Program Overview

Agenda is subject to change. Times are reflected in UTC +1 (CET). Training sessions have limited seating and are first-come, first-served. Please select your training options during registration. Plenary sessions are open to all registered delegates.

Virtual Attendance: All TLP:CLEAR plenary presentations will be streamed live (2-3 November). Training will not be streamed. Virtual registration is available within the registration form. Streaming will be delivered over Zoom.

Tuesday, 1 November

Training: Analytical
Level 2, Rm MOA 15
Training: Technical
Level 2, Rm MOA 14
08:00 – 09:00

Registration (All Day) | Level 2 Atrium (next to training rooms)

09:00 – 11:15
 NL US

‘Build Your Own Threat Landscape’ Workshop

Gert-Jan Bruggink (Venation, NL); Roman Sannikov (Constellation Cyber LLC, US); Brian Mohr (Reqfast, US)

TLP:CLEAR
 LU

Building Your Own Workflows in MISP: Tutorial and Hands-on

Alexandre Dulaunoy, Andras Iklody, Sami Mokaddem (CIRCL, LU)

TLP:CLEAR
11:15 – 11:30

Coffee Break | Level 2, Outside of Training Rooms

11:30 – 13:00
 NL US

‘Build Your Own Threat Landscape’ Workshop

Gert-Jan Bruggink (Venation, NL); Roman Sannikov (Constellation Cyber LLC, US); Brian Mohr (Reqfast, US)

TLP:CLEAR
 LU

Building Your Own Workflows in MISP: Tutorial and Hands-on

Alexandre Dulaunoy, Andras Iklody, Sami Mokaddem (CIRCL, LU)

TLP:CLEAR
13:00 – 14:00

Lunch Break | Level 1, MOA EAT

14:00 – 16:00
 GB NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs.

Joseph Harris, Brad Crompton (Intel 471, GB); Freddy Murstad (Nordic Financial CERT, NO)

TLP:AMBER
 DE

Building an effective ICS/OT Security Monitoring and Defense Program

Kai Thomsen (Dragos, Inc. , DE)

TLP:CLEAR
16:00 – 16:15

Coffee Break | Level 2, Outside of Training Rooms

16:15 – 18:00
 GB NO

Intelligence Planning Workshop - How to Create and Employ an Intelligence Plan that Synchronizes with Your Stakeholders Needs.

Joseph Harris, Brad Crompton (Intel 471, GB); Freddy Murstad (Nordic Financial CERT, NO)

TLP:AMBER
 DE

Building an effective ICS/OT Security Monitoring and Defense Program

Kai Thomsen (Dragos, Inc. , DE)

TLP:CLEAR

Wednesday, 2 November

Plenary Sessions Day 1
Level 1, Rm MOA 6-9
08:00 – 09:00

Registration (All Day) | Level 1 Foyer

09:00 – 09:10

Welcome Remarks

09:10 – 09:45
 GB

Ten Years of Cyber Threat Intelligence: Retrospectives

James Chappell (Digital Shadows, GB)

TLP:CLEAR
09:45 – 10:15
 US

Crossing the Cyber Sad Gap

Jake Nicastro (Mandiant, US)

TLP:GREEN
10:15 – 10:45

Networking Break with Exhibits | Level 1, Rm MOA 10+11

10:45 – 11:15
 AT

Cyber Threat Intelligence Sharing Platforms: A Comprehensive Analysis of Software Vendors and Research Perspectives

Clemens Sauerwein ( University of Innsbruck, Department of Computer Science, AT)

TLP:AMBER
11:15 – 11:45
 NL

The Joy of Threat Landscaping

Gert-Jan Bruggink (Venation, NL)

TLP:CLEAR
11:45 – 12:15
 DE

All the Unstructured Data! Using NLP to Process Threat Reports

Patrick Grau (Bosch, DE)

TLP:AMBER
12:15 – 13:30

Lunch Break with Exhibits | Level 1, MOA 10+11

13:30 – 14:00
 US

Cyber Threat Intelligence Analysts and You: Understanding the Discipline to Optimize Cyber Defense Collaboration

John Doyle (Mandiant, US)

TLP:CLEAR
14:00 – 14:30
 LU

Community Management and Tool Orchestration the Open-source Way via Cerebrate

Andras Iklody, Sami Mokaddem (CIRCL, LU)

TLP:CLEAR
14:30 – 15:00
 CH

Let's Make Needles Glow in Timesketch

Thomas Chopitea, Alexander Jäger (Google, CH)

TLP:CLEAR
15:00 – 15:30

Networking Break with Exhibits | Level 1, Rm MOA 10+11

15:30 – 16:00
 CZ

SOC Buddies - Bridging the Gap Between IR and CTI

Ilin Petkovski (Red Hat, CZ)

TLP:GREEN
16:00 – 16:30
 NO

Vanity Metrics - The BS of Cybersecurity

Freddy Murstad (Nordic Financial CERT, NO)

TLP:AMBER
16:30 – 17:30
 NL

How to Create Effective Structured Intelligence Extensions for TIPs

Peter Ferguson (EclecticIQ, NL)

TLP:CLEAR
17:30 – 18:30

Thursday, 3 November

Plenary Sessions Day 2
Level 1, Rm MOA 6-9
08:00 – 09:00

Registration (All Day) | Level 1 Foyer

09:00 – 09:10

Opening Remarks

09:10 – 09:40
 IE

Why Your Security Analysts Are Leaving and What You Can Do to Retain Them

Thomas Kinsella (Tines, IE)

TLP:CLEAR
09:40 – 10:10
 US

CTI Bake-Off: A Recipe for Measuring, Integrating, and Prioritizing a CTI Program

Kellyn Wagner Ramsdell (MITRE Engenuity, US)

TLP:CLEAR
10:10 – 10:40
 ES CH

Enhancing CTI Processes with Code Search Technology

Carlos Rubio (Threatray, ES); Jonas Wagner (Threatray, CH)

TLP:CLEAR
10:40 – 11:00

Networking Break with Exhibits | Level 1, Rm MOA 10+11

11:00 – 11:30
 JP

Targeted Web Skimming on E-Commerce Sites

Hendrik Adrian (LACERT/LAC Tokyo, JP); Takehiko Kogen (LAC/LACERT Tokyo, JP)

TLP:CLEAR
11:30 – 12:00
 KR

Gwisin: A Spooky Ransomware Only Targets South Korea

Hyeok-Ju Gwon, Kyoung-Ju Kwak, Jungyun Lim, Sojun Ryu (S2W Inc., KR)

TLP:GREEN
12:00 – 13:30

Lunch Break with Exhibits | Level 1, MOA 10+11

13:30 – 14:00
 DE

ORKL: Building an Archive for Threat Intelligence History

Robert Haist (TeamViewer, DE)

TLP:CLEAR
14:00 – 14:30
 US

Lessons from the Trenches – What I Wish I’d Known About Threat Intel Platforms

Lincoln Kaffenberger (Deloitte Global, US)

TLP:GREEN
14:30 – 14:45

Networking Break with Exhibits | Level 1, Rm MOA 10+11

14:45 – 15:15
 PL

Diamonds are a Forensicator's Best Friend - Intelligence Support for DFIR

Kamil Bojarski (QuoIntelligence , PL)

TLP:CLEAR
15:15 – 15:45
 CZ

How to Develop Priority Intelligence Requirements for YOUR Organization

Ondrej Rojčík (Red Hat, CZ)

TLP:GREEN
15:45 – 16:00

Closing Remarks