As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events. Exeption in this case are Cloud Security Alliance members.
If you would like to book a room, please send us a message using the "contact us" form at the bottom of this page.
DATE & TIME
April 10th & 11th, 2024
AIRPORT TRANSFER & PARKING
There's a shuttle bus from and to the airport, but only at specific times. Parking lots at the hotel are available for free.
EUR 95.-- per day You may register for day 1, day 2 or both days
A BIG THANK YOU TO OUR SPONSORS WHO MAKE THIS PLATFORM HAPPEN!
SCHEDULE DAY 1 - ARTIFICIAL INTELLIGENCE
Registration & Welcome Coffee
Welcome Note CSA and start day 1 - Artificial Intelligence by Linda Strick, EMEA Managing Director Cloud Security Alliance
Daniele Catteddu, Chief Technology Officer at Cloud Security Alliance
The CSA AI Safety Initiative: Developing the Building Blocks for Gen-AI Service Security This presentation will introduce the recently launched CSA AI Safety Initiative, it's ambitions, goals and objectives. AI is quickly revolutionizing the world we live in, and its impact on cyber security is already evident; CSA, like several other organizations and public bodies, has started to investigate the risks, opportunities and more, in general, the cybersecurity and safety implications of Gen AI technologies.
Some key questions many stakeholders ask are: how will we govern the Gen AI services? How can we ensure that all the necessary requirements regarding bias, transparency, explainability, etc, are fulfilled? What are going to be the set of controls we need to put in place to satisfy the societal, legal and business requirements?
Creating an AI Control Framework is one of the key projects that CSA has recently kicked off, which will be discussed during the presentation.
Rob van der Veer, Senior Director at Software Improvement Group Crossing the chasm of AI engineering It is challenging for organizations to transition AI from innovative and experimental applications to more robust, maintainable , secure, and scalable systems in production. In this talk Rob discusses how he and his team wrote the new ISO/IEC 5338 standard on AI lifecycle to help apply software best practices to AI engineering. Documentation, versioning, static analysis, threat modeling, pentesting, devops, everything. In addition, Rob will discuss lessons learned from his work for ENISA, ISO and OWASPai.org on AI security, to make AI part of information security best practices as well.
Markus Luchsinger, Senior Cyber Risk Manager
What are the risks of today's modern LLMs Does ChatGPT (used as an illustrative example) introduce new Risks? Or is it just a twist of already existing ones?
In this presentation, after an overview of the risk landscape introduced by ChatGPT and an overarching consideration, the potential risks will be highlighted. These risks will be structured into the following topics: Attack Vector, Day-to-Day use, Models, and Information Security.
Raphael Zimmer, Head of Divison at Federal Office for Information Security (BSI) Security in Artificial Intelligence In this talk, we’ll provide an overview of the latest advancements in security research for generative AI models, with a focus on text and image domains.
The field is rapidly evolving and expanding, making it challenging for individuals to keep up with all significant developments. We will dive into some selected key findings from recent research and discuss their potential impacts as well as possible countermeasures.
Frank Schwaak, Field CTO EMEA at Rubrik
Beyond the Horizon: Exploring AI's Role in the future of Cybersecurity and Cyber Resilience (details will follow)
Lars Ruddigkeit, Thought Leader in Cloud, Data & Artificial Intelligence at Global AI Hub
Why Model Explainability is essential for Cyber Security? Cyber security is a critical domain that relies on machine learning to detect and mitigate various threats and attacks. However, many AI/ML models are complex and opaque, making it difficult for human users, designers, and adversaries to understand their logic and reasoning.
This lack of transparency can lead to mistrust, misuse, or manipulation of the models, which can have serious consequences for cyber security. Therefore, there is a growing need for explainable AI (XAI), which aims to provide human-interpretable explanations for the predictions and decisions of AI/ML models.
We will also highlight the ethical and social implications of XAI such as privacy, fairness, accountability, and trust. We hope that this talk will inspire the cyber security community to adopt and leverage XAI techniques to enhance the effectiveness and robustness of the systems they try to protect. Furthermore, we believe Adversarial Machine Learning domain and Cyber Security domain will be converging in the future.
Beat Büsser, Senior Research Scientist at IBM Research
Security of LLMs: Towards Detecting, Proving and Preventing Attacks Adversarial attacks on Large Language Models (LLMs) are a serious threat against the security, privacy, and trustworthiness of these models and their data. These attacks can affect anybody creating, operating, or interacting with LLMs and the adversary’s goal can include for example creating chaos, extracting private information, or taking control of applications based on LLMs.
This talk will introduce and compare the current state-of-the-art methods for detecting or mitigating such adversarial interactions with LLMs in different threat scenarios. These approaches will be compared with so far better understood, related approaches for adversarial robustness of AI in the vision domain and of traditional machine learning models. Analysing the differences and similarities of adversarial robustness of LLMs with previously studied approaches will allow this talk to conclude with an outlook towards the requirements for safe application of LLMs and discuss open research questions around their defence and security.
Martina Arioli, Attorney-at-law at Arioli Law
AI and Legal Implications Artificial intelligence (AI) is rapidly advancing and is increasingly being integrated into various industries and aspects of our lives. Generative artificial intelligence, including large language models such as ChatGPT, are powerful new tools for individuals and businesses. They raise a number of legal and ethical issues about how data is used in AI models and how the law applies to the output of those models, such as a paragraph of text or a computer-generated image. In this presentation some of the key legal issues related to AI and the implications for businesses and individuals will be explored.
Apéro Riche incl. Networking and Know How Sharing
SCHEDULE DAY 2 - ZERO TRUST
Registration & Welcome Coffee
Welcome Note CSA and start day 2 by Linda Strick, EMEA Managing Director Cloud Security Alliance
John Kindervag, Creator of Zero Trust and Chief Evangelist at Illumio
Win The Cyberwar With Zero Trust Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure and making cyber attacks unsuccessful. In this session, John will discuss the concept of Zero Trust and explains why Zero Trust is the world's only true cybersecurity strategy. In 2020, President Biden issued an Executive Order mandating that all US Federal Government Agencies move towards adopting Zero Trust.
Zero Trust is both strategically resonant to the highest levels of the business but also practically and tactically implementable using commercial off-the-shelf technologies. Because Zero Trust focuses on providing granular protections around sensitive assets, this architectural model - which designs the network from the inside out - is perfectly positioned to solve the security challenges of modern critical infrastructure and IOT networks. For example, Zero Trust networks protect East-West traffic by default by enforcing micro-perimeters around critical assets or data. Therefore, internal malware propagation is stopped automatically.
Zero Trust innovations also add a layer of agility to modern networks that is impossible to achieve in traditional network designs. This means that your network can respond to the speed of business. These 21st-century networks have been adopted by large enterprises and government entities around the world.
John will explain how a Zero Trust Network Strategy will achieve tactical and operational goals that make security organizations a business enabler, not a business inhibitor.
Key Takeaways - Zero Trust is the world’s only real cybersecurity strategy - Zero Trust has Business Value and resonates with the highest levels of your business - Zero Trust is Implementable Using Commercial Off-the-Technology - Zero Trust is not risky. It augments the existing networks and enables a smooth transition from a legacy network to a Zero Trust network over time
Reto Zeidler, Head of Cyber Security / Member of the Strategic Leadership Team at Inventx AG
Zero Trust: Revolution oder Evolution? More and more organization are setting Zero-Trust on the agenda and vendors are pushing the term to its limits. But even among security professionals, there seems often to be a lack of consent about what Zero Trust exactly is.
Let’s go behind the hype and elaborate what Zero Trust is and isn’t, what IT- and Security decision makers can expect from zero-trust and what needs to be considered for a successful zero trust journey.
Bob Gilbert, VP GTM Strategy and Chief Evangelist at Netskope (USA)
Strengthen Your Security Program By Combining Zero Trust with SASE The shift to the cloud, the transition to remote work, and digital transformation render legacy, datacenter-centric security architectures ineffective in defending against threats, protecting sensitive data, and ensuring that users have unfettered access to the resources they need to get their work done.
Join this session to learn about a more practical approach to security that combines Secure Access Service Edge (SASE) and zero trust principle alignment to ensure security controls follow the data and app performance follows the user.
Key topics covered: - Introduction to SASE and Security Service Edge (SSE) - Business value outcomes derived from SASE - Importance of context when combining SASE with Zero Trust - Introduction to high-impact use cases
Geriet Wendler, Solution Architect Manager at Infoblox We are focus on the role of DNS in the Zero Trust framework. We explore how DNS not only acts as a critical point in network communication and security but also presents unique challenges and opportunities within Zero Trust. The session covers the strategic use of Protective DNS for enhanced network visibility, proactive threat detection, and robust access control.
Key Takeaways: - DNS and Zero Trust: DNS is essential for implementing Zero Trust security. - Security Challenges: Addressing DNS vulnerabilities is crucial in a Zero Trust framework. - Threat Detection: DNS plays a key role in detecting threats early.
Christer Swartz, Director Industry Solutions at Illumio (USA) Zero Trust, Independent of Network Security Zero Trust requires a security model which is independent of traditional network or cloud security models. Every workload needs to be segmented against every other workload, at any scale, and workload segments cannot rely on network segments. Workloads and networks have different security priorities, and each needs to be addressed independent of the other.
Join this session to learn how to create a Zero Trust security model without re-architecting the network.
Nikola Novoselec, Enterprise Security Architect / Head of Zero Trust Cybersecurity at Swiss Post
Zero Trust @ Swiss Post Hands-on with the Swiss Post Zero Trust journey. Mapping the theory to practice, breaking down the complexity, figuring out where to start, how to prioritize and how to create the strategy, roadmap, and technical architecture for implementing Zero Trust.
Klaus Haller, Senior Security Architect at AXA
Protecting User and Technical Accounts in the Public Clouds
As enterprises move more and more workloads to the cloud, authentication mechanisms in cloud ecosystems become crucial cornerstones for every cloud security design - especially when organizations internalize zero-trust principles. So, which cloud-native options exist to protect personal, technical, and high-privileged accounts? What are the differences between IaaS, PaaS, and SaaS – and multi-cloud and hybrid cloud architectures? And finally, what are the implications of the Azure Sinigng Key Loss (Storm-0558) for IT departments? Based on his work experience with Azure and GCP as a security architect for AXA in Switzerland, Klaus gives an overview of authentication challenges and features for the public clouds.
Erik Faassen, Principal Architect Zero Trust & SASE - Director at Palo Alto Networks
Unwrapping and Wrapping up Zero Trust This talk will be an extract of perspectives and insights gathered from orgnizations around the globe that are leveraging Zero Trust throughout their daily businesses.
We will dive into what Zero Trust really is, the forces that opposes and the forces that assists. The talk will expand beyond technology - however it also shows the importance of technology decisions in a Zero Trust approach.
The five cyberforces or opposers?
Zero Trust goes beyond technology
Why Zero Trust should be an enabler to your business
Panel Discussion moderated by John Kindervag
End of the Event
Contributors & Moderators
Below you will find our contributors and speakers to whom we say a big thank you !