Track 1 Track 2
08:30 - 09:00 Registration
09:00 - 09:10 Dr. Bernhard Tellenbach
President, Swiss Cyber Storm

09:10 - 09:55 Kevin Beaver
Security Consultant, Writer, Professional Speaker and Expert Witness, Atlanta, Georgia-based Principle Logic, LLC
Why organizations keep getting breached....Still, in 2015.
PDF LogoDownload Slides (PDF)
09:55 - 10:30 Enrico Petrov
Director Managed Security Services, terreActive
Daniel Just
Vice President and Head of SOC, Coutts & Co Ltd, Zurich
Effective methods to detect current threats
PDF LogoDownload Slides (PDF)
10:30 - 11:00 Coffee Break
11:00 - 11:45 Thom Langford
CISO, Publicis Group
Flushing Away Preconceptions of Risk
PDF LogoDownload Slides (PDF)
11:45 - 12:30 Alan Neville
Threat Intelligence Analyst, Symantec
Tom Grasso
Supervisory Special Agent, Cyber Division (CYD), FBI
Working Together: Law enforcement and private sector botnet takedowns
PDF LogoDownload Slides (PDF)
12:30 - 13:30 Lunch
13:30 - 14:10 Dr. Yuejin Du
Vice President, Alibaba Group
Differences and new challenges of cybersecurity issues from the angle of Alibaba
PDF LogoDownload Slides (PDF)
Daniel White
Incident Response, Forensics and Tools, Google's security team
New generation timeline tools: A case study
PDF LogoDownload Slides (PDF)
14:15 - 14:45 Richard Dorough
Senior Managing Director, PwC
State of the Cyber Threat & Consequences of Inaction
PDF LogoDownload Slides (PDF)
Dmitry Slinkov
Information Security Officer, RUSSIA CONSULTING
Black Market of Cybercrime in Russia
PDF LogoDownload Slides (PDF)
14:50 - 15:20 Paul Crichard
Head of Cyber Research, Raytheon UK
Robert Rodriguez
Chairman & Founder, SINET, Security Innovation Network (SINET)
The 2020 CISO, What will their roll look like?
Louis Marinos
Senior Expert Risk Management, European Union Agency for Network and Information Security (ENISA)
Visibility in the ENISA Threat Landscape
PDF LogoDownload Slides (PDF)
15:20 - 15:50 Coffee Break
15:50 - 16:50 Six hacks in 60 Minutes
ECSC Presentations
16:50 - 17:30 Patrick Miller
President Emeritus, EnergySec
Threat Intelligence Sharing – Lessons from the Front Lines.
PDF LogoDownload Slides (PDF)
17:30+ Apéro Riche


Kevin Beaver, CISSP is an information security consultant, writer, professional speaker, and expert witness with Atlanta, Georgia-based Principle Logic, LLC. With over 26 years of experience in IT and 20 in information security, Kevin specializes in performing independent security assessments to help businesses minimize their IT risks, take the pain out of compliance, and uncheck the checkboxes that keep creating a false sense of security. He has written/co-written 12 books on information security including the best-selling Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has also written over 800 articles and guest blog posts on information security and serves as a regular contributor to various websites including TechTarget's, Ziff Davis', and IBM's Kevin can be reached at and you can connect with him on LinkedIn and on Twitter at @kevinbeaver

Enrico Petrov has a proven record of supporting Swiss enterprises to detect and prevent IT security incidents. Working at terreActive as Director of Managed Security Services since 2002 he has focused on design, integration and operation of Security Monitoring projects for Swiss banks, insurances, health care and government institutions. Mr. Petrov is managing a team of engineers providing SOC Services to guarantee security for various companies in Switzerland 7x24. With his expertise in security assessments and multi-layer defense architectures he has further enhanced quality and efficiency of the terreActive Security Operations Center. Mr. Petrov holds a Master degree in Electronics and Telecommunications from the Technical University of Turin.

Yuejin Du, Ph.D. is currently serving as the director of the National Engineering Laboratory for Cybersecurity Emergency Response Technology, CTO of the National Computer Emergency Response Team and Coordination Center of China (CNCERT/CC). Dr. Du has more than 10 years of experience on Internet security and was involved in the handling work of nearly all the large scale Internet incidents during 2001 to 2008. Dr. Du contributed to national Internet security capacity building, leaded the project of national Internet intrusion monitoring platform and played a key role setting up the national incident response cooperation framework. Dr. Du was one of the top level network security experts during many important event, include Olympic Game in 2008, the World Expo and the Asian Games in 2010, and the Summer Universiade in 2011. Dr. Du earned many very high level awards because of his contributions.

Dr. Du also played an active role in international cooperation. Dr. Du worked as deputy chair of APCERT. He proposed the China-ASEAN cooperation framework on network security, led an APEC-TEL project on botnet countermeasure, and conducted numerous presentations on various international conferences.

Alan Neville is a member of the Attack Investigations Team (AIT) housed in Symantec’s Security Response Center in Dublin where he leads investigations into high-profile attacks and is responsible for identifying, analyzing and responding to such attacks and threats. Alan also represents Symantec as a media spokesperson on topical security issues. Previously, Alan worked on the operations team in Symantec’s Security Response Team as a Malware Analyst before moving into AIT. More recently, Alan has been involved in investigations surrounding Dragonfly, Turla and take operations such as Ramnit and ZeroAccess. Alan holds a MS.c in Security and Forensics from Dublin City University.

Thom Langford. As Chief Information Security Officer of Publicis Groupe, Thom is responsible for all aspects of information security risk and compliance as well as managing the Groupe Information Security Programme. Additionally the role is responsible for business continuity capabilities across the Groupe’s global operations. Having successfully built security and IT programmes from the ground up Thom brings an often opinionated and forward thinking view of security risk, both in assessments and management, but is able to do so with humour and pragmatism (mostly). An international public speaker and award winning security blogger, Thom contributes to a number of industry blogs and publications. Thom is also the sole founder of Host Unknown, a loose collective of three infosec luminaries combined to make security education and infotainment films. Thom can be found online at both and @thomlangford on Twitter.

Daniel White is a security engineer at Google, focused on forensics, incident response, tool development, and keeping people and data safe.

Richard Dorough is as a Senior Managing Director and National Practice leader in our Cyber Breach Response, Remediation and Investigation Practice. Richard has over 20 years’ experience in IT Security, IT Forensics, IT Audit, and IT Governance. Areas of focus include digital threat assessments, Cyber incident identification and response, electronic investigations and IT Security organization and operations center assessment and development.
Richard was the Global Chief Information Security Officer for Textron. As Global Chief Information Security Officer, Richard was responsible for developing, maintaining and assuring continuous improvement of Textron’s Information Technology Security strategy, programs, policies and processes. This included leadership of the Information Technology Risk Management (ITRM) Council which is a team of Security leaders from across Textron’s Business Units and COEs. Richard was also responsible for IT Privacy governance, software asset management, disaster recovery and led the IT portion of the electronic discovery (eDiscovery) program for Textron.

Dmitry Slinkov is building security processes and culture in a small group of 10 companies with HQ in Moscow with more than 500 employees. From the development of Security Concept and Security Strategy to its implementation, KPI and audit in all offices, his work at RUSSIA CONSULTING does also involve the development and implementation of products such as for background checks of people.
Before his current position, Dmitry worked as information security manager for Michelin, as information security specialist at HSBC and as information security administrator at Citi financial services.

Robert D. Rodriguez is the Chairman & Founder of the Security Innovation Network™ (SINET) an International community builder whose mission is to advance innovation and enable global collaboration between the public and private sectors to defeat Cybersecurity threats. Each year SINET hosts programs in Silicon Valley, New York City, London and Washington DC which are supported by the U.S. Department of Homeland Security Science & Technology Directorate (DHS S&T). The SINET model is designed to advance innovation by connecting the ecosystem of the entrepreneur; academia, science, private industry, investment banking, system integration, policy, innovators, law enforcement, venture capital and the Federal Government to include the civilian, military and intelligence agencies. In 2001, Robert spearheaded the development of the U. S. Secret Service’s first public-private partnership Cybersecurity initiative in the Western Region of the United States. Since 2005 he has been advising and coordinating the public private sector outreach for the DHS S&T and SRI International. Robert has served on the US Air Force Cybersecurity Advisory Board and has been called upon numerous times by Federal Government Agencies and universities such as Stanford and UNC Charlotte to help coordinate their private sector outreach to the venture capital community and both large and small businesses. In his previous career Robert served twenty-two years as a Special Agent with the United States Secret Service where he held a number of executive leadership positions within the Presidential Protection, Protective Intelligence, Inspection, Criminal Investigation Divisions and the Counter Assault Team. His executive protection experience spanned 10 years at the White House serving Presidents Ronald W. Reagan, George H. Bush, William J. Clinton and numerous Heads of State. He serves on the Board of Advisors for The Chertoff Group, as Director Emeritus for the San Francisco Kraft Fight Hunger Bowl, National Cyber Security Hall of Fame Board of Directors and is a certified graduate of the Federal Government’s Senior Executive Service Program.

Dr. Louis Marinos, is senior expert at ENISA in the area of Risk and Threat Management with extensive experience in the management and operation of security and the coordination of European expert groups. Currently, he is responsible for Projects in the area of Emerging Threat Landscape. He is the author and main responsible of the ENISA Threat Landscape. His expertise is on: Threat Analysis, Risk analysis, Risk Management and Business Continuity Planning, including SMEs, Member States and Critical Information Infrastructure Protection. Assessment and management of Emerging and Future Risks, Threats and trends hereof. Integration of Risk Management with operational and governance processes. Strategic consulting in the area of security for major firms in the financial, telecommunication and commercial sectors. Security management with regard to critical business areas, such as financial institutions, B2B and telecommunications.

Patrick Miller is a security executive who has dedicated his career to the protection and defense of the nation’s critical energy infrastructure. He is the founder of EnergySec, and currently its President and CEO. This nonprofit information sharing organization began as a few colleagues meeting for lunch and has grown into a nationwide effort to promote sound security principles in the energy industry.
One of his strengths is the diversity of his professional experience. In Energy, he has held positions with a utility, a regulator, and a private consulting firm. He has also held key positions in the Insurance, Internet and Telecommunications sectors. Among other credentials he holds the CISA, CRISC and CISSP certifications.
Patrick is an active member of several critical infrastructure security working groups and a sought after speaker and industry expert on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.

Tom Grasso has been an FBI Agent since 1998 and has worked for the FBI’s Regional Computer Crime Squad in Chicago and the High Technology Crimes Task Force in Pittsburgh. He has also served as the FBI Liaison to the CERT/CC at Carnegie Mellon University. Tom is now part of the FBI’s Cyber Division and is assigned to the National Cyber-Forensics and Training Alliance (NCFTA) in Pittsburgh, a joint partnership between law enforcement, academia, and industry. Tom is also an Adjunct Professor of Criminology at La Roche College in Pittsburgh.


Why organizations keep getting breached....Still, in 2015.

Speaker: Kevin Beaver, Security Consultant, Writer, Professional Speaker and Expert Witness, Atlanta, Georgia-based Principle Logic, LLC

Information security is no longer a mysterious function carried out by IT staff. Rather, it has made its way into the boardroom, falling under what seems to be increasingly stringent compliance oversight. Yet the data breaches keep occurring. Why is this? The solutions to our information security challenges are right before our eyes. Many principles have been around for decades. Yet, not unlike government politics, people often get in their own way when it comes to getting things done with security. In this keynote presentation, Atlanta, Georgia-based independent information security consultant, expert witness, and author of Hacking For Dummies, Kevin Beaver, will explore why we’re experiencing these roadblocks and provide ideas on what you can do to minimize their impact on your security program.

Effective methods to detect current threats

Speaker: Enrico Petrov, Director Managed Security Services, terreActive
Speaker: Daniel Just, Vice President and Head of SOC, Coutts & Co Ltd, Zurich

Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly invested resources to try to avoid security violations. Nowadays you have to face the inevitable: a security breach can’t be fully prevented. You need to be able to detect it as quick as possible to stop it in its early stages. You need a multi-layer defense strategy to detect attacks and secure your company, a combination of various sensors to improve transparency. Based on our experience managing Security Monitoring for various Swiss companies we will share insights with you how to tackle this.

  • Different types of attacks. What can be detected at which stage of the attack?
  • Detection tools and methods. When to use automated alarming, when to rely on security staff.
  • How to integrate tools into your internal organization? Impacts on your daily business.

A customer of terreActive, the international private bank Coutts will afterwards explain why outsourcing of security services is an option. Coutts will share its experiences and will also provide an outlook of security measures that should be considered for the future. Coutts is an international private bank operating in Europe, Asia and many offshore centres and providing private banking, wealth management and investment services.
Daniel Just, Vice President
Head of SOC
Wealth IT SR Security Operations Centre
Coutts & Co Ltd
Zürich, Switzerland

Differences and new challenges of cybersecurity issues from the angle of Alibaba

Speaker: Dr. Yuejin Du, Vice President, Alibaba Group

As one of the biggest 'Internet-based' company, what are the main cybersecurity challenges in Alibaba? Are there any differences with the popular theories or practices from others, like the national cybersecurity protection systems? Can we provide something new on cybersecurity protection from a different angle, to help the global situation? This speech will share some thoughts on the above, and introduce the practices of Alibaba security.

Working Together: Law enforcement and private sector botnet takedowns

Speaker: Alan Neville, Threat Intelligence Analyst, Symantec
Speaker: Tom Grasso, Supervisory Special Agent, Cyber Division (CYD), FBI

Computer criminals regularly construct large distributed attack networks known as botnets. These networks are comprised of hijacked computers that an attacker can use to send spam, commit financial fraud or launch cyber-attacks. This talk aims to describe the approaches of botnet takedowns from the perspective of law enforcement agencies and the AV industry using examples from recent take-downs and discusses success stories when private and public sectors work together to tackle a common foe.

Flushing Away Preconceptions of Risk

Speaker: Thom Langford, CISO, Publicis Group

Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme.

This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation. In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:

  1. The initial interpretation of risk and how it is often misunderstood.
  2. The measurement of risk, and how some systems work and other don’t.
  3. The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.
With the use of analogies and examples, the audience will appreciate that risk assessment, measurement and management is not always as straightforward as it might first seem. The audience will leave with a new appreciation of how risk can be leveraged for good, and not just perceived as bad.

New generation timeline tools: A case study

Speaker: Daniel White, Incident Response, Forensics and Tools, Google's security team

A moderately-sized institution of higher learning receives an ominous threat from a shadowy hacker group. A plucky band of misfits, armed only with open source forensic tools is the college’s only hope. What happens next? Will our brave band of heroes be able to stop the cyber terrorists in time?

This talk will give you a good understanding of the new features in the Plaso and Timesketch forensic tools, as well as an insight into some of the analysis processes these tools enable. Rather than just talking about these features, you’ll see how they’re actually deployed in an investigative context.

State of the Cyber Threat & Consequences of Inaction

Speaker: Richard Dorough, Senior Managing Director, PwC

The cyber threat is increasingly sophisticated. Many cyber defenses are inadequate to mitigate the risk. While many boards of directors are beginning to ask probing questions about the cyber threat, not enough are engaging this issue adequately. This is a discussion of what boards need to know in order to more effectively managed the cyber risk, which now qualifies as one of the more critical threats most any board will face.

Black Market of Cybercrime in Russia

Speaker: Dmitry Slinkov, Information Security Officer, RUSSIA CONSULTING

New vulnerabilities and attacks based on them are always ahead of the protection methods. How to identify which threats are most relevant and can be directed against you tomorrow? Are the hackers really as scary as people speculate? We explored the services available on the black market of cybercrime in Russia and the CIS and found a lot of very nice services like purchasing and renting of botnets, personal malware, DoS attacks, hacking of private and corporate emails, etc... and decided to test these services to get the real picture of the methods hackers use and to know the costs of such attacks.

The 2020 CISO, What will their roll look like?

Speaker: Paul Crichard, Head of Cyber Research, Raytheon UK
Speaker: Robert Rodriguez, Chairman & Founder, SINET, Security Innovation Network (SINET)

A fireside chat between Paul Crichard and his interviewer Roberd D. Rodriguez.

Visibility in the ENISA Threat Landscape

Speaker: Louis Marinos, Senior Expert Risk Management, European Union Agency for Network and Information Security (ENISA)

Threat Intelligence Sharing – Lessons from the Front Lines.

Speaker: Patrick Miller, President Emeritus, EnergySec

Threat Intelligence Sharing is being called the Holy Grail of cybersecurity by many. It is also being called the Flavor of the Month by others. Does it really provide the promised value? How does an organization know whom to trust, when to share and how to transform the endless flood of security data into actionable information? Whether your intel sharing/gathering is peer to peer, public/private, commercial service or open source - there is a risk of realizing the quote from Aristotle: 'the more you know the more, the more you don’t know.’ Get the most out of your cybersecurity situational awareness efforts by learning from the successes and failures on the front lines of global critical infrastructure organizations.