Events Calendar

Cyber Threat Intelligence 2017 - CTI
Thursday 26 January 2017, 08:30am - 06:30pm
Hits : 2151
by This email address is being protected from spambots. You need JavaScript enabled to view it.

active defense

This annual event organized by LSEC and its members, and hosted by IBM Client Innovation Center Brussels aims to unite stakeholders in the areas of cyber threat intelligence, situational awareness, information sharing & critical infrastructure protection. To facilitate and ensure open discussions (Chatham House Rules), attendance is restricted to cyber security professionals, enterprise incident management, CERT and CSIRT-teams, LSEC Core and Individual Expert Members (information security experts and researchers and academic personnel). Participants of ISACs (Sharing Information Sharing and Analysis Centers), CISO's and security experts representing Critical Infrastructure and Vital Sectors, or Governmental institutions or operators are welcome.

Session Materials : 

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials.


LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities.

From Cyber Threat Intelligence to Situational Awareness,
and in the mostlikely event of an incident, this time with Digital Evidence?

While most companies are still trying to get their grip on Security measures, putting in place detectiong capabilities and setting up SIEM or more advanced threat intelligence systems pumping false positives, Behavioral analytics are now the standard for any self-respecting cyber intelligence platform. The next step is to further improve scientific methods, understanding how to detect intrusions, advanced threats, beyond malware signatures and known vulnerabilties. The objective: being to be able to prevent intruders, malicious actors, internal threats and criminals from stealing data, disrupting business or causing damage of any sort.

Moving beyond the hype is where the challenges are:
how to cope with complex and challenging infrastructures, legacy platforms and iot devices, massive amounts of data streams, unravelling attachments with multiple layered exploits and preventing the next ransomware via phising attacks? Some platforms will combine multiple data sources, into a single bottleneck appliance, others will be able to detect the needle, but for only a single type of application.

Next is dealing with the incidents, containing the risks, managing the recovery and ensuring digital evidence
. Are all of these activities still the core business of your organization, or should some components be outsourced under Managed Security Services? Which dependencies can the organization cope with? Are the external provider's red teams outsmarting your blue team? Have you evaluated Cyber Ranges and Advanced Scenario's to ensure the involvement of the organization on all levels? What will be the next step? What is the right mix today and towards the future? What is the future for situational awareness and incident management? How fast can we upgrade our systems to automate real-time response to active threats and create expert teams that can master these mechanics. What will your security department look like in one year and 3 years from now, given the restricted resources that we're facing today?

CTI 2017 - Objective :
During this day, many different opinions will be paving the way in finding answers on how to deal with current and future high tech crime, and plain ignorance. Discussions can feed the fundamental debate on the necessity or the use of sharing hugh volumens of data vs focusing on what is really of key importance. Is Cyber Threat Intelligence still relevant today, and what is the best practice to deal with it, or should we be focussing back to prevention only. So what are best practices, available technologies, bottlenecks and opportunities? Learn to take full advanExpertisee of current capabilities and consider a further automated future, with super advanced experts taking control over the black swans? These are some of the concerns that will be questioned during this seminar. Join the debate on Thursday January 26th, at the IBM Client Center Forum in Brussels. 

Preliminary Program:

08.30 Welcome & Registration, networking

09.30 Ulrich Seldeslachts Introduction
During this introduction, Ulrich will outline LSEC activities in relation to Cyber Threat Intelligence and the interest for the association of ICT security companies and practitioners in being involved. Ulrich will be chair of the day, and as the moderator throughout the day, aiming to learn from the discussions to provide guidance to both practitioners and advisory throughout 2017.

09.45 Keynote (1) Freddy DEZEURE, CERT EU, : key learnings, experiences and considerations with threat intel (sharing)
Freddy Dezeure graduated as a Master of Science in Engineering in 1982. He was CIO of a private company from 1982 until 1987. After joining the European Commission in 1987, he has held a variety of management functions in administrative, financial and operational areas, in particular in information technology. He set up the CERT for the EU institutions, agencies and bodies in 2011. Since then, he has been Head of CERT-EU

10.30: Putting Intelligence into security architectures, by Philippe Roggeband, GSSO EMEAR – Business Development Manager at Cisco
Siloed security components cannot cope with the fast evolution of threats, especially when those threats are constantly mutating. Staying ahead of these threats requires the capacity to detect Indicators of Compromise (IOC’s) , and correlating them to create an intelligence data base, which can be shared with the entire architecture to contain threats. Because most organizations do not have the resources to investigate threats on a constant basis, vendors such as Cisco have put in place investigation teams to collect and process threat intelligence information. This threat intelligence can be complemented by cloud-based systems that uses machine learning and statistical modelling of networks, which create a baseline of the traffic and identify behavior anomalies. Based on this information, security policies in the network fabric can be dynamically updated to respond to incidents. In this session, Philippe provides an overview of an integrated security architecture, and how it interacts with cloud-based intelligence to detect and block threats.

11.10: Technology Practioners Showcases: State of the Art Data Analytics for Anomaly Detection, the case for Electricity Producers, by Goran Sandahl, CTO and founder of Unomaly
Security incidents happen - but when, how and where is unknown. Advanced adversaries are able to circumvent our preventive measures and hide in plain sight inside our own environments. To stop this we need to go beyond the reactive loop of focusing on the "known threat of the day" and enable a more fundamental, continuous and progressive visibility and response capability. During this presentation, Göran will elaborate on his experience with the above, and specific challenges in protecting Critical Infrastructure Operators. About Göran Sandahl: Göran Sandahl is a co-founder of Unomaly, the technical director and the inventor of the idea and approach behind Unomaly. Prior to founding Unomaly, Göran spent 10 years in various strategic and operational roles advising and building data- and security monitoring solutions for critical financial-, governmental and military institutions.

11.50 : Technology Practioners Showcases: Cognitive Security with IBM Watson and QRadar, by Johan Dieltjens of IBM
IBM Watson was named after IBM's first CEO and industrialist Thomas J. Watson. The computer system was specifically developed to answer questions on the quiz show Jeopardy! In 2011, Watson competed on Jeopardy! against former winners Brad Rutter and Ken Jennings, and received the first place prize of $1 million. In this presentation, IBM will explain how the principles of Watson can be used to train a new generation of systems to understand, reason and learn about constantly evolving security threats; and building security instincts into new defenses; and how cognitive security can be built upon security intelligence to not just generate answers, but hypotheses, evidence-based reasoning and recommendations for improved decision making in real time. About Johan Dieltjens: Johan is a senior IT Specialist at IBM for the IBM Security portfolio with over 10 years experience. Specializing on Security Information & Event Management (SIEM), Johan has extensive knowledge of security concepts, security standards and security tools. 

12.30: Technology Practioners Showcases: Advanced Data Collection Capabilities and Monitoring capabilities with Splunk, by Dominique Dessy, Splunk
This presentation will describe the challenges and requirements of implementing high-coverage threat intelligence, and how Splunk helps organizations achieve operational maturity with threat intelligence to quickly identify and remediate issues, from early warning to breach investigation. About Dominique Dessy: "Dominique started his IT career at the same time Word Wide Web was invented. He passed his CISSP in 2006 and since then he is active in the Security practice as an Enterprise PreSales, working for companies like EMC, RSA and now Splunk where he is a Sr. Sales Engineer for the EMEA North region. He is also an occasional lecturer at the Executive Master in IT Management of the Solvay Business School. "

13.00 : networking lunch break

13.45 : Keynote (2) Wilbert Hofstede, Director Cyber Intelligence & Resilience, Euroclear
Wilbert Hofstede is the head of cyber security at Euroclear, the Brussels-based international central securities depository, with over 25 years of experience in the technical as well as non-technical disciplines of information security. Prior to working at Euroclear, Wilbert worked at the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a member-owned cooperative through which the financial world conducts its business operations. Eager and open to share his knowledge; Wilbert was active as a lecturer for the Executive Master in ICT Audit & Security programme end Executive Master in IT Management programme at Solvay Business School (2005-2010); still active as a senior trainer for ISACA, and a frequently asked speaker at international conferences. Wilbert specializes in Information Security Management Systems, threat and risk management and incident and crisis management.

14.30 : Joep Gommers, Founder and CEO of EclecticIQ / formerly Intelworks (NL) : Intelligence Powered Defense, part II
Joep Gommers is a Dutch security and intelligence professional from the Netherlands. Joep became known among security professionals after an article of his writing appeared on the technology-related news website slashdot on January 23, 2006, stating that "current approaches to Information Security are fundamentally wrong". With this, and other ideas, he gives talks at conferences, universities and communities throughout Europe.

15.10 Leveraging Machine Learning for CTI, by Simon Minton, Director of Business Development EMEA at Cybereason
Simon is Director at Cybereason, a company that leverages behavioural analytics and machine learning to identify cyber-attacks in real time. Simon is a serial entrepreneur with a deep understanding of Cyber Security. He has founded several companies and built out EMEA operations multiple times. Simon has several non-exec and mentoring roles with early sExpertisee cyber security start-ups, working with Cyber London (CyLon), Europe's first cyber security accelerator and incubator space. Simon worked 5 years as Industry Analyst and has a strong understanding of the cyber security market from a broad as well as deep understanding

15.50: Coffee Break & Networking

16.20 : Incident Management & Reaction. From our Cyber-SOC Response and based on day to day operations from concept to operation. Challenges and Opportunities, by Christophe Bianco, Excellium
Christophe is the co-founder and the managing director of Excellium Services. Excellium was founded in 2012 by the willingness of people active in the Information Security field for over 14 years. Before Excellium, Christophe has been vice-president and General Manager for the European, Middle East & African region of the Qualys society, operating in vulnerability management solutions. With 15 years of experience in providing security, governance, security audits and penetration tests, his mission has been to support the company IPO in 2012. Beforehand, he managed the activities development of Verizon Business on the European Region for the security division during 10 years

17.00 : Digital footprints and how to discourage the cyber attackers, by Stijn Vande Casteele, co-founder and CEO
Based on studies, research and field experience, we know that cyber attackers are constantly monitoring and successfully attacking companies. We also know that those companies lack visibility and control on how they are perceived from the outside. By not having this dynamic view at hand, security & risk stakeholders are struggling to put answers against simple questions like: “What information are my applications and my employees leaking?” “How does my external footprint on the internet compare with others?” “Am I an easy target compared to others?” Not knowing an answer to those questions leaves an organization in the dark and could without awareness be misused by cyber criminals to attack your company in order to undermine your business.
About Stijn Vande Casteele: Stijn is co-founder and CEO of He’s a seasoned cyber security expert with 15 years of experience and has gained industry recognition based on his business insights and technical hands-on delivery in large cyber security engagements and more in particular the SOC and CERT space. Stijn holds an MSc in Information Security from University of London, Royal Holloway and has several active industry certifications

17.30 - 18.30 Wrap-up & networking drink

Level of Expertise: Advanced
- Enterprise CISO’s / Security Managers
- Critical Infrastructure
- NIS Directive "Significant Market Operators", cloud & data center operators, internet and telecom services providers
- Government / CERTS / CSIRTs
- ISAC Members
- LSEC Core Expert Members: Experts from Industry and Academia


Participation to this event is free of charge upon prior confirmation via the registration page; with a special thanks to LSEC Member and host of the day, IBM Security for making this event possible Participants interested in the handouts and presentations of the day will be charged a minor fee (121 €) to accomodate for the handling costs and taxes.

Session Materials : 

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials.


LSEC for Security Professionals


LSEC for Security Companies


LSEC for enterprise & government


LSEC for academia & research institutes


Request information about LSEC Membership

Click here

Sign up for our newsletter

Click here

Learn more about current projects & industry collaborations

Click here

Contact us

Click here


Privacy | Disclaimer | Responsible Disclosure Copyright LSEC - Leaders In Security 2002 - 2017 - Kasteelpark 10, 3001 Heverlee - Leuven | tel. +