7th SIGS Technology Conference 2020 – Cyber Security Day 2020

Keynotes

CyberProof, Tony Velleca, CEO

Tony is the CISO at UST Global and CEO of CyberProof, a UST Global company. As the visionary leader behind innovative cyber solutions, Tony is driving the rapid growth of CyberProof and leveraging its capabilities to keep UST Global on the forefront of security.
Tony previously co-founded and was the CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000. Before huddle247.com, he worked for Boeing (formerly McDonnell Douglas) and Rolls-Royce, Inc., where he spent most of his career in conceptual design and optimization of propulsion systems for next-generation commercial and military aircraft.
Tony holds a BS degree in Aerospace Engineering from Georgia Institute of Technology and an MBA (Honors) from University of California, Irvine.

Is AI Working? How AI is Disrupting Security Operations

Organizations across a wide range of industries are talking about increased AI adoption this year. In the world of cyber security, AI has enormous potential: It is crucial for Level 1 SOC analysts who need to enrich alerts and address the problem of “alert fatigue,” and helps Level 2 analysts in processing large quantities of data – aiding human decision-making and prioritizing next steps. Yet, there are inherent dangers in applying AI to ever-increasing fronts of activity – as AI is effective as a cyber security tool only when bots are “trained” by people with the necessary expertise.
Learning Outcomes:

  • Probe how Level 1 and Level 2 analysts can leverage AI
  • Explore “alert fatigue” and how AI contributed to the explosion of alerts SOCs handle
  • Identify limiting factors in applying AI to ever-increasing fronts of human activity
  • Understand “reinforcement learning” and why it is crucial to successful AI implementation
  • Highlight the key role of high-level cyber experts in facilitating faster detection and response

Farsight Security, Paul Vixie, CEO and Co-Founder

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source Internet software including BIND 8, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first commercial anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a breakthrough European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

Paul Vixie's session (title will follow)

Much of the spectrum of human action and human custom translates more or less obviously from the real world ("meat space") into the Internet "cyber space"). Yet, some pieces of the human puzzle do not have an obvious place in the Internet game board, and this has wrought unconsidered change to human society through its digital nervous system, the Internet. Is this merely the post-Westphalia era, or as many claim, the post-national era?
Since commercialization and privatization of the Internet first began in the 1990's, there has been a steady push to move access side DNS (called "resolution") away from customer networks and towards first ISP's and later "big tech" companies like Cisco, Google, IBM, Cloudflare, and others. What are the real motives for this trend? What are the risks and costs, and who pays them?
Special attention will be paid to the new web-based "DNS over HTTP" or "DoH" protocol now being strongly pushed by Mozilla and Cloudflare, and the even newer proposal "resolverless DNS" proposal whereby DNS content would be embedded directly in web objects, bypassing any surveillance or control infrastructure including that chosen by the user herself or her network operator, even if the network is private (that is, family or corporate).

Freddy Dezeure, Trusted Advisor, Board and Advisory Board Member in startup companies and C-Suite trainer

Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.

MITRE ATT&CK: The Sequel

MITRE ATT&CK has become very popular in the past year. This session helps you to put the Framework into practice, using realistic examples, demonstrating available community tools and showing how to use analytics to identify adversarial techniques in your network. It will also provide an example of ATT&CK based purple teaming. You will gain valuable insights and return home with useful resources.

Mandiant, Jeff Hamm, Technical Director

Jeff Hamm has been employed with Mandiant since 2010 and is a Technical Director helping improve operations and internal process in the Managed Defense services. He was formerly assigned to the Europe region, where he managed a team that conducts forensic examinations and incident response. He also works part-time as an adjunct lecturer at NTNU (Norwegian Science and Technology University) in Gjøvik, Norway since 2011. There he provides intense practical labs based on real world computer forensic incidents using both Windows and Linux servers and attacker systems. He has co-authored “Digital Forensics” edited by Andre Arnes in 2017. The book is designed for academia and practitioners. He was a Deputy with the Oakland County Sheriff’s Office in the State of Michigan, USA for over 11 years. He worked four years with the Sheriff’s Office as a Computer Crimes Detective and Forensic Examiner and three years as a first-line supervisor (Sergeant). Jeff has significant experience in the computer forensic field and obtained his CFCE (Certified Computer Forensic Examiner) in 2003. He obtained his ACE (AccessData Certified Examiner) in 2008, his EnCE (EnCase Certified Examiner) in 2010, and his GCFA (GIAC Computer Forensic Analyst) in 2010. He has been instructing in the field of computer forensics since 2004 at IACIS (The International Association of Computer Investigative Specialists).

Presentations

Cloud Security Alliance Dutch Chapter, Peter van Eijk, Board Member

Peter van Eijk is one of the world’s most experienced cloud trainers. He has developed multiple cloud courses and delivered them on many continents. In the past he has worked for Deloitte as an IT strategy and risk consultant, as a project delivery manager at EDS and Dutch Rail, as Technical Director of an Internet provider, and as a researcher and assistant professor at University of Twente, where he also received a PhD. He has also written extensively in the trade press.

CSA Training Certified Cloud Security Knowledge (CCSK)

The Certificate of Cloud Security Knowledge (CCSK) demonstrates that you have the skills and knowledge to ensure that cloud services are implemented and utilised within your organisation with the appropriate security controls in place. This includes technical as well as management and governance domains.
Further information and registration (separately) at https://www.sig-switzerland.ch/csa-ccsk/

Credit Suisse AG, Kai-Michael Schramm, IT S&A Security Architecture

Kai Schramm graduated in 2006 with Ph.D. with a focus on side channel attacks and cryptanalysis. Since then he worked in various companies, in the areas of information risk management and cyber security. Kai is working as a cyber security architect and strategist in the IT Strategy & Architecture team at Credi Suisse.

Kai has been responsible for developing an encompassing security strategy for Credit Suisse which spans all areas of security, delivering end-to-end security services that enable a resilient and safe business environment and drive innovation in line with strategic business and IT goals with a focus to protect the reputation of the CS brand and maintain client trust.

How to Develop and Execute a Security Strategy

Example of the systematic development and execution of a security strategy at CS driven by various factors such as top down strategies, capability roadmaps, internal stakeholder demand, SWOT analysis and numerous rounds of syndication and project portfolio alignment.

Freddy Dezeure, Trusted Advisor, Board and Advisory Board Member in startup companies and C-Suite trainer

Freddy Dezeure graduated from the KUL in Belgium, with a master of science in engineering in 1982. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas, in particular in information technology. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an Independent Management Consultant providing strategic advice in cybersecurity and cyber-risk management and acting as Board Member and Advisory Board Member in several high tech companies.

Workshop: Frameworks, Mappings and Metrics: Optimize Your Time as CISO or Auditor

Many organizations are already using cybersecurity frameworks like ISO 27000 or NIST CSF. However, overarching cybersecurity regulations with cross-sector compliance obligations for “critical” or “vital” infrastructure have recently been issued. This is for example the case in the EU (the NIS directive and its national transpositions and the GDPR). In addition, most organizations are also required to comply with sectoral regulatory requirements and these vary sometimes significantly by country or region. A good example is the financial sector, with myriad regulations imposing different requirements across the globe.

As a result, CISOs spend almost half of their time on compliance activities, addressing similar concerns but tailoring responses to slightly different requests from their Board, their internal auditors, external auditors, clients and regulators.

This training will provide guidance to reduce duplication of efforts and to become more effective in managing cyber-risks. Participants will learn about the recent evolution in Frameworks, Mappings between Frameworks which can be used to translate internally used models to references used by other stakeholders and Metrics allowing more control for the CISO and help him/her to report on the way risk is managed and mitigated. It will provide insights in what works in practice, by sharing real-world experience.

Further details and registration (separately) at https://www.sig-switzerland.ch/frameworks-mappings-and-metrics/

Mandiant’s Trainer

(Specific instructor bios will be provided as the event nears. All of the instructors are well-seasoned practitioners in their field and bring a plethora of knowledge to the classroom.)

Mandiant's Introduction to Cyber Crime for Executives

The Mandiant Introduction to Cyber Crime for Executives was developed to educate senior staff on cyber-crime and incident response. During the course, instructors will walk students through a scenario based on real world intrusions involving sophisticated attackers. The scenario is provided from both the attacker and victim perspectives.
Further information and registration (separately) at https://www.sig-switzerland.ch/cyber_crime/

Ted Demopoulos, Independent Consultant

Ted Demopoulos’ professional background includes over 30 years of experience in Information Security and Business, including over 25 years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other startups.

He is a frequent speaker at conferences, conventions, and other business events, author of "Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far" and two other books.

Ted conducts Leadership and Information Security Bootcamps for The SANS Institute, and is the principal of Demopoulos Associates, a consulting organization specializing in information security.

Ted's session Cyber Security Day

(details will follow)

Event Partner