CONTENTS OF LECTURES 2022

 

 

10 Minutes 38 Seconds in Strange Security World

When rapid response to emerging threats is no longer a luxury but an obligation, tools and security procedures become the CISO's strongest assets.
Security procedures cannot be effective without well-chosen and implemented security tools. How to recognize threats and protect business processes and maintain business continuity is the most frequently asked question today. The answer lies in very simple but well-defined best security practices, which we will present through specific examples of good security practice. In the end, the most important question of every cyber security engineer is how long it takes to react and how?

Thursday, 08.09.2022
16:00 - 16:30
About Lecturer

Adversarial Machine Learning against Deep Learning based Malware Detection

Recent research suggests that deep learning models may enhance the performance of antivirus software, while also removing the need for heavy data processing and feature engineering. Nonetheless, deep learning models are susceptible to adversarial machine
learning attacks, a set of techniques employed to fool machine learning classifiers. In this seminar, the vulnerabilities associated with state-of-the-art deep learning models for malware detection are discussed and analyzed. In particular, the focus is placed upon evasion and backdooring attacks, as they are the two classes of attacks that may pose the greatest threat in the real world. Moreover, possible defensive strategies are presented, weighing their cost against their potential effectiveness.

Mario D'Onghia
Politecnico di Milano
Friday, 09.09.2022
12:15 - 12:45
About Lecturer

Create Onion Layers of Security around your data

My area of expertise is securing data in an Oracle database but the same ideas can transcend any database or type of data store. In my world we are securing Oracle BUT actually we are securing data held inside Oracle. We do not secure Oracle; we secure data. I will cover all the main areas to focus on in this talk; where is the data we want to protect, user access controls, data access controls, database access controls, patching, hardening and also context based security and adaptive security and audit trails. These ideas can be used on any data store; a file, a database, Oracle, SQL Server, ...

Pete Finnigan
Pete Finnigan Ltd.
Friday, 09.09.2022
09:45 - 10:15
About Lecturer

Cyber Security to Cyber Resilience: Protecting and Enabling Secure Business Environments

Never before was cybersecurity as important as today: we are living and working in turbulent times with the elevated number of adversaries trying to breach and exploit your data, applications and systems. Protecting from those attacks became complex and ever-expanding work, where most of the organizations do not have resources to deal with the capacity and impacts of the attacks. Protecting and staying safe is important but building capabilities to recover even more: with organizations more reliant on IT, it is important to acknowledge business continuity and disaster response as a vital component to the entire organization, instead of as an issue that has implications for IT teams only. Every enterprise organization needs to be prepared to handle outages caused by unforeseen events. We will talk about overall cybersecurity and cyber resilience approach, making sure organizations are covering end to end security but also preparing themselves for the potential recovery, with the most powerful but also most approachable resource – cloud and cloud technologies. Learn from recent events and activities on how to create secure and resilient business environments that will keep your organization running, no matter what.

Ratko Mutavdžić
MICROSOFT
Thursday, 08.09.2022
12:30 - 13:00
About Lecturer

Demystifying Zero Trust

"Never trust, always verify" is the core principle of the Zero Trust Model, a rising trend in the world of IT security. With more and more people working remotely, there's a growing need to adapt to the complexity of the new hybrid workplace and to protect the people, devices, and apps, wherever they're located. However, not all people and organizations are ready for the digital transformation and management complexity that "perimeterless" security might require.
Verifying everything explicitly (users, apps, devices), using a least-privilege access model, defining the proper context for policy compliance and device health, and applying an assume breach approach are all essential parts of the process. Join this session to find out everything about how Zero Trust architectures are designed to work, and how implementing (or not implementing) ZT might impact you and your organization.

Tudor Damian
Microsoft Cloud & Datacenter Management MVP, Certified Ethical Hacker
Friday, 09.09.2022
11:15 - 11:45
About Lecturer

I want my RPC

We will take you to the journey of RPC technology in Windows Internals world, and why this technology is so precious for TAs (Threat Actors) and Defenders. The story will be told from both perspectives, the antagonists (TA) on one side, and the protagonist (Defender) on the other.

Mato Vlajčić
INFIGO IS d.o.o.
Thursday, 08.09.2022
12:00 - 12:30
About Lecturer

Innovation in Silicon leads to a new way how to do Zero Trust Networking in the Data Center

Bringing stateful networking into today's data center switching products helps to solve the east-west segmentation and Micro-Segmentation Problem. The Aruba CX 10000 is the first product in this Distributed Stateful Switching category and you will learn how this can be used to increase the security footprint in your data center environment.

The lecture will be held at the initiative of the company Selectium Adriatics d. o. o., which operates in Slovenia under the name Hewlett Packard Enterprise operated by Selectium and is a local representative of Hewlett Packard Enterprise (HPE).

Rolf Schaerer
AMD Pensando
Thursday, 08.09.2022
11:00 - 11:30
About Lecturer

Latest cyber attack trends in Hungary

The accelerated digitalization of the organizations and the rise of remote working created new targets for cyber attacks. In addition to the security awareness of the users, it is extremely important to shield up the organizations as well, they must be prepared to respond to a destructive cyber attack. As an expert from the National Cyber Security Center of Hungary, Vivien will introduce the daily work of the Computer Security Incident Response Team and highlight the latest trends and challenges regarding cyber attacks in Hungary.

Vivien Léránt
Special Service for National Security, National Cyber Security Center Hungary
Friday, 09.09.2022
11:45 - 12:15
About Lecturer

Power Platform Security and Governance

We will walk through Security and Governance strategies that can be used to secure your Power Platform environments.
The topics in this presentation include:

  • Environments
  • Data Loss Prevention policies
    - Environment vs Tenant-wide DLP policies
    - Dealing with exceptions
    - HTTP Triggers and Actions
    - Custom Connectors
  • Using Azure AD Groups to simplify environment access, deployments, licensing.
Božidar Radosavljević
ComTrade System Integration
Wednesday, 07.09.2022
15:00 - 15:30
About Lecturer

Privileged Security based on Zero Trust principles

Balazs Maar
SOFTLINE
Thursday, 08.09.2022
15:00 - 15:30
About Lecturer

Router Vulnerabilities in the Past, Present and Future

Routers are considered easy to hack, and that's kind of true. But is that much harder to hack a home router than a very expensive enterprise firewall? Think twice before answering!
The purpose of this talk is to demonstrate the similarities in inner workings, technology, hardware and vulnerability density between every piece of network equipment, be it for home or enterprise.
We will walk through specific examples of vulnerabilities found in these equipments in the past and present. Vulnerability patterns will be identified, and we will discuss why they keep occuring and what circumstances led to them appearing in the first place.
Finally, we will discuss future trends for vulnerabilities in network equipment. And because it can't all be negative, we will also discuss how the constant hardening of these devices will make exploitation much harder (but far from impossible :) in the future.

Pedro Ribeiro
Agile Information Security
Friday, 09.09.2022
09:15 - 09:45
About Lecturer

Securing your GitHub Org

GitHub holds one of the main assets for many tech companies out there: The source code to their main products and, in the time of GitOps, also potentially their infrastructure. We will present a threat model for GitHub-based organizations which we used to determine relevant hardening steps and processes. To stay true to the subject, we will also start to outline how you can use GitHub functionality to ensure a continuously high security level of your GitHub org.

Matthias Luft
Astronomer
Friday, 09.09.2022
10:15 - 10:45
About Lecturer
Guillaume Winter
Aiven
About Lecturer

Tango Down

Technology shapes the world. The more successful a new technology becomes, the more reliant we will become of it. This has always happened and will happen in the future too. In many ways, internet is the best and worst innovation done during our lifetime. How did we get here? And what will happen next?

Mikko Hyppönen
WithSecure
Thursday, 08.09.2022
08:30 - 09:00
About Lecturer

The evolving threat landscapes

Ransomware is increasing year over year. Released malware is released of highly sophisticated quality. But what comes next? What is the current Threat Landscape situation? CYFIRMA will review the latest observations elaborate on the findings, and also look at future impending risks.

Dirk Wahlefeld
CYFIRMA & BRIHTEJA d.o.o.
Wednesday, 07.09.2022
16:00 - 16:30
About Lecturer

The Power of Phishing Attack 2.0

During the presentation Luka will talk about the constant problems of phishing attacks, and how trivial and ridiculous a phishing attack is sometimes, and sometimes powerful when used in the right way, and there is no advanced protection in the company. We will see what current phishing campaigns are and go through some examples from practice. We will also highlight some measures and steps, which are very important for successfully avoiding phishing attacks or early detection.

Luka Milinković
NLB DigIT
Wednesday, 07.09.2022
14:00 - 14:30
About Lecturer

The value of prediction

Time is an asset and not necessarily available when needed during an impounding threat. Facts and evidence are a reliable foundation for strategic, but also tactical security decisions. But how to get hold of it? CYFIRMA will present a real-life example to outline the value of prediction and predictive information, to provide organisations time to prepare, prevent and mitigate risk.

Dirk Wahlefeld
CYFIRMA & BRIHTEJA d.o.o.
Friday, 09.09.2022
11:15 - 11:45
About Lecturer

Zero Trust Network Access (ZTNA) - It’s Time to Say Goodbye to VPNs

The recent rise in remote working has put a spotlight on the limitations of virtual private networks (VPNs). Although traditional VPNs have been a mainstay for decades, many organizations are now looking for alternatives that better meet their plans and objectives. With better security, more granular control, and a better user experience, zero-trust network access (ZTNA) can be a smarter choice for securely connecting a remote workforce.
In this session you will learn how Fortinet ZTNA solution delivers more secure remote access while enabling a better user experience and how ZTNA enforcement preserves the critical services through strict user-to-application authentication and access control.

Marko Ugrin
FORTINET
Thursday, 08.09.2022
15:30 - 16:00
About Lecturer

 

CIO FORUM

 

How Security and Clouds go hand in hand?

When we think about migrating to clouds, the same questions arise in our minds…
• Will data be safe in clouds?
• How can we believe that data is safe?
• How can we safely move data to clouds?
• What can we do that data is safe in the cloud?
We will explain and discuss the answers to these questions and many others in our session.

David Bevc
MAINSTREAM d.o.o.
08.09.2022
11:30 - 12:00
About Lecturer
7.-9.9.2022
Nova Gorica
1 day
565€
2 days
800€
3 days
1200€
1 conference day
565€

The price applies to INFOSEK, GDPR (ZVOP-2) and CIO FORUM. The prices for NLP conference and workshops are fixed.

2 conference days
800€

The price applies to INFOSEK, GDPR (ZVOP-2) and CIO FORUM. The prices for NLP conference and workshops are fixed.

3 conference days
1200€

The price applies to INFOSEK, GDPR (ZVOP-2) and CIO FORUM. The prices for NLP conference and workshops are fixed.

Platinum sponsors

Golden partner

Golden sponsors

Silver sponsors

Bronze sponsors

In cooperation with

Technology sponsors

Media sponsors

Obveščamo vas, da so bili naši pogoji poslovanja posodobljeni.
Sprememba se nanaša na člen »Odpoved ali sprememba dogodka s strani organizatorja«. Zaradi nepredvidenih dogodkov, kot je tudi trenutna epidemija koronavirusa, si pridržujemo pravico, da posamezna izobraževanja odpovemo ali spremenimo termin oz. način izvedbe (online izvedba).

Odpoved ali sprememba dogodka s strani organizatorja
Organizator si pridržuje pravico do odpovedi posameznega izobraževanja, delavnice, dogodka, seminarja ali spremembe terminov oz. načina izvedbe (namesto osebne izvedbe dogodka, izvedba dogodka preko spleta ali na drug način, pri čemer se ključna vsebina in obseg dogodka ne spreminjata oziroma se prilagodita glede na spremembo, npr. zamenjava predavatelja, prilagoditev urnika ipd., vendar se ohrani enakovredna kakovost izvedenega dogodka). Zavezuje se k obvestilu prijavljenim najkasneje en delovni dan pred predvidenim pričetkom izobraževanja oz. takoj, ko prejme novico o morebitnih izrednih dogodkih, ki so razlog za spremembo/odpoved. V primeru odpovedi izobraževanja s strani organizatorja, organizator, morebitno že vplačano kotizacijo, brezobrestno povrne v roku štirinajstih dni od obvestila o odpovedi ali pa omogoči stranki, da kotizacijo porabi za druge izdelke ali storitve. V primeru spremembe načina izvedbe ostanejo plačila v veljavi, v primeru spremembe termina pa ima udeleženec možnost odpovedati udeležbo iz utemeljenih razlogov po določbi Odpoved s strani udeleženca ali pa se odjaviti na način v rokih, ki jih predvideva določba Odjava udeleženca. 

Celotni pogoji poslovanja so dostopni tukaj: https://poslovanje.pogoji.si/tos/29xyi0o

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.