Tuesday 28 January 2020, 08:30am - 05:00pm
Hits : 1348
LSEC’s annual CTI Conference has been the premier forum for CISO’s, CERTS & CSIRTS security managers, industry practitioners, researchers and engineers, bringing together like-minded practitioners to discuss how they can and are maximizing the potential of threat intelligence. To facilitate and ensure open discussions (Chatham House Rules), attendance is restricted to SOC Managers, CERT and CSIRT teams & CISO’s representing Critical Infrastructure Operators & Vital Sectors; ISACs [Sharing Information Sharing and Analysis Centers]; National Cyber Security Centers & Government Institutions; and LSEC Members active in Cyber Threat Intelligence Operations or Research.
Match the profile and interested to join the discussions? Click here; hit the Button ‘Contact the Organizer’ and request your password. Please state your company, job title and some background for us to evaluate your request.
• Cyber Threat Intelligence Maturity Model – Building the right capabilities
• Building, Running and Maintaining CTI Programs
• Analyst requirements
• Implementing and integrating Cyber Threat Intelligence in SOC and CERT operations, etc.
• Intelligence Sharing & Collaboration
• From Cyber Threat Intelligence to Situational Awareness
• CTI in practice, platforms and use cases
• Putting Intelligence into security architectures
• Open Standards and platforms For Threat & Malware Information Sharing
• CTI in the context of other technologies [Machine Learning, AI, Analytics & Data Mining, Orchestration & Automated Response, etc.
• Mobile Threat Intelligence
CTI 2020 Conference - Agenda
Tuesday, January 28th , IBM Innovation Center – Brussels
- Threat intelligence-based ethical red-teaming | Dominik Smoniewski, TIBER Program Manager, National Bank of Belgium: TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack. TIBER-EU was jointly developed by the ECB and the EU national central banks, approved by the Governing Council of the ECB and published in May 2018. It was inspired by and takes into account the lessons learned from similar initiatives in the United Kingdom (CBEST) and the Netherlands (TIBER-NL).
- End User Case: Building, Running and Maintaining a CTI Program
- Simon Thornton, Director of Cyber Threat Analysis and Response at Euroclear [Topic will follow]
- Aaron Cherrington, Principal Intelligence Analyst, FireEye [USA]: Aaron is a Principal Intelligence Analyst with FireEye for the past seven years; and overall has ten years’ experience as a cyber security intelligence and secure systems design expert. Previously, Aaron served as a Computer Network Operations Intelligence Officer and Branch Chief at United States Cyber Command, Joint Task Force Global Network Operations, and Intelligence Advanced Research Projects Activity (IARPA), Defense Intelligence Agency, and also as a Cyber Security Scientist with the Department of Energy’s Pacific Northwest National Laboratory. He has published extensively primarily in classified and closed channels, but was a contributing author to Mandiant’s APT1 report which attributed hackers stealing intellectual property from international corporations, to the Chinese Military.
- Use cases in Open Source Threat Intelligence - Current state of affairs & vision on the future | Maltego [Germany]: How are organizations today dealing with Intelligence & investigations, completed with a vision of the future: How it should work, challenges,bottlenecks, intel processing...
- Tracking, evaluating & clustering Mobile Threats and use cases for CTI and Threat Hunting | Jan Sirmer, Malware Analysis Team Lead and Nikolaos Chrysaidos,head of Mobile Threat Intelligence at Avast [Czech Republic]
- Jan van Linden, Competence Leader CSIRT at Ordina [Belgium]: Jan van Linden leads the CSIRT competence center within Ordina. Prior to Ordina, Jan worked as Senior Security Analyst at the Colruyt Group, and has been active in various end user working groups in Incident Response and Threat Intelligence.
- Dr Tilman Frosch, CEO of G DATA Advanced Analytics [Germany]: Dr. Frosch is the CEO of G DATA Advanced Analytics, the services and advisory part of G DATA, a European Cybersecurity treasure that has been active for the last 3 decades in Information Security. Dr Frosch is an experienced cyber security expert, having done multiple interesting investigations and involved in the reverse engineering of malwares. As a keynote to the LSEC CTI-events, Tilman will impress as a knowledgeable down to earth and visionary Cyber Security expert to follow.
- Jared Phipps, Vice President Worldwide Engineering at SentinelOne and previous scientist at MITRE [USA]
- The Value of Open Cybersecurity | Jason Keirstead, Chief Architect at IBM Security Threat Management and OASIS Board of Directors member [ Canada ]
- Neural Network Based Techniques for Cyber Threat Intelligence and Situational Awareness | Alain Sanchez, Senior CISO Evangelist at Fortinet [France]: Alain Sanchez has 20 years of executive engagement experience in the Network and Telecommunications domain. In December 2018, Alain joined Fortinet CISO office from Huawei Global Consulting Department where he was in charge of the Digital Transformation Practice, advising the board of Companies like Virgin Media, Telcel, INWI, Vodafone UK, China Mobile as these Service Providers targeted the enterprise segment with B2B Cloud and Security offerings. Alain held executive positions in Alcatel-Lucent, Accenture, BT-Global Services and Nortel.Alain Sanchez graduated from the University of Technology of Compiegne with a degree in Biological Engineering complemented by a Master degree in industrial processes
- Intelligence Sharing and Prisoner’s Dilemma | Joseph Woodruff, Cyber Threat Intelligence Analyst & Senior Trainer at EclecticIQ [USA]: Prisoner’s Dilemma is one of the most famous examples in game theory. In the scenario, two people are arrested and interrogated separately. Each prisoner has the option to either confess or not confess. If one confesses and the other prisoner does not, the confessor walks free and the non-confessor goes to prison. If they both confess, they both go to prison. If neither confess, they both go to prison but for a lesser sentence. Game theory allows us the opportunity to predict the likely outcome of such a scenario. Often intelligence sharing is not done in an open way which can be modeled with prisoner’s dilemma. However, this inadequate sharing contributes to organizations’ inability to keep up with the ever-changing threat landscape. The research will utilize the cost of a data breach reported by IBM, in order to provide real world implications of actively participating in sharing communities and establish links between intelligence sharing and prisoner’s dilemma. Once parallels between the current state of intelligence sharing and prisoner’s dilemma are established, the study will evaluate several strategies for solving this game, including Nash equilibrium compared to pareto optimal and the effect of iterative game play.
- To be confirmed / invited:
o Using MITRE ATT&CK™ for Cyber Threat Intelligence | Freddy Dezeure, Former Head of CERT EU [ to confirm availability ]
o Crowdstrike [ availability speaker to be confirmed]
o Splunk [ availability speaker to be confirmed ]
o ENISA [ to be invited]
CTI Conference – Audiences
• Enterprise CISO’s / Security Managers
• SOC Managers, CERT and CSIRT teams, security analysts
• Critical Infrastructure Operators, Vital Sectors / Significant Market Operators
• ISACs [Sharing Information Sharing and Analysis Centers]
• National Cyber Security Centers & Government Institutions
• LSEC Members active in Cyber Threat Intelligence Operations or Research
Invitation Only event; Request your password via the registration page: Click here; hit the Button ‘Contact the Organizer’ and request your password. Please state your company, job title and some background for us to evaluate your request.
- Cyber Security Centers & Government Institutions / CERTS: CIRCL, ENISA, CERT.be, CCB, NCSC, CERT EU, Federal Police, NATO, DJSOC/FCCU, MISP.
- Public Sector: European Commission, Council of the European Union, European Commission - DG TAXUD, NATO, Belgian Military, all Belgian Federal Services [ Justice, Health, Foreign Affairs, Economic Affairs, et. ]
- Banking – Finance: ING, KBC Group, Belfius, BNPParibasFortis, SWIFT, Euroclear, Allianz, AXA Bank, National Bank of Belgium, KeytradeBank, Isabel Group, Argenta Bank, Bpost, Crelan, Rabobank, ABN AMRO, Petercam, Citco. Others – vital sectors & enterprises: Proximus, Brussels Airport, BT, ENGIE, EANDIS, EDF, Colruyt Group, ULB, Federal Police, BBVA, SD Worx, EURid, Carrefour.
- Vendors & Research organizations: Fraunhofer, Airbus, FireEye, Mandiant, ATAR Labs, FOX-IT, CGI, Deloitte, IBM, University of Bonn, ATOS, EclecticIQ, IBM i2 Intelligence, Resilient Systems, SentinelOne, Proximus, BT, BAE Systems, BitDefender, Fortinet, KU Leuven, Splunk, Symantec
Special thanks to your host of the day & LSEC member IBM for making this event possible