Start of first round of discussion for around 50 minutes. There will be 9 different roundtables and you can attend at two different tables means topics.
Roundtable 1: Andreas Wuchner, Field CISO at Panaseer & Morgan Thompson, Security Associate Director, Accenture Switzerland
Co-moderated by Markus Luchsinger, Senior Cyber Risk Manager at Swiss Re
The drivers and challenges to automating data-driven cyber controls monitoring and reporting
Data is king. But, proactively reporting on Security Posture, Controls Status, Tools Coverage, and exposure to Threat Scenarios is a recurring time sink for cyber professionals, risk managers, and asset owners. Automating data collection, analysis and reporting is the obvious answer, but there's a lack of standardization or acceptance on how to create such a data-driven capability in cybersecurity. And - it's a hard technical challenge to engineer for your unique business.
Let's explore:
- the increasing internal and external pressures for standing up such an initiative,
- what folk have done so far,
- what controls you care most about monitoring,
- how long we can get away with manual reporting,
- and the key business objections and technical challenges that are getting in the way.
Roundtable 2: Jay Christiansen, Manager and Lead of the Mandiant EMEA Red Team
Co-moderated by Mark Beerends, Executive Security Consultant at Prusec GmbH
Know your enemy, become your Enemy
To defeat your enemy, you must become your enemy" is an old, slightly exaggerated saying - but for modern cyber security it is mostly true. By performing Red Team engagements, thinking and behaving like the real threat actors it is possible to discover attacks and risks otherwise not considered by organisations. But at the same time, Red Teams often have to fight against a different reality than the one faced by real attackers; hemmed in by regulation and scoping, this paradox can give a false sense of security. So how do we balance and use the adversarial emulation best?
After a decade of threat intelligence-led Red Teaming we can look to what's next, how we can evolve our approaches and gain even more value out of the Red Teams.
Roundtable 3: Elier Cruz, Global Enterprise Security Architect, Check Point
Co-moderated by Andreas Bischoff, Head of Cyber Threat Management Engineering at Credit Suisse Services AG
Building Bridges: Integrating Zero Trust, Cybersecurity Mesh, and AI
In this roundtable we discover how to weave together Zero Trust, Cybersecurity Mesh, and AI into a robust cybersecurity fabric. We'll discuss the synergies and potential conflicts, share best practices, and outline a roadmap to successful integration, equipping you with the insights to enhance your security strategy.
Roundtable 4: Maurits Lucas, Director of Product Marketing at Intel471
Co-moderated by Sven Schaub, Project Leader at Universitäre Psychiatrische Dienste Bern
How to make sure your perimeter does not offer attackers any opportunities?
Gaining access to corporate networks has become big business in the underground, as it enables ransomware attacks, hacktivists, data theft, extortion and a host of other threats. Join us as we discuss how you can become proactive in ensuring that your perimeter does not offer attackers any opportunity to penetrate your security by looking at current best practices for staying secure.
Roundtable 5: Stephan Gerling, Senior Security Researcher in the Industrial Control Systems Cyber Emergency Response Team (ICS CERT) at Kaspersky
Co-moderated by Bruce Nikkel, Professor at Bern University of Applied Sciences
Challenges in OT security – the rise of new cyber theats for industrial companies
The current situation around cyber threats remains tense - a huge risk for organizations of all kinds, but especially for companies operating in the industrial environment. Uninterrupted operation is a top priority for industrial systems, where every minute of downtime counts. However, with growing connectivity and automation of processes, the risk of becoming a victim of a cyberattack increases at the same time.
This is one of the reasons why the requirements of industrial companies and those of organizations from other sectors differ considerably. Only a multi-layered cybersecurity strategy that is specifically tailored to protect OT environments and also takes into account employee training as the first line of defense can provide comprehensive security. Join our upcoming roundtable and learn how this approach can be successfully put into practice.
Roundtable 6: Brian de la Vega, IT System Engineer at Endress+Hauser Group & SentinelOne
Co-moderated by Dr. Marina Krotofil, Senior Cyber Security Advisor, Critical Infrastructure Protection at ISSP
Continuous and risk-based protection mechanisms for OT endpoints
How can you find and implement different global detection measures for malware and ransomware on OT-related endpoints? Providing comprehensive protection for OT environments is challenging because a wide range of requirements must be met: Operation on legacy operating systems, AirGaped management, analysis on endpoints and not only in cloud environments, and excellent learning capabilities.
Find out how an international manufacturing company overcame this challenge by looking at a real-life example.
Roundtable 7: Raj Samani, SVP / Chief Scientist at Rapid7
Co-moderated by Todd James, Vice President, Head of Cyber Detection Centre at Swiss Re
Understanding and Mitigating Cyber Attacks: Insights from the Ongoing MOVEit Exploitation
Exploited in the Wild: What does the recent vulnerability disclosures reveal about the future demands placed on security teams? From File transfer solutions to Security gateways, the reality is that criminals are actively exploiting organizations with previously unknown vulnerabilities. This session will examine recent disclosures and what needs to be done to move from alert fatigue to realistic prioritisation of critical alerts.
Roundtable 8: Marc Doudiet, Senior Director Global Incident Response at Kudelski Security & Julian Kanitz, Lead Sales Engineer DACH at Recorded Future
Co-moderated by André Bussmann, Senior Partner at Pragmatica AG
The Art of Tactical Advantage: Leveraging Threat Intelligence for Detection & Response
Are you ready to turn the tables on cyber threats? Join our interactive roundtable as we delve into the realm of threat intelligence and its impact on detection and response. Gain a deep understanding of how to harness the power of real-time data, actionable insights, and collaborative intelligence to proactively identify, analyze, and mitigate potential cyber risks.
Engage with industry thought leaders, share best practices, and discover the latest advancements in threat intelligence technologies. Don't miss this opportunity to arm yourself with the knowledge and tools to stay ahead in the cybersecurity battle.
Roundtable 9: Alain Mowat, Head of Research and Development at SCRT
Co-moderated by Nina Egli, IT Product Owner Cyber Security Testing at Hilti Group
How pentesting can be adapted and aligned to better assess the security level of products
It is not uncommon for companies to ask for an intrusion test of a newly acquired product. In most cases, a pentest team will then spend a limited amount of time to uncover issues within the way the company installed the product within their environment. However, this only scratches the surface of the issues that may be hidden within the product itself.
The constant stream of new vulnerabilities, 0days, and breaches that occur because of them are a never-ending reminder that "it is difficult to develop fully secure products". Difficult does not mean impossible, but without incentives and rewards for actually doing better than others, why would vendors make any effort?
This session will discuss ways in which pentesting can be adapted and aligned to better assess the security level of commercial products and look at how incentives can be put in place to motivate vendors to take security seriously.