spliter-img

Location

VENUE

On-site: Radisson BLU Latvija, Elizabetes Str.55, Riga, Latvia


October 1 - 3, 2024

The conference time zone is Eastern European Summer Time (UTC/GMT +3)


VIDEO RECORDING

October 2

October 3

spliter-img

Agenda

01 OCT

Workshops and Trainings

Registration for the "CyberChess 2024" conference and the workshops and trainings on October 1 is separate. Please remember that you can register for either one full-day workshop OR one morning and one afternoon workshop. Note that seats are limited! Registration for workshops and training sessions will be open until September 13.

Workshops and training sessions are free of charge, and coffee breaks and lunches are included!


Morning Workshops

08:00 - 08:30 Registration register Room
08:30 - 12:30 Data science for incident responders working with data leaks [ENG], Mr. Éireann Leverett, Mr. Lorenzo Nicolodi GAMMA II
The goal of this workshop is to provide to participants practical experience on how data science can be applied to data leaks and how the gained knowledge can be used to both strengthen the infrastructure and make the incident response phase more efficient and effective.

We will first take a look at how data can be programmatically acquired both on clearnet and on Tor (you can't evaluate data you don't have) and we will then move to some exercises leveraging Python, Jupyter notebooks and Panda library to see how these can be invaluable tools for practicing skills and for uncovering elusive evidence (e.g. attackers' TTPs).

Last but not least, we will see how similar skills can be transfered to a connected but different domain, i.e. the tracking of cryptocurrency addresses used for malicious activities.

Type of the workshop: technical
Level: intermediate

Prior knowledge necessary: The participants are expected to have basic Python and networking knowledge. You may participate regardless, but we may not be able to help you as much as we might like due to time constraints.

Personal equipment necessary: Bring your own laptop with the possibility to install software (like Python and its packages). If you want to avoid doing this on your main machine, using a VM is also fine.

We suggest you to join the workshop with the latest version of Python3 already installed, together with your preferred text editor / Python3 IDE. If you don't have one, we suggest Microsoft Visual Studio Code, together with the Python extension.
08:30 - 12:30 GOing Beyond C: An Introduction to Reverse Engineering Go Malware [ENG], Mr. Max Ufer, Mr. Sebastian Tauchert (Fraunhofer FKIE) KSI
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.

In this workshop, we want to provide an introduction to reverse engineering malware that was written in Go. Initially, we will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Participants should have a basic understanding of assembly and reverse engineering of x86/x64 binaries.
Personal equipment necessary: Participants should bring a laptop that is capable of running a VirtualBox virtual machine with at least 4GB Ram. VM download: TBA
10:00 - 12:30 Chess training [ENG], Mr. Normunds Miezis (Riga Chess Federation), Ms. Dana Reizniece-Ozola (International Chess Federation) EPSILON
10.00-10.30 Chess training: theoretical lecture on the game of chess with Latvian chess Grandmaster Normunds Miezis

Normunds Miezis is a Latvian chess player and Grandmaster. He has held the title of International Grandmaster since 1997 and has been a long-time leader of the Latvian national chess team.

10.30-12.30 Simulation game with a Women's Grandmaster Dana Reizniece-Ozola.

Dana Reizniece-Ozola is a Latvian chess player and former politician. She has served as a member of multiple convocations of the Saeima (Latvian Parliament), as well as the Minister of Economics and the Minister of Finance. At the beginning of 2021, Dana Reizniece-Ozola resigned from her position as a member of the Saeima to become the Managing Director and Deputy Chair of the Board of the International Chess Federation (FIDE).
09:00 - 12:30 Nacionālās kiberdrošības likuma prasības – kā sagatavoties? [LV], Mr. Mihails Potapovs (Aizsardzības ministrija) LAMBDA
The workshop will focus on the implementation of the National Cybersecurity Law, which officially came into effect on September 1, 2024. This law is designed to incorporate the provisions of the NIS2 Directive, aimed at establishing a high common level of cybersecurity across the European Union. It outlines baseline cybersecurity requirements for both essential and important entities, as well as sets out national requirements for critical Information and Communication Technology (ICT) infrastructure.

During the workshop, participants will closely examine the key legal provisions of the new legislation, and engage in discussions regarding the upcoming Cabinet Regulations that will specify the baseline cybersecurity requirements. This will provide attendees with a comprehensive understanding of the law’s implications and the practical steps necessary for compliance.

Please note that the workshop will be conducted in Latvian.

Registration for morning workshops


Afternoon Workshops

13:00 - 13:30 Registration register Room
13:30 - 17:30 Threathunting with VT [ENG], Jose Luis Sanchez Martinez (VirusTotal) GAMMA II
Threat hunting is one of the most powerful techniques to proactively uncover and neutralize threats. While it has traditionally been a blend of science and intuition, we witnessed a surge of innovative tools and techniques that can significantly enhance its effectiveness. In this hands-on workshop, we will explore how to effectively use new and traditional techniques including: Identify, monitor and get full context of malicious campaigns. Effective semi-automated YARA generation. Netloc hunting. Similarity analysis. Understanding and leveraging AI engines for code analysis. Tackling large datasets.

Throughout the workshop, you will engage in practical exercises and real case studies, equipping both seasoned and new hunters with practical knowledge to find and monitor all kinds of real threats.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Basic knowledge about VirusTotal.
Personal equipment necessary: Laptop, VirusTotal account created and confirmed once received confirmation email.
13:30 - 15:00 Cybercrime Investigation Workshop [ENG], Ms. Or Lev, Ms. Irina Nesterovsky (KELA) KSI
In this workshop, participants will use a cybercrime investigations tool to track and investigate cybercriminals and their activities, aliases and TTPs. They will also get the opportunity to inspect how their organizations are already exposed to cybercriminal activities and learn of the ways to prevent further compromise. The workshop is designed to arm investigators with knowledge and insights on recent cybercriminal threats, the tricks to track cybercriminals and to leverage this knowledge to defend and investigate. No technical or CTI skills are required.

Level: beginner
Prior knowledge necessary: Registered participants will receive a link to the workshop materials prior to the workshop.
13:30 - 17:30 Chess tournament [ENG], Riga Chess Federation EPSILON
Since the chess games will be played on digital chess boards, the matches will be broadcast online and displayed on a screen in the chess tournament room.

Chief Arbiter: Vairis Kurpnieks (International Category Arbiter)

Registration for afternoon workshops


Full Day Workshops

08:30 - 09:00 Registration register Room
09:00 - 17:00 Practical drone forensics [ENG], Mr. Wayne Burke (Cyber2Labs, US) BETA
The workshop will begin with a detailed technical overview of the Drone / UAV eco system with major components. Then we will proceed with how, what and why for Drone forensics and incident response.

Type of the workshop: technical
Level: beginner
Prior knowledge necessary: Entry level IOT / robotics hardware and software
Personal equipment necessary: Laptop and mobile phone / tablet
09:00 - 17:00 Building OpenShield - personal DNS Threat Intelligence with DNS Firewall [ENG], Armīns Palms (CERT.LV) GAMMA I
Course attendee will gain practical skills on building powerful DNS Threat Intelligence system with active DNS protection using open source solutions. Name of the solution: OpenNameShield To build OpenNameShield, the full day workshop will provide following basic knowledge on following topics: - Docker - OpenNameShield is a docker-ized project. Advantages of using docker will be explained as well as key commands of docker. - BIND9 - DNS server set-up and configuration. It is planned to set up operational DNS server during workshop. - RPZ - aka DNS Firewall. Basics on zone creation to block certain domain will be provided. - ELK - Elasticsearch and Kibana set-up. - mmnormalize – usage of rsyslog Log Message Normalization Module will be explained to ensure parsing of incoming log-file - python3 – development of scripts that will enrich the incoming log-file. How to feed OpenNameShield with suspicious/ harmful domains. - REDIS – this is important to ensure that external system limitations are not exceeded. It will be shown how to decrease outgoing requests using REDIS.

As a result OpenNameShield system will be developed where together with participants:
- The system will be enriched with suspicious/ harmful domains that are to be blocked.
- DNS blocking will be checked in real-life.
- DNS threat-hunting will be performed to identify suspicious domains.
- Identification of infected devices will take place based on the statistics of blocked DNS.

OpenNameShield system development includes usage of vast array of open-source solutions. Participants will attain excellent base level knowledge for own future project development as well as general creation of awareness on how such solutions operate.

Type of the workshop: technical
Level: beginner
Personal equipment necessary: Please install docker on you computer. Be sure that command "docker run hello-world" will work for you. Optional, but strongly advised, install "Visual Studio Code" also.
09:00 - 17:00 Security Analyst Workshop - Navigation to Investigation [ENG], Mr. Marvin Ngoma (Elastic, SE) TAU
[The second half of the workshop will be conducted as a Threat Hunting CTF to enhance the gained knowledge in a competitive manner.]

Join us for an enlightening hands-on workshop which is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily. This workshop is divided into four modules detailing Data Navigation and Visualization, Guided Investigation with Elastic, Threat Detection and Investigation and Dark Radiation Investigation and a roundup sample Ransomware Investigation.

The workshop focuses on "a day in the life of an analyst", Real data, real workflows, and investigating threat actor activity.
Workshop Takeaways:
Ability to leverage the Elastic Security for Incident Response.
Ability to understand common workflows for cyber security tasks.
Ability to create security focused visualizations.
Ability to take a proactive approach with Elastic Security.
Ability to apply comprehensive incident response with a case management workflow.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Eyes on Glass, Analyst Experience with Elastic Security or other SIEM Solutions. An understanding of current security operations procedures. An understanding of currently available data sources, desired integrations (other SIEM, SOAR).

Registration for full day workshops


Escape Room

A Security Awareness Adventure - Escape Room "Hack The Hacker" will be available two days - 01 & 02 October. Each session lasts 2h. Registration for the "CyberChess 2024" conference and Escape Room is separate!

01 & 02 OCT Please arrive 10 minutes early register Room
10:30 - 12:30 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 other people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
13:30 - 15:30 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
16:00 - 18:00 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none

Registration for Escape Room activity


02 OCT

The cybersecurity conference CyberChess 2024

The CyberChess conference is a cornerstone of cybersecurity events within the Baltic states. It brings together a diverse array of security stakeholders, experts, ISPs, domain industry representatives, and other interested parties to discuss and examine the latest trends, issues, and innovations in cybersecurity.

More than 50 speakers from nearly 20 countries will share their research and experiences in the following cybersecurity-related areas:

  • protection of critical information and infrastructure;
  • Cyber threat intelligence;
  • Ransomware, its triage, and defense;
  • Medicine, nanotechnology, and bio-hacking;
  • Artificial intelligence and machine learning;
  • Alliances and their importance in strengthening security in the Euro-Atlantic area (from strategic, operational and legal perspectives).

Bringing together over 500 attendees on-site and engaging with over 3000 participants online, the conference serves as a dynamic platform for fostering collaboration, knowledge exchange, and networking among Baltic cybersecurity professionals.


"Throughout the past few years we have seen growth in attacks, their sophistication as well as in the level of political support and importance of cybersecurity. This makes events such as CyberChess an important platform not only for knowledge sharing but also establishing new partnerships."
/B.Kaškina, CERT.LV General manager/


OMEGA HALL
08:00 - 09:00 Registration & Coffee   register coffee (pre-registration 01 OCT 13:30 -17:00)
09:00 - 10:30 OPENING PLENARY :: Moderator: Mr. Oskars Priede
09:00 - 09:10 Keynote, Mr. Andris Sprūds, Minister of Defense (MoD, LV)
09:10 - 09:15 Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV)
09:15 - 09:30 Keynote, Mr. Rolands Heniņš (NCSC, LV)
09:30 - 10:00 Utilizing botnet tracking for enabling disruptions: The Grandoreiro story, Mr. Robert Lipovsky (ESET, SK)
Replicating specific samples to understand the inner workings and network structure of a botnet has several limitations. A more versatile approach involves developing a platform of parsers that can automate botnet tracking by processing malware samples, extracting relevant information, and directly communicating with its command and control (C&C) servers. While the main downside is having to maintain such parsers, the benefits are invaluable – full control over the execution, extraction of any required data, and the ability to fake requests to C&C servers, to name a few. For large botnets, with thousands of samples, this is an extremely effective approach.

Botnet tracking data has repeatedly proven invaluable to law enforcement. It helps them understand the extent of the botnets they are investigating and maps the botnet’s network infrastructure, which is crucial for taking steps to dismantle the botnet and arrest its operators. We utilized this technique to help successfully take down Trickbot in 2020, Zloader in 2022 and, most recently, Grandoreiro in January 2024. We will demonstrate the full power of botnet tracking and how we utilize it for fully automatic processing of thousands of samples of more than 50 different botnets daily. We will provide specific examples of data our tracking system produces, the large variety of features it offers, and how the system’s outputs can be made actionable.

We will illustrate how we utilized these outputs to help the Federal Police of Brazil disrupt the Grandoreiro banking trojan early this year.
10:00 - 10:30 Practical Active Cyber Defense and Threat Hunting, Mr. Varis Teivāns (CERT.LV, LV)
What is Threat Hunting? Threat hunting proactively identifies potential threats and compromised devices within a network, enabling quicker responses to cyber-attacks. CERT.LV leads EU cybersecurity threat hunting, collaborating with the Canadian Armed Forces and Latvian allies. Since 2022, we’ve analyzed over 140,000 devices across 31 Latvian organizations, detecting advanced persistent threats (APTs) in 25% of them. With Latvia and its neighbors frequently targeted by Russian APT groups and hacktivists, threat hunting is critical to preemptively identifying and mitigating attacks. You will learn more about our discoveries and the most recent developments in threat hunting.
10:30 - 11:00 Coffee break  coffee

OMEGA HALL Moderator: Mr. Oskars Priede
11:00 - 11:30 The emerging threat landscape - How intelligence reduces risk, Mr. Richard LaTulip (Recorded Future, UK)
Conversation about the emerging threat landscape and how intelligence reduces risk.
11:30 - 12:00 Open, Composable, Unstoppable: The Next Gen of Threat Hunting, Mr. Matthias Vallentin (Tenzir, DE)
This talk advocates for an open and composable data stack as the foundation for the next generation of security architectures, specifically targeting detection engineering, threat hunting, and incident response. In an industry plagued by fragmented point solutions, there is an urgent need for a more sustainable and flexible approach to system architecture.

The presentation begins by examining the current landscape, highlighting the challenges and limitations of existing methods. It then introduces a modular, open-standards-based framework that fosters interoperability across the security ecosystem.

At a technical level, the talk explores opportunities for standardization across various abstraction layers, including data storage, log/event encoding, schema normalization, and the representation of detections, threat intelligence, and analytics. The goal is to demonstrate how a modular, interoperable stack can effectively support and enhance critical operational security functions.
12:00 - 12:30 CTI from the Underground: harness cybercrime intelligence to defend your organization and investigate threat actors, Ms. Irina Nesterovsky (KELA)
Join us for a comprehensive session on the importance of incorporating cybercrime intelligence into your CTI or threat hunting toolset. Learn about the latest cyber threats emerging from the cybercrime underground and how to effectively gather and translate this intelligence into actionable insights. This presentation will cover the key areas where cybercriminals operate, the methods they use, and how to hunt them. Gain the knowledge and tools necessary to investigate and mitigate these threats, ensuring your organization's defense against evolving cyber risks.
12:30 - 13:30 Lunch lunch
13:30 - 15:00 NATO - from Information Sharing to integrated Cyber Defence

Moderator: Mr. Rolands Heniņš (NCSC, LV)

Panelists: Dr. Mart Noorma (NATO CCDCoE, EE), MGen. Dave R. Yarker (Canadian Cyber Forces, CA), Col Michal Golak (POL Cyber Command, PL), Brigadier Richard Alston (Royal Marines, UK)

Since February 2022, threat level in Latvia and across NATO states has been constantly high, showing the new reality to which we all have to adapt to. This high threat level puts constant pressure on all NATO member states to work together, share the best practices and continue further development of cyber defence capabilities and cyber resilience level at national and Allied level.

Our experienced panellists will provide an insight in the world of NATO, showcasing the significance of NATO in advancing our cyber defence from different perspectives – collective defence, capability development, research and education, and political aspects – with the goal of strengthening NATO alliance by individual and collective efforts.
15:00 - 15:30 Coffee break  coffee
15:30 - 16:00 Protecting the Blueprint of Life: The Importance of Comprehensive Information Security at the Sub-Molecular Level, Dr. Gregory Carpenter (KnowledgeBridge International, US)
This presentation discusses the need for information security (INFOSEC) at the molecular level to protect our genetic information in light of the increasing use and significant advancements of gene editing technologies such as CRISPR/Cas9. The proliferation of these technologies, coupled with tools from crippling ransomware attacks, has raised fears about the security and loss of integrity of genetic data. Research has demonstrated that we are on the verge of having the internet run through our bodies and that we will soon be another end device in the larger world of IOT. Consider the consequences of a malicious actor launching a biocyber attack that executed a DDOS of your brain or another vital organ. It is imperative to immediately implement Comprehensive INFOSEC at the molecular level to protect individual privacy, thwart malicious actors, and help prevent errors and accidental mutations in genetic data that could result in false diagnoses or incorrect treatment plans, potentially risking patients' lives.
16:00 - 16:30 Human augmentation for offensive cyber operations, Mr. Len Noe (CyberArk, US)
Transhumans, individuals enhanced with technological augmentations, are now a reality. Historically, these enhancements were viewed either medically, aiding those with disabilities, or as cyborgs in speculative fiction. However, advancements in Brain-Computer Interfaces (BCI), SMART technologies, and consumer products have blurred the lines between the physical and biological, transforming human capabilities and interactions.

Today, transhumans are not just concepts from science fiction but present significant cyber threats to modern security controls. These augmented humans can execute sophisticated cyber attacks, such as URL redirections, phishing, smishing, and man-in-the-middle (MiTM) attacks, using technology embedded within their bodies. Traditional security measures are inadequate against such advanced threats, necessitating a rethinking of our defensive strategies.

The presence of transhumans requires a paradigm shift in cybersecurity, demanding new strategies and technologies to defend against their unique and evolving threats. This presentation will demonstrate various cyber attacks initiated by implants, including MiTM attacks, phishing, smishing, and automated Linux attacks, highlighting the urgent need for layered security solutions. Recognizing and addressing the cybersecurity implications of transhumans is crucial for safeguarding our society in this new era of human evolution.
16:30 - 17:00 Cybersecurity in Health: Threats, challenges and ENISA’s contribution, Ms. Maria Papaphilippou (ENISA, GR)
1. Policy framework for cybersecurity in health
2. Cybersecurity threat landscape for the health sector
3. ENISA’s contribution in the health sector
ALFA HALL Moderator: Dr. Bernhards 'BB' Blumbergs
11:00 - 11:45 Drone Tactical Forensics and Incident Response, Mr. Wayne Burke (Cyber2Labs, US)
During this high energy presentation we will cover fundamental Drone Forensics and the importance for law enforcement, emergency / security personnel and all professionals responsible for managing various aspects of Drone operations. Coupled with effective techniques for data extraction methods: onboard storage, data acquisition. Analyzing flight logs and telemetry data with a tear-down to identify all core drone components.
11:45 - 12:30 IoC asessment and analysis, Mr. Richard Weiss (Mandiant / Google, DE)
In a world of rising atomic indicators, we have to research and implement scalable, repeatable, and fast methods of handling indicators: it is essential to understand the actual and future situation in the cybersecurity field to derive actionable knowledge. The process starts with selection, preprocessing, and selection of the data. Often these fields are handled quickly, but we will take time to discuss and demonstrate the advantages of those steps accordingly to have a good understanding of advantages and resource savings. The usage of tagging, clustering, and adding additional meta information to the indicators and creating compound structures will help cybersecurity professionals to re-use those in different focus fields of cybersecurity.
12:30 - 13:30 Lunch lunch
13:30 - 14:15 The future of vulnerability management is predictive, Mr. Éireann Leverett (Concinnity-risks, UK)
Vulnerability management and patching prioritization are undergoing a revolution. Prediction and forecasting have become rich research arenas, and we'll present an assortment of those advances, some of which are ours. We are moving to a world where vulnerabilities can be foreseen, and exploits anticipated. Even exploitation events in specific networks aren't immune to quantification, and we expect this to advance quickly. Why wait for zero days when the future of vulnerability management is getting away from reaction and moving towards predictive risk. I share my experience writing the vulnerability forecasts for FIRST.org, and running the Vuln4Cast conference.
14:15 - 15:00 From AI to Emulation: Innovations and Applications, Mr. Jose Luis Sanchez Martinez (VirusTotal, ES)
During the session we will see how, through the use of AI and behaviors extracted from sandboxing and intelligence services such as VirusTotal, emulations can be created that help different teams such as blue teams, detection engineering teams and purple teams to improve the gaps in detection.

We will take several examples to see the different results we have obtained, the pros and cons and how this approach can be improved in the future.

We will share the results obtained and also the tools and techniques that we have used to carry out this research.
15:00 - 15:30 Coffee break  coffee
15:30 - 16:15 Advanced Threat Hunting: Leveraging AI and ML for Large-Scale Log Analysis, Mr. Marvin Ngoma (Elastic, SE)
In today's cybersecurity landscape, the ability to efficiently parse and analyze large volumes of log data is crucial for effective threat hunting and incident response. This in-depth tech talk will explore the cutting-edge mechanics and practical approaches employed by Elastic to facilitate advanced threat detection and mitigation. We'll delve into how Elastic's solutions leverage machine learning (ML) and artificial intelligence (AI) to automate the analysis of log files, enabling real-time insights and proactive security measures.

The session will cover key aspects such as the architecture and scalability of Elastic's platform, best practices for integrating ML models into your threat hunting workflows, and practical case studies demonstrating the effectiveness of these techniques in real-world scenarios. Attendees will gain a deeper understanding of how to utilize Elastic's powerful tools for large-scale data ingestion, correlation, and anomaly detection, ultimately enhancing their organization's cybersecurity posture. Whether you're a security analyst, data scientist, or IT professional, this talk will provide valuable insights into harnessing the full potential of Elastic for comprehensive threat hunting operations.
16:15 - 17:00 The Role of AI in Enhancing SOC Capabilities, Mr. Artur Bicki (Energy Logserver, PL)
Building and maintaining a SOC is costly and challenging, especially with 24/7 operations. Energy Logserver's AI engine helps by analyzing massive data volumes and eliminating the need for specialized mathematical expertise. While traditional SIEM systems rely on static rules, our AI extends this by detecting unknown behaviors, both in numbers and text. The AI module uses dedicated dictionaries to understand log sources, highlighting anomalies in real-time. While AI accelerates detection, it requires high-quality data and informed usage, paving the way for Security Data Analysts to enhance SOC teams.
BETA HALL Moderator: Ms. Dana Ludviga (CERT.LV, LV)
11:00 - 11:30 The power of persuasion: advocacy that transforms cybersecurity practices, Ms. Cornelia Puhze (Switch, CH)
This presentation explores how cybersecurity professionals can become effective advocates for security within their organisations. It emphasises the importance of non-technical skills, particularly the ability to translate complex cybersecurity concepts into language and context that resonate with the specific stakeholders addressed. Through storytelling and targeted communication, these advocates can illustrate the critical role of cybersecurity in managing enterprise risks and supporting business objectives.

Attendees will learn actionable strategies to enhance their advocacy efforts, ensuring that cybersecurity is recognised as a fundamental component of organisational strategy and risk management. The session will also discuss recruitment and training strategies to build a robust cybersecurity workforce, emphasising advocacy skills that enable professionals to effectively lobby for the integration of cybersecurity into organisational strategy and risk management.
11:30 - 12:30 Encouraging Transparency and Stopping the Blame Game, Ms. Merike Kaeo (Double Shot Security, EE)
Reporting security incidents and breaches has historically been a matter of reporting as little as possible due to concerns about regulatory ramifications and negative media hype. Internal to an organization, leaders often question the resources spent on cybersecurity controls when breaches still exist. This session will utilize stories to showcase examples where transparency has been a priority when reporting cybersecurity incidents to regulators, organizational leaders and customers. Strategies are illustrated for working with organizational leaders to make effective risk management decisions where cybersecurity controls are shown to be a business enabler with associated risks that depend on the organization’s risk tolerance levels and eliminate the surprise of breaches.

Attendees will learn how to foster industry change to encourage cybersecurity incident transparency and break down the barriers that still exist in policy and regulatory frameworks to incentivize more timely reporting. The session will also detail strategies to meet cybersecurity reporting requirements stipulated in varying global laws and regulations, such as the NIS2.
12:30 - 13:30 Lunch  lunch
13:30 - 14:00 The path from initial access to ransomeware attack - connecting the dots between accesses being sold in the underground communities to ransomeware attacks., Ms. Or Lev (KELA, IL)
In recent years, there has been a significant increase in cybersecurity incidents initiated through valid credentials of victim company assets. Ransomware attacks, in particular, have caused severe financial and operational damage, and in some cases, even the loss of human lives. This session will explore the "reaction chain" leading to such attacks, tracing it from account credentials sold on underground platforms, to advertisements by Initial Access Brokers, and ultimately to ransomware deployment. We will present real-life examples and discuss effective strategies to prevent these attacks.
14:00 - 14:40 Negotiation beats manipulation, Mr. Matthias Herter (MSH Advice & Training, CH)
Modern cyber extortion follows a pattern that seeks a transactional solution to the caused crisis in the shortest possible time and without unnecessary communication. The obvious solution is payment in electronic currency for the criminals and the decryption of data or termination of criminal activities for the victims. The victims rarely have the resources and skills to do anything about these crimes other than either give in to the demands or suffer major damage. One of the offenders' most effective weapons is the fear and shame of the victims, the conveyed feeling of powerlessness and the domination of communication. In this respect, little has changed historically in the general dynamics of blackmail. However, despite this demonstrated power imbalance, communication with the perpetrators is one of the keys to counteracting modern cyber extortion. The presentation shows which negotiation methods private individuals, security service providers and law enforcement agencies can use to counter the strategies of criminals and provides recommendations that will serve as a decisive contribution to the prevention of cyber extortion. The title "Negotiation beats manipulation" stands for the approach that utilises the potential of communication to develop alternative solutions.
14:40 - 15:00 Our journey in navigating Obstacles and Evaluating the Worth of Cybersecurity Insurance, Mr. Roberts Pumpurs (ALTUM, LV)
Ransomware was one the main challenges civil companies were fighting against in 2023. There are hundreds of solutions that are promising to mitigate the possible risks, but for me it was interesting to see how about insuring the risks and what are the possibilities in a relatively small country, as Latvia to do it. So the story is all about how we did, what we did and is it worth baying a insurance.
15:00 - 15:30 Coffee break  coffee
15:30 - 16:00 Analysis and forecasting of exploits with AI, Mr. Roman Graf (Deloitte, AT)
In this talk we address questions, such as: Why is Cyber Security important? What is the current cyber threat landscape? How have particular attack vectors evolved in the past? Which cyber threats are most important at the moment? Which cyber threats could be important in the future? How to protect against it?

Protection organizations against increasing number of cyber-attacks has become as crucial as it is complicated. To be effective in identifying and defeating such attacks, cyber analysts require novel threat modelling methodologies based on information security and AI techniques that can automatically recommend protection measures. We propose custom simple explainable on-site approach to recommend most significant threats. Our goal is to provide solution that could extract attack vector features, find related correlations with aggregated knowledge base in a fast and scalable way, and to automate recommendation of additional attack vectors and protection measures.

Our effective and fast threat analysis method is based on artificial intelligence and can support security experts in threat modelling, security budget planning, and allow them to quickly adopt suitable protection measures for current and future periods. In this talk, we evaluate AI similarity search and recommendation technologies as a system for threat modelling facilitation and assess its accuracy and performance. This approach should reduce the number of manual research activities and increase organization’s security. We demonstrate how the presented techniques can be applied to support security experts to plan an organization’s protection strategy.
16:00 - 16:30 How to Create a Cyberspace Operations Artificial Intelligence Avatar, Mr. Michael Price (ZeroFox, US)
It is now possible to create a cyberspace operations artificial intelligence avatar. The avatar can be created by combining numerous AI-based capabilities, including: Speech-To-Text (STT), Large Language Models (LLM), Text-To-Speech (TTS), multi-modal LLMs for image generation, generative AI models for lip syncing and so on. These AI-based capabilities can be combined with traditional cyberspace operations capabilities to create the desired avatar. In effect, the human operator can speak to an avatar conversationally, issuing voice commands and receiving voice responses spoken by a human-like avatar presented to the user within a software application.

A software controller can be implemented that leverages LLMs to interpret commands and to generate and execute plans. Output can then be relayed back to the user. This can be used, for example, to support Offensive Cyber Operations (OCOs), whereby the human user instructs the avatar to attempt to exploit a vulnerable host within a victim’s cyber attack surface. There are many other possibilities as relates to both offense and defense as well.
16:30 - 17:00 (NO LIVE STREAM) The process of blocking malicious SMS and other forms of phishing, Mr. Szymon Sidoruk (CERT.PL, PL)
Last year Polish parliament has passed the Act of Combating Abuse in Electronic Communications, which includes attempt to fight with malicious SMS. I'll show how we do it and how it fits into our existing anti-phishing workflow.

17:00 - 20:30 Social event, Main Lobby

03 OCT

OMEGA HALL
08:00 - 09:00 Registration & Coffee   register   coffee
09:00 - 10:30 OPENING PLENARY :: Moderator: Mr. Oskars Priede
09:00 - 09:25 Unified Cyber Culture, MGen. Dave R. Yarker (Canadian Cyber Forces, CA)
1. Bridging the technological gap between allied nations;
2. Keeping an open mind and seeing cooperation opportunities despite differences;
3. Overcoming obstacles for a common benefit and reaching joint objectives.
09:25 - 09:55 Navigating the rapidly evolving cyber threat landscape: A view from the NATO Cyber Security Centre, Mr. Luc Dandurand (NATO Communications and Information Agency, CAN)
This session will explore the challenges and opportunities that the NATO Cyber Security Centre (NCSC) faces in a fast-changing world. It will discuss strategies to increase readiness, sustain excellence, and ensure NATO continues to operate at the speed of relevance.
09:55 - 10:25 Supply Chain and Cyber-physical System Protection, Mr. Egons Bušs (LMT, LV)
Convergence of supply chains and cyber-physical systems (CPS) has become more pronounced than ever. As industries increasingly rely on interconnected devices and automation, the security of these integrated networks is paramount. The supply chain, once considered a linear process, now represents a complex web of suppliers, manufacturers, and distributors, all connected through CPS technologies.

The heightened interconnectivity has unfortunately expanded the attack surface for cyber threats. Adversaries are exploiting vulnerabilities not just in individual systems but across entire supply chains. Incidents of cyber-attacks disrupting manufacturing processes, altering product specifications, or even causing physical damage have underscored the urgent need for robust protection mechanisms.

To address these challenges, organizations are adopting a multi-faceted approach to security. Zero Trust Architecture (ZTA) has gained traction, emphasizing that no user or device should be automatically trusted, whether inside or outside the network perimeter. This model mandates continuous verification of every access request, significantly reducing the risk of unauthorized intrusion.

Enhanced visibility and transparency across the supply chain are also critical. Businesses are investing in advanced monitoring tools and collaborating closely with suppliers to ensure compliance with security standards. The use of blockchain technology for tracking and authenticating products throughout the supply chain is emerging as a viable solution to prevent tampering and counterfeiting.

Regulatory bodies are stepping up efforts to establish comprehensive guidelines for CPS and supply chain security.

In conclusion, protecting supply chains and cyber-physical systems requires a holistic strategy that combines advanced technologies, strict compliance, and collaborative efforts among all stakeholders. As we navigate through 2024, the organizations that prioritize and invest in these protective measures will be better positioned to mitigate risks and ensure operational resilience.
10:30 - 11:00 Coffee break  coffee

OMEGA HALL Moderator: Mr. Oskars Priede
11:00 - 11:30 (NO LIVE STREAM) russian cyber focus on destroying Ukrainian energy sector, Mr. Serhii Barabash (UA)
This presentation is intelligence view on russian attacks against energy sector of Ukraine.
11:30 - 12:00 Verify-Fix-Verify: closing the loop boosts your cyber resilience - a case study of network leaks, Mr. Mikko Kenttälä (SensorFu, FI) and Mr. Robert Valkama (Fortum, FI)
We will walk you through how focused testing of network segregation, a fundamental security control, can reap unexpected benefits on improving the overall OT security posture on other fronts as well.
12:00 - 12:30 Guardians of the Network: Key Security Events and Insights from the Mobile Frontier, Mr. Toms Užāns (LMT, LV)
The presentation will explore notable security events observed by LMT across three critical domains: physical security, mobile security, and cybersecurity. We will discuss the mitigation efforts implemented to address these security challenges, sharing valuable insights and lessons learned from our experiences. This presentation aims to equip attendees with a deeper understanding of the multifaceted security landscape and the proactive comprehensive measures necessary to safeguard against potential threats.
12:30 - 13:30 Lunch lunch
13:30 - 14:30 Strengthening the European cybersecurity ecosystem

Moderator: Mr. Mihails Potapovs (MoD, LV)

Panelists: Ms. Ingrīda Tauriņa (EU Agency for Cybersecurity, LV), Dr. Roberto Cascella (European Cyber Security Organisation), Mr. Lauri Tankler (Estonian Information System Authority (RIA), EE)

The panel discussion will focus on strengthening the European cybersecurity ecosystem by fostering the development of the European cybersecurity competence community. Emphasizing collaboration among public and private institutions, academic entities, and NGOs, the dialogue will explore strategies to promote cooperation within this community. The discussion will address the importance of exchanging best practices, implementing joint activities and projects, and enhancing collaborative efforts to tackle cybersecurity challenges effectively. Participants will share insights on how to bolster support mechanisms and frameworks that facilitate seamless engagement across various sectors, ultimately aiming to create a resilient cybersecurity environment in Europe.
14:30 - 15:00 Building bridges in Cyber: the EU CyberNet journey and global impact, Mr. Lauri Aasmann (Information System Authority (RIA), EE)
The presentation highlights the collaborative aspect of the EU CyberNet, the challenges and successes in building a community of cyber experts, and the global benefits, including the work in Latin America and the Caribbean.
ALFA HALL Moderator: Dr.Bernhards 'BB' Blumbergs
11:00 - 11:45 GOing Beyond C: An Introduction to Reverse Engineering Go Malware, Mr. Max Ufer (Fraunhofer FKIE, DE)
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.

In this talk, we want to provide an introduction to reverse engineering malware that was written in Go. We will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
11:45 - 12:30 TA577 Walked just past You: Indirect Syscalls in Pikabot , Mr. Patrick Staubmann (VMRay, AT)
In late 2023, the notorious Pikabot loader reappeared after a break of several months. Its reappearance, coupled with striking similarities in its delivery chain with QBot suggests its role as a replacement family used by threat group TA577. Pikabot's reputation for being evasive precedes it, but its latest variant introduces a new level of sophistication, with techniques attempting to bypass AV, EDR, and even sandboxes. The integration of indirect syscalls has left security products grappling with detection challenges, as hooks, commonly used in EDRs and sandboxes, won't be enough to inspect the inner workings of such samples during execution.

Our talk aims to delve deep into the world of Pikabot, sharing insights, pitfalls, and thoughts gathered from analysis and tracking. We'll provide an exhaustive analysis of Pikabot's loader module, dissecting its obfuscation and evasion techniques in detail. With a special focus on the intricacies of indirect syscalls, we'll explore how this technique successfully circumvented many sandboxes and how our proof-of-concept reimplementation demonstrates how many more enhanced indirect syscall techniques malware developers could already have in their arsenal.

Furthermore, as Pikabot's operation have been shutdown via Operation Endgame, we'll speculate on future developments and trends in evasion techniques, offering practical recommendations for effectively detecting and mitigating such and similar threats.
12:30 - 13:30 Lunch lunch
13:30 - 14:15 (NO LIVE STREAM) Lucky Leaks: 400 million file paths are worth a thousand words, Mr. Lorenzo Nicolodi (Microlab.red, IT)
We spent the last two years collecting and studying the content provided by ransomware gangs on their DLS (Data Leak Site), more often than not hidden by the Tor network. We discovered that the list of the files inside the leaks can provide plenty of information about the gang's TTP, the impact for the victim and the most effective countermeasures. The victim's privacy is preserved, because we don't look at the content of the leak itself, except in specific circumstances we have a chance of getting the TTPs.
14:15 - 15:00 Federated Learning Approaches to Bolstering Cyber-Physical Systems Resilience, Dr. Delwar Hossain (NAIST, JP)
The lecture covers security issues in modern automobiles and Industrial Control Systems and proposes Deep Learning, Federated Learning-based solutions to address them. The CAN bus system used in modern cars lacks basic security features, making it susceptible to attacks such as DoS, Fuzzing, and Spoofing. Similarly, the Modbus RS-485 protocol used in smart meters lacks authentication and encryption mechanisms, making it vulnerable to attacks. As a countermeasure, an intrusion detection system (IDS) using the Federated Learning (FL) approach can effectively detect malicious activities and ensure data protection from intruders. The structured presentation covers topics ranging from the security challenges of automotive and ICS systems to the development of AI-based IDS, autonomous driving model resiliency, using Federated Learning.
The lecture is structured as follows:
- Security issues of modern automotive and ICS systems
- Proposed defense verification platform for the CAN bus system
- Development of a deep learning, Federated Learning-based IDS
- Development of automotive and Modbus attack datasets and AI-based IDS
- Attacker Localization with Machine Learning in RS-485 Industrial Control Networks.
BETA HALL Moderator: Ms. Dana Ludviga (CERT.LV, LV)
11:00 - 12:30 DNS on steroids

Moderator: Ms. Dana Ludviga (CERT.LV, LV)

Panelists: Ms. Katrīna Sataki (NIC.LV, LV), Mr. Kirils Solovjovs (Possible Security, LV), Ms. Iveta Skujiņa (NIC.LV, LV), Mr. Kristians Meliņš (NIC.LV, LV), Mr. Helmuts Meskonis (Domain Summit Ltd, UK)

In this engagement session, we will delve into the dynamic world of the Domain Name System /DNS/ and its evolving landscape. We will cover traditional DNS, the introduction of new generic Top-Level Domains /gTLDs/, and their impact on the domain name market. We'll discuss the benefits and challenges these changes bring for businesses and consumers, as well as the potential for innovation in areas like decentralized internet addressing.

Panelists and the audience will also explore critical cyber security and legal issues that average internet users should be aware of.
12:30 - 13:30 Lunch  lunch
13:30 - 14:00 Grow Your Own SOC, Ms. Merle Maigre (eGA, EE)
How to organize and consider the many functions in cybersecurity operations centers (SOCs)? Sharing some best practice that can be applied to SOCs - from empowering the SOC to carry out the desired functions, to growing quality staff, prioritising incident response, and engaging with stakeholders and constituents.
14:00 - 14:30 (NO LIVE STREAM) Rescue Operations in Cyber Warfare: Cloudflare's hands-on experience in Ukraine, Mr. Maxim Matskul (Cloudflare, UK)
Join us for an insightful talk where Maxim Matskul, Cloudflare's Sales Director for Central and Eastern Europe, CIS countries, and Israel, will share invaluable lessons learned from the frontlines of cybersecurity during geopolitical crises. Based on his team's hands-on experience in Ukraine during the 2022 Russian invasion and other projects across Eastern Europe, this presentation will offer a rare look into how critical infrastructure has been kept operational amidst some of the most sophisticated and relentless cyberattacks of our time.

Attendees will gain an inside perspective on the real-time defense mechanisms deployed to protect companies in various industries. Maxim will also expose common missteps organizations make when setting up their cybersecurity frameworks, which can leave them vulnerable in critical moments. In addition, the talk will deliver actionable recommendations for building a resilient, multi-layered cybersecurity approach tailored to the modern threat landscape.

Whether you're in IT, cybersecurity, or management, this presentation is a must-attend for anyone looking to stay ahead of evolving threats and safeguard their organization’s digital infrastructure. Don’t miss this opportunity to learn from a leader at the forefront of the global cybersecurity landscape!
14:30 - 15:00 Game of Drone! Field insights from the war in Ukraine, Mrs. Gabrielle Joni Verreault (Universite de Montreal, CA)
As technology continues redefining modern warfare's landscape, its impact extends beyond the battlefield to involve civilians in unprecedented ways. This presentation, "Game of Drone! Field Insights from the War in Ukraine," offers a unique perspective grounded in firsthand experiences from the front lines of the conflict. It explores the critical intersection of technology, ethics, and civilian involvement, drawing from the presenter's extensive fieldwork in Ukraine.

The session will explore the challenges and legal ambiguities that arise when civilians, driven by a desire to support Ukraine, engage in activities ranging from ethical hacking to drone operations. Key areas of focus will include the blurred lines between civilian and combatant roles in cyber operations, the ethical dilemmas inherent in these initiatives, and the broader implications of these efforts within the framework of International Humanitarian Law.

Beyond the technical and legal analysis, the presentation will offer insights into the presenter's unique stance on security, informed by a background in public health and a deep commitment to human well-being. This perspective is rooted in a care-oriented and reduction-of-harm approach, emphasizing the importance of ethical considerations and the responsible use of technology in conflict zones.

Attendees will gain a nuanced understanding of the ethical and legal considerations essential for aligning technological skills with the needs on the ground in a responsible and impactful manner. This discussion is particularly relevant for ethical hackers, technologists, and those interested in the practical and ethical dimensions of civilian participation in modern conflicts.

15:00 - 15:30 Coffee break  coffee
15:30 - 17:00 CLOSING SESSION :: Moderator: Mr. Oskars Priede
15:30 - 16:00 Countering generative AI disinformation: a Ukraine experience, Mr. Dmytro Plieshakov (Osavul, UA)
The presentation will cover the most recent AI-powered techniques used by hostile actors to plan, create and disseminate disinformation campaigns. It will also focus on how AI and Large Language Models can used by the defenders community to protect the information environment from hostile activities.
16:00 - 16:25 Tailoring security systems for the AI era, Mr. Dmitrijs Ņikitins (Tet, LV)
This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures. And highlight how cybersecurity must evolve, incorporating AI not only as a tool but also as an integral part of the strategic framework.

Looking ahead, we will explore predictions for the next decade, emphasizing how advancements like quantum computing might influence cybersecurity. This presentation is designed to equip audience with the knowledge and tools necessary to adapt your security strategies effectively in anticipation of these developments.
16:25 - 16:40 Why we play with Security, Hack the Hacker the Escape Room, Ms. Jessica (Switch, CH)
In this talk, we explore how serious games can reshape the way we address the human element in information security. CyberChess participants have the opportunity to experience “Hack the Hacker: The Escape Room” first hand and learn how interactive, game-based scenarios can engage participants. These immersive experiences, from escape rooms to other serious games, spark curiosity, encourage teamwork, and lead to a fundamental shift in mindset towards security.
16:40 - 17:00 Conference end ceremony
spliter-img

Speakers

Mr. Andris Sprūds - The Republic of Latvia, Minister of Defense;
Mr. Armīns Palms - CERT.LV;
Armīns is one of the authors of the “National DNS Firewall” project. DNS Firewall is actively used in Latvia. Armīns joined the CERT.LV team in 2016, he is currently leading the incident response team at CERT.LV. His contribution to the DNS Firewall project has lasted for 5 years and he is eager to share his knowledge and experience with cybersecurity community and professionals.
Mr. Artur Bicki - Energy Logserver, CEO;
Founder and president of EMCA Software Sp. z o.o. - a provider of the Energy Logserver solution used for efficient centralization of events from IT systems and Energy SOAR enabling effective response to events in systems. He is responsible for the entire product development strategy and coordination of development work. A graduate of the Faculty of Electronics and Information Technology of the Warsaw University of Technology. He has extensive competences in the area of monitoring and network security as well as methods of preventing cyber threats and attacks. During over 20 years of his professional career, he has completed many implementation projects related to maintaining IT services at a high level, their supervision, monitoring and risk prevention. He specializes in cooperation with clients from the financial, telecommunications and energy industries.
Ms. Baiba Kaškina - CERT.LV, General Manager;
Baiba Kaškina is the General manager of CERT.LV - Latvian National and Governmental CSIRT (since 2011) leading the dynamic work of the team and liaising with the constituencies. She has started the first CERT team in Latvia in 2006 and since then has been involved in shaping the cyber security ecosystem of Latvia as well as internationally. Baiba has been the chair of European CSIRTs collaboration forum TF-CSIRT from 2014-2019. She has received the Order of Three stars from the Republic of Latvia in recognition of her contribution to establish and lead the Latvian cyber security environment.
Dr. Bernhards `BB` Blumbergs - CERT.LV, Lead cybersecurity expert;
Dr. Bernhards Blumbergs is a lead cyber-security expert at the Information Technology Security Incident Response Institution of the Republic of Latvia (CERT.LV) and the former Technology Researcher at the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) also the Ambassador of the Centre since 2018. He is the creator and the technical director of the world’s largest and most innovative full-spectrum offensive cyber operation exercise Crossed Swords. He is a certified exploit researcher and advanced penetration tester (GXPN), industrial cyber security professional (GICSP), and response and industrial defense expert (GRID). He has a solid military background, targeted at developing, administering, and securing wide-area information systems.Dr. Blumbergs received his Computer Science PhD degree in Cyber Security from Tallinn Technical University in 2019, with his dissertation on specialized cyber red team responsive computer network operations. Currently, he is doing a JSPS postdoc fellowship in Nara Institute of Science of Technology (Japan) with his research focusing on information space awareness.
Col Michal Golak - POL Cyber Command, Cyberspace Security Division Chief;
Col Michal Golak serves in the Polish Cyber Command as Chief of the Cybersecurity Division, responsible for capability development and defensive cyber operations. He has held various positions within the cyber domain in Polish and international structures, e.g. CSIRT MON or NATO CCDCOE.
Ms. Cornelia Puhze - Switch, Security Awareness & Communications Expert;
Cornelia Puhze is an information security awareness & communications expert at Switch. As part of the multi-sector Switch-CERT, she supports various communities in managing the human risk in information security. Cornelia is educated to postgraduate level in multilingual, corporate and political communications and has a background in language teaching. She co-chairs the FIRST Human Factors in Security SIG https://www.first.org/global/sigs/hfs/.
Ms. Dana Ludviga - CERT.LV, Information systems security analyst;
Dana Ludviga holds a MSc in Computer Science from the University of Latvia and works as the cybersecurity incident analyst at CERT.LV - Latvian national and govermental CSIRT. Dana is coordinating engagement with different stakeholders as well as representing CERT.LV at national and international events.

Before her current role, Dana was a project manager at the .LV registry NIC.LV where she contributed to the development of the domain industry with a keen eye on domain name security. As a computer science researcher at the University of Latvia her work extended to diverse IT research and network development projects funded under the 7th framework of the European Union.
Ms. Dana Reizniece-Ozola - International Chess Federation (FIDE), Managing Director and Deputy Chair of the Board;
Dana Reizniece-Ozola is a Latvian chess player and former politician. She has served as a member of multiple convocations of the Saeima (Latvian Parliament), as well as the Minister of Economics and the Minister of Finance. At the beginning of 2021, Dana Reizniece-Ozola resigned from her position as a member of the Saeima to become the Managing Director and Deputy Chair of the Board of the International Chess Federation (FIDE).
MGen. Dave R. Yarker - Canadian Cyber Forces, Commander;
MGen Yarker is an Army Signals Officer in the Canadian Armed Forces (CAF). He has worked within the Cyber domain for the past 15 years and is currently in the role of CAF Cyber Forces Commander. He looks forward to returning to Cyber Chess 2024.
Dr. Delwar Hossain - NAIST, Assistant Professor;
Md Delwar Hossain received the M.Sc. in Engineering in Information Systems Security degree from the Bangladesh University of Professionals and a Ph.D. degree in information science and engineering from the Nara Institute of Science and Technology (NAIST), Japan. He is currently an Assistant Professor with the Laboratory for Cyber Resilience at NAIST. He is a member of IEEE Communication Society. His research interests include cybersecurity, artificial intelligence, automotive security, smart grid security, industrial control systems security.
Mr. Dmitrijs Ņikitins - Tet, CTO;
Dmitrijs Ņikitins is a distinguished member of Tet’s board and Chief Technology Officer, who boasts over 15 years of expertise in IT. With a strong foundation in research, development, and technology implementation, he has been instrumental in enterprise digital transformation and agile strategy. Dmitrijs’ multifaceted skill set spans DevOps, software development, network management, and cybersecurity, consistently driving innovation and business elevation.
Mr. Dmytro Plieshakov - Osavul, CEO and co-founder;
Dmytro Plieshakov is a Ukrainian tech entrepreneur with a rich background in AI. He is currently a CEO and co-founder of Osavul, a startup focused on countering disinformation and FIMI. Since 2022, he has been collaborating closely with the Ukrainian government, aiding in the advancement of information security and resilience by implementing cutting-edge technologies for threat detection and data analysis. The technology of Osavul is in active use by the National Security and Defense Council of Ukraine and other big government agencies. Apart from his entrepreneurial journey, Dmytro has a passion for AGI and the philosophy of mind. He is also active as an angel investor, supporting early-stage startups in deep tech.
Mr. Egons Bušs - LMT, Security Director;
Egons Bušs is a seasoned professional with extensive experience in information security, cybersecurity, and information technology. Since 2016, he has served as the Security Director at LMT, overseeing information security, cybersecurity, and physical security. In his role, Egons is responsible for integrating all aspects of security into company's new telecommunications services and innovative products. He focuses on embedding comprehensive security strategies—encompassing physical, information, and cyber domains—into the company's portfolio. By aligning security initiatives with business objectives, he facilitates the development of new business areas and ensures that security is a foundational element of company's growth.

His passion for technology began early, working with mainframe computers during his school years. At the Bank of Latvia, he advanced from a network and systems administrator to Deputy Head of the Information Systems Department and served as Project Manager for security projects at the European Central Bank. Prior to joining LMT, Egons was the IT Director at ELKO Group, one of the largest IT distributors in the region.

He holds a Bachelor's degree in Information Technology from the University of Latvia and an Executive MBA from the Stockholm School of Economics. As an active member of the professional community, Egons serves on the board of the ISACA Latvia Chapter and is certified in the Governance of Enterprise IT (CGEIT).
Mr. Éireann Leverett - Concinnity-risks, CTO;
Eireann Leverett is a lifelong counter-hacker with an appreciation DFIR, risk, and quantification. He has written books, academic papers, released open source code, and built a small cyber risk consultancy. He is the CTO of a cyber insurance company, and runs the vuln4cast conference.
Mrs. Gabrielle Joni Verreault - Universite de Montreal, PhD Candidate - Bioethics;
Gabrielle Verreault is a PhD Candidate in Bioethics at the Université de Montréal’s School of Public Health, concentrating on the societal and health impacts of digital technologies. Her creative master’s project proposed an innovative means to explain the Montreal Declaration for Responsible AI Development to a broad audience via a graphic novel, paired with a teaching guide.

Since February 2022, Gabrielle has been engaged in activism and humanitarian work to aid Ukrainian civils affected by the Russian invasion, initially from Canada and Poland and through fieldwork in Ukraine. Her experiences have shaped her doctoral project on civil mobilization and the use of modern technologies to support the war effort. By examining initiatives like the IT army, cybersecurity, DIY drones, and memes culture, she documents the values and motivations of civilians opposing Russia. The goal is to draft an ethics framework and code of conduct to support and help safeguard civilians and frontline soldiers from the unintended consequences of civilian involvement.
Dr. Gregory Carpenter - KnowledgeBridge International, Chief Security Officer;
Dr. Gregory Carpenter is Chief Security Officer at KnowledgeBridge International, a Fellow of the Royal Society for the Arts in London and was the National Security Agency’s Operations Officer of the Year. He is on the Board of Directors for ATNA Systems, an advisor for RedSeer Security, and a Special Operations Medical Association member. Previously, Dr. Carpenter served on the Board of Advisors for the Mackenzie Institute and EC-Council University. Dr. Carpenter is co-author of Reverse Deception: Organized Cyber Threat Counterexploitation and speaks internationally on adversarial psychology, medical IOT, and deception. He has worked projects with the UN, INTERPOL, and numerous domestic and international law enforcement and intelligence agencies.

He is a retired U.S. Army officer who served 27 years. He holds a Doctorate in Public Health. His professional qualifications include Certified Information Security Manager, Lean Six-Sigma Black Belt, and ISO-9000 lead auditor.
Mr. Helmuts Meskonis - Domain Summit Ltd, Founder;
Web Pioneer Since 1999: I began my digital journey by building my first website in 1999. Since 2007, I've immersed myself in online ventures, solving problems for clients who value trust and a personalized approach.

Domain Summit Visionary: As the organizer of the annual independent European B2B convention for the domain name industry, Domain Summit, I am excited to announce our expansion to Nairobi, Kenya, in 2025, in collaboration with KeNic.

Champion of Professional Forums: My passion for domain name investing and business forums drives me to maintain high standards. I own DNForum.com (est. 2001), AcornDomains.co.uk (est. 2004), and more.

Blockchain Enthusiast: Since 2017, I've been an advocate for cryptocurrencies within the global Latvian community, including gifting $Lats to Latvians.

Latvian by Heart: At 6.3ft, blessed with 4 daughters, I've traveled extensively and lived in South Korea. Since 2009, I've called the UK my home.
Ms. Ingrīda Tauriņa - European Union Agency for Cybersecurity, Head of the Executive Director’s Office;
Ms. Ingrida Taurina is a Head of Executive Director’s office at the European Union Agency for Cybersecurity (ENISA) since January 2021. Previously she was an administrative officer at ENISA for eight years and the Deputy Director of the Department of Telecommunications and Post in the Ministry of Transport of the Republic of Latvia. Ms. Taurina specialises in administrative and policy aspects of cybersecurity, and an enterprise compliance with regulatory framework. She is certified expert in data protection area.
Ms. Irina Nesterovsky - KELA, Chief Research Officer;
Irina is the Chief Research Officer at KELA. She oversees all operations designed to create the best and most actionable research products for KELA's clients and for the world to see. Having served in one of IDF’s elite intelligence units, Irina has an extensive background in research and intelligence gathering. Past Positions: Analyst and Team Leader at KELA, Analyst in IDF Intelligence Corps. Education: B.Sc in Neuroscience, M.A in Learning Disabilities.
Ms. Iveta Skujiņa - Head of NIC.LV policy development and compliance group and Senior Lawyer at CERT.LV;
Iveta works at the Institute of Mathematics and Computer Science of the University of Latvia as a Head of NIC.LV policy development and compliance group and is engaged in cybersecurity field as a Senior Lawyer at CERT.LV. Her knowledge of information technology law and policy development expertise has been instrumental in many successful projects as well as liaising with national institutions and other organisations with emphasis on technology and regulation interrelations. Iveta holds an LL.M. from the University of Latvia, where she specialised in Public International Law with a focus on Internet governance.
Ms. Jessica - Switch, Security Engineer;
Jessica is a security engineer at Switch, the Swiss national research and education network. She mostly works to improve the security of the universities in Switzerland. You can find her on site during a major incident or back in the lab for forensic investigations. She loves everything related to DNS and is passionate about information security. She enjoys sharing this passion with other people.
Mr. Jose Luis Sanchez Martinez - VirusTotal, Security Engineer;
Joseliyo Sanchez is a security engineer at VirusTotal - Google. Member of the ENISA Working Group on Cyber Threat Landscapes. Previously worked at McAfee and BlackBerry as a threat researcher. His main objectives are threat hunting that leads to detection engineering and analysis of APTs and Crime groups.
Ms. Katrīna Sataki - .LV registry (NIC.LV), Chief Executive Officer;
Katrina Sataki currently serves as the Chief Executive Officer of NIC.LV, the country code Top-Level domain of Latvia managed by the Network Solutions Department of the Institute of Mathematics and Computer Science, University of Latvia. Katrina has been involved with .LV since 1997 when she helped to develop the website and on-line registration form of the registry operator. She also has participated in many meetings organised by European registry operators and has been an active participant of the Country Code Names Supporting Organization (ccNSO) community and served as the ccNSO Council chair from 2016-2021. Katrina holds a professional degree in Mathematics, a Master’s degree in Computer Science and a Master’s degree in Law from the University of Latvia. She has participated in several research projects, lectured law students on IT Law and IT students on law and internet governance related issues.
Mr. Kirils Solovjovs - Possible Security, CEO;
Kirils Solovjovs is the CEO of Possible Security, IT security company providing premium services in the Baltics and beyond. He is also an IT policy activist and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.

He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process.
Mr. Kristians Meliņš - .LV registry (NIC.LV), System Analyst;
For more than 20 years Kristians Meliņš has worked in the .LV registry NIC.LV. Currently, he is systems analyst in the technical group of NIC.LV. Until then, he worked as a senior DNS administrator and was in direct contact with .LV registrants and registrars. Kristians actively participate in the meetings of the CENTR administrative working group. CENTR is the association of European country code top-level domain (ccTLD) registries. He also is a member of the Latvian DEG (Security Expert Group).
Mr. Lauri Aasmann - Information System Authority (RIA), Training and Services Lead of EU CyberNet;
Lauri Aasmann is part of the cyber security wing of Estonian Estonian Information System Authority (RIA) and is currently contributing to RIA’s international cyber capacity building project EU CyberNet. He is coordinating the training and consultation missions and upholds the CyberNet’s training and services catalogue. Lauri has degrees both in Law and IT management. His interest in cybersecurity started with becoming a public prosecutor, specializing in cybercrime. In 2010-2019 for almost a decade he was the Head of Law and Policy Branch at the NATO Cooperative Cyber Defence Centre of Excellence, addressing novel legal problems related to cyberspace and international cyber norms development.

In 2019 he joined the Estonian RIA and became the Deputy Director General and the Director of Cyber Security. His responsibilities included operational oversight of Estonian cyber domain, incl. cyber incident management (CERT-EE), critical information infrastructure protection (CIIP), IT baseline security standard (E-ITS), and cyber security awareness.
Mr. Lauri Tankler - Information System Authority (RIA), Head of R&D Coordination;
Mr. Lauri Tankler is the head of Research and Development Coordination at the National Cybersecurity Centre (part of the Estonian Information System Authority). A former journalist and teacher, he has been focusing on cybersecurity for the last 5 years, analysing cyber incidents, raising awareness on cyber threats and accelerating new ideas to boost the cyber-resilience in Estonia and Europe. He is currently spearheading a new initiative to foster the Estonian and European cybersecurity research, innovation and entrepreneurship through EU investments, collaboration on research, market incentives and a special focus on the next generation of cyber specialists.
Mr. Len Noe - CyberArk, Technical Evangelist / Whitehat / Transhuman;
Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a highly influential speaker in international security. He has delivered impactful presentations in over 50 countries, including at the prestigious World Conference in The Hague and C.E.R.T. EU, and has spoken to multiple governments. Co-host of the Cyber Cognition Podcast and a thought leader in Transhumanism, Len's upcoming book highlights his personal evolution in this transformative movement. Known for his futurist insights, he uses microchip implants to advance cybersecurity and enhance the human experience. His groundbreaking research has been featured in global news outlets, and he regularly appears on top-tier security podcasts. With over 30 years of experience, including a history as a Black/Grey Hat Hacker, Len has expertise in web development, system engineering, architecture, and coding, focusing on information security from an attacker's perspective.
Mr. Lorenzo Nicolodi - Microlab.red, Security Researcher;
Lorenzo loves complex technical challenges and creative solutions, expecially when cybersecurity is involved. He likes to code, reverse engineer, investigate and everything in between.
Mr. Luc Dandurand - NATO Cyber Security Centre, Chief;
Luc Dandurand is the Chief of the NATO Cyber Security Centre, the principal provider of cyber services for NATO and a business area within the NATO Communications and Information Agency. Mr. Dandurand leads a team of experts that deliver a broad range of whole-lifecycle cyber services, from concept development, service design, and implementation, through to the operation of NATO's core cyber capabilities. The NCSC is the technical hub for cyber expertise and information sharing within the Alliance. He started his career as a Signals Officer in the Canadian Forces, and has worked at the Communication Security Establishment of Canada, the International Telecommunications Union, and in the private sector.
Ms. Maria Papaphilippou - ENISA, Cybersecurity Officer;
Maria Papaphilippou is a Cybersecurity Officer at ENISA, the EU Agency for Cybersecurity. Within ENISA’s policy development and implementation unit, she is leading the activities relating to the health sector. In the past, she held positions within the big 4 and the financial sector, which included advisory and consulting, information security and information systems audit.
Dr. Mart Noorma - NATO CCDCoE, Director;
Prior to joining CCDCOE, Mart Noorma has led innovation and digital transformation at several organizations. He has served as the Science and Development Director of Milrem Robotics and the Vice Rector of Academic Affairs, the Head of Space Technology Department, and the Professor of Space and Defence Technology at the University of Tartu. Mart Noorma has also worked at the National Institute of Standards and Technology (NIST) and the Helsinki University of Technology, where he obtained the degree of the Doctor of Science in Technology in 2005.

Mart Noorma has been actively engaged in NATO, EU, and international cooperation on innovation and novel technology development. He has been a member of the NATO Advisory Group on Emerging and Disruptive Technologies, the NATO STO Applied Vehicle Technology Panel, the EEAS Space Advisory Board, and the IEEE Autonomous Weapon Systems Expert Advisory Committee.
Mr. Marvin Ngoma - Elastic, Principal Security Architect;
Marvin is a seasoned consultant and security architect. He has a strong passion for helping organizations succeed in their cybersecurity programs. He has led many projects in both the private and public sector, architecting and building Security Operations and Intelligence capability; unifying tools, processes and people. He is currently based in the nordics and uses his expertise to help organizations throughout EMEA, on how best they can create security value in their organizations.
Mr. Maryna Vorotyntseva - NATO StartCom;
Mr. Matthias Herter - MSH Advice & Training, Crisis and Hostage Negotiator, owner of "MSH Advice & Training";
Matthias Herter is the former Head of the Crisis Management and Negotiation Units of the Swiss Federal Police and the Berne Cantonal Police and was President of the European Network of Advisory Teams for Kidnapping, Hostage Taking and Extortion. From 2001 to 2022, he was involved in negotiations to resolve crisis and kidnapping in Switzerland and on five continents. In 2023 he started the company "MSH Advice & Training". Since then he has been consulting and training clients and law enforcement agencies in negotiation, teamwork and crisis management. He is a regular speaker and executive coach at the High Performance Leadership course at IMD in Lausanne.
Mr. Matthias Vallentin - Tenzir, Founder & CEO;
After completing his PhD at UC Berkeley, Matthias founded Tenzir to build a product out of his dissertation work on network forensics. Prior to that, he spent over a decade working on network monitoring, detection engineering, and threat hunting as part of the Zeek core team. As a computer scientist, Matthias has extensive experience in building high-performance systems, which he now applies to develop a data pipeline engine for security teams.
Mr. Max Ufer - Fraunhofer FKIE, Security Researcher & Malware Analyst;
Max Ufer is a security researcher and reverse engineer at Fraunhofer FKIE. He is part of the Botnet Intelligence and Mitigation team where his daily work consists of malware analysis, botnet investigation and supporting law enforcement agencies. He also lectures on binary analysis at the University of Bonn.
Mr. Maxim Matskul - Cloudflare, Sales Director for Central & Eastern Europe, CIS countries and Israel;
Maxim Matskul is the Sales Director for Central & Eastern Europe, CIS countries, and Israel at Cloudflare, a global leader in cloud cybersecurity. With 20 years of experience in the IT sector, Maxim has worked with industry giants such as SAP, Microsoft, and Sisense, in the UK, Israel, and his native Ukraine. His expertise spans cybersecurity and business applications, helping organisations enhance security and performance across various industries. A dedicated leader, Maxim continues to drive sales success and build trusted client relationships across the region.
Ms. Merike Kaeo - Double Shot Security, Founder and vCISO;
Merike Kaeo is the founder and vCISO at Double Shot Security, which provides corporate governance and executive strategies to secure global organizations. In prior roles, Merike held positions as Chief Information Security Officer (CISO) at Uniphore, Chief Technology Officer of Farsight Security, and CISO for Internet Identity (IID). Her foray into security started when she instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, /Designing Network Security/, which was translated into multiple languages and leveraged for prominent security accreditation programs such as Certified Information Systems Security Professional (CISSP). She is a passionate advocate for practical security measures and driving industry change to create a culture of integrity, responsibility, and accountability.
Ms. Merle Maigre - eGA, Programme Director of Cybersecurity;
Merle Maigre is the Senior Cyber Security Expert at Estonia’s e-Governance Academy since 2020. Previously she was Executive Vice President for Government Relations at CybExer Technologies, an Estonian firm that provides cyber training. In 2017 to 2018, she served as the Director of the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Tallinn. During 2012 to 2017, Merle Maigre worked as the Security Policy Adviser to Estonian Presidents Kersti Kaljulaid and Toomas Hendrik Ilves.
Mr. Michael Price - ZeroFox, Chief Technology Officer;
Mike serves as Chief Technology Officer at ZeroFox. In this role, he creates value through efforts involving: artificial intelligence, engineering, intelligence (digital/cyber/physical), research and security. In previous roles, he has focused on entrepreneurship in the area of information security as well as technical efforts in the areas of vulnerability management and mobile security. He also serves in support of US state and federal government information security efforts.
Mr. Mihails Potapovs - Ministry of Defence of the Republic of Latvia, Head of the EU Cybersecurity Affairs Section;
Mihails Potapovs is the Head of the EU Cybersecurity Affairs Section at the Latvian Ministry of Defence. He leads a team responsible for drafting, negotiating, and implementing EU cybersecurity legislation, and promoting cooperation in the field. As a lead co-author of the National Cybersecurity Law, he played a key role in modernising the national cybersecurity governance. Mihails has represented Latvia at the European Cybersecurity Competence Centre and the EU Agency for Cybersecurity (ENISA). Previously, he held various positions in the Ministry of Defence, the Ministry of Foreign Affairs, and the European Commission. With a Master’s degree in International Security from Sciences Po, he possesses a deep understanding of global threats and strategic challenges.
Mr. Mikko Kenttälä - SensorFu, CEO;
Since Mikko can remember, he has hacked, built, and broken stuff, which led him to a career in cybersecurity over 15 years ago. He has conducted technical security audits, hunted bug bounties, and now also builds security products as the CEO of SensorFu. Hacking still makes Mikko happy, he enjoys blue and red teaming in exercises and is interested in defending electronic freedoms and privacy in our digital society.
Mr. Normunds Miezis - Riga Chess Federation, Chess Player and Grandmaster;
Normunds Miezis is a Latvian chess player and Grandmaster. He has held the title of International Grandmaster since 1997 and has been a long-time Leader of the Latvian national chess team.
Ms. Or Lev - KELA, VP Sales Engineering;
Vice President of Sales Engineering, responsible for the global activity in the company. Having served in IDF’s research unite, Or is a highly skilled researcher with deep understanding of government, military and LEA needs. Past Positions: Advocate, Head of a team in the IDF intelligence units. Education: LL.B in law, B.A in business.
Mr. Oskars Priede - Communication Trainer;
Oskars is a communication trainer specializing in public speaking and presentations, with a strong focus on event moderation. Holding both a master's degree in engineering and an MBA, Oskars combines analytical thinking with a deep passion for influence and persuasion. He is dedicated to understanding the factors that contribute to successful public speaking and stays up-to-date with the latest trends in creating impactful presentations. In addition to training corporate groups and individuals to enhance their speaking abilities, Oskars serves as a moderator for business events, conferences, seminars, and discussions, ensuring engaging and dynamic interactions between speakers and audiences.
Mr. Patrick Staubmann - VMRay, Team Lead Threat Analysis;
Patrick Staubmann joined VMRay as a threat researcher in 2019. As part of the Threat Analysis team, he continuously researches the threat landscape and conducts analyses of malware samples in depth. To further improve the company's product, he also extends its detection capabilities in the form of behaviour-based rules, YARA rules, and configuration extractors. He is especially interested in reverse engineering, low-level system security and exploitation.
Brigadier Richard Alston - Royal Marines, Deputy Director for Cyber and Electromagnetic Effects and Special Operations;
Brigadier Richard Alston joined the Royal Marines in 2000. On promotion to Brigadier, he became the Deputy Director for Cyber and Electromagnetic Effects and Special Operations at UK Strategic Command.
Mr. Richard LaTulip - Recorded Future, Field CISO;
Richard K. LaTulip, Field CISO, boasts over 23 years of distinguished service in the US Secret Service, focusing on incident response, protecting critical infrastructure, and investigating financial and computer crimes. He delved deep into the dark web to combat cyber threats, employing a multifaceted approach. His commitment extended internationally as a diplomat at the US Embassy in Estonia, strengthening global cybersecurity alliances.

Post-retirement, Richard obtained industry-recognized certifications, such as the CISM and CISSP, and transitioned to the private sector. He excelled in information security and IT management, implementing critical frameworks like ISO 27001:2022 and SOC2 Type II. Richard's expertise extends to regulatory compliance (HIPAA/HITECH, GDPR, PCI-DSS), ensuring seamless operations and data protection.
Mr. Richard Weiss - Mandiant / Google, Reverse Engineer;
Richard is a reverse engineer in Mandiant’s FLARE team where he focuses on analyzing malicious binaries, researching and implementing modern methods of malware analysis, which he additionally teaches to future malware analysts. He also supports Malpedia (Fraunhofer FKIE) with its mission ‘to provide a resource for rapid identification and actionable context when investigating malware’ and a student association at the Technical University Ingolstadt of Applied Sciences as a voluntary lecturer for reverse engineering. Richard also instructs and supports ‘Team Europe’ for the ‘International Cybersecurity Challenge’.
Mr. Robert Lipovsky - ESET, Principal Threat Intelligence Researcher;
Robert Lipovsky is a Principal Threat Intelligence Researcher for ESET, with over 15 years' experience in cybersecurity and a broad spectrum of expertise covering both targeted APTs and crimeware. He is responsible for threat intelligence and malware analysis and leads the Malware Research Team at ESET headquarters in Bratislava.

He is a regular speaker at security conferences, including Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, MITRE ATT&CKcon, Gartner Security & Risk Management Summit, and various NATO-organized conferences. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University. When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.
Dr. Roberto Cascella - European Cyber Security Organisation, CTO;
Roberto Cascella works as Chief Technology Officer at the European Cyber Security Organisation (ECSO). He also coordinates the two technical ECSO WGs with a high impact on the European cybersecurity strategy focused on the definition of the cybersecurity R&I roadmap for trusted and resilient technologies, and the establishment of trusted supply chains at EU level. He also represents ECSO in different committees, including the SCCG established under the Cybersecurity Act. Roberto serves as Project Coordinator of the European Cybersecurity Community Support project (ECCO) that received funding from DEP to support the activities necessary to develop, promote, coordinate and organise the work of the Cybersecurity Competence Community at European Level, within the scope and operations of the ECCC and National Coordination Centres Network. Roberto holds a Ph.D. (2007) in ICT from University of Trento, an M.Sc. in Telecommunication engineering from Politecnico di Torino and KTH Stockholm (2003).
Mr. Roberts Pumpurs - ALTUM, IT security manager;
10 years in LATVIAN NAVY as crypto custodian. 5 years in Intelligence. Now for the last 3 years working directly under the board in JSC Development Finance Institution ALTUM as cyber security manager.
Mr. Robert Valkama - Fortum, Senior Manager, OT Cyber Security;
Started out in the nuclear sector as a system engineer and transferred towards OT Cyber Security. Have 10+ years of experience in the domain and have worked with OT Cyber Security at various organizations including critical infrastructure operators, government agencies and as a consultant within the domain. I have had the opportunity to work with many different sectors during my career including, to name a few, Energy production and transmission, Marine, Manufacturing and Oil and Gas.
Mr. Rolands Heniņš - NCSC, Director General;
Mr. Rolands Henins is the Undersecretary of State – Policy Director in the Latvia’s Ministry of Defence. In this capacity, Mr. Henins is shaping Latvia’s defence policy on both national and international stage, planning and coordinating Latvian National Armed Forces contribution to the international military operations, overseeing the defence planning of military capabilities and crisis management mechanisms.

Since September 1, 2024, Mr. Henins serves as the Director General of the National Cyber Security Centre.
Mr. Roman Graf - Deloitte, Manager;
Roman is a Manager in Deloitte’s Consulting group in Austria and a Teamlead of the Pentesting- and Red-Teaming group. He joined Deloitte’s Cyber service line in Vienna in 2021 with a focus on Cyber Security. He has more than 15 years of experience in the IT Security industry. Roman has a strong penetration testing and cyber security background and experience with artificial intelligence.

From 2020 till 2021, prior to joining Deloitte, Roman worked as a consultant, pentester and DevSecOps engineer for a big consulting company.From 2009 till 2020 he was working as a pentester and researcher for one of the leading European Research Institutes, where he was responsible for penetration testing, threat modelling and AI application for security domain. He was also tasked with the planning, preparation and presentation of individual workshops for different target groups.
Mr. Sebastian Tauchert - Fraunhofer FKIE, Security Engineer;
Sebastian Tauchert is a security engineer at Fraunhofer FKIE. He is part of the Botnet Intelligence and Mitigation team where his daily work consists of developing solutions to mitigate the threads post by botnets.
Mr. Serhii Barabash - representative from Ukraine;
Serhii has more then 5 years experience in cybersecurity and for now he runs team of experts who counteract APT groups.
Mr. Szymon Sidoruk - CERT.PL, Experienced Threat Analyst;
Szymon is thread analyst at CERT Polska. He consulted Polish Act of Combating Abuse in Electronic Communications. Started as SOC Analyst, now he has grown to bigger challenges.
Mr. Toms Užāns - LMT, Cybersecurity Expert;
Toms Užāns has dedicated a significant span of his career to the National Armed Forces, serving in a variety of IT roles, from radar operator to Information Security Officer. He has a robust background in IT within the military sector. His expertise in defending critical telecommunications infrastructure in Latvia, especially over the past four years, is crucial in ensuring national security and resilience against cyber threats. This extensive experience not only highlights his technical skills but also his commitment to protecting key assets in the digital landscape. His career trajectory showcases a significant contribution to the field of information security and national defense.
Mr. Varis Teivāns - CERT.LV, Deputy manager, Technical team leader;
Varis Teivāns is a Cyber security expert with 17 years of experience and a strong technical background. He has played a major role in development of the national Cyber security infrastructure, world class incident response capability and full range of Security Operations Center (SOC) services provided by CERT.LV to the Latvian government and critical infrastructure holders. Varis has participated in planning, technical setup, and scenario development of multiple hackfests, large scale Cyber defense exercises and workshops on IT security issues at the CERT.LV organized events. Currently Varis is leading CERT.LV's technical team.
Mr. Wayne Burke - Cyber2Labs, VP;
Wayne Burke is internationally recognized for his commitment and work experience, achievements and contributions to the IT and Cyber Security Industry.

Currently specializing in many offensive and defensive AI technologies, such as Drones, building and managing new high-tech security tools, custom hardware solutions for Bio-Medical products, Digital Forensics, Penetration Testing, Mobile Security and radio frequency signals using specialized SDR's.
spliter-img

CTF

CTF status Firewall’s Down! Get In While You Can.
Input Key to access event {N5ie06*[iB}
Team formation and coordination https://discord.gg/eTfVAKHUuq
CTF style Jeopardy
CTF start 30SEPT, 09:00 (UTC/GMT +3)
CTF end 01OCT, 15:00 (UTC/GMT +3)
Accepted team count TBC
Maximum members per team 5
Awards Top three teams based on the points scored
CTF provided by Hack The Box
Awards provided by by CERT.LV

Organisers & Partners