Agenda

08:00 - 08:50 CEST

Login and Networking

08:50 - 09:00 CEST

Chairman's Welcome

09:00 - 09:20 CEST

► Information security ecosystem - Secure digitization with structure

Sebastian Dännart, Deputy Head of Security and Information Security Officer, Papierfabrik Louisenthal GmbH

  • How do I bring order to the jungle of security measures?
  • Security by Design also in digitization - who are my stakeholders?
  • Standard architectures as anchors in digitization
09:20 - 09:40 CEST

► Reduced risk and improved user experience for Customer Identity Access Management

Mathias Schollmeyer, CISSP, Principal Solutions Consultant, LexisNexis Risk Solutions Group

  • Create an improved, frictionless user experience
  • Control your own risk appetite
  • Increase threat detection capabilities
  • Replace traditional possession factors with passive authentication
09:40 - 10:00 CEST

The Enemy within.

Abdelkader Cornelius, Threat Intelligence Analyst, Recorded Future

Cybercrime services of all kinds are available on multiple Dark Web forums and social media channels. But did you know that you can also buy details of insiders with daily access to your critical infrastructure? In this presentations:

  • get an insight into current offers from malicious insiders
  • learn what it costs to buy or gain access through a dissatisfied employee
  • understand which are the most  affected industries
  • learn how you can track this kind of threat and be notified in real time
10:00 - 10:20 CEST

► Cybersecurity in an Automotive World

Peter Morton, Senior Cybersecurity Engineer, Mclaren Automotive

  • In-vehicle networks and their security risks: outline of a typical in-vehicle network topology.
  • Assessing the attack surface of a typical modern vehicle.
  • Examples of vehicle hacks.
  • How to improve vehicle security.
  • Incoming regulation and legislation.
10:20 - 10:50 CEST

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Effective security: Least Privilege as an important part of your PAM strategy - Mohamed Ibbich, Senior Technology Consultant, BeyondTrust
  • Internet Isolation: No Surrender to Cyber Criminals - Brett Raybould, EMEA Solutions Architect, Menlo Security
10:50 - 11:20 CEST

Refreshments and networking

11:20 - 11:40 CEST

► How to build your IT Security Taskforce

Dr. Enrico Fontan, Head of IT Operation, Repower

  • How to leverage the IT skills inside the company to create an Incident Response team
  • Understanding IT Security as Mindset
  • Developing the necessary IT skillset for a perfect team
  • Building a skillset as a team effort
11:40 - 12:00 CEST

► Check Point HARMONY is revolutionizing the protection of users, devices and access

Yves Jonczyk, Harmony Sales Expert, Check Point

  • Significantly more employees work from home and need to be protected right there
  • Attackers are adapting to the situation and targeting remote endpoints
  • IT departments are looking for consolidation and simplification due to increased complexity
  • Outlook for SASE, ZTNA and Contextualized Access in VPN-less infrastructures
12:00 - 12:20 CEST

► Ransomware in Focus: How AI Stays One Step Ahead of Attackers

Paul Fischoeder, Cyber Security Account Director, Darktrace

  • Ransomware Trends and Impact
  • Examples of sophisticated and expensive ransomware attacks
  • How self-learning AI helps companies of all industries to fight back
12:20 - 12:40 CEST

► A Peek into the E-Crime Ecosystem

Jörg Schauff, Strategic Threat Intelligence Advisor, CrowdStrike

  • Services in the Deep- and Darkweb
  • The value chain of the criminal ecosystem
  • Enhanced ransomware activities
  • The value of Threat Intelligence for security teams

 

12:40 - 13:10 CEST

 Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • Attack on Smart Buildings: How IoT means that you have to re-plan your IT security strategy - Abdullah Kartal, Account Executive, CybelAngel
  • Tackling Security in Hybrid and Multi-Cloud Environments with Confidence - Joe Partlow, CTO & Ashok Sankar, Vice President of Product Marketing, ReliaQuest
13:10 - 14:00 CEST

Lunch and networking break

14:00 - 14:20 CEST

► How to successfully rob a bank!

Kashif Husain, VP, Information Security Officer, Nomura Bank

  • The majority of crimes in our industry are initiated with cyber-attacks on people - however, our people can also be our most valuable assets
  • Walkthrough of multiple "bank robbery" scenarios to focus on a real event from 2016, where $1 billion were at stake being stolen from a bank
  • How human vigilance can counteract human error
14:20 - 14:40 CEST

► Presentation: SUNBURST - Chronology of a digital nightmare

Matthias Canisius, Regional Director DACH, SentinelOne 

  • What is known about one of the most effective cyberattacks in recent years?
  • How could it go undetected for so long despite the widespread use of Threat Intelligence and EPP / EDR solutions?
  • How can companies protect themselves effectively against such attacks?
14:40 - 15:00 CEST

► Selling Breaches: The Transfer of Network Access on Criminal Forums

Paul Prudhomme, Head of Threat Intelligence Advisory, IntSights

  • Means by which criminals transfer network access to criminal buyers, such as VPNs, web shells, or RDP credentials;
  • Typical use cases for transferring network access to other criminals, particularly the deployment of ransomware;
  • Examples of targets of and prices for network access on sale on criminal forums; and
  • Discussion of why criminals often sell their access to third parties, rather than monetizing it themselves.
15:00 - 15:30 CEST

 Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

  • Next Generation Defence: Using Hackers to Beat Hackers - Stephan Rosche, Sales Director DACH Region, Synack
  • What do over 30 antivirus scanners and "boiling water" have to do with the Zero Trust philosophy? - Robert Korherr, CEO, ProSoft GmbH & Udo Pittracher, Area Sales Director DACH, OPSWAT
15:30 - 16:00 CEST

Refreshments & networking

16:00 - 16:20 CEST

Stories from the Front lines: Negotiating with a Ransomware Criminal 

Moty Cristal, CEO, NEST, and Gal Messinger, Global Head of Security, Signify

  • Mistakes are an essential element in managing any human crisis, let alone in ransomware and cyber extortion incidents
  • Based on years of operational experience in cyber crises, and using a variety of real life examples, this session will present the common mistakes made during ransomware crises and how to prevent them
  • Hear first hand experiences in successfully negotiating with ransomware criminals 
16:20 - 16:40 CEST

► Engineering for Resilience: Cybersecurity in Infrastructure

Johannes Braams, Senior Cybersecurity Advisor, Royal Haskoning DHV

  • What is a complex system?
  • How complex is a tunnel system?
  • Resilience in the lifecycle of assets.
  • Various approaches to designing and operating complex systems.
  • Risk analysis in the light of IEC 62443.
  • Mitigating measures.
16:40 - 17:00 CEST

► Why You’re Not Making Enough Mistakes

Bruno Kalhøj, former Head of Division, Security & Safety, European Central Bank

  • Research shows that people in a High Performing Culture learn more effectively from their mistakes than from their successes
  • What are the practical steps involved in moving from a culture of blame to one of trust and transparency?
  • Case study from a central bank
17:00 CEST

Closing Remarks

17:00 - 17:30 CEST

Refreshments and networking

17:30 CEST

Conference Close

Education seminars


Internet Isolation: No Surrender to Cyber Criminals


Brett Raybould, EMEA Solutions Architect, Menlo Security

Despite the growing sophistication of cyber-attacks and new pressures of managing remote workers, cyber practitioners remain defiant in their cyber defence. No one is ready to wave a white flag. This session is designed for security professionals who are not content to maintain the cyber status quo and are exploring fundamentally different approaches such as isolation to proactively protect their users and systems.

Join this session to hear two real world case studies of organisations that have transformed risk of infection at speed and scale – outsmarting threats and promoting productivity.

What will attendees learn:

  • How to eliminate risk of infection from browser-based threats
  • How to protect users from credential theft via phishing attacks
  • How quickly isolation’s protective layer around users delivers business value

Effective security: Least Privilege as an important part of your PAM strategy


Mohamed Ibbich, Senior Technology Consultant, BeyondTrust

It is becoming more and more difficult to find a good balance of rights distribution for employees and administrators. Users as well as IT administrators should be given sufficient authorizations to carry out their work productively, while at the same time minimizing IT security risk and protecting sensitive data systems. Attackers are often one step ahead of organizations. Even those with the most comprehensive IT security systems and control mechanisms fear that an attacker could discover and exploit a vulnerability. This session explains practical tools that companies can use to implement industry-recognized best practices for endpoint privilege management and basic security controls to protect IT systems and data from the most common attacks. It contains recommendations for successfully implementing a least privilege strategy that will help you eliminate unnecessary permissions. Likewise, rights can be increased on multiple platforms and networked devices without affecting end-user productivity.

This session provides information about:

  • Recommendations for implementing basic security controls
  • Best practice examples on the subject of endpoint privilege management
  • Tips for successfully implementing a least privilege strategy (principle of least privileges)

Attack on Smart Buildings: How IoT means that you have to re-plan your IT security strategy


Abdullah Kartal, Account Executive, CybelAngel

A blast furnace shut down in a German steel mill... All production lines stopped in an American brewery... Across all industries, connected buildings are becoming prime targets for cyber-attacks. Hackers are quicker than security leaders to recognize blindspots in intertwined IT/OT/IoT environments relying on third-party providers and outsourced systems. By 2023, the financial impact of cyber-physical system attacks as a result of fatal casualties will reach over $50 billion, 10 times higher than 2013 levels of data security breaches. (Source: Gartner, 2020). Good news is, your Digital Risk Protection solution can help you secure your operations against malware and ransomware attacks on smart technologies.

  • Understand the risk landscape created by the increasing interconnection of IT, operational technology (OT) and building automation system environments.
  • Learn how to integrate third-party providers’ techs and outsourced systems into your attack surface management strategy.
  • Discover how CybelAngel can help you bridge the gap between physical security and digital risk protection.

What do over 30 antivirus scanners and "boiling water" have to do with the Zero Trust philosophy?


Robert Korherr, CEO, ProSoft GmbH & Udo Pittracher, Area Sales Director DACH, OPSWAT

We believe every file poses a threat. In this seminar, Mr. Robert Korherr (CEO, ProSoft GmbH) and Mr. Udo Pittracher (Area Sales Director DACH, OPSWAT) will give an overview of how OPSWAT's core technology counteracts this threat.

  • Advantages of antivirus multiscanning / sanitization
  • Different use cases for MetaDefender core technology
  • File upload, removable media, e-mail, and storage-security

Next Generation Defence: Using Hackers to Beat Hackers


Stephan Rosche, Sales Director DACH Region, Synack 

Modern security architectures require continuous monitoring with regard to exploitable vulnerabilities. The size of the attack surfaces, highly professional hacking tools and methods make it difficult for any security team to make a good analysis of where to prioritize the countermeasures. In this session the participants learn

  • How to quickly identify and react to risks or threats even in very agile target systems
  • How external ethical hackers can be efficiently integrated into vulnerability management.
  • How crowdsourcing contributes to the cost control and reduction of security projects

Tackling Security in Hybrid and Multi-Cloud Environments with Confidence


Joe Partlow, CTO & Ashok Sankar, Vice President of Product Marketing, ReliaQuest

With the changing face of business demands, attack surfaces, and technology innovations, cloud computing has firmly entrenched itself as the face of digital transformation in the cybersecurity industry. As organizations mature and devise strategies to adopt and migrate to the cloud, data protection, governance and customer privacy requirements among others are dictating environments that are more than homogenous but hybrid and multi-cloud.  While the cloud has many benefits, there’s also hurdles to overcome to increase cloud visibility, detect common cloud attack types and different platforms to understand. Cloud adoption is more of a journey with various stages and it is important that security is baked in considering the various nuances to help detect and prevent misconfigurations and other security threats. In this session, you’ll walk away with:

  • An overview of cloud trends and typical attack paths that you need to consider while adopting hybrid and multi-cloud strategies
  • Best practices to increase visibility across data that spans multiple cloud platforms (such as AWS, Microsoft Azure, and GCP) to reduce risk
  • Examples of how unifying existing on premise and multi-cloud technologies enables faster threat detection and response