About
Deep

DEEP Conference

We recognized the need to address information security at all levels at the same time and the same place.

We value the importance of knowledge and experience sharing.

Therefore, we provide everyone with the opportunity to share their knowledge and build their new experiences. Dive in and go deep with us.

why?
who?
Agenda
9:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19:00
20:00
21:00
22:00
23:00
Welcome brunch and mingle time
Fortis Centar
09:00 - 10:00
Opening ceremony - Fortis Centar 10:00 - 10:15
Brian Honan: Keynote Presentation
Fortis Centar
10:15 - 11:15
Panel discussion: Breaking the Chain - Navigating Cyber Incidents and Supply Chain Security
Fortis Centar
11:30 - 13:00
Lunch
Restaurant Iadera
13:00 - 14:45
Mario Kozina: DORA Third-Party Risk: Regulatory Challenges for Financial Institutions and ICT Service Providers
Levant B
14:45 - 15:30
Ana Balaško: Building Secure Process Environments: The Role of IEC 62443 in Process Systems
Maestral
14:45 - 15:30
Dinko Korunić: eBPF: Features, capabilities and implementation
Levant A
14:45 - 15:30
Andrej Andelic and Andras Herceg: Reducing the (Financial) Impact of successful Cyber-Attacks
Levant B
15:35 - 16:20
TBD
Maestral
15:35 - 16:20
Saša Zdjelar: The World Runs On Open Source But Your Company Doesn't: Unmasking Commercial Software Risks
Levant A
15:35 - 16:20
Coffee Break
By the Pool
16:20 - 16:50
Antoine d'Haussy: Securing the IT/OT convergence at Critical Infrastructures
Levant B
16:50 - 17:35
Bojan Magušić: Securing AI in the Wild: Protecting Your GenAI Applications from Emerging Threats
Maestral
16:50 - 17:35
Vanja Švajcer: Exploring malicious Windows drivers
Levant A
16:50 - 17:35
Josip Franjković: Maximising rewards and impact in bug bounties
Levant B
17:40 - 18:25
Bojan Belušić: Cyber Resilience Act & Security by Design
Maestral
17:40 - 18:25
Marina Kratofil: TBD
Levant A
17:40 - 18:25
Rest & mingle time
Anywhere
18:30 - 20:30
Gala Dinner
Fortis Centar
20:30 - 22:30
DEEP Party - Games Powered by Exclusive Networks
Fortis Centar
22:00 - 02:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
Tena Velki: Psychological Aspects of Online Risky Behavior: Implications for Data Security and Privacy
Levant B
10:15 - 11:00
Domagoj Ćosić: Cybersecurity Challenges: Why Testing and Validation Matter
Maestral
10:15 - 11:00
Fyodor Yarochkin: Attacks on Cyber-Physical Devices: from cybercrime to espionage
Levant A
10:00 - 11:00
Coffee break
By the pool
11:00 - 11:30
Ivan Pepelnjak: Disaster Recovery Myths and Reality
Levant B
11:30 - 12:15
Stjepan Groš: Cybersecurity Education at FER: Information, Opportunities, and Possibilities for Companies and Government Institutions
Maestral
11:30 - 12:15
Marko Grbić: Critical Infrastructure: OT Security vs Operations
Levant A
11:30 - 12:15
Robert Petrunić: Devil vs. Smurf, or Devil + Smurf?
Levant B
12:20 - 13:05
Dubravko Hlede: XDR - Reduce Risk and Protect from Modern Threats
Maestral
12:20 - 13:05
Rob van Os: SOC-CMM - Maximize your SOC’s Growth Potential
Levant A
12:20 - 13:05
Lunch
Restaurant Iadera
13:05 - 14:45
Tomislav Lukačević: TBD
Levant B
14:45 - 15:30
Konstantin Shvetsov: Exploring Serverless Threats
Levant B
15:35 - 16:20
Dmitri Belotchkine: TBD
Maestral
14:45 - 15:30
Alen Adanić: Building SSDLC in an Enterprise Environment
Maestral
15:35 - 16:20
Panel Discussion: Threat Intelligence and Collaboration - the key to proactive defense
Levant A
14:45 - 16:20
Prizes drawing and closing ceremony
Sotto Voce
16:25 - 17:00
WEDNESDAY
Workshop
NIS 2 - Izazovi incident response tima by Utilis
Tramuntana
14:45 - 16:20
THURSDAY
Workshop
The Future of Encryption: Uncovering Trends You Didn't Know You Needed to Ask About by Marko Bobinac and Daniel Danilovski
Tramuntana
10:00 - 11:00
Workshop
Defensive CTF by Matija Mandarić
Tramuntana
11:30 - 13:05
Tracks
Deep Conference

Drill down to the bit level

Technical and low level stuff is in the focus here. It might be a game for some, but various real-world attack simulations can be expected in here, as well as hacking, exploits and malware dissecting. New ideas on how to identify and exploit vulnerabilities are more than welcome.

Deep Conference

Organize your protection!

A combination of technical and management stuff is in the focus here. How to orchestrate people, technology and processes to achieve maximum protection efficiency? Topics such as infrastructure protection, damage control, threat intelligence and incident response. Case studies can be found in this track.

Deep Conference

Manage the risks, protect your business!

It’s all about management in here; governance, risk, compliance and business in general. Most of the people in here will try to get everyone on the same high-level page. It’s about understanding each other and dealing with future ideas and collaboration between business areas.

Attendees

Who should go deep with us?

  • CEOs, COOs, CTOs and other Cs
  • Corporate security managers
  • Information security managers
  • Chief information security officers
  • IT admins
  • Members of IT security teams
  • Security operation center members
  • Penetration testers
Pricing
450 €
  • Price of one pass for DEEP (23rd - 24th of October 2024. Falkensteiner Hotel & Spa Iadera, Petrčane) is 450 €, VAT included. It is all-inclusive, each conference pass grants you full access to all the areas and contents, presentations, sponsors' booths, workshops, party and meals!
  • Our aim is to make DEEP an enjoyable experience for all of our attendees, as well as successful one in terms of business. Accommodation is purchased separately and transport to the conference venue isn't included in ticket price.
  • Please check the details about SOC-CMM Certified Assessor and Corelan® “HEAP” exploit development MASTERCLASS training – if you plan to attend one or both, you have to register separately.
  • Different terms apply for the conference sponsors, so be sure to ask us for detailed info about sponsorship opportunities, you can get them by request, please contact us at info@deep-conference.com
+
Hotel
  • DEEP will happen in five-star Falkensteiner Hotel & Spa Iadera
  • Hotel & Spa Iadera - part of famous Falkensteiner Punta Skala Resort, one of the most beautiful and prestigious tourist complexes in whole Adriatic area.
  • Should you have any additional questions please be free to ask us at info@deep-conference.com. We are sure that this venue will fully enhance your experience and make your stay there during DEEP more enjoyable.
  • Note: If your company/organization’s policy doesn’t support five-star accommodation, please contact us. There is a limited number of four-star rooms available within the Punta Skala resort, at the same price.
Pictures
Speakers
Keynote
Brian Honan
CEO
at BH Consulting
Featured speakers
Fyodor Yarochkin
Senior Researcher, Forward-Looking Threat Research Senior
at Trend Micro
Rob van Os
Founder
at Argos Cyber Security Assessment
Speakers
Alen Adanić | .ops
Software Development Team Lead
at King ICT
Ana Balaško | .lead
Telecommunications manager
at HEP ODS
Antoine d’Haussy | .ops
OT Security Practice Head EMEA
at Fortinet
Bojan Belušić | .ops
Head of InfoSec and IT Ops
at Microblink
Bojan Magušić | .lead
Senior product Manager on the Customer Experience Engineering Team
at Microsoft
Dinko Korunić | .tech
Principal Cloud Architect
at HAProxy Technologies
Dmitri Belotchkine | .ops
Technical Director
at TXOne Networks
Domagoj Ćosić | .ops
Cyber Security Consultant
at A1 Hrvatska
Dubravko Hlede | .ops
Senior Technology Consultant, Adriatic
at MBCOM Technologies
Ivan Pepelnjak | .tech
Independent network architect
at ipSpace.net AG
Josip Franjković | .tech
Freelance security researcher
Konstantin Shvetsov | .ops
Head of Information Security and compliance
at LOGEX
Mario Kozina | .lead
Chief adviser
at HNB
Marko Grbić | .ops
Director of Business Development
at LNG Croatia
Robert Petrunić | .tech
Security consultant
at Eduron IS
Saša Zdjelar | .lead
Chief Trust Officer
at ReversingLabs
Stjepan Groš | .lead
Associate Professor
at University of Zagreb, Faculty of Electrical Engineering and Computing
Tena Velki | .lead
Full Professor of Psychology
at Faculty of Education, J.J. Strossmayer University of Osijek
Vanja Švajcer | .tech
Technical Leader
at Cisco Talos
Workshop
Matija Mandarić | WORKSHOP
Presales engineer
at Trend Micro

Building SSDLC in an Enterprise Environment
By Alen Adanić | .ops

We are currently working on building an SSDLC in organization based on the k8 platform, and we would like to share our experiences in setting it up. We will try to answer the following questions: How do you establish a secure SDLC? How do we comply with various regulatory requirements? What tools should be used for SAST, DAST, SCA, secret scanning, and managing the entire development cycle without compromising delivery speed and quality? Join us for the lecture and hear about our challenges and how we have solved (and are solving) them.

Alen Adanić is the Software Development Team Lead at King ICT, a leading systems integrator in Croatia. With over 10 years of experience in IT, in addition to software development, he focuses on setting up a secure development platform based on the Kubernetes (k8s) platform, incorporating security tools for SAST, DAST, SCA, and ASPM to ensure the same speed of development with a higher level of security and easier compliance with regulatory requirements.

Roundtable: It's 2025! AI and Cybersecurity are...
By Alen Delić, moderator | .lead

The conversation in this roundtable will focus on the future of Artificial Intelligence and Cybersecurity, as well as the ways in which they will influence each other, intersect, and perhaps potentially even interfere with each other. Through this interesting exchange of thoughts and ideas, the experts gathered here may even come up with the ending of the title for this roundtable. We will find out soon enough.

 

 

Moderator:

Alen Delić, CISO @SpotMe

 

Gosti:

Robert Kopal, Chairman of the Board @EFFECTUS University of Applied Sciences

Marko Horvat, Assistant Professor in Computer Science @FER

Valentina Zadrija, Technical product owner and Senior R&D engineer @Gideon

Hrvoje Kovačević, AI razvoj i infrastruktura @Mindsmiths

Vlatko Košturjak, CTO @Diverto

Keynote presentation
By Alex Ionescu |

Alex Ionescu is the Technical Director, Platform Operations and Research at CSE (Communications Security Establishment), Canada's National Cryptologic Agency. Previously, he was the VP of Endpoint Engineering at CrowdStrike, Inc., where he started as the Founding Chief Architect in 2011. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is co-author of the last 3 editions of the Windows Internals series. During the last two decades, his work led to the fixing of dozens of critical kernel vulnerabilities in Windows.

Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad, and AppleTV. Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low-level system software, reverse engineering and security training for various institutions.


By Alexander Mitter | .lead

How HORNBACH, DIY retail group with €6,3 billion in sales, manages 3rd party cyber risk according to NIS2
By Alexander Mitter and Paul Sester | .lead

Paul and Alexander will talk you though the process and decisions of a third party cyber risk management program. They will describe why, how and with what help they implemented the program as well as challenges that arose, how they overcame the them and what challenges might still not be answered.

Alexander Mitter is co-founder and CEO of KSV1870 Nimbusec GmbH. Over the last 10 years the company established itself from start-up out of Linz to a major player in the Austrian Cyber Security landscape with a subsidiary in Munich, Germany. In 2019 Alexander initiated the national cooperation leading to the CyberRisk Rating and its ecosystem.

Paul Sester is the CISO of the HORNBACH Group. For 9 years now Paul works for HORNBACH and for 5 years he is responsible for information security.

Building Secure Process Environments: The Role of IEC 62443 in Process Systems
By Ana Balaško | .lead

Owners of process systems are facing increasing risks due to the convergence of operational technology (OT) and information technology (IT). The IEC 62443 standard provides comprehensive guidelines for the design, implementation, and maintenance of security mechanisms to protect OT systems from cyber threats. This presentation will outline why it is crucial for process system owners to understand and implement IEC 62443 as a specific tool to enhance security, alongside the complementary application of ISO 27001 and the NIS Directive, in order to ensure holistic protection of critical control systems.

Ana Balaško graduated in 2009 with a degree in Electrical Engineering from the Faculty of Electrical Engineering and Computing in Zagreb, where she is also completeing  postgraduate specialist studies in Information Security. She has been employed at HEP ODS since 2010, where she actively participates in the company’s strategy development in the fields of process systems, telecommunications technologies, and cybersecurity, as well as in managing projects aimed at achieving business objectives within her area of expertise. Ana has been involved in several innovative projects focused on the use of advanced technologies in industrial environments and creating the prerequisites for transforming the distribution system into an environment capable of handling the main challenges of distribution flexibility in a cyber-secure manner. She is an active participant in conferences such as CIRED, MIPRO, and others.

Securing the IT/OT convergence at Critical Infrastructures
By Antoine d’Haussy | .ops

With Critical Infrastructures becoming more interconnected, securing the OT side is more vital than ever. This presentation will examine the unique cybersecurity challenges OT environments face and how their convergence with IT, Cloud, and wireless technologies including 5G exposes new vulnerabilities. We will explore best practices, such as network segmentation, secure remote access, and monitoring for industrial control systems (ICS), while referencing standards like IEC 62443.

Using real-world examples, we will also show how solutions like Fortinet's security fabric help mitigate risks without disrupting operations, offering actionable insights to strengthen the resilience of critical infrastructure and comply to IT/OT security frameworks.

Antoine joined Fortinet in 2019 to lead the OT strategy and revenue growth in EMEA. With 25 years’ experience in product management, engineering, sales and marketing, Antoine mostly worked for industrial clients together with Fortinet, General Electric, ALSTOM, and Altran.

In his product management roles for Control vendors, he was leading the digital solution portfolio including the M&D as well as Cyber Security products and services solutions.

Antoine participated to several global events as a speaker and panelist. He is contributor into industrial cybersecurity working group, he is a certified Global Industrial Cyber Professional (GIAC-GICSP) trained at SANS institute, he holds a MSc of Radiocom, Networking & IT and an MBA.

A native of Paris, he lived in several countries to finally settle in Zurich area in Switzerland, where he enjoys spending quality time with his wife and two kids.

Cyber Resilience Act & Security by Design
By Bojan Belušić | .ops

EU's Cyber Resilience Act (CRA) is one of the most anticipated acts in the Dev community, and yet one of the least talked-about on a general scale. It will probably be the first regulation of its kind in the world and it will affect most of the digital and software products sold in the EU. The CRA will require that products are released to the market with all known vulnerabilities addressed and developed by following secure by design principles, starting with a cybersecurity risk assessment of a product. This presentation will try to sum up what all this could mean for a software development company working on products included in the scope of the CRA.

Bojan Belušić is the Head of InfoSec and IT Ops in Microblink, one of the leading companies in AI and software development in Croatia. After 10+ years of experience in the financial industry as a sysadmin, IT architect, and IT auditor, he is now driving security and IT operations in a fast-paced development environment, balancing developers needs and compliance, while keeping those development environments secure.


By Bojan Magušić | .ops

Cloud Infrastructure Security
By Bojan Magušić | .ops

Presentation outline: What I want to share with you in this session is important and it affects companies big and small. I'd like to start with an example of a real world breach (without mentioning any names). I'll walk you through what happened, covering the impact to the company itself, followed by what could have been done to prevent it. Here I'll touch on the importance of ensuring that cloud resources adhere to best practice guidance and share with you some trends I see in the real world. Some misconfigurations tend to be more riskier than others, for example open ports carry more risk to your organization's overall security posture than enabling logging. I'll also share with you what cloud services I typically see targeted the most. Even for organizations that use more than one public cloud provider. While detecting misconfigurations in your cloud environments is important, ideally after you remediate misconfigurations, this should be applied to how you deploy resources going forward. Ensuring misconfigurations that you detected, don't happen again going forward. Here I'll speak about the importance of applying best practice guidance at scale, ensuring consistency across your environment and even integrating with pre-deployment (keyword: SecDevOps). While the industry is full of jargon of tools that can be used by different vendors to help with the technology side of things, interestingly enough implementing sound security hygiene continues to be the least attractive yet highly effective practice that companies can do to minimize the likelihood of security incidents. One might ask themselves, what is then the problem with efficiently implementing sound security hygiene in the real world? I'd like to offer a perspective. It's not just having the right tools in place, it has very much to do with the way that people operate them and how they're used inside of  an organization. This is why as part of this session, I'll share with you some best practices I've seen in the real world on how organizations approach governance, readiness and leadership sponsorship.

Free takeaways:

At the end of this session, you can expect to:

- Be able to explain why security hygiene should be an organizational-wide priority

- Understand how lack of security hygiene can impact your organization and its business

- Understand which security misconfigurations of cloud services you should prioritize and fix first

- Understand which cloud services are targeted more often than others, even across multicloud

- How to use Infrastructure as Code to embed security hygiene into pre-deployment

- Learn how to integrate continuous monitoring of cloud workloads with CI/CD and IaC

- Learn how other organizations are approaching governance and leadership sponsorship

Bojan is technologist, published author, and public speaker on cybersecurity topics.

Working with Microsoft as a Product Manager on the Customer Experience Engineering Team, where I act as a technology expert for Fortune 500 companies on the most complex and leading edge deployments, that help them realize the full value of their security investments and improve their overall security posture.

Author of the Manning book on Azure Security, a practical guide to the native security services of Microsoft Azure that teaches how to use native security services of Azure to effectively improve system security and secure the various resources in the environment against threats.

I have a strong passion for cybersecurity, advancing women in tech and professional development. I'm very interested in building partnerships with other companies and cyber professionals to learn how they support, advance, and retain their cyber talent.

In addition to various technical certifications (21+ and counting), I've also received certifications from INSEAD and Kellogg School of Management.

Securing AI in the Wild: Protecting Your GenAI Applications from Emerging Threats
By Bojan Magušić | .lead

Have you ever wondered how organizations secure their AI applications in the real world? With the rise of tools like ChatGPT, more companies are building their own generative AI (GenAI) applications—but securing these apps is no easy task. The uniqueness of GenAI introduces a new and complex attack surface. In this session, I’ll dive into how real-world companies are tackling security challenges for their GenAI apps. From new attack vectors like prompt injection to other emerging threats, we’ll explore the strategies organizations are using to protect their AI-driven innovations.

Bojan is technologist, published author, and public speaker on cybersecurity topics.

Working with Microsoft as a Senior Product Manager on the Customer Experience Engineering Team, where I act as a technology expert for Fortune 500 companies on the most complex and leading edge deployments, that help them realize the full value of their security investments and improve their overall security posture.

Author of the Manning book on Azure Security, a practical guide to the native security services of Microsoft Azure that teaches how to use native security services of Azure to effectively improve system security and secure the various resources in the environment against threats.

I have a strong passion for cybersecurity, advancing women in tech and professional development. I'm very interested in building partnerships with other companies and cyber professionals to learn how they support, advance, and retain their cyber talent.
In addition to various technical certifications (21+ and counting), I've also received certifications from INSEAD and Kellogg School of Management.

Keynote presentation
By Brian Honan |

Brian Honan is a recognised internationally expert on cybersecurity. He is CEO of BH Consulting an independent advisory firm on cybersecurity and privacy based in Dublin, Ireland. He formerly was a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board of several innovative security companies. Brian has advised various government departments, companies of varying sizes, the European Commission, and the European Union Agency for Cybersecurity (ENISA) on matters relating to information security.


By Cristian Cornea | .tech

Bypassing Anti-Virus and EDR using BadUSB
By Cristian Cornea | .tech

Agenda for the Cristian’s presentation: - AMSI Bypass Development - Execution Policy Bypass - Payload Runner Development - Deploying Attack using BadUSB - Post-Exploitation Persistence - DEMO – Prevention. During this presentation, we will take a look over how we can bypass most Anti-Virus detection using a payload embedded on a BadUSB device, resulting in a silver bullet for gaining initial access inside a victim network. Demo will be also included during the presentation.

Cristian is founder @ Zerotak Security & President @ Romanian Cyber Security Training Centre of Excellence. Providing pentesting & security consultation for clients all over the world: Australia, U.S., U.K., Middle East, Singapore, India, Central Africa, Europe.

eBPF: Features, capabilities and implementation
By Dinko Korunić | .tech

The talk explores the powerful extended Berkeley Packet Filter (eBPF) technology. eBPF allows developers to run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. The talk covers key features such as network traffic monitoring, performance profiling, and security auditing. It also discusses the capabilities of eBPF, including its flexibility, safety, and efficiency in optimizing system performance. Additionally, the implementation part explains how eBPF programs are written, verified, and executed, offering insight into its architecture and use cases in production systems.

Dinko Korunic is Principal Cloud Architect at HAProxy Technologies and an accomplished IT professional with over two decades of experience in systems engineering, networking, and IT management. His expertise spans high-performance computing, Unix/Linux administration, and open-source technologies. Dinko has held roles in systems architecture, leading the design and implementation of complex infrastructure solutions for enterprises, particularly in network security, optimisation, and traffic management. He has contributed to projects across industries, including telecommunications and financial services. His educational background includes a degree in Computer Science, and he is highly skilled in system and application programming in C, C++, Perl, Python, Java, Rust and Golang. He is also actively maintaining a number of smaller open source projects.

A blueprint to protect your AD using NIST CSF 2.0
By Dirk Schrader | .lead

The lecture will talk about the lifecycle of the AD, the lifecycle of identities, and how attacks are crossing these cycles. The main message conveyed is about how to embed preparation and prevention into those lifecycles, what role governance is going to play and how to identify areas where one can improve the cyber resilience of the AD environment.

Being a native of Germany, Dirk brings more than 25 years of delivering IT security expertise at a global scale. His work focuses on advancing cyber resilience as a sophisticated, new approach to tackle cyber-attacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA).

Deep Dive into securing critical OT infrastructure
By Dmitri Belotchkine | .ops

Operational environments and critical infrastructure are being hit by cybersecurity incidents on a regular basis. More and more of them cause damage far outside of one company, reaching out to the national levels and impacting the people and environment. We have also seen “friendly fire” incidents caused by traditional IT security tools implemented in OT. In this session we will quickly look at the attack vectors and techniques observed in the cybersecurity incidents on OT and discuss why we fail to address them properly on the shop floor, and why using conventional IT security strategy and tools is not enough.
How to extend cyber physical security strategy in OT beyond the air-gap concept and deeper into the process and process control networks. We will also discuss the ways to do it without adding additional operational risks that can cause downtime and productivity loss.
Dmitri Belotchkine is a seasoned cybersecurity professional with a more than 25 years experience in IT and OT cybersecurity industries with a focus on High Tech and Manufacturing. Dmitri worked for large international system integrators and service providers such as Atos and Wipro as well as security products vendors. Before joining TXOne Networks last 7 years Dmitri spent at Trend Micro working with solutions and products for security of OT, Industrial IoT and 5G networks.

Cybersecurity Challenges: Why Testing and Validation Matter
By Domagoj Ćosić | .ops

In this presentation, we will explore the fast-changing world of cybersecurity, examining why traditional security approaches are no longer sufficient. We will address the challenges organizations face in managing security tools and share insights on how to enhance resilience through automated security validation. Additionally, we will provide real-world examples that demonstrate why regular testing and validation of security measures are essential for staying ahead of evolving threats.

Bio:

I was born on April 1st, 1987, in Croatia, and I currently live in Zagreb. My journey in the world of technology and information security started with a passion for computer engineering, which led me to pursue both a Bachelor's and Master's degree at the Faculty of Electrical Engineering in Osijek.

After completing my education, I began my professional career, gaining valuable experience across multiple organizations. I worked as a Systems Engineer for companies like Hrvatska Pošta and Infodom, where I managed VMware and Hyper-V environments, as well as Microsoft 365 administration, among other tasks. My role at Hrvatski Telekom allowed me to dive deeper into corporate services, where I provided technical support, participated in gap analysis, and contributed to the implementation of GDPR compliance measures, ensuring that data protection standards were met across the organization. Additionally, I oversaw various system integration tasks, enhancing the efficiency and security of corporate IT environments.

Currently, I am a Cyber Security Consultant at A1 Hrvatska, where I’m responsible for advising clients on the best cybersecurity solutions to meet their needs. I guide them through selecting appropriate technologies and strategies, such as NDR, EDR, and XDR, ensuring they have the most effective defenses in place. In addition to recommending solutions, I offer clients the best practices from the industry, helping them implement proven strategies that enhance their overall security posture and align with their business goals. This way, I ensure that each solution is not only technically sound but also tailored to their specific requirements.

My journey continues as I seek out new challenges and opportunities in the rapidly evolving world of cyber security, always striving to stay ahead of the curve and contribute to the success of the organizations I work with.

When Cybersecurity Enters the Quantum Triangle: Quantum Computers, Quantum and Post-Quantum Cryptography
By Dr. Marko Horvat | .ops

Quantum cryptography utilizes the fundamental laws of quantum mechanics to establish secure communication channels between different entities. One such use is Quantum Key Distribution (QKD), which facilitates the creation of a confidential shared key for the purpose of encrypting and decrypting messages. The presence of quantum features such as superposition and entanglement makes eavesdropping detectable and prohibits replication of quantum states. In theory, if the physical execution is excellent, this technology offers security that cannot be compromised. Nevertheless, the widespread use of quantum technologies is currently hampered by practical obstacles, including the attenuation of signals in optical fibers and the preservation of quantum states across extended distances.

Numerous cryptographic techniques in contemporary times rely on the challenge of factoring large numbers and calculating discrete logarithms. However, Shor's algorithm can swiftly factor numbers on a quantum computer, undermining conventional encryption methods like RSA and ECC. The QKD technique has been proposed as a solution to this issue. The first such protocol, known as BB84, was introduced in 1984 by Charles H. Bennett and Gilles Brassard. The BB84 protocol utilizes two distinct communication channels: a public channel and a quantum one, specifically an optical cable. It also employs various photon polarizations to facilitate the transmission of information. These initial solutions have been improved over time with BB91 protocol and other approaches.

More recently, another promising approach has been proposed, post-quantum cryptography which to cryptographic algorithms designed to be secure against the potential capabilities of quantum computers. The goal of post-quantum cryptography is to develop new methods of encryption and key exchange that would remain secure even in the age of quantum computing.

In the field of post-quantum cryptography, numerous potential algorithms have emerged as candidates that have the ability to withstand attacks from quantum computers. Several algorithms, such as BIG QUAKE, BIKE, Ding Key Exchange, GeMSS, HQC, LIMA, NewHope, NTRUEncrypt, Picnic, RSA-Encryption, and SPHINCS+, among others, already exist or are under development.

The emergence of quantum computing poses a significant challenge to existing encryption techniques, necessitating the adoption of post-quantum cryptography across multiple industries. In the context of secure communications and financial transactions, it functions as a protective measure against potential quantum-based security risks in the future. Cloud storage and Internet of Things (IoT) devices provide an increasingly robust security framework to mitigate the risks of unwanted access and cyberattacks. The utilization of this technology enhances the process of verifying digital identities, reinforces the tracking of supply chains, and guarantees the preservation of patient confidentiality within the healthcare sector. Furthermore, it serves to safeguard the integrity of electronic voting systems and decentralized networks such as blockchain. Post-quantum cryptography plays a crucial role in upholding digital security in a future characterized by the widespread adoption of quantum computers.

The talk will focus on the difficulties and solutions that quantum computing brings to the world of cryptography.

Dr. Marko Horvat is currently an Assistant Professor at the Department of Applied Computing at the University of Zagreb's Faculty of Electrical Engineering and Computing (FER). He graduated in 1999, with a MSc degree in 2007 and a PhD in 2013 from FER, specializing in artificial intelligence and mobile computing. After graduation, he gained 10-year professional experience in the ICT sector, as a software development engineer, software architect, project manager and IT department manager. He serves as a project manager, researcher and expert in a number of national and EU scientific projects. Previously, he worked as a lecturer, senior lecturer, study program supervisor, and vice-dean for science, international cooperation, and new study programs at the Technical University of Zagreb (TVZ), where he also founded the AI Lab.

Dr. Horvat has authored or co-authored more than 90 scientific papers during his academic career and has developed a number of university and professional instructional manuals and educational materials. In addition, he supervised over 80 BSc and MSc dissertations in informatics and computer science. He is engaged in editorial and review activities, serving on many editorial boards of international journals and conference program committees. His primary research interests are in artificial intelligence and machine learning, particularly in the areas of automated reasoning, knowledge representation, information retrieval, affective computing, and semantic web.

Marko Horvat is an active promoter of science and STEM education, regularly participating in educational activities and making media appearances speaking about a wide range of topics covering computer science, artificial intelligence, and the impact of disruptive technologies.

He is a Senior Member of the IEEE professional association and vice-chairman of the Croatian section of the IEEE Department of Management in Technology and Engineering. He is currently the Chairman of the Scientific Advisory Board of the Croatian Mine Action Center - Center for Testing, Development, and Training (HCR-CTRO) LLC.

XDR: Reduce Risk and Protect from Modern Threats
By Dubravko Hlede | .ops

Explore how advanced security solutions are pushing the boundaries of traditional threat detection by delivering broad, deep, and context-rich data. This presentation will showcase how high-fidelity telemetry uncovers sophisticated adversarial tactics, tracking threats as they target endpoints, networks, identities, and more. Learn how these next-generation tools empower security teams to detect and respond to attacks in real-time, providing the visibility and insight needed to outmaneuver even the most advanced cyber threats.

Dubravko Hlede is a seasoned professional with extensive experience across industries such as finance, automotive, and research and development. He is now focused on applying his expertise on the vendor side, specializing in security and management solutions. With a proven track record of driving results and enhancing operational efficiency, Dubravko is dedicated to helping organizations safeguard their assets and streamline operations

Attacks on Cyber-Physical Devices: from cybercrime to espionage
By Fyodor Yarochkin |

With the widening segmentation and geo-fencing of the Internet and the explosive growth in number of cyber-physical devices, these devices become a lucrative target for criminal groups and state-sponsored threat actors alike. Often placed at the edge of organizations, devices such as digital cameras, smart building monitoring equipment, and even the city surveillance infrastructure are often targeted as attractive pivoting points and sources of on the ground information of the physical surroundings. In this presentation we discuss the risks of exposure of cyber-physical monitoring infrastructure, and attack patterns that we have identified in the wild. Further, we disclose several unconventional ways that attackers have used in order to identify and exploit such infrastructure and even build malicious overlay networks on the top of them. The presentation discloses some of previously unknown security issues with camera deployments and illustrates it with real-life war stories from different parts of the world

Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

What else can a data security platform be used for?
By Gábor Hirsch | .tech

Thales, one of the world's leading data security vendors, offers its customers several encryption and other data security solutions, but what happens when engineering invention overrides product development and the hidden functions of the solutions are revealed? The presentation is about such a story.

Gábor Hirsch graduated at Bánki Donát Technical Collage as information technology engineer and teacher. In the last 20 years I held on a lot of manager positions in information security and network security companies.

Among others he established and lead the Check Point distribution and IT security business unit in DNS Hungary (today is Arrow ECS) and as business development manager of Cisco Hungary he responsible on the success of the Cisco security products. He was the first employee of Fortinet in Hungary and I built the channel, brand and the team. Parallel his business carrier he took part in professional activities: he was member of Check Point Advisory Council, from 2008 till 2018 he was the leader of the information and IT security workgroup at IT Association of Hungary, and he was associate lecturer of King Sigismund University (today Milton Friedman University) and University of Public Service.

Before he joined to Thales as Regional Sales Manager he managed several data security and information security projects as independent advisor, worked as DPO and collaborated GDPR related projects in other advisories like PriceWaterhousCoopers.

DORA - Testing ICT response and recovery plans with the Cyber Conflict Simulator
By Goran Polonji and Dalibor Gernhardt |

It is common knowledge that in the year 2023, cyberattacks have claimed the top spot as the most significant business risk, and this trend is likely to persist in the years ahead.

The newly introduced EU regulation, known as the Digital Operational Resilience Act (DORA), specifically addresses this issue within its Regulatory Technical Standards (RTS) outlines the requirement for financial entities to incorporate provisions in their ICT business continuity policies pertaining to the development, testing, and review of ICT response and recovery plans. Notably, the first scenario detailed in RTS revolves around the subject of "cyber-attacks."

We invite you to join our workshop, where you will gain insights into how to enhance and test your cyber incident response and recovery plans using the Cyber Conflict Simulator.

During this workshop, participants will assume various roles, such as incident handlers, business service owners, and members of the management board, all representing a fictional entity called Generic Financial Institution (GFI). GFI will face a sophisticated attack orchestrated by an Advanced Persistent Threat Group (APT). Your collective mission, along with fellow participants, will be to ensure the continuous operation of the business, simultaneously detecting the attacker within the network, responding effectively, and facilitating the recovery of the ICT infrastructure, enabling GFI to resume normal operations. Participants will have the opportunity to apply their existing knowledge of ICT response and recovery plans and, hopefully, acquire new insights from the trainer and the CCS support team.

This workshop extends its relevance beyond financial institutions. Cyber specialists and managers in various industries and government institutions are well aware that NIS/NIS2 Directive incorporates identical requirements for their ICT infrastructure. Therefore, participation will be equally engaging for them.

The duration of the workshop will extend up to two hours, contingent on participant engagement and the pace at which the incident is addressed. To maximize the workshop's effectiveness, registered participants will be assigned roles tailored to their real-world responsibilities within their respective organizations.

If you are a registered DEEP attendee, please be free to reserve your workshop seat at https://forms.gle/LZwk6FA4KCjLv7kC8.

Trainers professional bio: Goran Polonji is an information security consultant and cybersecurity auditor in Utilis Ltd. Last twenty years he is working with financial institutions and industry in improving information security posture and fulfilling regulatory compliance. Goran is a member of Cyber Conflict Simulator development team as a domain expert. He is continuously trying to build understanding between business and technology experts about cybersecurity and to fill the gap between administrative and technical cybersecurity controls.

Dalibor Gernhardt is a lecturer in military-defense and security intelligence science and art and teaching at the Croatian Military Academy. For the last 12 years, he has been doing various jobs in the defense and security domain. In addition, he is PhD student at the Faculty of Electrical Engineering and Computing in Zagreb on the subject of computer security. He is preparing a doctoral dissertation on the topic of organization and implementation of simulation exercises in the field of cyber security.

Along with two main trainers, there will be the CCS support team:  Zdenko Ćorić (Utilis Ltd.), Vito Žuvanić (Utilis Ltd.), Stjepan Groš (FER).

How to achieve "real-time" system visibility and security in a large company?
By Ilija Jozinović | .ops

This session focuses on the successful implementation of the XDR solution, which enabled us to achieve real-time system visibility across 20 countries and over 100 locations within the Orbico Group and more than 8,000 employees. Without the right XDR solution, IT hygiene practices and other security measures there is no reduction in Cybersecurity risk for organization.

Ilija Jozinović currently performs the role of an IT Infrastructure Manager in Orbico Group where he is responsible for managing the proper IT infrastructure of the organization and he’s responsible for Support, Systems, Networking and CyberSecurity teams. He has more than 15 years of experience in IT.

Disaster Recovery Myths and Reality
By Ivan Pepelnjak | .tech

Infrastructure (virtualization, storage, and networking) vendors love to tell you how to use their products to implement disaster recovery or high-availability architectures without touching the applications. Most of those solutions work best in PowerPoint and vendor whitepapers; they could cause a disaster in production deployments.

In this presentation, we’ll explore several (somewhat disguised) real-life disasters caused by that mentality and end with a few recommendations that have been proven to work in mission-critical deployments.

Ivan Pepelnjak, CCIE#1354 Emeritus, is a 30-year veteran of the networking industry, with 25+ years of experience in designing, installing, troubleshooting, and operating large service provider and enterprise WAN and LAN networks. He is currently an independent network architect at ipSpace.net AG, focusing on network automation, software-defined networking, large-scale data center and network virtualization technologies, and advanced IP-based networks.

Ivan is the author of a series of highly successful webinars and online courses. His books published by Cisco Press include MPLS and VPN Architectures and EIGRP Network Design.

Internet Routing Security
By Ivan Pepelnjak | .tech

While we had the necessary means and technologies to significantly enhance the routing and packet forwarding security in the Internet for years if not decades, we’re still facing BGP hijacks and amplification DDoS attacks on daily basis.

This talk will describe some of the reasons for this dismal state of affairs, the steps one can take to increase the Internet routing security, and the MANRS framework that can guide you on that journey.

Ivan Pepelnjak, CCIE#1354 Emeritus, is a 30-year veteran of the networking industry, with 25+ years of experience in designing, installing, troubleshooting, and operating large service provider and enterprise WAN and LAN networks. He is currently an independent network architect at ipSpace.net AG, focusing on network automation, software-defined networking, large-scale data center and network virtualization technologies, and advanced IP-based networks.

Ivan is the author of a series of highly successful webinars and online courses. His books published by Cisco Press include MPLS and VPN Architectures and EIGRP Network Design.

NIS2 – Europe's roadmap to Cyber resilience
By Ivona Loparić | .lead

Summary:

Is it just another regulation or will it have more profound impact? The Network and Information Systems Directive 2 (NIS2) represents a pivotal moment in the EU's approach to cybersecurity. While on the surface, it may seem like another set of rules, NIS2 is poised to reshape the digital landscape of Europe. With its expanded scope, stringent incident reporting requirements, and a renewed emphasis on cross-border cooperation, NIS2 isn't just about compliance – it's about forging a united front against cyber threats. NIS2 isn't just another regulation, it's the blueprint for safeguarding Europe's digital future. Join us in exploring the layers of this directive, from its regulatory core to its potential to fortify the resilience of our digital infrastructure.

Short professional bio:

Ivona Loparić is Information Security Consultant with 10 years of experience working as IT auditor and consultant. In her career, Ivona worked on various engagements related to compliance with regulatory requirements and standards related to information security, including NIS Directive, EBA / CNB guidelines and ISO/IEC 27001. Even though most of her engagements were related to financial sector, Ivona has experience with working for production, trade, utility and public sector. Some specific areas of Ivona’s interest are IAM (Identity and Access Management) and Social Engineering.

Security challenges in the software development industry...what can go wrong?
By Jasmin Azemović | .tech

Cyber-security as a broader form of protection of all IT resources has long ceased to be a luxury. On the contrary, it has become an imperative. Pandemic and geopolitical challenges contribute to this. The challenges we are facing are escalating on a daily basis. The result can be catastrophic consequences for your business: data breaches and leaks, ransomware, insider threats and the list goes on. The software industry is most important part of digital transformation of society and secure enough solutions are set as an obligatory requirement.

This session is intended for all those involved in software development process and decision makers (the private sector, government, and public institutions). Also, for everyone else who wants to hear about the experience from first line of defense.

Jasmin Azemović is a CISO, University Professor and ex. Dean. Professionally engaged in the areas of information security, privacy, forensic analysis and database systems for the last 20+ years. Currently leading the defensive security department within the HTEC Group. Author of the books: Writing T-SQL Queries for Beginners Using Microsoft SQL Server 2012, Securing SQL Server 2012 and SQL Server on Linux. Microsoft Security MVP and speaker on many IT conferences, events, and panels with more then 150 speaking engagements in the last 15 years.

Maximising rewards and impact in bug bounties
By Josip Franjković | .tech

Thirteen years since my first paid report to a bug bounty program, I have seen it all. This presentation will focus on evening the odds in the bug bounty field, maximizing rewards and avoiding the typical pitfalls when reporting security issues.

I will present a collection of real reports - low severity bugs turned critical, "N/A" reports that were in fact applicable and other interesting edge cases I've found myself in, along with general tips and tricks on increasing impact and getting your reports paid

 

Josip Franjković is a freelance security researcher and a "bug bounty hunter". Throughout his career he has reported over 200 verified vulnerabilities to companies like Facebook, Google, Microsoft, PayPal, Yahoo and others, with a main focus on authentication and authorization vulnerabilities.

 

Josip is a top hacker on PayPal's bug bounty program, and tops Facebook's whitehat list in the '17-'19 period. He has also participated in live hacking events around the world for PayPal, Yahoo and Facebook, where he was asked to find vulnerabilities in yet to be released software and hardware, winning two "Most Valuable Hacker" awards and placing among the top three participants multiple times.

Exploring Serverless Threats
By Konstantin Shvetsov | .ops

Understanding its unique security challenges is paramount as serverless computing revolutionizes application development. This presentation explores the evolving landscape of serverless threats, from data breaches to injection attacks. Delving into real-world cases, we dissect vulnerabilities arising from inadequate authentication, insecure deployment practices, and more. We will dive deeper into the real-world attack that occurred this summer and understand how we could prevent it or mitigate it. Attendees will gain insights into proactive measures such as strict access controls, continuous monitoring, and leveraging managed security services. By comprehending the intricate interplay of serverless architecture and security, this presentation equips professionals to build and maintain resilient, threat-resistant serverless applications in an increasingly interconnected digital ecosystem.

Konstantin is the Head of Information Security and compliance, a member of the Cloud Security Alliance, and has 18 years of experience in cybersecurity. The expertise includes serverless architectures, threat analysis, and implementing robust security frameworks for scalable cloud solutions.


By Leon Schulze | .ops

Empower your SOC: An XDR story
By Leon Schulze | .ops

VMware Carbon Black XDR shifts the balance of power away from adversaries and back to security teams. As the evolution of Carbon Black Enterprise EDR, our XDR delivers on modernizing the SOC by enabling rapid and accurate detection, visualization and analysis of endpoint, network, workload, and user data in context. Powered by VMware ContexaTM, Carbon Black XDR surfaces new results by preserving and extending the endpoint and network contexts during analysis and display.

Leon Schulze is a Security Solutions Engineer at Carbon Black, CEMEA. He is responsible for designing, implementing, and troubleshooting workload, endpoint, and cloud security solutions for various clients in central and eastern Europe. He has a natural flair for making complicated security topics accessible to everyone. Whether he's speaking to a room full of experts or educating novices, his unique storytelling approach turns complex topics into relatable narratives.

Good, Bad and Ugly Compliance in Public Cloud
By Marin Jaram, Tihomir Maček and Marin Vidaković | .ops

From Orchestration and Automatization to safety of Vendor solution for Proactive reaction with real-time monitoring, fully audited controls for various aspects of security access to automated alerts and notifications of policy violations. Why using CloudBots for incident response empower and for automatic remediation.

Marin Jaram is a security engineer with 18+ years of experience in the field. From Developer cross System integration to Pre-Sales landed on cyber security in last 8 years and enjoy it from the bottom of his heart. Evaluate cyber security solution and in constant search for potential solutions for all business risks of our partners and clients.

Tihomir Maček is an experienced Product Manager with 7 years of expertise in the field of Cyber Security in the dynamic world of IT distribution, primarily at Ingram Micro, the world's largest player in this industry. His career is a testament to his commitment to excellence in the field of IT and Cyber Security product management. Beyond his professional life, Tihomir enjoys spearfishing, skiing, and playing football in his free time.

Marin Vidakovic is a cloud solution architect and security enthusiast with over 20 years of experience. He began his career as a developer, then moved into telecom and networking operations, and now leads a cloud consulting company that assists software developers on their journey to cloud-native applications.

Managed SOC in OT environments: no problem?
By Mario Blažević and Andrija Grgić | .tech

In the OT world, it's not about 'Ever tried? Ever failed? Try again, fail better!' It's more like 'Fail once, and you might not get another shot to innovate.' The adoption of an OT Security - Operations Center (OT SOC) has never been more crucial, especially with the NIS2 directive and its accompanying regulations knocking on our digital doors. But wait, integrating and managing OT SOC services within critical infrastructure? It's no walk in the park.
Join Diverto in this presentation as we unravel the challenges, share our experiences, and draw valuable conclusions. In the world of managed SOC in OT environments, we'll explore whether it's really a breeze or if there are hidden storm clouds on the horizon. Don't miss it!
Mario Blazevic is an experienced information security professional, with a strong emphasis on Industrial Control Systems (ICS) cybersecurity, particularly within the energy, traffic, and utility sectors. Specializing in NIS and ISA/IEC 62443 standards, Mario in Diverto manages complex cyber-security/information security projects and effectively communicates risks with stakeholders. In roles ranging from trusted advisor, auditor, to both externalized and internal Chief Information Security Officer (CISO), Mario has a proven track record of implementing diverse management systems in the fields of information and cybersecurity, as well as quality management. This ensures compliance with the NIS Directive, GDPR, and other regulatory requirements, alongside various standards and frameworks. With extensive auditing expertise and proficiency in information security frameworks like COBIT, NIST, and ITIL, Mario offers valuable insights, navigating the intricate landscape of information and cybersecurity challenges across diverse industries.
Andrija Grgić is a Senior Information Security Consultant at cybersecurity company Diverto ltd., where he focuses on challenges in OT/ICS landscape and critical infrastructure environments. Prior to Diverto, Andrija worked in IT Security and Systems Integration for 15 years. During that time, he has achieved top level certifications, including Cisco CCIE Security. Using this experience, Andrija is dedicated to pursue OT/ICS topics and bringing cybersecurity awareness to the next level. Highly skilled in designing and implementing IT/OT security architecture, Andrija is always ready to share his knowledge and experience. In his private time, he can be found usually jumping from one mountain peak to another.

DORA Third-Party Risk: Regulatory Challenges for Financial Institutions and ICT Service Providers
By Mario Kozina | .lead

The Digital Operational Resilience Act (DORA), effective from 17. January 2025, introduces stringent requirements for managing third-party ICT risks, creating significant challenges for both financial institutions and ICT service providers. This presentation will help financial institutions and ICT service providers to understand the key DORA requirements, navigate contractual provisions, cooperate effectively to mitigate ICT risks and improve resilience across the financial sector.

Mario Kozina is a Chief adviser at the Croatian National Bank (HNB) where he supervises how credit institutions manage IT risk. His professional interests lie in the areas of IT management, security, audit, outsourcing and provision of financial services. For the past few years, he has participated in the development of regulatory acts (at the HR and EU level) related to IT risk management and digital operational resilience of financial institutions.  He graduated in computer science at FER and is CISSP and CISM in good standing.

DORA Regulation overview
By Mario Kozina | .lead

Wide use of IT in financial institutions, increased complexity and occurrence of cyber incidents contributed to the growth of IT risk and the need for a stronger regulatory framework. Join this session to get an overview of the new EU Digital Operational Resilience Regulation – DORA that will apply from January 2025.  Emphasis will be on DORA's requirements related to IT risk management and security testing.

 

Mario Kozina is a Senior adviser at the Croatian National Bank (HNB) where he supervises how credit institutions manage IT risk. His professional interests lie in the areas of IT management, security, audit, outsourcing and provision of financial services. For the past few years, he has participated in the development of regulatory acts (at the HR and EU level) related to IT risk management and digital operational resilience of financial institutions.  He graduated in computer science at FER and is CISSP and CISM in good standing.

Critical infrastructure: OT security vs operations
By Marko Grbić | .ops

How to build up cyber security level in critical infrastructure where operations are 24/7/365 and cost of downtime is unmeasurable. Using that same cost of downtime as a push towards increasing cyber security while avoiding any impact on operations.

Graduated from University of Zagreb, Faculty of Electrical Engineering and Computing, obtained a master's degree in electrical engineering and information technology, majoring in automation. More than 10 years of experience in the energy sector with an emphasis on OT infrastructure such as process control systems and safety instrumented systems in industrial plants.

Airgap in OT - myth or reality?
By Marko Grbić | .ops

What is OT and how has it evolved over the past decade? What is an airgap in theory and has it ever really existed in the real world? The role of the vendors in the (in)security of the OT system. New technologies and security approaches in OT systems.

Graduated from University of Zagreb, Faculty of Electrical Engineering and Computing, obtained a master's degree in electrical engineering and information technology, majoring in automation. More than 10 years of experience in the energy sector with an emphasis on OT infrastructure such as process control systems and safety instrumented systems in industrial plants.

Workshop: Capture the Flag
By Matija Mandarić |

Capture the Flag is a very popular format of blending fun with learning new skills and we are delighted to have an opportunity to offer this as one of our workshops at third DEEP conference. This workshop will introduce you to the functionality of XDR technology and facilitate the acquisition of skills you need to develop to deal with advanced attacks. Each participant should bring own laptop to the workshop. If you are already registered for the conference, you can book your place by an email to info@deep-conference.com. If there will be demand, workshop will be repeated on the second day of the conference.

From a security engineer to presales and consulting, enterprise security architecture and education. Matija has been in security for more than a decade, in various roles and various organizations with various responsibilities, from a user through an integrator to a vendor. He likes to joke that it made him jack of all trades but master of none. But hey, as an SF author once wrote, specialization is for insects!


By Matija Mandarić |

Step into the shoes of an Incident Responder for a few hours and learn how they analyze incidents, piece together the puzzle, and defend against existing or future attacks. Additionally, you will see how with the right tools, this job can truly be done in such a short timeframe.

This will be a CTF-style workshop, with the curiosity that it is a defensive CTF, which is not common; typically, you can find Red Team tasks, i.e., offensive tasks, online. Through solving various tasks, participants will familiarize themselves with tactics and techniques that attackers use in targeted attacks, including phishing emails, script usage for system access, and running malicious code in RAM. How to detect, stop, and prevent such attacks.

From a security engineer to presales and consulting, enterprise security architecture and education. Matija has been in security for almost 15y now, in various roles and various organisations with various responsibilities, from a user through an integrator to a vendor. He likes to joke that it made him jack of all trades but master of none (although the continuation of that saying is very indicative). But hey, as an SF author once wrote, specialisation is for insects?

Keynote presentation
By Mikko Hyppönen |

In unlikely case you didn’t hear about this leading global security expert, speaker and author, he works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure.
Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Our keynote presenter sits in the advisory boards of t2 and Safeguard Cyber.

SOC-CMM – Maximize your SOCs growth potential
By Rob van Os |

The SOC-CMM is a free model and tool to measure capability and maturity in Security Operations Centers (SOCs). Since its original release in 2016, it has become a defacto open standard for SOC maturity measurement.

The SOC-CMM allows SOCs to gain insight into their strengths and weaknesses across 5 domains and use this information to strengthen their cyber defenses, mature their security operations and demonstrate growth.

In this presentation, Rob, the author of the SOC-CMM model and tooling, will explain the SOC-CMM model and the accompanying assessment tool and how to practically apply it to SOCs. Additionally, the usage of the SOC-CMM for purposes of target operating modelling and defining a strategic direction for the SOC is explained.

Rob van Os, MSc. is a strategic SOC advisor, who has over a decade of practical experience in security operations. Rob has held several positions in SOCs, from analyst to engineer, from incident responder to SOC manager. Currently, Rob helps SOCs address their strategic challenges, from SOC modernisation and transformation to defining and achieving strategic direction.

Rob has obtained a Bachelor's degree in Computer Science from Amsterdam University of Applied Sciences in 2009 and a Master's degree in Information Security from Luleå University of Technology in 2016. Rob is the founder of SOC-CMM and Argos Cyber Security Assessment, helping cyber defence teams achieve their growth and maturity goals. Rob is also a trainer for Security Academy and SECO Institute, author of security articles and conference speaker

The role of Artificial Intelligence in Cybersecurity
By Robert Kopal | .lead

There are lots of benefits of using AI and automation in cybersecurity: protecting data across hybrid cloud environments; generating more accurate and prioritized threats; balancing user access needs and security etc. Also, adopting AI-powered automation can help cybersecurity teams drive improved insights, productivity, and economies of scale.

It has been suggested that current operational reality demands a new approach. And this is true.

Especially when you look the data (IBM report, AI and automation for cybersecurity). For example, majority of executives—globally and across industries—are adopting or are considering adoption of AI as a security tool. 64% of executives have implemented AI for security capabilities and 29% are evaluating implementation.

They report AI applications have delivered significant positive impacts on their security outcomes. As for the cybersecurity these include the ability to triage Tier 1 threats more effectively, detect zero-day attacks and threats, and reduce false positives and noise that require human analyst inspection.

Top-performing AI Adopters illustrate the potential for AI to transform cyber defense operations. Their use of AI has helped reinforce network security by monitoring 95% of network communications and 90% of endpoint devices for malicious activity and vulnerabilities. They estimate that AI is helping them detect threats 30% faster. They are also significantly improving response times to incidents and the time to investigate. And their return on security investment (ROSI) has jumped 40% as well.

To summarize in one sentence: only 7% of executives are not considering the use of AI for cybersecurity.

But, is this approach of using AI and automation for cybersecurity without challenges? And, how to implement such approach? What are the benefits but also risks? Are there other approaches?

Robert Kopal, Ph.D., Associate Professor; Senior Research Associate; Tenured University College Professor; Chairman of the Board at EFFECTUS University of Applied Sciences.

Professional and scientific experience: Special Advisor to the Prime Minister for National Security; Acting minister & State Secretary at Ministry of the Interior; Chief Intelligence Analyst at Ministry of the Interior and Senior Manager at the Security and Intelligence Agency; 3x Dean Effectus University College for Law and Finance; Vice Dean for R&D at Algebra University College and Head of the professional master study programs of Digital Marketing and Data Science; Vice Dean for Academic Affairs at Libertas International University; Lecturer and visiting lecturer at numerous university colleges in Croatia and abroad and at CROMA EduCare Programme (Croatian Managers and Entrepreneurs Association); R&D Executive Director at Tokić; Advisor of the Board at IN2 Group for R&D/Science Advisor; Chief Science Officer at IN2data; Author of 13 books published in Croatia and abroad (Intelligence Analysis; Game Theory, Competitive/Business Intelligence Analysis Techniques, Analytical Management, Economic Analysis of International Terrorism, etc.); Author of a number of chapters in books and of about 70+ professional and scientific papers in Croatia and abroad; Head of, and lecturer at over a hundred business and analytical workshops in Croatia and abroad (trained intelligence & law enforcement officers from 11 countries); Head of PIU & Key Expert: “CARDS Twinning project: Criminal Intelligence System, Phase 1&2” te Project Liaison Officer na UNODC (United Nations Office on Drugs and Crime) projektu “Strengthening of Capacities for Collection and Analysis of Criminal Intelligence in South-eastern Europe”; 2 UNODC commendations; Designed several specialized IT systems; certified intelligence analysis techniques and intelligence analysis software trainer; Member of IALEIA (International Association of Law Enforcement Intelligence Analysts) and BDVA (Big Data Value Association); Editor-in-Chief of the International Journal of Digital Technology and Economy and member of the editorial board of the International Journal of Economics &; Management Sciences; Speaker at various national and international conferences; Participant and head of multiple national and international analytical projects; Member of the Agency for Science and Higher Education Commission for Social Sciences; Member of the National Council for the Development of Human Potential; Member of National Cyber Security Council; Member of the Croatian national team - European Big Data Hackathon 2017, which won the 1st prize, etc.; Penultimate book Analytical management has won 2 awards and the last book is Intelligence Analysis; Karate 2nd Dan black belt.

Applying ACH (Analysis of Competing Hypotheses) in Cybersecurity
By Robert Kopal and Darija Korkut |

Workshop description: The rationale for the workshop is as follows: (1) security expert's forecasting and predictions are too often wrong – and too often experts are making fallacies or mistaken inferences and succumb to faulty reasoning.; (2) long-term study has shown that too much knowledge can have an adverse effect on the accuracy of prediction (for example the expert forecast accuracy in foreign affairs is about 35%); (3) experts are human and "to err is human" – and being expert in certain field is not the same as being a critical thinker (4) most of the intelligence failures (by experts) have common denominators: extinct by instinct; expert blindness; overestimation; underestimation; over-confidence; subordination of intelligence to policy; lack of communication; unavailability of information; received opinion; mirror-imaging; complacency/smugness; failure to connect the dots, etc.

All these issues can be solved with the appropriate intelligence analysis approach integrated into cybersecurity.

But there are some challenges regarding cyber threat intelligence (CTI): 85% of security professionals believe their CTI program requires too many manual processes; 82% of security professionals agree that CTI programs are often treated as academic exercises; 72% of security professionals believe that it is hard to sort through CTI noise to find what’s relevant for their organizations; 71% of security professionals say it is difficult for their organizations to measure ROI on its CTI program; 63% of security professionals say that their organization doesn’t have the right staff or skills to manage an appropriate CTI program (Research Report: Cyber-threat Intelligence (CTI) Programs: Ubiquitous and Immature).

Another recent survey of 1,350 IT and business leaders, representing organizations with 1,000 or more employees across 13 countries (released by Mandiant) uncovers additional CTI challenges: 79% of the surveyed leaders said that “the majority of the time, they make decisions without adversary insights" because "organizations feel they have too much threat intelligence information coming in through their feeds — and they aren’t able to sift through it effectively enough to have it influence their decisions". Furthermore, 47% of surveyed leaders reported that “applying threat intelligence throughout the security organization” is among their biggest challenges.

The aim of the workshop is to explore benefits of applying intelligence analysis techniques in various cyber scenarios, including cyber attribution challenges, to help organizations gain a complete picture of an attack and enhance their cybersecurity strategy for the future.

Analysis of competing hypothesis is one such technique. It’s a structured analytic technique commonly used in cyber threat intelligence. As its name indicates, it is used to determine the most likely hypothesis among several, simultaneously comparing multiple hypotheses against a given range of evidence.

It can be effectively used in the analysis phase of the cyber threat intelligence cycle to bring the clarity and objectivity, making it easier to analyze complex situations.

THE MOST DILLIGENT PARTICIPANT WILL BE AWARDED THE INTELLIGENCE ANALYSIS BOOK AUTHORED BY KOPAL AND KORKUT!

If you are already registered for the conference, you can book your place by an email to info@deep-conference.com.

Duration: 90 minutes

Trainers: Associate Professor Robert Kopal, PhD; Darija Korkut

Trainers’ bio:

Robert Kopal, Ph.D., Associate Professor; Senior Research Associate; Tenured University College Professor; Chairman of the Board at EFFECTUS University of Applied Sciences.

Professional and scientific experience: Special Advisor to the Prime Minister for National Security; Acting minister & State Secretary at Ministry of the Interior; Chief Intelligence Analyst at Ministry of the Interior and Senior Manager at the Security and Intelligence Agency; 3x Dean Effectus University College for Law and Finance; Vice Dean for R&D at Algebra University College and Head of the professional master study programs of Digital Marketing and Data Science; Vice Dean for Academic Affairs at Libertas International University; Lecturer and visiting lecturer at numerous university colleges in Croatia and abroad and at CROMA EduCare Programme (Croatian Managers and Entrepreneurs Association); R&D Executive Director at Tokić; Advisor of the Board at IN2 Group for R&D/Science Advisor; Chief Science Officer at IN2data; Author of 13 books published in Croatia and abroad (Intelligence Analysis; Game Theory, Competitive/Business Intelligence Analysis Techniques, Analytical Management, Economic Analysis of International Terrorism, etc.); Author of a number of chapters in books and of about 70+ professional and scientific papers in Croatia and abroad; Head of, and lecturer at over a hundred business and analytical workshops in Croatia and abroad (trained intelligence & law enforcement officers from 11 countries); Head of PIU & Key Expert: “CARDS Twinning project: Criminal Intelligence System, Phase 1&2” te Project Liaison Officer na UNODC (United Nations Office on Drugs and Crime) projektu “Strengthening of Capacities for Collection and Analysis of Criminal Intelligence in South-eastern Europe”; 2 UNODC commendations; Designed several specialized IT systems; certified intelligence analysis techniques and intelligence analysis software trainer; Member of IALEIA (International Association of Law Enforcement Intelligence Analysts) and BDVA (Big Data Value Association); Editor-in-Chief of the International Journal of Digital Technology and Economy and member of the editorial board of the International Journal of Economics &; Management Sciences; Speaker at various national and international conferences; Participant and head of multiple national and international analytical projects; Member of the Agency for Science and Higher Education Commission for Social Sciences; Member of the National Council for the Development of Human Potential; Member of National Cyber Security Council; Member of the Croatian national team - European Big Data Hackathon 2017, which won the 1st prize, etc.; Penultimate book Analytical management has won 2 awards and the last book is Intelligence Analysis; Karate 2nd Dan black belt.

Darija Korkut, Senior Lecturer, doctoral student of Information Society at the Faculty of Information Studies in Novo Mesto, Slovenia. She was working at the Ministry of Foreign and European Affairs, as an information and analysis officer, and as a diplomat at the Croatian Embassy in Dublin. In her 10-year experience at the Security Intelligence Agency she was working on analytical education and training, and the development of innovative technological solutions. In January 2019, she joined University College Effectus, where she teaches Analytical Management, Critical Thinking, Behavioral Economics, Psychology of Decision Making, and Decision Making under Risk and Uncertainty. Darija has co-authored eight books, and a number of professional and scientific papers on analytical management, game theory, social network analysis, creativity, and behavioral economics. Her latest book, co-authored with Robert Kopal, covers the area of intelligence analysis in both, corporate and security intelligence application. She has participated in numerous domestic and international courses, seminars, and conferences in the field of international relations and diplomacy, and various analytical courses and workshops (NATO, US EUCOM, FBI among other), and as a lecturer at many of those. She owns international certificates in structured analytical techniques and critical thinking. Areas of interest: creativity and innovation, critical thinking, problem solving, behavioral economics, social network analysis, game theory, intelligence analysis, analytical management.

DeeP or just the root-cause Pentest?
By Robert Petrunić | .tech

Penetration testing is usually done in such a way as to identify the vulnerability (root cause) and to stop there without full penetration. Then, the process is repeated until as many vulnerabilities are identified as possible. This is a good approach because it allows the penetration tester to identify as many vulnerabilities as possible in as short time as possible. To put it in the business language, we talk about cost-benefit, as this approach gives better ROI (Return on Investment). However, this approach might have some drawbacks because we are left in the dark about what might have happened before we identified this vulnerability and what the attacker might have access to if this vulnerability had already been compromised in the past. For instance, what if the attacker gained access to a web server through the web application vulnerability and then scanned the network behind the web server where other servers and services are accessible, usually not accessible directly from the Internet? It might allow the attacker horizontal and possibly vertical movement through the systems behind, systems not intended to be exposed to the Internet atoll!

This lecture will discuss some real-world examples of how the full penetration (going as deep as possible after initial compromise by hacking not only the compromised application, service, or OS but also everything else that is hackable) identified additional misconfigurations and vulnerabilities which could lead to an entire company and supply chain compromise just because one service exposed to the Internet was hacked. We will use some interesting case studies (anonymized, of course) to show the importance of full penetration. This led to a computer forensics project because Pentest identified the possibility of system compromise or even live attackers in the system. Some case studies covered: Atlassian Confluence, Magento, AD, managing app for 10 000+ IoT devices and vCenter server appliance, ...

Robert is a senior information security consultant at Eduron IS, a company dedicated to IT security education, penetration testing, and computer forensics. He also works as a lecturer in the most successful Croatian private college, Algebra - University College for Applied Computer Engineering, where he has designed several computer security and forensics courses.

Robert has been a Microsoft certified trainer since 2002, an EC-Council certified trainer since 2008, and an ISC2 accredited trainer since 2014. He has worked mainly in the security field starting in 2004, and Microsoft acknowledged this in 2008, assigning him Microsoft's most valuable professional recognition for nine years in a row.

For the last twenty years, Robert has worked on programs related to ethical hacking and IT security awareness for systems administrators, developers, and IT security consultants. He is also often a lecturer at regional IT conferences.

Devil vs. Smurf, or Devil + Smurf?
By Robert Petrunić | .tech

Red teaming is nothing new. It is a concept much, much, much older than this conference.

The problem is that red teaming is not widely implemented and used in the companies.

There are many benefits to it though, one being the exponential growth of the blue team capabilities and network/server/application security.

So, why don't you have the red team in your company yet?

This lecture with shortly define red/blue/purple/orange/green/yellow teaming, and stay focused on the red teaming benefits, and continue with explaining on how the red teaming relates with DORA Act and NISv2 Directive.

We will also suggest the red teaming implementation paths, supply recommended training sessions and certification needed for the team members. You will get all you need to start your red team and to pitch the idea to your management to get the founding.

What are you waiting for? CU

Robert works as a senior information security consultant in Eduron IS and he’s a lecturer in most successful Croatian private college Algebra. He’s Microsoft certified trainer since 2002, EC-Council certified trainer since 2008 and ISC2 certified trainer since 2014. Since 2004. Robert is working on programs related to ethical hacking and IT security awareness for systems administrators, developers and IT security consultant

Demystifying API Management
By Rok Likar | .tech

Unlock the secrets of effective API management with our presentation, "Demystifying API Management" Explore the robust functionalities of Layer7 as we share regional use cases, revealing practical insights and success stories. Join us on this journey to clarity, where we simplify the complexities of API management and provide actionable strategies for success.

Rok is presales Engineer at MBCOM Technologies, specializing in tailored software solutions for Broadcom's Enterprise Software Division. Over a decade of experience, with a focus on successful pre-sales engagements and practical IT solutions. Previous roles include expertise in Broadcom Service Management, other CA solutions, and system administration. Committed to driving efficiency and excellence in IT.

The World Runs On Open Source But Your Company Doesn't: Unmasking Commercial Software Risks
By Saša Zdjelar | .lead

We hear the phrase "the world runs on open source" often and while it's true that most software contains a lot of open source, enterprises run on commercial software. Business processes and value chains depend on commercial software due to the need for support, patching, continued investments for enterprise use cases, etc., meanwhile software supply chain attacks have risen 1300% in the past few years. In this talk we're going to discuss the current capabilities available to CISOs to manage software supply chain risks, evolving regulatory and personal liability expectations and what security leaders can do to protect their company.

Saša is an Operating Partner at Crosspoint Capital and the Chief Trust Officer (CTrO) at ReversingLabs with ~20 years of Fortune 10 global executive leadership experience. His CTrO scope includes leadership, oversight and governance of the CISO/CSO function, including product security, as well as partnering with other leaders on corporate and product strategy, strategic partnerships and research, and customer and technology advisory boards, including sponsoring the ReversingLabs CISO Council.

Prior to ReversingLabs and Crosspoint Capital, Saša served as the Senior Vice President of Security at Salesforce, where he led a global organization encompassing enterprise security, product security, offensive security, security engineering/automation, bug bounty programs, technical product/program/project management, and mergers & acquisitions. He was also the executive sponsor for strategic corporate security initiatives, such as Zero Trust.

Prior to his tenure at Salesforce, Saša spent nearly two decades at ExxonMobil, holding various positions focusing on strategy, enterprise security & architecture, software engineering, ERP systems design/integration, program and product management, planning & stewardship, compute and hosting platforms, and digital/cyber resilience.

Saša is an active participant and founding member of several CISO leadership communities. He is also a member of the Forbes Technology Council, Member of the Board at the National Technology Security Coalition (NTSC), a Fellow at the Cyber Readiness Institute (CRI), a Fellow at the Center for Global Enterprise (CGE), a member of the BlackHat CISO Summit Advisory Board and BlackHat Content Review Board, and engages in organizations such as Infragard, ISACA, and ISSA. His insights have been published in various industry publications, and he has spoken at numerous industry conferences and universities.

Saša holds a Bachelor's degree in Management and a Master's degree in Decision Science from the University of Florida.

Multi-factor INFRAREDESIGN® authentication in the VIS/NIR spectrum
By Silvio Plehati and Jana Žiljak Gršić | .ops

New application for multi-factor user authentication in two spectral areas is created. Application use a method of separating information using INFRAREDESIGN® technology. The application employs two cameras in two spectral areas: VIS (visible) 400-750 nm and NIR (near-infrared) at 1000 nm, and is capable of detecting human faces and QR codes. One of the key features of the application is the verification of user authenticity through multiple factors simultaneously. Detection of faces, QR codes, and other markers provides an additional level of security, while simultaneous authenticity checks in both spectral areas ensure that information separation is correctly performed for the same individual, object, or marker. Separation is accomplished using INFRAREDESIGN® technology, and this approach enhances the security of the authentication system as users must go through multiple verification steps to gain access. The application also allows for capturing images of "regions of interest" in both spectral areas for further deep learning or analysis. Multi-factor authentication takes place simultaneously in real-time in both spectral areas using multiple detection algorithms. During this presentation the spotlight is on multiple examples INFRAREDESIGN® secured items for dual-spectrum authentication using two cameras. This will encompass not only the detection process but also the real-time visual representation of authentication, leading to access approval.

Prof. dr. sc. Jana Žiljak Gršić, scientific adviser:

In 1996, she graduated from the Design Study at the Faculty of Architecture, University of Zagreb, and in 2007, she received her doctorate from the Faculty of Graphic Arts, University of Zagreb. For the innovation Infraredizajn, she received the national science award in 2010 for scientific discovery and the Nikola Tesla Award for the best Croatian innovation in 2012, as well as more than 100 prestigious world awards, which she shares equally with her colleagues.

She has been the dean of the Zagreb University of Applied Sciences since 2021, where she has been employed since 2002. She teaches at the North University on graduate and doctoral studies as her secondary employment. As an external associate, she teaches at the doctoral studies of the Faculty of Graphic Arts, University of Zagreb, and at the doctoral studies of Alma Mater Europaea in Maribor.

She is the secretary of the graphic engineering department of the Croatian Academy of Engineering for the term 2022 - 2026. She is the founder and member of the editorial board of the Polytechnic & Design journal published by the Zagreb University of Applied Sciences. She is the head and editor of the collection of the professional-scientific conference Printing and Design, which is held under the sponsorship of the Croatian Academy of Engineering. She is a member of several expert councils and expert commissions and a regular member of the Croatian Designers Association.

She is a permanent court expert witness for graphic technology, design, manuscripts, documents, securities, money, pictures, credit cards, and other cards.

She participated in ten scientific, professional and technological projects approved by the Ministry of Science and Education and the Croatian Science Foundation. Together with her collaborators, she has registered four patents at the State Intellectual Property Office. She actively participated in the development of the curriculum of the Informatics and Computing Department of the Zagreb University of Applied Sciences, and she designed the program of the Informatics Design major at the professional and graduate studies in Informatics. She introduced numerous courses in the fields of design, web design, 3D modeling, visual communication, security graphics and innovation, which she teaches. She participated in the launch of the new study program Information Security and Digital Forensics at Zagreb University of Applied Sciences and in the internationalization of the said study program. In two terms, she was the head of the professional study of informatics and in two terms the head of the Informatics and Computing Department of Zagreb University of Applied Sciences.

She is the author of the textbook Safety graphics published by the Zagreb University of Applied Sciences and published numerous professional works, including those in collaboration with students of the Zagreb University of Applied Sciences (CROSBI Profile: 34737, MBZ: 264064). She is the author of many visual identities, posters and packaging for a wide range of customers. She has participated in solo exhibitions and group international and domestic juried exhibitions in the field of design and innovation. She organized exhibitions of student works in recognized galleries of the City of Zagreb and encouraged the application of students and teachers to innovation exhibitions in the country and around the world. She led the project in which IT design students participated named Techno Past Techno Future: European Researchers' Night (TPTF_ERN) Marie S. Curie European Research Night, EU Framework Program for Research and Innovation in 2018 and 2019.

Silvio Plehati, MEng(IT), MSc(Graph.Techn.), Lecturer at Zagreb University of Applied Sciences:

In 2003, Silvio Plehati completed his undergraduate studies in Information Technology at the Zagreb University of Applied Sciences. In 2010, he completed his graduate studies in Information Technology at the same faculty. In 2023, he completed the study of Graphic Technology at the Faculty of Graphic Arts, University of Zagreb. That same year, at the Faculty of Graphic Arts, he was awarded the Dean's Award  for publishing two scientific papers of category A (Q1/Q2) in 2022/2023. In 2023, he enrolled in a doctoral program at the same faculty. Since 2003, he has been continuously working in the field, establishing a bridge between computer science and graphic technology. He has co-authored professional and scientific papers in the fields of graphic engineering and graphic programming, focusing on the design of graphic protections through programming. Since 2021, he has been employed at the Zagreb University of Applied Sciences. He was appointed as an assistant in 2021 and promoted to lecturer in 2023. He teaches courses in software engineering in open systems, object-oriented programming, and advanced programming techniques. His areas of interest include C languages, graphic programming languages, 2D and 3D graphics, 3D printing, micro (embedded) electronics, and sensors. He actively participates in conferences related to graphic engineering, graphic programming, and computer science.

Cybersecurity Education at FER: Information, Opportunities, and Possibilities for Companies and Government Institutions
By Stjepan Groš | .lead

The purpose of this lecture is to introduce companies and government institutions to cybersecurity education at the Faculty of Electrical Engineering and Computing, University of Zagreb (FER), provide insight into students' perspectives on cybersecurity in general, and offer guidelines on how companies and government institutions can get involved in the entire process. In this context, we will explain how cybersecurity education is structured and list the courses at FER across all levels of study. We will also present the results of surveys that we regularly conduct in the course Computer Systems Security (Hrv.Sigurnost računalnih sustava (SRS)) before the start of the course and after all students have completed it. The SRS course is an introductory course on security that all computer science students take in the 6th semester of the undergraduate program, approximately 500 students annually. These surveys provide insight into how familiar students are with cybersecurity in everyday life, how the course changes their perception of security, and what their plans and requirements are in terms of employment, particularly employment in the field of cybersecurity.

Stjepan Groš is an Associate Professor at the University of Zagreb, Faculty of Electrical Engineering and Computing. His research and professional interests lie in the fields of information and cybersecurity, as well as in the application of advanced methods to solve problems in these areas, where he has published numerous scientific papers. Stjepan Groš has led or participated in several EU-funded cybersecurity projects and maintains strong collaboration with various companies and government institutions in Croatia. Since 2014, he has been the head of the Laboratory for Information Security and Privacy, part of the FER’s Center for Artificial Intelligence. He is also the chair of the Information Systems Security scientific conference at the MIPRO convention. Additionally, he serves as a member of the Management Board of the Croatian Defense Industry Competitiveness Cluster. He is a member of the committee for the postgraduate specialist study in Information Security at FER. Stjepan Groš contributed to the development of the National Cybersecurity Strategy of the Republic of Croatia and worked on the Smart Specialization Strategy of the Republic of Croatia 2014-2020 in the area of cybersecurity. He has participated as a panelist or speaker in numerous roundtables and professional conferences related to cybersecurity, information security, research, and development.

Roundtable: Preparations for the alignment with the transposed NIS2 directive
By Stjepan Groš, moderator | .lead

Recently, new EU NIS2 directive was in focus as the proposed transposition law was open for public consultation this summer. Since the proposal of new Cybersecurity law has entered Parliament procedure, it is time to start thinking about compliance and preparing for the alignment process. Thus, the topic of the roundtable is the preparation for alignment with the new Cybersecurity Law (Zakon o kibernetičkoj sigurnosti). We hope to initiate discussions about this important step and to help everyone to start, at least thinking, about this not so small endeavor that is in front of us.

 

Some of the questions we plan to tackle on this roundtable are:

What are the prerequisites for starting the compliance process?

Who should be responsible for ensuring compliance within organizations?

How much time do we have, i.e. what is the expected timeline?

What should be included in the necessary budget?

What can be done right now, even without the regulation fully in place?

Can compliance be achieved in incremental steps?

What can be expected from companies that offer compliance services; what do companies expect from their clients; what companies cannot do and clients must do themselves.

 

Join us at this roundtable and share with us your questions and views regarding this important topic.

 

Moderator:

Stjepan Groš, Laboratory for Information Security and Privacy @FER

 

Panelists:

Aleksandar Klaić, Cyber Security Centre @SOA

Mario Kozina, IT Supervisor @HNB

Ana Balaško, Telecommunications and Information security coordinator @HEP ODS

Marko Grbić, Director of Business Development @LNG Croatia

Dario Rajn, CISO @Podravka

Ivan Kalinić, Senior security consultant @Diverto

Psychological Aspects of Online Risky Behavior: Implications for Data Security and Privacy
By Tena Velki | .lead

The main goal of presentation is to explore the topic of online risky behavior through a psychological lens, focusing on the interactions between users and information-communication technologies. With the increasing digitalization of everyday life, individuals face growing threats to data security and privacy, often stemming from risky behaviors such as oversharing personal information, engaging with unverified sources, or neglecting cyber hygiene practices. This presentation will discuss the psychological aspects that contribute to these behaviors, including cognitive biases (such as educational paradox), stress (i.e. lower level of inhibition), and social influences (including peer pressure). The results of the research on online risky behavior among different age groups of computer users in Croatia will also be presented. Additionally, it will highlight strategies for promoting safer online practices and improving awareness among different user groups. This includes fostering a culture of awareness and education among users, tailored to different demographic groups, such as children, adolescents, and adults. By understanding the psychological factors behind online risky behavior, we can better protect users and create a safer digital environment.

KEY WORDS: online risky behavior, psychological aspects, information-communication technology users, data security, data privacy

 

Dr. Tena Velki is a Full Professor of Psychology at the Faculty of Education, J.J. Strossmayer University of Osijek. Her primary areas of expertise are developmental psychology, with a focus on behavioral disorders, and for the last 10 years information security and data privacy.

Dr. Velki is an external collaborator at the Faculty of Electrical Engineering, Computing and Information Technologies and the Faculty of Humanities and Social Sciences in Osijek. She is an active member of several professional organizations, including the Croatian Psychological Association (HPD), the Croatian Psychological Chamber (HPK), and is President of the Osijek Psychological Society (DPO). Additionally, she is a member of the Croatian Association for Behavioral and Cognitive Therapies (HUBIKOT) and the European Federation of Psychologists' Associations (EFPA). In 2017, she received recognition from the Croatian Psychological Association for her significant contribution to the "Psychology Week in Croatia." For her outstanding contribution to the development and promotion of Croatian psychology, she was awarded the "Marulić: Fiat Psychologia" award by the Croatian Psychological Association in 2018. In 2019, she received the Best Published Scientific Paper Award from the Faculty of Philosophy in Novi Sad and the journal Applied Psychology.

To date, she has published over 70 scientific papers and 10 books, including a university textbook on information security (Velki, T. & Šolić, K. (Eds.) (2019). Challenges of the Digital World. Osijek: Faculty of Education, J.J. Strossmayer University of Osijek). Her most significant contribution in the field of information security and data privacy is the creation of “Users’ Information Security Awareness Questionnaire” (UISAQ, Velki & Šolić, 2014), one of the first in the world to test this problematic.


By Tihomir Maček, Marin Jaram and Marin Vidaković | .ops


By Tomasz Joniak and Mareike Mett | .lead

Rise above the Noise: Zero Trust Privilege Policy to End User Security
By Tomasz Joniak and Mareike Mett | .lead

  1. What is the current status of Identities/Privileges in today’s Market
  2. How do compliance and regulations affect the adaption from manual process to PAM
  3. Can we really control all access of every person
  4. Does MFA actually work?
  5. How does Delinea see the PAM landscape?

 

Tomasz is a Sr. Solution Engineer at Delinea, focusing on securing privileged accounts across the landscape of technology; born in Poland, grew up in Chicago & now, after 30+ years, relocated back to Poland for his next adventure.

Tomasz has extensive 18+ years of working for major IT partners such as WWT, Insight Global, and LaSalle Solutions (now Trace3) as a Security Engineer; relocating to Poland, Tomasz joined Cisco Systems as Sr Security Consulting Engineer and TME, where he focused on ISE and Firepower products part of Product Management.

With his experience, Tomasz joined Delinea to identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement utilizing the Mature PAM model to meet today’s IT complexities, as proven by the increase in cyberattacks.

When not trying to be a Network Security Magician, he visits Historical European ruins with his family.

Mareike is a Channel Sales Engineer at Delinea, driving channel strategy and partner enablement for Delinea's portfolio of products. She is based in Pforzheim, Germany, and joined Delinea 2 years ago directly after her studies.

Mareike has worked with dozens of customers in the DACH region over the past years and has delivered several webinars. With her experience, she is currently focusing on Delinea's channel partners, helping them and their customers use Delinea's PAM solution to mitigate the ever-growing security risks and meet security requirements such as the recently released EU NIS2 directive.

In her spare time, she is trying to become the next Picasso of the international art world.

Identity management from a secure workstation - challenges and alternatives
By Tomislav Poljak | .ops

Managing identities and assigned privileges for users with elevated administrative IT rights (IT admins, database and application admins, Security operations) is a critical security measure that every company should incorporate into its environment. Privileged users need to be monitored and scrutinized for their actions and behaviors both on their workstations machines and in the cloud systems. Beyond the technical challenges of securely administering IT systems, operational issues often arise for companies only after the implementation of a specific solution.

In this presentation, through demonstrations and practical examples, Tomislav will illustrate how to prepare an organization for the implementation of a secure workstation or other Privileged Access Management (PAM) solutions. He will delve into methods for controlling and tracking activities of privileged users, as well as the authentication and authorization mechanisms that need to be monitored using supervisory tools. Join him to explore the realm where security meets administration, and gain insights into establishing a robust defense against potential breaches while ensuring operational integrity.

Tomislav works at Microsoft Croatia (for the past eleven years) as a cyber security consultant. He’s mostly involved in the recovery of enterprise systems after cyber attacks, but also at a time without reactive engagements, he helps customers to establish SOC environments and carries out various jobs like monitoring, protection, and prevention to increase their security. Lately, there has been an increasing number of cyber attacks, so he’s focusing on enhanced education, preventive engagements, and assessments that determine the state of the identity system.

He often speaks at conferences in Croatia and the near region. He’s Microsoft certified trainer (MCT) since 2008 and hold other industry certificates. Whenever possible he spends time in nature, in any leisure or work activities.

The growth of commercial spyware based intelligence providers without legal or ethical supervision
By Vanja Švajcer | .ops

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware. A recent report from the United Kingdom’s National CyberSecurity Center (NCSC) highlights the accessibility of these tools “lowers the barrier to entry to state and non-state actors in obtaining capability and intelligence.” As recently as June 2023, the European Parliament’s plenary session voted on an ongoing investigation concerning the illicit usage of NSO’s Pegasus and equivalent surveillance spyware by EU member states (PEGA report).

However, limited legal and legislative actions are yet to have an immediate positive effect on curbing the use of commercial spyware. Despite these steps toward limiting the operations of these spyware companies, they are likely to keep operating in any region as long as it's financially and legally feasible. Increasing scrutiny with export regulations, criminal liability and fines may be a way forward towards ensuring that their activity does not go beyond the legitimate purposes they advertise. We dig into technical and ethical details of commercial spyware threats.

 

Vanja Svajcer works as a Technical Leader at Cisco Talos. He is a security researcher with more than 20 years of experience in malware research, cyber threat intelligence and detection development. Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks all the time spent hunting in telemetry data to find new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR, BalCCon and others.

Exploring malicious Windows drivers
By Vanja Švajcer | .tech

Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.

With the existence of malicious drivers, there is a need for those who can analyze identified samples. This analysis requires specific knowledge of the Windows operating system, which can be difficult to acquire. Windows drivers and the kernel can be overwhelming to learn about, as these topics are vast and highly complex. The documentation available on these subjects is daunting and difficult to navigate for newcomers, even for those with programming experience.

This initial hurdle and steep learning curve create a high barrier of entry into the subject. To many, the kernel space seems to be an arcane and hidden part of the operating system.

This presentation will be a high-level introduction into drivers, their usage by malicious actors and the Windows kernel. No previous experience of drivers is required.

Vanja Švajcer works as a Technical Leader at Cisco Talos. He is a security researcher with more than 20 years of experience in malware research, cyber threat intelligence and detection development. Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks all the time spent hunting in telemetry data to find new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR, BalCCon and others.

Common Challenges in Cyber Incident Response Engagements
By Vladimir Ožura | .tech

Cyber incident response is a critical process that aims to minimize the impact of cyberattacks and restore normal operations as quickly as possible. However, cyber incident response engagements often face various challenges from both the customer side and the vendor side. These challenges can affect the effectiveness and efficiency of incident response, as well as the trust and collaboration between the customer and the vendor. In this presentation, Vladimir will discuss some of the most common challenges and questions asked by customers during cyber incident response engagements. Vladimir will also share some of the best practices and lessons learned from experience in providing cyber incident response support to various customers across different industries and regions. This presentation will help you understand the challenges and opportunities in cyber incident response, and how to improve your readiness and resilience against cyberattacks.

 

Vladimir has over 10 years of experience in the cyber security space and currently works at Microsoft Croatia (for the past 2 years) as a cyber security consultant. He's mostly involved in leading cyber security incident response engagements on a global scale and diving deep into data analysis to uncover the attack story. Part of his role as a lead investigator is not only providing investigation findings, but also recommendations to increase the security posture of environments. He is also a trainer for Threat Hunting and a member of the Delivery Excellence team. Vladimir holds several industry leading certificates including GCFE, GCDA and GSOM. Whenever possible he spends time hiking and hanging out with the family.

macOS Red Teaming in 2023
By Wojciech Regula | .tech

Do you have Macs in your company's infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped be computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, comparing to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now... even Apple admits that malware is present on Macs.

In this presentation I will:

* Introduce you to macOS security mechanisms

* Perform step by step macOS infection basing on my 0-day (live demo)

* Show you post exploitation techniques

* Attack installed apps and collect data from them

* Give recommendations on how to harden your Mac and macOS infrastructure

Wojciech is a Principal Security Specialist working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite - an opensource anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. In free time he runs an infosec blog - https://wojciechregula.blog. Shared research on among others Black Hat (Las Vegas, USA), DEF CON (Las Vegas, USA), Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), TyphoonCon (Seoul, South Korea), NULLCON (Goa, India), CONFidence (Cracow, Poland).

Sponsors
Eventvenue

Falkensteiner Punta Skala, hotel IADERA
Punta Skala bb, HR-23231 Petrčane

Email
info@deep-conference.com

Falkensteiner Hotel & Spa Iadera at Punta Skala Resort

the best suited mid-Dalmatian conference venue waits for the participants of DEEP

Venue

Venue

Looking for starting in very best possible manner, DEEP proudly presents an excellent venue for the conference, to be held from 24th to 25th of October 2023. We are proud to welcome you to glorious five-star Falkensteiner Hotel & Spa Iadera

Hotel & Spa Iadera - part of famous Falkensteiner Punta Skala Resort, one of most respected tourist complexes in whole Adriatic area. Resort is conveniently situated just a short drive from vibrant city of Zadar but it also contains all the facilities any conference attendee might need during a stay. We have a huge experience in organizing similar events, and it assured us that single-point conference is the most convenient way for our guests and visitors to enjoy both the conference and any free time dedicated to themselves.

Apart from breath-taking location directly at the top of the Peninsula and exclusive 5-star service, at our chosen venue you can also enjoy Mediterranean cuisine with hotel restaurant, fish restaurant Bracera, Steak house Planika and Hideout beach bar directly at the sea.

Should you want to stay for the weekend, there are several great areas for visiting, from the ancient town of Zadar, famous - among other things - for the most beautiful sunset in the world, to the national parks of Velebit and Kornati or worldwide known sci-fi landscapes of island Pag.

We are looking forward to be your hosts at this magnificent hotel during the conference. Online registrations will start soon, offering you accommodation in single or double rooms at this hotel during the process, at special prices agreed with Falkensteiner Hotels & Residences, available only to the DEEP attendees. Should you have any additional questions please be free to ask us at info@deep-conference.com. We are sure that this venue will fully enhance your experience and make your stay there during DEEP more enjoyable.