Program Agenda

Agenda is subject to change. Times are reflected in UTC +1 (CET). Workshops have limited seating and based on the registration admission purchased. Plenary sessions are open to all registered delegates.

Virtual Attendance: All TLP:CLEAR plenary presentations will be streamed live. Workshops will not be streamed. Virtual registration is available within the registration form. Streaming will be delivered over Zoom.

Registration Hours

Monday, April 15 - Registration Located on Level 2, Atrium
07:00-10:00 | Registration for Workshop Participants ONLY
11:00-18:00 | Registration for Plenary Participants

Tuesday, April 16 - Registration Located on Level 1, Near Stairway from 2 and Mall Entrance
08:00-15:00 | Registration

Wednesday, April 17 - Registration Located on Level 1, Near Stairway from 2 and Mall Entrance
08:00-15:00 | Registration

Monday, April 15th

Workshop: Track 1Workshop: Track 2Workshop: Track 3
08:30 – 10:00
 NL

Malware Analysis and Event Collection Workshop (08:30-12:30)

Remco Sprooten, Ruben Groenwoud (Elastic, NL)

TLP:CLEAR
 US NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs (08:30-12:30)

Michael DeBolt (Intel 471, US); Freddy Murstad (Nordic Financial CERT, NO)

TLP:GREEN
 DE

Predictive Cyber Defense - Early Warning Intelligence & Forecasting (08:30-12:30)

Robin Dimyanoglu (HelloFresh SE, DE)

TLP:CLEAR
10:00 – 10:15

Networking Break

10:15 – 12:30
 NL

Malware Analysis and Event Collection Workshop (08:30-12:30)

Remco Sprooten, Ruben Groenwoud (Elastic, NL)

TLP:CLEAR
 US NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs (08:30-12:30)

Michael DeBolt (Intel 471, US); Freddy Murstad (Nordic Financial CERT, NO)

TLP:GREEN
 DE

Predictive Cyber Defense - Early Warning Intelligence & Forecasting (08:30-12:30)

Robin Dimyanoglu (HelloFresh SE, DE)

TLP:CLEAR
12:30 – 13:30

Lunch Break

13:00 – 14:00

CTI SIG Meeting (in-person and virtual)

14:00 – 16:00
 LU

MISP API and Automation Workshop (14:00-18:00)

Alexandre Dulaunoy, Andras Iklody (CIRCL, LU)

TLP:CLEAR
 NL

‘Build Your Own Threat Landscape’ Workshop (14:00-18:00)

Gert-Jan Bruggink (Venation, NL)

TLP:CLEAR
 FR

Cryptocurrency & Web3 OSINT Workshop (14:00-18:00)

Patrick Ventuzelo, Tanguy Laucournet (FuzzingLabs, FR)

TLP:GREEN
16:00 – 16:15

Networking Break

16:15 – 18:00
 LU

MISP API and Automation Workshop (14:00-18:00)

Alexandre Dulaunoy, Andras Iklody (CIRCL, LU)

TLP:CLEAR
 NL

‘Build Your Own Threat Landscape’ Workshop (14:00-18:00)

Gert-Jan Bruggink (Venation, NL)

TLP:CLEAR
 FR

Cryptocurrency & Web3 OSINT Workshop (14:00-18:00)

Patrick Ventuzelo, Tanguy Laucournet (FuzzingLabs, FR)

TLP:GREEN

Tuesday, April 16th

Plenary Sessions Day 1
09:00 – 09:15

Welcome Remarks

09:15 – 09:45
 PL

Blueprint for Maturity: Crafting a Tailored Cyber Threat Intelligence Maturity Model

Kiraga Slawek (Standard Chartered Bank, PL)

TLP:CLEAR
09:45 – 10:15
 CA

Solving CTI Sector Incoherence in a Living Growing OpenCTI Repository: Extend STIX 2.1 FTW

Philippe Lin (Trend Micro, CA)

TLP:CLEAR
10:15 – 10:45

Networking Break with Exhibitors

10:45 – 11:15
 AT US IT GB

Initial Findings on Creating a Standard CTI Benchmark Dataset for Machine Learning

Aaron Kaplan (EC-DIGIT-CSIRC, AT); David J. Bianco (SURGE / Cisco, US); Jay Jacobs (Cyentia, US); Paolo Di Prodi (PRIAM.ai, IT); Syra Marshall (ELEMENDAR, GB)

TLP:CLEAR
11:15 – 11:45
 AU

Processing Threat Reports at Scale Using AI and ML: Expectations and Reality

Yury Sergeev (RST Cloud Pty Ltd, AU)

TLP:CLEAR
11:45 – 12:15
 TW

Multi Heads Are Better Than One: Leveraging Multimodal GenAI for Comprehending and Exploring Cyber Threat Intelligence

Cheng-Lin Yang, Kuan-Lun Liao (CyCraft Technology, TW)

TLP:GREEN
12:15 – 13:30

Lunch Break

13:30 – 14:00
 DE

Advanced Cyber Threat Intelligence Chapter - How to Read the Mind of your Attackers

Erick Thek, Vladimir Kropotov (Trend Micro, DE)

TLP:CLEAR
14:00 – 14:30
 GB

How to Start Using Priority Intelligence Requirements (PIRs) on a Budget

Josh Darby MacLellan (Feedly, GB)

TLP:CLEAR
14:30 – 15:00
 US

The Disclosure Dilemma and Ensuring Defense

Joe Slowik (Paralus, US)

TLP:CLEAR
15:00 – 15:30

Networking Break with Exhibitors

15:30 – 16:00
 NL

Enhancing Malware Code Similarity Detection through Vectorsearch and TLSH

Remco Sprooten (Elastic, NL)

TLP:CLEAR
16:00 – 16:30
 ES

Tracking Threat Actors Using Images: A Hunting & Analysis Approach

Joseliyo Sánchez (VirusTotal - Google, ES)

TLP:CLEAR
16:30 – 17:00
 PL

Invisible Strings – Contemporary Challenges And Techniques Of Infrastructure Tracking

Kamil Bojarski (Standard Chartered Bank, PL)

TLP:CLEAR
17:00 – 17:10

Closing Remarks

17:10 – 19:10

Wednesday, April 17th

Plenary Sessions Day 2
08:50 – 09:00

Welcome Remarks

09:00 – 09:30
 IT

A Service Architecture for an Enhanced Cyber Threat Intelligence Capability

Pasquale Digregorio (Bank of Italy, IT)

TLP:AMBER
09:30 – 10:00
 US

Human/Computer Relationships Across the Intel Life Cycle, an Automation Story

Neal Dennis (Cyware Labs, US)

TLP:CLEAR
10:00 – 10:30
 US FR

Automating Cyber Threat Intelligence: A Practical Approach to Managing Emerging Vulnerabilities

Andy Giron (Datadog, US); Fred Baguelin (Datadog, FR)

TLP:CLEAR
10:30 – 11:00

Networking Break with Exhibitors

11:00 – 11:30
 BE

Days and Nights as a CTI Analyst in CERT-EU

Antoine Keraudy, Emilien Le Jamtel (CERT-EU, BE)

TLP:GREEN
11:30 – 12:00
 DE

MISP Unleashed: How a Litter of Adorable MISP Puppies Turned into a Gang of Untamed Wild Beasts

Enrico Lovat (Siemens AG, DE); Tobias Mainka (Infineon AG, DE)

TLP:AMBER
12:00 – 13:15

Lunch Break

13:15 – 13:45
 AU

Artifact Metadata to the Attribution

Pratik Mehta (Google, AU)

TLP:GREEN
13:45 – 14:15
 TW

Source Pollution Attack - A Hidden Threat in Cybersecurity

Hsiang Yu (CyCraft Corp., TW); Syue Siang Su (CyCraft Technology Corp, TW)

TLP:CLEAR
14:15 – 14:45

Networking Break with Exhibitors

14:45 – 15:15
 LU

Sharing Information and Intelligence without Disclosing It - Private Search Set (PSS)

Alexandre Dulaunoy, Jean-Louis Huynen (CIRCL, LU)

TLP:CLEAR
15:15 – 15:45
 HU

Raising the Effectiveness of Your Threat Management Program

Ememobong Eyo (HU)

TLP:CLEAR
15:45 – 16:15
 NL US

Decoding Cyber Threats: A Practical Guide to Using Attack Trees

Gert-Jan Bruggink (Venation, NL); Sherman Chu (Deloitte, US)

TLP:CLEAR
16:15 – 16:30

Closing Remarks