alap-foldgomb-felulsotet.jpg
Profile-Pic-628.jpg

Filip Stojkovski

Threat Intelligence Manager

Don't Build House of Cards: The use-cases that every Threat Intel program needs

Filip Stojkovski is currently leading the Threat Intelligence program at Adobe. With a decade of experience in the IT Security field, his main focus is on finding and analyzing the latest cyber-attack tactics and techniques machine-learning and security orchestration.

 

A Threat intel program performance and success highly depend on the Threat Intel use-cases. Finding and creating the right ones has been one of the biggest challenges that Threat Intel teams face. To help the threat intel community tackle this problem, we have created three use-case groups: IOC Champion SPOC(Single point of truth) Strategic Infographic The goal is to help deliver actionable and relevant Threat Intelligence that is tailored according to your needs. 

 

 
speaker-02.jpg

Mihály Szegi

Head of Security Analysis

CETIN Hungary

Vulnerability Assessment and Management Service in a multicultural environment.

Mihály Szegi is a Security Expert with 
13 years experience in Financial industry and 4 years experience in Telecommunication industry.

Stories from the trenches
- Get the scope (seems obvious, right?)
- Review the scope (and its crazy things)
- Vulnerabilities found, now the person to fix it (playing hide and seek)
- You have the person, a ticket, then what?
A patient and persistent Vulnerability Management program to elevate your security posture takes time, and cultural change.
Anyone can benefit from the discussion who tried and failed to start a Vulnerability Management or found difficult to step further with the process.

 

Gabor_Szabo[2].jpg

Gábor Szabó

Cyber Defense Advisor

EURO ONE

Industrial Cyber Defense – The New Era

Gabor Szabo held leader roles at global Financial, Commerce and Oil&Gas organizations in the fields of Cyber Security Operations, Management and Engineering. Utilizing 15+ years experience in defense arhitecture design and incident response, Gabor is focused on the development of IT and ICS SOCs.

 

When it comes to cyber defense of ICS/OT, it is a moot point if and how traditional IT SOC concept can be projected to OT. In alignment with well-known frameworks, the presentation provides an overview about major technology and process layer considerations that should be taken during the implementation of industrial cyber defense. The intention is to collect corner points of a successful transformation to effective OT cyber security incident management.

 

Kovacs-Erik.jpg

Erik Kovacs

Cyber Defense Advisor

EURO ONE

Purple Teaming - What is that and how it helps?

Erik Kovacs started his carieer as a firewall administrator and script kiddie back in 2014. In 2015 joined Euro One as a security system engineer. Beside doing SIEM implementation projects across Europe, he gained deeper knowledge of hacking and threat hunting. Thus he moved from engineering position towards advisory. Right now he is the technical leader of the Cyber Defense Advisor Team and pentester.

Stop asking questions like "Are we secure?". Instead find out if are we secure enough to face an APT. The only way to find out is to face it. 
Find the weak points and blind folds in your infrastructure. Security means more than technology. There are people also not to mention the processes. Measure the improvements in your cyber security program. 

 

leskug_1[4].jpg

Gergely Lesku

Head of business development, OT Consultant

SOCWISE Ltd.

Low attrition in cyber security? Long term strategy with the people in centre.

Gergely has 20 years experience in IT system integration area, including cyber security aspects. Formerly lead smart city program, industry 4.0 development program and also a startup. Understanding organizational performance and finding the most effective operation describes mostly his value-add.

 

Clearly the biggest issue now is to finding and maintaing the experts in your SOC team. It's especially important in these time of remote work and lack in personal relations to understand what influences this area and how.
Apart from generic HR recommendations, we give you practical aspects of motivating cyber security people and describe this model with highlighted examples. We provide a number of factors, by which you can maintain the productivity, strenghen and make more efficient your team members.

 

PANW-tudor-cristea[8].jpg

Tudor Cristea

Cortex Sales Lead Eastern Europe

Palo Alto Networks

Future-Proofed Security Operations

Tudor joined Palo Alto Networks in 2016 and is now responsible for Cortex sales in Eastern Europe. He is in charge of developing the Cortex business and he talks passionately about cyberspace and how we should protect our digital way of life. Zero Trust model, behavioral analytics, security operations centers are among his favourite topics today.

Find every threat and eliminate blind spots by integrating data from across your environment. Investigate at lightning speed by intelligently grouping related alerts into incidents to get a complete picture of each attack.

 

PANW-tudor-cristea[8].jpg

Tudor Cristea

Cortex Sales Lead Eastern Europe

Palo Alto Networks

Tudor joined Palo Alto Networks in 2016 and is now responsible for Cortex sales in Eastern Europe. He is in charge of developing the Cortex business and he talks passionately about cyberspace and how we should protect our digital way of life. Zero Trust model, behavioral analytics, security operations centers are among his favourite topics today.

jakub.jiricek.portrait[11].jpg

Jakub Jiricek

Cortex Technical Lead Eastern Europe

Palo Alto Networks

Jakub is a presales professional with experience in multiple security areas - incl. network security, endpoint protection, encryption and Data Loss Prevention. He is skilled in day–to–day security topics, with passion follows-up on what’s new and interesting in the world of threats, new attacks and also countermeasures.

See What it Takes To Protect Palo Alto Networks

This is showcasing a day in the life of the Palo Alto Networks SOC team. You will see how they are protecting the company every day. We’ll share a unique view of how we built and operate the Palo Alto Networks SOC including a deep dive into our security stack and processes.

 

halim[2].jpg

Halim Abouzeid 

Advisory Threat Hunting Systems Engineer, EMEA

RSA Security

The SolarWinds Breach: The Tale of a Supply Chain Attack

Halim Abouzeid is an Advisory Threat Hunting Systems Engineer at RSA, covering Europe, Middle East and Africa. He has more than 10 years of work experience in the cyber security field with a background in ethical hacking, penetration testing and threat hunting.

On December 8 2020, FireEye announced that it had been breached by a state-sponsored attacker. As the investigation happened and the story unfold, what was initially thought to be an isolated targeted attack turned out to be just the tip of the iceberg: this was a highly sophisticated supply chain attack potentially affecting thousands of organizations using the SolarWinds Orion Platform, that remained undetected for almost a year. In this session we will go through and overview of the attack, its timeline, how it happened, and what we can do to be better prepared for responding to such sophisticated attacks based on the lessons learned.

 

Corne-van-Rooij---RSA.jpg

Corne Van Rooij

EMEA Lead - MSSP

RSA Security

Market insight: how will XDR, EDR, MDR and SOC will merge in full Managed Security Services going forward

Corné van Rooij is leading the Managed Security Services Provider business at RSA for EMEA. He is 25 years active in the cyber security world and seen the market get more mature as well as the threats evolve, from single hacks to more and more nation state sponsored attacks. Prior to joining RSA in the MSSP role, Corné was VP Product Management at an European IDaaS vendor and before that he worked already at RSA for 11 years as regional sales manager.

 

There are new trends in the market of cyber security incident and monitoring services and these trends are defining more and more the capabilities managed security service providers (MSSPs) will offer in the near future. How are technologies and services like EDR, MDR, XDR influence and enhance SOC operations offered by innovating MSSPs. And how will this affect the cyber security market going forward? What can enterprises expect in the next years to become available as part of a manage security service.

New-Headshot.jpg

Amy Blackshaw

CISSP, Head of Marketing, RSA NetWitness

RSA Security

XDR: The Evolution of Detection & Response

Amy Blackshaw, Head of Marketing for RSA NetWitness, is responsible for leading all aspects of the global marketing organization, which includes Communications, Product, Partner, and Account Based marketing. Amy has held several marketing leadership roles at RSA, applying her ability to assess any situation and provide a strategic solution. She holds her undergraduate degree from the University of Massachusetts, Amherst, her MBA from Simmons University, and is a CISSP.

As cyber threats continue to pose ever-increasing risk to organizations around the globe, there’s a major re-thinking underway about how to build a comprehensive and robust defense.  Endpoint Detection & Response (EDR) and Network Detection & Response (NDR) solutions have proven effective for many use cases but by themselves still suffer gaps.  A new model called Extended Detection & Response (XDR) extends existing solutions with ML driven analytics, radical visibility, and automation capabilities, creating a powerful central platform for threat defense.  Attend this session to learn how modern XDR solutions address cyber threats in a unified and comprehensive fashion and position organizations for the long haul.  You’ll learn about the process of implementing XDR and the steps to get there, and take away valuable insights about this major technology evolution.

 

Laszlo-Czap[2].jpg

Laszlo Czap

Security Consultant, Expert Labs, CEE

IBM 

SOC in a Box:  an integrated SOC solution leveraging IBM Cloud Pak for Security

László Czap has 15 years of experience in IT security during which period he worked both on cutting-edge academic research and on large scale industry implementation projects. He holds a PhD from a top-ranked technical university EPFL and he currently works for IBM as a Security Expert Labs specialist.

 

Working together with major players in some of the most security critical industries, IBM has experienced that corporates struggle with lack of security professionals, lack of know-hows and fragmented silos in their security technology, while there is an increasing demand to fight against emerging threats and to fulfill compliance requirements. The SOC in Box solution targets these struggles with offering a baseline for an integrated SOC technology that comes to live with automation solutions, pre-built monitoring use-cases, incident response and investigation processes based on common needs and best practices, implemented on top of IBM’s new Cloud Pak for Security technology stack, including IBM’s security flagship products of Qradar SIEM and Resilient IRP.

Peter-Tusnady.jpg

Peter Tusnady

Security Consultant, Expert Labs, CEE

IBM 

SOC in a Box: Visual analytics for Security Investigations with IBM i2

Peter Tusnady is a Security Consultant in the IBM Security Expert Labs team with 14 years of experience. He is working on planning, architecture design and  implemention of  complex Security Operation Center (SOC) solutions, focusing to identify security Incidents and respond to them on the most effective way.

Security Operations Center (SOC) implementations usually lack advanced visualization capabilities, where the analyst could easily visualize the set of events with connections which generated an Incident. SOCs are also missing some well-defined methodology for guiding the Level 3 analysts how to do sophisticated investigation, and the investigation is usually done with ad-hoc steps. This presentation and demo give an overview how these features are addressed by utilizing IBM Security solutions.

Zsolt-Kocsis.jpg

Zsolt Kocsis

IBM Security BU Technical Sales & Product Professional Services Executive, CEE

IBM 

SOC in a Box:  Security Investigations in Security Operation Centers

Zsolt Kocsis has graduated as M.Sc Engineer for Electronics and MBA for Quality Management, has over 30 years experience in IT industry.  He is leading the IBM Security technical  team in Central and Eastern Europe performing both presales and postsales activities. The Security Expert Labs team is based in Budapest. This team has delivered several large scale , complex security projects in the whole region, including design and implementation of security operation centers for the largest  customers in the region.

 

The presentation shows  the overall concept and blueprint of an integrated Security operation center, and how such an integrated platform can streamline the incident response and related investigations using IBM Cloud Pak for Security platform. He covers the overall concept of investigation, presents applicaple methodologies in order to lead the analyts to work effectively.

Csaba-Juhasz.jpg

Csaba Juhasz

Security Consultant, Expert Labs, CEE

IBM 

SOC in a Box: integrated database protection with IBM Guardium

Csaba Juhasz has been working for IBM for more than 20 years in database and data security area, delivering  local and international projects. He is focusing on database protection for the last 10 years, doing solution design, technology deployment, customization. He got massive experience in knowledge transfer for the largest customers in CEE and Hungary.

Today, most of the company's assets and values are in databases. Their protection and monitoring are extremely important from a security point of view. We show how this can be done using IBM Guardium, managing all important data and databases within the company on a policy basis, centrally, scalably, uniformly. The presentation shows how the IBM Giardium database protection integrates with the IBM offered SOC in a Box solution, helping to extend the protection layer over database activities as well.

State of SOAR solutions

LIVE Roundtable

prashant.jpg

Prashant Mishra

Advisory Presales Engineer at RSA, Cyber Security Evangelist, CISSP, CISM, CRISC

RSA Security

Prashant is an Advisory solutions engineer for RSA.He has over 18 years of experience in cyber security. Most of his carreer has been focused to help organisations in their Security operations journey. This includes banks, state and federal governments, Insurance and telcos. He holds multiple certifications like CISSP, CRISC and CISM.

Balazs-Csendes[1].jpg

Balazs Csendes

Security Operations and Response Leader CEE

IBM 

Balazs is the Security Operations and Response Leader of IBM, covering CEE. He holds MSc in Computer Science from Technical University of Budapest. He’s specialised in enterprise software technology, security solutions, business and strategy development with more then 25 years of experience.

PANW-Harri-Ruuttila[1].jpg

Harri Ruuttila

Senior Solutions Architect - EMEA Cortex

Palo Alto Networks 

Harri Ruuttila is a cyber security expert with over 10 years of experience working with the latest cyber security technologies. He holds a MSc degree in Computer Science in the area of networks and protocols . At his current role at Palo Alto Networks working as Senior Solutions Architect for Cortex he focuses on securing the future by automating the SOC processes and enhancing organisations capabilities in prevention, detection and response across EMEA.

MODERATOR

Sajó-Péter_ps[5].jpg

Péter Sajó

Business Manager of InfoSec Industry

Euro One

Péter Sajó has been dealing with IT security issues and solutions for 15 years. He has been leading the EURO ONE InfoSec business unit for 13 years, which has grown into one of the most serious cyber security integrator teams in Hungary over the years. Their experts have outstanding experience in several fields, yet they know their name mostly in connection with the design and implementation of advanced cyber defense monitoring systems (SIEM / SOC), organizations and solutions. Peter has played very valuable role several times launching solutions from a number of manufacturers, such as RSA Netwitness (SIEM), Paloalto Networks (NGFW) and Skybox Security (TVM). Péter participates in several successful cyber security companies, his latest creation is Socwise Mo Kft, which offers its advanced managed cyber security services in the domestic and international markets.

Adrian-Porcescu.jpg

Adrian Porcescu

Senior Technical Manager Integrations, R&D

Recorded Future 

The Value of Threat Intelligence for Security Operations

Adrian Porcescu (CISSP, GCTI, GMON, GCFA, GREM), is an experienced Information & Cyber Security professional, with more that 10 years of activity in the field and a very strong technical and business background. Driven by passion for cyber and tech, he brings his creative and critical thinking together with leadership skills, to build and advocate for Cyber Threat Intelligence led strategies and operations. He has previously held technical and management positions with certSIGN's UTI CERT, a Managed Security Services Provider and private CERT, and worked for other market leaders in Cybersecurity. Strong areas of focus and interest are coherent and competent solutions for managing cyber security risk and complexity, threat modelling, advanced security monitoring, IR and of course threat intelligence.

It is told that the Devil is in the details. This concept can also be applied in the CyberSecurity field as, most of the time, certain details or a specific context are the key for detecting an attack, solving an incident in an efficient and timely manner or performing correct attribution. At the same time, too many details or a generic context that does not involve the relevant details for prioritising risk or security events, could determine the increase of TimeToRespond and the inefficient allocation of resources.During this session we will discuss how an approach based on Cyber Threat Intelligence (Intelligence Led Security Operations), enables organisations to focus on those relevant details that would have a positive impact on the business and it's prevention, detections and incident response activities. An increased visibility over the Cyber Landscape, outside the security perimeter of the organisation (both historical and real-time perspectives) together with the capability of focusing on the relevant aspects (from regional perspective, industry, partners, supply chain, technologies, tools and attackers and their TTPs with potential of impact) contribute heavily to an increase of cyber resilience.We will also cover how CTI can help organisations advance in their Information Security Program Maturity process. Adopting a proactive approach and even predictive, along with the daily reactive activities, and the implementation of Intelligence Driven Defence principles, provide extremely important support towards minimising the impact of Cyber Threats against the organisation.

Let’s define XDR together

LIVE Roundtable

Corne-van-Rooij---RSA.jpg

Corné van Rooij

EMEA Lead - MSSP

RSA Security

Corné van Rooij is leading the Managed Security Services Provider business at RSA for EMEA. He is 25 years active in the cyber security world and seen the market get more mature as well as the threats evolve, from single hacks to more and more nation state sponsored attacks. Prior to joining RSA in the MSSP role, Corné was VP Product Management at an European IDaaS vendor and before that he worked already at RSA for 11 years as regional sales manager.

jakub.jiricek.portrait[11].jpg

Jakub Jiricek

Cortex Technical Sales Lead Eastern Europe

Palo Alto Networks 

Jakub is a presales professional with experience in multiple security areas - incl. network security, endpoint protection, encryption and Data Loss Prevention. He is skilled in day–to–day security topics, with passion follows-up on what’s new and interesting in the world of threats, new attacks and also countermeasures.

Attila-Gombos[5].jpg

Attila Gömbös

Sales Engineer, CISSP

Trend Micro 

Attila has got 10 years experience in cybersecurity industry. Started his career in an international environment at an Airbus CyberSecurity subsidiary with giving network security trainings, and doing pre-sales activities in more than 15 countries around EMEA region. He has been helping as Sales Engineer Trend Micro’s Hungarian enterprise customers and integrator partners for more than 5 years. He has a got a broad experience of network, endpoint, mail and cloud security – so as to cover everything that is needed for a proper extended Detection and Response platform. He holds an MsC degree of Computer Engineering, and is a CISSP.

MODERATOR

Mark-Simpson[3].jpg

Mark Simpson

VORSTAND (Operations)

Quantum Cyber Lab AG

Mark Simpson has successfully taken on many roles in his career as a Network and Cybersecurity Engineer, IT Project Manager, and University Professor for IT Business. In his current business endeavor, he establishes a Cyber Forensic Lab to support law enforcement agencies in Germany and Europe while providing Cyber-Risk Management, Vulnerability Research, and Cybersecurity Consulting. Mark has comprehensive experience creating value-added concepts to businesses’ IT solutions that align with organizational strategies and cybersecurity requirements. He holds a BSc in Computer Networks and Cybersecurity, a BSc in Management, a MSc in Information Technology (MSIT), and a Master of Business Administration (MBA), focusing on IT Business.

MODERATOR

of the live Q&A's

Péter-Rónaszéki.jpg

Péter Rónaszéki

CISM, CDPSE, ISO27001 LA, LI, ISO22301 LA
Secretary, Member of the Board

ISACA Hungary 

Péter Rónaszéki deals with information security and business continuity for 23 years. He started his career in Information Security as a Business Information Security Officer in CITIbank in 1998. He then moved to work for Budapest Bank (General Electric) in Budapest (2000), Hanover (2004) and Stamford, CT (2005). He returned to Budapest in 2006 taking a position of a Head of Operational, Information and Security Risk Management in ING Wholesale Bank. Between 2008 and 2012 Peter has been working as Head of Corporate Security in Lufthansa Systems Hungária Kft, where he manages and drives a company-wide information security program. Since 2012 he is the owner of FORTIX Consulting and Mysec Ltd.
Peter holds a CISM, CDPSE, ISO22301 and ISO27001 Lead Auditor certificates, he is a board member of ISACA Budapest Chapter and a founder-member of the voluntary cyber defence collaboration (KIBEV).
He is a hobby photographer and plays music in the New SWAMP band.

sanders.jpg

Sander Kerkhoffs

Managing Director EMEA North 
NetWitness, an RSA Business

RSA 

Keynote Presentation:

Once upon a time

Sander Kerkhoffs holds the position of Managing Director at RSA, The Security Division of Dell Technologies.

Sander started his career in the Management Consultancy business. In his role as management consultant at PwC and Berenschot he advised large corporates on strategic IT related assignments. He has been managing large IT implementations (e.g Oracle EBS, WebSphere, PeopleSoft and SAP) in the role of project manager.

Through his substantive involvement in the IT profession, technical knowledge and commercial enthusiasm Sander made the move to the sales profession at Oracle in the role of Sales Manager for the HCM solutions (PeopleSoft). The move to Lumesse gave him the experience of being P&L responsible for a region within one of Europe's largest fast growing SaaS company's. Sander made the move to Colt (City of London Telecom Group) to build on his experience of being P&L responsible in the international role of General Manager for the Enterprise Services division of Colt. His interest in the growing Cyber Security space and his ambition to manage an IT business at EMEA level brought him in to RSA.