DEEP Conference

Roundtable: It's 2025! AI and Cybersecurity are...
By Alen Delić, moderator | .lead

The conversation in this roundtable will focus on the future of Artificial Intelligence and Cybersecurity, as well as the ways in which they will influence each other, intersect, and perhaps potentially even interfere with each other. Through this interesting exchange of thoughts and ideas, the experts gathered here may even come up with the ending of the title for this roundtable. We will find out soon enough.

Moderator:

Alen Delić, CISO @SpotMe

Gosti:

Robert Kopal, Chairman of the Board @EFFECTUS University of Applied Sciences

Marko Horvat, Assistant Professor in Computer Science @FER

Valentina Zadrija, Technical product owner and Senior R&D engineer @Gideon

Hrvoje Kovačević, AI razvoj i infrastruktura @Mindsmiths

Vlatko Košturjak, CTO @Diverto

Keynote presentation
By Alex Ionescu |

Alex Ionescu is the Technical Director, Platform Operations and Research at CSE (Communications Security Establishment), Canada's National Cryptologic Agency. Previously, he was the VP of Endpoint Engineering at CrowdStrike, Inc., where he started as the Founding Chief Architect in 2011. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is co-author of the last 3 editions of the Windows Internals series. During the last two decades, his work led to the fixing of dozens of critical kernel vulnerabilities in Windows.

Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad, and AppleTV. Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low-level system software, reverse engineering and security training for various institutions.

By Alexander Mitter | .lead

How HORNBACH, DIY retail group with €6,3 billion in sales, manages 3rd party cyber risk according to NIS2
By Alexander Mitter and Paul Sester | .lead

Paul and Alexander will talk you though the process and decisions of a third party cyber risk management program. They will describe why, how and with what help they implemented the program as well as challenges that arose, how they overcame the them and what challenges might still not be answered.

Alexander Mitter is co-founder and CEO of KSV1870 Nimbusec GmbH. Over the last 10 years the company established itself from start-up out of Linz to a major player in the Austrian Cyber Security landscape with a subsidiary in Munich, Germany. In 2019 Alexander initiated the national cooperation leading to the CyberRisk Rating and its ecosystem.

Paul Sester is the CISO of the HORNBACH Group. For 9 years now Paul works for HORNBACH and for 5 years he is responsible for information security.

By Bojan Magušić | .ops

Cloud Infrastructure Security
By Bojan Magušić | .ops

Presentation outline: What I want to share with you in this session is important and it affects companies big and small. I'd like to start with an example of a real world breach (without mentioning any names). I'll walk you through what happened, covering the impact to the company itself, followed by what could have been done to prevent it. Here I'll touch on the importance of ensuring that cloud resources adhere to best practice guidance and share with you some trends I see in the real world. Some misconfigurations tend to be more riskier than others, for example open ports carry more risk to your organization's overall security posture than enabling logging. I'll also share with you what cloud services I typically see targeted the most. Even for organizations that use more than one public cloud provider. While detecting misconfigurations in your cloud environments is important, ideally after you remediate misconfigurations, this should be applied to how you deploy resources going forward. Ensuring misconfigurations that you detected, don't happen again going forward. Here I'll speak about the importance of applying best practice guidance at scale, ensuring consistency across your environment and even integrating with pre-deployment (keyword: SecDevOps). While the industry is full of jargon of tools that can be used by different vendors to help with the technology side of things, interestingly enough implementing sound security hygiene continues to be the least attractive yet highly effective practice that companies can do to minimize the likelihood of security incidents. One might ask themselves, what is then the problem with efficiently implementing sound security hygiene in the real world? I'd like to offer a perspective. It's not just having the right tools in place, it has very much to do with the way that people operate them and how they're used inside of  an organization. This is why as part of this session, I'll share with you some best practices I've seen in the real world on how organizations approach governance, readiness and leadership sponsorship.

Free takeaways:

At the end of this session, you can expect to:

- Be able to explain why security hygiene should be an organizational-wide priority

- Understand how lack of security hygiene can impact your organization and its business

- Understand which security misconfigurations of cloud services you should prioritize and fix first

- Understand which cloud services are targeted more often than others, even across multicloud

- How to use Infrastructure as Code to embed security hygiene into pre-deployment

- Learn how to integrate continuous monitoring of cloud workloads with CI/CD and IaC

- Learn how other organizations are approaching governance and leadership sponsorship

Bojan is technologist, published author, and public speaker on cybersecurity topics.

Working with Microsoft as a Product Manager on the Customer Experience Engineering Team, where I act as a technology expert for Fortune 500 companies on the most complex and leading edge deployments, that help them realize the full value of their security investments and improve their overall security posture.

Author of the Manning book on Azure Security, a practical guide to the native security services of Microsoft Azure that teaches how to use native security services of Azure to effectively improve system security and secure the various resources in the environment against threats.

I have a strong passion for cybersecurity, advancing women in tech and professional development. I'm very interested in building partnerships with other companies and cyber professionals to learn how they support, advance, and retain their cyber talent.

In addition to various technical certifications (21+ and counting), I've also received certifications from INSEAD and Kellogg School of Management.

By Cristian Cornea | .tech

Bypassing Anti-Virus and EDR using BadUSB
By Cristian Cornea | .tech

Agenda for the Cristian’s presentation: - AMSI Bypass Development - Execution Policy Bypass - Payload Runner Development - Deploying Attack using BadUSB - Post-Exploitation Persistence - DEMO – Prevention. During this presentation, we will take a look over how we can bypass most Anti-Virus detection using a payload embedded on a BadUSB device, resulting in a silver bullet for gaining initial access inside a victim network. Demo will be also included during the presentation.

Cristian is founder @ Zerotak Security & President @ Romanian Cyber Security Training Centre of Excellence. Providing pentesting & security consultation for clients all over the world: Australia, U.S., U.K., Middle East, Singapore, India, Central Africa, Europe.

A blueprint to protect your AD using NIST CSF 2.0
By Dirk Schrader | .lead

The lecture will talk about the lifecycle of the AD, the lifecycle of identities, and how attacks are crossing these cycles. The main message conveyed is about how to embed preparation and prevention into those lifecycles, what role governance is going to play and how to identify areas where one can improve the cyber resilience of the AD environment.

Being a native of Germany, Dirk brings more than 25 years of delivering IT security expertise at a global scale. His work focuses on advancing cyber resilience as a sophisticated, new approach to tackle cyber-attacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA).

When Cybersecurity Enters the Quantum Triangle: Quantum Computers, Quantum and Post-Quantum Cryptography
By Dr. Marko Horvat | .ops

Quantum cryptography utilizes the fundamental laws of quantum mechanics to establish secure communication channels between different entities. One such use is Quantum Key Distribution (QKD), which facilitates the creation of a confidential shared key for the purpose of encrypting and decrypting messages. The presence of quantum features such as superposition and entanglement makes eavesdropping detectable and prohibits replication of quantum states. In theory, if the physical execution is excellent, this technology offers security that cannot be compromised. Nevertheless, the widespread use of quantum technologies is currently hampered by practical obstacles, including the attenuation of signals in optical fibers and the preservation of quantum states across extended distances.

Numerous cryptographic techniques in contemporary times rely on the challenge of factoring large numbers and calculating discrete logarithms. However, Shor's algorithm can swiftly factor numbers on a quantum computer, undermining conventional encryption methods like RSA and ECC. The QKD technique has been proposed as a solution to this issue. The first such protocol, known as BB84, was introduced in 1984 by Charles H. Bennett and Gilles Brassard. The BB84 protocol utilizes two distinct communication channels: a public channel and a quantum one, specifically an optical cable. It also employs various photon polarizations to facilitate the transmission of information. These initial solutions have been improved over time with BB91 protocol and other approaches.

More recently, another promising approach has been proposed, post-quantum cryptography which to cryptographic algorithms designed to be secure against the potential capabilities of quantum computers. The goal of post-quantum cryptography is to develop new methods of encryption and key exchange that would remain secure even in the age of quantum computing.

In the field of post-quantum cryptography, numerous potential algorithms have emerged as candidates that have the ability to withstand attacks from quantum computers. Several algorithms, such as BIG QUAKE, BIKE, Ding Key Exchange, GeMSS, HQC, LIMA, NewHope, NTRUEncrypt, Picnic, RSA-Encryption, and SPHINCS+, among others, already exist or are under development.

The emergence of quantum computing poses a significant challenge to existing encryption techniques, necessitating the adoption of post-quantum cryptography across multiple industries. In the context of secure communications and financial transactions, it functions as a protective measure against potential quantum-based security risks in the future. Cloud storage and Internet of Things (IoT) devices provide an increasingly robust security framework to mitigate the risks of unwanted access and cyberattacks. The utilization of this technology enhances the process of verifying digital identities, reinforces the tracking of supply chains, and guarantees the preservation of patient confidentiality within the healthcare sector. Furthermore, it serves to safeguard the integrity of electronic voting systems and decentralized networks such as blockchain. Post-quantum cryptography plays a crucial role in upholding digital security in a future characterized by the widespread adoption of quantum computers.

The talk will focus on the difficulties and solutions that quantum computing brings to the world of cryptography.

Dr. Marko Horvat is currently an Assistant Professor at the Department of Applied Computing at the University of Zagreb's Faculty of Electrical Engineering and Computing (FER). He graduated in 1999, with a MSc degree in 2007 and a PhD in 2013 from FER, specializing in artificial intelligence and mobile computing. After graduation, he gained 10-year professional experience in the ICT sector, as a software development engineer, software architect, project manager and IT department manager. He serves as a project manager, researcher and expert in a number of national and EU scientific projects. Previously, he worked as a lecturer, senior lecturer, study program supervisor, and vice-dean for science, international cooperation, and new study programs at the Technical University of Zagreb (TVZ), where he also founded the AI Lab.

Dr. Horvat has authored or co-authored more than 90 scientific papers during his academic career and has developed a number of university and professional instructional manuals and educational materials. In addition, he supervised over 80 BSc and MSc dissertations in informatics and computer science. He is engaged in editorial and review activities, serving on many editorial boards of international journals and conference program committees. His primary research interests are in artificial intelligence and machine learning, particularly in the areas of automated reasoning, knowledge representation, information retrieval, affective computing, and semantic web.

Marko Horvat is an active promoter of science and STEM education, regularly participating in educational activities and making media appearances speaking about a wide range of topics covering computer science, artificial intelligence, and the impact of disruptive technologies.

He is a Senior Member of the IEEE professional association and vice-chairman of the Croatian section of the IEEE Department of Management in Technology and Engineering. He is currently the Chairman of the Scientific Advisory Board of the Croatian Mine Action Center - Center for Testing, Development, and Training (HCR-CTRO) LLC.

What else can a data security platform be used for?
By Gábor Hirsch | .tech

Thales, one of the world's leading data security vendors, offers its customers several encryption and other data security solutions, but what happens when engineering invention overrides product development and the hidden functions of the solutions are revealed? The presentation is about such a story.

Gábor Hirsch graduated at Bánki Donát Technical Collage as information technology engineer and teacher. In the last 20 years I held on a lot of manager positions in information security and network security companies.

Among others he established and lead the Check Point distribution and IT security business unit in DNS Hungary (today is Arrow ECS) and as business development manager of Cisco Hungary he responsible on the success of the Cisco security products. He was the first employee of Fortinet in Hungary and I built the channel, brand and the team. Parallel his business carrier he took part in professional activities: he was member of Check Point Advisory Council, from 2008 till 2018 he was the leader of the information and IT security workgroup at IT Association of Hungary, and he was associate lecturer of King Sigismund University (today Milton Friedman University) and University of Public Service.

Before he joined to Thales as Regional Sales Manager he managed several data security and information security projects as independent advisor, worked as DPO and collaborated GDPR related projects in other advisories like PriceWaterhousCoopers.

DORA - Testing ICT response and recovery plans with the Cyber Conflict Simulator
By Goran Polonji and Dalibor Gernhardt |

It is common knowledge that in the year 2023, cyberattacks have claimed the top spot as the most significant business risk, and this trend is likely to persist in the years ahead.

The newly introduced EU regulation, known as the Digital Operational Resilience Act (DORA), specifically addresses this issue within its Regulatory Technical Standards (RTS) outlines the requirement for financial entities to incorporate provisions in their ICT business continuity policies pertaining to the development, testing, and review of ICT response and recovery plans. Notably, the first scenario detailed in RTS revolves around the subject of "cyber-attacks."

We invite you to join our workshop, where you will gain insights into how to enhance and test your cyber incident response and recovery plans using the Cyber Conflict Simulator.

During this workshop, participants will assume various roles, such as incident handlers, business service owners, and members of the management board, all representing a fictional entity called Generic Financial Institution (GFI). GFI will face a sophisticated attack orchestrated by an Advanced Persistent Threat Group (APT). Your collective mission, along with fellow participants, will be to ensure the continuous operation of the business, simultaneously detecting the attacker within the network, responding effectively, and facilitating the recovery of the ICT infrastructure, enabling GFI to resume normal operations. Participants will have the opportunity to apply their existing knowledge of ICT response and recovery plans and, hopefully, acquire new insights from the trainer and the CCS support team.

This workshop extends its relevance beyond financial institutions. Cyber specialists and managers in various industries and government institutions are well aware that NIS/NIS2 Directive incorporates identical requirements for their ICT infrastructure. Therefore, participation will be equally engaging for them.

The duration of the workshop will extend up to two hours, contingent on participant engagement and the pace at which the incident is addressed. To maximize the workshop's effectiveness, registered participants will be assigned roles tailored to their real-world responsibilities within their respective organizations.

If you are a registered DEEP attendee, please be free to reserve your workshop seat at https://forms.gle/LZwk6FA4KCjLv7kC8.

Trainers professional bio: Goran Polonji is an information security consultant and cybersecurity auditor in Utilis Ltd. Last twenty years he is working with financial institutions and industry in improving information security posture and fulfilling regulatory compliance. Goran is a member of Cyber Conflict Simulator development team as a domain expert. He is continuously trying to build understanding between business and technology experts about cybersecurity and to fill the gap between administrative and technical cybersecurity controls.

Dalibor Gernhardt is a lecturer in military-defense and security intelligence science and art and teaching at the Croatian Military Academy. For the last 12 years, he has been doing various jobs in the defense and security domain. In addition, he is PhD student at the Faculty of Electrical Engineering and Computing in Zagreb on the subject of computer security. He is preparing a doctoral dissertation on the topic of organization and implementation of simulation exercises in the field of cyber security.

Along with two main trainers, there will be the CCS support team:  Zdenko Ćorić (Utilis Ltd.), Vito Žuvanić (Utilis Ltd.), Stjepan Groš (FER).

How to achieve "real-time" system visibility and security in a large company?
By Ilija Jozinović | .ops

This session focuses on the successful implementation of the XDR solution, which enabled us to achieve real-time system visibility across 20 countries and over 100 locations within the Orbico Group and more than 8,000 employees. Without the right XDR solution, IT hygiene practices and other security measures there is no reduction in Cybersecurity risk for organization.

Ilija Jozinović currently performs the role of an IT Infrastructure Manager in Orbico Group where he is responsible for managing the proper IT infrastructure of the organization and he’s responsible for Support, Systems, Networking and CyberSecurity teams. He has more than 15 years of experience in IT.

Internet Routing Security
By Ivan Pepelnjak | .tech

While we had the necessary means and technologies to significantly enhance the routing and packet forwarding security in the Internet for years if not decades, we’re still facing BGP hijacks and amplification DDoS attacks on daily basis.

This talk will describe some of the reasons for this dismal state of affairs, the steps one can take to increase the Internet routing security, and the MANRS framework that can guide you on that journey.

Ivan Pepelnjak, CCIE#1354 Emeritus, is a 30-year veteran of the networking industry, with 25+ years of experience in designing, installing, troubleshooting, and operating large service provider and enterprise WAN and LAN networks. He is currently an independent network architect at ipSpace.net AG, focusing on network automation, software-defined networking, large-scale data center and network virtualization technologies, and advanced IP-based networks.

Ivan is the author of a series of highly successful webinars and online courses. His books published by Cisco Press include MPLS and VPN Architectures and EIGRP Network Design.

NIS2 – Europe's roadmap to Cyber resilience
By Ivona Loparić | .lead

Summary:

Is it just another regulation or will it have more profound impact? The Network and Information Systems Directive 2 (NIS2) represents a pivotal moment in the EU's approach to cybersecurity. While on the surface, it may seem like another set of rules, NIS2 is poised to reshape the digital landscape of Europe. With its expanded scope, stringent incident reporting requirements, and a renewed emphasis on cross-border cooperation, NIS2 isn't just about compliance – it's about forging a united front against cyber threats. NIS2 isn't just another regulation, it's the blueprint for safeguarding Europe's digital future. Join us in exploring the layers of this directive, from its regulatory core to its potential to fortify the resilience of our digital infrastructure.

Short professional bio:

Ivona Loparić is Information Security Consultant with 10 years of experience working as IT auditor and consultant. In her career, Ivona worked on various engagements related to compliance with regulatory requirements and standards related to information security, including NIS Directive, EBA / CNB guidelines and ISO/IEC 27001. Even though most of her engagements were related to financial sector, Ivona has experience with working for production, trade, utility and public sector. Some specific areas of Ivona’s interest are IAM (Identity and Access Management) and Social Engineering.

Security challenges in the software development industry...what can go wrong?
By Jasmin Azemović | .tech

Cyber-security as a broader form of protection of all IT resources has long ceased to be a luxury. On the contrary, it has become an imperative. Pandemic and geopolitical challenges contribute to this. The challenges we are facing are escalating on a daily basis. The result can be catastrophic consequences for your business: data breaches and leaks, ransomware, insider threats and the list goes on. The software industry is most important part of digital transformation of society and secure enough solutions are set as an obligatory requirement.

This session is intended for all those involved in software development process and decision makers (the private sector, government, and public institutions). Also, for everyone else who wants to hear about the experience from first line of defense.

Jasmin Azemović is a CISO, University Professor and ex. Dean. Professionally engaged in the areas of information security, privacy, forensic analysis and database systems for the last 20+ years. Currently leading the defensive security department within the HTEC Group. Author of the books: Writing T-SQL Queries for Beginners Using Microsoft SQL Server 2012, Securing SQL Server 2012 and SQL Server on Linux. Microsoft Security MVP and speaker on many IT conferences, events, and panels with more then 150 speaking engagements in the last 15 years.

By Leon Schulze | .ops

Empower your SOC: An XDR story
By Leon Schulze | .ops

VMware Carbon Black XDR shifts the balance of power away from adversaries and back to security teams. As the evolution of Carbon Black Enterprise EDR, our XDR delivers on modernizing the SOC by enabling rapid and accurate detection, visualization and analysis of endpoint, network, workload, and user data in context. Powered by VMware ContexaTM, Carbon Black XDR surfaces new results by preserving and extending the endpoint and network contexts during analysis and display.

Leon Schulze is a Security Solutions Engineer at Carbon Black, CEMEA. He is responsible for designing, implementing, and troubleshooting workload, endpoint, and cloud security solutions for various clients in central and eastern Europe. He has a natural flair for making complicated security topics accessible to everyone. Whether he's speaking to a room full of experts or educating novices, his unique storytelling approach turns complex topics into relatable narratives.

Good, Bad and Ugly Compliance in Public Cloud
By Marin Jaram, Tihomir Maček and Marin Vidaković | .ops

From Orchestration and Automatization to safety of Vendor solution for Proactive reaction with real-time monitoring, fully audited controls for various aspects of security access to automated alerts and notifications of policy violations. Why using CloudBots for incident response empower and for automatic remediation.

Marin Jaram is a security engineer with 18+ years of experience in the field. From Developer cross System integration to Pre-Sales landed on cyber security in last 8 years and enjoy it from the bottom of his heart. Evaluate cyber security solution and in constant search for potential solutions for all business risks of our partners and clients.

Tihomir Maček is an experienced Product Manager with 7 years of expertise in the field of Cyber Security in the dynamic world of IT distribution, primarily at Ingram Micro, the world's largest player in this industry. His career is a testament to his commitment to excellence in the field of IT and Cyber Security product management. Beyond his professional life, Tihomir enjoys spearfishing, skiing, and playing football in his free time.

Marin Vidakovic is a cloud solution architect and security enthusiast with over 20 years of experience. He began his career as a developer, then moved into telecom and networking operations, and now leads a cloud consulting company that assists software developers on their journey to cloud-native applications.

Managed SOC in OT environments: no problem?
By Mario Blažević and Andrija Grgić | .tech

In the OT world, it's not about 'Ever tried? Ever failed? Try again, fail better!' It's more like 'Fail once, and you might not get another shot to innovate.' The adoption of an OT Security - Operations Center (OT SOC) has never been more crucial, especially with the NIS2 directive and its accompanying regulations knocking on our digital doors. But wait, integrating and managing OT SOC services within critical infrastructure? It's no walk in the park.
Join Diverto in this presentation as we unravel the challenges, share our experiences, and draw valuable conclusions. In the world of managed SOC in OT environments, we'll explore whether it's really a breeze or if there are hidden storm clouds on the horizon. Don't miss it!
Mario Blazevic is an experienced information security professional, with a strong emphasis on Industrial Control Systems (ICS) cybersecurity, particularly within the energy, traffic, and utility sectors. Specializing in NIS and ISA/IEC 62443 standards, Mario in Diverto manages complex cyber-security/information security projects and effectively communicates risks with stakeholders. In roles ranging from trusted advisor, auditor, to both externalized and internal Chief Information Security Officer (CISO), Mario has a proven track record of implementing diverse management systems in the fields of information and cybersecurity, as well as quality management. This ensures compliance with the NIS Directive, GDPR, and other regulatory requirements, alongside various standards and frameworks. With extensive auditing expertise and proficiency in information security frameworks like COBIT, NIST, and ITIL, Mario offers valuable insights, navigating the intricate landscape of information and cybersecurity challenges across diverse industries.
Andrija Grgić is a Senior Information Security Consultant at cybersecurity company Diverto ltd., where he focuses on challenges in OT/ICS landscape and critical infrastructure environments. Prior to Diverto, Andrija worked in IT Security and Systems Integration for 15 years. During that time, he has achieved top level certifications, including Cisco CCIE Security. Using this experience, Andrija is dedicated to pursue OT/ICS topics and bringing cybersecurity awareness to the next level. Highly skilled in designing and implementing IT/OT security architecture, Andrija is always ready to share his knowledge and experience. In his private time, he can be found usually jumping from one mountain peak to another.

DORA Regulation overview
By Mario Kozina | .lead

Wide use of IT in financial institutions, increased complexity and occurrence of cyber incidents contributed to the growth of IT risk and the need for a stronger regulatory framework. Join this session to get an overview of the new EU Digital Operational Resilience Regulation – DORA that will apply from January 2025.  Emphasis will be on DORA's requirements related to IT risk management and security testing.

Mario Kozina is a Senior adviser at the Croatian National Bank (HNB) where he supervises how credit institutions manage IT risk. His professional interests lie in the areas of IT management, security, audit, outsourcing and provision of financial services. For the past few years, he has participated in the development of regulatory acts (at the HR and EU level) related to IT risk management and digital operational resilience of financial institutions.  He graduated in computer science at FER and is CISSP and CISM in good standing.

Airgap in OT - myth or reality?
By Marko Grbić | .ops

What is OT and how has it evolved over the past decade? What is an airgap in theory and has it ever really existed in the real world? The role of the vendors in the (in)security of the OT system. New technologies and security approaches in OT systems.

Graduated from University of Zagreb, Faculty of Electrical Engineering and Computing, obtained a master's degree in electrical engineering and information technology, majoring in automation. More than 10 years of experience in the energy sector with an emphasis on OT infrastructure such as process control systems and safety instrumented systems in industrial plants.

Workshop: Capture the Flag
By Matija Mandarić |

Capture the Flag is a very popular format of blending fun with learning new skills and we are delighted to have an opportunity to offer this as one of our workshops at third DEEP conference. This workshop will introduce you to the functionality of XDR technology and facilitate the acquisition of skills you need to develop to deal with advanced attacks. Each participant should bring own laptop to the workshop. If you are already registered for the conference, you can book your place by an email to info@deep-conference.com. If there will be demand, workshop will be repeated on the second day of the conference.

From a security engineer to presales and consulting, enterprise security architecture and education. Matija has been in security for more than a decade, in various roles and various organizations with various responsibilities, from a user through an integrator to a vendor. He likes to joke that it made him jack of all trades but master of none. But hey, as an SF author once wrote, specialization is for insects!

Keynote presentation
By Mikko Hyppönen |

In unlikely case you didn’t hear about this leading global security expert, speaker and author, he works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure.
Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Our keynote presenter sits in the advisory boards of t2 and Safeguard Cyber.

The role of Artificial Intelligence in Cybersecurity
By Robert Kopal | .lead

There are lots of benefits of using AI and automation in cybersecurity: protecting data across hybrid cloud environments; generating more accurate and prioritized threats; balancing user access needs and security etc. Also, adopting AI-powered automation can help cybersecurity teams drive improved insights, productivity, and economies of scale.

It has been suggested that current operational reality demands a new approach. And this is true.

Especially when you look the data (IBM report, AI and automation for cybersecurity). For example, majority of executives—globally and across industries—are adopting or are considering adoption of AI as a security tool. 64% of executives have implemented AI for security capabilities and 29% are evaluating implementation.

They report AI applications have delivered significant positive impacts on their security outcomes. As for the cybersecurity these include the ability to triage Tier 1 threats more effectively, detect zero-day attacks and threats, and reduce false positives and noise that require human analyst inspection.

Top-performing AI Adopters illustrate the potential for AI to transform cyber defense operations. Their use of AI has helped reinforce network security by monitoring 95% of network communications and 90% of endpoint devices for malicious activity and vulnerabilities. They estimate that AI is helping them detect threats 30% faster. They are also significantly improving response times to incidents and the time to investigate. And their return on security investment (ROSI) has jumped 40% as well.

To summarize in one sentence: only 7% of executives are not considering the use of AI for cybersecurity.

But, is this approach of using AI and automation for cybersecurity without challenges? And, how to implement such approach? What are the benefits but also risks? Are there other approaches?

Robert Kopal, Ph.D., Associate Professor; Senior Research Associate; Tenured University College Professor; Chairman of the Board at EFFECTUS University of Applied Sciences.

Professional and scientific experience: Special Advisor to the Prime Minister for National Security; Acting minister & State Secretary at Ministry of the Interior; Chief Intelligence Analyst at Ministry of the Interior and Senior Manager at the Security and Intelligence Agency; 3x Dean Effectus University College for Law and Finance; Vice Dean for R&D at Algebra University College and Head of the professional master study programs of Digital Marketing and Data Science; Vice Dean for Academic Affairs at Libertas International University; Lecturer and visiting lecturer at numerous university colleges in Croatia and abroad and at CROMA EduCare Programme (Croatian Managers and Entrepreneurs Association); R&D Executive Director at Tokić; Advisor of the Board at IN2 Group for R&D/Science Advisor; Chief Science Officer at IN2data; Author of 13 books published in Croatia and abroad (Intelligence Analysis; Game Theory, Competitive/Business Intelligence Analysis Techniques, Analytical Management, Economic Analysis of International Terrorism, etc.); Author of a number of chapters in books and of about 70+ professional and scientific papers in Croatia and abroad; Head of, and lecturer at over a hundred business and analytical workshops in Croatia and abroad (trained intelligence & law enforcement officers from 11 countries); Head of PIU & Key Expert: “CARDS Twinning project: Criminal Intelligence System, Phase 1&2” te Project Liaison Officer na UNODC (United Nations Office on Drugs and Crime) projektu “Strengthening of Capacities for Collection and Analysis of Criminal Intelligence in South-eastern Europe”; 2 UNODC commendations; Designed several specialized IT systems; certified intelligence analysis techniques and intelligence analysis software trainer; Member of IALEIA (International Association of Law Enforcement Intelligence Analysts) and BDVA (Big Data Value Association); Editor-in-Chief of the International Journal of Digital Technology and Economy and member of the editorial board of the International Journal of Economics &; Management Sciences; Speaker at various national and international conferences; Participant and head of multiple national and international analytical projects; Member of the Agency for Science and Higher Education Commission for Social Sciences; Member of the National Council for the Development of Human Potential; Member of National Cyber Security Council; Member of the Croatian national team - European Big Data Hackathon 2017, which won the 1st prize, etc.; Penultimate book Analytical management has won 2 awards and the last book is Intelligence Analysis; Karate 2nd Dan black belt.

Applying ACH (Analysis of Competing Hypotheses) in Cybersecurity
By Robert Kopal and Darija Korkut |

Workshop description: The rationale for the workshop is as follows: (1) security expert's forecasting and predictions are too often wrong – and too often experts are making fallacies or mistaken inferences and succumb to faulty reasoning.; (2) long-term study has shown that too much knowledge can have an adverse effect on the accuracy of prediction (for example the expert forecast accuracy in foreign affairs is about 35%); (3) experts are human and "to err is human" – and being expert in certain field is not the same as being a critical thinker (4) most of the intelligence failures (by experts) have common denominators: extinct by instinct; expert blindness; overestimation; underestimation; over-confidence; subordination of intelligence to policy; lack of communication; unavailability of information; received opinion; mirror-imaging; complacency/smugness; failure to connect the dots, etc.

All these issues can be solved with the appropriate intelligence analysis approach integrated into cybersecurity.

But there are some challenges regarding cyber threat intelligence (CTI): 85% of security professionals believe their CTI program requires too many manual processes; 82% of security professionals agree that CTI programs are often treated as academic exercises; 72% of security professionals believe that it is hard to sort through CTI noise to find what’s relevant for their organizations; 71% of security professionals say it is difficult for their organizations to measure ROI on its CTI program; 63% of security professionals say that their organization doesn’t have the right staff or skills to manage an appropriate CTI program (Research Report: Cyber-threat Intelligence (CTI) Programs: Ubiquitous and Immature).

Another recent survey of 1,350 IT and business leaders, representing organizations with 1,000 or more employees across 13 countries (released by Mandiant) uncovers additional CTI challenges: 79% of the surveyed leaders said that “the majority of the time, they make decisions without adversary insights" because "organizations feel they have too much threat intelligence information coming in through their feeds — and they aren’t able to sift through it effectively enough to have it influence their decisions". Furthermore, 47% of surveyed leaders reported that “applying threat intelligence throughout the security organization” is among their biggest challenges.

The aim of the workshop is to explore benefits of applying intelligence analysis techniques in various cyber scenarios, including cyber attribution challenges, to help organizations gain a complete picture of an attack and enhance their cybersecurity strategy for the future.

Analysis of competing hypothesis is one such technique. It’s a structured analytic technique commonly used in cyber threat intelligence. As its name indicates, it is used to determine the most likely hypothesis among several, simultaneously comparing multiple hypotheses against a given range of evidence.

It can be effectively used in the analysis phase of the cyber threat intelligence cycle to bring the clarity and objectivity, making it easier to analyze complex situations.

THE MOST DILLIGENT PARTICIPANT WILL BE AWARDED THE INTELLIGENCE ANALYSIS BOOK AUTHORED BY KOPAL AND KORKUT!

If you are already registered for the conference, you can book your place by an email to info@deep-conference.com.

Duration: 90 minutes

Trainers: Associate Professor Robert Kopal, PhD; Darija Korkut

Trainers’ bio:

Robert Kopal, Ph.D., Associate Professor; Senior Research Associate; Tenured University College Professor; Chairman of the Board at EFFECTUS University of Applied Sciences.

Professional and scientific experience: Special Advisor to the Prime Minister for National Security; Acting minister & State Secretary at Ministry of the Interior; Chief Intelligence Analyst at Ministry of the Interior and Senior Manager at the Security and Intelligence Agency; 3x Dean Effectus University College for Law and Finance; Vice Dean for R&D at Algebra University College and Head of the professional master study programs of Digital Marketing and Data Science; Vice Dean for Academic Affairs at Libertas International University; Lecturer and visiting lecturer at numerous university colleges in Croatia and abroad and at CROMA EduCare Programme (Croatian Managers and Entrepreneurs Association); R&D Executive Director at Tokić; Advisor of the Board at IN2 Group for R&D/Science Advisor; Chief Science Officer at IN2data; Author of 13 books published in Croatia and abroad (Intelligence Analysis; Game Theory, Competitive/Business Intelligence Analysis Techniques, Analytical Management, Economic Analysis of International Terrorism, etc.); Author of a number of chapters in books and of about 70+ professional and scientific papers in Croatia and abroad; Head of, and lecturer at over a hundred business and analytical workshops in Croatia and abroad (trained intelligence & law enforcement officers from 11 countries); Head of PIU & Key Expert: “CARDS Twinning project: Criminal Intelligence System, Phase 1&2” te Project Liaison Officer na UNODC (United Nations Office on Drugs and Crime) projektu “Strengthening of Capacities for Collection and Analysis of Criminal Intelligence in South-eastern Europe”; 2 UNODC commendations; Designed several specialized IT systems; certified intelligence analysis techniques and intelligence analysis software trainer; Member of IALEIA (International Association of Law Enforcement Intelligence Analysts) and BDVA (Big Data Value Association); Editor-in-Chief of the International Journal of Digital Technology and Economy and member of the editorial board of the International Journal of Economics &; Management Sciences; Speaker at various national and international conferences; Participant and head of multiple national and international analytical projects; Member of the Agency for Science and Higher Education Commission for Social Sciences; Member of the National Council for the Development of Human Potential; Member of National Cyber Security Council; Member of the Croatian national team - European Big Data Hackathon 2017, which won the 1st prize, etc.; Penultimate book Analytical management has won 2 awards and the last book is Intelligence Analysis; Karate 2nd Dan black belt.

Darija Korkut, Senior Lecturer, doctoral student of Information Society at the Faculty of Information Studies in Novo Mesto, Slovenia. She was working at the Ministry of Foreign and European Affairs, as an information and analysis officer, and as a diplomat at the Croatian Embassy in Dublin. In her 10-year experience at the Security Intelligence Agency she was working on analytical education and training, and the development of innovative technological solutions. In January 2019, she joined University College Effectus, where she teaches Analytical Management, Critical Thinking, Behavioral Economics, Psychology of Decision Making, and Decision Making under Risk and Uncertainty. Darija has co-authored eight books, and a number of professional and scientific papers on analytical management, game theory, social network analysis, creativity, and behavioral economics. Her latest book, co-authored with Robert Kopal, covers the area of intelligence analysis in both, corporate and security intelligence application. She has participated in numerous domestic and international courses, seminars, and conferences in the field of international relations and diplomacy, and various analytical courses and workshops (NATO, US EUCOM, FBI among other), and as a lecturer at many of those. She owns international certificates in structured analytical techniques and critical thinking. Areas of interest: creativity and innovation, critical thinking, problem solving, behavioral economics, social network analysis, game theory, intelligence analysis, analytical management.

DeeP or just the root-cause Pentest?
By Robert Petrunić | .tech

Penetration testing is usually done in such a way as to identify the vulnerability (root cause) and to stop there without full penetration. Then, the process is repeated until as many vulnerabilities are identified as possible. This is a good approach because it allows the penetration tester to identify as many vulnerabilities as possible in as short time as possible. To put it in the business language, we talk about cost-benefit, as this approach gives better ROI (Return on Investment). However, this approach might have some drawbacks because we are left in the dark about what might have happened before we identified this vulnerability and what the attacker might have access to if this vulnerability had already been compromised in the past. For instance, what if the attacker gained access to a web server through the web application vulnerability and then scanned the network behind the web server where other servers and services are accessible, usually not accessible directly from the Internet? It might allow the attacker horizontal and possibly vertical movement through the systems behind, systems not intended to be exposed to the Internet atoll!

This lecture will discuss some real-world examples of how the full penetration (going as deep as possible after initial compromise by hacking not only the compromised application, service, or OS but also everything else that is hackable) identified additional misconfigurations and vulnerabilities which could lead to an entire company and supply chain compromise just because one service exposed to the Internet was hacked. We will use some interesting case studies (anonymized, of course) to show the importance of full penetration. This led to a computer forensics project because Pentest identified the possibility of system compromise or even live attackers in the system. Some case studies covered: Atlassian Confluence, Magento, AD, managing app for 10 000+ IoT devices and vCenter server appliance, ...

Robert is a senior information security consultant at Eduron IS, a company dedicated to IT security education, penetration testing, and computer forensics. He also works as a lecturer in the most successful Croatian private college, Algebra - University College for Applied Computer Engineering, where he has designed several computer security and forensics courses.

Robert has been a Microsoft certified trainer since 2002, an EC-Council certified trainer since 2008, and an ISC2 accredited trainer since 2014. He has worked mainly in the security field starting in 2004, and Microsoft acknowledged this in 2008, assigning him Microsoft's most valuable professional recognition for nine years in a row.

For the last twenty years, Robert has worked on programs related to ethical hacking and IT security awareness for systems administrators, developers, and IT security consultants. He is also often a lecturer at regional IT conferences.

Demystifying API Management
By Rok Likar | .tech

Unlock the secrets of effective API management with our presentation, "Demystifying API Management" Explore the robust functionalities of Layer7 as we share regional use cases, revealing practical insights and success stories. Join us on this journey to clarity, where we simplify the complexities of API management and provide actionable strategies for success.

Rok is presales Engineer at MBCOM Technologies, specializing in tailored software solutions for Broadcom's Enterprise Software Division. Over a decade of experience, with a focus on successful pre-sales engagements and practical IT solutions. Previous roles include expertise in Broadcom Service Management, other CA solutions, and system administration. Committed to driving efficiency and excellence in IT.

Multi-factor INFRAREDESIGN® authentication in the VIS/NIR spectrum
By Silvio Plehati and Jana Žiljak Gršić | .ops

New application for multi-factor user authentication in two spectral areas is created. Application use a method of separating information using INFRAREDESIGN® technology. The application employs two cameras in two spectral areas: VIS (visible) 400-750 nm and NIR (near-infrared) at 1000 nm, and is capable of detecting human faces and QR codes. One of the key features of the application is the verification of user authenticity through multiple factors simultaneously. Detection of faces, QR codes, and other markers provides an additional level of security, while simultaneous authenticity checks in both spectral areas ensure that information separation is correctly performed for the same individual, object, or marker. Separation is accomplished using INFRAREDESIGN® technology, and this approach enhances the security of the authentication system as users must go through multiple verification steps to gain access. The application also allows for capturing images of "regions of interest" in both spectral areas for further deep learning or analysis. Multi-factor authentication takes place simultaneously in real-time in both spectral areas using multiple detection algorithms. During this presentation the spotlight is on multiple examples INFRAREDESIGN® secured items for dual-spectrum authentication using two cameras. This will encompass not only the detection process but also the real-time visual representation of authentication, leading to access approval.

Prof. dr. sc. Jana Žiljak Gršić, scientific adviser:

In 1996, she graduated from the Design Study at the Faculty of Architecture, University of Zagreb, and in 2007, she received her doctorate from the Faculty of Graphic Arts, University of Zagreb. For the innovation Infraredizajn, she received the national science award in 2010 for scientific discovery and the Nikola Tesla Award for the best Croatian innovation in 2012, as well as more than 100 prestigious world awards, which she shares equally with her colleagues.

She has been the dean of the Zagreb University of Applied Sciences since 2021, where she has been employed since 2002. She teaches at the North University on graduate and doctoral studies as her secondary employment. As an external associate, she teaches at the doctoral studies of the Faculty of Graphic Arts, University of Zagreb, and at the doctoral studies of Alma Mater Europaea in Maribor.

She is the secretary of the graphic engineering department of the Croatian Academy of Engineering for the term 2022 - 2026. She is the founder and member of the editorial board of the Polytechnic & Design journal published by the Zagreb University of Applied Sciences. She is the head and editor of the collection of the professional-scientific conference Printing and Design, which is held under the sponsorship of the Croatian Academy of Engineering. She is a member of several expert councils and expert commissions and a regular member of the Croatian Designers Association.

She is a permanent court expert witness for graphic technology, design, manuscripts, documents, securities, money, pictures, credit cards, and other cards.

She participated in ten scientific, professional and technological projects approved by the Ministry of Science and Education and the Croatian Science Foundation. Together with her collaborators, she has registered four patents at the State Intellectual Property Office. She actively participated in the development of the curriculum of the Informatics and Computing Department of the Zagreb University of Applied Sciences, and she designed the program of the Informatics Design major at the professional and graduate studies in Informatics. She introduced numerous courses in the fields of design, web design, 3D modeling, visual communication, security graphics and innovation, which she teaches. She participated in the launch of the new study program Information Security and Digital Forensics at Zagreb University of Applied Sciences and in the internationalization of the said study program. In two terms, she was the head of the professional study of informatics and in two terms the head of the Informatics and Computing Department of Zagreb University of Applied Sciences.

She is the author of the textbook Safety graphics published by the Zagreb University of Applied Sciences and published numerous professional works, including those in collaboration with students of the Zagreb University of Applied Sciences (CROSBI Profile: 34737, MBZ: 264064). She is the author of many visual identities, posters and packaging for a wide range of customers. She has participated in solo exhibitions and group international and domestic juried exhibitions in the field of design and innovation. She organized exhibitions of student works in recognized galleries of the City of Zagreb and encouraged the application of students and teachers to innovation exhibitions in the country and around the world. She led the project in which IT design students participated named Techno Past Techno Future: European Researchers' Night (TPTF_ERN) Marie S. Curie European Research Night, EU Framework Program for Research and Innovation in 2018 and 2019.

Silvio Plehati, MEng(IT), MSc(Graph.Techn.), Lecturer at Zagreb University of Applied Sciences:

In 2003, Silvio Plehati completed his undergraduate studies in Information Technology at the Zagreb University of Applied Sciences. In 2010, he completed his graduate studies in Information Technology at the same faculty. In 2023, he completed the study of Graphic Technology at the Faculty of Graphic Arts, University of Zagreb. That same year, at the Faculty of Graphic Arts, he was awarded the Dean's Award  for publishing two scientific papers of category A (Q1/Q2) in 2022/2023. In 2023, he enrolled in a doctoral program at the same faculty. Since 2003, he has been continuously working in the field, establishing a bridge between computer science and graphic technology. He has co-authored professional and scientific papers in the fields of graphic engineering and graphic programming, focusing on the design of graphic protections through programming. Since 2021, he has been employed at the Zagreb University of Applied Sciences. He was appointed as an assistant in 2021 and promoted to lecturer in 2023. He teaches courses in software engineering in open systems, object-oriented programming, and advanced programming techniques. His areas of interest include C languages, graphic programming languages, 2D and 3D graphics, 3D printing, micro (embedded) electronics, and sensors. He actively participates in conferences related to graphic engineering, graphic programming, and computer science.

Roundtable: Preparations for the alignment with the transposed NIS2 directive
By Stjepan Groš, moderator | .lead

Recently, new EU NIS2 directive was in focus as the proposed transposition law was open for public consultation this summer. Since the proposal of new Cybersecurity law has entered Parliament procedure, it is time to start thinking about compliance and preparing for the alignment process. Thus, the topic of the roundtable is the preparation for alignment with the new Cybersecurity Law (Zakon o kibernetičkoj sigurnosti). We hope to initiate discussions about this important step and to help everyone to start, at least thinking, about this not so small endeavor that is in front of us.

Some of the questions we plan to tackle on this roundtable are:

What are the prerequisites for starting the compliance process?

Who should be responsible for ensuring compliance within organizations?

How much time do we have, i.e. what is the expected timeline?

What should be included in the necessary budget?

What can be done right now, even without the regulation fully in place?

Can compliance be achieved in incremental steps?

What can be expected from companies that offer compliance services; what do companies expect from their clients; what companies cannot do and clients must do themselves.

Join us at this roundtable and share with us your questions and views regarding this important topic.

Moderator:

Stjepan Groš, Laboratory for Information Security and Privacy @FER

Panelists:

Aleksandar Klaić, Cyber Security Centre @SOA

Mario Kozina, IT Supervisor @HNB

Ana Balaško, Telecommunications and Information security coordinator @HEP ODS

Marko Grbić, Director of Business Development @LNG Croatia

Dario Rajn, CISO @Podravka

Ivan Kalinić, Senior security consultant @Diverto

By Tihomir Maček, Marin Jaram and Marin Vidaković | .ops

By Tomasz Joniak and Mareike Mett | .lead

Rise above the Noise: Zero Trust Privilege Policy to End User Security
By Tomasz Joniak and Mareike Mett | .lead

1. What is the current status of Identities/Privileges in today’s Market
2. How do compliance and regulations affect the adaption from manual process to PAM
3. Can we really control all access of every person
4. Does MFA actually work?
5. How does Delinea see the PAM landscape?

Tomasz is a Sr. Solution Engineer at Delinea, focusing on securing privileged accounts across the landscape of technology; born in Poland, grew up in Chicago & now, after 30+ years, relocated back to Poland for his next adventure.

Tomasz has extensive 18+ years of working for major IT partners such as WWT, Insight Global, and LaSalle Solutions (now Trace3) as a Security Engineer; relocating to Poland, Tomasz joined Cisco Systems as Sr Security Consulting Engineer and TME, where he focused on ISE and Firepower products part of Product Management.

With his experience, Tomasz joined Delinea to identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement utilizing the Mature PAM model to meet today’s IT complexities, as proven by the increase in cyberattacks.

When not trying to be a Network Security Magician, he visits Historical European ruins with his family.

Mareike is a Channel Sales Engineer at Delinea, driving channel strategy and partner enablement for Delinea's portfolio of products. She is based in Pforzheim, Germany, and joined Delinea 2 years ago directly after her studies.

Mareike has worked with dozens of customers in the DACH region over the past years and has delivered several webinars. With her experience, she is currently focusing on Delinea's channel partners, helping them and their customers use Delinea's PAM solution to mitigate the ever-growing security risks and meet security requirements such as the recently released EU NIS2 directive.

In her spare time, she is trying to become the next Picasso of the international art world.

Identity management from a secure workstation - challenges and alternatives
By Tomislav Poljak | .ops

Managing identities and assigned privileges for users with elevated administrative IT rights (IT admins, database and application admins, Security operations) is a critical security measure that every company should incorporate into its environment. Privileged users need to be monitored and scrutinized for their actions and behaviors both on their workstations machines and in the cloud systems. Beyond the technical challenges of securely administering IT systems, operational issues often arise for companies only after the implementation of a specific solution.

In this presentation, through demonstrations and practical examples, Tomislav will illustrate how to prepare an organization for the implementation of a secure workstation or other Privileged Access Management (PAM) solutions. He will delve into methods for controlling and tracking activities of privileged users, as well as the authentication and authorization mechanisms that need to be monitored using supervisory tools. Join him to explore the realm where security meets administration, and gain insights into establishing a robust defense against potential breaches while ensuring operational integrity.

Tomislav works at Microsoft Croatia (for the past eleven years) as a cyber security consultant. He’s mostly involved in the recovery of enterprise systems after cyber attacks, but also at a time without reactive engagements, he helps customers to establish SOC environments and carries out various jobs like monitoring, protection, and prevention to increase their security. Lately, there has been an increasing number of cyber attacks, so he’s focusing on enhanced education, preventive engagements, and assessments that determine the state of the identity system.

He often speaks at conferences in Croatia and the near region. He’s Microsoft certified trainer (MCT) since 2008 and hold other industry certificates. Whenever possible he spends time in nature, in any leisure or work activities.

The growth of commercial spyware based intelligence providers without legal or ethical supervision
By Vanja Švajcer | .ops

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware. A recent report from the United Kingdom’s National CyberSecurity Center (NCSC) highlights the accessibility of these tools “lowers the barrier to entry to state and non-state actors in obtaining capability and intelligence.” As recently as June 2023, the European Parliament’s plenary session voted on an ongoing investigation concerning the illicit usage of NSO’s Pegasus and equivalent surveillance spyware by EU member states (PEGA report).

However, limited legal and legislative actions are yet to have an immediate positive effect on curbing the use of commercial spyware. Despite these steps toward limiting the operations of these spyware companies, they are likely to keep operating in any region as long as it's financially and legally feasible. Increasing scrutiny with export regulations, criminal liability and fines may be a way forward towards ensuring that their activity does not go beyond the legitimate purposes they advertise. We dig into technical and ethical details of commercial spyware threats.

Vanja Svajcer works as a Technical Leader at Cisco Talos. He is a security researcher with more than 20 years of experience in malware research, cyber threat intelligence and detection development. Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks all the time spent hunting in telemetry data to find new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR, BalCCon and others.

Common Challenges in Cyber Incident Response Engagements
By Vladimir Ožura | .tech

Cyber incident response is a critical process that aims to minimize the impact of cyberattacks and restore normal operations as quickly as possible. However, cyber incident response engagements often face various challenges from both the customer side and the vendor side. These challenges can affect the effectiveness and efficiency of incident response, as well as the trust and collaboration between the customer and the vendor. In this presentation, Vladimir will discuss some of the most common challenges and questions asked by customers during cyber incident response engagements. Vladimir will also share some of the best practices and lessons learned from experience in providing cyber incident response support to various customers across different industries and regions. This presentation will help you understand the challenges and opportunities in cyber incident response, and how to improve your readiness and resilience against cyberattacks.

Vladimir has over 10 years of experience in the cyber security space and currently works at Microsoft Croatia (for the past 2 years) as a cyber security consultant. He's mostly involved in leading cyber security incident response engagements on a global scale and diving deep into data analysis to uncover the attack story. Part of his role as a lead investigator is not only providing investigation findings, but also recommendations to increase the security posture of environments. He is also a trainer for Threat Hunting and a member of the Delivery Excellence team. Vladimir holds several industry leading certificates including GCFE, GCDA and GSOM. Whenever possible he spends time hiking and hanging out with the family.

macOS Red Teaming in 2023
By Wojciech Regula | .tech

Do you have Macs in your company's infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped be computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, comparing to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now... even Apple admits that malware is present on Macs.

In this presentation I will:

* Introduce you to macOS security mechanisms

* Perform step by step macOS infection basing on my 0-day (live demo)

* Show you post exploitation techniques

* Attack installed apps and collect data from them

* Give recommendations on how to harden your Mac and macOS infrastructure

Wojciech is a Principal Security Specialist working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite - an opensource anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. In free time he runs an infosec blog - https://wojciechregula.blog. Shared research on among others Black Hat (Las Vegas, USA), DEF CON (Las Vegas, USA), Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), TyphoonCon (Seoul, South Korea), NULLCON (Goa, India), CONFidence (Cracow, Poland).