SIGS Women in Cyber
moderated Roundtable Event
(men are very welcome!)
Join us on November 23rd, 2023 and earn 3.0 CPEs
(registration will be closed November 22nd, 2023 - seats are limited)
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Location
Eventalm
Meienbreitenstrasse 9
Rümlang (near Airport)
Meienbreitenstrasse 9
Rümlang (near Airport)
DATE & TIME
November 23rd, 2023, 2:30 pm - open end incl. dinner
Transfer & Parking
There's a shuttle from the train station in Rümlang available.
Parking lots at the location are available for free.
Parking lots at the location are available for free.
Participation Fee
We request EUR 99.-- during the registration. You will get your money back if you where there.
A BIG THANK YOU TO OUR SPONSORS WHO MAKE THIS PLATFORM HAPPEN!
Schedule
2:30 pm
Registration & welcome coffee
3:30 PM
Welcome & short introduction from the organization
4:00 PM
Start of first round of discussions for around 50 minutes. There will be 11 roundtables and you can attend at two different tables/topics.
Roundtable 1: Martina Arioli, Attorney-at-law at TIMES Attorney
Regulatory Challenges and Legal Pitfalls: how can the Legal Function best support your needs?
Compliance with regulatory requirements and legal provisions is increasingly complex. Cybersecurity requires an interdisciplinary approach, and the legal function is there to support you in navigating data protection laws, industry-specific compliance standards, and breach notification requirements. The participants will get a chance to ask questions they never dared to ask their legal counterpart and discuss their expectations in the effort to continuous compliance and best practices in contract negotiations.
Roundtable 2: Camille Aubry, Cyber Threat Intelligence Specialist at Raiffeisen
Building an effective Threat Intelligence Program
Setting up a threat intelligence program can bring incredible value to our organization and help improve security. Yet, it remains a challenge to implement it in a way that adds real value. How can we make our TI program effective? How to avoid it being a "nice-to-have" add-on?
Roundtable 3: Florence Garaud, Head of IT Security Architecture & Risk Management at Lonza
Shielding the Cloud : Safeguarding our digital landscape with Vulnerability Management
In an ever-evolving threat landscape, effective vulnerability management is paramount to secure cloud environments, from conducting vulnerability scans to implementing robust security monitoring processes which involve identifying and mitigating weaknesses that could be exploited by attackers.
In this session, we'll discuss the latest best practices for implementing effective vulnerability management strategies within a cloud environment.
Roundtable 4: Cathérine Gloor, Global Third Party Cyber Risk Lead at UBS AG
How to efficiently conduct third party CIS risk assessments
CIS Third Party Risk Assessments are cumbersome for all parties involved. The third parties, who might not have the appropriate expertise and resources to respond to Third Party questionnaires, the business does not know how to facilitate such an assessment and is not cognizant of the risks involved and lastly, the risk assessors waiting for responses and evidence from the third parties.
How can these risk assessments be structured in a way that they are efficient? How can we ensure that cloud based services are properly assessed? Should this be outsourced? What are other options of managing Third Party Risk Assessments?
Roundtable 5: Dana Guran, Head of Strategic Program IAM at Novartis
Increasing identity governance automation for hybrid cloud environments
The hybrid nature of the modern IT landscape, encompassing SaaS, PaaS, IaaS, and a mix of public and private clouds, introduces significant challenges for consistent, granular and fit-for-purpose identity and access management. This is augmented by the increasing complexity of user types (humans - internals, externals, customers, machine/technical) and their very specific needs.
We invite you to join us at this round table discussion to exchange ideas and brainstorm together on managing security risk in this context, defining controls and appropriate technical solutions for automated centralized provisioning and, more importantly, timely deprovisioning of access. Do you think you have already solved this problem? Come share with the community and maybe you will discover some new aspects you did not yet consider.
Roundtable 6: Olga Horat, Expert ICT Security Assurance at AXA
(Governance and Assessments of Affiliates and Start-ups - details will follow)
Roundtable 7: Kristine Kraisa, Chief of Staff at TradeXBank AG
Data Ascend: Mastering Customer Identifying Data Handling in the Cloud
As the Swiss companies, and most importantly Swiss banking sector moves increasingly towards cloud-based solutions, the effective management and protection of customer identifying data in the cloud have become critical. This roundtable discussion will focus on the unique challenges, opportunities, and best practices associated with cloud data management in the Swiss landscape.
We will delve into the complexities of the data protection nuances, particularly in relation to the Federal Act on Data Protection (FADP), EU's General Data Protection Regulation (GDPR), and the Swiss Financial Market Supervisory Authority (FINMA) guidelines. Participants will dissect the current strategies employed by Swiss banks and other companies, the potential pitfalls and cyber risks associated with cloud migration, and the role of encryption, tokenization, and other advanced security measures.
By exploring the nuances of data handling in the cloud for the Swiss banking sector, this roundtable promises to provide invaluable insights and practical solutions for managing customer identifying data securely and effectively, thereby promoting trust and confidence in the digital banking ecosystem.
Roundtable 8: Caroline Prenn, Senior Director at EPAM Systems
How Organizations Can Leverage AI, mitigate risk and ensure benefits
Today AI brings tremendous benefits for automation which bring cost savings, efficiency gains etc. However without proper control and risk management, it can generate significant threats and bring more pain then benefits. What to consider to leverage full benefits?
Roundtable 9: Zuzana Rebrova, Lead of Third Party Cyber Risk Management at Swiss Re
Ingredients of streamlined and smooth running TPRM
The roundtable discussion will focus on the components required to create efficient third-party risk management service. Discussion will touch on the importance of cross-team collaboration, operating without silos, tooling, 20/80 approach and holistic view through multiple risk domains and how all these ingredients might be used to enhance the efficiency of the third-party risk managements process. Participants can expect productive, insightful conversation, best practices sharing and inspirations from peers.
Roundtable 10: Nathalie Weiler, former Professor at OST - Ostschweizer Fachhochschule
Beyond Security Awareness
Security Awareness Training address the human factor in cyber risk. Unfortunately, effectiveness is limited and stagnates even in the best companies at 80-85% in phishing simulations.
So, lets discuss how we can get rid of the effectiveness myth of security awareness. What can we do? How can we combine train more - train different? What value brings gamification in security awareness training? How can we borrow on a general security training within the enterprise to foster security first thinking? Are Capture-the-Flag (CTF) of value for enterprise or just a nerd experience? What does academic research in this specific field bring to the table? What learnings can we draw from specialist trainings?
Let's talk about spanning the bridge between the different security training forms and formats available for a better result!
Roundtable 11: Maria Zidkova, Information Security Officer at City Zurich
How to achieve Continuous Security Compliance and benefit from Cloud Security Community
Cloud Security Organizations like Cloud Security Alliance provide us with tools and documentations to work with.
Are you aware of the benefits CSA CCM, CAIQ and CIS Benchmarks can offer you? Let's share experiences. Which tools did you experience and would recommend?
Roundtable 1: Martina Arioli, Attorney-at-law at TIMES Attorney
Regulatory Challenges and Legal Pitfalls: how can the Legal Function best support your needs?
Compliance with regulatory requirements and legal provisions is increasingly complex. Cybersecurity requires an interdisciplinary approach, and the legal function is there to support you in navigating data protection laws, industry-specific compliance standards, and breach notification requirements. The participants will get a chance to ask questions they never dared to ask their legal counterpart and discuss their expectations in the effort to continuous compliance and best practices in contract negotiations.
Roundtable 2: Camille Aubry, Cyber Threat Intelligence Specialist at Raiffeisen
Building an effective Threat Intelligence Program
Setting up a threat intelligence program can bring incredible value to our organization and help improve security. Yet, it remains a challenge to implement it in a way that adds real value. How can we make our TI program effective? How to avoid it being a "nice-to-have" add-on?
Roundtable 3: Florence Garaud, Head of IT Security Architecture & Risk Management at Lonza
Shielding the Cloud : Safeguarding our digital landscape with Vulnerability Management
In an ever-evolving threat landscape, effective vulnerability management is paramount to secure cloud environments, from conducting vulnerability scans to implementing robust security monitoring processes which involve identifying and mitigating weaknesses that could be exploited by attackers.
In this session, we'll discuss the latest best practices for implementing effective vulnerability management strategies within a cloud environment.
Roundtable 4: Cathérine Gloor, Global Third Party Cyber Risk Lead at UBS AG
How to efficiently conduct third party CIS risk assessments
CIS Third Party Risk Assessments are cumbersome for all parties involved. The third parties, who might not have the appropriate expertise and resources to respond to Third Party questionnaires, the business does not know how to facilitate such an assessment and is not cognizant of the risks involved and lastly, the risk assessors waiting for responses and evidence from the third parties.
How can these risk assessments be structured in a way that they are efficient? How can we ensure that cloud based services are properly assessed? Should this be outsourced? What are other options of managing Third Party Risk Assessments?
Roundtable 5: Dana Guran, Head of Strategic Program IAM at Novartis
Increasing identity governance automation for hybrid cloud environments
The hybrid nature of the modern IT landscape, encompassing SaaS, PaaS, IaaS, and a mix of public and private clouds, introduces significant challenges for consistent, granular and fit-for-purpose identity and access management. This is augmented by the increasing complexity of user types (humans - internals, externals, customers, machine/technical) and their very specific needs.
We invite you to join us at this round table discussion to exchange ideas and brainstorm together on managing security risk in this context, defining controls and appropriate technical solutions for automated centralized provisioning and, more importantly, timely deprovisioning of access. Do you think you have already solved this problem? Come share with the community and maybe you will discover some new aspects you did not yet consider.
Roundtable 6: Olga Horat, Expert ICT Security Assurance at AXA
(Governance and Assessments of Affiliates and Start-ups - details will follow)
Roundtable 7: Kristine Kraisa, Chief of Staff at TradeXBank AG
Data Ascend: Mastering Customer Identifying Data Handling in the Cloud
As the Swiss companies, and most importantly Swiss banking sector moves increasingly towards cloud-based solutions, the effective management and protection of customer identifying data in the cloud have become critical. This roundtable discussion will focus on the unique challenges, opportunities, and best practices associated with cloud data management in the Swiss landscape.
We will delve into the complexities of the data protection nuances, particularly in relation to the Federal Act on Data Protection (FADP), EU's General Data Protection Regulation (GDPR), and the Swiss Financial Market Supervisory Authority (FINMA) guidelines. Participants will dissect the current strategies employed by Swiss banks and other companies, the potential pitfalls and cyber risks associated with cloud migration, and the role of encryption, tokenization, and other advanced security measures.
By exploring the nuances of data handling in the cloud for the Swiss banking sector, this roundtable promises to provide invaluable insights and practical solutions for managing customer identifying data securely and effectively, thereby promoting trust and confidence in the digital banking ecosystem.
Roundtable 8: Caroline Prenn, Senior Director at EPAM Systems
How Organizations Can Leverage AI, mitigate risk and ensure benefits
Today AI brings tremendous benefits for automation which bring cost savings, efficiency gains etc. However without proper control and risk management, it can generate significant threats and bring more pain then benefits. What to consider to leverage full benefits?
Roundtable 9: Zuzana Rebrova, Lead of Third Party Cyber Risk Management at Swiss Re
Ingredients of streamlined and smooth running TPRM
The roundtable discussion will focus on the components required to create efficient third-party risk management service. Discussion will touch on the importance of cross-team collaboration, operating without silos, tooling, 20/80 approach and holistic view through multiple risk domains and how all these ingredients might be used to enhance the efficiency of the third-party risk managements process. Participants can expect productive, insightful conversation, best practices sharing and inspirations from peers.
Roundtable 10: Nathalie Weiler, former Professor at OST - Ostschweizer Fachhochschule
Beyond Security Awareness
Security Awareness Training address the human factor in cyber risk. Unfortunately, effectiveness is limited and stagnates even in the best companies at 80-85% in phishing simulations.
So, lets discuss how we can get rid of the effectiveness myth of security awareness. What can we do? How can we combine train more - train different? What value brings gamification in security awareness training? How can we borrow on a general security training within the enterprise to foster security first thinking? Are Capture-the-Flag (CTF) of value for enterprise or just a nerd experience? What does academic research in this specific field bring to the table? What learnings can we draw from specialist trainings?
Let's talk about spanning the bridge between the different security training forms and formats available for a better result!
Roundtable 11: Maria Zidkova, Information Security Officer at City Zurich
How to achieve Continuous Security Compliance and benefit from Cloud Security Community
Cloud Security Organizations like Cloud Security Alliance provide us with tools and documentations to work with.
Are you aware of the benefits CSA CCM, CAIQ and CIS Benchmarks can offer you? Let's share experiences. Which tools did you experience and would recommend?
4:50 PM
Short break and change the roundtables
5:10 PM
2nd turn roundtable discussions
6:00 PM
Apéro and elevator pitches from some hopefully interesting start ups
7:00 PM
Fondue/Raclette (and other things for peoples who don't like cheese) & networking till open end
Contributors & Moderators
Below you will find our contributors and speakers to whom we say a big thank you !
Initiator
Monika Atanasova
Global Head of Cyber Thirdparty Risk Management at Raiffeisen
Further information at Monika Atanasova | LinkedIn
Roundtable Moderators
Camille Aubry
Cyber Threat Intelligence Specialist at Raiffeisen
Further information at Camille Aubry | LinkedIn
Florence Garaud
Head of IT Security Architecture & Risk Management at Lonza
Further information at Florence Garaud | LinkedIn
Cathérine Gloor
Global Head Third Party Cyber Risk at UBS AG
Further information at Cathérine Gloor | XING
Zuzana Rebrova
Head of Global Third Party Cyber Risk Management at
Swiss Re
Swiss Re
Further information at Zuzana Rebrova | LinkedIn
Nathalie Weiler
former Professor at OST - Ostschweizer Fachhochschule
Further information at Nathalie Weiler | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!