All presentations are held in English
Prof. Dr. Igor Podebrad is Group Chief Information Security Officer and Head of Security at Commerzbank AG. In his role he’s responsible for the global and corporate-wide • Security Strategy • Security Governance as well as the correspondent Policy Framework • Security Risk Analysis Management • Technical Threat Analysis (Penetration Tests) • IT-Forensik • Security Consulting & Research • Security Logging & Monitoring respectively Security Information and Event Management • Security Enforcement & Control functionality Before Prof. Dr. Igor Podebrad has worked as an IT Security Architecture Specialist in several projects, followed by management positions in topics like IT Security Standards, Threat Analysis and Forensic as well as Threats Defense. He has a professorship for topics like IT Forensic and Cyber Crime at the University of Applied Sciences Brandenburg, owns a certificate of economic science from the University of Passau and received his doctorate from the Freie Universität Berlin.
Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source Internet software including BIND 8, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first commercial anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a breakthrough European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.
Quietly and without fanfare, a small group of powerful technology companies in Silicon Valley have insinuated themselves into the Domain Name System (DNS) resolution path, simply by providing a free service and waiting for the inevitable madness of crowds to drive traffic to that service. Since almost all Internet activities begin with a DNS transaction, this provides dangerous insight to non-contracted parties who have no limits to their use of our data. In this lecture, Dr. Vixie explains the basic technology involved, and the history of the last 15 years of surveillance capitalism's DNS agenda. The recent DNS Over HTTPS (DOH) standard will be described, and recommendations will be made for individuals, families, and businesses as to restoring and retaining control over their digital exhaust.
Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.
The MITRE ATT&CK framework has gained a lot of traction in the security community as a taxonomy and knowledge base to describe adversary behavior. However, the framework and its related tools have a much broader potential impact and scope. What's missing is a good understanding of the practical operational use cases and the supporting tools. This session will fill that gap by explaining the essence of the ATT&CK framework and its operational relevance, identifying ATT&CK use cases in prevention, detection/hunting and response and providing insight into the available tools and systems to convert ATT&CK into practice.
Jeff Hamm has been employed with Mandiant since 2010 and is a Technical Director helping improve operations and internal process in the Managed Defense services. He was formerly assigned to the Europe region, where he managed a team that conducts forensic examinations and incident response. He also works part-time as an adjunct lecturer at NTNU (Norwegian Science and Technology University) in Gjøvik, Norway since 2011. There he provides intense practical labs based on real world computer forensic incidents using both Windows and Linux servers and attacker systems. He has co-authored “Digital Forensics” edited by Andre Arnes in 2017. The book is designed for academia and practitioners. He was a Deputy with the Oakland County Sheriff’s Office in the State of Michigan, USA for over 11 years. He worked four years with the Sheriff’s Office as a Computer Crimes Detective and Forensic Examiner and three years as a first-line supervisor (Sergeant). Jeff has significant experience in the computer forensic field and obtained his CFCE (Certified Computer Forensic Examiner) in 2003. He obtained his ACE (AccessData Certified Examiner) in 2008, his EnCE (EnCase Certified Examiner) in 2010, and his GCFA (GIAC Computer Forensic Analyst) in 2010. He has been instructing in the field of computer forensics since 2004 at IACIS (The International Association of Computer Investigative Specialists).
Mandiant provides an annual report of trends that have been observed during investigations, security operation center activities, and penetration testing. The trends can provide a useful tool to assist defending against cyber threat actors. This year, trends included public attribution by governments, attacks perpetrated against third party providers, the expanse geographically of targeted threat actors, merger and acquisitions with lingering threat actors, and an increased volume of ransomware attacks. We’ll discuss these trends in more detail and will include defensive actions that can be implored or improved to assist with prevention of an attack or eradication of an attacker.
Lior Kolnik is currently Head of Security Research at Demisto, where he designs security playbooks to arm the next generation of blue teams. Before his work in the private sector, Lior served in an elite technological unit of the IDF and completed his CyberSecurity-focused M.Sc.
It is widely known that attackers automate, and defenders must automate as much as possible to respond quicker and stretch resources further - But what does this look like in practical terms?
In this session we will perform a live attack and show how the situation is reflected in both the attacker’s and defender’s points of view. We will dive into the flow and the key defensive elements. Finally, we will analyze the outcomes of the battle and review how it was impacted by the various security automations that were activated.
Nick Copeland is a systems engineer at Fidelis for 9 years, following them through DLP, Cybersecurity, Endpoint and Deception Technologies. Nick has worked on a wide range of deployments and solutions of the product including pre-sales, post-sales, installation, customisation and occasional engagements as Network SME for Incident Response.
Previous experience includes over 26 years in the networking arena and Unix systems administration, covering switch, router, firewall, IPS, load balancing and currently with APT solutions. Nick holds a BSc hons in Computer Systems and Microelectronics from Queen Mary College, University of London.
This workshop focuses on Deception as an accurate solution to detect infected assets inside the organization while reducing the overhead on the security team and proactively gathering information about the attackers. Current prevention solutions do not provide 100% prevention capabilities. On the other hand, detection solutions trigger too many events and false positive which the security team can’t manage.
In this workshop you will learn more about
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes. Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange. A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.
Joerg Prieler started his career as Test Development Manager at Schuhfried GmbH (1995-2002) and Hogrefe Verlag (2005-2009). In between he worked as a HR Manager in the petroleum industry. Since 2009 he has his own company IR&C (www.irc-consult.at) and since 2014 he is also partner of P&T Publishers (www.pt-verlag.at). He is an expert in Test theory & Special Test Developments: Using modern IRT Models for constructing: Acrophobia Test (South Africa), Gambling Detection (Novomatic, Casino Austria), Implicitly (Harvard Test Project), Quick 360 Feedback App for Seminars / Coaching (KPMG), several Ability and Personality Tests. Additionally, he is a Business Consulter, Biofeedback Therapist (HRV Measurements, Stress, EEG), Military, Clinical, Health and Work Psychologist. His company IR&C offers Activation Training (e.g. REHACOM), Video Analysis, modern Personnel selection procedures, Stress Management (Therapy of Burn Out, Mobbing…), Diagnostic (e.g. „Testing under Load “) and Training.
The „Inside Threat Risk Detection - Inventory” is an instrument to ensure early detection of potentially hazardous people (e.g. assassins or saboteurs). It can be used as part of the selection of future employees or to detect dangers in existing staff. The tool has been constructed in close collaboration with counter-terrorism forces from Germany, Austria and Switzerland and consists of 16 scales. Six scales were selected by using the assassin personality theory of Endrass (2015), 10 scales were empirically found using the knowledge of the counter-terrorism experts. Test construction was done by means of modern test theory, the test confirms to the “Rating Scale Model (Fischer, 1991)”. One special focus of the tool is the detection of actions of faking and malingering with three different methods. Traffic lights in the result document at a glance show “risk of violence”, “insider threat risk” and “tendency of aggravation”. The test is currently used by European airlines, public transport companies, police, security companies and energy provider. The tool has already been translated into various languages.
Gerald Pernack is an RSA Archer eGRC Solutions Consultant in the EMEA region. He has been helping customers to implement their business requirements in RSA Archer for more than eight years now, with a focus on optimizing and automating GRC programs to provide the maximum possible value to the business.
Before joining RSA, Gerald was an IT Security Presales Consultant at McAfee. His technical background helps him to map IT requirements to business requirements and has made him a key player in the Cyber Risk Quantification initiatives at RSA Archer.
With the constant change in technology and the rising cyber threats, organizations struggle to understand and translate cyber risks into the context of business risk. Many organizations’ current cyber risk management processes are manual, leading to disconnected efforts, ineffective controls, or lots of data with little value. The conversion of IT and security risk into the risk exposure in terms the business understands is one of the most challenging obstacles CISOs face today in terms of showing value to the organization and driving their security strategies. The goal is to translate the understanding of technical risk of the IT Security team into a risk exposure that the business understands and can act upon.
In this interactive session we will walk through a presentation to quantify a cyber risk scenario using the FAIR methodology. This will show how cyber risks can be quantified, helping you to understand what the cost of an event happening could be, whether spending money on additional controls is worth it and how to justify a budget request in a way the board will understand.
Stefan Molls is Director of Technical Account Management at Tanium, a software platform specialised in managing and securing large enterprise environments. In his current role he develops new content for Tanium and supports customers in using Tanium to its fullest possibility.
Before joining Tanium he worked at companies like ThyssenKrupp and Siemens were he specialised in Information Security, Incident Response, Forensics and Red Team assessments.
If he is not with customers, attacking or defending networks he likes to spend way too much time with certifications. Some of his certifications include: CISSP, CISA, OSCP, GXPN, GCFA, GCFE
Technical workshop - live demonstration of risk rating and threat hunting at scale
To be resilient against threats companies need full visibility and control within their environment at scale and with speed. You perform regular vulnerability checks, identify missing patches and monitor suspicious behavior. But still how do you prioritize your assets? Which vulnerability do you fix first, which system will you patch first and which compromise is the most relevant for you?
This session focuses on how you can quickly assess an attack and how to rate your assets based on different factors like lateral movement capabilities and administrative access.
Thomas Cueni joint Tenable as a Security Specialist for Switzerland and Austria. He is a cybersecurity professional with almost fifteen years of technical experience in network and endpoint security, security operations and vulnerability management. Prior to joining Tenable he was working for FireEye and Blue Coat (now Symantec), where he was doing pre-sales for major global accounts based out of Switzerland.
What if you only needed to remediate 3% of the vulnerabilities impacting your organization?
Let’s face it. When it comes to vulnerabilities, you frequently (always) have way too many to manage and remediate. That’s about to change. . . To learn why and how, attend the session “Eliminate Vulnerability Overload with Predictive Prioritization.” Topics covered will include: