Chaired by Opening Ceremony Track Chairpersons · Opening Ceremony Professor. Schou has been...

[email protected]; Tel: +44 (0)20 3819 0808

Chaired by David Shearer, Chief Executive Officer, (ISC)2

Opening Ceremony Professor Corey D. Schou, PhD, Board Chairman, (ISC)² & Director, National Information Assurance Training and Education Center, Idaho State University

Track Chairpersons Track 1: Mobile and Cloud - Chaired by: Richard Nealon, Board Member, (ISC)²

Track 2: Analytics and Forensics - Chaired by: Chaired by: Diana-Lynn Contesti, Board Member, (ISC)² Track 3: Risk and Governance - Chaired by: Yves Le Roux CISM, Co-Chair, (ISC)2 EMEA Advisory Council

Track 4: Technology, Business and the Future - Chaired by: Yiannis Pavlosoglou, Director of IT Risk, UBS (UK) Track 5: Privacy and Data Security - Chaired by: Neil Breden, Operational Security Manager, Fujitsu (UK)

Track 6: Hackers and Threat Intelligence - Chaired by: Jennifer Minella, Board Member, (ISC)²

Keynote Speakers Andy Jones, CISO, Maersk Line (UK)

Bruce Hallas, Founder, The Analogies Project (UK) David Jacoby, Senior Security Researcher, Kaspersky Lab (Sweden)

Dr. Ciarán Mc Mahon, Research & Development Co-ordinator (Ireland) Dr. Harald Niggemann, Cyber Security Strategist, Federal Office for Information Security (BSI) (Germany)

Dr. Ing. Michael Spreitzenbarth, Team Lead, IT Security Consultant, Siemens CERT (Germany) Dr. Sally Leivesley, Managing Director, Newrisk Limited (UK)

Gianluca Moroni, ICT & Field Specialist (Italy) Andrea Cavina, Nuclear Security Professional, coresecure.org (Austria)

Jarad Carleton, Principal Consultant, Frost & Sullivan (Austria)

Panellists Howard A. Schmidt, Executive Director, SAFECode (U.S.)

Georg Freundorfer, Director Security EMEA, Oracle (Germany) Dr. Sebastian Broecker, Chief Information Security Officer, Deutsche Flugsicherung (Germany)

Lorenz Kuhlee, Senior Investigative Response/Forensic Consultant - EMEA Risk Intelligence Team (RISK), Verizon Enterprise Solutions (Germany) Markus Kluge, Head of Information Security, Unwire (Denmark)

Tamer Gamali, Group Chief Information Security Officer, National Bank of Kuwait & Board Member, (ISC)2 EMEA Council (Kuwait) Markus Kluge, Head of Information Security, Unwire (Denmark)

Frank Weisel, Regional Sales Manager, Vormetric

Speakers Ali Baccouche, Head of Information Security and Business Continuity, AXA Assistance Germany GmbH (Germany)

Arkadiusz Gondek, IT Risk Specialist, UBS Brendan Byrne, Partner, Bridewell Consulting (UK)

Bruno Kerouanton, CISO, République et Canton du Jura (Switzerland) David Froud, Head of Global Compliance & Risk, myPINpad (UK)

Markus Kluge, Head of Information Security, Unwire (Denmark) Gill Woodcock, Director of Certification Programs CISSP, CISM, GSNA, PCIP, PCI Security Standards Council (UK)

Dr. Sebastian Broecker, Chief Information Security Officer, Deutsche Flugsicherung (Germany) Florian Stahl, Lead Consultant, Information Security MSc, CISSP, CIPT, msg systems ag (Germany)

Geoff Harris, Member, (ISC)² European Advisory Board; CEO, Alderbridge & Director, ISSA International Board (UK) Ir.drs. Jurgen van der Vlugt, Independent Consultant, Maverisk (The Netherlands)

Jason Hart, CTO Data Protection, Gemalto SafeNet (UK) Joseph Carson, Head of Product, Arellia

Jeroen Dits, CISO Office | Strategy & Policy, KPN (The Netherlands) Klaus Nötzel, Accredited as Psychotherapist (Germany)

Dr. Lukas Feiler, Associate, Baker & McKenzie - Diwok Hermann Petsche (Austria) Martin Stemplinger, Senior Security Consultant (Germany)

Matthias Muhlert, IT Security Manager, VP, UniCredit Bank AG (Germany) Murat Lostar, Founder and CEO, Lostar Information Security (Turkey)

Riemer Brouwer, Senior Associate, Booz Allen Hamilton (Lebanon) Syed Rabbani, Information Assurance and ICS Cybersecurity Specialist (Kuwait)

Vicente Aguilera Diaz, Audit Manager, Internet Security Auditors, OWASP Spain Chapter Leader (Spain) Volker Tanger, Certified Ethical Hacker, HiSolutions AG (Germany)

Yazan Almasri, Global Information Security Director, Aramex International - Global Support Office (Jordan) Yiannis Pavlosoglou, Director of IT Risk, UBS (UK)

Yves Le Roux CISM, Principal Consultant, CA Technologies (France)

mailto:[email protected]


Monday, 19 October 2015

Pre-conference Half-day Workshops*

*Free to attend to Congress delegates Places for each Workshop are limited

Both Workshops will run from 09:00 – 12:30 and will be repeated again from 13:30 – 17:00, ensuring that all delegates

have the chance to attend both Workshops.

Workshop 1 - Cloud Security 09:00 – 12:30 (and repeated again 13:30-17:00)

Tim Sandage, Amazon Web Services (AWS) & Gavin Fitzpatrick, Amazon Web Services (AWS)

Workshop 2 - Digital Forensics

09:00 – 12:30 (and repeated again 13:30-17:00) Lorenz Kuhlee, Senior Investigative Response/Forensic Consultant EMEA Risk Intelligence Team (RISK), Verizon Enterprise Solutions



Day One - Tuesday, 20 October 2015

0 8 : 0 0 – 0 9 : 0 0 Coffee & Registration

09:00 – 09:10

Exh

ibit

ion

Op

en

Chairman’s Introduction David Shearer, Chief Executive Officer, (ISC)2

09:10-09:20 Opening Ceremony

Professor Corey D. Schou, PhD, (ISC)², Board Chairman / Director, National Information Assurance Training and Education Center, Idaho State University

09:20 – 09:50 Keynote Current Threats and Collaborative Strategies in Cyber Security Dr. Harald Niggemann, Cyber Security Strategist, Federal Office for Information Security (BSI) (Germany)

09:50 – 10:20 Keynote The Cyberpsychology of Information Security: Managing Risk in Leaderless Environments Dr. Ciarán Mc Mahon, Research & Development Co-ordinator (Ireland)

10:20 – 10:50 Panel – How can we Secure Tomorrow Today?

Chaired by: Adrian Davis, Managing Director EMEA Region, (ISC)2

Joined by: Georg Freundorfer, Director Security EMEA, Oracle

Dr. Sebastian Broecker, Chief Information Security Officer, Deutsche Flugsicherung (Germany) Howard A. Schmidt, Executive Director, SAFECode (U.S.)

Lorenz Kuhlee, Senior Investigative Response/Forensic Consultant, EMEA Risk Intelligence Team (RISK), Verizon Enterprise Solutions

10:50 – 11:10 Competition The Science Behind The Analogies Project

Bruce Hallas, Founder, The Analogies Project

11:10-11:40

Morning Coffee Break

Track 1 Mobile and Cloud

Chaired by: Richard Nealon, Board Member, (ISC)²

Track 2 Analytics and Forensics

Chaired by: Chaired by: Diana-Lynn Contesti, Board Member,

(ISC)²

Track 3 Risk and Governance

Chaired by: Yves Le Roux CISM, Co-Chair, (ISC)2 EMEA Advisory Council

11:40 – 12:10

Best Effort Security Testing for Mobile Applications Murat Lostar, Founder and CEO, Lostar Information Security (Turkey)

Digital Forensics, from Floppies to the Cloud: Can Darwin Win the Game of Digital Evolution? Bruno Kerouanton, CISO, République et Canton du Jura (Switzerland)

Which Control do I Need? Building Fit for Purpose Control Environment. Yiannis Pavlosoglou, Director of IT Risk, UBS; Arkadiusz Gondek, IT Risk Specialist, UBS (Switzerland)

12:10 – 12:40

We are Visiting the Cloud, are you Joining? Yazan Almasri, Global Information Security Director, Aramex International - Global Support Office (Jordan)

Big Data - Friend or Foe? Brendan Byrne, Partner, Bridewell Consulting (UK)

Embracing the Fog From Panicking about Risk, towards Integrating Uncertainty and Opportunity into GRC Ir.drs. Jurgen van der Vlugt, Independent Consultant, Maverisk (The Netherlands

12:40 – 13:40 Lunch Break



13:40 – 14:10

The Virtual World Exposed: Hacking the Cloud Jason Hart, CTO Data Protection , Gemalto SafeNet (UK)

The Legal Risks of Big Data and Automated Decisions Dr. Lukas Feiler, Associate, Baker & McKenzie - Diwok Hermann Petsche (Austria)

Security Metrics – Keep it Simple Jeroen Dits, CISO Office | Strategy & Policy, KPN (The Netherlands)

14:10 – 14:40 IAM Requirements and KPIs Matthias Muhlert, IT Security Manager, VP, UniCredit Bank AG (Germany)

Forensics and Analysis & the Evolving Cyber Security Profession Geoff Harris, Member, (ISC)² European Advisory Board; CEO, Alderbridge & Director, ISSA International Board (UK)

Making Sustainable Progress in Implementing ICS Cybersecurity Syed Rabbani, Information Assurance and ICS Cybersecurity Specialist (Kuwait)

14:40 – 15:10 Afternoon Tea Break

15:10 - 15:40 Keynote ICT on the Edge: Providing Efficient Solutions for Clients in Extreme Conditions

Gianluca Moroni, ICT & Field Specialist, United Nations (Italy)

1 5 : 4 0 – 1 6 : 1 0 Keynote Information Security in Nuclear Facilities: Notes from a High Threat, Highly Regulated Industry

Andrea Cavina, Nuclear Security Professional, coresecure.org

1 6 : 1 0 – 1 6 : 4 0 Keynote How I Hacked My Home

David Jacoby, Senior Security Researcher, Kaspersky Lab (Sweden)

1 6 : 4 0 – 1 7 : 0 0 Close of Day One

1 8 : 0 0 Coaches Depart Hotel

1 8 : 1 5 – 1 9 : 0 0 Welcome Reception

Led by: Adrian Davis, Managing Director EMEA, (ISC)2

1 9: 00 – 2 1 : 00 Dinner - Königlicher Hirschgarten



Day Two - Wednesday, 21 October 2015

08:15–08:45 Coffee

08:45 – 09:00 Chairman’s Re-opening

Rainer Rehm, President, (ISC)2 Chapter Germany

09:00 – 09:30 Keynote

The Myths in Biometrics: Some Answers Alexander Nouak, Head of the Competence Center "Identification and Biometrics", Fraunhofer Institute for Computer Graphics

Research IGD and Co-founder and Chair, European Association for Biometrics (Germany)

09:30-10:00 Keynote Android Meets Company - Is This Really a Good Combination?

Dr. Ing. Michael Spreitzenbarth, Team Lead, IT Security Consultant, Siemens CERT (Germany)

10:00-10:30 Panel - Emerging Technologies Showcase

Technical presentations to educate delegates in the latest technological advances in security. Chaired by: Andy Jones, CISO, Maersk Line (UK)

Panellists: Markus Kluge, Head of Information Security, Unwire (Denmark)

Tamer Gamali, Group Chief Information Security Officer, National Bank of Kuwait & Board Member, (ISC)2 EMEA Council (Kuwait) Frank Weisel, Regional Sales Manager, Vormetric

David Jacoby, Senior Security Researcher, Kaspersky Lab (Sweden) Joseph Carson, Head of Product, Arellia

10:30 – 11:00

Morning Coffee Break

Move to Tracks Track 4 Technology, Business and the Future

Chaired by: Yiannis Pavlosoglou, Director of IT Risk, UBS

Track 5 Privacy and Data Security Chaired by: Neil Breden,

Operational Security Manager, Fujitsu (UK)

Track 6 Hackers and Threat Intelligence

Chaired By: Jennifer Minella, Board Member, (ISC)²

11:00 – 11:30 X-Factor 2015 – Did the Best Contestant win? Markus Kluge, Head of Information Security, Unwire (Denmark)

Incident Management – What Happens if Something Happens? Dr. Sebastian Broecker, Chief Information Security Officer, Deutsche Flugsicherung (Germany)

Insiders a Hacker’s Mind Klaus Nötzel, Accredited as Psychotherapist (Germany)

11:30 -12:00 Identity Management, Enabling Global Business Via Mobile David Froud, Head of Global Compliance & Risk, myPINpad (UK)

Top 10 Privacy Risks in Web Applications Florian Stahl, Lead Consultant, Information Security, msg systems ag (Germany)

Industrial Cyber Security: Turning Fear into Action Riemer Brouwer, Senior Associate, Booz Allen Hamilton (Lebanon)

12:00-12:30 You are Being Watched... Vicente Aguilera Diaz, Audit Manager, Internet Security Auditors, OWASP Spain Chapter Leader (Spain)

How a CISO May Deal with the New European Privacy and Security Legal instruments? Yves Le Roux, Principal Consultant, CA Technologies (France)

Integrating Cybersecurity and Business Continuity - a Risk based Approach Ali Baccouche, Head of Information Security & Business Continuity, AXA Assistance Deutschland GmbH (Germany)

12:30 – 13:30 Lunch



13:30-14:00

From Protection to Resilience: A Necessary Paradigm Shift Martin Stemplinger, Senior Security Consultant (Germany)

The PCI Data Security Standard: Make it Your Friend Not Your Foe Gill Woodcock, Director of Certification Programs CISSP, CISM, GSNA, PCIP, PCI Security Standards Council (UK)

Survivability of Peaking Interest and Denial-of-Service Attacks Volker Tanger, Certified Ethical Hacker, HiSolutions AG

14:00 – 15:00 Media Exercise - Reputational Risk & Incident Response: Energy Attack

Dr. Sally Leivesley, Managing Director, Newrisk Limited (UK)

15:00-15:30 Afternoon Tea Break

15:30-16:00 InfoSec Quiz

Teams battling in a pub quiz setup to win a prize! Chaired by: Adrian Davis, Managing Director EMEA, (ISC)2

16:00 – 16:30 Keynote - Counting the Stars, but Losing the Moon – Securing the Internet of Things

Andy Jones, CISO, Maersk Line (UK)

16:30-17:00 Keynote - Reduce Cyber Breach Dwell Time with Privilege Access Management and Mitigate Vulnerabilities with

Application Control Joseph Carson, Head of Product, Arellia

17:00-17:30 Closing Keynote

Market Research and Trends in Cyber Security Jarad Carleton, Principal Consultant, Frost & Sullivan (Austria)

17:30-17:45 Winner of the Analogies Competition Announced

Bruce Hallas, Founder, The Analogies Project & The ‘Judges’ Panel

17:45-17:50 Closing



Speaker Biographies

Opening Ceremony and Chairpersons Professor Corey D. Schou, PhD, Board Chairman, (ISC)² & Director, National Information Assurance Training and Education Center, Idaho State University Opening Ceremony

Professor. Schou has been involved in establishing computer security and information assurance training and standards for 25 years. His research interests include information assurance, ethics, privacy, and collaborative decision making. He was responsible for compiling and editing computer security standards and training materials for the Committee on National Security Systems. He serves on the board of several professional organizations.

David Shearer, Chief Executive Officer, (ISC)2 Chairman Day 1

Mr. Shearer has more than 27 years of business experience including the chief operating officer for (ISC)², associate chief information officer for International Technology Services at the U.S. Department of Agriculture, the deputy chief information officer at the U.S. Department of the Interior, and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. He is a U.S. federal executive presidential rank award recipient.

Rainer Rehm, President, (ISC)2 Chapter Germany Chairman Day 2

After study of Computer Science at the Technical University of Munich, Rainer worked in Network and Help desk consulting positions at CompuServe and Softlab for European and international corporations before a role with Nokia Siemens Networks. He is now responsible for the Information Security Office and ISMS at an automotive company.

Adrian Davis, Managing Director EMEA, (ISC)2

Chairman Panels

Adrian’s responsibilities include developing and implementing a strategy for the EMEA region, working with the EMEA Advisory Board and supporting the (ISC)2 global vision and mission. Before joining (ISC)2, Adrian worked for the Information Security Forum, where he led the Leadership and Management group within the Global Team. He was responsible for the delivery of practical business solutions within a commercial setting to the ISF’s global, blue-chip, Membership.

Keynote Speakers Dr. Harald Niggemann, Cyber Security Strategist, Federal Office for Information Security (BSI) (Germany) Current Threats and Collaborative Strategies in Cyber Security

Monitoring, communicating and developing strategies against current threats is one of the main tasks of Germany's Federal Office for Information Security (BSI). In this presentation, BSI reports on key findings, initiatives, and projects to support government organisations and industry in the field of cyber security. • What is BSI's view on current and evolving threats? • How is BSI working with partners in administration and industry? • What is the Alliance for Cyber Security and how can organisations participate in this initiative? Dr. Niggemann, Ph.D., joined BSI in 1999 and has worked on various theoretical and practical aspects of information security, particularly information security management, risk analysis, and standards. Harald contributed to many BSI publications and assisted government agencies in applying BSI's recommendations to real-world problems.



Dr. Ciarán Mc Mahon, Research & Development Co-Ordinator, Institute of Leadership (Ireland) The Cyberpsychology of Information Security: Managing Risk in Leaderless Environments

It has long been known in information security studies that the ‘weakest link’ in any system is the human one. This talk will introduce the emerging discipline of cyberpsychology. Hear how cyberpsychology’s core concepts – self-disclosure, hyperpersonal communication, context collapse and the privacy paradox – lie at the heart of several information security pitfalls. Specific insights on how the cyber psychological concept of minimisation of authority, has profound relevance to the future threat landscape. Dr Mc Mahon was a Government of Ireland Scholar from 2004 to 2007. Bruce Hallas, Founder, The Analogies Project The Science Behind The Analogies Project

Creative insights on awareness around analogies and why this will improve engagement with stakeholders including the Board, employees and the general public, Bruce will introduce a competition to identify the most inspiring security analogies over the course of the Congress. Bruce is the Founder of The Analogies Project, a curator of information security stories - an online library of analogies, metaphors and stories for the infosec community to use, free of charge, to help engage with audiences more effectively. Bruce has formal training in law, finance and marketing. Gianluca Moroni, ICT & field specialist, Italy ICT on the Edge: Providing Efficient Solutions for Clients in Extreme Conditions

Sometimes the ICT industry offers solutions that are not viable in extreme conditions. Hear fascinating insights on the design, setup and deployment of a low-cost high efficiency solution for ICT services in a field situation such as disaster relief, extreme climates and peacekeeping, with emphasis on standardization and easy troubleshooting by unqualified personnel. Gianluca is an ICT & field specialist that has been working with UN and international organizations since 2002. In particular from 2008 to 2014 he was with the UN Rapid Deployment Unit and set-up quick ICT solutions in warzones and disaster/emergency areas in 29 missions including Afghanistan, Libya, Sudan, Syria, Haiti. He is currently ICT Roving expert for UNDP Mali and does design/setup & troubleshooting of UN Common Offices in peacekeeping areas. Andrea Cavina, Nuclear Security Professional, coresecure.org Information Security in Nuclear Facilities: Notes from a High Threat, Highly Regulated Industry A look at several unique factors that make working with information security in nuclear facilities a rather peculiar endeavour. While bits are still 1s and 0s and most computers still do run Windows the ensemble of: extra-large threat actors, heavy regulations, extreme public sensitivity, ancient legacy equipment, heavy physical security and industrial control systems do provide for a special environment where practices have to be adapted and special problems have to be tackled. A look at some instances and possible lessons for other communities. Andrea Cavina holds advanced degrees in Physics and Education and a CISSP certification. After some years in research at the EPFL in Lausanne, Andrea joined the Office of Nuclear Security at the International Energy Agency (IAEA) in 2004. There he specialized in information and computer security, capacity building and project management. In 2012 he started his own consultancy focussing on advisory services and capacity building in nuclear security. David Jacoby, Senior Security Researcher, Kaspersky Lab How I Hacked My Home

Currently there are many articles about how hackers and researchers find vulnerabilities in for example cars, refrigerators, hotels or home alarm systems - under the term IoT (Internet of Things), one of the most hyped topics in the industry. The only problem with this kind of research is that we cannot really relate to all of it. David tried to identify how easy it would be to hack his own home. What can the attacker actually do if these devices are compromised? Is my home “hackable?” with some surprising results! David is an provocative security evangelist who is currently working as Senior Security Researcher for Kaspersky Lab. He is responsible for not only research but also technical PR activities in the Nordic and Benelux region where his tasks often include vulnerability and threat research. He also performs product and security audits, penetration tests, security research.



Alexander Nouak, Head of the Competence Center "Identification and Biometrics", Fraunhofer Institute for Computer Graphics Research IGD and Co-founder and Chair, European Association for Biometrics (Germany) The Myths in Biometrics. Some Answers.

There are so many rumours and false expectations out there about biometrics: a PIN would be much more secure than biometrics, the characteristics were easy to fake, the reference date could be misused or biometrics would lead to permanent surveillance. This keynote will dispel those myths. • Is biometrics easy to forge? • Is biometrics less secure than the PIN? • Does biometrics lead to identity theft? • Is Big Brother watching on biometrics? Alexander is head of the Competence Center "Identification and Biometrics" at the Fraunhofer Institute for Computer Graphics Research IGD in Darmstadt, Germany. He is an active member of the DIN NIA 37 and ISO/IEC JTC1 SC37 WG on biometrics. Alexander Nouak is co-founder and chair of the European Association for Biometrics. Joseph Carson, Head of Product, Arellia Reduce Cyber Breach Dwell Time with Privilege Access Management and Mitigate Vulnerabilities with Application Control

Many organisations continue to provide privilege access and accounts to many users within the organisation exposing serious vulnerabilities and exploits, learn about why privilege access management is a crucial critical security control and why combining it with application reputation and threat intelligence is the next generation of Endpoint Detection and Response solutions. Joseph Carson has more than 20 years’ experience in Enterprise Security and Infrastructure, Joseph worked on industrial block-chain technologies for large scale data integrity and previously spent 11 years at Symantec working on Endpoint System Management and Security products including Enterprise mobility and Advanced Persistent Threats. He is a Certified Information Systems Security Professional (CISSP) and Certified Scrum Product Owner® (CSPO). Joseph serves as Head of Product and Marketing at Arellia. Dr. Ing. Michael Spreitzenbarth, Team Lead, IT Security Consultant, Siemens CERT (Germany) Android Meets Company - Is This Really a Good Combination?

One of the major players in the battle for market share is Google and its Android OS. This OS is open-source, there are many developers and manufacturers available that produce helpful and futuristic apps. More importantly, the devices are often cheaper compared to Apple or BlackBerry. This keynote will weigh up whether it really is a good idea to rely on Android OS for company devices. Dr. Ing. Spreitzenbarth has studied Business-Informatics with a major focus on IT-Security and digital forensics at the University of Mannheim. Between the years 2010 and 2013 he worked as an PhD candidate and researcher at the University of Erlangen-Nuremberg. His research topics were forensic analysis of smartphones (mainly Android-based devices) and in the area of detection and automated analysis of mobile malware and other potential unwanted applications. Dr. Sally Leivesley, Managing Director, Newrisk Limited UK Reputational Risk & Incident Response: Exercise Energy Attack

Reputational risk and Incident Exercise ‘Energy Attack’ challenges participants to use principles of governance and risk management to respond to the crisis of a partial loss of energy distribution to a smart city of 1.5 million people. The challenges in the scenario exercise test 12 different areas of preparedness and crisis response through brief media interviews of the participants to inform corporate stakeholders and demonstrate cyber preparedness and an understanding of emerging EU threats that may harm critical national infrastructure. Dr Leivesley PhD Lond., MSPD, BA(Hons) Qld., FICPEM, FRSA, MACE, MIABTI, MRSES is an advisor to companies and governments on catastrophic risk. She provides news commentary on terrorism, aviation and cyber threats and has experience on reactor accidents- Chernobyl, Three Mile Island and Fukushima following training as a Scientific Advisor for the British Home Office. Andy Jones, CISO, Maersk Line Counting the Stars, but Losing the Moon – Securing the Internet of Things

The Internet of Things is the next big thing in the information age, but is often visualised as high fashion consumer-facing technology. So why should commercial and industrial organisations care about the IoT? In this presentation Andy will look at the implications of this technology and examine how on earth we go about securing this brave new world. Andy Jones CISSP, has over 15 years of experience and has headed the security function for a number of large global companies. He worked as security researcher, specialising in legal and regulatory topics. Andy is a member of the management board for the Information Security Forum, and is the membership chair of the ISC2 UK Thames Valley Chapter. He holds a degree in Physics and an MBA.

Jarad Carleton, Principal Consultant, Digital Transformation Practice, Frost & Sullivan Closing Keynote

Mr. Carleton helps global technology companies understand and develop strategies to respond to the interconnected issues of technology, human behavior, and industry trends that impact business. A few of his focus areas include cybersecurity, IoT privacy, and corporate governance and compliance. He holds a degree in Psychology and a MBA in International Management.



Panellist Speakers Dr. Sebastian Broecker, CISO, Deutsche Flugsicherung Dr. Sebastian Broecker, (ISC)²-certified CISSP, is CISO (Chief Information Security Officer) bei der Deutschen Flugsicherung (German Air Traffic Control) for 7 years. He worked before for many years as IT Security Officer, IT OpRisk Manager and also as an expert in awareness for a German bank. During his Ph.D. promotion he researched chemical computing. Dr. Broecker is a well known lecturer at IT security congresses, especially about Awareness, holistic IT security and privacy. Additionally he works as a journalist about IT Security issues. Lorenz Kuhlee is a senior investigative response/forensic consultant for EMEA RISK team at Verizon. He is an experienced digital forensics expert, working on and leading high profile data breach investigations in areas such as payment card data breaches, industrial espionage and Incident Response, with the aim of limiting the impact of breaches in the quickest time. Lorenz has more than 15 years of experience within the “infosec” sector. Prior to Verizon Lorenz worked for LE - Police Academy in Wiesbaden, Germany specializing in digital forensics and computer security. He also taught courses in Linux, Digital Forensics, Networking and Penetration Testing. In 2002, Lorenz was an Education Consultant for Hewlett-Packard GmbH and prior to that a teacher of computer science at the technical college of Karlsruhe. Lorenz is based in Germany and has the following professional certifications - CFCE (IACIS), EnCE (EnCase) and CCFP (ISC)2. Publication: Computer-Forensik Hacks, 1. Auflage April 2002, ISBN 978-3-86899-121-5, O’Reilly. Howard A. Schmidt, Executive Director, SAFECode (U.S.) Howard A. Schmidt is the Executive Director of SAFECode and also serves as a partner in the strategic advisory firm, Ridge-Schmidt Cyber, an executive services firm that helps leaders in business and government navigate the increasing demands of cybersecurity. He served as Special Assistant to the President of the United States and the Cybersecurity Coordinator for the U.S. federal government. He has extensive business, defense, intelligence, law enforcement, privacy, academia and international relations, gained from a distinguished career spanning 40 years. Georg Freundorfer, Director Security EMEA, Oracle (Germany) Born and raised in Bavaria, Germany, Georg joined the German Airforce (Luftwaffe) and later the German intelligence service. After 18 years with the Services he joined an American computer company as security manager for central Europe. Georg has been with Oracle Corp. as Director Security Europe, Middle East and Africa for 13 years. He holds a master in electronics. He was Chairman of European Institute for Corporate Security Management from 2000 – 2015 (15 years). Tamer Gamali, Group Chief Information Security Officer, National Bank of Kuwait & Board Member, (ISC)2 EMEA Council Tamer is the chief information security officer for The National Bank of Kuwait. In this role he is responsible for ensuring the security of information systems and services, as well as the integrity and confidentiality of customer and employee information, Tamer also manages the corporate security function for the group. Before joining NBK, Tamer was head of security services for KPMG, he joined the Middle East practice from London to help define and establish one of the first security practices in the Middle East. Tamer also sits on the advisory board of several companies operating in the IT Governance and certification sectors. He is the President and co-founder of the (ISC)2 chapter in Kuwait, the first official chapter in the GCC. Tamer is also an executive member of the US OSAC (Overseas Security Advisory Committee) for the US Embassy in Kuwait. Previously, Tamer was a security specialist for Intel Corporation working in the online services division supporting global blue chip companies. Mr. Gamali is both a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA) and holds a total of 17 years’ experience in Information Security. He graduated from Sussex University (UK), where he earned a Bachelor of Engineering degree in electronic engineering; he then went on in conjunction with the Royal Academy of Engineering and the Panasonic Trust to earn an MSc with distinction in advanced systems from Kingston University. Markus Kluge, Head of Information Security, Unwire (Denmark) Markus Kluge worked for more than 20 years in Information Security and Network Management for companie s like Apple, Convatec, Dannet/MACH/Syniverse and Unomedical. He has broad knowledge in information security of Telcos, Health, Transportation and Financial Institutions. He started to work for Unwire as Head of Information Security two years ago. These days, he is focusing on Risk Management, Business Continuity, Compliance, data analysis and integration of mobile security. He received a degree a s physic ist from the TU in Munich, Germany, holds CISSP, CISM, CEH, Cisco and Check Point certifications and has previously presented in Denmark and the USA.



Track Speakers Track 1: Mobile and Cloud Murat Lostar, Founder and CEO, Lostar Information Security (Turkey) Murat has 29 years of professional technical experience and extensive knowledge in Information Security, IT Governance, Business Continuity Solutions, Computer Forensics, delivery of consultancy, training and auditing services. He founded Lostar in 1998. He was founding president of ISACA Istanbul chapter; (ISC)2 Turkish chapter and chapter president for Cloud Security Alliance Turkish chapter. Yazan Almasri, Global Information Security Director, Aramex International - Global Support Office, Jordan Yazan has a rich and diversified 18 years of experience covering IT infrastructure projects, IT operations, Information Security program management, in addition to software development and database management expertise. He holds a Master’s degree in Information Security and holds a number of professional certificates such as CISSP, PMP and ITIL. He has held his current position since 2008. Matthias Muhlert, IT Security Manager, VP, UniCredit Bank AG (Germany) Matthias is a dedicated and highly qualified IT Security Professional with a consistent track record of success spanning over 15 years. Main areas of expertise are in the development and implementation of solid IT infrastructure and network security systems, polices, governance, with especial skills in security infrastructure analysis and ISMS according to ISO 27001. Jason Hart, CISSP CISM, CTO Data Protection, SafeNet As a former ethical hacker with 17 years’ experience in the Information Security industry, Jason has used his expertise to create technologies that ensure organisations stay one step ahead of the security game. Jason continues to raise the profile of Information Security risks and solutions. Jason has created and developed entire security frameworks as well as Information Security Assessment Methodology.

Track 2: Analytics and Forensics Bruno Kerouanton, CISO, République et Canton du Jura (Switzerland) Bruno Kerouanton (@kerouanton) is CISO of the Republic and Canton of Jura. Holding a CISSP (2002) and a Master's degree in Information Security, he enjoys defining and implementing strategies, and has a broad knowledge of the topics, both in management and technically. For ISC2, he spent several years proctoring CISSP exams in Europe, and was involved as a Subject Matter Expert for the exam. He also enjoys giving conferences lectures worldwide for all levels of audience. Brendan Byrne, Partner, Bridewell Consulting Brendan Byrne has over 19 years information security experience. Brendan began his career with MasterCard in Europe, specialising in the security of payment systems and cryptography. He was recruited by IBM in 2001 and until the end of 2013 was IBMâ€™s UK and Ireland Security and Privacy Lead. He has wide technical and sector experience and provides solutions. Brendan joined Bridewell Consulting as a Partner in January 2014. Dr. Lukas Feiler, SSCP, CIPP/E, Associate, Baker & McKenzie - Diwok Hermann Petsche (Austria) Lukas is an attorney and the head of the IT practice at the law firm Baker & McKenzie in Vienna. He is a Fellow at the Stanford-Vienna Transatlantic Technology Forum (TTLF) and the author of “Information Security Law in the EU and the U.S.” (Springer 2011). He worked as a system and network administrator at IT companies in Vienna, Leeds, and New York. Geoff Harris, Member, (ISC)² European Advisory Board; CEO, Alderbridge & Director, ISSA International Board (UK) Geoff is a Certified Information Systems Security Professional (CISSP), CESG Certified Professional & CLAS Consultant for Her Majesty's Government of the United Kingdom providing cyber security professional services to public and private sector organisations. Geoff is a Director on the International Board of the ISSA, was one of the founding members of ISSA-UK in 2003 and the ISSA-UK President from 2007 – 2010. Geoff has served on the (ISC)² European Advisory Board and EMEA Advisory Council since 2011. Geoff is also the CEO of Alderbridge, providing specialist information security consulting and recruitment services.



Track 3: Risk and Governance Yiannis Pavlosoglou, Director of IT Risk, UBS Yiannis spent 5 years in the world of professional penetration testing. He assisted large scale implementations of secure development practices. This included teaching developers how to write secure code. He was OWASP project leader for JBroFuzz and used to chair the Global Industry Committee. Yiannis is on the Application Security Advisory Board of (ISC)2. His academic qualifications include a PhD in information security, designing routing protocols for ad-hoc networks. Arkadiusz Gondek, IT Risk Specialist, UBS With over 10 years of hands-on experience in IT Security, he is passionate about designing and implementing Risk Management practices. Currently involved in building and operating global Risk Assessment programs. Longstanding member of (ISC)2 holding both CISSP and CSSLP certifications. Ir.drs. Jurgen van der Vlugt RE CISA CRISC, Independent Consultant, Maverisk (The Netherlands) Currently, he is IS auditor with an international organization. His research interests are with issues of privacy, security and audit of IoT, the Singularity, and anti-bureacratic control. He has two decades of experience in external and internal advisory, audit, and consulting functions, was/is member of a host of local and global professional practices association committees, and regular author, teacher, and speaker. Jeroen Dits, CISO Office | Strategy & Policy, KPN (The Netherlands) After having helped organizations with gaining control over their IT environments (especially regarding security) for seven years as a KPMG consultant, Jeroen joined KPN, the largest telecom provider in The Netherlands. At KPN Jeroen introduced a new comprehensive Security Policy and is currently leading projects to implement the policy (including security management). Syed Rabbani, Systems Analyst – IT Quality Management (Kuwait) Rabbani has over 25 years of experience in a wide variety of Industrial Control Systems as well as IT Systems in Defense, Manufacturing, Energy and Oil & Gas Industries. He holds a Master’s degree in Electronics & Communication Engineering and is certified PMP, CISSP, CISA, CGEIT and ISA99 Cybersecurity Fundamentalist Specialist.

Track 4: Technology, Business and the Future David Froud, Head of Global Compliance & Risk, myPINpad (UK) David has over 15 years’ experience in areas of Information, Internet, and Computer Security. As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, David performed dozens of on-site security assessments for merchants and service providers globally. Currently David is leading the effort to ensure both security and regulatory compliance are intrinsic to myPINpad’s global service and product offerings.

Vicente Aguilera Diaz, Audit Manager, Internet Security Auditors, OWASP Spain Chapter Leader (Spain) Vicente began his professional career in the IT security sector in 2001. Vicente is co-founder of Internet Security Auditors (a Spanish firm specializing in security services), OWASP Spain Chapter Leader, member of the Technical Advisory Board of the RedSeguridad magazine, member of the Jury of the IT Security Awards organized by the RedSeguridad magazine, and member of Cybersecuritics Research Group. Martin Stemplinger, CISSP,Senior Security Consultant (Germany) Martin has almost 20 years of experience in IT Security. He worked as a security architect and security manager at a German financial institution responsible for security governance, network and system security and identity and access management. Currently he works as a senior security consultant at a large European telco provider.



Track 5: Privacy and Data Security Florian Stahl, Lead Consultant, Information Security MSc, CISSP, CIPT, msg systems ag (Germany) Florian has a Master in information systems and computer science and has CISSP and CIPT certifications. Currently Florian is Lead Consultant at msg systems in Munich. He writes articles on his blog securitybydesign.de and leads the OWASP Top 10 Privacy Risks Project. Yves Le Roux CISM,CISSP, Principal Consultant, CA Technologies (France) Yves worked in the Rothschild Group before joining the French Ministry of Industry in 1980, where he was in charge of the Open Systems Standardization programs. In 1986, he was European Information Security Manager at Digital Equipment. In 1999, he went to Entrust Technologies, PKI software editor prior to his current role. He is Member of the (ISC)² ® EMEA Advisory Board. Gill Woodcock, Director of Certification Programs CISSP, CISM, GSNA, PCIP, PCI Security Standards Council (UK) Gill Woodock is Director of Certification Programs for the PCI Security Standards Council. Her role encompasses operational management of the Council’s existing programs (QSA, PA-QSA, ISA, ASV, PFI and PTS) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Management, Training and Assessor Quality Management teams within the Council. Ms. Woodcock joined PCI SSC in February 2010 and spent two years with the Assessor Quality Management team specialising in quality assurance for PCI DSS and PA-DSS before taking up her current position. Prior to joining the Council, Ms. Woodcock worked for a leading issuer and acquirer and has over 20 years of experience in payment cards and information security.

Track 6: Hackers and Threat Intelligence Klaus Nötzel, Accredited as Psychotherapist (Germany) With a Degree in Electronic Engineering and data processing and as accredited Psychotherapist in Germany; Klaus is also a Certification Coach and Trainer and is employed as Security Officer for a European Satellite Operator. Riemer Brouwer, Senior Associate, Booz Allen Hamilton (Lebanon) Previously, Riemer was the Head IT Security of the Abu Dhabi Company for Onshore Oil Operations. He spearheaded the transformation of a traditional IT Security team into an Industrial Cyber Security and obtained the ISO27001 certification for their oil field systems, making him the first in the Oil&Gas sector worldwide to achieve this. Ali Baccouche, Head of Information Security and Business Continuity, AXA Assistance Germany GmbH (Germany) Ali is responsible for the execution of a portfolio of security related strategic initiatives to further mature security coverage, business continuity and risk management. He worked 4 years for Cable & Wireless USA as International Project Manager where he was responsible for high level international network planning, design and implementation. Ali holds an MBA with a concentration in Management Information Systems from George Mason University, USA. Volker Tanger, Certified Ethical Hacker, HiSolutions AG (Germany) Volker is Germany's first state-certified ethical hacker (BSI-ZPT-0001-2012), having started as administrator of internet services since 1992 he is working as IT security consultant since 1997 (currently employed at HiSolutions AG in Berlin since 2008), specializing in security and forensics of Unix systems and network-based services. Author of open-source IT security software and published articles.


Chaired by Opening Ceremony Track Chairpersons · Opening Ceremony Professor. Schou has been...

Documents

Transcript of Chaired by Opening Ceremony Track Chairpersons · Opening Ceremony Professor. Schou has been...