SIGS Technology Conference – DC Day Speakers 2017
All presentations are held in English
|Cisco, Dirk Stöckmann, Technical Solution Architect|
Dirk Stöckmann joined Cisco in 2001 as a global Systems Engineer covering multi-national and global accounts. Since 2009 his work has been dedicated to Data Center technologies encompassing virtualisation, automation and Data Center fabrics. With the introduction of Cisco’s Application Centric Infrastructure (ACI), Dirk moved to the European Data Center team as an evangelist of Cisco’s Data Center vision and technology towards executives, architects and engineers. A key component of Dirk’s focus and passion is aligned with the incubation and launch of new and emerging Data Center technologies. Today, Dirk holds the position of Technical Solutions Architect within the Tetration Analytics group of Cisco’s world wide Data Center organization.
Dirk holds multiple industry certifications including CCIE (R&S) accreditation.
Impact of Digital Transformation on Data Centers and Clouds
Visibility across everything in your data center in real time? With hardware and software sensors we give you behavior-based application insight with deep forensics. Move to a highly secure and reliable zero-trust model. Dramatically simplify your operations. We incl. in this session a demo on Application Dependency Mapping, machine learning, behavior analyticx and automated whitelist policy generation.
|Ivan Pepelnjak, Independent Network Architect &
Christer Swartz, Worldwide Consulting Engieer Data Center, Virtualization & Service Providers at Palo Alto Networks
Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.
Ivan is author of several Cisco Press books, and a series of highly successful webinars. To learn more about him, visit ipspace.net or read his blog at blog.ipspace.net.
Christer Swartz has 20+ years of experience in CCIE Networking, Data Center, and Security architecture in both Enterprise and Service Provider environments. He is based in California and is responsible for driving Security integration into Data Center, Cloud, and Virtualization technology across Palo Alto Networks’s global theaters.
His background includes having been part of the original team at Cisco back in its early days, then subsequently at the European
He focuses on implementing network-based Next Generation security in evolving SDN and NFV architectures in modern Cloud architectures.
Three Geographies of IT – Silicon Valley, US and Rest-of-World
The only problem: the people promoting new technologies or products usually never deployed them, and most everyone around you is not doing it (whatever it is). However, there are tons of large organizations using these amazing new technologies (at least according to those same vendors and pundits). How true is that? Do we really have three geographies of IT (Silicon Valley, US and rest-of-world)? Christer Swartz and Ivan Pepelnjak will discuss these challenges and try to give you a broader perspective during the DC Day keynote.
|ServiceNow, Myke Lyones, Director and Head of Strategy|
Myke is a Director and Head of Strategy for ServiceNow’s Security Business Unit helping larger companies better respond to imminent security incidents, quickly find indicators and observables of compromise, and effectively remediate known vulnerabilities. Myke has over 16 years experience in information technology and security.
Prior to moving to the Security Business Unit, Myke led ServiceNow’s information security group and was brought on board to help secure the cloud startup while creating a mantra of transparency. He has also held Senior Security positions at Grey Global Group, Y&R, WPP Group, and GE Capital
Build your wings before jumping into the cloud
However, not all clouds are the same. How to choose or even differentiate between Public, Private or Hybrid, Single or Multi Tenant. How do you know what to assess in terms of legal, compliance, security and performance.
In this session Myke Lyons will discuss best practices for acquiring cloud services like IaaS, PaaS, and IaaS.
|Microsoft Switzerland, Dr. Marc Holitscher, Chief Technology Officer|
Marc articulates Microsoft’s technology vision and strategy with lighthouse customers, key business decision makers and government thought-leaders. He supports customers in translating new technologies and innovations into business impact and outcomes. Top of mind are emerging
technology issues and how they relate to different aspects of the economy and society at large. Marc is a member of the board of Microsoft Switzerland.
The Intelligent Security Graph
Learn in this session more about the unique insights that are generated from this vast pool of security signals through machine learning and human intelligence and how they complement traditional security solutions.
|andrion AG, Aniello Bove, CEO|
January 1, 2013 he joint andrion and developed andrion to a powerful Swiss consulting and project delivery firm within the Swiss financial services industry. andrion empowers their clients in their strategic initiatives to develop new innovative business. Their consultants, project managers and business analysts know Core Banking functions and Digital Banking transformation best, and do understand how to take into account Swiss Banking law. Their capability in analyzing, designing, approaching, prioritizing, planning and executing projects make them a reliable partner with an outstanding track record in various banking initiatives.
In its past, he spent amongst other things 11 years at UBS and left UBS as management member before he started his entrepreneurship as Partner and COO at INM AG. As former member of the IBM Rational Advisory Board and Go Beyond investor he supports start-ups and promising business ideas with great passion. Today he is one of the F10 mentors. F10 is a Fintech Incubator and Accelerator program sponsored by SIX that supports and guides Startups in transforming their ideas into successful companies, all the while stimulating worldwide collaboration with international finance organizations.
Main differences between Cloud Migration and Regular Migration
Cloud Computing/Cloud Services offer attractive service and price models, but which are the main challenges when migrating to such solutions? Let’s first have a look to classic migration models, approaches and scenarios. What does us force to migrate? Which aspects do we need to take into consideration?
Based on a few typical examples, the difference between regular and cloud migrations will be highlighted and explained.
|Bank Julius Baer & Co. Ltd, Martin Pauli-Burckhardt, Head Legal Procurement, Outsourcing & Data Privacy|
Martin Pauli heads the legal team of Bank Julius Baer responsible for legal advice in the area of IT, procurement, data privacy and security, banking secrecy, regulatory outsourcing and related legal issues.
Before joining Bank Julius Baer in 2012, Martin worked for more than ten years in the legal department of a global Swiss bank in the area of Information and Communication Technology and practiced as a lawyer in a reputable international Zurich law firm.
Best Practice Cloud Computing from a bank’s perspective
Finding agreements on such issues are subject to constraints of, on the one hand, the applicable data protection laws and the legal and regulatory environment applying to the banking industry (especially regarding banking secrecy and outsourcing), and, on the other hand, to the cloud provider’s intention to keep its cloud system and processes standardized for all its customers.
The presentation will identify typical problems in this context regarding the financial industry and will give recommendations of what should be addressed in a cloud contract from a bank’s perspective.
|Inpher, Jordan Brandt, CEO and Cofounder|
As a though leader and named one of Forbes ‘Next-Gen Innovators’, Jordan’s research and insight on cybersecurity, AI and robotics has been featured in print and broadcast internationally on Bloomberg, CNBC, Forbes, Financial Times, Wired and other business and technology press.
Jordan is the former CEO and cofounder of Horizontal Systems, acquired by Autodesk (Nasdaq: ADSK) in 2011. He went on to serve as the director of Autodesk’s $100m investment fund, while also teaching and conducting research with a Consulting Professorship in Engineering at Stanford. Jordan completed his undergraduate work at the University of Kansas and received his doctorate from Harvard University.
Touch but don’t see; practical uses of encrypted computing
Furthermore, analytics and machine learning algorithms can be run on multiple, private databases without revealing any information between the data sources. In this session you will learn about the technology that powers this new frontier and applications in the financial services industry.
|iWelcome, Corné van Rooij, Vice President Product Management|
Corné van Rooij is VP Product Management at iWelcome (Europe’s Identity Platform). He has been working in the Security market for more than 20 years of which the last 15 years at two well know Identity and Access Management vendors.
Corné is responsible for iWelcome’s IAM as-a-Service (IDaaS) offering and its famous Consumer-IAM (CIAM) support. Gartner and KuppingerCole analysts have recently rated iWelcome with exceptional notes for its GDPR support. Hence, he is a frequent speaker at international conferences around GDPR.
Prior to joining iWelcome, Corné worked at RSA in different management positions, leading regions (including Switzerland) and lately being their Lead Technologist for Global Accounts and Strategic Alliances in Europe. After his study in Computer Sciences at the University of Utrecht he started in consultancy for UNIX. He then quickly stepped into the more exciting world of security in which he has been constantly active since the mid 90’s.
Identity in the Cloud; IAM for the new Digital Age
To successfully move the application landscape into the cloud, employee identities became ‘airborne’. This asks for a robust and secure IAM framework that is cloud-first while also supporting applications in existing datacenters. It’s also a balance between risk and user convenience, and more and more, user experience. The days that employees accepted ‘old fashioned’ and rigid IT solutions are far behind us, with consumerization of IT becoming such a strong factor. Add to the mix, the rise of the Mobile Workforce and new supply chain models, and it’s no doubt Identity Management needs a redesign.
To support new digital business models, consumer identities and their profile information became the new gold. And as with everything valuable, it needs to be protected well. The new EU regulation on GDPR is additionally driving strong data protection and privacy measures. Also here, user convenience and experience are key, consumers don’t accept poor digital service. It’s about finding the right balance between user convenience and staying out of the papers (breach).
The presentation will emphasize on the amount of similarities that both business trends introduce around managing identities as well as access rights. It will also cover new IAM topics like consent lifecycle management and family management.
|keyon AG, René Eberhard, CEO|
René G. Eberhard has more than 19 years of experience in the IT security area . He’s one of the founders of keyon and as CEO also involved in strategic security projects of major customers.
Classification and label-centric security approach in O365 – understanding the big picture
The goal of the presentation is to highlight the big picture of the classification- and label-centric security approach from an organizational view and how it can be implemented in an organization, especially in O365 and other applications.
|Laux Lawyers AG, Alexander Hofmann, Partner und Co-Founder Swiss Business Innovation Club|
Alexander Hofmann is a partner with LAUX LAWYERS AG. Alexander is attorney-at-law admitted to practice in Switzerland (admitted to the bar since 2007) and advises predominantly in IT and IT procurement matters with a special focus to cloud, outsourcing and fintech.
Before joining LAUX LAWYERS AG Alexander worked for more than five years as a Senior Intellectual Property and Technology Legal Counsel with a major international Swiss bank, and for seven years in a boutique-lawfirm in Zurich specializing in intellectual property, media law and general business and contract law.
Alexander is co-founder of SWISS BUSINESS INNOVATION CLUB, a meeting place for Swiss financial and insurance institutions to design new business models and ideas together with innovation partners, and advance them from mere ideas or technologies into promising business cases and minimal viable products.
Panel Discussion – Get it Right
|Laux Lawyers AG, Christian Laux|
Dr. Christian Laux is attorney-at-law admitted to practice in Switzerland. In his daily practice Christian focuses on IT law matters, and he has extensive experience with technology-related and e-commerce issues. Christian combines his experience both as inside counsel as well as his practice as outside counsel since many years with a passion for technology. He advises clients on all aspects of IT law: contract formation, outsourcing projects and cloud computing, electronic archiving, legal screening of business processes, open source compliance matters.
Christian has completed his legal studies in Zurich, Paris and Stanford University (CA) and earned a PhD from the University of Zurich. He gives regular presentations on current topics of his work, and occasionally publishes articles. Christian is fluent in German, English and French, and speaks Russian.
Cloud Privacy Check – Data Protection Law Made Easy
|Laux Lawyers AG, Mark Schieweck, Partner|
Mark Schieweck is a partner with LAUX LAWYERS AG and is primarily located in the Basel branch office, but he feels home in Zurich too. Mark is attorney-at-law admitted to practice in Switzerland (admitted to the bar since 1998) and advises predominantly in ICT and ICT procurement matters. Before joining LAUX LAWYERS AG, Mark worked as owner and legal counsel at SchieweckLaw AG and prior for over 14 years as Director and Senior Intellectual Property and Technology Legal Counsel with a major international bank in Zurich.
Mark advises clients regarding matters and in negotiations in all areas of information and telecommunication law, in particular in complex hard- and/or software sourcing projects, open source software, project agreements, outsourcing arrangements (Managed Services), cloud computing and all common type of agreements in the area of ICT-law and e-commerce. Mark also advises in general business and contractual legal matters as well as in entertainment law. Thanks to his many years as in-house technology counsel with a major international bank Mark brings along extensive experience regarding technology-related legal issues and contract negotiations in an international context.
Mark completed his legal studies at the University of Basel.
Mark is fluent in German (native tongue), English and Dutch and also speaks French and Italian.
License Compliance in the Cloud
This is only to name a few of the license compliance issues that sooner or later may arise when moving to the Cloud. Ultimately, it is all about being prepared – and to be prepared, it will normally make a lot of sense to, in the course of your ‘future state planning’, carry out a due diligence on your existing license and similar arrangements regarding the applications you wish to move to the Cloud.
The presentation seeks to give some guidelines on how to structure such a due diligence of your existing agreements – and what the typical contractual and license compliance issues are that you seek to identify.
|Qualys, Leif Kremkow, Director Technology|
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes.
Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange.
A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.
Cloud Services – Friend or Foe?
|Redguard AG, Sven Vetsch, Partner & Head of Security Research|
As Head of Security Research at Redguard, Sven is responsible to further improve the company’s offensive and defensive capabilities and to stay on the bleeding edge of any development regarding information security. He’s leader of the Open Web Application Security Project (OWASP) local chapter in Switzerland, a founding member of DEFCON Switzerland and was a former board member of the Information Security Society Switzerland (ISSS).
Contain All Evil – Securing your infrastructure using container technologies
If we think about virtualization, it has solved some of the problems we had in the past regarding efficiency, availability and manageability of our infrastructures but the problems mentioned before are still untouched. During the last few years, Docker made quite an impression especially within DevOps driven organizations. Docker or older projects like LXC allow you to containerize applications and services so they become isolated from the rest of the system.
So, what will this presentation be about? You’ll simply learn how containers can be used to make the life of an attacker feel like hell. Expect live demos!
|SailPoint, Michael Lang, Manager Sales Engineering|
In his current role, Michael Lang, is responsible for the technical Pre-Sales activities in EMEA at SailPoint.
Michael is working for SailPoint since 5 years. Prio to SailPoint he worked 12 years as an Identity Management Architect at Novell (now MicroFocus).
The Power of Cloud IGA
|Securosys, Robert Rogenmoser, Founder & CEO, Member of the Board of Directors
Dr Rogenmoser held several executive and engineering positions in Silicon Valley startups and public companies including SuVolta, IDT, NovaTorque, Transmeta, Broadcom, and Intel.
His experiences range from developing computer chips, to building up companies, managing large teams, and selling to customers all over the world. He has a PhD from ETH Zürich and an MBA from Santa Clara University, CA, USA.
HSM in the Cloud — Threats and Opportunities
However, there are great advantages choosing an HSM in the cloud from the right, trusted provider. Foremost, the HSM is already setup, ideally multi-site, geo-redundant to provide fail-safe access as well as multiple backups. Besides a quick start to get operation going it will also result in reduced setup and operating cost. Moreover, the IT team has not to travel to the datacenters, but, using the right provider, can perform security officer functions using two factor authentication from their offices.
In this presentation we will discuss the threats and opportunities of such an approach and demonstrate it on an explicit example.
|Swisscom, Roland Ringgenberg, Digital Architect
Roland is part of the Swisscom Cloud Team specialising in the field of Platform-as-a-Service and Cloud Native Technologies. He has a background in Digital Business Strategies, Software Engineering and Innovation and is mainly active at the interface between business and technology.
With over two decades of experience in the different fields of the modern internet Roland understands how to discover, design, build, deliver and scale digital solutions, while always ensuring a great user experience and real value for the customer.
Secure Enterprise Software Delivery in the Age of Platform-as-a-Service
At Swisscom we use an agile delivery process we call BizDevOps. Based on this process we will walk through different steps we take to develop, test and deliver Cloud Native Applications into the Swisscom Cloud (PaaS) and run them in a secure way. We will start by shortly look at our Secure Software Development Lifecycle and go through the different challenges we face to bring new software into the cloud, based on the three scenarios of a large Microservice, of using the internal Application Cloud for small Applications that need to live in more classic zone concepts, as well how we provide large, dedicated Virtual Private PaaS for demanding customers.
Finally we will look at what’s on the Roadmap of Cloud Foundry in the areas of Container to Container Networking, Volume Services and TCP Routing. If the time allows, we will also shortly touch the questions of hybrid scenarios between the Swisscom Cloud and other large cloud providers.
|Tenable Network Security, Jens Freitag, Security Specialist|
Jens Freitag is a Senior Security Specialist at Tenable Network Security and has been working in the IT industry for over twenty years.
Before Tenable he worked for security companies like Sophosand Avira. He has published numerous articles and is an experienced speaker at conferences.
The State of Security: Securing today´s elastic IT assets
This presentation will give you an overview of fresh vulnerability management approaches that give the visibility and insight to protect what matters most.
|Tufin, Pierre Visel, Director CEMEA|
Pierre is an IT-Security professional with over 20 years sales and management experience within this industry. He has worked in the past for Computacenter AG and Virtual Forge Inc. Additionally Pierre is acting as Trusted Advisor and strategy consultant for IT-Security Managers and CISOs. His main topics are ISMS, SOC, application + network security and leadership for high potentials.
Cloud and SDN concepts will raise the flexibility of modern networks extremely… but will also result in “lost of control”!
During this presentation you can see, how central policy orchestration tools will help you to fulfill compliance requirements, disburden your rare security experts and get a central overview of the important connectivity rulesets within your company network.
|Vertiv resp. Deltalis, Frank Harzheim, CEO|
Frank joined Deltalis as CEO in September 2014. Besides the strategic development and the operational business of Deltalis, he is in charge of the international positioning of Deltalis as the Swiss Hyper Secure Datacenter. Before Deltalis Frank led the EMEA Sales of Datacenter infrastructure solutions (DCIM) at Emerson Network Power and prior to that he has held various management, sales and product strategy positions with international enterprises in the telecommunications and IT solutions market.
Frank studied at the University of Applied Sciences Aachen/Germany having received a bachelor’s degree in electrical engineering in 1991 (Dipl. Ing.). Thereafter, he completed a Master’s Degree (MSc) at the faculty of economical sciences of the University Hagen with emphasis on “Intercultural Leadership”.
To develop Deltalis as the reference site for the most secure Datacenters is his commitment, customer focus and satisfaction, driven by continuous improvement is his dedication.
From Military Bunker to Weapons Grade Datacentre – a customer success story
|VSHN AG, Aarno Aukia, Co-Founder and CTO|
Aarno Aukia is Co-Founder and CTO at VSHN AG, the leading Swiss DevOps company. VSHN does software reliability engineering for operating (web-) applications on different public and private clouds and is involved on the defensive side of web application security. Before VSHN he was engaged with a managed security company and Google after his masters degree at ETH Zurich.
SecDevOps – securing DevOps
I will show examples from customer projects at VSHN.ch and use mostly open-source tools. After the talk you will be able to argue why you need automated tools and know what to look out for when deploying them.
|xorlab, Antonio Barresi, Co-Founder and CEO|
Antonio is Co-founder and CEO of xorlab, a Swiss IT security company. Before founding xorlab, he worked at the Laboratory for Software Technology (LST) at ETH Zurich on software security related topics. His research interests are software and systems security. Over the last years he has given talks at different industry and academic security conferences (e.g. 33C3, Black Hat, Hacktivity, WOOT). Before joining LST, he worked as a Software Engineer, Security Consultant, and IT Risk Officer. He holds a BSc and MSc degree in Computer Science from ETH Zurich.
Side-Channel Attacks in the Cloud
Through the adoption of cloud technologies, side-channels in cloud environments have become an area of increasing concern. Thanks to the nature of cloud technologies where resources are shared and consolidated across users and organizations the attack surface is broad and thus many side-channels exist.
This talk will give an overview of side-channel attacks in the cloud. We will look at different side-channels and their attack vectors. The goal is to get a better understanding of the side-channel threat and what that means for users and organizations relying on cloud services.