CSA & SIGS Special Event

Insights into Zero Trust and 
Unpacking Trends in AI

Join us (in-person) on April 10th and/or 11th, 2024 and earn to 12 CPEs


(registration will be closed April 5th, 2024 - seats are limited)
Very happy to present a joint event with Cloud Security Alliance, great speakers from around the world and hot topics!

In addition we proudly present a 

CCSK 1-Day Classroom Training incl. Certification

and a great workshop:

April 12th, 2024:
Zero TrustWorkshop with John Kindervag - the creator himself!


Looking forward to see you there or at another possibility (check at https://www.sig-switzerland.ch/upcoming-events/)

CSA & SIGS




As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events. Exeption in this case are Cloud Security Alliance members.
Organizer



Location
Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg

If you would like to book a room, please send us a message using the "contact us" form at the bottom of this page.

DATE & TIME
April 10th & 11th, 2024
AIRPORT TRANSFER & PARKING
There's a shuttle bus from and to the airport, but only at specific times.
Parking lots at the hotel are available for free.

Participation Fee
EUR 95.-- per day
You may register for day 1, day 2 or both days
A BIG THANK YOU TO OUR SPONSORS WHO
MAKE THIS PLATFORM HAPPEN!
SCHEDULE DAY 1 - ARTIFICIAL INTELLIGENCE
09:30 Am
Registration & Welcome Coffee
10:00 AM
Welcome Note CSA and start day 1 - Artificial Intelligence by Linda Strick, EMEA Managing Director Cloud Security Alliance
10:10 AM
Daniele Catteddu, Chief Technology Officer at Cloud Security Alliance

The CSA AI Safety Initiative: Developing the Building Blocks for Gen-AI Service Security
This presentation will introduce the recently launched CSA AI Safety Initiative, it's ambitions, goals and objectives.
AI is quickly revolutionizing the world we live in, and its impact on cyber security is already evident; CSA, like several other organizations and public bodies, has started to investigate the risks, opportunities and more, in general, the cybersecurity and safety implications of Gen AI technologies.

Some key questions many stakeholders ask are: how will we govern the Gen AI services? How can we ensure that all the necessary requirements regarding bias, transparency, explainability, etc, are fulfilled? What are going to be the set of controls we need to put in place to satisfy the societal, legal and business requirements?

Creating an AI Control Framework is one of the key projects that CSA has recently kicked off, which will be discussed during the presentation.
10:50 AM
Rob van der Veer, Senior Director at Software Improvement Group

Crossing the chasm of AI engineering

It is challenging for organizations to transition AI from innovative and experimental applications to more robust, maintainable , secure, and scalable systems in production. In this talk Rob discusses how he and his team wrote the new ISO/IEC 5338 standard on AI lifecycle to help apply software best practices to AI engineering. Documentation, versioning, static analysis, threat modeling, pentesting, devops, everything. In addition, Rob will discuss lessons learned from his work for ENISA, ISO and OWASPai.org on AI security, to make AI part of information security best practices as well.
11:30 AM
Markus Luchsinger, Senior Cyber Risk Manager

What are the risks of today's modern LLMs
Does ChatGPT (used as an illustrative example) introduce new Risks? Or is it just a twist of already existing ones?

In this presentation, after an overview of the risk landscape introduced by ChatGPT and an overarching consideration, the potential risks will be highlighted. These risks will be structured into the following topics: Attack Vector, Day-to-Day use, Models, and Information Security.
12:00 AM
Raphael Zimmer, Head of Divison at Federal Office for Information Security (BSI)

Security in Artificial Intelligence
In this talk, we’ll provide an overview of the latest advancements in security research for generative AI models, with a focus on text and image domains.

The field is rapidly evolving and expanding, making it challenging for individuals to keep up with all significant developments. We will dive into some selected key findings from recent research and discuss their potential impacts as well as possible countermeasures.
12:40 PM
Lunch
02:00 PM
Frank Schwaak, Field CTO EMEA at Rubrik

Beyond the Horizon: Exploring AI's Role in the future of Cybersecurity and Cyber Resilience
(details will follow)
02:30 PM
Lars Ruddigkeit, Thought Leader in Cloud, Data & Artificial Intelligence at Global AI Hub

Why Model Explainability is essential for Cyber Security?
Cyber security is a critical domain that relies on machine learning to detect and mitigate various threats and attacks. However, many AI/ML models are complex and opaque, making it difficult for human users, designers, and adversaries to understand their logic and reasoning.

This lack of transparency can lead to mistrust, misuse, or manipulation of the models, which can have serious consequences for cyber security. Therefore, there is a growing need for explainable AI (XAI), which aims to provide human-interpretable explanations for the predictions and decisions of AI/ML models.

We will also highlight the ethical and social implications of XAI such as privacy, fairness, accountability, and trust. We hope that this talk will inspire the cyber security community to adopt and leverage XAI techniques to enhance the effectiveness and robustness of the systems they try to protect. Furthermore, we believe Adversarial Machine Learning domain and Cyber Security domain will be converging in the future.
03:10 PM
Presentation (open)
03:40 PM
Coffee Break
04:20 PM
Beat Büsser, Senior Research Scientist at IBM Research

Security of LLMs: Towards Detecting, Proving and Preventing Attacks
Adversarial attacks on Large Language Models (LLMs) are a serious threat against the security, privacy, and trustworthiness of these models and their data. These attacks can affect anybody creating, operating, or interacting with LLMs and the adversary’s goal can include for example creating chaos, extracting private information, or taking control of applications based on LLMs.

This talk will introduce and compare the current state-of-the-art methods for detecting or mitigating such adversarial interactions with LLMs in different threat scenarios. These approaches will be compared with so far better understood, related approaches for adversarial robustness of AI in the vision domain and of traditional machine learning models. Analysing the differences and similarities of adversarial robustness of LLMs with previously studied approaches will allow this talk to conclude with an outlook towards the requirements for safe application of LLMs and discuss open research questions around their defence and security.
04:50 PM
Presentation (open)
05:20 PM
Martina Arioli, Attorney-at-law at Arioli Law

AI and Legal Implications
Artificial intelligence (AI) is rapidly advancing and is increasingly being integrated into various industries and aspects of our lives. Generative artificial intelligence, including large language models such as ChatGPT, are powerful new tools for individuals and businesses. They raise a number of legal and ethical issues about how data is used in AI models and how the law applies to the output of those models, such as a paragraph of text or a computer-generated image. In this presentation some of the key legal issues related to AI and the implications for businesses and individuals will be explored.
05:50 PM
Apéro Riche incl. Networking and Know How Sharing
SCHEDULE DAY 2 - ZERO TRUST
09:30 Am
Registration & Welcome Coffee
10:00 AM
Welcome Note CSA and start day 2 by Linda Strick, EMEA Managing Director Cloud Security Alliance
10:10 AM
John Kindervag, Creator of Zero Trust and Chief Evangelist at Illumio

Win The Cyberwar With Zero Trust
Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure and making cyber attacks unsuccessful. In this session, John will discuss the concept of Zero Trust and explains why Zero Trust is the world's only true cybersecurity strategy. In 2020, President Biden issued an Executive Order mandating that all US Federal Government Agencies move towards adopting Zero Trust.

Zero Trust is both strategically resonant to the highest levels of the business but also practically and tactically implementable using commercial off-the-shelf technologies. Because Zero Trust focuses on providing granular protections around sensitive assets, this architectural model - which designs the network from the inside out - is perfectly positioned to solve the security challenges of modern critical infrastructure and IOT networks. For example, Zero Trust networks protect East-West traffic by default by enforcing micro-perimeters around critical assets or data. Therefore, internal malware propagation is stopped automatically.

Zero Trust innovations also add a layer of agility to modern networks that is impossible to achieve in traditional network designs. This means that your network can respond to the speed of business. These 21st-century networks have been adopted by large enterprises and government entities around the world.

John will explain how a Zero Trust Network Strategy will achieve tactical and operational goals that make security organizations a business enabler, not a business inhibitor.

Key Takeaways
Zero Trust is the world’s only real cybersecurity strategy
- Zero Trust has Business Value and resonates with the highest levels of your business
- Zero Trust is Implementable Using Commercial Off-the-Technology
- Zero Trust is not risky. It augments the existing networks and enables a smooth transition from a legacy network to a Zero Trust network over time
11:10 AM
Coffee Break
11:40 AM
Reto Zeidler, Head of Cyber Security / Member of the Strategic Leadership Team at Inventx AG

Zero Trust: Revolution oder Evolution?
More and more organization are setting Zero-Trust on the agenda and vendors are pushing the term to its limits. But even among security professionals, there seems often to be a lack of consent about what Zero Trust exactly is.

Let’s go behind the hype and elaborate what Zero Trust is and isn’t, what IT- and Security decision makers can expect from zero-trust and what needs to be considered for a successful zero trust journey.
12:10 PM
Bob Gilbert, VP GTM Strategy and Chief Evangelist at Netskope (USA)

Strengthen Your Security Program By Combining Zero Trust with SASE
The shift to the cloud, the transition to remote work, and digital transformation render legacy, datacenter-centric security architectures ineffective in defending against threats, protecting sensitive data, and ensuring that users have unfettered access to the resources they need to get their work done.

Join this session to learn about a more practical approach to security that combines Secure Access Service Edge (SASE) and zero trust principle alignment to ensure security controls follow the data and app performance follows the user.

Key topics covered:
- Introduction to SASE and Security Service Edge (SSE)
- Business value outcomes derived from SASE
- Importance of context when combining SASE with Zero Trust
- Introduction to high-impact use cases
12:45 PM
Lunch
01:45 PM
Geriet Wendler, Solution Architect Manager at Infoblox
We are focus on the role of DNS in the Zero Trust framework. We explore how DNS not only acts as a critical point in network communication and security but also presents unique challenges and opportunities within Zero Trust. The session covers the strategic use of Protective DNS for enhanced network visibility, proactive threat detection, and robust access control.
 
Key Takeaways:
- DNS and Zero Trust: DNS is essential for implementing Zero Trust security.
- Security Challenges: Addressing DNS vulnerabilities is crucial in a Zero Trust framework.
- Threat Detection: DNS plays a key role in detecting threats early.
02:15 PM
Christer Swartz, Director Industry Solutions at Illumio (USA)

Zero Trust, Independent of Network Security
Zero Trust requires a security model which is independent of traditional network or cloud security models. Every workload needs to be segmented against every other workload, at any scale, and workload segments cannot rely on network segments. Workloads and networks have different security priorities, and each needs to be addressed independent of the other.

Join this session to learn how to create a Zero Trust security model without re-architecting the network.
02:45 PM
Nikola Novoselec, Enterprise Security Architect / Head of Zero Trust Cybersecurity at Swiss Post

Zero Trust @ Swiss Post

Hands-on with the Swiss Post Zero Trust journey. Mapping the theory to practice, breaking down the complexity, figuring out where to start, how to prioritize and how to create the strategy, roadmap, and technical architecture for implementing Zero Trust.
03:15 PM
Coffee Break
03:45 PM
Klaus Haller, Senior Security Architect at AXA

Protecting User and Technical Accounts in the Public Clouds
As enterprises move more and more workloads to the cloud, authentication mechanisms in cloud ecosystems become crucial cornerstones for every cloud security design - especially when organizations internalize zero-trust principles. So, which cloud-native options exist to protect personal, technical, and high-privileged accounts? What are the differences between IaaS, PaaS, and SaaS – and multi-cloud and hybrid cloud architectures? And finally, what are the implications of the Azure Sinigng Key Loss (Storm-0558) for IT departments? Based on his work experience with Azure and GCP as a security architect for AXA in Switzerland, Klaus gives an overview of authentication challenges and features for the public clouds.
04:15 PM
Erik Faassen, Principal Architect Zero Trust & SASE - Director at Palo Alto Networks

Unwrapping and Wrapping up Zero Trust
This talk will be an extract of perspectives and insights gathered from orgnizations around the globe that are leveraging Zero Trust throughout their daily businesses.

We will dive into what Zero Trust really is, the forces that opposes and the forces that assists. The talk will expand beyond technology - however it also shows the importance of technology decisions in a Zero Trust approach.

Key Takeaways:
  • The five cyberforces or opposers?
  • Zero Trust goes beyond technology
  • Why Zero Trust should be an enabler to your business
04:45 PM
Panel Discussion moderated by John Kindervag
05:15 PM
End of the Event
Contributors & Moderators
Below you will find our contributors and speakers to whom we say a big thank you !
Linda Strick
Director CSA EMEA
Further information at Linda Strick | LinkedIn

Special Guest

John Kindervag
Creator of Zero Trust and Chief Evangelist at Illumio
Further information at John Kindervag | LinkedIn


Speakers

Martina Arioli
Attorney-at-law at Arioli Law
Further information at Martina Arioli | LinkedIn
Beat Buesser
Research Staff Member, AI Security and Privacy at IBM Research
Further information at Beat Buesser | LinkedIn
Daniele Cattteddu
Chief Technology Officer at Cloud Security Alliance
Further information at Daniele Catteddu | LinkedIn
Erik Faassen
Principal Architect Zero Trust & SASE- Director
Further information at Erik Faassen | LinkedIn
Bob Gilbert
Vice President, GTM Strategy & Chief Evangelist at Netskope (USA)
Further information at Bob Gilbert | LinkedIn
Klaus Haller
Senior Security Architect at AXA Switzerland
Further information at Klaus Haller | LinkedIn
Markus Luchsinger
Senior Cyber Risk Manager
Further information at Markus Luchsinger | LinkedIn
Nikola Novoselec
Enterprise Security Architect / Head of Zero Trust Cybersecurity at Swiss Post
Further information at Nikola Novoselec | LinkedIn
Lars Ruddigkeit
Thought Leader in Cloud, Data & Artificial Intelligence at Global AI Hub
Further information at Lars Ruddigkeit | LinkedIn
Frank Schwaak
Field CTO EMEA at Rubrik
Further information at Frank Schwaak | LinkedIn
Christer Swartz
Director Industry Solutions at Illumio (USA)
Further information at Christer Swartz | LinkedIn
Rob van der Veer
Senior Director at Software Improvement Group (SIG)
Further information at Rob van der Veer | LinkedIn
Geriet Wendler
Solution Architect Manager at Infoblox
Further information at Geriet Wendler | LinkedIn
Reto Zeidler
Head of Cyber Security at Inventx AG
Further information at Reto Zeidler | LinkedIn
Raphael Zimmer
Head of Divison at Federal Office for Information Security (BSI)
Further information at Raphael Zimmer | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!
 Join us on April 10th and/or 11th
We look forward to hosting you!

Processing Registration...