Program Overview

Agenda is subject to change. Times are reflected in UTC +1 (CET). Training sessions have limited seating and are first-come, first-served. Please select your training options during registration. Plenary sessions are open to all registered delegates.

Tuesday, 1 November

Training: AnalyticalTraining: Technical
09:00 – 11:15
 NL

‘Build Your Own Threat Landscape’ Workshop

Gert-Jan Bruggink (Venation, NL)

 LU

Building Your Own Workflows in MISP: Tutorial and Hands-on

Alexandre Dulaunoy, Andras Iklody, Sami Mokaddem (CIRCL, LU)

11:15 – 11:30

Coffee Break

11:30 – 13:00
 NL

‘Build Your Own Threat Landscape’ Workshop

Gert-Jan Bruggink (Venation, NL)

 LU

Building Your Own Workflows in MISP: Tutorial and Hands-on

Alexandre Dulaunoy, Andras Iklody, Sami Mokaddem (CIRCL, LU)

13:00 – 14:00

Lunch Break

14:00 – 16:00
 GB US NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs.

Brad Crompton (Intel 471, GB); Michael DeBolt (Intel 471, US); Freddy Murstad (Nordic Financial CERT, NO)

 CH

IT vs. OT: Comparing SOC Analyst (IT) and Control Center Operator (OT) Job Functions for Building Effective OT Security Monitoring and Defense Program

Marina Krotofil (Kudelski Security, CH)

16:00 – 16:15

Coffee Break

16:15 – 18:00
 GB US NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs.

Brad Crompton (Intel 471, GB); Michael DeBolt (Intel 471, US); Freddy Murstad (Nordic Financial CERT, NO)

 CH

IT vs. OT: Comparing SOC Analyst (IT) and Control Center Operator (OT) Job Functions for Building Effective OT Security Monitoring and Defense Program

Marina Krotofil (Kudelski Security, CH)

Wednesday, 2 November

Plenary Sessions Day 1
09:00 – 09:10

Welcome Remarks

09:10 – 09:45
 GB

Ten Years of Cyber Threat Intelligence: Retrospectives

James Chappell (Digital Shadows, GB)

09:45 – 10:15
 US

Crossing the Cyber Sad Gap

Kirstie Failey, Jake Nicastro (Mandiant, US)

10:15 – 10:45

Networking Break with Exhibits

10:45 – 11:15
 AT

Cyber Threat Intelligence Sharing Platforms: A Comprehensive Analysis of Software Vendors and Research Perspectives

Clemens Sauerwein ( University of Innsbruck, Department of Computer Science, AT)

11:15 – 11:45
 NL

The Joy of Threat Landscaping

Gert-Jan Bruggink (Venation, NL)

11:45 – 12:15
 DE

All the Unstructured Data! Using NLP to Process Threat Reports (to identify implicit mentioned TTPs)

Patrick Grau (Bosch, DE)

12:15 – 13:30

Lunch Break

13:30 – 14:00
 US

Cyber Threat Intelligence Analysts and You: Understanding the Discipline to Optimize Cyber Defense Collaboration

John Doyle (Mandiant, US)

14:00 – 14:30
 LU

Community Management and Tool Orchestration the Open-source Way via Cerebrate

Andras Iklody, Sami Mokaddem (CIRCL, LU)

14:30 – 15:00
 CH

Let's Make Needles Glow in Timesketch

Thomas Chopitea, Alexander Jäger (Google, CH)

15:00 – 15:30

Networking Break with Exhibits

15:30 – 16:30
 CZ

SOC Buddies - Bridging the Gap Between IR and CTI

Ilin Petkovski (Red Hat, CZ)

16:00 – 16:30
 NO

Vanity Metrics - The BS of Cybersecurity

Freddy Murre (NFCERT, NO)

16:30 – 17:30
 NL

How to Create Effective Structured Intelligence Extensions for TIPs

Peter Ferguson (EclecticIQ, NL)

Thursday, 3 November

Plenary Sessions Day 2
09:00 – 09:10

Opening Remarks

09:10 – 09:40
 IE

Why Your Security Analysts Are Leaving and What You Can Do to Retain Them

Eoin Hinchy, Thomas Kinsella (Tines, IE)

09:40 – 10:10
 US

CTI Bake-Off: A Recipe for Measuring, Integrating, and Prioritizing a CTI Program

Kellyn Wagner Ramsdell (MITRE Engenuity, US)

10:10 – 10:40
 ES CH

Enhancing CTI Processes with Code Search Technology

Carlos Rubio (Threatray, ES); Jonas Wagner (Threatray, CH)

10:40 – 11:00

Networking Break with Exhibits

11:00 – 11:30
 JP

Targeted Web Skimming on E-Commerce Sites

Hendrik Adrian (LACERT/LAC Tokyo, JP); Takehiko Kogen (LAC/LACERT Tokyo, JP)

11:30 – 12:00
 KR

Gwisin: A Spooky Ransomware Only Targets South Korea

Hyeok-Ju Gwon, Kyoung-Ju Kwak, Jungyun Lim, Sojun Ryu (S2W Inc., KR)

12:00 – 13:30

Lunch Break

13:30 – 14:00
 DE

ORKL: Building an Archive for Threat Intelligence History

Robert Haist (TeamViewer, DE)

14:00 – 14:30
 US

Lessons from the Trenches – What I Wish I’d Known About Threat Intel Platforms

Lincoln Kaffenberger (Deloitte Global, US)

14:30 – 14:45

Networking Break with Exhibits

14:45 – 15:15
 CH

Kinetic- and Cyberwarfare: Twins, Siblings or Distant Relatives? Disassembling Popular Beliefs About Tactical Effectiveness of Cyber-physical Attacks in Real Combat Operations

Marina Krotofil (Kudelski Security, CH)

15:15 – 15:45
 CZ

How to Develop Priority Intelligence Requirements for YOUR Organization

Ondrej Rojcik (Red Hat, CZ)

15:45 – 16:00

Closing Remarks