SIGS Technology Conference – DC Day Speakers 2017

All presentations are held in English


Key Notes

Cisco, Dirk Stöckmann, Technical Solution Architect
Dirk Stöckmann joined Cisco in 2001 as a global Systems Engineer covering multi-national and global accounts. Since 2009 his work has been dedicated to Data Center technologies encompassing virtualisation, automation and Data Center fabrics. With the introduction of Cisco’s Application Centric Infrastructure (ACI), Dirk moved to the European Data Center team as an evangelist of Cisco’s Data Center vision and technology towards executives, architects and engineers. A key component of Dirk’s focus and passion is aligned with the incubation and launch of new and emerging Data Center technologies. Today, Dirk holds the position of Technical Solutions Architect within the Tetration Analytics group of Cisco’s world wide Data Center organization.

Dirk holds multiple industry certifications including CCIE (R&S) accreditation.

Impact of Digital Transformation on Data Centers and Clouds
Application Evolution drives new workload locations and impacts management & operations. A set of initiatives with use cases and a common methodology enabling organizations to clean-up and modernize datacenter and cloud infrastructure by simplifying and automate their infrastructure with full visibility and control in getting ready for the digital transformation.

Visibility across everything in your data center in real time? With hardware and software sensors we give you behavior-based application insight with deep forensics. Move to a highly secure and reliable zero-trust model. Dramatically simplify your operations. We incl. in this session a demo on Application Dependency Mapping, machine learning, behavior analyticx and automated whitelist policy generation.

Ivan Pepelnjak, Independent Network Architect &
Christer Swartz, Worldwide Consulting Engieer Data Center, Virtualization & Service Providers at Palo Alto Networks

Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.
Ivan is author of several Cisco Press books, and a series of highly successful webinars. To learn more about him, visit or read his blog at

together with

Christer Swartz has 20+ years of experience in CCIE Networking, Data Center, and Security architecture in both Enterprise and Service Provider environments. He is based in California and is responsible for driving Security integration into Data Center, Cloud, and Virtualization technology across Palo Alto Networks’s global theaters.

His background includes having been part of the original team at Cisco back in its early days, then subsequently at the European
Service Provider Swisscom, at Netflix during their Internet videostream architecture and deployment, and at Nokia, designing and
implementing large-scale Data Center, hybrid Cloud, and SDN networks.

He focuses on implementing network-based Next Generation security in evolving SDN and NFV architectures in modern Cloud architectures.

Three Geographies of IT – Silicon Valley, US and Rest-of-World
Vendors, industry media, and pundits love to tell you how everything you do is obsolete, and how you should start using next-generation (whatever it means) concepts like clouds, everything-as-a-service, and DevOps to make your business more agile.

The only problem: the people promoting new technologies or products usually never deployed them, and most everyone around you is not doing it (whatever it is). However, there are tons of large organizations using these amazing new technologies (at least according to those same vendors and pundits). How true is that? Do we really have three geographies of IT (Silicon Valley, US and rest-of-world)? Christer Swartz and Ivan Pepelnjak will discuss these challenges and try to give you a broader perspective during the DC Day keynote.

ServiceNow, Myke Lyones, Director and Head of Strategy
Myke is a Director and Head of Strategy for ServiceNow’s Security Business Unit helping larger companies better respond to imminent security incidents, quickly find indicators and observables of compromise, and effectively remediate known vulnerabilities. Myke has over 16 years experience in information technology and security.

Prior to moving to the Security Business Unit, Myke led ServiceNow’s information security group and was brought on board to help secure the cloud startup while creating a mantra of transparency. He has also held Senior Security positions at Grey Global Group, Y&R, WPP Group, and GE Capital

Build your wings before jumping into the cloud
The move to the cloud has began already some years ago, but now the acceleration of its adoption is faster and faster. Driven by agility, efficiency and competitiveness, the curve of adoption is phenomenal. Cloud initiative are even not anymore driven by IT, but by all part of the business. Business cloud services provide a real consumer experience within the organisations. Faster experience, more user friendly interface, a “like at home” feeling for the user….

However, not all clouds are the same. How to choose or even differentiate between Public, Private or Hybrid, Single or Multi Tenant. How do you know what to assess in terms of legal, compliance, security and performance.

In this session Myke Lyons will discuss best practices for acquiring cloud services like IaaS, PaaS, and IaaS.

Microsoft Switzerland, Dr. Marc Holitscher, Chief Technology Officer
Marc articulates Microsoft’s technology vision and strategy with lighthouse customers, key business decision makers and government thought-leaders. He supports customers in translating new technologies and innovations into business impact and outcomes. Top of mind are emerging
technology issues and how they relate to different aspects of the economy and society at large. Marc is a member of the board of Microsoft Switzerland.

The Intelligent Security Graph
Real cyber threat intelligence requires more data than most organizations can acquire. Global cloud providers can rely on an unparalleled body of threat intelligence created from various sources: Microsoft analyzes—over 300 billion authentications processed per month, 200 billion emails scanned for malware and phishing, and one billion Windows devices updated.

Learn in this session more about the unique insights that are generated from this vast pool of security signals through machine learning and human intelligence and how they complement traditional security solutions.



andrion AG, Aniello Bove, CEO
January 1, 2013 he joint andrion and developed andrion to a powerful Swiss consulting and project delivery firm within the Swiss financial services industry. andrion empowers their clients in their strategic initiatives to develop new innovative business. Their consultants, project managers and business analysts know Core Banking functions and Digital Banking transformation best, and do understand how to take into account Swiss Banking law. Their capability in analyzing, designing, approaching, prioritizing, planning and executing projects make them a reliable partner with an outstanding track record in various banking initiatives.

In its past, he spent amongst other things 11 years at UBS and left UBS as management member before he started his entrepreneurship as Partner and COO at INM AG. As former member of the IBM Rational Advisory Board and Go Beyond investor he supports start-ups and promising business ideas with great passion. Today he is one of the F10 mentors. F10 is a Fintech Incubator and Accelerator program sponsored by SIX that supports and guides Startups in transforming their ideas into successful companies, all the while stimulating worldwide collaboration with international finance organizations.

Main differences between Cloud Migration and Regular Migration
Modernization of IT solutions (platforms, applications, databases etc.) is an ongoing process, especially in the continuously rapid development of our IT environment. New technologies enable new business and new (regulatory) requirements force us to rethink our IT strategy.

Cloud Computing/Cloud Services offer attractive service and price models, but which are the main challenges when migrating to such solutions? Let’s first have a look to classic migration models, approaches and scenarios. What does us force to migrate? Which aspects do we need to take into consideration?

Based on a few typical examples, the difference between regular and cloud migrations will be highlighted and explained.

Bank Julius Baer & Co. Ltd, Martin Pauli-Burckhardt, Head Legal Procurement, Outsourcing & Data Privacy
Martin Pauli heads the legal team of Bank Julius Baer responsible for legal advice in the area of IT, procurement, data privacy and security, banking secrecy, regulatory outsourcing and related legal issues.

Before joining Bank Julius Baer in 2012, Martin worked for more than ten years in the legal department of a global Swiss bank in the area of Information and Communication Technology and practiced as a lawyer in a reputable international Zurich law firm.

Best Practice Cloud Computing from a bank’s perspective
Cloud services, in particular when provided in the form of Software as a Service (SaaS), imply a variety or legal, regulatory and contractual issues to be tackled.

Finding agreements on such issues are subject to constraints of, on the one hand, the applicable data protection laws and the legal and regulatory environment applying to the banking industry (especially regarding banking secrecy and outsourcing), and, on the other hand, to the cloud provider’s intention to keep its cloud system and processes standardized for all its customers.

The presentation will identify typical problems in this context regarding the financial industry and will give recommendations of what should be addressed in a cloud contract from a bank’s perspective.

Inpher, Jordan Brandt, CEO and Cofounder
As a though leader and named one of Forbes ‘Next-Gen Innovators’, Jordan’s research and insight on cybersecurity, AI and robotics has been featured in print and broadcast internationally on Bloomberg, CNBC, Forbes, Financial Times, Wired and other business and technology press.

Jordan is the former CEO and cofounder of Horizontal Systems, acquired by Autodesk (Nasdaq: ADSK) in 2011. He went on to serve as the director of Autodesk’s $100m investment fund, while also teaching and conducting research with a Consulting Professorship in Engineering at Stanford. Jordan completed his undergraduate work at the University of Kansas and received his doctorate from Harvard University.

Touch but don’t see; practical uses of encrypted computing
Computing directly on encrypted data has been a technological promise for many years that is finally becoming practical. Such advances enable secure cloud computing as the host never ‘sees’ the data nor has acces to the keys, providing a path to GDPR compliance.

Furthermore, analytics and machine learning algorithms can be run on multiple, private databases without revealing any information between the data sources. In this session you will learn about the technology that powers this new frontier and applications in the financial services industry.

iWelcome, Corné van Rooij, Vice President Product Management
Corné van Rooij is VP Product Management at iWelcome (Europe’s Identity Platform). He has been working in the Security market for more than 20 years of which the last 15 years at two well know Identity and Access Management vendors.

Corné is responsible for iWelcome’s IAM as-a-Service (IDaaS) offering and its famous Consumer-IAM (CIAM) support. Gartner and KuppingerCole analysts have recently rated iWelcome with exceptional notes for its GDPR support. Hence, he is a frequent speaker at international conferences around GDPR.

Prior to joining iWelcome, Corné worked at RSA in different management positions, leading regions (including Switzerland) and lately being their Lead Technologist for Global Accounts and Strategic Alliances in Europe. After his study in Computer Sciences at the University of Utrecht he started in consultancy for UNIX. He then quickly stepped into the more exciting world of security in which he has been constantly active since the mid 90’s.

Identity in the Cloud; IAM for the new Digital Age
Digital transformation is reshaping every aspect of today’s business and it has strong influence on how Identities are managed within organisations going forward. Identities being employees, consumers or both.

To successfully move the application landscape into the cloud, employee identities became ‘airborne’. This asks for a robust and secure IAM framework that is cloud-first while also supporting applications in existing datacenters. It’s also a balance between risk and user convenience, and more and more, user experience. The days that employees accepted ‘old fashioned’ and rigid IT solutions are far behind us, with consumerization of IT becoming such a strong factor. Add to the mix, the rise of the Mobile Workforce and new supply chain models, and it’s no doubt Identity Management needs a redesign.

To support new digital business models, consumer identities and their profile information became the new gold. And as with everything valuable, it needs to be protected well. The new EU regulation on GDPR is additionally driving strong data protection and privacy measures. Also here, user convenience and experience are key, consumers don’t accept poor digital service. It’s about finding the right balance between user convenience and staying out of the papers (breach).

The presentation will emphasize on the amount of similarities that both business trends introduce around managing identities as well as access rights. It will also cover new IAM topics like consent lifecycle management and family management.

keyon AG, René Eberhard, CEO
René G. Eberhard has more than 19 years of experience in the IT security area . He’s one of the founders of keyon and as CEO also involved in strategic security projects of major customers.

Classification and label-centric security approach in O365 – understanding the big picture
Organizations no longer operate solely within their premises. Cloud and mobility become more and more important. Data is transmitted between organizations, users, devices, and applications, regardless of their location. The challenge is to identify sensitive information and to apply the right level of control in order to maintain security and privacy of such information. Today’s security approach is to control data on premises and/or on a device. The classification and label-centric security approach applies security directly to the data itself, so that it’s always protected and identifiable, regardless of the location, device, application, or any additional security measures.

The goal of the presentation is to highlight the big picture of the classification- and label-centric security approach from an organizational view and how it can be implemented in an organization, especially in O365 and other applications.

Laux Lawyers AG, Alexander Hofmann, Partner und Co-Founder Swiss Business Innovation Club
Alexander Hofmann is a partner with LAUX LAWYERS AG. Alexander is attorney-at-law admitted to practice in Switzerland (admitted to the bar since 2007) and advises predominantly in IT and IT procurement matters with a special focus to cloud, outsourcing and fintech.

Before joining LAUX LAWYERS AG Alexander worked for more than five years as a Senior Intellectual Property and Technology Legal Counsel with a major international Swiss bank, and for seven years in a boutique-lawfirm in Zurich specializing in intellectual property, media law and general business and contract law.

Alexander is co-founder of SWISS BUSINESS INNOVATION CLUB, a meeting place for Swiss financial and insurance institutions to design new business models and ideas together with innovation partners, and advance them from mere ideas or technologies into promising business cases and minimal viable products.

Panel Discussion – Get it Right
The various aspects of cloud migrations from a legal and organizational perspective

Laux Lawyers AG, Christian Laux
Dr. Christian Laux is attorney-at-law admitted to practice in Switzerland. In his daily practice Christian focuses on IT law matters, and he has extensive experience with technology-related and e-commerce issues. Christian combines his experience both as inside counsel as well as his practice as outside counsel since many years with a passion for technology. He advises clients on all aspects of IT law: contract formation, outsourcing projects and cloud computing, electronic archiving, legal screening of business processes, open source compliance matters.

Christian has completed his legal studies in Zurich, Paris and Stanford University (CA) and earned a PhD from the University of Zurich. He gives regular presentations on current topics of his work, and occasionally publishes articles. Christian is fluent in German, English and French, and speaks Russian.

Cloud Privacy Check – Data Protection Law Made Easy
Lawyers from 32 countries have created the Cloud Privacy Check (CPC), the largest European information platform explaining data protection laws in the simplest possible terms and free of charge. The CPC makes 32 different national regulations directly comparable. Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge.
A vastly simplified approach has now been presented by Dr. Tobias Höllwarth (EuroCloud) together with LAUX LAWYERS AG and more than 40 legals from all over Europe. The website:, hosts the Cloudprivacycheck (CPC), a visual-design infographic explaining the principles of data protection regulations in 26 languages, allowing information seekers to quickly determine key aspects. The Cloud Privacy Check (CPC) is intended to simplify certain decisions and processes for most affected persons. Additionally, the Data Protection Compliance database provides highly relevant legal information for 32 countries that can easily be compared with each other.

Laux Lawyers AG, Mark Schieweck, Partner
Mark Schieweck is a partner with LAUX LAWYERS AG and is primarily located in the Basel branch office, but he feels home in Zurich too. Mark is attorney-at-law admitted to practice in Switzerland (admitted to the bar since 1998) and advises predominantly in ICT and ICT procurement matters. Before joining LAUX LAWYERS AG, Mark worked as owner and legal counsel at SchieweckLaw AG and prior for over 14 years as Director and Senior Intellectual Property and Technology Legal Counsel with a major international bank in Zurich.

Mark advises clients regarding matters and in negotiations in all areas of information and telecommunication law, in particular in complex hard- and/or software sourcing projects, open source software, project agreements, outsourcing arrangements (Managed Services), cloud computing and all common type of agreements in the area of ICT-law and e-commerce. Mark also advises in general business and contractual legal matters as well as in entertainment law. Thanks to his many years as in-house technology counsel with a major international bank Mark brings along extensive experience regarding technology-related legal issues and contract negotiations in an international context.

Mark completed his legal studies at the University of Basel.

Mark is fluent in German (native tongue), English and Dutch and also speaks French and Italian.

License Compliance in the Cloud
Are you ready to move your applications to the Cloud? You may be from a technical perspective, but are you entirely aware of the legal and license compliance issues a migration may have in the light of your existing contractual arrangements? Are you at all permitted to move a particular application to the Cloud? Are the current license metrics affected by a migration and is there a potential for additional costs?

This is only to name a few of the license compliance issues that sooner or later may arise when moving to the Cloud. Ultimately, it is all about being prepared – and to be prepared, it will normally make a lot of sense to, in the course of your ‘future state planning’, carry out a due diligence on your existing license and similar arrangements regarding the applications you wish to move to the Cloud.

The presentation seeks to give some guidelines on how to structure such a due diligence of your existing agreements – and what the typical contractual and license compliance issues are that you seek to identify.

Qualys, Leif Kremkow, Director Technology
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes.

Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange.

A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.

Cloud Services – Friend or Foe?
Leif Kremkow will show that the subject of working with or against cloud service providers cannot be placed into a polarized debate about making information systems great again. His presentation, drawn from customer testimonials, shows how companies are already capable of maximizing the advantages that cloud services offer.
Reframing the topic as one of outsourcing shows that with small adjustments and a few improvements in process quality, leveraging the cloud can be safe, secure, and profitable.

Redguard AG, Sven Vetsch, Partner & Head of Security Research
As Head of Security Research at Redguard, Sven is responsible to further improve the company’s offensive and defensive capabilities and to stay on the bleeding edge of any development regarding information security. He’s leader of the Open Web Application Security Project (OWASP) local chapter in Switzerland, a founding member of DEFCON Switzerland and was a former board member of the Information Security Society Switzerland (ISSS).

Contain All Evil – Securing your infrastructure using container technologies
In a modern IT infrastructure, it’s extremely hard to know what exactly is running on a server and monitoring those systems for anomalies or even attacks is often nearly impossible due to too much noise from standard tasks performed by the operating system or other applications.

If we think about virtualization, it has solved some of the problems we had in the past regarding efficiency, availability and manageability of our infrastructures but the problems mentioned before are still untouched. During the last few years, Docker made quite an impression especially within DevOps driven organizations. Docker or older projects like LXC allow you to containerize applications and services so they become isolated from the rest of the system.

So, what will this presentation be about? You’ll simply learn how containers can be used to make the life of an attacker feel like hell. Expect live demos!

SailPoint, Michael Lang, Manager Sales Engineering
In his current role, Michael Lang, is responsible for the technical Pre-Sales activities in EMEA at SailPoint.
Michael is working for SailPoint since 5 years. Prio to SailPoint he worked 12 years as an Identity Management Architect at Novell (now MicroFocus).

The Power of Cloud IGA
PowerUP your journey to the Cloud

As companies use more and more cloud services, and with the massive adoption of BYOD strategies the corporate security perimeter has expanded to include every employee, partner, and customer on multiple devices. These are the new network endpoints. The task of managing and governing these identities and access to resources has grown exponentially and it has become more important than ever to manage identities and account for your cloud applications as well as your on-premise applications. Using various case study’s, Tim will explain how identity and access governance will play a critical role in successful and secure adoption of cloud services and the management of this continually expanding security perimeter.

Securosys, Robert Rogenmoser, Founder & CEO, Member of the Board of Directors
Dr Rogenmoser held several executive and engineering positions in Silicon Valley startups and public companies including SuVolta, IDT, NovaTorque, Transmeta, Broadcom, and Intel.

His experiences range from developing computer chips, to building up companies, managing large teams, and selling to customers all over the world. He has a PhD from ETH Zürich and an MBA from Santa Clara University, CA, USA.

HSM in the Cloud — Threats and Opportunities
Cloud services are a blast. All servers have the same configuration and all your data is available, wherever you are, whenever. However, the drawback is that these services are operated by a third party that must be trusted. It is also a security and safety problem.
These issues are exacerbated when using hardware security module (HSM) in the cloud to store all encryption keys and to perform encryption functions as well as authentication and signing operations on it. Compared to an on-premise HSM, access latency will go up and the control over the device and security officer roles might have to be given up. Also, performance is impacted due to network and service provider availability.

However, there are great advantages choosing an HSM in the cloud from the right, trusted provider. Foremost, the HSM is already setup, ideally multi-site, geo-redundant to provide fail-safe access as well as multiple backups. Besides a quick start to get operation going it will also result in reduced setup and operating cost. Moreover, the IT team has not to travel to the datacenters, but, using the right provider, can perform security officer functions using two factor authentication from their offices.

In this presentation we will discuss the threats and opportunities of such an approach and demonstrate it on an explicit example.

Swisscom, Roland Ringgenberg, Digital Architect
Roland is part of the Swisscom Cloud Team specialising in the field of Platform-as-a-Service and Cloud Native Technologies. He has a background in Digital Business Strategies, Software Engineering and Innovation and is mainly active at the interface between business and technology.
With over two decades of experience in the different fields of the modern internet Roland understands how to discover, design, build, deliver and scale digital solutions, while always ensuring a great user experience and real value for the customer.

Secure Enterprise Software Delivery in the Age of Platform-as-a-Service
How does Swisscom integrates PaaS on the basis of Cloud Foundry for Container based Cloud Native and Microservices Architectures in a secure way. In this session we will look at different strategies how Swisscom uses Cloud Foundry to power a big SaaS, their Cloud Native PaaS, as well the Swisscom internal Application Cloud used to develop and delivery most of its new and modern digital solutions.

At Swisscom we use an agile delivery process we call BizDevOps. Based on this process we will walk through different steps we take to develop, test and deliver Cloud Native Applications into the Swisscom Cloud (PaaS) and run them in a secure way. We will start by shortly look at our Secure Software Development Lifecycle and go through the different challenges we face to bring new software into the cloud, based on the three scenarios of a large Microservice, of using the internal Application Cloud for small Applications that need to live in more classic zone concepts, as well how we provide large, dedicated Virtual Private PaaS for demanding customers.

Finally we will look at what’s on the Roadmap of Cloud Foundry in the areas of Container to Container Networking, Volume Services and TCP Routing. If the time allows, we will also shortly touch the questions of hybrid scenarios between the Swisscom Cloud and other large cloud providers.

Tenable Network Security, Jens Freitag, Security Specialist
Jens Freitag is a Senior Security Specialist at Tenable Network Security and has been working in the IT industry for over twenty years.

Before Tenable he worked for security companies like Sophosand Avira. He has published numerous articles and is an experienced speaker at conferences.

The State of Security: Securing today´s elastic IT assets
With increasing threats and a constantly changing IT landscape, it’s more challenging than ever to keep up with identifying vulnerabilities and, more importantly, fix them. As organizations embrace public cloud, mobile and DevOps, the fundamental concept of an asset changes, and radically impacts how security teams performs their jobs and interacts with the rest of the organization.

This presentation will give you an overview of fresh vulnerability management approaches that give the visibility and insight to protect what matters most.

Tufin, Pierre Visel, Director CEMEA
Pierre is an IT-Security professional with over 20 years sales and management experience within this industry. He has worked in the past for Computacenter AG and Virtual Forge Inc. Additionally Pierre is acting as Trusted Advisor and strategy consultant for IT-Security Managers and CISOs. His main topics are ISMS, SOC, application + network security and leadership for high potentials.

Cloud and SDN concepts will raise the flexibility of modern networks extremely… but will also result in “lost of control”!
Thus general policy orchestration tools get more and more important for companies to keep compliance and auditability. In our network world of raising flexibility and dynamic concepts like Cloud and SDN/SDDC are growing. If the business needs more resources or a restructure of existing resources – very interesting and helpful concepts. Regarding security, compliance and auditability these concepts are a huge problem. Can companies stay compliant and auditable within such heterogeneous traditional physical and dynamic virtual networks? Is it still possible to use one central compliance and security policy for the whole heterogeneous company network without tons of (not available) rare security experts review permanently the compliance of these general policy?

During this presentation you can see, how central policy orchestration tools will help you to fulfill compliance requirements, disburden your rare security experts and get a central overview of the important connectivity rulesets within your company network.

Vertiv resp. Deltalis, Frank Harzheim, CEO
Frank joined Deltalis as CEO in September 2014. Besides the strategic development and the operational business of Deltalis, he is in charge of the international positioning of Deltalis as the Swiss Hyper Secure Datacenter. Before Deltalis Frank led the EMEA Sales of Datacenter infrastructure solutions (DCIM) at Emerson Network Power and prior to that he has held various management, sales and product strategy positions with international enterprises in the telecommunications and IT solutions market.

Frank studied at the University of Applied Sciences Aachen/Germany having received a bachelor’s degree in electrical engineering in 1991 (Dipl. Ing.). Thereafter, he completed a Master’s Degree (MSc) at the faculty of economical sciences of the University Hagen with emphasis on “Intercultural Leadership”.

To develop Deltalis as the reference site for the most secure Datacenters is his commitment, customer focus and satisfaction, driven by continuous improvement is his dedication.

From Military Bunker to Weapons Grade Datacentre – a customer success story
Deep in a Swiss mountain could be considered a Hostile environment to have a datacentre. Not so for DELTALIS, the MSP who bring a weapons grade security and optimisation of their operation. In this presentation you will hear what were the challenges and the goals to reach, and learn more about the way to get there.

VSHN AG, Aarno Aukia, Co-Founder and CTO
Aarno Aukia is Co-Founder and CTO at VSHN AG, the leading Swiss DevOps company. VSHN does software reliability engineering for operating (web-) applications on different public and private clouds and is involved on the defensive side of web application security. Before VSHN he was engaged with a managed security company and Google after his masters degree at ETH Zurich.

SecDevOps – securing DevOps
While Developers and Operators have learned to collaborate in DevOps, both application and infrastructure security have struggled to be kept in the loop. In this talk I’ll shed some light on keeping the DevOps infrastructure (Continuous Integration/Delivery, Configuration Managment, Containers/Docker) safe and applying deployment automation to security infrastructure like web application firewalls, identity and access management, audit logging and network segmentation.

I will show examples from customer projects at and use mostly open-source tools. After the talk you will be able to argue why you need automated tools and know what to look out for when deploying them.

xorlab, Antonio Barresi, Co-Founder and CEO
Antonio is Co-founder and CEO of xorlab, a Swiss IT security company. Before founding xorlab, he worked at the Laboratory for Software Technology (LST) at ETH Zurich on software security related topics. His research interests are software and systems security. Over the last years he has given talks at different industry and academic security conferences (e.g. 33C3, Black Hat, Hacktivity, WOOT). Before joining LST, he worked as a Software Engineer, Security Consultant, and IT Risk Officer. He holds a BSc and MSc degree in Computer Science from ETH Zurich.

Side-Channel Attacks in the Cloud
Side-channel attacks are known to be a concern in implementations of cryptographic systems since decades.

Through the adoption of cloud technologies, side-channels in cloud environments have become an area of increasing concern. Thanks to the nature of cloud technologies where resources are shared and consolidated across users and organizations the attack surface is broad and thus many side-channels exist.

This talk will give an overview of side-channel attacks in the cloud. We will look at different side-channels and their attack vectors. The goal is to get a better understanding of the side-channel threat and what that means for users and organizations relying on cloud services.