SIGS 20th SOC Forum

Join us on February 16th, 2023 and earn 4.25 CPEs

(registration will be closed February 10th, 2023)
Official Event Sponsor
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.

This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!

Looking forward to see you there,
your SIGS team

As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.

Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg


February 16th, 2023, 1:30 pm - open end incl. dinner

Airport Transfer & Parking

There's a shuttle bus from the airport available.
Parking lots at the hotel are available for free.

1:30 pm
2:00 PM
Welcome & short introduction from the background organization
2:o0 PM
David Grout, CTO EMEA at Mandiant (now part of Google Cloud)

Incident Response – Tales from the Trenches
During this presentation David will present return of experience and anecdotes on Incident Responses ran by Mandiant over the last year.
By using real life examples David will drive you through the best practices and the challenges of running Incident Responses at scale.
Key numbers and facts delivered during this presentation will also help us to dig into the main trends in the industry in order to envisage counter measure and methodologies to put in place to improve incident responses capabilities for practitioners.
2:30 PM
Dave Barrera, Founder at CritSecurity
An old foe, macros! A threat forgotten making a comeback with emoted malware
Emoted malware - firstly observed around 2014 - is becoming a challenge for a lot of security professionals. Not only can't we put our trust into old and proven methods such as AV and other detection; these attacks, due to its nature are polymorphic, hence it's harder to detect and counter them.
We dive into the history and capabilities of such malware, its danger since it allows malware as a service and how we can still defend ourselves even if it feels like a asymmetric combat, where we are the under-equipped ones.
3:00 PM
Sophus Siegenthaler - Founder and IT Security Engineer at cyllective AG
How to hack a SOC (and how to secure it)
The Security Operations Center is a vital aspect of modern organizations, but which risks may occur, and how can these be addressed? To ensure the future integrity of any SOC service - basic principles, as well as security-in-depth, should be taken into consideration. Together, we'll explore the subject from the angle of an ever-evolving threat model, as seen through both the defensive and the offensive perspective.
3:30 PM
4:10 PM
Roundtable 1: David Grout, CTO EMEA at Mandiant (now part of Google Cloud)

Operationalise your Threat Intelligence 
Threat Intelligence is a trendy topic but often misunderstood by vendors and cybersecurity actors. During this roundtable David Grout, CTO Mandiant, will moderate the discussions to encourage “best practices sharing”, “return of experiences” and interaction in between the participants. The aim of this session is not the what , or when but the HOW, how to use it, how to build a program , how to made it a success or how to share failure to be better on the next iteration. Come with your passion and willingness to share experience with your peers to help the entire community to improve the way to deal with CTI.

Roundtable 2: Andreas Mühlemann, Security Engineer at SWITCH

Open Source Intelligence Platforms for SOC Teams
Incident Handling needs fast answers to triage an event or decide if an incident response playbook should be applied to the current case.
Open source intelligence platforms can help to get a quick insight if an IP Address, Domain or file is already known to be malicious. This round table discusses various platforms and their advantages and disadvantages which help to simplify and speed up incident response teams processes.

Roundtable 3: Todd James, Vice President, Head of Cyber Detection Centre at Swiss Re

Are you prepared for Incident Response in the Cloud?
Are you and your team ready to perform incident response in a timely manner in your cloud environment? Have you thought about your tooling, logs, processes, and skills and how much they differ from your on-prem infrastructure and the commodity malware you normally deal with? Let's discuss these and others that you may have encountered to get you more confident with handling cyber security incidents in the cloud.

Roundtable 4: Clemens Sauerwein, Assistant Professor of Security Engineering at Leopold-Franzens Universität Innsbruck 

The Role of Information Quality in SOCs
SOCs obtain information about vulnerabilities, threats, and attacks from a variety of information sources. Although this information is used as input for resource-intensive or securing business-critical processes, the quality and reliability of the information collected varies greatly. For this reason, we want to discuss criteria and metrics for assessing the quality of security information used in SOCs. Finally, let us develop a practical framework for the quality assessment of security information.

5:00 PM
Change the table for the second round of discussions
6:00 PM
Apéro riche incl. networking and know how sharing till open end
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Natalya Arbuzova
SOC Manager Threat Detection and Response, Swisscom
Natalya is an active contributor for SIGS.
Further information at Natalya Arbuzova | LinkedIn
Mark Beerends
Executive Security Consultant, Prusec
Mark is an active contributor for SIGS. Further information at ​Mark Beerends | LinkedIn​​​
Dave Barrera
Founder at CritSecurity
Further information at Dave Barrera | LinkedIn
Todd James
Vice President, Head of Cyber Detection Centre, Swiss Re
Further information at Todd James | LinkedIn
Andreas Mühlemann
Security Engineer, SWITCH
Further information at Andreas Mühlemann | LinkedIn
Clemens Sauerwein
Assistant Professor Security Engineering, Leopold-Franzens Universität Innsbruck
Further information at Clemens Sauerwein | LinkedIn
Sophus Siegenthaler
Founder & IT Security Engineer, cyllective AG
Further information at Sophus Siegenthaler | LinkedIn
David Grout
CTO EMEA & Senior Director Presales, Mandiant (now part of Google Cloud)
Further information at David Grout | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!
 Join us on February, 16th
We look forward to hosting you!

Processing Registration...