OMEGA HALL | Moderator: Mr. Oskars Priede |
11:00 - 11:30 |
The emerging threat landscape - How intelligence reduces risk, Mr. Richard LaTulip (Recorded Future, UK)
Conversation about the emerging threat landscape and how intelligence reduces risk.
|
11:30 - 12:00 |
Open, Composable, Unstoppable: The Next Gen of Threat Hunting, Mr. Matthias Vallentin (Tenzir, DE)
This talk advocates for an open and composable data stack as the foundation for the next generation of security architectures, specifically targeting detection engineering, threat hunting, and incident response. In an industry plagued by fragmented point solutions, there is an urgent need for a more sustainable and flexible approach to system architecture.
The presentation begins by examining the current landscape, highlighting the challenges and limitations of existing methods. It then introduces a modular, open-standards-based framework that fosters interoperability across the security ecosystem. At a technical level, the talk explores opportunities for standardization across various abstraction layers, including data storage, log/event encoding, schema normalization, and the representation of detections, threat intelligence, and analytics. The goal is to demonstrate how a modular, interoperable stack can effectively support and enhance critical operational security functions. |
12:00 - 12:30 |
CTI from the Underground: harness cybercrime intelligence to defend your organization and investigate threat actors, Ms. Irina Nesterovsky (KELA)
Join us for a comprehensive session on the importance of incorporating cybercrime intelligence into your CTI or threat hunting toolset. Learn about the latest cyber threats emerging from the cybercrime underground and how to effectively gather and translate this intelligence into actionable insights. This presentation will cover the key areas where cybercriminals operate, the methods they use, and how to hunt them. Gain the knowledge and tools necessary to investigate and mitigate these threats, ensuring your organization's defense against evolving cyber risks.
|
12:30 - 13:30 | Lunch |
13:30 - 15:00 |
NATO - from Information Sharing to integrated Cyber Defence
Moderator: Mr. Rolands Heniņš (NCSC, LV) Panelists: Dr. Mart Noorma (NATO CCDCoE, EE), MGen. Dave R. Yarker (Canadian Cyber Forces, CA), Col Michal Golak (POL Cyber Command, PL), Brigadier Richard Alston (Royal Marines, UK)
Since February 2022, threat level in Latvia and across NATO states has been constantly high, showing the new reality to which we all have to adapt to. This high threat level puts constant pressure on all NATO member states to work together, share the best practices and continue further development of cyber defence capabilities and cyber resilience level at national and Allied level.
Our experienced panellists will provide an insight in the world of NATO, showcasing the significance of NATO in advancing our cyber defence from different perspectives – collective defence, capability development, research and education, and political aspects – with the goal of strengthening NATO alliance by individual and collective efforts. |
15:00 - 15:30 | Coffee break |
15:30 - 16:00 |
Protecting the Blueprint of Life: The Importance of Comprehensive Information Security at the Sub-Molecular Level, Dr. Gregory Carpenter (KnowledgeBridge International, US)
This presentation discusses the need for information security (INFOSEC) at the molecular level to protect our genetic information in light of the increasing use and significant advancements of gene editing technologies such as CRISPR/Cas9. The proliferation of these technologies, coupled with tools from crippling ransomware attacks, has raised fears about the security and loss of integrity of genetic data. Research has demonstrated that we are on the verge of having the internet run through our bodies and that we will soon be another end device in the larger world of IOT. Consider the consequences of a malicious actor launching a biocyber attack that executed a DDOS of your brain or another vital organ. It is imperative to immediately implement Comprehensive INFOSEC at the molecular level to protect individual privacy, thwart malicious actors, and help prevent errors and accidental mutations in genetic data that could result in false diagnoses or incorrect treatment plans, potentially risking patients' lives.
|
16:00 - 16:30 |
Human augmentation for offensive cyber operations, Mr. Len Noe (CyberArk, US)
Transhumans, individuals enhanced with technological augmentations, are now a reality. Historically, these enhancements were viewed either medically, aiding those with disabilities, or as cyborgs in speculative fiction. However, advancements in Brain-Computer Interfaces (BCI), SMART technologies, and consumer products have blurred the lines between the physical and biological, transforming human capabilities and interactions.
Today, transhumans are not just concepts from science fiction but present significant cyber threats to modern security controls. These augmented humans can execute sophisticated cyber attacks, such as URL redirections, phishing, smishing, and man-in-the-middle (MiTM) attacks, using technology embedded within their bodies. Traditional security measures are inadequate against such advanced threats, necessitating a rethinking of our defensive strategies. The presence of transhumans requires a paradigm shift in cybersecurity, demanding new strategies and technologies to defend against their unique and evolving threats. This presentation will demonstrate various cyber attacks initiated by implants, including MiTM attacks, phishing, smishing, and automated Linux attacks, highlighting the urgent need for layered security solutions. Recognizing and addressing the cybersecurity implications of transhumans is crucial for safeguarding our society in this new era of human evolution. |
16:30 - 17:00 |
Cybersecurity in Health: Threats, challenges and ENISA’s contribution, Ms. Maria Papaphilippou (ENISA, GR)
1. Policy framework for cybersecurity in health
2. Cybersecurity threat landscape for the health sector 3. ENISA’s contribution in the health sector |
Location
VENUE
On-site: Radisson BLU Latvija, Elizabetes Str.55, Riga, Latvia
October 1 - 3, 2024
The conference time zone is Eastern European Summer Time (UTC/GMT +3)
VIDEO RECORDING
October 2
- Omega: Strategic Session (#CyberChess)
- Alfa: Technical Session (#CyberShock)
- Beta: Future - Innovation Session (#CyberStory)
October 3
Agenda
01 OCT
Workshops and Trainings
Registration for the "CyberChess 2024" conference and the
workshops and trainings on October 1 is separate. Please remember that you can register for either one full-day workshop OR one morning and one afternoon workshop. Note that seats are limited! Registration for workshops and training sessions will be open until September 13.
Workshops and training sessions are free of charge, and coffee breaks and lunches are included!
Morning Workshops
08:00 - 08:30 | Registration | Room | |
08:30 - 12:30 | Data science for incident responders working with data leaks [ENG], Mr. Éireann Leverett, Mr. Lorenzo Nicolodi | GAMMA II | |
The goal of this workshop is to provide to participants practical experience on how data science can be applied to data leaks and how the gained knowledge can be used to both strengthen the infrastructure and make the incident response phase more efficient and effective.
We will first take a look at how data can be programmatically acquired both on clearnet and on Tor (you can't evaluate data you don't have) and we will then move to some exercises leveraging Python, Jupyter notebooks and Panda library to see how these can be invaluable tools for practicing skills and for uncovering elusive evidence (e.g. attackers' TTPs).
Last but not least, we will see how similar skills can be transfered to a connected but different domain, i.e. the tracking of cryptocurrency addresses used for malicious activities.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: The participants are expected to have basic Python and networking knowledge. You may participate regardless, but we may not be able to help you as much as we might like due to time constraints.
Personal equipment necessary: Bring your own laptop with the possibility to install software (like Python and its packages). If you want to avoid doing this on your main machine, using a VM is also fine.
We suggest you to join the workshop with the latest version of Python3 already installed, together with your preferred text editor / Python3 IDE. If you don't have one, we suggest Microsoft Visual Studio Code, together with the Python extension.
|
|||
08:30 - 12:30 | GOing Beyond C: An Introduction to Reverse Engineering Go Malware [ENG], Mr. Max Ufer, Mr. Sebastian Tauchert (Fraunhofer FKIE) | KSI | |
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.
In this workshop, we want to provide an introduction to reverse engineering malware that was written in Go. Initially, we will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Participants should have a basic understanding of assembly and reverse engineering of x86/x64 binaries.
Personal equipment necessary: Participants should bring a laptop that is capable of running a VirtualBox virtual machine with at least 4GB Ram. VM download: TBA
|
|||
10:00 - 12:30 | Chess training [ENG], Mr. Normunds Miezis (Riga Chess Federation), Ms. Dana Reizniece-Ozola (International Chess Federation) | EPSILON | |
10.00-10.30 Chess training: theoretical lecture on the game of chess with Latvian chess Grandmaster Normunds Miezis
Normunds Miezis is a Latvian chess player and Grandmaster. He has held the title of International Grandmaster since 1997 and has been a long-time leader of the Latvian national chess team.
10.30-12.30 Simulation game with a Women's Grandmaster Dana Reizniece-Ozola.
Dana Reizniece-Ozola is a Latvian chess player and former politician. She has served as a member of multiple convocations of the Saeima (Latvian Parliament), as well as the Minister of Economics and the Minister of Finance. At the beginning of 2021, Dana Reizniece-Ozola resigned from her position as a member of the Saeima to become the Managing Director and Deputy Chair of the Board of the International Chess Federation (FIDE).
|
|||
09:00 - 12:30 | Nacionālās kiberdrošības likuma prasības – kā sagatavoties? [LV], Mr. Mihails Potapovs (Aizsardzības ministrija) | LAMBDA | |
The workshop will focus on the implementation of the National Cybersecurity Law, which officially came into effect on September 1, 2024. This law is designed to incorporate the provisions of the NIS2 Directive, aimed at establishing a high common level of cybersecurity across the European Union. It outlines baseline cybersecurity requirements for both essential and important entities, as well as sets out national requirements for critical Information and Communication Technology (ICT) infrastructure.
During the workshop, participants will closely examine the key legal provisions of the new legislation, and engage in discussions regarding the upcoming Cabinet Regulations that will specify the baseline cybersecurity requirements. This will provide attendees with a comprehensive understanding of the law’s implications and the practical steps necessary for compliance.
Please note that the workshop will be conducted in Latvian.
|
Registration for morning workshops
Afternoon Workshops
13:00 - 13:30 | Registration | Room | |
13:30 - 17:30 | Threathunting with VT [ENG], Jose Luis Sanchez Martinez (VirusTotal) | GAMMA II | |
Threat hunting is one of the most powerful techniques to proactively uncover and neutralize threats. While it has traditionally been a blend of science and intuition, we witnessed a surge of innovative tools and techniques that can significantly enhance its effectiveness. In this hands-on workshop, we will explore how to effectively use new and traditional techniques including: Identify, monitor and get full context of malicious campaigns. Effective semi-automated YARA generation. Netloc hunting. Similarity analysis. Understanding and leveraging AI engines for code analysis. Tackling large datasets.
Throughout the workshop, you will engage in practical exercises and real case studies, equipping both seasoned and new hunters with practical knowledge to find and monitor all kinds of real threats.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Basic knowledge about VirusTotal.
Personal equipment necessary: Laptop, VirusTotal account created and confirmed once received confirmation email.
|
|||
13:30 - 15:00 | Cybercrime Investigation Workshop [ENG], Ms. Or Lev, Ms. Irina Nesterovsky (KELA) | KSI | |
In this workshop, participants will use a cybercrime investigations tool to track and investigate cybercriminals and their activities, aliases and TTPs. They will also get the opportunity to inspect how their organizations are already exposed to cybercriminal activities and learn of the ways to prevent further compromise. The workshop is designed to arm investigators with knowledge and insights on recent cybercriminal threats, the tricks to track cybercriminals and to leverage this knowledge to defend and investigate. No technical or CTI skills are required.
Level: beginner
Prior knowledge necessary: Registered participants will receive a link to the workshop materials prior to the workshop.
|
|||
13:30 - 17:30 | Chess tournament [ENG], Riga Chess Federation | EPSILON | |
Since the chess games will be played on digital chess boards, the matches will be broadcast online and displayed on a screen in the chess tournament room.
Chief Arbiter: Vairis Kurpnieks (International Category Arbiter)
|
Registration for afternoon workshops
Full Day Workshops
08:30 - 09:00 | Registration | Room | |
09:00 - 17:00 | Practical drone forensics [ENG], Mr. Wayne Burke (Cyber2Labs, US) | BETA | |
The workshop will begin with a detailed technical overview of the Drone / UAV eco system with major components. Then we will proceed with how, what and why for Drone forensics and incident response.
Type of the workshop: technical
Level: beginner
Prior knowledge necessary: Entry level IOT / robotics hardware and software
Personal equipment necessary: Laptop and mobile phone / tablet
|
|||
09:00 - 17:00 | Building OpenShield - personal DNS Threat Intelligence with DNS Firewall [ENG], Armīns Palms (CERT.LV) | GAMMA I | |
Course attendee will gain practical skills on building powerful DNS Threat Intelligence system with active DNS protection using open source solutions. Name of the solution: OpenNameShield To build OpenNameShield, the full day workshop will provide following basic knowledge on following topics:
- Docker - OpenNameShield is a docker-ized project. Advantages of using docker will be explained as well as key commands of docker.
- BIND9 - DNS server set-up and configuration. It is planned to set up operational DNS server during workshop.
- RPZ - aka DNS Firewall. Basics on zone creation to block certain domain will be provided.
- ELK - Elasticsearch and Kibana set-up.
- mmnormalize – usage of rsyslog Log Message Normalization Module will be explained to ensure parsing of incoming log-file
- python3 – development of scripts that will enrich the incoming log-file. How to feed OpenNameShield with suspicious/ harmful domains.
- REDIS – this is important to ensure that external system limitations are not exceeded. It will be shown how to decrease outgoing requests using REDIS.
As a result OpenNameShield system will be developed where together with participants:
- The system will be enriched with suspicious/ harmful domains that are to be blocked.
- DNS blocking will be checked in real-life.
- DNS threat-hunting will be performed to identify suspicious domains.
- Identification of infected devices will take place based on the statistics of blocked DNS.
OpenNameShield system development includes usage of vast array of open-source solutions. Participants will attain excellent base level knowledge for own future project development as well as general creation of awareness on how such solutions operate.
Type of the workshop: technical
Level: beginner
Personal equipment necessary: Please install docker on you computer. Be sure that command "docker run hello-world" will work for you. Optional, but strongly advised, install "Visual Studio Code" also.
|
|||
09:00 - 17:00 | Security Analyst Workshop - Navigation to Investigation [ENG], Mr. Marvin Ngoma (Elastic, SE) | TAU | |
[The second half of the workshop will be conducted as a Threat Hunting CTF to enhance the gained knowledge in a competitive manner.]
Join us for an enlightening hands-on workshop which is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily. This workshop is divided into four modules detailing Data Navigation and Visualization, Guided Investigation with Elastic, Threat Detection and Investigation and Dark Radiation Investigation and a roundup sample Ransomware Investigation.
The workshop focuses on "a day in the life of an analyst", Real data, real workflows, and investigating threat actor activity.
Workshop Takeaways:
Ability to leverage the Elastic Security for Incident Response.
Ability to understand common workflows for cyber security tasks.
Ability to create security focused visualizations.
Ability to take a proactive approach with Elastic Security.
Ability to apply comprehensive incident response with a case management workflow.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Eyes on Glass, Analyst Experience with Elastic Security or other SIEM Solutions. An understanding of current security operations procedures. An understanding of currently available data sources, desired integrations (other SIEM, SOAR).
|
Registration for full day workshops
Escape Room
A Security Awareness Adventure - Escape Room "Hack The Hacker" will be available two days - 01 & 02 October. Each session lasts 2h. Registration for the "CyberChess 2024" conference and Escape Room is separate!
01 & 02 OCT | Please arrive 10 minutes early | Room | |
10:30 - 12:30 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 other people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
|||
13:30 - 15:30 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
|||
16:00 - 18:00 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
02 OCT
The cybersecurity conference CyberChess 2024
The CyberChess conference is a cornerstone of cybersecurity events within the Baltic states. It brings together a diverse array of security stakeholders, experts, ISPs, domain industry representatives, and other interested parties to discuss and examine the latest trends, issues, and innovations in cybersecurity.
More than 50 speakers from nearly 20 countries will share their research and experiences in the following cybersecurity-related areas:
- protection of critical information and infrastructure;
- Cyber threat intelligence;
- Ransomware, its triage, and defense;
- Medicine, nanotechnology, and bio-hacking;
- Artificial intelligence and machine learning;
- Alliances and their importance in strengthening security in the Euro-Atlantic area (from strategic, operational and legal perspectives).
Bringing together over 500 attendees on-site and engaging with over 3000 participants online, the conference serves as a dynamic platform for fostering collaboration, knowledge exchange, and networking among Baltic cybersecurity professionals.
"Throughout the past few years we have seen growth in attacks, their sophistication as well as in the level of political support and importance of cybersecurity. This makes events such as CyberChess an important platform not only for knowledge sharing but also establishing new partnerships."
/B.Kaškina, CERT.LV General manager/
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee (pre-registration 01 OCT 13:30 -17:00) |
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Oskars Priede |
09:00 - 09:10 | Keynote, Mr. Andris Sprūds, Minister of Defense (MoD, LV) |
09:10 - 09:15 | Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV) |
09:15 - 09:30 | Keynote, Mr. Rolands Heniņš (NCSC, LV) |
09:30 - 10:00 |
Utilizing botnet tracking for enabling disruptions: The Grandoreiro story, Mr. Robert Lipovsky (ESET, SK)
Replicating specific samples to understand the inner workings and network structure of a botnet has several limitations. A more versatile approach involves developing a platform of parsers that can automate botnet tracking by processing malware samples, extracting relevant information, and directly communicating with its command and control (C&C) servers. While the main downside is having to maintain such parsers, the benefits are invaluable – full control over the execution, extraction of any required data, and the ability to fake requests to C&C servers, to name a few. For large botnets, with thousands of samples, this is an extremely effective approach.
Botnet tracking data has repeatedly proven invaluable to law enforcement. It helps them understand the extent of the botnets they are investigating and maps the botnet’s network infrastructure, which is crucial for taking steps to dismantle the botnet and arrest its operators. We utilized this technique to help successfully take down Trickbot in 2020, Zloader in 2022 and, most recently, Grandoreiro in January 2024. We will demonstrate the full power of botnet tracking and how we utilize it for fully automatic processing of thousands of samples of more than 50 different botnets daily. We will provide specific examples of data our tracking system produces, the large variety of features it offers, and how the system’s outputs can be made actionable. We will illustrate how we utilized these outputs to help the Federal Police of Brazil disrupt the Grandoreiro banking trojan early this year. |
10:00 - 10:30 |
Practical Active Cyber Defense and Threat Hunting, Mr. Varis Teivāns (CERT.LV, LV)
What is Threat Hunting? Threat hunting proactively identifies potential threats and compromised devices within a network, enabling quicker responses to cyber-attacks. CERT.LV leads EU cybersecurity threat hunting, collaborating with the Canadian Armed Forces and Latvian allies. Since 2022, we’ve analyzed over 140,000 devices across 31 Latvian organizations, detecting advanced persistent threats (APTs) in 25% of them. With Latvia and its neighbors frequently targeted by Russian APT groups and hacktivists, threat hunting is critical to preemptively identifying and mitigating attacks. You will learn more about our discoveries and the most recent developments in threat hunting.
|
10:30 - 11:00 | Coffee break |
ALFA HALL | Moderator: Dr. Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
Drone Tactical Forensics and Incident Response, Mr. Wayne Burke (Cyber2Labs, US)
During this high energy presentation we will cover fundamental Drone Forensics and the importance for law enforcement, emergency / security personnel and all professionals responsible for managing various aspects of Drone operations. Coupled with effective techniques for data extraction methods: onboard storage, data acquisition. Analyzing flight logs and telemetry data with a tear-down to identify all core drone components.
|
11:45 - 12:30 |
IoC asessment and analysis, Mr. Richard Weiss (Mandiant / Google, DE)
In a world of rising atomic indicators, we have to research and implement scalable, repeatable, and fast methods of handling indicators: it is essential to understand the actual and future situation in the cybersecurity field to derive actionable knowledge. The process starts with selection, preprocessing, and selection of the data. Often these fields are handled quickly, but we will take time to discuss and demonstrate the advantages of those steps accordingly to have a good understanding of advantages and resource savings. The usage of tagging, clustering, and adding additional meta information to the indicators and creating compound structures will help cybersecurity professionals to re-use those in different focus fields of cybersecurity.
|
12:30 - 13:30 | Lunch |
13:30 - 14:15 |
The future of vulnerability management is predictive, Mr. Éireann Leverett (Concinnity-risks, UK)
Vulnerability management and patching prioritization are undergoing a revolution. Prediction and forecasting have become rich research arenas, and we'll present an assortment of those advances, some of which are ours. We are moving to a world where vulnerabilities can be foreseen, and exploits anticipated. Even exploitation events in specific networks aren't immune to quantification, and we expect this to advance quickly. Why wait for zero days when the future of vulnerability management is getting away from reaction and moving towards predictive risk. I share my experience writing the vulnerability forecasts for FIRST.org, and running the Vuln4Cast conference.
|
14:15 - 15:00 |
From AI to Emulation: Innovations and Applications, Mr. Jose Luis Sanchez Martinez (VirusTotal, ES)
During the session we will see how, through the use of AI and behaviors extracted from sandboxing and intelligence services such as VirusTotal, emulations can be created that help different teams such as blue teams, detection engineering teams and purple teams to improve the gaps in detection.
We will take several examples to see the different results we have obtained, the pros and cons and how this approach can be improved in the future. We will share the results obtained and also the tools and techniques that we have used to carry out this research. |
15:00 - 15:30 | Coffee break |
15:30 - 16:15 |
Advanced Threat Hunting: Leveraging AI and ML for Large-Scale Log Analysis, Mr. Marvin Ngoma (Elastic, SE)
In today's cybersecurity landscape, the ability to efficiently parse and analyze large volumes of log data is crucial for effective threat hunting and incident response. This in-depth tech talk will explore the cutting-edge mechanics and practical approaches employed by Elastic to facilitate advanced threat detection and mitigation. We'll delve into how Elastic's solutions leverage machine learning (ML) and artificial intelligence (AI) to automate the analysis of log files, enabling real-time insights and proactive security measures.
The session will cover key aspects such as the architecture and scalability of Elastic's platform, best practices for integrating ML models into your threat hunting workflows, and practical case studies demonstrating the effectiveness of these techniques in real-world scenarios. Attendees will gain a deeper understanding of how to utilize Elastic's powerful tools for large-scale data ingestion, correlation, and anomaly detection, ultimately enhancing their organization's cybersecurity posture. Whether you're a security analyst, data scientist, or IT professional, this talk will provide valuable insights into harnessing the full potential of Elastic for comprehensive threat hunting operations.
|
16:15 - 17:00 |
The Role of AI in Enhancing SOC Capabilities, Mr. Artur Bicki (Energy Logserver, PL)
Building and maintaining a SOC is costly and challenging, especially with 24/7 operations. Energy Logserver's AI engine helps by analyzing massive data volumes and eliminating the need for specialized mathematical expertise. While traditional SIEM systems rely on static rules, our AI extends this by detecting unknown behaviors, both in numbers and text. The AI module uses dedicated dictionaries to understand log sources, highlighting anomalies in real-time. While AI accelerates detection, it requires high-quality data and informed usage, paving the way for Security Data Analysts to enhance SOC teams.
|
BETA HALL | Moderator: Ms. Dana Ludviga (CERT.LV, LV) |
11:00 - 11:30 |
The power of persuasion: advocacy that transforms cybersecurity practices, Ms. Cornelia Puhze (Switch, CH)
This presentation explores how cybersecurity professionals can become effective advocates for security within their organisations. It emphasises the importance of non-technical skills, particularly the ability to translate complex cybersecurity concepts into language and context that resonate with the specific stakeholders addressed. Through storytelling and targeted communication, these advocates can illustrate the critical role of cybersecurity in managing enterprise risks and supporting business objectives.
Attendees will learn actionable strategies to enhance their advocacy efforts, ensuring that cybersecurity is recognised as a fundamental component of organisational strategy and risk management. The session will also discuss recruitment and training strategies to build a robust cybersecurity workforce, emphasising advocacy skills that enable professionals to effectively lobby for the integration of cybersecurity into organisational strategy and risk management. |
11:30 - 12:30 |
Encouraging Transparency and Stopping the Blame Game, Ms. Merike Kaeo (Double Shot Security, EE)
Reporting security incidents and breaches has historically been a matter of reporting as little as possible due to concerns about regulatory ramifications and negative media hype. Internal to an organization, leaders often question the resources spent on cybersecurity controls when breaches still exist. This session will utilize stories to showcase examples where transparency has been a priority when reporting cybersecurity incidents to regulators, organizational leaders and customers. Strategies are illustrated for working with organizational leaders to make effective risk management decisions where cybersecurity controls are shown to be a business enabler with associated risks that depend on the organization’s risk tolerance levels and eliminate the surprise of breaches.
Attendees will learn how to foster industry change to encourage cybersecurity incident transparency and break down the barriers that still exist in policy and regulatory frameworks to incentivize more timely reporting. The session will also detail strategies to meet cybersecurity reporting requirements stipulated in varying global laws and regulations, such as the NIS2. |
12:30 - 13:30 | Lunch |
13:30 - 14:00 |
The path from initial access to ransomeware attack - connecting the dots between accesses being sold in the underground communities to ransomeware attacks., Ms. Or Lev (KELA, IL)
In recent years, there has been a significant increase in cybersecurity incidents initiated through valid credentials of victim company assets. Ransomware attacks, in particular, have caused severe financial and operational damage, and in some cases, even the loss of human lives. This session will explore the "reaction chain" leading to such attacks, tracing it from account credentials sold on underground platforms, to advertisements by Initial Access Brokers, and ultimately to ransomware deployment. We will present real-life examples and discuss effective strategies to prevent these attacks.
|
14:00 - 14:40 |
Negotiation beats manipulation, Mr. Matthias Herter (MSH Advice & Training, CH)
Modern cyber extortion follows a pattern that seeks a transactional solution to the caused crisis in the shortest possible time and without unnecessary communication. The obvious solution is payment in electronic currency for the criminals and the decryption of data or termination of criminal activities for the victims. The victims rarely have the resources and skills to do anything about these crimes other than either give in to the demands or suffer major damage. One of the offenders' most effective weapons is the fear and shame of the victims, the conveyed feeling of powerlessness and the domination of communication. In this respect, little has changed historically in the general dynamics of blackmail. However, despite this demonstrated power imbalance, communication with the perpetrators is one of the keys to counteracting modern cyber extortion. The presentation shows which negotiation methods private individuals, security service providers and law enforcement agencies can use to counter the strategies of criminals and provides recommendations that will serve as a decisive contribution to the prevention of cyber extortion. The title "Negotiation beats manipulation" stands for the approach that utilises the potential of communication to develop alternative solutions.
|
14:40 - 15:00 |
Our journey in navigating Obstacles and Evaluating the Worth of Cybersecurity Insurance, Mr. Roberts Pumpurs (ALTUM, LV)
Ransomware was one the main challenges civil companies were fighting against in 2023. There are hundreds of solutions that are promising to mitigate the possible risks, but for me it was interesting to see how about insuring the risks and what are the possibilities in a relatively small country, as Latvia to do it. So the story is all about how we did, what we did and is it worth baying a insurance.
|
15:00 - 15:30 | Coffee break |
15:30 - 16:00 |
Analysis and forecasting of exploits with AI, Mr. Roman Graf (Deloitte, AT)
In this talk we address questions, such as: Why is Cyber Security important? What is the current cyber threat landscape? How have particular attack vectors evolved in the past? Which cyber threats are most important at the moment? Which cyber threats could be important in the future? How to protect against it?
Protection organizations against increasing number of cyber-attacks has become as crucial as it is complicated. To be effective in identifying and defeating such attacks, cyber analysts require novel threat modelling methodologies based on information security and AI techniques that can automatically recommend protection measures. We propose custom simple explainable on-site approach to recommend most significant threats. Our goal is to provide solution that could extract attack vector features, find related correlations with aggregated knowledge base in a fast and scalable way, and to automate recommendation of additional attack vectors and protection measures. Our effective and fast threat analysis method is based on artificial intelligence and can support security experts in threat modelling, security budget planning, and allow them to quickly adopt suitable protection measures for current and future periods. In this talk, we evaluate AI similarity search and recommendation technologies as a system for threat modelling facilitation and assess its accuracy and performance. This approach should reduce the number of manual research activities and increase organization’s security. We demonstrate how the presented techniques can be applied to support security experts to plan an organization’s protection strategy. |
16:00 - 16:30 |
How to Create a Cyberspace Operations Artificial Intelligence Avatar, Mr. Michael Price (ZeroFox, US)
It is now possible to create a cyberspace operations artificial intelligence avatar. The avatar can be created by combining numerous AI-based capabilities, including: Speech-To-Text (STT), Large Language Models (LLM), Text-To-Speech (TTS), multi-modal LLMs for image generation, generative AI models for lip syncing and so on. These AI-based capabilities can
be combined with traditional cyberspace operations capabilities to create the desired avatar. In effect, the human operator can speak to an avatar conversationally, issuing voice commands and receiving voice responses spoken by a human-like avatar presented to the user within a software application.
A software controller can be implemented that leverages LLMs to interpret commands and to generate and execute plans. Output can then be relayed back to the user. This can be used, for example, to support Offensive Cyber Operations (OCOs), whereby the human user instructs the avatar to attempt to exploit a vulnerable host within a victim’s cyber attack surface. There are many other possibilities as relates to both offense and defense as well. |
16:30 - 17:00 |
(NO LIVE STREAM) The process of blocking malicious SMS and other forms of phishing, Mr. Szymon Sidoruk (CERT.PL, PL)
Last year Polish parliament has passed the Act of Combating Abuse in Electronic Communications, which includes attempt to fight with malicious SMS. I'll show how we do it and how it fits into our existing anti-phishing workflow.
|
17:00 - 20:30 | Social event, Main Lobby |
03 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee |
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Oskars Priede |
09:00 - 09:25 |
Unified Cyber Culture, MGen. Dave R. Yarker (Canadian Cyber Forces, CA)
1. Bridging the technological gap between allied nations;
2. Keeping an open mind and seeing cooperation opportunities despite differences; 3. Overcoming obstacles for a common benefit and reaching joint objectives. |
09:25 - 09:55 |
Navigating the rapidly evolving cyber threat landscape: A view from the NATO Cyber Security Centre, Mr. Luc Dandurand (NATO Communications and Information Agency, CAN)
This session will explore the challenges and opportunities that the NATO Cyber Security Centre (NCSC) faces in a fast-changing world. It will discuss strategies to increase readiness, sustain excellence, and ensure NATO continues to operate at the speed of relevance.
|
09:55 - 10:25 |
Supply Chain and Cyber-physical System Protection, Mr. Egons Bušs (LMT, LV)
Convergence of supply chains and cyber-physical systems (CPS) has become more pronounced than ever. As industries increasingly rely on interconnected devices and automation, the security of these integrated networks is paramount. The supply chain, once considered a linear process, now represents a complex web of suppliers, manufacturers, and distributors, all connected through CPS technologies.
The heightened interconnectivity has unfortunately expanded the attack surface for cyber threats. Adversaries are exploiting vulnerabilities not just in individual systems but across entire supply chains. Incidents of cyber-attacks disrupting manufacturing processes, altering product specifications, or even causing physical damage have underscored the urgent need for robust protection mechanisms. To address these challenges, organizations are adopting a multi-faceted approach to security. Zero Trust Architecture (ZTA) has gained traction, emphasizing that no user or device should be automatically trusted, whether inside or outside the network perimeter. This model mandates continuous verification of every access request, significantly reducing the risk of unauthorized intrusion. Enhanced visibility and transparency across the supply chain are also critical. Businesses are investing in advanced monitoring tools and collaborating closely with suppliers to ensure compliance with security standards. The use of blockchain technology for tracking and authenticating products throughout the supply chain is emerging as a viable solution to prevent tampering and counterfeiting. Regulatory bodies are stepping up efforts to establish comprehensive guidelines for CPS and supply chain security. In conclusion, protecting supply chains and cyber-physical systems requires a holistic strategy that combines advanced technologies, strict compliance, and collaborative efforts among all stakeholders. As we navigate through 2024, the organizations that prioritize and invest in these protective measures will be better positioned to mitigate risks and ensure operational resilience. |
10:30 - 11:00 | Coffee break |
OMEGA HALL | Moderator: Mr. Oskars Priede |
11:00 - 11:30 |
(NO LIVE STREAM) russian cyber focus on destroying Ukrainian energy sector, Mr. Serhii Barabash (UA)
This presentation is intelligence view on russian attacks against energy sector of Ukraine.
|
11:30 - 12:00 |
Verify-Fix-Verify: closing the loop boosts your cyber resilience - a case study of network leaks, Mr. Mikko Kenttälä (SensorFu, FI) and Mr. Robert Valkama (Fortum, FI)
We will walk you through how focused testing of network segregation, a fundamental security control, can reap unexpected benefits on improving the overall OT security posture on other fronts as well.
|
12:00 - 12:30 |
Guardians of the Network: Key Security Events and Insights from the Mobile Frontier, Mr. Toms Užāns (LMT, LV)
The presentation will explore notable security events observed by LMT across three critical domains: physical security, mobile security, and cybersecurity. We will discuss the mitigation efforts implemented to address these security challenges, sharing valuable insights and lessons learned from our experiences. This presentation aims to equip attendees with a deeper understanding of the multifaceted security landscape and the proactive comprehensive measures necessary to safeguard against potential threats.
|
12:30 - 13:30 | Lunch |
13:30 - 14:30 |
Strengthening the European cybersecurity ecosystem
Moderator: Mr. Mihails Potapovs (MoD, LV) Panelists: Ms. Ingrīda Tauriņa (EU Agency for Cybersecurity, LV), Dr. Roberto Cascella (European Cyber Security Organisation), Mr. Lauri Tankler (Estonian Information System Authority (RIA), EE)
The panel discussion will focus on strengthening the European cybersecurity ecosystem by fostering the development of the European cybersecurity competence community. Emphasizing collaboration among public and private institutions, academic entities, and NGOs, the dialogue will explore strategies to promote cooperation within this community. The discussion will address the importance of exchanging best practices, implementing joint activities and projects, and enhancing collaborative efforts to tackle cybersecurity challenges effectively. Participants will share insights on how to bolster support mechanisms and frameworks that facilitate seamless engagement across various sectors, ultimately aiming to create a resilient cybersecurity environment in Europe.
|
14:30 - 15:00 |
Building bridges in Cyber: the EU CyberNet journey and global impact, Mr. Lauri Aasmann (Information System Authority (RIA), EE)
The presentation highlights the collaborative aspect of the EU CyberNet, the challenges and successes in building a community of cyber experts, and the global benefits, including the work in Latin America and the Caribbean.
|
ALFA HALL | Moderator: Dr.Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
GOing Beyond C: An Introduction to Reverse Engineering Go Malware, Mr. Max Ufer (Fraunhofer FKIE, DE)
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.
In this talk, we want to provide an introduction to reverse engineering malware that was written in Go. We will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
|
11:45 - 12:30 |
TA577 Walked just past You: Indirect Syscalls in Pikabot
, Mr. Patrick Staubmann (VMRay, AT)
In late 2023, the notorious Pikabot loader reappeared after a break of several months. Its reappearance, coupled with striking similarities in its delivery chain with QBot suggests its role as a replacement family used by threat group TA577. Pikabot's reputation for being evasive precedes it, but its latest variant introduces a new level of sophistication, with techniques attempting to bypass AV, EDR, and even sandboxes. The integration of indirect syscalls has left security products grappling with detection challenges, as hooks, commonly used in EDRs and sandboxes, won't be enough to inspect the inner workings of such samples during execution.
Our talk aims to delve deep into the world of Pikabot, sharing insights, pitfalls, and thoughts gathered from analysis and tracking. We'll provide an exhaustive analysis of Pikabot's loader module, dissecting its obfuscation and evasion techniques in detail. With a special focus on the intricacies of indirect syscalls, we'll explore how this technique successfully circumvented many sandboxes and how our proof-of-concept reimplementation demonstrates how many more enhanced indirect syscall techniques malware developers could already have in their arsenal. Furthermore, as Pikabot's operation have been shutdown via Operation Endgame, we'll speculate on future developments and trends in evasion techniques, offering practical recommendations for effectively detecting and mitigating such and similar threats. |
12:30 - 13:30 | Lunch |
13:30 - 14:15 |
(NO LIVE STREAM) Lucky Leaks: 400 million file paths are worth a thousand words, Mr. Lorenzo Nicolodi (Microlab.red, IT)
We spent the last two years collecting and studying the content provided by ransomware gangs on their DLS (Data Leak Site), more often than not hidden by the Tor network. We discovered that the list of the files inside the leaks can provide plenty of information about the gang's TTP, the impact for the victim and the most effective countermeasures. The victim's privacy is preserved, because we don't look at the content of the leak itself, except in specific circumstances we have a chance of getting the TTPs.
|
14:15 - 15:00 |
Federated Learning Approaches to Bolstering Cyber-Physical Systems Resilience, Dr. Delwar Hossain (NAIST, JP)
The lecture covers security issues in modern automobiles and Industrial Control Systems and proposes Deep Learning, Federated Learning-based solutions to address them. The CAN bus system used in modern cars lacks basic security features, making it susceptible to attacks such as DoS, Fuzzing, and Spoofing. Similarly, the Modbus RS-485 protocol used in smart meters lacks authentication and encryption mechanisms, making it vulnerable to attacks. As a countermeasure, an intrusion detection system (IDS) using the Federated Learning (FL) approach can effectively detect malicious activities and ensure data protection from intruders. The structured presentation covers topics ranging from the security challenges of automotive and ICS systems to the development of AI-based IDS, autonomous driving model resiliency, using Federated Learning.
The lecture is structured as follows:
- Security issues of modern automotive and ICS systems
- Proposed defense verification platform for the CAN bus system
- Development of a deep learning, Federated Learning-based IDS
- Development of automotive and Modbus attack datasets and AI-based IDS
- Attacker Localization with Machine Learning in RS-485 Industrial Control Networks.
|
BETA HALL | Moderator: Ms. Dana Ludviga (CERT.LV, LV) |
11:00 - 12:30 |
DNS on steroids
Moderator: Ms. Dana Ludviga (CERT.LV, LV) Panelists: Ms. Katrīna Sataki (NIC.LV, LV), Mr. Kirils Solovjovs (Possible Security, LV), Ms. Iveta Skujiņa (NIC.LV, LV), Mr. Kristians Meliņš (NIC.LV, LV), Mr. Helmuts Meskonis (Domain Summit Ltd, UK)
In this engagement session, we will delve into the dynamic world of the Domain Name System /DNS/ and its evolving landscape. We will cover traditional DNS, the introduction of new generic Top-Level Domains /gTLDs/, and their impact on the domain name market. We'll discuss the benefits and challenges these changes bring for businesses and consumers, as well as the potential for innovation in areas like decentralized internet addressing.
Panelists and the audience will also explore critical cyber security and legal issues that average internet users should be aware of.
|
12:30 - 13:30 | Lunch |
13:30 - 14:00 |
Grow Your Own SOC, Ms. Merle Maigre (eGA, EE)
How to organize and consider the many functions in cybersecurity operations centers (SOCs)? Sharing some best practice that can be applied to SOCs - from empowering the SOC to carry out the desired functions, to growing quality staff, prioritising incident response, and engaging with stakeholders and constituents.
|
14:00 - 14:30 |
(NO LIVE STREAM) Rescue Operations in Cyber Warfare: Cloudflare's hands-on experience in Ukraine, Mr. Maxim Matskul (Cloudflare, UK)
Join us for an insightful talk where Maxim Matskul, Cloudflare's Sales Director for Central and Eastern Europe, CIS countries, and Israel, will share invaluable lessons learned from the frontlines of cybersecurity during geopolitical crises. Based on his team's hands-on experience in Ukraine during the 2022 Russian invasion and other projects across Eastern Europe, this presentation will offer a rare look into how critical infrastructure has been kept operational amidst some of the most sophisticated and relentless cyberattacks of our time.
Attendees will gain an inside perspective on the real-time defense mechanisms deployed to protect companies in various industries. Maxim will also expose common missteps organizations make when setting up their cybersecurity frameworks, which can leave them vulnerable in critical moments. In addition, the talk will deliver actionable recommendations for building a resilient, multi-layered cybersecurity approach tailored to the modern threat landscape.
Whether you're in IT, cybersecurity, or management, this presentation is a must-attend for anyone looking to stay ahead of evolving threats and safeguard their organization’s digital infrastructure. Don’t miss this opportunity to learn from a leader at the forefront of the global cybersecurity landscape!
|
14:30 - 15:00 | Game of Drone! Field insights from the war in Ukraine, Mrs. Gabrielle Joni Verreault (Universite de Montreal, CA)
As technology continues redefining modern warfare's landscape, its impact extends beyond the battlefield to involve civilians in unprecedented ways. This presentation, "Game of Drone! Field Insights from the War in Ukraine," offers a unique perspective grounded in firsthand experiences from the front lines of the conflict. It explores the critical intersection of technology, ethics, and civilian involvement, drawing from the presenter's extensive fieldwork in Ukraine.
The session will explore the challenges and legal ambiguities that arise when civilians, driven by a desire to support Ukraine, engage in activities ranging from ethical hacking to drone operations. Key areas of focus will include the blurred lines between civilian and combatant roles in cyber operations, the ethical dilemmas inherent in these initiatives, and the broader implications of these efforts within the framework of International Humanitarian Law.
Beyond the technical and legal analysis, the presentation will offer insights into the presenter's unique stance on security, informed by a background in public health and a deep commitment to human well-being. This perspective is rooted in a care-oriented and reduction-of-harm approach, emphasizing the importance of ethical considerations and the responsible use of technology in conflict zones.
Attendees will gain a nuanced understanding of the ethical and legal considerations essential for aligning technological skills with the needs on the ground in a responsible and impactful manner. This discussion is particularly relevant for ethical hackers, technologists, and those interested in the practical and ethical dimensions of civilian participation in modern conflicts.
|
15:00 - 15:30 | Coffee break |
15:30 - 17:00 | CLOSING SESSION :: Moderator: Mr. Oskars Priede |
15:30 - 16:00 |
Countering generative AI disinformation: a Ukraine experience, Mr. Dmytro Plieshakov (Osavul, UA)
The presentation will cover the most recent AI-powered techniques used by hostile actors to plan, create and disseminate disinformation campaigns. It will also focus on how AI and Large Language Models can used by the defenders community to protect the information environment from hostile activities.
|
16:00 - 16:25 |
Tailoring security systems for the AI era, Mr. Dmitrijs Ņikitins (Tet, LV)
This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures. And highlight how cybersecurity must evolve, incorporating AI not only as a tool but also as an integral part of the strategic framework.
Looking ahead, we will explore predictions for the next decade, emphasizing how advancements like quantum computing might influence cybersecurity. This presentation is designed to equip audience with the knowledge and tools necessary to adapt your security strategies effectively in anticipation of these developments.
|
16:25 - 16:40 |
Why we play with Security, Hack the Hacker the Escape Room, Ms. Jessica (Switch, CH)
In this talk, we explore how serious games can reshape the way we address the human element in information security. CyberChess participants have the opportunity to experience “Hack the Hacker: The Escape Room” first hand and learn how interactive, game-based scenarios can engage participants. These immersive experiences, from escape rooms to other serious games, spark curiosity, encourage teamwork, and lead to a fundamental shift in mindset towards security.
|
16:40 - 17:00 | Conference end ceremony |
Speakers
He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process.
In 2019 he joined the Estonian RIA and became the Deputy Director General and the Director of Cyber Security. His responsibilities included operational oversight of Estonian cyber domain, incl. cyber incident management (CERT-EE), critical information infrastructure protection (CIIP), IT baseline security standard (E-ITS), and cyber security awareness.
Mart Noorma has been actively engaged in NATO, EU, and international cooperation on innovation and novel technology development. He has been a member of the NATO Advisory Group on Emerging and Disruptive Technologies, the NATO STO Applied Vehicle Technology Panel, the EEAS Space Advisory Board, and the IEEE Autonomous Weapon Systems Expert Advisory Committee.
Post-retirement, Richard obtained industry-recognized certifications, such as the CISM and CISSP, and transitioned to the private sector. He excelled in information security and IT management, implementing critical frameworks like ISO 27001:2022 and SOC2 Type II. Richard's expertise extends to regulatory compliance (HIPAA/HITECH, GDPR, PCI-DSS), ensuring seamless operations and data protection.
He is a regular speaker at security conferences, including Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, MITRE ATT&CKcon, Gartner Security & Risk Management Summit, and various NATO-organized conferences. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University. When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.
Since September 1, 2024, Mr. Henins serves as the Director General of the National Cyber Security Centre.
From 2020 till 2021, prior to joining Deloitte, Roman worked as a consultant, pentester and DevSecOps engineer for a big consulting company.From 2009 till 2020 he was working as a pentester and researcher for one of the leading European Research Institutes, where he was responsible for penetration testing, threat modelling and AI application for security domain. He was also tasked with the planning, preparation and presentation of individual workshops for different target groups.