Laura Flaquer, SOC Manager & Jan Freudenreich, IT Security Lead at Basler Kantonalbank

MSSP Transition: Practical Lessons Learned and Key Takeaways?
Transitioning MSSP providers is never just plug and play — it touches people, processes, and technology.

In this presentation, we’ll share key lessons learned along our journey: what worked well, where we hit challenges, and how we solved them. The goal is to provide a realistic view of the process and share our experience, so you can avoid common pitfalls.

Ranko Veselinovic, Senior Cyber Defense Engineer at Migros-Genossenschafts-Bund

A Software Developer's Perspective on SOAR
In the era of low-code platforms and AI, it may seem that traditional coding skills are becoming obsolete for building effective security automations. On the contrary - development expertise is more crucial than ever.

I will share Migros' journey, beginning with low-code solutions and evolving toward highly customized code. By leveraging Python and custom AI agentic workflows, we have developed use cases that fully replace the Tier 1 SOC analyst.

Carlo Tarantini, Senior Product Manager at Cribl

Data Management & Telemetry Pipeline Innovation
Rethinking Data Management: Building a Future-Proof Telemetry Pipeline

Learn how to modernize your security data infrastructure for maximum cyber resilience. Discover how innovative telemetry pipelines help manage runaway data growth, regain visibility, and dramatically cut costs—even on tight budgets. With flexible routing, enrichment, and a unified architecture, you can unlock full control over disparate data sources while extending the life of your analytics tools and setting your SOC team up for long-term success.

Ivan Strydom, Regional Sales Engineer at CrowdStrike 

Outpace Modern Cyber Threats with CrowdStrike’s Data-Driven Defense
Having transformed cybersecurity with a cloud-native and intelligence-led approach, CrowdStrike delivers world-class protection across endpoints, workloads, identities, and data. The CrowdStrike Falcon® platform harnesses real-time indicators of attack, threat intelligence, and enriched telemetry from across the enterprise to deliver precise detections, automated protection and response, and unrivalled threat hunting capabilities.

This short session will highlight how today’s most sophisticated adversaries are attacking organizations, evade detection within the network and reach their goals. Rally your defences, strengthen your SOC’s resilience and stay ahead of the evolving attacks.

Breakout Session No. 1: Andrea Cereghino and Ivan Strydom, Regional Sales Engineers at CrowdStrike 

You have been breached – What now? - Cyber-Simulation Real Time Workshop
This workshop is a practical storyline which depends on YOUR decisions.

Together with your peers, you vote what action should be taken next on critical decision points throughout the attack chain: from initial help desk compromise and credential theft to MFA bypass. See how your decisions impact the business, the brand and the well-being of your team – will your incident response be successful before time and finances run out?

This lean table-top exercise was developed by CrowdStrike’s incident response team and is inspired by real incidents conducted by one of today’ most dangerous threat actors - a financially-motivated group infamous for sophisticated social engineering and stealthy techniques.

All you need for this insightful and fun workshop are your ideas and your phone to vote.

Breakout Session No. 2: Carlo Tarantini, Senior Product Manager at Cribl

Data Tiering Strategies: A Blueprint for Cyber Resilience
Join your peers to discuss data tiering that matches storage to urgency and business value. Explore strategies for balancing speed, costs, and compliance, from hot, actionable data to affordable deep archives. Unpack how smart tiering and unified telemetry strategies create resilience, streamline investigations, and provide every team with the right data—when it matters most—all while maintaining flexibility and control across fragmented environments.

Breakout Session No. 3: Michael Gysi, Cyber Security Consultant at Thorin Cyber Security Management

Breach and Attack Simulation: Rising necessity or fading trend?
Breach and Attack Simulation tools promise to test the organisation's defenses and detection capabilities. Automated and in-depth, covering more checks than a human tester could do. Various solutions are available (and for a while now) and SOCs have tested or are regularly using them. Let's discuss! Are these tools and approaches still relevant and living up to the promises? How do you get the most benefits from using them and what are pitfalls in your opinion?

Breakout Session No. 4: Xavier Coppin, Head of Cyber Defense Center at Skyguide

Beyond the Hype: What Really Works in Cyber Defense Today?
AI. Automation. Next-Gen SIEM. We're all chasing the next big thing in security. But which technologies and strategies are actually moving the needle and making a difference in the real world?
 
Join our candid, peer-driven roundtable, "Decoding the Modern Cyber Defense Center," and let's get past the marketing buzz.
 
This is a unique opportunity to benchmark your strategy against your peers and ask the questions that matter:
 
- How are you optimizing your SOC costs without sacrificing visibility?
- What are your most effective tricks for keeping analysts engaged and productive?
- In the complex world of MDR providers, how do you choose the right partner?
- What's the secret to slashing response times when every second counts?
 
Let's share our collective wisdom on everything from threat intelligence and EDR/NDR integration to managing OT security. Your experience is valuable come share it and learn from the best in the field.