SIGS Special Event

Improving Password Security through Analytics and Quality Assurance

Click on the .ics file to save the date

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical people allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 3.75 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free parking places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 5th of December 2018
Language English
Schedule see agenda below
Participation Costs Fr. 55.— per participant
Organization, presentations, beverages and aperitif included


2:00 – 2:30 Registration & Coffee
2:30 – 2:30 Welcome & Introduction by the Moderator
2:30 – 3:15 Octav Opaschi, Senior Technical Security Consultant at Detack GmbH

Getting ahead of the attacker
How do hackers operate, how do they “land & expand”, and how can organisations create dead-ends? Octav will discuss the anatomy of a data breach, and how swift password recovery is key to most phases of a breach.

During this session, Octav will also set up a live, simulated attack job on approximately 20,000 password hashes, in a secure and tamper-proof environment. This job will run for a couple of hours, and we will collectively discuss the results, to kick start the panel session before dinner.

3:15 – 3:45 Max Meier, Senior Technical Security Architect with AXA Switzerland
Max Meier is working as Senior Technical Architect Security at AXA Switzerland. For more than 25 years his focus has been on security topics. Formerly as mainframe security engineer and head of security services. Since 2011 he is working as technical security architect.
He works regular in several projects and his core competence is identity and access management with focus on security.

In addition to his work as architect he is lecturer at Lucerne University of Applied Sciences and Arts. There he teaches in “Identity and Access Management” for master or bachelor educations in Information Security and Data Privacy Officer (DPO).

Quality assuring passwords – what this is, and how this is realised?
Max will share his experiences on the practice of password quality assurance, the process and the contribution to overall security postures.

3:45 – 4:15 Thomas Schlienger, CEO of TreeSolution Consulting

Measuring security awareness
Examining the anatomy of a data breach, Dr. Thomas Schlienger will illustrate their model for fact-based, password training, and how analytics & progress reporting, is emerging as a key element for the measurement of the impact of awareness programs, whilst, measurably improving password postures.

4:15 – 4:45 Coffee Break
4:45 – 5:15 Bert Brüderlein, Information Security Officer at LBBW Asset Management

Zero-trust for privileged accounts (in German)
Bert Brüderlein will discuss their approach to rolling out their password quality assurance program to the end users, impact measurement and how they have realised their zero-tolerance approach towards anomalous privileged credentials.

5:15 – 5:45 Tomasz Lawicki, Manager of “Stand der Technik” at TeleTrusT

“State of the Art” – technical and organisational measurement handout from TeleTrusT, the IT Security Association Germany
Tomasz Lawicki is principal consultant at Schwerhoff Consultants, Hamburg and certified witness expert for IT-applications and -systems according to ISO EN DIN 17024. He leads the working committee „state of the art“ at the IT Security Association Germany (TeleTrusT). In June 2016 the working committee published a so called handout „state of the art“ of the technical and organisational measures with the main focus on the German IT Security Act. In May this year a revised and enhanced handout “state of the art” has been published, focussing also the requirements by the European General Data Protection Regulation (GDPR).

TeleTrust as well as the handout “state of the art” are often named as the reference point for security managers and responsible for compliance with the regulations. Tomasz Lawicki will discuss the methodology used to determine the “state of the art” of the technical measures showing a pragmatic approach for organisations to evaluate their implemented measures.

5:45 – 6:30 Results from the live analysis and moderated panel discussion

6:30 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

The sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this specific platform.