Agenda

08:00 - 08:50

Breakfast & Networking Break

08:50 - 09:00

Chairman's Welcome

09:00 - 09:20

►Why third party risk management is much more important than you think

Guillaume de Benoit, Head of Information Security Operations, Caisse des Médecins

  • Outlining the purpose, scope, and principles of your third-party risk management programme
  • Establishing detailed SOPs for each stage of the third-party lifecycle
  • Developing strategies for avoiding, transferring, mitigating or accepting risk
  • Implementation and monitoring
09:20 - 09:40

►Knowing how an attacker thinks puts you one step ahead!

Dominic Haussmann, Specialist Solutions Engineer - Zero Trust, Cloudflare 

  • Learn how to get on top of the different risks, and develop a holistic approach to fighting cyber-criminals.
  • Understanding and Mitigating SaaS Security Risks
  • Developing a Holistic Cybersecurity Strategy
  • Addressing Security Gaps in the Era of Digital Transformation with SaaS
09:40 - 10:00

►What’s the chef doing in the treasure chamber?

Stephan Habegger, Enterprise Sales Executive, Akamai

  • Network segmentation and a lack of visibility in one's own data center has long been an issue that causes annoyance and headaches in companies. For a long time, firewalls and vLANs were the inevitable approach to creating zones and thus meeting the urgent need for segmentation. As part of the digital transformation, new data center infrastructures are being created and new applications are being developed. These and other factors require a fast and flexible procedure. The options of the past are no longer up to these requirements, as they are too rigid, complicated and inflexible. 
  • Let’s explore how software-based segmentation enhances visibility and flexibility, while simplifying complexity for greater ease of use.
  • In this presentation, you’ll discover why entrusting the keys to the treasure chamber to the chef is a bad idea, and how this relates to securing your IT assets.
     
10:00 - 10:20

►Adapting Your Security Strategy with the Rise of SaaS Solutions

Hélène Mourgue d’Algue, Chief Information Officer (CIO) and Head of Information Systems & Digital Technology, City of Bienne

  • Identifying the Legal Framework: Understanding the relevant laws and regulations for your information security and determining the necessary measures for compliance.
  • Understanding the Shared Responsibility Model: Clarifying the division of security responsibilities between your organization and the provider.
  • Managing Interfaces: Address the security aspects of interfaces and integrations with the SaaS solution.
  • Integration into Security Monitoring: Ensure that the SaaS solution is fully integrated into your existing security monitoring systems for comprehensive oversight.
10:20 - 11:00

►Education Seminars Session 1

Delegates will be able to choose from the following education seminars:

  • Why Identity Alone Is Not Enough for a Zero Trust Strategy, Frank Barthel, Manager Solutions Engineering DACH, Netskope
  • Take a proactive approach to ransomware mitigation! Joël Giger, Intelligence Consultant, Recorded Future
11:00 - 11:30

Networking Break

11:30 - 11:50

►Encryption in the Cloud: Safeguard or expensive Security Theater?

Klaus Haller, Senior IT Security Architect, AXA

  • Discover where clouds and workloads in the cloud apply encryption
  • Uncover the power of diverse encryption approaches in mitigating real-life risks
  • Understand how post-quantum impacts our cloud workloads
     
11:50 - 12:10

►Cyberattacks are here to stay. Are you?

Gary Adams, Solutions Consulting Manager, Rubrik

  • What’s the buzz about cyber resiliency, and why does it matter in today’s digital jungle?
  • How fast can your business spring back after a cyber attack?
12:10 - 12:30

►UTOPIA: Technology for creating private and sovereign clouds that are immune to cyber attacks 

Jan Camenisch, CTO, DFINITY Foundation

  • Governments and Enterprises are under constant pressure to fortify their infrastructure against the imminent threat of cybercrime, often spending significant resources and labor in order to achieve a sense of security that may still fall short. 
  • In light of this, it seems high-time to rethink the overall approach to systems infrastructure and explore how security can be more efficiently integrated into the very DNA of its architecture. Luckily, there is a better path forward: networks designed as distributed compute platforms. 
  • This keynote explores UTOPIA networks as a unique approach to sovereign cloud infrastructure.
12:30 - 12:50

►How to Protect People and Defend Data in the Age of Generative AI

Tom Kretzschmar, Sales Engineer, Proofpoint 

  • As Generative AI tools continue to evolve, both cyber criminals and your employees are using them in ways that can pose risks to your organization. Bad actors are creating more sophisticated social engineering schemes and deep fakes, and your internal users are potentially sharing sensitive corporate data. 
  • In this dynamic and evolving environment, how can security teams best protect people and defend data?
  • Top trends in the cyber threat landscape
  • Proactive actions to protect your people against human-targeted threats
  • Best practices to defend data in the new age of GenAI
     
12:50 - 13:30

►Education Seminars Session 2

Delegates will be able to choose from the following education seminars:

  • We need to talk about security in our containerized workloads, Dieter Reuter, Solutions Engineer - NeuVector, SUSE
  • It Started with a Cookie: Zero Trust & the Rise of Session Hijacking, Alfonso Hermosillo, Senior Solutions Engineer, SpyCloud
13:30 - 14:30

Lunch & Networking Break

14:30 - 15:00

►Panel discussion: Legal Requirements for Swiss Organizations within the European and Swiss Regulatory Frameworks

Juan Carlos Lopez Ruggiero, CISO, Enotrac (Moderator)
Philipp Grabher, CISO, Canton Zurich
Alga Condoleo, Attorney, Condoleo Law
Dr Michel Verde, Attorney at Law, Lustenberger + Partners

  • Mandatory Legal Steps for Swiss Organizations
  • Key Regulatory Frameworks
  • Critical Compliance Requirements
  • Impact of emerging technologies on future regulatory frameworks
  • How can CISOs guard against their own liability? Is insurance a consideration?
     
15:00 - 15:20

►Protecting Service Accounts - Are Safeguarding Non-Human Identities with High Privileges a Luxury or a Critical Necessity?

Dr. Shahriar Daneshjoo, VP Sales - EMEA Central, Silverfort

  • Why Machine-to-Machine (M2M) accounts, also known as service or non-human accounts, are so difficult to protect.
  • How to automatically discover, monitor and protect every service account in your environment.
  • Why the visibility and protection of service accounts have become indispensable elements of a comprehensive cybersecurity strategy.
  • Which approaches currently exist to mitigate this risk and their limitations.
     
15:20 - 15:40

►From Risk Management to Ransomware Mitigation: Enhancing Supply Chain Security with SOCRadar

Ali Marwani, Senior Solutions Engineer, SOCRadar

  • Comprehensive Third-Party Risk Management
  • Proactive Monitoring and Response
  • Enhancing Internal Security Protocols and Employee Awareness
  • Mitigating Ransomware Threats
15:40 - 16:20

►Education Seminars Session 3

Delegates will be able to choose from the following education seminars:

  • The attacker’s POV: How to build the right continuous threat exposure management (CTEM) program to reduce risk, Matt Baird, Lead Solutions Architect, CyberProof, a UST company
  • Hunting Threats and Adversaries: News and best practices from the front lines of Cyber Defence, Philipp Wachinger, Sales Engineer, CrowdStrike
     
16:20 - 16:40

Networking Break

16:40 - 17:10

►CISO daily challenges: 

Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)  
Sandro Waelchli, CISO, Bank Avera
Hélène Mourgue d’Algue, Chief Information Officer (CIO) and Head of Information Systems & Digital Technology, City of Bienne 
Christophe Monigadon, CISO, Visana Services AG 
Richard Kearney, CISO, Octapharma
 

  • What are your biggest challenges in the day-to-day battle of protecting your customers and organisation? What threats worry you the most?
  • Security versus resilience: aligning security priorities with organizational objectives. How do you prioritize, and do you feel supported and heard when airing concerns?
  • How do you assess and prepare for the threat of state-sponsored cyber-attacks targeting your organization? What strategies do you have in place to ensure cloud security and manage associated risks?
  • In the event of a significant cyber incident, what are the key components of your incident response strategy, and how do you ensure that your organization can quickly recover and continue operations?
  • With the regulatory environment continually evolving, and with new data protection laws and cybersecurity regulations being introduced, how do you ensure your organization remains compliant with both local and international regulations, and what challenges does this bring?
  • What are the primary advantages you see in integrating AI into your organization's cybersecurity framework, and how have these benefits manifested so far?
  • What challenges have you encountered while implementing AI-driven cybersecurity solutions, and how have you addressed these obstacles?
17:10 - 17:30

► LIVE DEMONSTRATION: Weaponising AI: The Deep Fake Central Banking Heist

Manit Sahib, Ethical Hacker, The Global Fund

  • Overview: How AI is being weaponised in the wild for malicious activities.
  • Use-Cases: How to weaponise AI for your own Offensive Operations.
  • Weaponising AI for Cyber Attacks: [The Deep Fake Central Banking Heist]
  • Exploring how APAC was compromised for $25M with AI and Deep fakes
  • Live Demonstration: How easy is it to create a Deep Fake to steal Gold, print Money and disrupt the Global Economy?
17:30 - 17:35

Chairs Closing Remarks 

Education seminars


We need to talk about security in our containerized workloads


Jain Joseph, Solutions Architect, SUSE

In this session you will learn how you can secure your container workloads with modern security tools that give you peace of mind. Let's also talk about Zero Trust and why it is so important.

Attendees will learn:

  • Why our standard tools are not enough
  • Containerized workloads and security concerns
  • Protecting your modern workloads 

 


Why Identity Alone Is Not Enough for a Zero Trust Strategy


Frank Barthel, Manager Solutions Engineering DACH, Netskope

  • The new reality of living in a hyperconnected online world requires a new approach to security, where multiple elements must be taken into account, besides simply blocking/allowing access to a specific service or the user identity to enforcing granular permissions.
  • Learn why the context is important to enforce a granular and effective security policy.
  • Discover which are the elements that must be considered, besides identity, to adopt an effective zero trust strategy
  • Understand how the different security controls, such as data protection, threat protection, behaviour analytics, cooperate to protect the modern enterprise.
     

It Started with a Cookie: Zero Trust and the Rise of Session Hijacking


Mandeep Sandhu, Systems Engineering and Investigations Manager, EMEA, SpyCloud 
Neill Cooper, Vice President of EMEA, SpyCloud

Learn how to go beyond traditional credential monitoring and implement continuous Zero Trust using enriched cybercrime telemetry

Attendees will learn:

  • What security teams can learn from recent high-profile breaches where cybercriminals leveraged stolen session cookies in targeted attacks
  • Why it’s important to feed your Zero Trust policy engine with cybercrime telemetry for continuous exposure monitoring and reduced risk of session hijacking
  • How cybercrime telemetry aligns with popular compliance and risk management frameworks, including DORA, NIS2, and NIST CSF
  • How SpyCloud integrates with your existing security tools for automated identity exposure remediation

The attacker’s POV: How to build the right continuous threat exposure management (CTEM) program to reduce risk


Matt Baird, Lead Solutions Architect, CyberProof, a UST company

Today’s cybersecurity leaders are under constant pressure to demonstrate their ability to manage risks effectively. With threats constantly evolving, companies need dynamic strategies to mitigate risks, especially in the cloud. This session will explore how CISOs can use Cyber Threat Exposure Management (CTEM) to stay ahead of threats and maintain strong security by analysing attack methods and threat actor behaviour. 
The only way security practitioners can effectively manage the ever-changing threat landscape and maximize defensive strategies is by leveraging automation, orchestration, and continuous, evidence-based validation of the tools and technologies deployed in their enterprise environment. Effective threat management must be an ongoing, continuous, and integrated service, not just a one-time analysis or isolated mitigation effort.

Attendees will learn:  

Generating an effective organizational threat profile  
•    Identifying the threat actors and adversarial TTPs that pose the greatest risk to your organization  
•    Understanding the business and security risks of threat exposure 
•    Gathering meaningful metrics to develop the business case for enhanced cybersecurity  
•    Developing a threat management program that is continuous, efficient, and proactive 
 


Take a proactive approach to ransomware mitigation!


Joël Giger, Intelligence Consultant, Recorded Future

With its staggering rise in attacks and its devastating consequences, ransomware is no longer just a security problem; it is now a business problem and needs a proactive approach.

Attendees will learn:  

  • Recent trends in ransomware activity across the region
  • How intelligence can help prevent or mitigate ransomware attacks
  • How monitoring ransomware leak sites can provide an early warning of potential data leakage 
  • Why a holistic approach is required to meet the challenges

Hunting Threats and Adversaries: News and best practices from the front lines of Cyber Defense


Philipp Wachinger, Sales Engineer, CrowdStrike

  • Find out about significant adversary activity and their preferred targets and attack vectors in the last 12 months
  • Learn about and from real incidents observed by CrowdStrike’s Counter-Adversary-Operations Team
  • Take away practical insights in how you can protect against modern adversaries and their TTPs.
  • Never forget the 5 key steps to be prepared