Swiss CISO Summits take place three times a year. This overview details past events.
Keynote I: Addressing General Threats and APT: Experience with an all-in-one approach Speaker: Stefan Lüders Like any other enterprise, university and organization, CERN is under permanent cyber-attack: automatic scans, script-kiddies, white hats, hacktivists,
Keynote I: Addressing General Threats and APT: Experience with an all-in-one approach
Speaker: Stefan Lüders
Like any other enterprise, university and organization, CERN is under permanent cyber-attack: automatic scans, script-kiddies, white hats, hacktivists, but also through advanced persistent threat (APT) actors trying to infiltrate the organization. Given CERN’s academic environment, however, CERN cyber-security must be well balanced with CERN’s academic mandate and the free and open operation of its assets. This presentation shall outline CERN’s computing environment, the identified cyber-risks associated with it, and the various measures implemented and deployed in order to prevent, protect and detect any kind of cyber-attack.
Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. 2009 on-going, he is heading the CERN Computer Security Incident Response Team as CERN’s Computer Security Officer with the mandate to coordinate all aspects of CERN’s computer security – office computing security, computer centre security, GRID computing security and control system security – whilst taking into account CERN’s operational needs. Dr. Lüders has presented on computer security and control system cyber-security topics at many different occasions to international bodies, governments, and companies, and has published several articles.
Keynote II: Communication throughout incidents and crisis
Speaker: Juan Carlos Lopez Ruggiero
The communication concept in security incidents and crisis management is a subject that involves three disciplines with common elements: Security, Risk and Compliance. By identifying how to communicate, it means knowing how to handle it. The speaker will bring up communication processes and notions used in case of incidents and crises and share some “do and dont’s” from real environments with an eye on the imminent GDPR regulation. Three basic aspects of the speech are:
- The Incident must stay underground.
- The Incident can be communicated internally, but to a limited group (still secret).
- The Incident must be brought to media.
Juan Carlos Lopez Ruggiero is global Risk and Security Executive with 20+ years experience in implementing complex IT solutions in Risk Management, Cyber Security, Regulatory Compliance and Quality Management across multiple countries and industries. He lead IT organizations in implementing COSO, COBIT, ERM, ISO 27001, 6SIGMA, ISO 31000 and CMMI tenets, Lean Manufacturing strategies, and metric-based management. Having been the global CISO and Chief Risk Officer for Royal Philips, Juan Carlos is currently the CSO for DXC Technology in Switzerland and GDPR Lead for the EMEA region. He owns a degree in Law and speaks at least 7 languages fluently.
Culture and Congress Centre Luzern (KKL)
Europaplatz 1, 6005 Luzern
Keynote: Security Startups: Global trends in security startup investments and the digital identity revolution in Switzerland Speaker: Thomas Dübendorfer, President Swiss ICT Investor Club (SICTIC) Information security is in dire need of innovation
Keynote: Security Startups: Global trends in security startup investments and the digital identity revolution in Switzerland
Speaker: Thomas Dübendorfer, President Swiss ICT Investor Club (SICTIC)
Information security is in dire need of innovation as attackers are getting more and more sophisticated, better funded and run better targeted attacks. Thanks to security startups, new cyber defense methods and more secure systems are transferred from research or military to products used daily by corporations around the globe. The talk will show investments in security startups globally that are contributing to innovation and which areas are especially hot. Furthermore, the talk will discuss how to work with a security startup as a corporate customer and which risks to be aware of. Finally, I‘ll highlight some recent developments on digital identities in Switzerland, which will be essential for the security of online business transactions as they are at the core of many digital business processes.
Thomas Dübendorfer is the president of the Swiss ICT Investor Club (SICTIC), an IT security expert and angel investor. He is the co-founder of several Internet technology based start-ups in Switzerland, including Contovista, Frontify, Spontacts and YES Europe AG. He has shaped the Information Security Society Switzerland (ISSS) as president for five years. He has lectured on network security for ten years at ETH Zurich and is the co-founder and chairman of swisssecurity.org, which connects the leaders of all key information security organizations active in Switzerland. He has served in a variety of technology leadership, research, development, teaching, board and consulting roles. He has worked as software engineer in Silicon Valley and seven years as tech lead for fraud detection, security and privacy engineering projects at Google and has received three prestigious EMG awards from the Google founders.
First-hand presentations from startups
Instead of a second speaker we have been inviting eight well selected and distinguished security startups (Futurae, Notakey, Cybellum, IRONSCALE, Minerva, Morphisec, Dathena, and Fireglass) to present in a Pecha Kucha style presentation (7 Minutes) the company and the strategy, functional specification and early adopter case studies of the product.
Innovative “World Coffee” style discussion
The discussions will be between the participants and the startups representative in world coffee style: 15 minutes discussion with each founder / delegate in small groups of 3-5 participants.
Keynote 1: Best of Breed Security Architecture: Protection Level and Borders of State-of-the-Art Speaker: Rajesh Nair, Detecon (Schweiz) AG Moving on from the traditional focus of defense in depth, there is a need
Keynote 1: Best of Breed Security Architecture: Protection Level and Borders of State-of-the-Art
Speaker: Rajesh Nair, Detecon (Schweiz) AG
Moving on from the traditional focus of defense in depth, there is a need to come ever closer to being able to understand security from a business context. Architecting a security solution then becomes even more an integra- ted approach between the IT and Business teams, with Operations becoming more central in the entire chain. Additionally the architecture design extends outside the organizational boundaries speci cally in highly integrated environments. This presentation will explain state-of-the-art security architecture from a different «highest security» perspective.
Rajesh Nair worked with Swissgrid from 2009 in various roles covering Strategy, Archi- tecture, Cyber security and as the Chief Information Of cer. The main focus of his work in Swissgrid was the design and implementation of Swissgrid Architecture, building up a central capability to monitor and control the Swiss National Transmission grid. He led a team of over 120 ICT experts. He was responsible for the Corporate and Industrial IT of Swissgrid as well as for the design and operation of certain critical pan European ICT infrastructures. Rajesh has been in the Energy industry for over 20 years and has worked for ABB, Deloitte Consulting, Suntec and Alstom. He has also had various functional roles leading from Financial controlling, Product development, Strategy, Project Executi- on and General Management in these companies, which gives him a balanced corporate view on technology. From Oct 2016, Rajesh has been a part of the Detecon team, working on a number of strategic initiatives mainly on the topics Cyber Security, Big data and New technologies.
Keynote 2: Detection and Response: Empowered by Intelligence led Security Operations
Speaker: Will Semple, PwC
Observing the market, a relevant shift in security budgets has happened towards detection and response in recent years: By today it is a well-known fact, that anybody will be breached. Readiness for detection and response is the key for mastering the situation and means storing data over a long period (two or more years), understanding the intelligence management lifecycle on strategic, tactical operational and technical level as well as the attack models. Content Detection needs threat intelligence, security analytics and use cases, against which the data are screened. Finally, knowing about a potential breach, in the rst step a veri cation is necessary: if the breach is con rmed prepared measures which can be invoked timely help to master the situation.
This presentation highlights background on the functional principles, how detection and response really work.
Will Semple is a Leader in the PwC Cyber Security Practice responsible for Managed Threat Detection and Response Services, Advanced Security Operations and a Security Analytics SME. Will works with PwC clients globally helping to solve some of the their most challenging cyber risk questions. Prior to PwC Will has served as Head of Global Threat for the New York Stock Exchange, managing cyber risk from nation state attackers, industrial espionage, hacktavism and cybercrime related incidents. Will was later appointed CISO for the European, APAC and Commercial business units of the NYSE overseeing EU and US Regulator interactions for the Exchange on Cyber matters. Will has actively contributed to the industry by serving as Chair of a European Council working group on Network Information Sharing and Incident Response and assisted in the formulation of policy and legislation for Cyber Security in the EU.
Zunfthaus zur Schmiden, Zurich
Marktgasse 20, Zurich
Keynote 1: Protecting the enterprise: IT risk and security in the overall corporate context Speaker: Domenico Salvati How does information technology contribute to the protection of the enterprise? What is its role in
Keynote 1: Protecting the enterprise: IT risk and security in the overall corporate context
Speaker: Domenico Salvati
How does information technology contribute to the protection of the enterprise? What is its role in the overall corporate security context? Domenico Salvati highlights the context in which corporate boards perceive cyber security. While the important role of cyber security is unquestioned today, IT risk and security experts tend to overlook the fact that it is (only) one piece of the overall security puzzle. To further advance cyber security, the CISO needs to position it within a corporate security framework.
To sharpen the role of cyber security in the corporate context, Domenico merges the Governance, Risk and Compliance (GRC) and the Three Lines of Defense models and positions cybersecurity within this comprehensive view of the enterprise. A third concept rests on terminology and is concerned with “events” and (security) “measures”. As will be shown, the aforementioned concepts underlying information technology are also suited to position other corporate risk and compliance functions in a corporate context (cybersecurity being one of them). In conse- quence, this view of the overall corporate security context yields the opportunity to create a well-tuned reporting system including other functions such as compliance management or data protection to name a few.
For over ten years Domenico Salvati has worked in positions such as “IT Risk Response & Mitigation”, “IT Risk Compliance and Oversight” and “Operational IT Security” most of these for a large Swiss bank. During this period, he also researched the “Management of Information System Risks” at the Swiss Federal Institute of Tech- nology in Zurich (ETHZ) for which he gained his PhD. Since 2010 he holds the position of Enterprise Risk Manager for a large health insurer in Switzerland. With the change from information security to enterprise risk management, Domenico gained a new view on cyber and IT security and will share this with the audience.
Keynote 2: Cyber insurance: What is the scope and by when insurance option is a valuable option?
Speaker: Willi Stössel, Swiss Re Corporate Solutions
Cyber insurance has emerged from data risks and business continuity risk coverage to holistic approaches in order to help enterprises dealing with residual risk. Insurance is the last line of defense for many enterprises before self-carrying the nancial loss of risks. Bruce Schneier introduced the following philosophical concept cybersecurity measures are good to reduce the insurance fee, but there are little arguments only to stretch this border. In the presentation Willy Stössel, a senior experts from SwissRe provides insights on expected corporate cybersecurity measures and their impacts as well as dependencies when offering insurance contracts.
Willy Stössel, is Head of Cyber, Technology & Construction at Swiss Re Corporate Solutions 2007 on-going. The team is responsible for writing primary and excess liability covers for large industrial companies on a worldwide basis. Willy has been instrumental in launching Swiss Re‘s Cyber Liability products and building a large worldwide portfolio of Technology E&O related risks. Prior to this role, he was responsible for the underwriting various other industry segments including heavy machinery, utilities and pharmaceutical companies. He has close to 20 years of experience in the insurance industry and has been always focused on risk transfer of large cooperations.
Keynote 1: Corporate Security is an Ecosystem Speaker: Alain Beuchat, UBS Corporate Security cannot be successfully implemented without including employees, clients, vendors and third-parties in an overall security concept. This seems straightforward and
Keynote 1: Corporate Security is an Ecosystem
Speaker: Alain Beuchat, UBS
Corporate Security cannot be successfully implemented without including employees, clients, vendors and third-parties in an overall security concept. This seems straightforward and logical. However it is a difficult undertaken as the perception of risk, the amount of resources and budget and priorities is usually quite different across the several actors. This presentation will show some of the challenges and potential ways to integrate clients and third-parties in a Corporate Security ecosystem.
Alain Beuchat is Group Information Security Officer at UBS. Alain focuses on adapting the bank‘s Cyber Security defense and Data Protection framework to the evolving threat landscape. Alain has more than 20 years of experience in the domains of IT risk management and information security primarily in the financial and telecommunication industry. He has occupied several positions as information security officer, security consultant and security engineer.
Keynote 2: Threat Intelligence – A Key Piece Towards Achieving Improved Understanding
Speaker: Mark Barwinski, PwC
Increasingly information is under threat of corruption, destruction, or theft. Better understanding the context of these attacks and who is behind them may lead to not just faster recovery from a compromise, but also proactive defence against known tactics, techniques, and procedures. Integrating a Cyber Threat Intelligence Fusion Center into your architecture complements a holistic defensive posture through enriched pertinent information.
Mark Barwinski is Director for Threat Intelligence and Incident Response at PwC Switzerland. He joined PwC following 11 years of cyber related experience attained at the U.S. Department of Defense in Washington D.C., Germany, Afghanistan, and Canada. He has served in a variety of leadership and liaison roles supporting military operations, defending the Global Information Grid (GiG), and promoting joint discovery and response efforts among partner states. Focused on leveraging actionable information acquired from intelligence and incident response activities, he will highlight the benefits of an integrated Cyber Threat Intelligence Fusion Center into a corporate security architecture.
Keynote 1: Privacy 2.0: What to expect from the new data protection laws in Europe? Speaker: David Rosenthal, Homburger AG: Privacy 2.0 20 years after their creation, the data protection laws in Europe are
Keynote 1: Privacy 2.0: What to expect from the new data protection laws in Europe?
Speaker: David Rosenthal, Homburger AG: Privacy 2.0
20 years after their creation, the data protection laws in Europe are being revised completely. This is true also for Switzerland. While in some areas life will become easier, in particular for multinationals, overall, the costs of data protection compliance will increase. In addition, fines will increase in case of non-compliance. This presentation will provide an update on what is going on, an overview of key changes in law to expect in the upcoming years, and the resulting challenges companies will have to deal with, with a particular focus on Switzerland.
David Rosenthal, counsel at Homburger AG, is one of the opinion leaders in the area of data protection in Switzerland. He has authored a commentary on the Swiss Data Protection Act. He also regularly advises companies on data protection compliance issues and disputes as well as the Swiss government, e.g. in connection with its projects to revise Swiss law. He co-heads the IT law practice at Homburger, one of the largest Zurich business law firms, acts as the secretary of the Swiss Association of Corporate Data Protection (VUD) and the Swiss Association of E-Discovery and Investigations (SeDIV) and he lectures at ETHZ and at the University of Basel. Before getting in to the legal profession, he worked as a journalist and software developer.
Keynote 2: Integration of Information Digital Rights Management (DRM) in IT Infrastructure and Business Processes: challenges and experience sharing
Speaker: Marek Pietrzyk, UBS AG
Integration of Digital Rights Management (DRM) in IT Infrastructure and Business Processes: challenges and experience sharing. The initial step in DRM is policy development in order to protect bank‘s sensitive customer data from unauthorized internal access and uncompliant disclosure, as well as to fulfil bank‘s regulatory obligations, protect its reputation and avoid financial fines. Evaluation of efficient data protection solutions is the base for a successful implementation. Application of leading edge technology for mastering both, usability and overall complexity was of paramount importance when implementing and deploying DRM. A review of the impact on daily business processes and end-user experience of the data protection solution is assessing DRM’s business performance. Recommendations in form of a six-step program for establishing a balanced ecosystem for managing sensitive data conclude the presentation.
Marek Pietrzyk, director and program manager of the UBS client data confidentiality programme DRM is responsible for cost effective implementation of the bank’s sophisticated cyber defence requirements on client data protection. In various positions such as business analyst, strategy consultant, IT architect and project manager, he gained more than twenty years of experience as information security practitioner in the financial industry. He is an author of several publications on software architecture and requirements management and is distinguished speaker at major information security, identity management and e-crime conferences with focus on data protection.
EMA House, Zürich
Nordstrasse 1, 8006 Zürich
Keynote 1: Swisscom‘s approach for the secure Workspace of tomorrow Speaker: Marco Wyrsch, Swisscom Open and unlimited collaboration is part of Swisscom’s business strategy, including a “Bring your Own Device” strategy, approved
Keynote 1: Swisscom‘s approach for the secure Workspace of tomorrow
Speaker: Marco Wyrsch, Swisscom
Open and unlimited collaboration is part of Swisscom’s business strategy, including a “Bring your Own Device” strategy, approved by the board of directors, as well as all employee preferably working with smartphone and tablets. The strategy even developed such that Swisscom’s employees demand support of HoloLens, smartwatches and Surface Hub for accessing corporate data. This obviously poses security challenges for addressing according risks. This presentation will share Swisscom’s security approaches and progress as well as state-of-the-art challenges we are working on.
Marco Wyrsch launched PocketPC.ch in 2001, one of the most popula websites about mobile technology in Switzerland. He has experience in developing, designing and implementation of mobile services and secure architectures for the mobile enterprise. After launching mobile related services on the market he change to Swisscom as mobile security consultant. He supported Swisscom clients in securing their mobile workforce. Today, he serves by introducing secure mobile workspace of tomorrow within Swisscom and supports implementing Swisscom’s security vision.
Keynote 2: New Trends in Secure Mobility
Speaker: Michael Maurer, Microsoft
Mobility is the new «normal» but the challenges for keeping platforms secure are coming up every day. The market is driven by consumerisation, from the use of personal devices, to providing consumer-like social tools supporting access to line-of-business (LO B) apps from smartphones. Businesses are focused on protecting intellectual property while IT should enable access on a broad range of mobile devices by carefully balancing information security classification with the trustworthiness of the device and point of connection. New and upcoming technologies help your employees to be more agile and productive and to inspire a new generation of workers. The session will share some key lessons learned in securing mobile platforms.
Michael Maurer has more than 10 years’ experience in deploying and securing Enterprise client systems. Based on Businesses’ requirements the entry point to access corporate data and applications has moved to mobile scenarios across mobile Operating System Platforms. He is specially focused on protecting mobile devices, protecting content and securing corporate identities. Michael has been speaker at various events to present the business value of mobile working scenarios. Based on use case scenarios he presents the lesson’s learned and recommended practices to secure and manage mobile workers
Keynote: Next generation security awareness Speaker: David Lacey In a hyper-connected world there are no secure boundaries. Physical and technical measures alone will not guarantee security. Professional attacks penetrate enterprises through mistakes
Keynote: Next generation security awareness
Speaker: David Lacey
In a hyper-connected world there are no secure boundaries. Physical and technical measures alone will not guarantee security. Professional attacks penetrate enterprises through mistakes by users who can be persuaded to click on infected web pages or email attachments. The only solution is continuous education and reminders in the nature of the risks to users and their own security responsibilities. It is not an exact science, and demands knowledge, skills and artifacts which are not adequately addressed in computer science courses. This presentation examines the state of the art in security awareness and the techniques needed to achieve the maximum impact on users.
David Lacey has more than 25 years professional experience in directing security for leading enterprises such as Shell, Royal Mail and the British Foreign & Commonwealth Office. He is now a freelance researcher, writer and consultant, as well as a keen innovator who has developed many contemporary standards and ideas, including the original text behind ISO 27001. He founded the Jericho Forum, and developed the first fraud detection system based on the human immune system. David is the author of the books «Managing the Human Factor for Information Security», «Managing Security in Outsourced and Off-shored Environments», «Business Continuity Management for Small and Medium Sized Companies», “Advanced Persistent Threats” and “A Practical Guide to the Payment Card Industry Data Security Standard”. He is a visiting senior research fellow of the University of Portsmouth, a member of IO Active‘s Strategic Advisory Board, and a member of the Infosecurity Europe «Hall of Fame». He writes a security blog for Computer Weekly and has published many white papers and media articles.
Keynote 1: Advanced Persistent Threats Speaker: Dr. Marc Ph. Stoecklin, IBM Research Advanced Persistent Threads (APTs) are by more sophisticated and targeted compared to earlier threats. APTs employ multi-stage kill chains created
Keynote 1: Advanced Persistent Threats
Speaker: Dr. Marc Ph. Stoecklin, IBM Research
Advanced Persistent Threads (APTs) are by more sophisticated and targeted compared to earlier threats. APTs employ multi-stage kill chains created by highly capable actors. Traditional security mechanisms likely fail to detect APTs. We analyse the anatomy of APTs and discuss strategies and concepts for mitigation.
Dr. Marc Ph. Stoecklin is a research scientist and the manager of the Security Services (GSALI) team at IBM Research, where he is responsible for cyber security analytics
research with a particular focus on advanced threat detection, big data analytics, network and device security, as well as security data visualization.
Keynote 2: Cyber Defence Strategy of the Swiss Armed Forces
Speaker: Gérald Vernez, Director for Cyber-Defence in the Swiss Armed Forces
The Cyber Defence Strategy of the Swiss Armed Forces from 2013 with aims to protect the military IT-systems and -infrastructures, to initiate the collaboration with operators of critical infrastructures that are themselves essential to the armed forces and for the support to civilian authorities. An overview on concepts, interdependencies and procedures will be discussed with the attending CISOs.
Gérald Vernez, Colonel GS, MAS ETH SPCM, Director for Cyber-Defence in the Swiss Armed Forces. He is deeply involved in information operations and cyber defence for more than 15 years, and nationally as well as internationally known as high level expert.
Keynote 3: Cyber Fusion Centre Insights
Speaker: Martin Dion, Kudelski Security
Cyber Fusion Centre lnsights will expose some processes and technologies used to manage the flow of information and intelligence across private sector and government. We will discuss how private organizations shall take leadership and build synergies to effectively detect and prevent the growing number and impact of advanced threats.
Martin Dion, Vice President, Head of Financial Services Practice at Kudelski Security brings over 15 years of experience in the field of information security. Prior to joining
Kudelski, he founded and led Above Security (Canada) and Secure IT (Switzerland). Next position was Head of IT and Corporate Security in a Swiss private bank. He is a certified CISSP CISM and ISO 27001/2000/27005/22301 Trainer/ Lead Auditor.
Bahnhofstrasse 87, 8021 Zurich
Keynote: Resilience with the Cloud, in the Cloud or in spite of the Cloud? Speaker: Reto Häni, Microsoft Cloud security and resilience: Cloud computing is changing and accelerating our work and life. Standardized services
Keynote: Resilience with the Cloud, in the Cloud or in spite of the Cloud?
Speaker: Reto Häni, Microsoft
Cloud security and resilience: Cloud computing is changing and accelerating our work and life. Standardized services – that are available immediately and scale seemingly without end – are increasing the competitiveness and flexibility of enterprises. The advantages of competitiveness and flexibility are even more attractive considering the opportunity to reduce capex and free up a company’s own ICT personnel for non-routine work. However, enterprises ask themselves «How available and secure are such cloud services in reality?». This essential question is even more crucial when considering latest threats to businesses from cyberspace – a fact that has been even called out at the World Economic Forum in Davos as one of the global risks (Global Risk Report 2014). The speaker provides an in-depth analysis of resilience and security, and discusses privacy in detail.
Reto Häni has over 15 years work experience in an information security and risk focused ICT environment. He is Microsoft‘s Chief Security Officer/Advisor for Western Europe where he is the internal and external focal point for Security and the crisis management responsible for software security incident response. He focuses on enabling business with higher than average availability and security needs and has in-depth experience in cybersecurity, cloud crisis management and new technologies enabling business.
Clouds Conference Center, Zurich
Prime Tower, Maagplatz 5, 8005 Zürich
Keynote: Digital Transformation as a driver for competition Speaker: Stefan Wilhelm, Detecon International GmbH Digitalization and dematerialization are drivers for competing markets of tomorrow. The impact of ICT on business models and
Keynote: Digital Transformation as a driver for competition
Speaker: Stefan Wilhelm, Detecon International GmbH
Digitalization and dematerialization are drivers for competing markets of tomorrow. The impact of ICT on business models and business life is enormous and transforms enterprises and markets fundamentally: Each single enterprise is challenged every day again by speed and new options of digital technologies and must defend the position in the networked society of next generation enterprises. Digital technologies have evolved from „enabler“ to core advantage of new business models and business performance: Critical to maintain success for the next strategic period in transformed networked digital society is the right and future ready design of security in all dimensions.
Stefan Wilhelm, member of executive board at Detecon International GmbH, is an expert for strategy in enterprise, joint ventures, change management and digital transformation, with special focus on leveraging business with internet and information as well as communication technologies.
Zunfthaus zur Schmiden, Zurich
Marktgasse 20, Zurich