(registration will be closed April 8th, 2025)
Official Event Sponsor
Co-Sponsor
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways. Our goal: bring together what belongs together!
Important! Even if you are not a professional yet, come along and benefit from your peers. Everyone is welcome, even if you may not be able to contribute much or nothing at the beginning. It's about learning and benefiting from others so that you can pass on your experiences later.
For further planned events please check at https://www.sig-switzerland.ch/upcoming-events/
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Important! Even if you are not a professional yet, come along and benefit from your peers. Everyone is welcome, even if you may not be able to contribute much or nothing at the beginning. It's about learning and benefiting from others so that you can pass on your experiences later.
For further planned events please check at https://www.sig-switzerland.ch/upcoming-events/
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Location
Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
DATE & TIME
April 9th, 2025, 1:30 pm - open end incl. dinner
Airport Transfer & Parking
There's a shuttle bus from and to the airport, but only at specific times.
Parking lots at the hotel are available for free.
Parking lots at the hotel are available for free.
Participation Fee
EUR 60.--
1:00 pm
Registration
1:30 PM
Welcome & short introduction from the moderator Mark Beerends on behalf of SIGS
1:30 PM
Bernhard Distl, Cyber Security Expert at SIX Group
A Cyber Threat Level specific to your Organization?
Some weeks at work just feel more “threatening” than others? Have you ever wondered about how to proactively approach concerned management requests regarding cyber incident news? Putting together what your CTI team collects & analyzes, allows you to create your very own organizational cyber threat level. This does not only improve communication with stakeholders, but also allows you to establish criteria on when to notify them about a change in the threat level and justify it. We will see which data you can use, where to get it from and how to turn it into a single, easy to understand, high level metric.
A Cyber Threat Level specific to your Organization?
Some weeks at work just feel more “threatening” than others? Have you ever wondered about how to proactively approach concerned management requests regarding cyber incident news? Putting together what your CTI team collects & analyzes, allows you to create your very own organizational cyber threat level. This does not only improve communication with stakeholders, but also allows you to establish criteria on when to notify them about a change in the threat level and justify it. We will see which data you can use, where to get it from and how to turn it into a single, easy to understand, high level metric.
2:00 PM
Samuel Rossier, Chief Specialist - Cyber Threat Intelligence at Department of Government Enablement Abu Dhabi
From Intelligence to Detection: Why CTI must lead the Charge
Threat intelligence isn’t just about consuming feeds, it should be the driving force behind modern detection engineering and threat hunting. Yet, in 2025, many organizations remain stuck at the lower levels of the *Pyramid of Pain*, struggling to move beyond basic IOC-based detection.
How do we bridge the gap between CTI and detection engineering? What does an intelligence-led detection pipeline truly look like? In this session, we’ll explore the challenges, opportunities, and mindset shifts needed to elevate CTI from an advisory role to the core of modern security operations.
From Intelligence to Detection: Why CTI must lead the Charge
Threat intelligence isn’t just about consuming feeds, it should be the driving force behind modern detection engineering and threat hunting. Yet, in 2025, many organizations remain stuck at the lower levels of the *Pyramid of Pain*, struggling to move beyond basic IOC-based detection.
How do we bridge the gap between CTI and detection engineering? What does an intelligence-led detection pipeline truly look like? In this session, we’ll explore the challenges, opportunities, and mindset shifts needed to elevate CTI from an advisory role to the core of modern security operations.
2:30 PM
Patrick Lodder, Senior Manager Threat Intelligence Service at NVISO Security
Integrating Threat Intelligence into Your Security Program
In this presentation, we address the critical challenges organizations face when incorporating threat intelligence, including resource constraints, data volume and complexity, integration issues, timeliness, accuracy, scalability, compliance, and converting data into actionable insights.
This session takes a pragmatic approach to managing and transforming information into intelligence that benefits organisations. Sharing our lessons learned on turning information into actionable intelligence that informs strategic, operational, and tactical decision-making. Real-world examples will illustrate how organizations have successfully identified and prioritized vulnerabilities, enhanced threat detection, streamlined incident response, supported threat hunting activities, and enabled proactive defence measures.
By the end of this session, attendees will be able to help their organisations reap the strategic, tactical, and operational benefits of integrating threat intelligence into their security programs, ensuring they are prepared for the challenges of tomorrow.
Integrating Threat Intelligence into Your Security Program
In this presentation, we address the critical challenges organizations face when incorporating threat intelligence, including resource constraints, data volume and complexity, integration issues, timeliness, accuracy, scalability, compliance, and converting data into actionable insights.
This session takes a pragmatic approach to managing and transforming information into intelligence that benefits organisations. Sharing our lessons learned on turning information into actionable intelligence that informs strategic, operational, and tactical decision-making. Real-world examples will illustrate how organizations have successfully identified and prioritized vulnerabilities, enhanced threat detection, streamlined incident response, supported threat hunting activities, and enabled proactive defence measures.
By the end of this session, attendees will be able to help their organisations reap the strategic, tactical, and operational benefits of integrating threat intelligence into their security programs, ensuring they are prepared for the challenges of tomorrow.
3:00 PM
Mark Schloesser, VP CAO Automation at CrowdStrike
Short solution presentation incl. Q&A
Short solution presentation incl. Q&A
3:10 PM
Joël Giger, Consultant - Intelligence Advisory Services EMEA at Recorded Future
Short solution presentation incl. Q&A
Short solution presentation incl. Q&A
3:20 PM
Break
4:00 PM
4 different Breakout Sessions to join - you can choose/attend two of them
Martin Ebner, CISO/SIA at MoD AUT
Now we have a TI solution and what now?
The aim is to show the different layers in the TI and make them available to different systems for analysis or to get the data from systems into the TI. Is a bidirectional approach possible and how?
We will discuss some pitfalls such as: too many indicators, the correct interpretation and how to draw conclusions from it. Let’s discuss the different challenges on the way to a perfect TI solution.
Now we have a TI solution and what now?
The aim is to show the different layers in the TI and make them available to different systems for analysis or to get the data from systems into the TI. Is a bidirectional approach possible and how?
We will discuss some pitfalls such as: too many indicators, the correct interpretation and how to draw conclusions from it. Let’s discuss the different challenges on the way to a perfect TI solution.
Mark Schloesser, VP CAO Automation at CrowdStrike
Threat Intelligence Automation Challenges and Solutions (and some AI)
Every SOC and TI/TH team uses a lot of tools, systems and databases in their daily analysis. This usually means the accumulation of various APIs and UIs at different skill levels and experiences with sometimes conflicting objectives.
In addition, the incoming amount of data or events is usually very large and unsorted. I would like to share and discuss some case studies and experiences. This covers topics such as
We will dive into topics such as "Single Pane of Glass" and why it often fails, the importance of user experience and customization, Sandboxing in 2025, classification versus sorting and the usability of current LLMs and AI agents.
Threat Intelligence Automation Challenges and Solutions (and some AI)
Every SOC and TI/TH team uses a lot of tools, systems and databases in their daily analysis. This usually means the accumulation of various APIs and UIs at different skill levels and experiences with sometimes conflicting objectives.
In addition, the incoming amount of data or events is usually very large and unsorted. I would like to share and discuss some case studies and experiences. This covers topics such as
We will dive into topics such as "Single Pane of Glass" and why it often fails, the importance of user experience and customization, Sandboxing in 2025, classification versus sorting and the usability of current LLMs and AI agents.
Samuel Rossier, Chief Specialist - Cyber Threat Intelligence at Department of Government Enablement Abu Dhabi
IOC Automation: The Devil in the Details
Everyone wants their IOCs to seamlessly feed security systems, automatically blocking and detecting threats. But few talk about the painful details that make this far from simple. Confidence, feed source, scoring, expiration, security system limitations, data formats, and alert context all play a critical role in making, or breaking, an effective IOC pipeline.
This session takes a deep dive into real-world IOC use cases, the technical challenges they present, and practical strategies to overcome them. The goal? To streamline IOC automation and free up valuable time to focus on the higher levels of the Pyramid of Pain, detection engineering and threat hunting.
IOC Automation: The Devil in the Details
Everyone wants their IOCs to seamlessly feed security systems, automatically blocking and detecting threats. But few talk about the painful details that make this far from simple. Confidence, feed source, scoring, expiration, security system limitations, data formats, and alert context all play a critical role in making, or breaking, an effective IOC pipeline.
This session takes a deep dive into real-world IOC use cases, the technical challenges they present, and practical strategies to overcome them. The goal? To streamline IOC automation and free up valuable time to focus on the higher levels of the Pyramid of Pain, detection engineering and threat hunting.
Monika Atanasova, Global Head of Cyber Third Party Risk Management at Raiffeisen Group
Third & 4th Party Threat Intelligence Program
Let's discuss and interact on the following topics:
Third & 4th Party Threat Intelligence Program
Let's discuss and interact on the following topics:
- What is key in a solid Cyber TPRM Program
- What is strategic Third Party Intelligence
- What are top cyber risks you should monitor
- Best practices & how to mitigate 3rd and 4th party risk with real-time, automated intelligence
- AI and their role within security assessments and threat intelligence
5:10 PM
Short break and change the room to the next Breakout Session of your choice
5:20 PM
2nd round of Breakout Sessions
6:30 PM
Dinner & Networking till open end
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Mark Beerends
Executive Security Consultant at Prusec
Further information at Mark Beerends | LinkedIn
Monika Atanasova
Global Head of Cyber Third Party Risk Management
Further information at Monika Atanasova | LinkedIn
Martin Ebner
CISO/SIA at MoD AUT
Patrick Lodder
Senior Manager Threat Intelligence Service at NVISO Security
Further information at Patrick Lodder | LinkedIn
Samuel Rossier
Chief Specialist - Cyber Threat Intelligence at Department of Government Enablement, Abu Dhabi
Further information at Samuel Rossier | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!