SIGS Roundtable Afternoon moderated by Women in Cyber 

(men are very welcome!)

Join us on November 23rd, 2023 and earn 3.0 CPEs

(registration will be closed November 22nd, 2023 - seats are limited)
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.

This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!

Looking forward to see you there,
your SIGS team

As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Meienbreitenstrasse 9
Rümlang (near Airport)

November 23rd, 2023, 2:30 pm - open end incl. dinner

Transfer & Parking
There's a shuttle from the train station in Rümlang available.
Parking lots at the location are available for free.

Participation Fee
We request EUR 99.-- during the registration. You will get your money back if you were there.
2:30 pm
Registration & welcome coffee
3:15 PM
Welcome & short introduction from the organization incl. elevator pitches from some hopefully interesting start ups
4:00 PM
Start of first round of discussions for around 50 minutes. There will be 11 roundtables and you can attend at two different tables/topics.

Roundtable 1: Martina Arioli, Attorney-at-law at TIMES Attorney

Regulatory Challenges and Legal Pitfalls: how can the Legal Function best support your needs?
Compliance with regulatory requirements and legal provisions is increasingly complex. Cybersecurity requires an interdisciplinary approach, and the legal function is there to support you in navigating data protection laws, industry-specific compliance standards, and breach notification requirements. The participants will get a chance to ask questions they never dared to ask their legal counterpart and discuss their expectations in the effort to continuous compliance and best practices in contract negotiations.

Roundtable 2: Camille Aubry, Cyber Threat Intelligence Specialist at Raiffeisen
Co-moderater: Maya Horowitz, VP Research & Threat Intelligence at Check Point

Building an effective Threat Intelligence Program
Setting up a threat intelligence program can bring incredible value to our organization and help improve security. Yet, it remains a challenge to implement it in a way that adds real value. How can we make our TI program effective? How to avoid it being a "nice-to-have" add-on?

Roundtable 3: Florence Garaud, Head of IT Security Architecture & Risk Management at Lonza

Shielding the Cloud : Safeguarding our digital landscape with Vulnerability Management 
In an ever-evolving threat landscape, effective vulnerability management is paramount to secure cloud environments, from conducting vulnerability scans to implementing robust security monitoring processes which involve identifying and mitigating weaknesses that could be exploited by attackers.

In this session, we'll discuss the latest best practices for implementing effective vulnerability management strategies within a cloud environment.

Roundtable 4: Cathérine Gloor, Global Third Party Cyber Risk Lead  at UBS AG
Co-moderator: Ilona Simpson, CIO EMEA at Netskope

How to efficiently conduct third party CIS risk assessments
CIS Third Party Risk Assessments are cumbersome for all parties involved. The third parties, who might not have the appropriate expertise and resources to respond to Third Party questionnaires, the business does not know how to facilitate such an assessment and is not cognizant of the risks involved and lastly, the risk assessors waiting for responses and evidence from the third parties.

How can these risk assessments be structured in a way that they are efficient? How can we ensure that cloud based services are properly assessed? Should this be outsourced? What are other options of managing Third Party Risk Assessments?

Roundtable 5: Dana Guran, Head of Strategic Program IAM at Novartis

Increasing identity governance automation for hybrid cloud environments
The hybrid nature of the modern IT landscape, encompassing SaaS, PaaS, IaaS, and a mix of public and private clouds, introduces significant challenges for consistent, granular and fit-for-purpose identity and access management. This is augmented by the increasing complexity of user types (humans - internals, externals, customers, machine/technical) and their very specific needs.

We invite you to join us at this round table discussion to exchange ideas and brainstorm together on managing security risk in this context, defining controls and appropriate technical solutions for automated centralized provisioning and, more importantly, timely deprovisioning of access. Do you think you have already solved this problem? Come share with the community and maybe you will discover some new aspects you did not yet consider.

Roundtable 6: Olga Horat, Expert ICT Security Assurance at AXA

Governance and Assessments of Affiliates and Start-ups
As an insurance company, we must comply with all regulatory requirements, as must our subsidiaries (affiliates). Governance and risk assessment help them with regulation, risk assessment, and risk management to meet specific requirements, including cyber threat prevention and mitigation. Quality assurance must be performed equally for all affiliates - for the very advanced affiliates and also for those start-ups with very few resources. How do we/you manage this balancing act?

I like to address following questions:
- Do you have different tools in place for subsidiaries (affiliates) and start-ups? What has been your experience with governance and assessment?
- What guidance do you use?
- What is your experience with ISO 27001/27002, NIST, CIS Benchmark in the context of start-ups?
- Do you have experience with DIN SPEC 27076 «IT security consulting for small and micro enterprises»?

Roundtable 7: Kristine Kraisa, Chief of Staff at TradeXBank AG

Data Ascend: Mastering Customer Identifying Data Handling in the Cloud
As the Swiss companies, and most importantly Swiss banking sector moves increasingly towards cloud-based solutions, the effective management and protection of customer identifying data in the cloud have become critical. This roundtable discussion will focus on the unique challenges, opportunities, and best practices associated with cloud data management in the Swiss landscape.

We will delve into the complexities of the data protection nuances, particularly in relation to the Federal Act on Data Protection (FADP), EU's General Data Protection Regulation (GDPR), and the Swiss Financial Market Supervisory Authority (FINMA) guidelines. Participants will dissect the current strategies employed by Swiss banks and other companies, the potential pitfalls and cyber risks associated with cloud migration, and the role of encryption, tokenization, and other advanced security measures.

By exploring the nuances of data handling in the cloud for the Swiss banking sector, this roundtable promises to provide invaluable insights and practical solutions for managing customer identifying data securely and effectively, thereby promoting trust and confidence in the digital banking ecosystem.

Roundtable 8: Caroline Prenn, Senior Director at EPAM Systems

How Organizations Can Leverage AI, mitigate risk and ensure benefits
Today AI brings tremendous benefits for automation which bring cost savings, efficiency gains etc. However without proper control and risk management, it can generate significant threats and bring more pain then benefits. What to consider to leverage full benefits?

Roundtable 9: Zuzana Rebrova, Lead of Third Party Cyber Risk Management at Swiss Re

Ingredients of streamlined and smooth running TPRM
The roundtable discussion will focus on the components required to create efficient third-party risk management service. Discussion will touch on the importance of cross-team collaboration, operating without silos, tooling, 20/80 approach and holistic view through multiple risk domains and how all these ingredients might be used to enhance the efficiency of the third-party risk managements process. Participants can expect productive, insightful conversation, best practices sharing and inspirations from peers.

Roundtable 10: Nathalie Weiler, Professor at OST - Ostschweizer Fachhochschule & Head of IT Security Architecture at Helsana (starting 1.9.2023)

Beyond Security Awareness
Security Awareness Training address the human factor in cyber risk. Unfortunately, effectiveness is limited and stagnates even in the best companies at 80-85% in phishing simulations.

So, lets discuss how we can get rid of the effectiveness myth of security awareness. What can we do? How can we combine train more - train different? What value brings gamification in security awareness training? How can we borrow on a general security training within the enterprise to foster security first thinking? Are Capture-the-Flag (CTF) of value for enterprise or just a nerd experience? What does academic research in this specific field bring to the table? What learnings can we draw from specialist trainings?

Let's talk about spanning the bridge between the different security training forms and formats available for a better result!

Roundtable 11: Maria Zidkova, Information Security Officer at City Zurich

How to achieve Continuous Security Compliance and benefit from Cloud Security Community
Cloud Security Organizations like Cloud Security Alliance provide us with tools and documentations to work with.
Are you aware of the benefits CSA CCM, CAIQ and CIS Benchmarks can offer you? Let's share experiences. Which tools did you experience and would recommend?
4:50 PM
Short break and change the roundtables
5:10 PM
2nd turn roundtable discussions
6:00 PM
Apéro, Fondue/Raclette (and other things for peoples who don't like cheese) & networking till open end
Contributors & Moderators
Below you will find our contributors and speakers to whom we say a big thank you !
Monika Atanasova
Global Head of Cyber Thirdparty Risk Management at Raiffeisen
Further information at Monika Atanasova | LinkedIn

Roundtable Moderators

Martina Arioli
Attorney-at-law at TIMES Attorney
Further information at Martina Arioli | LinkedIn
Camille Aubry
Cyber Threat Intelligence Specialist at Raiffeisen
Further information at Camille Aubry | LinkedIn
Florence Garaud
Head of IT Security Architecture & Risk Management at Lonza
Further information at Florence Garaud | LinkedIn
Cathérine Gloor
Global Head Third Party Cyber Risk at UBS AG
Further information at Cathérine Gloor | XING
Dana Guran
Head of Strategic Program IAM at Novartis
Further information at Dana Guran | LinkedIn
Olga Horat
Specialist ICT Security Assurance at AXA
Further information at Olga Horat | LinkedIn
Kristiane Kraisa
Chief of Staff at TradeXBank
Further information at Kristine Kraisa | LinkedIn
Caroline Prenn
Senior Director at EPAM Systems
Further information at Caroline Prenn | LinkedIn
Zuzana Rebrova
Head of Global Third Party Cyber Risk Management at
Swiss Re
Further information at Zuzana Rebrova | LinkedIn
Nathalie Weiler
Professor at OST - Ostschweizer Fachhochschule & Head IT Security Architecture at Helsana (starting 1.9.2023)
Further information at Nathalie Weiler | LinkedIn
Maria Zidkova
IT Security Officer at City of Zurich
Further information at Maria Zidkova | LinkedIn

Roundtable Co-Moderators

Maya Horowitz
VP Research & Threat Intelligence at Check Point
Further information at Maya Horowitz | LinkedIn
Ilona Simpson
CIO EMEA at Netskope
Further information at Ilona Simpson | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!
 Join us on November, 23rd
We look forward to hosting you!

Processing Registration...