(registration will be closed June 11th, 2024)
Official Event Sponsor
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways. Our goal: bring together what belongs together!
For further planned events please check at https://www.sig-switzerland.ch/upcoming-events/
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
For further planned events please check at https://www.sig-switzerland.ch/upcoming-events/
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
EVENTPARTNER
Location
Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
DATE & TIME
June 12th, 2024, 1:30 pm - open end incl. dinner
Airport Transfer & Parking
There's a shuttle bus from and to the airport, but only at specific times.
Parking lots at the hotel are available for free.
Parking lots at the hotel are available for free.
Participation Fee
EUR 60.--
1:30 pm
Registration
2:00 PM
Welcome & short introduction from SIGS & Rolf A. Becker, Co-Chair Cloud Security Alliance CH-Chapter
2:15 PM
Vyacheslav Degtyarev, Head of IT at TradeXBank AG
Security in the Cloud - The Art of Building on Sand
Large cloud providers, cloud-based services, small SaaS companies have become an integral part of any modern IT landscape. There is no doubt, no question of 'when' or 'if' - it is here and now. How to survive in the IT cloud jungle is the only valid question on the table.
There has been a lot of talk about the risks of the cloud and the legal and regulatory issues - all of which are important. But is it going to help you as an IT leader to survive in a situation of crisis? What happens if the house is on fire? Access to the cloud service is not possible, your cloud hosted data has been offered for sale on the dark market and the cloud hosted database your business relies on can’t be trusted anymore?
Security in the Cloud - The Art of Building on Sand
Large cloud providers, cloud-based services, small SaaS companies have become an integral part of any modern IT landscape. There is no doubt, no question of 'when' or 'if' - it is here and now. How to survive in the IT cloud jungle is the only valid question on the table.
There has been a lot of talk about the risks of the cloud and the legal and regulatory issues - all of which are important. But is it going to help you as an IT leader to survive in a situation of crisis? What happens if the house is on fire? Access to the cloud service is not possible, your cloud hosted data has been offered for sale on the dark market and the cloud hosted database your business relies on can’t be trusted anymore?
2:45 PM
John Pease, Strategic Cloud SE EMEA at SentinelOne
The Evolution of Cloud Attacks - Building a Modern Cloud Defense
Murky and cryptic details of cloud breaches and threats fill all cybersecurity news. Sorting through the limited information provided can often lead to even more confusion around the source and solution to these threats. To build an effective cloud defense strategy, it is important to understand the nature of how you will be attacked.
In this session, John will provide an in-depth look at the changing cloud threat landscape and cover:
The Evolution of Cloud Attacks - Building a Modern Cloud Defense
Murky and cryptic details of cloud breaches and threats fill all cybersecurity news. Sorting through the limited information provided can often lead to even more confusion around the source and solution to these threats. To build an effective cloud defense strategy, it is important to understand the nature of how you will be attacked.
In this session, John will provide an in-depth look at the changing cloud threat landscape and cover:
- How cloud breaches have evolved to where they are today
- Real techniques and tactics that can be used to form your defense
- The latest trends of cloud threat actors
3:15 PM
Presentation from Tenable
(details will follow)
(details will follow)
3:45 PM
Break
4:30 PM
Roundtable 1: Michailas Ornovskis, Senior Security Architect at Sunrise
Hybrid Multicloud Security Challenges
It is common to start cloudification and digital journey towards new tools and services that are only available in the cloud for classic companies that have legacy / on-premises environments. Some repetitive mistakes are made and similar challenges are being faced, such as the lack of a sound cloud strategy, choosing the best option for migration, suitable cloud model etc.
Most commonly, the lack of planning and understanding results in building one of the hardest environments there is hybrid multicloud. Hybrid multicloud poses a challenge for security professionals since it requires to understand and manage multiple different environments at once. In addition, these are connected to each other.
Topic to address include: which security standards and policies to apply? Which security management tools to use? How to effectively be aware of and manage risks in such environment? Which new tools, techniques and competencies need to be developed in the company? Should we focus on using cloud-native or hybrid tooling?
Let’s meet and discuss these challenges and ways to address them.
Roundtable 2: Louis Duruflé-Seta, Senior Engineering Manager Security at Niantic Inc.
Cloud security: The Fast Moving Polymorphic Target
Cloud is building on a moving ground. How do you secure an infrastructure in constant evolution?
What are the cloud invariants, what are the challenges and the tools to address them?
The pace is accelerating, how do we secure organisations and infrastructures growing exponentially?
Roundtable 3: Rolf A. Becker, Co-Chair Cloud Security Alliance CH-Chapter
Third Party / Supply Chain Cyber Risk Management: Practical Experience
We all use many services of external providers. Most of them today are directly or indirectly themselves using other underlying services, and most are cloud based. Key to an effective cloud risk governance are the controls over information security risks. You need to make sure that your third party service provider not only understands them, but has also implemented them, and will maintain and improve them. This also applies to sub-providers, and to you as client.
I will share experience from having successfully implemented a third party service provider cloud and cyber risk assessment and control governance framework at one of the largest Swiss financial institutions. I will also give you insight into lessons learned, a reality check and practical way forward for large and small institutions – and why you should look for more than the ISO 27001 / 27017, SOC1 or SOC2 Type II reports. We will discuss what you are currently doing and what steps you can take in order to fortify your governance approach over 3rd party risks, including a new assessment and certification service the Cloud Security Alliance is developing which could support you by reducing cost and effort.
Roundtable 4: Gion Manetsch, Enterprise Architect at PostFinance AG
(details will follow)
Hybrid Multicloud Security Challenges
It is common to start cloudification and digital journey towards new tools and services that are only available in the cloud for classic companies that have legacy / on-premises environments. Some repetitive mistakes are made and similar challenges are being faced, such as the lack of a sound cloud strategy, choosing the best option for migration, suitable cloud model etc.
Most commonly, the lack of planning and understanding results in building one of the hardest environments there is hybrid multicloud. Hybrid multicloud poses a challenge for security professionals since it requires to understand and manage multiple different environments at once. In addition, these are connected to each other.
Topic to address include: which security standards and policies to apply? Which security management tools to use? How to effectively be aware of and manage risks in such environment? Which new tools, techniques and competencies need to be developed in the company? Should we focus on using cloud-native or hybrid tooling?
Let’s meet and discuss these challenges and ways to address them.
Roundtable 2: Louis Duruflé-Seta, Senior Engineering Manager Security at Niantic Inc.
Cloud security: The Fast Moving Polymorphic Target
Cloud is building on a moving ground. How do you secure an infrastructure in constant evolution?
What are the cloud invariants, what are the challenges and the tools to address them?
The pace is accelerating, how do we secure organisations and infrastructures growing exponentially?
Roundtable 3: Rolf A. Becker, Co-Chair Cloud Security Alliance CH-Chapter
Third Party / Supply Chain Cyber Risk Management: Practical Experience
We all use many services of external providers. Most of them today are directly or indirectly themselves using other underlying services, and most are cloud based. Key to an effective cloud risk governance are the controls over information security risks. You need to make sure that your third party service provider not only understands them, but has also implemented them, and will maintain and improve them. This also applies to sub-providers, and to you as client.
I will share experience from having successfully implemented a third party service provider cloud and cyber risk assessment and control governance framework at one of the largest Swiss financial institutions. I will also give you insight into lessons learned, a reality check and practical way forward for large and small institutions – and why you should look for more than the ISO 27001 / 27017, SOC1 or SOC2 Type II reports. We will discuss what you are currently doing and what steps you can take in order to fortify your governance approach over 3rd party risks, including a new assessment and certification service the Cloud Security Alliance is developing which could support you by reducing cost and effort.
Roundtable 4: Gion Manetsch, Enterprise Architect at PostFinance AG
(details will follow)
5:30 PM
Change the table for the second round of discussions
6:30 PM
Apéro riche incl. networking and know how sharing till open end
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Moderator and Event Partner
Rolf A. Becker
Co-Chair Cloud Security Alliance CH Chapter
Further information at Rolf A. Becker | LinkedIn
Speaker and Roundtable Moderator
Vyacheslav Degtyarev
Head of IT at TradeXBank AG
Further information at Vyacheslav Degtyarev | LinkedIn
Louis Duruflé-Seta
Senior Engineering Manager Security at Niantic, Inc.
Further information at Louis Duruflé-Seta | LinkedIn
Gion Manetsch
Enterprise Architect at PostFinance AG
Michailas Ornovskis
Senior Security Architect at Sunrise
Further information at Michailas Ornovskis | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!