spliter-img

Agenda

29 OCT

OMEGA HALL
08:00 - 09:00 Registration and morning coffee   register  coffee
09:00 - 10:30 OPENING PLENARY
Moderator :: Mr. Artis Ozoliņš
09:00 - 09:15 Keynote, Mr. Andris Sprūds, Minister of Defence (MoD, LV)
09:15 - 09:25 Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV)
09:25 - 09:55 From SOC to cyber threat landscape in Latvia, Mr. Varis Teivāns (CERT.LV, LV)
09:55 - 10:25 Ukranian blueprint of building effective cyber capabilities, Dr. Yegor Aushev (Cyber Unit Technologies, UA)
The world is in a state of cyberwar: attacks on critical infrastructure have turned cybersecurity into a survival strategy. How does business change strategies in the new reality of threats, geopolitics, and digital fronts? The focus is on APT attacks, operational resilience, relocation, international alliances, Ukrainian cases, growing demand for MSSPs, compliance challenges, and new opportunities in the global market.
10:25 - 10:30 Moderator’s Remarks
10:30 - 11:00 Coffee break  coffee

Threat Attribution
Moderator :: Mr. Artis Ozoliņš
11:00 - 11:30 [TLP: AMBER] TBC, (National Cyber Security Centre, UK)
TBC
11:30 - 12:00 TBC
12:00 - 12:30 [TLP: AMBER] Practical Attribution, Mr. James Fotheringham (Palo Alto Networks, UK)
An overview of some practical examples of several attributes of actor attribution.
Operational Technologies
Moderator :: Dr. Bernhards `BB` Blumbergs
11:00 - 11:45 TBC
11:45 - 12:30 OT security, TBC (HackFest, CA)
TBC
Crisis and risk management
Moderator :: Ms. Dana Ludviga
11:00 - 11:30 Crisis-Proofing Communication: What the 2025 Cyber Survey Tells Us About Business Readiness, Ms. Julia Petryk (Calibrated, UA)
In an era where cyber threats evolve faster than most organizations can adapt, effective communication has become a critical component of cybersecurity strategy. Julia Petryk shares key findings from the 2025 Cyber Survey, conducted by Calibrated, which benchmarks how businesses across sectors are preparing, or failing to prepare, for cyber incidents.
Crisis incidents are not just operational disruptions, they are direct threats to brand reputation, with long-term impacts on customer trust, investor confidence, and market position.

Drawing on her experience leading cybersecurity communications and mobilizing PR professionals in high-stakes situations, Julia highlights practical steps for bridging these gaps. She examines how cross-functional planning, message testing, and simulation exercises can make the difference between a controlled response and a public relations disaster.

The talk also considers the human factor—how trust, empathy, and clear language influence public and partner confidence during a breach. Attendees will leave with actionable insights, a clearer understanding of their organization’s readiness level, and a roadmap for making communications as resilient as their technical defenses.

Whether you’re in PR, cybersecurity, or executive leadership, this session equips you with the knowledge to navigate cyber crises with credibility and composure, because in 2025, readiness isn’t just about technology, it’s about trust.
11:30 - 12:00 The Story of Weak Signals, Mr. Ivan Milenkovic (Qualys, UK)
This is the story of a significant cyber breach within a large corporate environment. Our network, much like a vast ocean we thought we commanded, was harbouring a ghost fleet of undocumented and vulnerable systems operating undetected in the deep. We will explore how a single, faint sonar ping, an unusual external DNS query spotted by a curious engineer, was the only clue that something was wrong. Following this weak signal led to the discovery of systemic failures: a profound lack of visibility, internal politics that siloed critical intelligence, and dangerously poor patching practices that left our defences riddled with holes. The session will demonstrate why we can't defend what we can't see and make the case for becoming active sonar operators, nurturing a culture where every team member is empowered to investigate the anomalies that can expose our greatest risks.
12:00 - 12:30 Print, Encrypt, Recover: A Ransomware Crisis Story, Mr. Pauls Bračs (HcSecurity, LV)
This presentation examines the crisis and risk management challenges faced by a printing company during a serious ransomware attack, focusing on leadership decision-making under pressure and stakeholder coordination during operational shutdown. We'll explore how management navigated critical decisions including ransom negotiations, law enforcement engagement, and business continuity activation, while simultaneously managing communication with employees, customers, suppliers, and regulatory authorities. The presentation will include lessons-learned from the whole cyber incident response lifecycle.

12:30 - 13:30 Lunch  lunch
NATO Future Resilience Panel
Moderator :: Ms. Ieva Ilves
13:30 - 14:00 Keynote, TBC
14:00 - 15:00 Cyber Resilience in an Uncertain World: Confronting the Threats of the Next Decade

Moderator: Ms. Ieva Ilves

Panelists: BGen D. Scott MacGregor (CAFCYBERCOM, CA), TBC

As the pace of digital transformation accelerates, the spectrum of cyber threats is expanding in scale, complexity, and unpredictability. Cyber resilience has therefore become a central concern for national security and international stability. This panel will examine how different perspectives can inform approaches to future challenges, highlighting the role of diverse threat actors, the implications of rapidly evolving technologies, and the broader political and strategic dilemmas of building resilience in an increasingly fragmented world. Looking ahead to the coming decade, the discussion will focus on how governments and alliances can anticipate and adapt to these emerging dynamics.
Threat Attribution
Moderator :: Dr. Bernhards `BB` Blumbergs
13:30 - 14:15 TBC, Mr. Rik Dolfing (Mandiant, NL)
TBC
14:15 - 15:00 Threat informed defence of critical infrastructure of Ukraine, Major Oleksii Hlushkov (SCPC SSSCIP, UA)
Ukraine has become one of the most targeted nations in the cyber domain, with advanced persistent threat (APT) groups persistently testing the resilience of its critical infrastructure.

This talk will highlight the Top 3 cyber groups actively attacking Ukraine, outlining their TTPs. By examining these real-world adversaries, we gain valuable insights into their evolving toolsets and operational goals.

The talk will connect the practices like Threat-Informed Defence and External Attack Surface Management, showing how intelligence on active adversaries directly shapes security prioritization.
Evolving Threats and the Future of Trust
Moderator :: Ms. Dana Ludviga
13:30 - 14:15 [TLP: AMBER] Russian and Islamic hacktivist group partnership, Mr. Simon Berner (RIA, EE)
14:15 - 14:30 TBC
14:30 - 15:00 The Trust Crisis, Mr. Tony Fergusson (Zscaler, DK)
In a world reshaped by AI, trust has become an active attack surface under constant pressure. Deepfakes, synthetic identities, and adversaries exploiting trusted platforms have exposed the limits of traditional defenses. Living Off Trusted Sites (LOTS) attacks occur when services like Microsoft 365, AWS, and Google are weaponized. These threats demonstrate that identity-based Zero Trust and reputation-based security alone are no longer sufficient to handle emerging challenges.

Hackitvim knows trust is not static; it is contested ground. To counter today’s challenges, Zero Trust must evolve into an adaptive, adversary-aware model that reassesses users, devices, content, and data in real time. Phishing-resistant authentication, behavioral access controls, and creative deception strategies are essential for staying ahead. Predictive analytics and contextual security measures enhance precision in defense strategies.

As adversaries leverage AI to outmaneuver defenses, defenders must innovate. Continuous Threat Exposure Management (CTEM) reinforces trust, while strategies like 'negative trust' mislead attackers into exposing themselves. Security must evolve into a proactive, tactical approach that empowers defenders to dictate the terms, leveraging systems that validate every interaction and redefine resilience as the cornerstone of a trusted digital future.

15:00 - 15:30 Coffee break  coffee
Operational Technologies
Moderator :: Mr. Artis Ozoliņš
15:30 - 16:00 Executing Maritime Cyber Operations, Cmdr. Michael Widmann (NATO, US)
Description of how NATO executes Maritime Cyber Operations to include real world examples.
16:00 - 16:30 [TLP: AMBER] From comfort to conflict: cybersecurity of Ukrainian mission-critical systems, Ms. Anastasiia Voitova (Cossack Labs, UA)
Historically, critical national infrastructure was built around availability and the illusion of air-gapped security. That world is gone. The era of isolated, "perfectly secure" systems has ended; everything is now interconnected, interdependent, and vulnerable. We will explore selected Ukrainian CNI and mission-critical systems, and the security measures they had to implement to mitigate russian threats. Details to follow.
16:30 - 17:00 Trust the Hardware, Not the Firmware: Reasserting Control in a Compromised Supply Chain, Mr. Patrick Miller (AMPYX CYBER, US)
In a world where hardware may be sourced from strategic competitors, our greatest vulnerability lies not in the hardware itself, but in the code it runs. Firmware, bootloaders, UEFI environments, and other low-level code-based layers embedded in critical infrastructure are increasingly opaque, remotely updatable, and ripe for exploitation. These “soft roots of trust” have become the stealthy battleground of cyber pre-positioning for nation-state threat actors.

This session explores actionable pathways to reclaim sovereignty over compromised or untrusted devices without resorting to wholesale rip-and-replace strategies. Drawing on firsthand experience advising U.S. federal agencies, energy regulators, and operators, Patrick Miller will outline efforts to develop open-source, re-flashable firmware for critical devices; secure bootloader architectures; and forensic validation methods for embedded systems. He will also examine the growing policy convergence between cybersecurity and industrial sovereignty.

Attendees will leave with an understanding of the risks posed by embedded firmware in imported operational technologies, as well as conceptual mitigation models from Open Source Firmware Programs to device-level reassertion of trust through transparent, verifiable code.
Cyber Threat Intelligence
Moderator :: Dr. Bernhards `BB` Blumbergs
15:30 - 16:15 Cyber Deception to Track Adversaries, Mr. John Strand (Black Hills Information Security, US)
Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
16:15 - 17:00 [TLP: AMBER] Advanced Persistent Threat (APT) Tracking: How to Find Nation States by the Mistakes They Make, Mr. Martijn Grooten (SilentPush, GR)
Cybercrime, destruction, and other malicious activity often benefits from scaling up attack infrastructure. The ability to rapidly setup and scale nearly identical phishing sites being one such case, where once initial access is obtained it often leads to much worse results. This same scale however, can be used against the threats behind them by creating patterns to detect it as it grows and evolves.

In contrast, APT groups rarely need to scale their destructive infrastructure. They can afford, and often do, segment out their infrastructure into disparate parts for obfuscation. So that only the pieces they wish to reach the public (and thus, be identified to them) are traceable. In practice however, even these sophisticated actors also make mistakes that defenders can capitalize on.

In this TLP: Amber presentation, we will show you how Silent Push tracks APT groups with such tenacity and will focus our presentation here on groups from/linked to Russia, such as: Gamaredon, APT28, and Turla.
Financial Fraud
Moderator :: Ms. Dana Ludviga
15:30 - 16:00 TBC
16:00 - 16:30 Social Engineering, AI, and Ransomware, Mr. Allan Liska (Recorded Future, UK)
In 2025 there has been an alarming increase in the number of social engineering attacks leading to ransomware attacks. In particular, these attacks are targeting outsourced helpdesks, and many of these attacks rely heavily on AI Large Language Models.

For many years, social engineering attacks were largely the realm of western-based ransomware groups, like Scattered Spider or LAPSUS. But, the voice capabilities combined with language fluency of many LLMs has evened the playing field. Any group can now carry out these attacks, using the blueprint laid out by western based threat actors and ransomware groups are finding incredible success.

This talk will look at how these attacks work, why outsourced help desks are particularly susceptible to these attacks and what organizations can do to protect themselves.
16:30 - 17:00 Tracking the network infrastructure behind pig-butchering and crypto investment scams, Mr. Swapneel Patnekar (Shreshta IT Technologies Pvt. Ltd., IN)
This presentation delves into the investigative learnings from tracking and analyzing the network infrastructure supporting industrial-scale pig-butchering (romance baiting), investment, and cryptocurrency scams. We explore the ecosystem enabling these scams, from fraud website templates and malicious Javascript libraries to the tactics, techniques, and procedures (TTPs) leveraged by the threat actors.

Special attention is given to the role of domain registrars and network operators, including how API integrations and cryptocurrency payments are exploited to enable the rapid and large-scale deployment of scam domains.

Through this research, we highlight patterns of abuse, infrastructure overlaps, and the operational indicators that can help defenders detect and disrupt these fraud campaigns more effectively.

17:00 - 20:30 Social event


30 OCT


OMEGA HALL
08:00 - 09:00 Registration and morning cofee   register  coffee
09:00 - 10:30 OPENING PLENARY
Moderator :: Mr. Artis Ozoliņš
09:00 - 09:10 Keynote, Mr. Rolands Heniņš (NCSC, LV)
09:10 - 09:35 Mitigating the risk of an insider threat, Mr. Gerry Donaldson (CCR3 Group, UK)
09:35 - 10:00 TBC
10:00 - 10:25 On offensive fraud prevention, Mr. Patrick Rousseau Mathieu (HackFest, CA)
10:25 - 10:30 Notes from the moderator
10:30 - 11:00 Coffee break  coffee

European Union Panel
Moderator :: Mr. Artis Ozoliņš
11:00 - 12:00 EU Cyber Defence as a Collective Responsibility From Strategy to Action

Moderator: H.E. Mr. Jānis Kārkliņš (Ministry of Foreign Affairs, LV)

Panelists: TBC

The EU and its Member States are stepping up cooperation and investments in cyber defence policy, including by improving management of cyber crisis, enhancing intelligence cooperation on cyber threats, strengthening the cooperation and coordination between military and civilian cyber communities, also by increasing cooperation with partners like NATO.

Panel experts will offer insights into the most pressing tasks for strengthening cyber defence and the challenges of translating policy into coordinated and concrete actions and effective use of instruments and procedures already in place.
12:00 - 12:30 Building Trust in Digital Age: Certification, Conformity Assessment, and Aaccreditation, Ms. Gundega Jaunbērziņa-Beitika (LATAK, LV)
The presentation “Building Trust in Digital Age: Certification, Conformity Assessment, and Accreditation” will explore how trust is established and maintained in an increasingly digital and interconnected world. Participants will gain insights into the role of certification, conformity assessment, and accreditation in ensuring cybersecurity, reliability, and confidence in digital solutions.
Vulnerability Disclosure
Moderator :: Dr. Bernhards `BB` Blumbergs
11:00 - 11:45 Bootstrapping vulnerability research in network gateways and routers, Dr. Stanislav Dashevskyi (Forescout, NL), Mr. Daniel Dossantos (Forescout, NL)
The operating systems of many proprietary consumer- and enterprise-grade network devices do not allow for easy customization. For example, one cannot simply use SSH to login as a 'root' to modify the software, as this functionality is often unavailable. In this way, device vendors prevent inexperienced users from 'bricking' their devices, and, at the same, time attempt to prevent adversaries from studying the internals and discovering vulnerabilities.

This practice also complicates the lives of vulnerability researchers: it is a 'chicken-and-egg' problem, where, in order to do proper vulnerability research, one must already find a completely new vulnerability that allows for a 'root' access. However, my experience of several years in doing this shows that this may be not that difficult, when using the right techniques.

In this talk, I will discuss my experience in 'rooting' network gateways, routers, and other network equipment, and will demonstrate some of the approaches we use in our team to bootstrap vulnerability research and find critical bugs in these devices. I will use technical bits and pieces from several vulnerability research cycles my team and I performed against vendors such as DrayTek, Sierra Wireless, and [REDACTED]. This talk will be interesting for cybersecurity professionals who are getting started in reverse engineering and vulnerability discovery, as well as for seasoned vulnerability researchers who are looking for some inspiration.
11:45 - 12:30 From Vulnerability Report to Disclosure: Navigating Vulnerability Management in an Open-Core Company, Ms. Eva Sarafianou (Mattermost, GR)
Vulnerability management is a critical component of a security program, especially in open-core environments. This talk explores the end-to-end process, from intake via Bug Bounties or Disclosure P rograms, through triage, root cause analysis, fixes, testing, and disclosure, while addressing the unique transparency challenges of open-core environments.

Using a real-world example, we’ll walk through each step of the process, highlighting the role of automation, AI, and metrics. We’ll also cover tailored practices for critical vulnerabilities and strategies to ensure scalability, security, and community trust.
Supply Chain Integrity
Moderator :: Ms. Dana Ludviga
11:00 - 11:30 Vendors weighted and some found wanting - lessons learned from checking 3000 vendors for 200 companies, Mr. Jani Kenttälä (Badrap, FI)
We trust our vendors a lot, and on paper, they all claim to take cybersecurity seriously. But the real world tells a different story.

How different? I learned it when facilitating a campaign to improve the resilience of Finnish society for the National Cyber Security Center Finland. In the campaign we helped Finnish companies to secure their supply chain in practice. First we helped the participants to identify their supply chain. Then we checked the identified vendors for potential security lapses, reported the issues and offered help in fixing them. Finally our job was to rate the vendors based on their response. I am glad to be able to share anecdotes and statistics about this endeavor, and what has happened since. I will tell you how vendors perform when they learn they have vulnerabilities. I’ll list what are the vendor stereotypes, whether they are awesome, mediocre, or poor performers. I’ll give examples from their heroic efforts to tackle the vulnerabilities to bizarre justifications on why they can be ignored. Finally, I'll give you practical, do-it-yourself tips on how you can be the best vendor for your customers, or how to push your own supply chain to step up and protect you instead of making you more vulnerable.
11:30 - 12:00 Pandora's Box: What We Found When We Opened Misconfigured Cloud Buckets, Mr. Soufian El Yadmani (Modat, NL)
Cloud storage misconfigurations expose sensitive credentials at an alarming rate. Through systematic scanning of publicly accessible cloud buckets across AWS S3, Google Cloud Storage, and Azure Blob Storage, we discovered 215 instances of leaked secrets including API keys, database credentials, and infrastructure tokens. These exposures grant unauthorised access to critical cloud and third party services and pose significant security risks to organisations worldwide.

Our responsible disclosure process successfully remediated 95 vulnerabilities, with 20 organisations directly confirming their fixes. This study reveals the widespread nature of cloud storage security gaps and demonstrates how proactive security research can drive meaningful improvements in cloud security practices. The findings underscore the urgent need for better configuration management and automated detection in cloud environments.
12:00 - 12:30 Cyberattack? Practical SOC Readiness for Crisis Management, Mr. Mariusz Stawowski (CLICO Group, PL)
Is your organization prepared for a cyberattack? Do you know what to do in the event of a ransomware incident or another critical security breach? With increasing regulatory requirements such as NIS2 and DORA, it's essential not only to have the right tools, but above all, to know how to use them effectively and to be prepared for crisis situations.

We should be aware that ransomware and other cyber crises have a negative psychological impact on people, causing fear, stress, paralysis, and other harmful effects. The session focuses on the importance of staying calm during a cyber crisis and following a clear step-by-step plan that was thoroughly practiced in realistic cyberattack exercises.

This session will present the results of the Cyber Soldier project. The project was launched for organizations that — responding to the first version of the NIS directive — were building Security Operations Centers (SOCs) and faced the challenge of quickly preparing staff to correctly detect and respond to incidents. The main requirement was to practically train SOC teams in the use of their existing detection and incident analysis tools, particularly EDR/XDR platforms and solutions for digital forensics and threat hunting.

Currently, the Cyber Soldier project is being developed to meet the requirements of the DORA regulation for the financial sector, which mandates the execution of Red Team tests in production environments, based on actionable cyber threat intelligence.

12:30 - 13:30 Lunch  lunch
Crisis and risk management
Moderator :: Mr. Artis Ozoliņš
13:30 - 14:00 Resilience in Times of Uncertainty: Rethinking Risk Management, Mr. Dmitrijs Ņikitins (Tet, LV)
The Covid-19 pandemic and the war in Ukraine have reshaped the way organizations must view risks, showing how rapidly and unpredictably the landscape can shift. For Tet, as both a holder of national critical infrastructure and a key service provider for major clients in Latvia and Ukraine, resilience and adaptability are not just strategic goals, they are daily necessities.

In this session, Tet’s CTO will share how global disruptions have transformed risk perception and crisis preparedness. Rather than focusing on specific incidents, the talk will outline broader lessons: the acceleration of digital dependency, the convergence of physical and cyber threats, and the growing importance of collaboration across sectors and borders.

The audience will gain insights into how leaders can strengthen preparedness and rethink risk management as a dynamic and evolving capability.
14:00 - 14:30 The Three Laws of a Wiser DNSaster Prevention, Ms. Katrīna Sataki (NIC.LV, LV)
In cybersecurity, the biggest disasters often begin with the smallest oversights — like a forgotten domain renewal, a misconfigured DNS record, or poorly managed DNS servers. This presentation introduces three pragmatic laws for improving risk assessment practices, drawing on real-world DNS incidents and the timeless logic of human folly. While NIS2 demands a more structured approach to identifying, assessing, and mitigating cyber risks, it's easy to get lost in complexity and miss what truly matters. Not all threats come from hackers — and that's where Cipolla’s “The Basic Laws of Human Stupidity” offer a valuable lens. They help us uncover hidden dependencies, account for irrational behavior, and rethink the way we approach external service risks.
14:30 - 15:00 Strategizing Done… How to Prepare in Practice for Unknown Unknowns, Mr. Jānis Vanags (CIREN - Civilian Resilience Nordic, LV)
- Risk-aware business culture: practical and experience-based tips of overcoming existential crises and thriving after misery (first-hand insights from aviation, retail, healht-care and military).

- Risks, threats and vulnerabilities are different, mitigation and response is similar (Resilience Architecture) -> hands on advice.

- Synergy is the answer for unknown unknowns – a region-wide organisation of resilience, example of communities in the Nordics.
Cyber Trainings
Moderator :: Dr. Bernhards `BB` Blumbergs
13:30 - 14:15 Null to Cyber Range: Toward Efficient Solutions for Cyber Exercises, Dr. Youngjae Maeng (National Security Research Institute, KR)
TBC
14:15 - 15:00 So you want to host a CTF?, Mr. Pēteris Hermanis Osipovs (Mārtiņa CTF, LV)
I will be sharing the reason of why we decided to create our own custom built infra for Mārtiņa CTF and what were the requirements and major choices that we had to make to get to where we are now. While I will be mentioning two fairly well known technologies (CTFd and naumachia), the talk will be focused on our own custom solution running on k3s.
From Failure to Success
Moderator :: Ms. Dana Ludviga
13:30 - 14:00 [TLP: AMBER] The Cyber Defence Unit Initiative: Identifying Data Breaches Affecting the Public and Private Sector — A Use Case in Kosovo, Mr. Erblind Morina (Sense Cyber Research Center, XK)
This presentation discusses research on how smaller nations can adopt volunteer-driven cyber defence initiatives to strengthen their national cybersecurity posture. Using the Cyber Defence Unit initiative from Kosovo as a case study, it highlights the engagement of the local IT community in identifying and monitoring leaked data affecting both the public and private sectors. The development of a custom platform—built with open-source technologies to detect and analyse data breaches—will be presented. The session will demonstrate how national cybersecurity efforts can be reinforced through increased community involvement and the strengthening of public-private partnerships, enabling more effective breach detection, information sharing, and coordinated response.
14:00 - 14:30 MCTF misshaps, Ms. Katrīna Bukava (Association "Datoriķi", LV)
How do you get more people into IT and cybersecurity—and make it approachable? How do you get someone to care about digital hygiene, online safety, and technical know-how without boring them to death? We think: Capture the Flag events. But running one? That's a whole different beast.

This is the story of Mārtiņa–CTF, a grassroots, student-led team-based CTF born in Latvia. We'll take you through how it started: from a scrappy idea into a full-blown competition, engaging around 200 participants. We'll share the whole journey — the wins, the fails, and the lessons learned.

We’ll cover our first attempt and the technical implementation behind it, followed by how we reworked the infrastructure in version two — though we’ll keep it light on deep technical details, as the more detailed tech talk is covered in a separate session.

This talk isn’t just a retrospective — it’s a guidebook for anyone who wants to run CTFs or cyber-related events. Whether you're part of a student group, an NGO, or just an individual who wants to make a difference in digital education, we wish to share our hard-learnt lessons to you.

Come for the memes, stay for the story, and leave with a roadmap built on a lot of trial, error, and stubborn belief that this stuff matters.
14:30 - 15:00 Two journeys, one goal: building cyber resilience with grant support, Mr. Valters Kaže (RISEBA, LV), Mr. Sandis Osmanis-Usmanis (Handwave, LV)

15:00 - 15:30 Coffee break  coffee
Moderator :: Mr. Artis Ozoliņš
15:30 - 15:55 Grandmaster Strategy: A Chess-Inspired Playbook for Cybersecurity, Dr. Kenneth Geers (ex-USG, US)
Chess demands mastery of both grand strategy and razor-sharp tactics. A great player maintains a delicate balance of offense and defense — simultaneously building an unbreakable wall and demolishing a distant fortress. Strategically, a champion owns the central squares, protects the King, and conducts a symphony of soldiers. Tactically, the vanquished is buried in a blizzard of forks, pins, and sacrifices. For both players, every move costs precious seconds on the clock. We can learn a lot from this ancient game. Grandmasters are not simply the best attacker or defender. They stare down their human opponents. They chart a path to victory.

This talk takes timeless chess philosophy and applies it to real-world cybersecurity challenges like adversary deception, incident response, and proactive defense. It offers a Grandmaster playbook based on the immortal games they played. Attendees will walk away with concrete strategies to anticipate attacks, control time and terrain, outmaneuver opponents, and secure lasting advantages.
15:55 - 16:20 EUVD and CRA SRP state of play, Mr. Edgars Tauriņš (ENISA, BE), Mr. Johannes Clos
Presenting an update and way forward of ENISA activities in vulnerability management (including EU Vulnerability Data Base) and development of Single Reporting Platform stemming from legislation requirements of NIS2 directive and Cyber Resilience Act.
16:20 - 16:45 TBC, Ms. Ieva Ilves
16:45 - 17:05 CTF Recap & Awards Ceremony
17:05 - 17:20 Stage for Conference Partners
17:20 - 17:30 Closing remarks, Ms. Baiba Kaškina (CERT.LV, LV)
17:30 - 17:45 Musical Treat

Organisers & Partners