminals and governments, it is essential that keys and certificates are managed and protected in the datacenter, on desktops, on mobile and IoT devices, and in the cloud.

Discover a new approach to thinking about cybersecurity, so you strengthen all the security controls to protect customers, business, data and brand.

Zscaler, Dr. Manoj Apte, Senior Vice President of Product Management
Dr. Manoj Apte is a veteran network security executive with over 15 years of experience developing high performance networking and security systems.

Prior to Zscaler, Manoj held engineering and product line management positions at Juniper Networks, where he created and launched Juniper’s 10G IPS (Intrusion Prevention System) appliance. Prior to Juniper, he worked on real-time embedded platforms at various companies.

Manoj holds more than a dozen patents and has contributed to the Cloud Security Alliance since its initial charter. He earned a PhD in Real-Time Embedded Systems from Mississippi State University and holds a B.Tech. in Aerospace Technology from IIT Bombay.

Transforming network infrastructure and Internet security for a changing business-world
Today, the IT landscape has dramatically shifted. Users are on the road and connected everywhere, data is moving to cloud applications, mobile and personal devices are always on and rarely controlled, and the Internet-of-Things is becoming reality. All of this is putting huge pressure on traditional appliance-based security infrastructure.
The challenge is that hackers understand these trends, and have shifted to attacking the end users as the easiest target. Users are now the primary vector for bringing malware into a company. In the age of the disappearing corporate perimeter, how can enterprises protect all users, apps and devices, wherever they are?

This presenatation covers:

  • Introduction of a cloud-based Internet Security Plattform, that delivers highly integrated Internet Security and lays the foundation of business transformation to the cloud
  • Security challenges for IT departments in work environments with a disappearing corporate perimeter and how the cloud enables to overcome limitations with regards to providing Internet Security for every user or device independenly from location
  • Moving applications to the cloud goes along with new network infrastructure requirements – How to overcome the bandwidth and latency dilemma with a zero IT branch office approach
  • There is no “No Cloud strategy” – Cloud environments will become normality – how enterprises regain transparency into which applications are used in their networks and how they can prevent Shadow IT


Akamai Technologies, Marco Fullin, Solutions Engineer
Marco is a Solutions Engineer at Akamai Technologies in Switzerland. He is a Certified Information System Security Professional (CISSP) and brings more than 10 years of experience in managing various IT Security projects including security consultancy, ethical hacking, and forensics.

He has a wealth of experience in IT Security, Networks, Datacenter and E-Business. He has worked for different companies, including Internet startups, Carriers and IT-Integrators in various roles such as Systems Engineering, Presales, Project Management, Engagement Management and Solution Engineering.

The Future of Web Attacks
Web security threats are constantly evolving. Understanding the sources and attributes of emerging DDoS and Web Application threats can help you to protect your enterprise from web attacks and vulnerabilities. Get insights into the latest DDoS and web application attack trends including complete quarter-over-quarter and year-over-year statistics as well as analysis of emerging trends and threats.

The presented, quarterly security reports from Akamai are based on data collected during recent cyber-attacks against the global Akamai customer base. Through data forensics and post-attack analysis, Akamai presents a global view of attack trends and new cybersecurity threats to enable businesses to make intelligent, strategic decisions.
This report results are a conclusion out of 15%-30% of the worldwide web traffic, from trillions of Internet transactions each day and 40-50 mitigated DDoS attacks per week as well as hundreds of millions analysed IP addresses each month. This allows to gather massive amounts of data on many metrics related to the origins, tactics, types, and targets of recent DDoS and web application attacks and identify emerging DDoS trends.

Avecto, Andrew Avenessian, VP of Technology
Andrew initially established Avecto’s consultancy (pre and post-sales) and technology services (support and IT.), developing them from the ground up into world class offerings. Now responsible for the strategic direction of pre-sales consultancy, he regularly provides security and technology advice to large global enterprises. His background in IT infrastructure ensures he can clearly translate complex requirements, finding technical solutions to commercial challenges. With a keen interest in cyber security and the end user experience, Andrew is a regular contributor to press articles and security events.

Social Engineering: lessons learnt from history
In this lively presentation, Andrew will use the analogy of the high street bank to share learnings from security principles of the past that are still valid today.

With real examples of social engineering and high profile hacks, Andrew will explain why good security is easy with solid foundations in place. He will share insight and tips of where to start with a defense in depth security strategy that really works in the ongoing quest against cyber threats.

Bromium, Rafal Wojtczuk, Principal Security Architect
Rafal Wojtczuk has over 15 years of experience with computer security. Specializing primarily in kernel and virtualization security, over the years he has disclosed many security vulnerabilities in popular operating system kernels and virtualization software. He is also well known for his articles on advanced exploitation techniques, including novel methods for exploiting buffer overflows in partially randomized address space environments.

Recently, he was researching advanced Intel security-related technologies, particularly TXT and VTd. He is also the author of libnids, a low-level packet reassembly library. He holds a Masters Degree in Computer Science from the University of Warsaw.

Lessons learnt from the history of vulnerabilities in hypervisors
Hypervisors have become a key element of both cloud and client computing. It is without doubt that hypervisors are going to be commonplace in future devices, and play an important role in the security industry. In this presentation, we discuss in detail the various lessons learnt whilst building and breaking various common hypervisors. In particular, we take a trip down memory lane and examine vulnerabilities found in all the popular hypervisors that have led to breakouts.

One of the key value propositions of hypervisors, as they relate to security, is to shrink the attack surface. However, in the quest for new features and functionality some trade-offs are made, which can prove to be fatal. While discussing the particular problems, we will examine what the strong (and weak) security-related features of hypervisors are.

We compare the attack surface of hypervisors with that of user mode applications and operating systems kernels, and show that the purpose and design of the hypervisor significantly changes its attack surface size. Most importantly, we make a fact-based argument that many hypervisors aren’t designed with security in mind.

We show how superfluous code and poor design can be punished by demonstrating real examples of hypervisor breakouts. The presentation ends with lessons learnt, and recommendations for hypervisor design and approaches that can be taken to harden them.

Cisco, René Räber, Distinguished Engineer
Rene Raeber is one out of the 35 Worldwide Distinguished Engineer‘s in Cisco, working in the Worldwide Datacenter Organisation at Cisco.

Rene’s function covers the WW Datacenter Strategy and definition of Cisco’s go to market strategy for our Sales Field Forces as well as Field Engineering education, Datacenter Strategic Accounts and Key Project support in the Commercial, Enterprise, Public Sector and Service Provider market segments. In addition, Rene is responsible for a gateway function towards the Datacenter Business Unit divisions, in order to ensure that Cisco’s customer requirements are represented and fulfilled in product development.

His span of responsibility also covers internal field engineering education, partner technical readiness, and representation of Cisco’s Datacenter technologies in key marketing initiatives; technical seminars, press and thought leadership writing datacenter publications.
Additionally, Rene is an official and voting IEEE member, actively representing Cisco, and develops new Datacenter standards, such as IEEE-802.1BR (Virtual Bridge port Extension).

Rene is one out of 10 Cisco Datacenter Patent reviewer and one of the Key Datacenter Architects in Cisco, having been recognized for excellence awards on several occasions.

Have you ever heard about how to achieve and simplify compliance through policy abstraction and modeling?
In this session we will introduce a new and revolutionary architectural security approach to achieve and simplify datacenter security and compliance through policy models. Policy abstraction and policy modeling will help you to gain another level of security in a simplified way.
Learn how a white listed fabric architecture is capable to deal with any workload and/or any application independent OS, Hypervisor or a bare metal approach. Based on various scenarios we will show attribute based, zone based, and micro-segmentation based isolation examples, covering inter- as well as intra-cluster communication.
These session will end by introducing a completely new approach for analytics and end-to-end application visibility with unprecedented performance and scalability criteria. This is especially useful for ADM “Application Dependency Mapping” as well as for security prevention capabilities; predict/detect/protect/remediate.

ENISA – the European Union Agency for Network and Information Security, working for the EU Institutions and Member States. ENISA is the EU’s response to the cyber security issues of the European Union. As such, it is the ‘pace-setter’ for Information Security in Europe, and a centre of expertise.

The objective is to make ENISA’s web site the European ‘hub’ for exchange of information, best practices and knowledge in the field of Information Security. This web site is an access point to the EU Member States and other actors in this field. ‘ENISA – Securing Europe’s Information Society’.

More information at

Panel Discussion: Spot on cyber-threats
ENISA invites international cyber-threat intelligence and analysis stakeholders to debate on hot topics in the field. In particular, aspects of usability, presentation and standardisation of cyber-threat information will be discussed. This discussion will also refer to trends in the area, as well as the role of various market and statutory players.

Interesting topics for this discussion (indicatively) include: improve access to threat information, presenting threat information, developments in related protocols (STIX, TAXII), exploiting the Dark Net, threat agent modelling, end-user needs, tools, etc.

For this panel, ENISA has invited its threat landscape stakeholder group consisting of internationally recognised individuals in the area of threat intelligence. The members of the ENISA Stakeholder group are: Paolo Passeri, System Engineer, Consulting, UK -Pierluigi Paganini, Chief Security Information Officer, Telecoms, IT – Paul Samwel, Lead Security Architect, Banking, NL – Tom Koehler, Executive Vice President, Consulting, DE – Stavros Lingris, IT-Official, CERT, EU – Jart Armin, Internet Security Researcher, Worldwide coalitions/Initiatives, International – Thomas Haeberlen, Federal Office for Information Security, DE – Neil Thacker, Information Security & Strategy Officer, Consulting, UK – Margrete Raaum, Leader, CERT, NO – Shin Adachi, Security Analyst, US – R. Jane Ginn, Consulting, US.

For this panel, ENISA has invited members of the landscape stakeholder group. Contributions from Jane Ginn, Thomas Haeberlen, Stavros Lingris, Paul Samwel, Pierluigi Paganini, Neil Thacker and Jart Armin are planned. Louis Marinos, ENISA will moderate the discussion.

The event is structured in two units: in the first hour, panellists will present their position statements on issues and trends in the area of cyber threat intelligence. After the break, the discussion will address topics and questions brought up by the participants.

Forcepoint, Neil Thacker, Information Security & Strategy Officer EMEA
Neil Thacker, CISSP, CEH & OPST is Information Security & Strategy Officer, EMEA for Forcepoint. Neil holds 15 years’ experience in the Information Security industry with 10 years financial services experience in the insurance and banking arena. Neil is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program. Neil is also co-founder of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role.

Cloud First Security Resilience: Considerations and Solutions
We truly live in a cloud-first world: CIOs believe that 2016 will be the year when more IT services live on the cloud than on-premise for the first time.* Maintenance, cost and accessibility benefits should not come at the expense of security and regulatory mandates when moving infrastructure and applications to the Cloud. Join this session to accelerate your understanding of the security issues and solutions tied to the adoption of cloud services and applications, such as Office 365 and others.

* IDG Enterprise survey of IT buyers, reported in CIO Magazine November 19, 2015

Fortinet, Simon Bryden, Consulting Systems Engineer
Simon Bryden is a consulting systems engineer at Fortinet. Simon represents FortiGuard labs in the EMEA region, promoting Fortinet’s threat intelligence capability both internally, and to customers and partners.

Simon brings a wealth of experience from over 25 years in the IT and security industry and before joining Fortinet, held engineering and product management positions in a variety of vendor, integrator and end user companies.

The current threat landscape and how to deal with it
This presentation reviews some of the headline security events of recent months, then asks what can be learned from them.

After looking at some of the trends and directions that today’s attacks are taking, we will look at key challenges facing the enterprise, and how they can be addressed by leveraging the latest developments in security technologies, combined with constantly updated threat intelligence.

Fraunhofer AISEC, Dr. Julian Schütte, Senior Researcher
Dr. Julian Schütte (m) is a senior researcher and head of the group “Service and Application Security” (SAS) at Fraunhofer AISEC. Fraunhofer AISEC’s mission is to transfer insights and developments from security research into practice. Within AISEC, the SAS group is mainly concerned with the security of cloud and mobile applications, specifically the automatisation of program analysis and vulnerability testing, as well as the hardening of applications. Julian has more than a decade of experience in mobile security research and has led several research projects in this field. He is author of several dozen of publications and has developed the tool App-Ray for automated mobile app analysis.

Fully automated discovery of vulnerabilities in Android apps
Android is the prevailing mobile operating system accompanied by more than 1.6 million apps available at various online market platforms. To protect against malicious or vulnerable apps, Android comprises a mainly permission-based security model and some, but opaque security checks conducted by Google Play.

However, the Android security model is a moving target and updates of the Android framework have introduced thousands of security relevant changes in the past. Under these conditions, assessing the security of an app according to userspecific requirements is hardly possible. This talk will shed some light on complex vulnerabilities in Android apps and ways to discover them automatically.

Intel Security, Rolf Haas, Enterprise Technology Specialist EMEA
Rolf Haas is an enterprise technology specialist, in the Content & Cloud Security division of Intel Security. With more than 22 years of experience in IT security, Haas has built up an extensive technical knowledge gained through global hardware, software and services. He provides structured and innovative approaches to solving complex technical issues as well as solutions and responses to both end-users and channel partner whilst developing lasting customer relationships.

Threat Predictions Cyber Threat Landscape 2016
During this session Rolf Haas, Enterprise Technology Specialist for Intel Security EMEA, will reflect on the informed opinions of 33 Intel Security thought leaders, the report illustrates short- and long-term trend implications for organizations working to keep pace with business and technology opportunities, and the cybercrime community that threatens them.

Key takeaways

  • Learn more about the 2016 threat predictions that run the gamut of trends, from the likely threats around ransomware, attacks on automobile systems, infrastructure attacks, and the warehousing and sale of stolen data, among other likely issues in 2016.

  • Predictions through 2020 – 5 year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.

keyon AG, René Eberhard, CEO
René G. Eberhard has more than 19 years of experience in the IT security area . He’s one of the founders of keyon and as CEO also involved in strategic security projects of major customers.

Classify or Die
Sensitive data is used and stored on-prem, on mobile devices, and in the cloud. Data loss prevention solutions have to be adapted accordingly to the new challenges. With digital rights management (DRM) data can automatically be classified and protected on generation or edit. E-discovery capabilities from DRM allow to track who got access to such data by when and where. Unlike other technologies, the classification and encryption are intrinsically linked with the respective data and thus provides a continuous and transparent protection to the user, regardless of data transmission or location.

The presentation shows the need to classify and protect data as requirement for Data Loss Prevention, Secure Collaboration and the step into the Cloud – more information at

Kudelski Security – Jean-Philippe Aumasson, Principal Cryptographer at Nagravision SA
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX.

He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, CHES. He initiated the Crypto Coding Standard and the Password Hashing Competition projects. JP co-wrote the 2015 book “The Hash Function BLAKE”, and tweets as @veorq.


Quantum computing and post quantum crypto
Abstract: We’ve heard about hypothetical quantum computers breaking most of the public-key crypto in use and we’ve heard about “post-quantum” systems that would resist quantum computers. The NSA wants to move to post-quantum crypto and NIST will organize a contest for new postquantum cryptosystems.

What does that mean? Should we be scared? What’s a quantum computer in the first place? This talk will give you honest answers to those questions based on the latest research. After this talk you’ll be able to better assess the risk of quantum computers, to debunk misleading claims, and to ask the right questions.

Ping Identity, Hans Zandbelt, Principal Solutions Architect CTO Office
Hans Zandbelt is a Principal Solutions Architect in the CTO office of Ping Identity covering the EMEA region. He holds an MSc. degree in Computer Science, Tele-Informatics and Open Systems, at the University of Twente. He has over 20 years of experience as a technical leader in research and innovation projects, including digital identity initiatives.

In 2007 he joined SURFnet as the architect and technical product manager of SURFfederatie, the national infrastructure for federated Single Sign-On for the research- and higher education community in the Netherlands. Since 2011 he joined Ping Identity and works on Single Sign-On, Cloud Identity & Access Management and large scale deployments of federation technologies such as SAML 2.0 and OpenID Connect.


From WAM to FAM – the Evolution of Access Management
How Modern Access Security Works
In today’s business, your users, their devices and your applications have moved beyond the confines of the firewall and into a whole new borderless world of unsecured networks. At the intersection of mobile, cloud, and the Internet of Things, the only way to truly secure your enterprise is by ensuring that only trusted employees, partners, and customers access the right applications using trusted devices. But traditional WAM offerings don’t provide the security and protection necessary.

In this breakout session, learn how to bring your access management solution into the new millennium. We’ll explore the key benefits of modern access security:

  • Centralize policies and compliance across web, mobile and APIs
  • Securely expose internal apps to remote users without VPN configuration
  • Utilize existing investments
  • Avoid vendor lock-in with open standards
  • Scale and grow according to your needs and capabilities

We will also demonstrate how to turn technology into solutions with a consulting methodology that quickly, comprehensively and independently discovers the opportunities of Cloud Access Management for your business, involving all relevant stakeholders.

ProtonMail, Dr. Andy Yen, Co-Founder/CEO (on behalf of Radware)
Dr. Yen one of the creators of the encrypted email service ProtonMail. Today, ProtonMail is the world’s largest secure email service with millions of users in over 150 countries. Together with a team of scientists at Swiss based Proton Technologies AG, Andy is helping consumers and enterprises secure their communications by making encryption technology easier to use and more cost effective.

Prior to creating ProtonMail, Andy was a particle physicist at CERN working on the Large Hadron Collider, the world’s largest particle accelerator. Andy received his PhD in Physics from Harvard University, where his research focus was on supersymmetry and scientific

Switzerland under attack: Lessons from the ProtonMail DDoS attack
In November 2015, the ProtonMail secure email service was affected by one of the largest and most sophisticated DDoS attacks to ever hit Switzerland. The large scale attack impacted ISPs as far away as Moscow and made headlines around the world.

In this presentation, Dr. Yen describes how ProtonMail and Radware’s Emergency Response Team (ERT) worked together to mitigate the attack and put together a comprehensive, long term solution.

DDoS is a growing threat faced by companies in Switzerland and careful planning and preparation is required to mount a successful defense. Key considerations to keep in mind when designing a comprehensive DDoS solution are discussed, along with unique insight gained from the ProtonMail attack.

Rapid7, Pim van der Poel, Regional Manager
Pim Van der Poel has over 20 years of experience in the IT security industry, amongst this, includes his VP role at Internet Security Systems (acquired by IBM in 2006) and VP of EMEA and APAC at Ultimaco. A particular career highlight has been his involvement in the successful launch of ScanSafe, the global leader in Cloud Web Security – later acquired by CISCO. Prior to joining Rapid7 to lead the DACH region, he led the German team of the data protection providers, Digital Guardian.

Moving Cybersecurity Focus From Prevention to Detection & Response
Incident Detection & Response is a growing challenge – security teams are often understaffed, the attack surface for intruders is expanding, and it’s difficult to detect stealthy user-based attacks. In a recent survey, 62% of organizations report receiving more alerts from their monitoring solutions than they can handle.

Join Pim van der Poel at Rapid7, to discuss:

  • Top incident detection & response challenges facing security Teams
  • How to detect the most common attack vectors behind breaches
  • People, processes and technology required for an effective IDR program

Resilient Systems, Arne Jacobsen, Country Manager DACH
Arne Jacobsen is the Country Manager for Germany, Austria and Switzerland at Resilient Systems. He is responsible for driving revenue growth and customer success in the DACH region.

Prior to joining Resilient Systems, Mr. Jacobsen was the Managing Director, Central EMEA for Qualys. He has considerable experience in the European information security industry and has held management positions at Varonis, McAfee and Safeboot. Mr. Jacobsen has a Diploma from the University of Frankfurt in Business Administration.

Cyber Resilience – Industry Best Practice in Managing Security Incidents
It is impossible to stop all cybersecurity attacks, therefore companies need to improve at handling and recovering from cybersecurity incidents. This ability to recover is known as ‘Cyber Resilience’.

This session will look at the latest research from US and European companies into their state of cyber resilience, as well as industry best practice and key indicators for companies to consider in improving their cybersecurity readiness.

RSA, Ralf Kaltenbach, Director DACH & Eastern Europe
Since January 1st 2016 Ralf Kaltenbach is in charge of RSA’s Advanced Security Operations Center business in Germany, Austria, Switzerland and Eastern Europe. He held various senior management positions before, such as Regional Director RSA in Germany and Head of Sales in EMC Central.

Before he joined EMC in 2012 he was 12 years with Cisco. Ralf holds degrees in telecommunications and economics (Diplom-Ingenieur/Diplom-Wirtschaftsingenieur). He specialized in Security, Information Technology and Finance.

Modern Cyber Risks – why traditional security methods are falling short
To detect advanced cyberattacks, traditional approaches based on logs need to be combined with other data types such as network packet, endpoint, and cloud data. To discover attacks missed by log-centric SIEM and signature-based tools, correlation of network packets with other security data is a modern way of detection and protection.

To be one step ahead it is crucial to implement complete visibility to detect, investigate, and take targeted action against even the most advanced of attacks – before they can impact the business. The presentation gives an overview about most relevant critical success factors to defend against most recent cyber threats.

RUAG Defence, Rocco Mandrysch, Security Researcher
Rocco Mandrysch works as a Security Researcher in the Research and Development Group of the Ruag Defence Cyber Security Department. His main field is the analysis of the malware network communication with data mining approaches.

He studied Physics at the University of Hamburg and made his PhD in Physics at the Humboldt University Berlin. After this, a Position at the University of Iowa based at CERN followed as the convener of the Performance Management Board for the software in the ATLAS Science Collaboration.

Hidden Information in the DNS Protocol
The Domain Name System protocol (DNS) is one of the most commonly used protocols in IT infrastructures. This protocol is also used for sending private information, such as credit card details, to third parties in the payload of DNS packages. One can also set up a communication with hidden data packages via covert channels.

In company networks with high numbers of participants, it is very difficult to monitor and classify the DNS requests and replies in order to find those being used for illegal purposes.

We present an approach for calculating evidence of hidden information within the DNS protocol.

SailPoint, Mark Oldroyd, Technical Partner Enablement Manager
Mark Oldroyd is currently Technical Partner Enablement Manager for SailPoint in Europe, responsible for technical pre-sales education and training across the extensive SailPoint partner community. Mark has been with SailPoint for over four years, working in both partner-facing and sales engineering roles. With over 13 years of experience in the Identity Management and Security areas, he has worked with many of the leading technology vendors and solutions.

Putting Identity @ the Center of Security
As security professionals, are we doing enough to secure the modern enterprise? With the increasing challenges around cloud and mobile, the security perimeter is becoming harder to define. Traditional security models must evolve away from network and account-centric controls and focus on identity, in order to fully understand and minimise the risk to the enterprise.

The session will discuss the importance of this evolution, and how security focus areas such as SIEM, DLP, PAM, MDM, GRC, etc. can all benefit from the concept of identity. It will show how SailPoint is tackling this issue from a practical perspective across both structured and unstructured data environments, through it’s comprehensive solution set, integration capabilities and industry partnerships.

Securosys, Marcel Dasen, Vice President of Engineering
Marcel Dasen is Vice President of Engineering at Securosys SA. He has more than two decades of experience in the tech industry as a engineering manager, CTO and CEO. He graduated from ETH Zürich with a Masters in Computer Science.

Marcel has been responsible for the design of semiconductors and software for consumer and automotive electronics, including industry leading digital transmission protection such as DTCP, Apples MFi and Microsoft’s digital rights management.

Where are your keys?
How to securely protect your certificates, authentication keys and Passwords
“Encryption works!”, Snowden famously declared, so attackers preferably go after passwords, authentication and encryption keys, and certificates. Unfortunately, these keys maybe generated by bogus key-generation units, are floating around in the processor memory of the server, and are permanently stored somewhere in the filesystem or databases such as keychain, keystore, certificate manager, or just the browser itself. Anybody getting access to the server may alter or export these files. The security of applications based on SSL, Public Key Infrastructure (PKI), or Active Directory/Open Directory is affected.

In his talk Marcel Dasen will present different systems managing keys and corresponding vulnerabilities. He will then make the case for a hardware based keystore using a hardware security module (HSM) and show how the MS-PKI System can efficiently be secured by attaching it to an HSM.

Tenable Network Security, Florian Hammers, Security Specialist
Florian Hammers, Security Specialist at Tenable Network Security GmbH, works since 2008 in IT-Security.
Before he joined Tenable, he was with Kaspersky Labs, where he was responsible for designing and implementing endpoint security solutions at enterprise customers.

Re-active Vulnerability-Scanning was yesterday – The evolution of Vulnerability-Management
Vulnerability Scanning is an important and widespread method to identify vulnerabilities in company networks. Usually, scans are done according to a scanning-schedule in a predefined network environment, which inevitably leads to “blind spots“.

In this presentation you will learn how Vulnerability Management moved away from being a re-active method that merely provides snap shots of the network, towards pro-active Continuous Network Monitoring that gives you a complete picture of the network at any time and helps you avoid exploits and data leaks.

TITUS, Craig Adams, EMEA Director
Craig Adams leads TITUS business in Europe, the Middle East and Africa, driving revenue growth for the company and helping customers deliver value from their implementation of TITUS solutions.

Prior to joining TITUS, Craig ran HP Enterprise’s Information Governance software business in EMEA. He has an extensive background as a technology and business consultant in the Information Management space, previously working for such companies as Documentum, Open Text and Getronics. Craig regularly speaks at industry conferences and roundtables.

Tackling Insider Threats with Data Discovery and Classification
There are many ways that sensitive information can be leaked from organizations, however the insider threat remains the hardest to quantify and resolve.

Organizations often become hung up on using technology to combat external breaches, and the insider threat doesn’t get the attention it deserves. While a great deal of time and energy must be spent on trying to stop hackers who are maliciously and intentionally trying to steal information, another big challenge for IT security departments is the threat of authorized internal users who have legitimate access to sensitive information. Being able to accurately identify the sensitivity of corporate documents so that the proper controls can be enforced is a good start in addressing insider threats. Classification can help ensure that information is accessed by only the right people.

In this session, Craig Adams will review the challenges and strategies that organizations can use to effectively manage insider threats with data discovery and classification.

University Innsbruck, PD Dr. Michael Felderer
PD Dr. Michael Felderer is a senior researcher at the Institute of Computer Science at the University of Innsbruck, Austria. He holds a PhD and habilitation degree in computer science. His research interests are in the areas of software and security engineering.

No Risk, No Test: Successful Security Testing with Risk-Orientation
Risk-based testing has a high potential to improve security and software testing as it helps to optimize the allocation of resources and provides decision support for the management.

The recent testing standard ISO/IEC/IEEE 29119 and the OWASP Testing Guide are therefore explicitly risk oriented. But for many organizations the integration of risk-based testing into an existing test process is a challenging task.

In this talk we present guidelines and experiences based on recent studies for the successful integration and application of risk-based testing.

University Innsbruck, Dr. Thomas Trojer, Scientific Staff
Thomas Trojer received a PhD degree in computer science from the University of Innsbruck, Austria, in 2015. He is currently associated as a post doctoral researcher with the Institute of Computer Science at the University of Innsbruck and was a visiting researcher at the Faculty of Business and IT at the University of Ontario, Canada.

His research interests are mainly in IT architecture management, data privacy and access control, electronic health record systems and model driven software development.

IT-Architecture Intelligence for Risk- and Security Analyses
Large IT-Architectures are complex beasts that make it difficult to understand the risk and security implications of their transitive dependencies.

In this talk we present our method and tool support to maintain a living IT-Architecture model that reflects the organization-specific assets of a company. This model can be used to perform analyses that were impossible before. Our talk targets security responsibles, enterprise architects and operations managers.

Varonis Systems, David Lin, Country Manager
David Lin has worked for almost a decade in the IT security sector. Whilst his career has spanned small, medium and large companies, the focus always remains on the value the customer can get out of each solution: whether it be on a security level, operational excellence or achieving usability enhancements.

How do you spot the insider threat?
Insiders are the new malware. Nearly every major security breach starts with an insider, or an attacker using an insider’s credentials.

2015 was a remarkable year for insider threats. It’s estimated that the average organization suffered from 3.8 insider attacks last year and 45% of businesses can’t tell if they’ve suffered a breach.
In order to combat the insider threat, organizations need to shift their focus from the perimeter to their data itself.

Organizations have to face the new reality that it is not a matter of if they will be breached, but when they will be breached. Attackers are already inside – either rightfully as an employee or contractor, or through legitimate but compromised credentials as an outside hacker. Their presence on a network wouldn’t necessarily look suspicious to IT, but their activity would likely appear anomalous. Still, users’ behaviour on many internal systems is rarely monitored or analyzed.

This session will review a User Behaviour Analytics methodology for connecting disparate sets of data to detect signs of a breach, arrest the actions, and recover from the incident.

Attend this session to learn:

  • What is User Behaviour Analytics and why your business should consider using it
  • Understand the different stages of an insider threat incident
  • What are the data sets and indicators to look out for that elevate otherwise indistinguishable user behaviour to indicate a serious threat in progress
  • How to be secure and compliant, and eliminate vulnerabilities you never knew you had
  • Best practices to reduce potential exposure

Vectra Networks, Günter Ollmann, Chief Security Officer
Günter Ollmann is chief security officer at Vectra. He has nearly 30 years of experience in information security in an array of cyber security consultancy and research roles.

Before joining Vectra, Günter was CTO of Domain Services at NCC Group, where he drove strategy behind the company’s generic Top Level Domain (gTLD) program. He was also CTO at security consulting firm IOActive, CTO and vice president of research at Damballa, and chief security strategist at IBM. Günter is a widely respected authority on security issues and technologies and has researched, written and published hundreds of technical papers and bylined articles.

Originally, Günter had wanted to be an architect but he lost interest after designing retaining walls during a three-month internship. After that, he qualified as a meteorologist but was lured to the dark side of forecasting Internet threats and cyber attacks. His amazing ability to see dead people stoked an interest in history and first-millennium archaeology. Günter holds a Bachelor of Sciences degree in Applied Physics and Mathematics and a Master of Sciences degree in Atmospheric Physics from the University of Auckland.

In a World of 100% Encrypted Traffic, Who Wins?
Encrypted traffic continues to grow and will soon become ubiquitous, at which point direct inspection of the content layer becomes impossible.What current security technologies and approaches will fail, and when will their failure become noticeable? Some deep packet inspection approaches are already thwarted by encryption. When will it make sense to replace them? Do the bad guys win if everything is encrypted?

Certainly, being able to inspect the content layer makes things easier for non-obfuscated communications, but even if things are encrypted there are techniques and approaches that can separate out malicious and unwanted communications from legitimate business traffic.


ETH Zurich, Dr. David Gugelmann
David Gugelmann is a postdoctoral researcher at ETH Zurich. His research interests are in digital forensics, machine learning and visualization for anomaly detection, communication networks, and privacy protection. He connects these research areas primarily for the analysis of Web traffic by applying big data techniques to summarize and visualize network activities.

University of Innsbruck, Christian Sillaber, Researcher
Christian Sillaber is a researcher at the Institute of Computer Science at the University of Innsbruck, Austria. His research interests are in the areas of governance, risk and compliance management and security process engineering.

Zurich University of Applied Sciences (ZHAW), Bernhard Tellenbach, Senior Lecturer of Information Security
Bernhard Tellenbach is a senior lecturer of Information Security at the Zurich University of Applied Sciences (ZHAW) in Winterthur. He works at the Institute of Applied Information Technology (InIT) and leads his teachings in the field of information security through the course of applied research and development projects. His interests and research focuses on the protection and monitoring of communication networks as well as computer and network security in general. His other activities include security analyses and audits of information systems in banks and insurance companies. Bernhard Tellenbach is President of Swiss Cyber Storm, an organization with the aim of promoting and finding talented young people a career in information security.

Event Partner