Fireside Chat Fireside Chat with Paul McEwen, Global Head of Technology Services und Sir Rob Wainwright, Group CISO at UBS AG
Cyber security challenges are constantly and rapidly evolving with technological capabilities. This Fireside Chat will cover how UBS as world leading Financial Institution continually innovates to keep information security at top levels by creating and enforcing controls and standards, and by being at the forefront of leveraging new technologies to detect, mitigate and respond to cyber threats.

Panel with Rolf A. Becker, Sébastien Contreras, Agata Szmigiel and David Rosenthal
Cloud Security Alliance Leads Enterprise Authority to Operate (EATO) Working Group and Partner at VISCHER Attorneys

Certification as a Service: Trusted Controls Compliance with Reduced Cost
EATO introduces a global, trusted and independent assessment service according to the CSA’s industry leading security control framework, to provide a trusted assurance for Corporate Customers which are heavily regulated. The certification includes a controls compliance audit, resulting in guided remediation of deficiencies to achieve architectures to be compliant with the CSA information security and privacy certification schemes. This is embedded in a legal and information security governance framework for the organization to sustainably execute controls at a high level.

Digital Operational Resilience Act (DORA): topic tbd
Speaker tbd
(details will follow)

Pentesting for DORA tbd
Speaker SCRT tbd

(details will follow)

Start Part 2 - Artificial Intelligence

Lars Ruddigkeit, Thought Leader in Cloud, Data & Artificial Intelligence at Global AI Hub

Why Model Explainability is essential for Cyber Security?
Cyber security is a critical domain that relies on machine learning to detect and mitigate various threats and attacks. However, many AI/ML models are complex and opaque, making it difficult for human users, designers, and adversaries to understand their logic and reasoning.

This lack of transparency can lead to mistrust, misuse, or manipulation of the models, which can have serious consequences for cyber security. Therefore, there is a growing need for explainable AI (XAI), which aims to provide human-interpretable explanations for the predictions and decisions of AI/ML models.

We will also highlight the ethical and social implications of XAI such as privacy, fairness, accountability, and trust. We hope that this talk will inspire the cyber security community to adopt and leverage XAI techniques to enhance the effectiveness and robustness of the systems they try to protect. Furthermore, we believe Adversarial Machine Learning domain and Cyber Security domain will be converging in the future.

Yaniv Shechtman, Head of Productmanagement Threat Prevention at Check Point (Israel)

The acceleration of AI and GenAI-based attacks: ways to prevent them
(details will follow)

Martina Arioli, Attorney-at-law at Arioli Law

AI and Legal Implications
Artificial intelligence (AI) is rapidly advancing and is increasingly being integrated into various industries and aspects of our lives. Generative artificial intelligence, including large language models such as ChatGPT, are powerful new tools for individuals and businesses. They raise a number of legal and ethical issues about how data is used in AI models and how the law applies to the output of those models, such as a paragraph of text or a computer-generated image. In this presentation some of the key legal issues related to AI and the implications for businesses and individuals will be explored.

Presentation 4 - Rubrik
(details will follow - something around how Rubrik see Artificial Intelligence)

John Kindervag, Creator of Zero Trust and Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow

Win The Cyberwar With Zero Trust
Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure and making cyber attacks unsuccessful. In this session, John will discuss the concept of Zero Trust and explains why Zero Trust is the world's only true cybersecurity strategy. In 2020, President Biden issued an Executive Order mandating that all US Federal Government Agencies move towards adopting Zero Trust.

Zero Trust is both strategically resonant to the highest levels of the business but also practically and tactically implementable using commercial off-the-shelf technologies. Because Zero Trust focuses on providing granular protections around sensitive assets, this architectural model - which designs the network from the inside out - is perfectly positioned to solve the security challenges of modern critical infrastructure and IOT networks. For example, Zero Trust networks protect East-West traffic by default by enforcing micro-perimeters around critical assets or data. Therefore, internal malware propagation is stopped automatically.

Zero Trust innovations also add a layer of agility to modern networks that is impossible to achieve in traditional network designs. This means that your network can respond to the speed of business. These 21st-century networks have been adopted by large enterprises and government entities around the world.

John will explain how a Zero Trust Network Strategy will achieve tactical and operational goals that make security organizations a business enabler, not a business inhibitor.

Key Takeaways
- Zero Trust is the world’s only real cybersecurity strategy
- Zero Trust has Business Value and resonates with the highest levels of your business
- Zero Trust is Implementable Using Commercial Off-the-Technology
- Zero Trust is not risky. It augments the existing networks and enables a smooth transition from a legacy network to a Zero Trust network over time

Stefan Kopp, Senior Expert IT Security at Deutsche Telekom Security GmbH

(details will follow)

Bob Gilbert, VP GTM Strategy and Chief Evangelist at Netskope (USA)

Strengthen Your Security Program By Combining Zero Trust with SASE
The shift to the cloud, the transition to remote work, and digital transformation render legacy, datacenter-centric security architectures ineffective in defending against threats, protecting sensitive data, and ensuring that users have unfettered access to the resources they need to get their work done.

Join this session to learn about a more practical approach to security that combines Secure Access Service Edge (SASE) and zero trust principle alignment to ensure security controls follow the data and app performance follows the user.

Key topics covered:
- Introduction to SASE and Security Service Edge (SSE)
- Business value outcomes derived from SASE
- Importance of context when combining SASE with Zero Trust
- Introduction to high-impact use cases

Geriet Wendler, Solution Architect Manager at Infoblox
(details will follow - something around how Infoblox see Zero Trust and their approach to it)

Christer Swartz, Director Industry Solutions at Illumio (USA)

Zero Trust, Independent of Network Security
Zero Trust requires a security model which is independent of traditional network or cloud security models. Every workload needs to be segmented against every other workload, at any scale, and workload segments cannot rely on network segments. Workloads and networks have different security priorities, and each needs to be addressed independent of the other.

Join this session to learn how to create a Zero Trust security model without re-architecting the network.

Nikola Novoselec, Enterprise Security Architect / Head of Zero Trust Cybersecurity at Swiss Post

Zero Trust @ Swiss Post
Hands-on with the Swiss Post Zero Trust journey. Mapping the theory to practice, breaking down the complexity, figuring out where to start, how to prioritize and how to create the strategy, roadmap, and technical architecture for implementing Zero Trust.

Klaus Haller, Senior Security Architect at AXA

As enterprises move more and more workloads to the cloud, authentication mechanisms in cloud ecosystems become crucial cornerstones for every cloud security design - especially when organizations internalize zero-trust principles. So, which cloud-native options exist to protect personal, technical, and high-privileged accounts? What are the differences between IaaS, PaaS, and SaaS – and multi-cloud and hybrid cloud architectures? And finally, what are the implications of the Azure Sinigng Key Loss (Storm-0558) for IT departments? Based on his work experience with Azure and GCP as a security architect for AXA in Switzerland, Klaus gives an overview of authentication challenges and features for the public clouds.

Presentation 5 - SCRT

(details will follow - something around SCRT's view of Zero Trust and their approach to it)