Agenda

08:00 - 08:50

Registration & Networking

08:50 - 09:00

Chairperson's Welcome

09:00 - 09:20

► Securing the Digital Citizen: a public sector view

Philipp Grabher, Chief Information Security Officer, Canton of Zurich 

  • Cybersecurity Strategy for the Canton of Zurich
  • Supporting and inter-sector cooperation: raising awareness
  • The big three areas - what to focus on

 

09:20 - 09:40

► The 2022 Malware and Vulnerability Threat landscape

Julian Kanitz, Lead Sales Engineer, DACH, Recorded Future 

The presentation examines trends in Malware use, distribution, development and high-risk vulnerabilities disclosed by major hardware and software vendors in the first half of 2022.

It will cover:

  • An overview of the threat landscape of malware and vulnerabilities
  • Top referenced malware variants associated with cyberattacks
  • Top vulnerabilities associated with cyberattacks. 
  • Tips on how to to strengthen your security posture and advisement for threat hunting teams and security operations center teams
  • Outlook for the rest of 2022 based on H1 2022 observations
09:40 - 10:00

► Debunking Common Myths About XDR

Manuel Wolf, Security Expert, Alps, SentinelOne 

  • What is XDR and why should I consider the technology in my enterprise security stack? 
  • What should I expect from vendors who claim to have built the perfect mousetrap? 
  • What is reality, and what is just hype?
  • This session is intended to  debunk a few common myths that continue to muddy the water for security teams.
10:00 - 10:20

► The Vulnerability Vector: An opportunity for the hacker and a challenge for the CISO

Juan Carlos López Ruggiero, CISO, Bouygues Energies & Services  

  • Malicious actors are so much better organized (and financed) than company CISOs
  • How do we survive the threats and stay one step ahead?
  • What works and what doesn’t when facing the challenges in an ever changing scenario?
10:20 - 11:00

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Data-Centric Security for Data Protection | Every Digital Asset | Everywhere, Jasbir Singh, Partner and Managing Director Europe, Seclore Technologies
  • Staying Secure in the Midst of the Talent Crisis, Wade Lance, Field CISO, Synack

 

11:00 - 11:30

Networking Break

11:30 - 11:50

► Panel: Balancing Regulation/Compliance and Security

Tom Schmidt, Partner, EY (Moderator); Aneta Podsiadla, Data Protection & Compliance Officer, Vorwerk; Juan Carlos Lopez Ruggiero, Chief Information Security Officer, Bouygues Energies & Services;  Ralf Winzer, Group Information Security Officer / Group Data Protection Officer, Zehnder Group International AG; Olivier Busolini, CISO, Sygnum Bank; Dr. Dominik Raub, Chief Information Security Officer, Crypto Finance AG

  • How do new resilience regulations help in the battle against cybercriminals (NIS2 and DORA) and the impacts of the coming complete revamp of the FINMA 2008/21 circular for Swiss banks
  • Does cybersecurity fit naturally into the three lines of defence model?
  • Third-party dependency
11:50 - 12:10

► Distributed Cloud Services: Uniform security controls for distributed infrastructures

Andrea Arquint, Senior Solutions Engineer, F5 Switzerland GmbH

  • Distributed Cloud --> the infrastructure should become completely transparent, allowing customer to move seamlessly between environments
  • An overlay that helps improve the quality of each individual cloud, with a single, central system that interconnects them all
  • Spend less time fiddling with infrastructure
  • Release new applications faster
  • Reduce annual expenses
  • Do not limit the ability of innovators to use best-of-breed services
12:10 - 12:30

► How AI Can Think Like an Attacker

Marcel Gill, Account director and Marcel Wuestner, Account director, Darktrace 

  • In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough
  • Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised
  • Darktrace unveils an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks
  • Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization

 

12:30 - 12:50

► It’s More Than Phishing – How to Supercharge your Security Awareness Program 

Javvad Malik, Lead Security Awareness Advocate, KnowBe4

  • Why you need to brand the security department the right way
  • The psychological approach to getting your message across
  • Practical advice on building a strong security culture
12:50 - 13:30

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • Combatting the Latest Phishing Threats - Why an Adaptive Layered Defense is the ONLY Offense for Swiss Organisations, Alain Salesse, Senior Sales Engineer, Cofense
  • Adversary Driven Threat Intelligence: Understand how Cyber Deception will help your organization make intelligent business-driven decisions, Conrado Crespo, Senior Sales Engineer, CounterCraft
13:30 - 14:30

Lunch & Networking Break

14:30 - 14:50

► The Cloud Security Journey

Olivier Busolini, Chief Information Security Officer, Sygnum Bank

  • The implicit choices of starting a cloud(s) journey
  • The key cloud security risks to evaluate
  • The most important security principles and measures when running workloads in cloud(s)
  • The implications of the shared responsibility model of data protection
14:50 - 15:10

► Activating Cyber Threat Intelligence

Albert Brauchli, Country Manager Mandiant Switzerland

Mandiant responders are on the frontlines every day, investigating and analyzing the latest attacks and threats, and understanding how best to respond to and mitigate them. Everything we learn is passed on to our customers through our various services, giving them a much needed advantage in a constantly evolving threat landscape.

  • Mandiant identified Trends
  • Cyber Threat Intelligence provides tactical, operational and strategic support
  • Cyber Threat Profile 
  • Defender’s Advantage
15:10 - 15:30

► Getting out of the terminological confusion around security concepts: What is really new and relevant?

Achim Kraus, Technical Solution Architect, Gatewatcher 

  • Security Operations: latest Terminologies (SIEM, SOAR, NDR; EDR, XDR, MDR... ) - so what ?
  • Zero Trust & Attack Surface: 'Threat Hunting' - way before detection.
  • Team Efficiency will come from Integration of Data and Automation.
  • Where to Start: Levels of Maturity and Deployment
15:30 - 16:10

 Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

  • Understanding the True Threats to Identity Against the Modern Threat Actor, Florian Hartmann, Senior Sales Engineer, Crowdstrike 
  • The next class of browser-based attacks, Brett Raybould, EMEA Solutions Architect, Menlo Security
16:10 - 16:30

Networking Break

16:30 - 16:50

► Securing Client Assets – In the Context of Escalating Cyber Threat

Dr. Dominik Raub, Chief Information Security Officer, Crypto Finance AG

  • Blockchain vs classical assets from a cyber threat exposure perspective
  • Information security threat landscape and securing client assets as central protection goals for a blockchain asset company
  • Using secure hardware and sound security architecture to mitigate risks and secure client assets
  • Residual risks to client assets and further recommended defenses
16:50 - 17:30

►Senior Leadership Panel: What’s on the Horizon?  

Simon Brady, Managing Editor, AKJ Associates (Moderator); Philippe Vuilleumier, Chief Security Officer, Swisscom; Captain Patrick Ghion, Head Regional Cyber Competence Center for Western Switzerland (RC3); Klaus Haller, Senior Security Architect, AXA; Michele Federici, Head of IT Security, Dialetic AG

  • What’s on the horizon, and how to we ensure security in a complex ecosystem?    
  • How do we ensure customer trust and strive to make society more cyber immune?   
  • How do we protect artificial intelligence in the future?
  • How do we cope with the fact that computing power will put our current encryption mechanisms at risk, etc.?
17:30

Conference Close

Education seminars


The next class of browser-based attacks


Brett Raybould, EMEA Solutions Architect, Menlo Security

There are two distinct characteristics that all threat actors tend to share. First, they focus on avoiding detection by any means. Second, while some go after specific targets, many opt to aim their tactics at the vectors that will reap the greatest rewards. After all, a small pond with many fish increases everyone’s chances of success.

Between July and December 2021, there was a 224% increase in highly evasive adaptive threats (HEAT) attacks – a class of cyber threats targeting web browsers as the attack vector. While malware once had to be downloaded to pose a real risk, now, it’s a dynamically-generated threat toolkit built in the web where employees are productive.

In this session you will:

  • Discover the anatomy of recent browser-based attacks
  • Learn why network security today is broken
  • Experience a live demo that enables you to discover the technology approach proven to eliminate these threats

Adversary Driven Threat Intelligence: Understand how Cyber Deception will help your organization make intelligent business-driven decisions.


Conrado Crespo, Senior Sales Engineer, CounterCraft

Join this session to find out more on; 

  • Limited value in generic intelligence: why is the traditional threat intelligence broken?
  • Can deception technology really provide actionable intelligence? How does it work?
  • What are the risks involved in adopting this approach? 
  • Am I mature (from a security operations perspective) enough to leverage this approach?  

Understanding the True Threats to Identity Against the Modern Threat Actor


Florian Hartmann, Senior Sales Engineer, Crowdstrike 

Modern adversaries no longer break in, they login. An attacker with compromised credentials has free reign to move about an organization and carefully plan their attack before they strike.

In more than 80% of modern attacks show threat actors are using valid credentials. It's not Zero Days or Phishing that should be your concern from attackers, it's that they already have the keys to your kingdom. Join us to further understand:

  • the history of Identity and Identity architecture.
  • the Identity threat landscape
  • identity attack techniques by eCrime and Nation State actors
  • best practices for solving the identity problem

Combatting the Latest Phishing Threats - Why an Adaptive Layered Defense is the ONLY Offense for Swiss Organisations


Alain Salesse, Senior Sales Engineer, Cofense

  • What is an adaptive security architecture and what are the objectives – With so much focus on cyber-attack prevention, many security teams have adopted an incident response mindset versus one that assumes systems are compromised and require continuous monitoring and remediation. We’ll walk you through the benefits and objectives of implementing an adaptive security architecture and risk framework.
  • The current situation in email and phishing security – We’ll share some of the latest insights from the industry and what we’re seeing through our unique combination of artificial, human, and high-fidelity intelligence.
  • Implementing adaptive security architecture and risk framework with Cofense – We’ll talk through how to classify your existing and potential email security investments to increase your security posture while reducing costs, vendors, and configuration complexity.

Staying Secure in the Midst of the Talent Crisis


Wade Lance, Field CISO, Synack 

The worldwide cyber talent shortage is real and growing. Just in the US there are 1 million people employed as cyber security professionals, but over 700,000 unfilled job postings and that number is growing at an alarming rate. Globally, the gap is at least 2.7 million. Initiatives are underway to address the shortage spanning government, industry groups, and the private sector, however the short-term cybersecurity implications are alarming. The lack of skilled practitioners extends beyond the issue of headcount- deficiencies exist in capability, diversity, morale and more. But effective and innovative solutions can bridge the talent gap and address both near term and longer term needs.  In this session we will discuss:

  • Current options to increase the cyber talent capacity required to meet organizations’ current and future security needs.
  • Broadening the diversity of available security skill sets to cover the full scope of vulnerabilities for on-premise, cloud, networking, hosts, mobile, applications, etc.
  • The challenges, and importance, of establishing a continuous testing practice to keep pace with the continuous application development and deployment methodologies.
  • The advantages of leveraging a global researcher community as part of your security operations.
  • The importance of standard testing frameworks and operational transparency in leveraging untapped and available security talent

Data-Centric Security for Data Protection | Every Digital Asset | Everywhere


Jasbir Singh, Partner and Managing Director Europe, Seclore Technologies

IT environments digital borders have shifted significantly over the last years. WFH, BYOD, Cloud, Collaboration plus evolving hacker tactics and new compliance regulations are causing a lot of pressure on organizations. What should the boundaries of your IT environment look like today, with evolving technology and remote workforces?

Jasbir Singh will discuss the challenges of traditional security solutions in a world of disappearing borders and how Data-Centric-Security can address these challenges in a centralized and transparent way.

We will explore:

  • How to protect your organization against Insider Threats
  • How to ensure Secure Collaboration
  • Mitigating Third Party Risk by protecting your data everywhere
  • Data-centric security as a cornerstone to staying Compliant