SIGS Technology Conference – Threat Intel Day Speakers 2018

All presentations are held in English

Key Notes

Talos, Martin Lee, Technical Lead of Security Research
Martin is technical lead of security research within Talos, Cisco’s threat intelligence and research organization, and leads the Outreach EMEA team within the group.

As a researcher within Talos, he seeks to improve the resilience of the Internet and awareness of current threats through researching system vulnerabilities and changes in the threat landscape. With 15 years of experience within the security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the universities of Bristol, Cambridge, Paris and Oxford.

The Destructive Menace of Wiper Malware
The recent Olympic Destroyer and Nyetya (NotPetya) attacks have emphasised the destructive effects of wiper malware. Organisations need to be aware of the nature of such malware, not only because they may be targeted by such attacks, but because they may become collateral damage as part of an attack against a third party.

In this presentation I will explore how this threat has developed over time, how attacks may meet the objectives of threat actors, and how organisations need to consider their security posture in order to detect and block such attacks.

Zscaler, Bil Harmer, Strategist, Office of the CISO
Harmer has been in the IT industry for 30 years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2.

He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as a Strategist for Zscaler where he runs the Office of the CISO for the Americas.

(Details will follow)

Professional & Sponsor Presentations

Bern University of Applied Sciences, Dr. Endre Bangerter, Professor of Computer Science
Endre Bangerter is professor of computer science at the Bern University of Applied Sciences, and a lecturer at the Forensic Science Institute of the University of Lausanne.In earlier jobs, Endre has worked as a software developer, technical consultant, and researcher at IBM Global Services, IBM Research, and Accenture. He has a PhD in computer science from in the field of cryptography from the Horst Görtz Institute For II-security at the University of Bochum in Germany.

Endre heads the Security Engineering Lab (SEL, at the Bern University of Applied Sciences. The SEL is a group of researchers and practitioners. Its current research activities are in the field of intrusion forensics (e.g., memory forensics, malware analysis, custom security assessments).

Code based threat intelligence at large scale
Technical threat intelligence is currently focusing mainly on malware hashes, IP addresses, domain names, as well as host- and protocol-based IOCs.

Malware code is potentially a very rich source for threat intelligence. It contains, e.g., information on the capabilities and aims of an attacker, and also allows to correlate malware samples, and in some cases campaigns and actors by detecting code reuse. However, the underlying analysis is typically done manually, and it doesn’t scale to real world needs, where 100’000s of new malware samples are surfacing every day.

In this talk we’ll present techniques and tools for generating and analyzing code-based threat intelligence at large scale. We’ll also discuss real world applications of large scale code-based threat intel.

CyberArk, Christian Götz, Director of Presales & Professional Services DACH
Christian Goetz joined CyberArk in 2008 and is currently working as a Director of Presales DACH in Germany. During the last 18 years as a professional consultant and software engineer Christian has been focused on various topics in IT security such as data leakage prevention, web application security and intrusion prevention systems. Christian now has a specific focus on privileged account security and all related aspects of this subject. Christian holds a Diploma in Medical Informatics from the University of Heidelberg/University of Applied Sciences Heilbronn.

The threat from inside – Privileged Accounts
Privileged Accounts are often called “Keys to the Kingdom”. But why are they so valuable? Why should you pay so much attention to these accounts? And IT folks are still not paying enough attention to them?

This interactive session will draw a picture on how privileged accounts are used in common hacking techniques, how abuse of privileged accounts can be prevented and detected though and what are the real challenges controlling the use of privileged accounts today looking at the fast-paced developments in modern IT around Cloud technologies and the DevOps methodologies.

NTT Security, Steven Bullitt, Global Vice President, Threat Intelligence & Incident Response
Steven came to NTT Security with over 25 years of leadership experience in law enforcement with a versatile skill-set in information technology, computer forensics investigations, presidential protection, drug enforcement and explosive ordinance.

Prior to joining NTT Security, Steven served a 21 year term for the United States Secret Service (USSS) where he held roles of increasing responsibility. He most recently held the position of supervisor of the Dallas Field Office North Texas Electronic Crimes Task Force. In this role, Steven was responsible for overseeing all USSS cyber and criminal investigations throughout Northern Texas. Prior, Steven held the position of program manager of the USSS’s Electronic Crimes Special Agent Program where he was responsible for overseeing approximately 650 agents world-wide, specializing in the investigation of complex network intrusions and computer forensic investigation.

Steven earned his Master’s Degree in Forensic Science Computer Fraud Investigation from George Washington University.

Broaden your threat intelligence capabilities for a better threat detection and incident response
How to choose the right threat intelligence sources to create effective, actionable and profitable threat intelligence? (More details will follow)

High-Tech Bridge, Ilia Kolochenko, CEO & Founder
Ilia is a Swiss application security expert and entrepreneur. Starting his career as a penetration tester, he founded High-Tech Bridge to incarnate his application security ideas. Ilia invented the concept of hybrid security assessment for web applications that was globally launched in 2014 under ImmuniWeb® brand. Afterwards, Ilia designed and managed implementation of numerous machine learning technologies for ImmuniWeb.

Ilia holds a BS (Hons.) in Mathematics and Computer Science, and is currently performing his Master of Legal Studies degree at Washington University in St. Louis. His military service took place in Swiss artillery troops. Ilia is a contributing writer for CSO, SC Magazine UK, Dark Reading and Forbes, mainly writing about cybercrime and application security. He is also a member of the Forbes Technology Council. In 2016 he received “Forum des 100” award – 12th annual award for one hundred entrepreneurs, politicians and personalities who build the French speaking part of Switzerland. In 2017 Ilia was named a “Thought Leader” by SC Media Reboot Awards.

Application Security Strategy and AST Lifecycle
In the era of DevSecOps, CI/CD and Agile development many companies still become victims of disastrous data breaches caused by insecure applications. The presentation explains an application security strategy to reduce costs and assure holistic Application Security Testing (AST) of corporate web and mobile applications.

The talk will also encompass application inventory and discovery, vulnerability correlation, virtual patching and practical usage of Machine Learning in application security.

Qualys, Leif Kremkow, Director Technology
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes.

Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange.

A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.

Detection Tsunami – Threat Intelligence as understood by a vendor and a customer
Threat Intelligence is being advertised as the next big thing to secure your organization with. What is Threat Intelligence and what does it add to your organization?

In this short workshop you will hear a vendor’s point of view and after what another user has to say about Threat Intelligence and whether it holds it promises.

SCRT, Alain Mowat, Head of Audit Division
Alain is the head of the audit division at SCRT, a swiss-based information security company, where he has been working for the last 10 years. In this function, he strives to keep improving the quality of the security audits performed by the company, while also performing intrusion tests, social engineering attacks and giving security-related trainings.

With a high interest in web application security, he has discovered several important vulnerabilities in various high profile applications, responsibly diclosing them to get them fixed.

Why hackers keep compromising your most important assets
Be it during penetration tests or real-world attacks, hackers are often able to compromise the entirety of an information system by gaining access to “Domain Admin” privileges. This is mainly due to a shift in attack techniques that no longer require the exploitation of complex vulnerabilities but rather a combination of social engineering and legitimate Windows functionality use. Companies are often too focused on limiting perimeter breaches instead of detecting malicious internal activity which often leaves them bling to these types of attacks.

This presentation will walk through the various steps used by attackers to entirely compromise a fictitious company network by demonstrating how classic weaknesses can be combined to achieve permanent privileged access within the information system. The goal of this presentation is to highlight what the major weaknesses are and how companies can adapt to mitigate them and detect intrusions.

Tenable, Thomas Cueni, Security Specialist
Thomas Cueni joint Tenable as a Security Specialist for Switzerland and Austria. He is a cybersecurity professional with almost fifteen years of technical experience in network and endpoint security, security operations and vulnerability management.

Prior to joining Tenable he was working for FireEye and Blue Coat (now Symantec), where he was doing pre-sales for major global accounts based out of Switzerland.

Roundtable: How “The Center for Internet Security’s” Controls 1-5 Could Have Prevented Headline-Making Breaches
Most IT security professionals want to avoid the headlines, and many think it cannot happen to their organization. Yet time and time again, we see security breaches making the news at well known and well respected organizations. There are a multitude of reasons this can happen, but “not following foundational CIS Controls” should not be one of them.

In this session we’ll take a look at recent breaches at Google, Equifax and generic ransomware and show how, if they had implemented The Center for Internet Security’s Controls 1-5, these breaches would not have happened.

TriConPlus GmbH, Stefan Mausser
Stefan Mausser, managing director of TriConPlus GmbH, is a cybersecurity professional with almost fifteen years of technical experience in security operations, open source intelligence and social engineering.

He trained law enforcement, military and international organizations in investigating the deep and dark net with open source intelligence and social engineering techniques.

I know what you did last summer – on social media
How to create attack vectors against the weakest link in your company – the employee

  • Find out company structures
  • Identify spear fishing targets
  • Creating phishing attacks based on social media data
  • Identify restaurants where employees go for lunch
  • Twitter locations
  • WIFI attacks

Watchguard, Jonas Spieckermann, Senior Sales Engineer
Jonas Spieckermann is Security-Expert at WatchGuard Technologies with more than 10 years experience in Cyber-Security, concepts and solutions in protection of advanced threats and risks.

He transforms the practical approach from the vendor and reseller to the end customer needs. Before joining Watchguard in 2012, he was working for years for SIEVERS-Group, a security reseller.

GameON –Perfecting a Defensive Strategy That WINS Against Malware (incl. Live Demo)
Cyber attacks are hitting big enterprises, but small and medium companies the same way. A view on the treat landscape shows an increase of network threats and malware attacks.

A live demo will show the way how hackers exploit vulnerabilities and try to win the game, and how modern security services can protect you. Be prepared for attacks, evolve your playbook and strategy to win against Malware or Evil Twins, threats of wired and wireless networks.