Agenda

Breakfast & Networking Break

Chairman's Welcome

►Why third party risk management is much more important than you think

Guillaume de Benoit, Head of Information Security Operations, Caisse des Médecins

• Outlining the purpose, scope, and principles of your third-party risk management programme
• Establishing detailed SOPs for each stage of the third-party lifecycle
• Developing strategies for avoiding, transferring, mitigating or accepting risk
• Implementation and monitoring

►Knowing how an attacker thinks puts you one step ahead!

Dominic Haussmann, Specialist Solutions Engineer - Zero Trust, Cloudflare 

• Learn how to get on top of the different risks, and develop a holistic approach to fighting cyber-criminals.
• Understanding and Mitigating SaaS Security Risks
• Developing a Holistic Cybersecurity Strategy
• Addressing Security Gaps in the Era of Digital Transformation with SaaS

►What’s the chef doing in the treasure chamber?

Stephan Habegger, Enterprise Sales Executive, Akamai

• Network segmentation and a lack of visibility in one's own data center has long been an issue that causes annoyance and headaches in companies. For a long time, firewalls and vLANs were the inevitable approach to creating zones and thus meeting the urgent need for segmentation. As part of the digital transformation, new data center infrastructures are being created and new applications are being developed. These and other factors require a fast and flexible procedure. The options of the past are no longer up to these requirements, as they are too rigid, complicated and inflexible. 
• Let’s explore how software-based segmentation enhances visibility and flexibility, while simplifying complexity for greater ease of use.
• In this presentation, you’ll discover why entrusting the keys to the treasure chamber to the chef is a bad idea, and how this relates to securing your IT assets.
   

►Adapting Your Security Strategy with the Rise of SaaS Solutions

Hélène Mourgue d’Algue, Chief Information Officer (CIO) and Head of Information Systems & Digital Technology, City of Bienne

• Identifying the Legal Framework: Understanding the relevant laws and regulations for your information security and determining the necessary measures for compliance.
• Understanding the Shared Responsibility Model: Clarifying the division of security responsibilities between your organization and the provider.
• Managing Interfaces: Address the security aspects of interfaces and integrations with the SaaS solution.
• Integration into Security Monitoring: Ensure that the SaaS solution is fully integrated into your existing security monitoring systems for comprehensive oversight.

►Education Seminars Session 1

Delegates will be able to choose from the following education seminars:

• Why Identity Alone Is Not Enough for a Zero Trust Strategy, Frank Barthel, Manager Solutions Engineering DACH, Netskope
• Take a proactive approach to ransomware mitigation! Joël Giger, Intelligence Consultant, Recorded Future

Networking Break

►Encryption in the Cloud: Safeguard or expensive Security Theater?

Klaus Haller, Senior IT Security Architect, AXA

• Discover where clouds and workloads in the cloud apply encryption
• Uncover the power of diverse encryption approaches in mitigating real-life risks
• Understand how post-quantum impacts our cloud workloads
   

►Cyberattacks are here to stay. Are you?

Gary Adams, Solutions Consulting Manager, Rubrik

• What’s the buzz about cyber resiliency, and why does it matter in today’s digital jungle?
• How fast can your business spring back after a cyber attack?

►UTOPIA: Technology for creating private and sovereign clouds that are immune to cyber attacks 

Jan Camenisch, CTO, DFINITY Foundation

• Governments and Enterprises are under constant pressure to fortify their infrastructure against the imminent threat of cybercrime, often spending significant resources and labor in order to achieve a sense of security that may still fall short. 
• In light of this, it seems high-time to rethink the overall approach to systems infrastructure and explore how security can be more efficiently integrated into the very DNA of its architecture. Luckily, there is a better path forward: networks designed as distributed compute platforms. 
• This keynote explores UTOPIA networks as a unique approach to sovereign cloud infrastructure.

►How to Protect People and Defend Data in the Age of Generative AI

Tom Kretzschmar, Sales Engineer, Proofpoint 

• As Generative AI tools continue to evolve, both cyber criminals and your employees are using them in ways that can pose risks to your organization. Bad actors are creating more sophisticated social engineering schemes and deep fakes, and your internal users are potentially sharing sensitive corporate data. 
• In this dynamic and evolving environment, how can security teams best protect people and defend data?
• Top trends in the cyber threat landscape
• Proactive actions to protect your people against human-targeted threats
• Best practices to defend data in the new age of GenAI
   

►Education Seminars Session 2

Delegates will be able to choose from the following education seminars:

• We need to talk about security in our containerized workloads, Dieter Reuter, Solutions Engineer - NeuVector, SUSE
• It Started with a Cookie: Zero Trust & the Rise of Session Hijacking, Alfonso Hermosillo, Senior Solutions Engineer, SpyCloud

Lunch & Networking Break

►Panel discussion: Legal Requirements for Swiss Organizations within the European and Swiss Regulatory Frameworks

Juan Carlos Lopez Ruggiero, CISO, Enotrac (Moderator)
Philipp Grabher, CISO, Canton Zurich
Alga Condoleo, Attorney, Condoleo Law
Dr Michel Verde, Attorney at Law, Lustenberger + Partners

• Mandatory Legal Steps for Swiss Organizations
• Key Regulatory Frameworks
• Critical Compliance Requirements
• Impact of emerging technologies on future regulatory frameworks
• How can CISOs guard against their own liability? Is insurance a consideration?
   

►Protecting Service Accounts - Are Safeguarding Non-Human Identities with High Privileges a Luxury or a Critical Necessity?

Dr. Shahriar Daneshjoo, VP Sales - EMEA Central, Silverfort

• Why Machine-to-Machine (M2M) accounts, also known as service or non-human accounts, are so difficult to protect.
• How to automatically discover, monitor and protect every service account in your environment.
• Why the visibility and protection of service accounts have become indispensable elements of a comprehensive cybersecurity strategy.
• Which approaches currently exist to mitigate this risk and their limitations.
   

►From Risk Management to Ransomware Mitigation: Enhancing Supply Chain Security with SOCRadar

Ali Marwani, Senior Solutions Engineer, SOCRadar

• Comprehensive Third-Party Risk Management
• Proactive Monitoring and Response
• Enhancing Internal Security Protocols and Employee Awareness
• Mitigating Ransomware Threats

►Education Seminars Session 3

Delegates will be able to choose from the following education seminars:

• The attacker’s POV: How to build the right continuous threat exposure management (CTEM) program to reduce risk, Matt Baird, Lead Solutions Architect, CyberProof, a UST company
• Hunting Threats and Adversaries: News and best practices from the front lines of Cyber Defence, Philipp Wachinger, Sales Engineer, CrowdStrike
   

Networking Break

►CISO daily challenges: 

Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)  
Sandro Waelchli, CISO, Bank Avera
Hélène Mourgue d’Algue, Chief Information Officer (CIO) and Head of Information Systems & Digital Technology, City of Bienne 
Christophe Monigadon, CISO, Visana Services AG 
Richard Kearney, CISO, Octapharma
 

• What are your biggest challenges in the day-to-day battle of protecting your customers and organisation? What threats worry you the most?
• Security versus resilience: aligning security priorities with organizational objectives. How do you prioritize, and do you feel supported and heard when airing concerns?
• How do you assess and prepare for the threat of state-sponsored cyber-attacks targeting your organization? What strategies do you have in place to ensure cloud security and manage associated risks?
• In the event of a significant cyber incident, what are the key components of your incident response strategy, and how do you ensure that your organization can quickly recover and continue operations?
• With the regulatory environment continually evolving, and with new data protection laws and cybersecurity regulations being introduced, how do you ensure your organization remains compliant with both local and international regulations, and what challenges does this bring?
• What are the primary advantages you see in integrating AI into your organization's cybersecurity framework, and how have these benefits manifested so far?
• What challenges have you encountered while implementing AI-driven cybersecurity solutions, and how have you addressed these obstacles?

► LIVE DEMONSTRATION: Weaponising AI: The Deep Fake Central Banking Heist

Manit Sahib, Ethical Hacker, The Global Fund

• Overview: How AI is being weaponised in the wild for malicious activities.
• Use-Cases: How to weaponise AI for your own Offensive Operations.
• Weaponising AI for Cyber Attacks: [The Deep Fake Central Banking Heist]
• Exploring how APAC was compromised for $25M with AI and Deep fakes
• Live Demonstration: How easy is it to create a Deep Fake to steal Gold, print Money and disrupt the Global Economy?

Chairs Closing Remarks