5th December 2019, Saarbrücken Castle, Saarbrücken, Germany
09:00 – 18:00 followed by a Network Reception and
DEUTOR CYBER SECURITY BEST PRACTICE AWARD CEREMONY
Under the Patronage
of the Prime Minister of Saarland, Tobias Hans
In Cooperation with the Alliance of Cyber Security, Federal Office for Information Security
|09:00 – 09:30||
Coffee and Registration
|09:30 – 09:40||
Managing Directors Deutor Cyber Security Solutions GmbH
|09:40 – 10:00||
Ammar Alkassar, State Commissioner for Strategy and Chief Digital Officer at Saarland Government
|10:00 – 10:20||
Introduction of ZITiS
Wilfried Karl, President ZITiS
|10:20 – 10:40||
Cyber Defence: “Challenges for the CISO of Today in the German Armed Forces”
Major General Jürgen Setzer, Deputy Inspector CIR, CISO German Armed Forces
|10:40 – 11:10||
|11:10 – 11:30||
Industry: “Challenges for the CISO of Today in a Global Enterprise”
Dr. Rainer Wende, CISO BSH Hausgeräte GmbH
|11:30 – 11:50||
Challenges for the international Cybersecurity
LtCol. Franz Lantenhammer, NATO CCDCOE, Tallinn
|11:50 – 12:10||
“Is AI the future of Cybersecurity ?“
Dietmar Hilke, Business Development Manager Cybersecurity, Cisco
|12:10 – 12:30||
“Cyber Security for Critical Infrastructures: The Case for the Energy Sector”
Klaus Frank, Head of Full Kritis Service, Energy Baden Württemberg – EnBW
|12:30 – 12:50||
“IoT and Industrial IoT: Threat or Opportunity?”
Hendrik Dettmer, Head of IoT Security Lab, TÜV-Trust IT, TÜV Austria
|12:50 – 13:10||
“ZF Technologycenter AI & Cybersecurity – Emerging Technologies in the Automotive Industry”
Dr. Stefan Hommes, ZF Friedrichshafen AG
13:10 – 14:10
|14:10 – 14:50||
Panel I:“International Cooperation between Law Enforcement: Best Practices to fight Organized Crime?” (in English only)
Moderator: Marc Bachmann, Public Sector Advisor, McKinsey & Company
Dr. Philipp Amann, Head of Strategy, Europol/EC3
Casey Harrington, Assistant Legal Attaché to Germany, FBI
|14:50 – 15:00||
„Introduction to NEMO: New Evidence and Methods of Detection for Multinational Organized Crime“ (in English only)
Dr. Stefanie Frey, Managing Director Deutor Cyber Security Solutions GmbH
|15:00 – 15:50||
Panel II: “Best Practice Cyber Crime: Cyber Security meets Organized Crime – NEMO”
Moderator: Dr. Uwe Wehrstedt, Chief Editor pvt journal and founder and organizer GPEC/GPEC Digital
Andreas Kleinert, Technical Account Manager, Nuix
Jürgen Fauth, Deputy Head, Cyber Crime and Digital Traces, Federal State Police Baden-Württemberg
Dominik Kampann, European Leader for Law Enforcement and Intelligence Service, Bureau van Djik
Dr. Elisabeth Peinsipp-Byma, Fraunhofer Institute for Optronics, System Technology and Image Analysis – IOSB,
Head of Department Interactive Analysis and Diagnosis
|15:50 – 16:10||Coffee Break|
|16:10 – 16:30||
“We have been hacked, they are the puppets. Disinformation, Deception Management, and Offensive Cyber Security Measures.” (in English only)
George Lekatis, General Manager, Cyber Risk GmbH
|16:30 – 16:50||
“Offensive Cybersecurity for Companies – is it helpful?
Colonel Christian Pawlik, Commander Centre for Actice Cyber Operations (ZCOBw), German Armed Forces
|16:50 – 17:40||
Panel III: “Experiences from a cyber victim: Best Practices Krisenmanagement: The Cyber Emergency and Coordination Centre (CECC)”
Moderator: Stefan Becker, Alliance for Cyber Security, BSI
Michael Bartsch, Managing Director, Deutor Cyber Security Solutions GmbH
Klaus Frank, Head of Full Kritis Service, EnBW
Cyber Insurance, tbc
Dr. Lutz Martin Keppeler, Data Protection and IT Law, Heuking Kühn Lüer Wojtek
|17:40 – 17:50||
Best Practices from Sekop 2018 and 2019
Alfred Luttmann, Managing Director, Comexposium Deutschland GmbH
|17:50– 18:00||Closing remarks, Deutor, Managing Directors|
|18:00 – 20:00||
CYBER SECURITY BEST PRACTICE AWARD CEREMONY
through CISCO and BSI
Workshops 4.12. at Saarbrücken Castle from 1.30 pm - 5.00 pm
Workshop 1 Social Engineering: “Defending against human exploitation and removing attack verticals”
Christina Lekati, Cyber Risk GmbH
Social Engineering has become the most effective and efficient attack method used to initiate and enable attacks. We read in the news about large-scale security violations, where investigators are not able to understand the phase of initiation. These are often social engineering-initiated attacks. By design, this is the type of attack that moves in the shadows, delivered by criminals and state-sponsored agents that are able to blend in multiple environments and often leave no trace, making it very difficult to identify the point of initial compromise. Similar to warfare operations, these threat actors strive to create an asymmetrical advantage based on a carefully planned strategy.
How relevant is social engineering today, and which is the risk for companies and organizations? This workshop aims to discuss these questions and to provide insights on the methodology employed by attackers that gives them an asymmetrical advantage. We will take a look at the typical backbone and methodology of a social engineering attack strategy, as well as on what makes some targets more attractive than others.
Information is the lifeblood of most attacks. as their operations are primarily based on the quality of the information gathered. We will discuss the information that attackers commonly seek to gather, as well as the common methods of information harvesting. Being able to disrupt or minimize these verticals is critical for the defense of an organization.
Taking it a step further, we will also explore a methodology of profiling followed by attackers, in order to identify and select the best targets. This part helps attendees identify whether their own online presence or that of their co-workers, reveals potential vulnerabilities and exposes attack vectors.
Last but not least, attendees will be provided with examples of best practices that aim to increase their organizational security and create a human perimeter- one with employees that are able not only to identify but also deter attackers and notify the organization of potential threats.
Throughout the workshop, attendees will have the opportunity to engage in problem solving exercises and discussion.
Workshop 2 Live Hacking Demo: „Attack Steps of the Kill Chain“
Rafael Fedler von NSIDE ATTACK LOGIC GmbH
Moderne Angreifer gehen immer mehr dazu über, gezielter, versteckter, geplanter und kreativer in Unternehmensnetze einzudringen. Hierbei werden nicht nur technische, sondern auch menschliche und organisatorische Schwachstellen ausgenutzt und teils sogar physisch eingebrochen. So ergeben sich aus den einzelnen, mitunter schwierig zu entdeckenden Angriffsschritten mitunter hoch komplexe Angriffsstrategien. In diesem Vortrag demonstriert Rafael Fedler von NSIDE ATTACK LOGIC einige solcher Angriffsschritte, wie sich diese zu einer hocheffizienten Angriffskette zusammensetzen lassen, und wie sich solche Angriffe im Rahmen von Red Team Assessments simulieren lassen. Alle Angriffsschritte der Kill Chain werden in Live-Hacking-Demos gegen eine virtuelle Firma mit echter Infrastruktur demonstriert – sodass die Teilnehmer einen Angriff von vorne bis hinten miterleben, von der Vorbereitungsphase bis zur vollständigen Übernahme.
We have reserved hotel rooms at Victor’s Residenz Hotel and Best Western Victor’s Residenz Hotel Rodenhof. Both in Saarbrücken and not far from Schloss Saarbrücken.
You can book your room by using the Password „Deutor“ until 23 October 2019.
- Victor’s Residenz Hotel, Saarbücken: Telefon +49 (0) 681 588 210 or per Email firstname.lastname@example.org
- Best Western Victor’s Residenz Hotel Rodenhof, Telefon: +49 (0) 681 41020, E-Mail: email@example.com.
- In case of cancellation – only in writing – until 04.11.2019 we do not charge a processing fee. After that date, as well as no-shows, 100% of the conference fee has to be paid. Substitute participants can be named without additional costs.
- Jurisdiction is Siegburg / Bonn.
- We reserve the right to cancel the event. In this case, the participants will be reimbursed for the participation fees. Further claims do not exist.
- We are not liable for accidents as well as loss or damage of personal property during the event, unless the damage was caused by our employees.
By registering, you consent to the collection, processing and storage of your contact details (first, last name, organization, function, address, e-mail address) by Deutor Cyber Security Solutions GmbH for the purpose of planning and implementing the conference and, if necessary photo and video recordings during the event. Your data will of course be treated according to GDPR and not passed on to third parties. You can revoke your consent at any time for the future via email to firstname.lastname@example.org. After completion of the event, the data will be used only for the organization of the 3. Deutor Cyber Security Best practice Conference 2020, unless otherwise stated.