Conference – October 28, 2025
Resilience in a mad, mad world
| Time | Arena | Scenario | Panorama – Sponsoring |
|---|---|---|---|
Moderator | |||
08:00
-
09:00 | |||
09:00
-
09:15 |  Dr. Christian Folini Program Chair, Swiss Cyber Storm Show descriptionGuests are welcomed by the organizers for this year’s Swiss Cyber Storm conference. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. |
09:15
-
09:55 |  Mark Barwinski Global Cybersecurity Leader and Board Adviser Show descriptionGeopolitical tension and growing volatility have redefined normal.
Front lines are shifting and often unseen.
In such conditions, resilience must be both a professional discipline and a personal responsibility if we are to succeed and protect what matters most.
Decades in security and high-tempo operations taught me that resilience is both engineered and lived.
Some lessons emerged in long hours and unpredictable moments where control was scarce and trust was the only certainty.
Others showed that steadiness is built on purpose, on working with incomplete information, and on people who remain strong together when the pressure peaks. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. |
09:55
-
10:05 |  Marc Bollhalder Organizer and Lead, Swiss Hacking Challenge  Manuel Bürge Organizer, Swiss Hacking Challenge | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. |
10:05
-
10:50 | |||
10:50
-
11:20 |  Charlie Edwards Senior Fellow
at
International Institute for Strategic Studies Show descriptionRussia is waging an unconventional war on Europe.
Through its campaign of sabotage, vandalism, espionage, cyber attacks, and covert action, Russia’s aim has been to destabilise European governments, undermine public support for Ukraine by imposing social and economic costs on Europe, and weaken the collective ability of NATO and the European Union to respond to Russian aggression.
For many years, there was Russian digital espionage, malware, and DDoS attacks, but this unconventional war began to escalate in 2022 in parallel to Russia’s invasion of Ukraine.
While Russia has so far failed to achieve its primary aim, European capitals including Bern have struggled to respond to Russian sabotage operations and have found it challenging to agree a unified response, coordinate action, develop effective deterrence measures, and impose sufficient costs on the Kremlin. | Show descriptionThe Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches improving security and availability are constrained by the current Internet architecture, business, and legal aspects. To address these issues, we propose SCION, a next-generation Internet architecture that is secure, available, offers privacy and considers economic and policy issues at the design stage. SCION is in production use today, offered by several network providers. Exciting use cases and industries are using SCION today, and we are exploring new applications that can benefit from highly available and secure communication. In this talk, we will also provide an IETF update on the progress of SCION specification. |  Arthur Vuagniaux Team Leader SOC
at
Swiss Post Cybersecurity Show descriptionIn today’s unpredictable digital landscape, resilience is a necessity, not a luxury.
This talk will explore how cloud-native detection systems are reshaping the resilience landscape.
Leveraging scalable platforms such as Microsoft Sentinel and Defender XDR, along with advanced threat intelligence and automated response playbooks, cloud technologies offer unparalleled reach and agility.
This talk will demonstrate, through practical examples and strategic perspectives, that detection at cloud scale is not merely a technical capability, but a cornerstone of modern resilience. |
11:25
-
11:55 |  Camino Kavanagh Visiting Senior Fellow
at
Dept. of War Studies, King’s College London Show descriptionFor a range of reasons, including the threat of State-backed sabotage, government attention to the security and resilience of subsea telecommunications cable systems has intensified in recent years. |  Alessandro De Carli Co-founder and CEO of Papers Show descriptionGeopolitical uncertainties and advancing cryptographic technologies are reshaping enterprise identity architecture. While organizations migrated from on-premises Active Directory to cloud solutions for better user experience, self-sovereign identity (SSI) frameworks now present a paradigm shift toward decentralized identity management. This presentation examines how the Swiss E-ID transforms enterprise identity strategies beyond government services. We analyze the technical foundations of SSI implementations, comparing zero-knowledge proof mechanisms with confidential computing approaches for secure credential storage and selective disclosure. |  Christian Bernasko Reverse, Software and Game Anti-Cheat Engineer
at
Netrics Show descriptionCybercrime increasingly challenges companies and organizations to reconcile ethical security approaches with the harsh reality of modern attacks.
In his presentation „Ethics vs. The Reality of Cybercrime. How Vulnerabilities Are Exploited and Ransomware Strikes,” Christian Bernasko, an IT security researcher and consultant from the Cologne area, sheds light on how attackers exploit vulnerabilities in networks and which mechanisms make ransomware attacks particularly effective.
Building on over ten years of practical experience in the areas of security architecture, reverse engineering and Windows systems, he provides insights into the methods used by attackers and shows why theoretical security concepts often fail in reality.
As the winner of Germany’s Best Hacker 2024 competition, he provides practical examples that illustrate how organizations can strengthen their defenses and prepare for real-world threat scenarios. |
12:00
-
12:30 |  Aram Hovsepyan Founder and CEO of Codific Show descriptionSecurity teams love metrics.
Beautiful dashboards, filled with vulnerability counts, alert volumes, SLA compliance for fix times, training hours logged, etc.
However, do any of these metrics actually make organizations more secure? The uncomfortable truth is that most security metrics are questionable, at least from a scientific perspective. |  Marina Bochenkova Cybersecurity Analyst in Digital Forensics
at
Z-CERT Show description„Smart City” has been a trendy buzzphrase used by politicians, city planners, and tech companies for over a decade now — but their shiny promises gloss over dangerous realities.
Downtime and damages in municipalities due to cyberattacks regularly make the news, but we focus primarily on securing and recovering IT systems.
Smart Cities by nature use a combination of IT and OT systems, but have no established or holistic approach for managing overlapping risks to both.
The consequences to security from varied stakeholders involved in Smart City planning and implementation go unexamined.
Human hazards, vulnerable devices, and data management issues build on these to create diverse and creative attack paths for all sorts of threat actors. |  Angelo Violetti B2B CSIRT Analyst
at
Swisscom Show descriptionMicrosoft 365 has become a cornerstone of enterprise productivity — and a growing target for sophisticated cyber threats. In this talk, we’ll explore how Swisscom’s B2B CSIRT has optimised the incident response process for Microsoft 365 through automation and expert-driven detection logic. We’ll introduce Swisscom’s Next-Gen IR automation framework, which enables rapid, secure collection of forensic logs by registering a dedicated application in the customer’s tenant with appropriate permissions. This automation significantly accelerates the start of investigations and ensures comprehensive visibility across M365 workloads. |
12:30
-
14:00 | |||
14:00
-
14:30 |  Patrick Miller CEO of AMPYX CYBER Show descriptionThe resilience of electric power systems can no longer be treated as a reliability problem alone.
Recent real-world failures like the 2025 Iberian blackout show that complex automation can destabilize a grid even without malware or attackers present.
At the same time, cyber campaigns such as Volt Typhoon and past Ukraine grid attacks demonstrate that adversaries can now convert digital access into physical impact. |  Olle E. Johansson Independant Security Consultant Show descriptionThe society has given up on letting the IT industry handle cyber security by itself.
The cost for society is going up, the number of incidents is rising all the time.
The regulators are moving in across the globe, and we’re getting regulated.
At the heart of many regulations is vulnerability management—keeping products secure during the lifetime in use.
Olle will go through how it’s planned to work and the sad smelly truth about the state of the vulnerability management platforms today.
From Software bill of materials over vulnerability databases to EU regulation.
The main question in all of this is: Are you ready to be regulated? |  David Fridrih Senior Penetration Tester
at
InfoGuard  Dario Weiss Penetration Tester
at
InfoGuard Show descriptionReal-life pentests! Creative attack paths into the heart of the network.
It’s not always the big exploits – often small vulnerabilities and clever ideas are enough.
In this interesting and insightful presentation, the InfoGuard pentesting team uses real-life examples to show how zero-day vulnerabilities, misconfigurations or social engineering attacks opened the way for complete network takeovers.
A must for security teams, IT managers and anyone who wants to understand how creative penetration testing works—beyond the standard checklists. |
14:35
-
15:05 |  Tomas Kokolevsky Information Security Officer
at
Beyond Gravity Show descriptionNew U.S. extraterritorial surveillance laws pose direct sovereignty risks for European organizations using American cloud providers to process sensitive data or operate critically sensitive systems. Executive Order 12333, FISA Section 702 and the CLOUD Act enable U.S. authorities to compel data disclosure from providers like AWS and Microsoft, even when data is in EU or Swiss regions, overriding local data protection frameworks. Talk analyses the security and compliance impact of these laws to Swiss and European organizations processing critically sensitive data (such as sovereign data), as well as assessing if current provider security features like AWS Nitro and Microsoft multi-step key access adequately shield against government process. |  Panos Vlachos Lead Information Security Engineer
at
Mastercard Show descriptionIn a world where digital threats increasingly target the most vulnerable, the CyberPeace Builders programme stands as a beacon of resilience and solidarity.
This talk introduces the initiative led by the CyberPeace Institute, which connects cybersecurity professionals with NGOs – often described as target rich, resource poor, due to their limited cyber resources.
Drawing from personal experience as a CyberPeace Builder and Cyber Ranger, Panos shares stories from real-world missions – from warzone border crossings to dark web threat monitoring and securing high-stakes AI services – highlighting how empathy, adaptability, and collaboration can transform digital defence into a humanitarian act.
Attendees will gain insight into how the programme works, why it matters, and how they too can contribute to building cyber peace.
Whether you’re a seasoned CISO or an aspiring engineer, your unique skills can make a real diMerence.
Join us in rethinking resilience not just as a technical goal, but as a shared humanitarian responsibility and a unique. |  Gregor Wegberg Head of Digital Forensics & Incident Response
at
Oneconsult Show descriptionEffective crisis management in the face of a cyberattack remains a complex challenge.
One for which organizations are often underprepared for and rarely practice.
This presentation explores how one multinational manufacturing company proactively prepared its executive board and crisis management team for a potential cyber crisis.
By sharing key insights, lessons learned, and their practical approach, this session will provide you with ideas to strengthen your own organization’s preparedness for a scenario we all hope never becomes a reality. |
15:10
-
15:40 |  Roman Hüssy Co-head of GovCERT
at
NCSC Show descriptionIn this talk I will give you some insights into our work at the NCSC and the cyber threat landscape in Switzerland by presenting two real-world cases that we have handled this year. In the first part, I will show how a suspected nation state threat actor used an Open-Relay-Box (ORB) network in Switzerland to attack an NGO in Switzerland. In the second part, I will shed some light into suspected DPRK activities that are targeting employees of Swiss Crypto Firms with fake job offers. |  Verena Zimmermann Assistant Professor for Security, Privacy and Society
at
ETH Zürich Show descriptionThe talk sheds light on the complex interplay of humans and technology in cybersecurity.
It provides insights into the relevance of the human factor in cybersecurity and explains why it is not sufficient to make cybersecurity technologies usable to enhance security.
Rather than independent system components or even “enemies”, humans and technology should be considered as a team.
Augmenting each other’s strengths can enhance resilience, i.e., the ability to adapt to unforeseen circumstances – which is crucial in uncertain times. |  Moritz Zollinger Security Consultant
at
TEMET Show descriptionBusiness is driving rapidly changing IT, constantly demanding new services and technology.
Setting up AI and SaaS in corporations has never been easier.
Therefore, lots of apps and services pop up left and right, and it’s getting tougher to keep our heads above water when it comes to cybersecurity and compliance. |
15:40
-
16:20 | |||
16:20
-
16:50 |  Michael Hausding Incident and Abuse Handler
at
Switch CERT Show descriptionThe current geopolitical situation is characterized by growing dependence on digital infrastructures and increasing international tensions.
For Switzerland, the Domain Name System (DNS) represents a crucial component in ensuring digital sovereignty and the protection of national interests.
As a neutral state, Switzerland is particularly committed to maintaining its digital infrastructure in an independent, resilient, and trustworthy manner.
Control over DNS servers and registries plays a key role in preventing external manipulation and safeguarding the integrity of the information space in Switzerland.
Thus, the DNS is not only a technical foundation of the internet but also a somehow overlooked strategic element of Swiss security policy and state sovereignty.
This talk examines the autonomy and dependence of Switzerland on foreign DNS infrastructure, as well as dependence on foreign industry regulations and national policies.
We will see many more dependencies than you might expect and many more companies and public institutions in unhealthy and unnecessary dependencies. |  Carlos Ishimaru Intelligence Analyst and Researcher Show descriptionFrom Conti to Qilin and from Bassterlord to Notchy, many things have changed in the Ransomware-as-a-Service scene: partner programs have been upgraded, forums have changed their posting and announcement rules, old groups have been shut down, and new names are emerging every day, while some just change their „brand” … But even with all this change, and some believe in decline, we know that war never changes, and the fight against RaaS remains constant. |  Alain Mowat Head of Research and Development
at
Orange Cyberdefense Switzerland Show descriptionBy its own definition, Dell’s Wyse Management Suite is „a secure hybrid cloud management solution for Dell thin clients”.
While attempting to determine how secrets are encrypted in the policies pushed to thin clients, we stumbled down a rabbit hole which led to the discovery of multiple vulnerabilities. |
16:55
-
17:30 |  Arrigo Triulzi Independent Security and Networking Consultant Show descriptionWe all know the theory, some of us have also taught it, but reality is a different story. In this talk we are going to discuss the reality of incident response through war stories, suitably anonymised, spanning a career of over 35 years. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. | Show descriptionThere is no talk on this track at this time, check the schedule of the Arena track instead. |
17:30
-
21:00 | Show descriptionOur standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day.
Naturally, most of the speakers will still be around, so don’t rush off after the last talk. | Show descriptionOur standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day.
Naturally, most of the speakers will still be around, so don’t rush off after the last talk. | Show descriptionOur standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day.
Naturally, most of the speakers will still be around, so don’t rush off after the last talk. |
18:30
-
18:45 | Show descriptionDistribution of prizes for the Sponsoring Raffle. | Show descriptionDistribution of prizes for the Sponsoring Raffle. | Show descriptionDistribution of prizes for the Sponsoring Raffle. |
