Threat Attribution | |
Moderator :: Mr. Artis Ozoliņš | |
11:00 - 11:30 |
[TLP: AMBER] TBC, (National Cyber Security Centre, UK)
TBC
|
11:30 - 12:00 | TBC |
12:00 - 12:30 |
[TLP: AMBER] Practical Attribution,
Mr. James Fotheringham (Palo Alto Networks, UK)
An overview of some practical examples of several attributes of actor attribution.
|


Agenda
29 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration and morning coffee
|
09:00 - 10:30 | OPENING PLENARY |
Moderator :: Mr. Artis Ozoliņš | |
09:00 - 09:15 | Keynote, Mr. Andris Sprūds, Minister of Defence (MoD, LV) |
09:15 - 09:25 | Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV) |
09:25 - 09:55 | From SOC to cyber threat landscape in Latvia, Mr. Varis Teivāns (CERT.LV, LV) |
09:55 - 10:25 |
Ukranian blueprint of building effective cyber capabilities,
Dr. Yegor Aushev
(Cyber Unit Technologies, UA)
The world is in a state of cyberwar: attacks on critical infrastructure have turned cybersecurity into a survival strategy. How does business change strategies in the new reality of threats, geopolitics, and digital fronts? The focus is on APT attacks, operational resilience, relocation, international alliances, Ukrainian cases, growing demand for MSSPs, compliance challenges, and new opportunities in the global market.
|
10:25 - 10:30 | Moderator’s Remarks |
10:30 - 11:00 |
Coffee break
|
Operational Technologies | |
Moderator :: Dr. Bernhards `BB` Blumbergs | |
11:00 - 11:45 | TBC |
11:45 - 12:30 |
OT security,
TBC (HackFest, CA)
TBC
|
Crisis and risk management | |
Moderator :: Ms. Dana Ludviga | |
11:00 - 11:30 |
Crisis-Proofing Communication: What the 2025 Cyber Survey
Tells Us About Business Readiness,
Ms. Julia Petryk (Calibrated, UA)
In an era where cyber threats evolve faster than most organizations can adapt, effective communication has
become a critical component of cybersecurity strategy. Julia Petryk shares key findings from the 2025 Cyber
Survey, conducted by Calibrated, which benchmarks how businesses across sectors are preparing, or failing to
prepare, for cyber incidents.
Crisis incidents are not just operational disruptions, they are direct threats to brand reputation, with
long-term impacts on customer trust, investor confidence, and market position.
Drawing on her experience leading cybersecurity communications and mobilizing PR professionals in high-stakes
situations, Julia highlights practical steps for bridging these gaps. She examines how cross-functional planning,
message testing, and simulation exercises can make the difference between a controlled response and a
public relations disaster.
The talk also considers the human factor—how trust, empathy, and clear language influence public and partner
confidence during a breach. Attendees will leave with actionable insights, a clearer understanding of their
organization’s readiness level, and a roadmap for making communications as resilient as their technical defenses.
Whether you’re in PR, cybersecurity, or executive leadership, this session equips you with the knowledge to
navigate cyber crises with credibility and composure, because in 2025, readiness isn’t just about technology,
it’s about trust.
|
11:30 - 12:00 |
The Story of Weak Signals,
Mr. Ivan Milenkovic (Qualys, UK)
This is the story of a significant cyber breach within a large corporate environment. Our
network, much like a vast ocean we thought we commanded, was harbouring a ghost fleet of
undocumented and vulnerable systems operating undetected in the deep. We will explore how a
single, faint sonar ping, an unusual external DNS query spotted by a curious engineer, was the
only clue that something was wrong. Following this weak signal led to the discovery of systemic
failures: a profound lack of visibility, internal politics that siloed critical intelligence,
and dangerously poor patching practices that left our defences riddled with holes. The session
will demonstrate why we can't defend what we can't see and make the case for becoming active
sonar operators, nurturing a culture where every team member is empowered to investigate the
anomalies that can expose our greatest risks.
|
12:00 - 12:30 |
Print, Encrypt, Recover: A Ransomware Crisis Story,
Mr. Pauls Bračs (HcSecurity, LV)
This presentation examines the crisis and risk management challenges faced by a printing company during a serious ransomware attack, focusing on leadership decision-making under pressure and stakeholder coordination during operational shutdown. We'll explore how management navigated critical decisions including ransom negotiations, law enforcement engagement, and business continuity activation, while simultaneously managing communication with employees, customers, suppliers, and regulatory authorities. The presentation will include lessons-learned from the whole cyber incident response lifecycle.
|
12:30 - 13:30 |
Lunch
|
NATO Future Resilience Panel | |
Moderator :: Ms. Ieva Ilves | |
13:30 - 14:00 | Keynote, TBC |
14:00 - 15:00 |
Cyber Resilience in an Uncertain World: Confronting the Threats of the Next Decade
Moderator: Ms. Ieva Ilves Panelists: BGen D. Scott MacGregor (CAFCYBERCOM, CA), TBC
As the pace of digital transformation accelerates, the spectrum of cyber threats is expanding in scale, complexity,
and unpredictability. Cyber resilience has therefore become a central concern for national security and international stability.
This panel will examine how different perspectives can inform approaches to future challenges, highlighting the role of diverse threat actors,
the implications of rapidly evolving technologies, and the broader political and strategic dilemmas of building resilience in an increasingly
fragmented world. Looking ahead to the coming decade, the discussion will focus on how governments and alliances can anticipate and adapt
to these emerging dynamics.
|
Threat Attribution | |
Moderator :: Dr. Bernhards `BB` Blumbergs | |
13:30 - 14:15 |
TBC,
Mr. Rik Dolfing (Mandiant, NL)
TBC
|
14:15 - 15:00 |
Threat informed defence of critical infrastructure of Ukraine,
Major Oleksii Hlushkov (SCPC SSSCIP, UA)
Ukraine has become one of the most targeted nations in the cyber domain, with advanced persistent threat (APT) groups persistently testing
the resilience of its critical infrastructure.
This talk will highlight the Top 3 cyber groups actively attacking Ukraine, outlining their TTPs. By examining these real-world adversaries,
we gain valuable insights into their evolving toolsets and operational goals.
The talk will connect the practices like Threat-Informed Defence and External Attack Surface Management, showing how intelligence on active adversaries
directly shapes security prioritization.
|
Evolving Threats and the Future of Trust | |
Moderator :: Ms. Dana Ludviga | |
13:30 - 14:15 | [TLP: AMBER] Russian and Islamic hacktivist group partnership, Mr. Simon Berner (RIA, EE) |
14:15 - 14:30 | TBC |
14:30 - 15:00 |
The Trust Crisis,
Mr. Tony Fergusson (Zscaler, DK)
In a world reshaped by AI, trust has become an active attack surface under constant pressure. Deepfakes, synthetic identities,
and adversaries exploiting trusted platforms have exposed the limits of traditional defenses. Living Off Trusted Sites (LOTS)
attacks occur when services like Microsoft 365, AWS, and Google are weaponized. These threats demonstrate that identity-based
Zero Trust and reputation-based security alone are no longer sufficient to handle emerging challenges.
Hackitvim knows trust is not static; it is contested ground. To counter today’s challenges, Zero Trust must evolve into an adaptive,
adversary-aware model that reassesses users, devices, content, and data in real time. Phishing-resistant authentication,
behavioral access controls, and creative deception strategies are essential for staying ahead. Predictive analytics and contextual
security measures enhance precision in defense strategies.
As adversaries leverage AI to outmaneuver defenses, defenders must innovate. Continuous Threat Exposure Management (CTEM) reinforces trust,
while strategies like 'negative trust' mislead attackers into exposing themselves. Security must evolve into a proactive,
tactical approach that empowers defenders to dictate the terms, leveraging systems that validate every interaction and redefine resilience
as the cornerstone of a trusted digital future.
|
15:00 - 15:30 |
Coffee break
|
Operational Technologies | |
Moderator :: Mr. Artis Ozoliņš | |
15:30 - 16:00 |
Executing Maritime Cyber Operations,
Cmdr. Michael Widmann (NATO, US)
Description of how NATO executes Maritime Cyber Operations to include real world examples.
|
16:00 - 16:30 |
[TLP: AMBER] From comfort to conflict: cybersecurity of Ukrainian mission-critical systems,
Ms. Anastasiia Voitova (Cossack Labs, UA)
Historically, critical national infrastructure was built around availability and the illusion of air-gapped security.
That world is gone. The era of isolated, "perfectly secure" systems has ended; everything is now interconnected,
interdependent, and vulnerable. We will explore selected Ukrainian CNI and mission-critical systems, and the
security measures they had to implement to mitigate russian threats. Details to follow.
|
16:30 - 17:00 |
Trust the Hardware, Not the Firmware: Reasserting Control in a Compromised Supply Chain,
Mr. Patrick Miller (AMPYX CYBER, US)
In a world where hardware may be sourced from strategic competitors, our greatest vulnerability lies not in the hardware itself,
but in the code it runs. Firmware, bootloaders, UEFI environments, and other low-level code-based layers embedded in critical infrastructure
are increasingly opaque, remotely updatable, and ripe for exploitation. These “soft roots of trust” have become the stealthy battleground of
cyber pre-positioning for nation-state threat actors.
This session explores actionable pathways to reclaim sovereignty over compromised or untrusted devices without resorting to wholesale
rip-and-replace strategies. Drawing on firsthand experience advising U.S. federal agencies, energy regulators, and operators,
Patrick Miller will outline efforts to develop open-source, re-flashable firmware for critical devices; secure bootloader architectures;
and forensic validation methods for embedded systems. He will also examine the growing policy convergence between cybersecurity and industrial sovereignty.
Attendees will leave with an understanding of the risks posed by embedded firmware in imported operational technologies, as well as conceptual
mitigation models from Open Source Firmware Programs to device-level reassertion of trust through transparent, verifiable code.
|
Cyber Threat Intelligence | |
Moderator :: Dr. Bernhards `BB` Blumbergs | |
15:30 - 16:15 |
Cyber Deception to Track Adversaries,
Mr. John Strand (Black Hills Information Security, US)
Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance
and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong.
We believe the answer is somewhere in between.
|
16:15 - 17:00 |
[TLP: AMBER] Advanced Persistent Threat (APT) Tracking: How to Find Nation States by the Mistakes They Make,
Mr. Martijn Grooten (SilentPush, GR)
Cybercrime, destruction, and other malicious activity often benefits from scaling up attack infrastructure. The ability to rapidly setup
and scale nearly identical phishing sites being one such case, where once initial access is obtained it often leads to much worse results.
This same scale however, can be used against the threats behind them by creating patterns to detect it as it grows and evolves.
In contrast, APT groups rarely need to scale their destructive infrastructure. They can afford, and often do, segment out their
infrastructure into disparate parts for obfuscation. So that only the pieces they wish to reach the public (and thus, be identified to them)
are traceable. In practice however, even these sophisticated actors also make mistakes that defenders can capitalize on.
In this TLP: Amber presentation, we will show you how Silent Push tracks APT groups with such tenacity and will focus our presentation
here on groups from/linked to Russia, such as: Gamaredon, APT28, and Turla.
|
Financial Fraud | |
Moderator :: Ms. Dana Ludviga | |
15:30 - 16:00 | TBC |
16:00 - 16:30 |
Social Engineering, AI, and Ransomware,
Mr. Allan Liska (Recorded Future, UK)
In 2025 there has been an alarming increase in the number of social engineering attacks leading to ransomware attacks.
In particular, these attacks are targeting outsourced helpdesks, and many of these attacks rely heavily on AI Large Language Models.
For many years, social engineering attacks were largely the realm of western-based ransomware groups, like Scattered Spider or LAPSUS.
But, the voice capabilities combined with language fluency of many LLMs has evened the playing field. Any group can now carry out these attacks,
using the blueprint laid out by western based threat actors and ransomware groups are finding incredible success.
This talk will look at how these attacks work, why outsourced help desks are particularly susceptible to these attacks and what organizations can do
to protect themselves.
|
16:30 - 17:00 |
Tracking the network infrastructure behind pig-butchering and crypto investment scams,
Mr.
Swapneel Patnekar (Shreshta IT Technologies Pvt. Ltd., IN)
This presentation delves into the investigative learnings from tracking and analyzing the network infrastructure supporting industrial-scale pig-butchering (romance baiting), investment, and cryptocurrency scams. We explore the ecosystem enabling these scams, from fraud website templates and malicious Javascript libraries to the tactics, techniques, and procedures (TTPs) leveraged by the threat actors.
Special attention is given to the role of domain registrars and network operators, including how API integrations and cryptocurrency payments are exploited to enable the rapid and large-scale deployment of scam domains.
Through this research, we highlight patterns of abuse, infrastructure overlaps, and the operational indicators that can help defenders detect and disrupt these fraud campaigns more effectively.
|
17:00 - 20:30 | Social event |
30 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration and morning cofee
|
09:00 - 10:30 | OPENING PLENARY |
Moderator :: Mr. Artis Ozoliņš | |
09:00 - 09:10 | Keynote, Mr. Rolands Heniņš (NCSC, LV) |
09:10 - 09:35 | Mitigating the risk of an insider threat, Mr. Gerry Donaldson (CCR3 Group, UK) |
09:35 - 10:00 | TBC |
10:00 - 10:25 | On offensive fraud prevention, Mr. Patrick Rousseau Mathieu (HackFest, CA) |
10:25 - 10:30 | Notes from the moderator |
10:30 - 11:00 |
Coffee break
|
European Union Panel | |
Moderator :: Mr. Artis Ozoliņš | |
11:00 - 12:00 |
EU Cyber Defence as a Collective Responsibility From Strategy to Action
Moderator: H.E. Mr. Jānis Kārkliņš (Ministry of Foreign Affairs, LV) Panelists: TBC
The EU and its Member States are stepping up cooperation and investments in cyber defence policy,
including by improving management of cyber crisis, enhancing intelligence cooperation on cyber threats,
strengthening the cooperation and coordination between military and civilian cyber communities,
also by increasing cooperation with partners like NATO.
Panel experts will offer insights into the most pressing tasks for strengthening cyber defence and
the challenges of translating policy into coordinated and concrete actions and effective use
of instruments and procedures already in place.
|
12:00 - 12:30 |
Building Trust in Digital Age: Certification, Conformity Assessment, and Aaccreditation,
Ms. Gundega
Jaunbērziņa-Beitika (LATAK, LV)
The presentation “Building Trust in Digital Age: Certification, Conformity Assessment, and Accreditation” will explore
how trust is established and maintained in an increasingly digital and interconnected world. Participants will gain insights into the role
of certification, conformity assessment, and accreditation in ensuring cybersecurity, reliability, and confidence in digital solutions.
|
Vulnerability Disclosure | |
Moderator :: Dr. Bernhards `BB` Blumbergs | |
11:00 - 11:45 |
Bootstrapping vulnerability research in network gateways and routers,
Dr. Stanislav Dashevskyi (Forescout, NL), Mr. Daniel Dossantos (Forescout, NL)
The operating systems of many proprietary consumer- and enterprise-grade network
devices do not allow for easy customization. For example, one cannot simply use
SSH to login as a 'root' to modify the software, as this functionality is often
unavailable. In this way, device vendors prevent inexperienced users from
'bricking' their devices, and, at the same, time attempt to prevent adversaries
from studying the internals and discovering vulnerabilities.
This practice also complicates the lives of vulnerability researchers: it is a
'chicken-and-egg' problem, where, in order to do proper vulnerability research,
one must already find a completely new vulnerability that allows for a 'root'
access. However, my experience of several years in doing this shows that this
may be not that difficult, when using the right techniques.
In this talk, I will discuss my experience in 'rooting' network gateways,
routers, and other network equipment, and will demonstrate some of the
approaches we use in our team to bootstrap vulnerability research and find
critical bugs in these devices. I will use technical bits and pieces from
several vulnerability research cycles my team and I performed against vendors
such as DrayTek, Sierra Wireless, and [REDACTED]. This talk will be interesting
for cybersecurity professionals who are getting started in reverse engineering
and vulnerability discovery, as well as for seasoned vulnerability researchers who are
looking for some inspiration.
|
11:45 - 12:30 |
From Vulnerability Report to Disclosure: Navigating Vulnerability Management in an Open-Core Company,
Ms. Eva Sarafianou (Mattermost, GR)
Vulnerability management is a critical component of a security program, especially in open-core
environments. This talk explores the end-to-end process, from intake via Bug Bounties or Disclosure P
rograms, through triage, root cause analysis, fixes, testing, and disclosure, while addressing the
unique transparency challenges of open-core environments.
Using a real-world example, we’ll walk through each step of the process, highlighting the role of
automation, AI, and metrics. We’ll also cover tailored practices for critical vulnerabilities and
strategies to ensure scalability, security, and community trust.
|
Supply Chain Integrity | |
Moderator :: Ms. Dana Ludviga | |
11:00 - 11:30 |
Vendors weighted and some found wanting - lessons learned from checking 3000 vendors for 200 companies,
Mr. Jani Kenttälä (Badrap, FI)
We trust our vendors a lot, and on paper, they all claim to take cybersecurity seriously. But the real world tells a different story.
How different? I learned it when facilitating a campaign to improve the resilience of Finnish society for
the National Cyber Security Center Finland. In the campaign we helped Finnish companies to secure their
supply chain in practice. First we helped the participants to identify their supply chain.
Then we checked the identified vendors for potential security lapses, reported the issues and offered help in fixing them.
Finally our job was to rate the vendors based on their response. I am glad to be able to share anecdotes
and statistics about this endeavor, and what has happened since. I will tell you how vendors perform when
they learn they have vulnerabilities. I’ll list what are the vendor stereotypes, whether they are awesome,
mediocre, or poor performers. I’ll give examples from their heroic efforts to tackle the vulnerabilities
to bizarre justifications on why they can be ignored. Finally, I'll give you practical, do-it-yourself
tips on how you can be the best vendor for your customers, or how to push your own supply chain to step
up and protect you instead of making you more vulnerable.
|
11:30 - 12:00 |
Pandora's Box: What We Found When We Opened
Misconfigured Cloud Buckets,
Mr.
Soufian El Yadmani (Modat, NL)
Cloud storage misconfigurations expose sensitive credentials at an alarming rate.
Through systematic scanning of publicly accessible cloud buckets across AWS S3, Google Cloud Storage,
and Azure Blob Storage, we discovered 215 instances of leaked secrets including API keys, database credentials,
and infrastructure tokens. These exposures grant unauthorised access to critical cloud and third party services
and pose significant security risks to organisations worldwide.
Our responsible disclosure process successfully remediated 95 vulnerabilities, with 20 organisations directly
confirming their fixes. This study reveals the widespread nature of cloud storage security gaps and demonstrates
how proactive security research can drive meaningful improvements in cloud security practices.
The findings underscore the urgent need for better configuration management and automated detection in cloud environments.
|
12:00 - 12:30 |
Cyberattack? Practical SOC Readiness for Crisis Management,
Mr.
Mariusz Stawowski (CLICO Group, PL)
Is your organization prepared for a cyberattack? Do you know what to do in the event of a ransomware incident or another critical security breach? With increasing regulatory requirements such as NIS2 and DORA, it's essential not only to have the right tools, but above all, to know how to use them effectively and to be prepared for crisis situations.
We should be aware that ransomware and other cyber crises have a negative psychological impact on people, causing fear, stress, paralysis, and other harmful effects. The session focuses on the importance of staying calm during a cyber crisis and following a clear step-by-step plan that was thoroughly practiced in realistic cyberattack exercises.
This session will present the results of the Cyber Soldier project. The project was launched for organizations that — responding to the first version of the NIS directive — were building Security Operations Centers (SOCs) and faced the challenge of quickly preparing staff to correctly detect and respond to incidents. The main requirement was to practically train SOC teams in the use of their existing detection and incident analysis tools, particularly EDR/XDR platforms and solutions for digital forensics and threat hunting.
Currently, the Cyber Soldier project is being developed to meet the requirements of the DORA regulation for the financial sector, which mandates the execution of Red Team tests in production environments, based on actionable cyber threat intelligence.
|
12:30 - 13:30 |
Lunch
|
Crisis and risk management | |
Moderator :: Mr. Artis Ozoliņš | |
13:30 - 14:00 |
Resilience in Times of Uncertainty: Rethinking Risk Management,
Mr. Dmitrijs Ņikitins (Tet, LV)
The Covid-19 pandemic and the war in Ukraine have reshaped the way organizations must view risks, showing how rapidly
and unpredictably the landscape can shift. For Tet, as both a holder of national critical infrastructure and a key service provider
for major clients in Latvia and Ukraine, resilience and adaptability are not just strategic goals, they are daily necessities.
In this session, Tet’s CTO will share how global disruptions have transformed risk perception and crisis preparedness.
Rather than focusing on specific incidents, the talk will outline broader lessons: the acceleration of digital dependency,
the convergence of physical and cyber threats, and the growing importance of collaboration across sectors and borders.
The audience will gain insights into how leaders can strengthen preparedness and rethink risk management as a dynamic and evolving capability.
|
14:00 - 14:30 |
The Three Laws of a Wiser DNSaster Prevention,
Ms. Katrīna Sataki (NIC.LV, LV)
In cybersecurity, the biggest disasters often begin with the smallest oversights — like a forgotten domain
renewal, a misconfigured DNS record, or poorly managed DNS servers. This presentation introduces three
pragmatic laws for improving risk assessment practices, drawing on real-world DNS incidents and the timeless
logic of human folly. While NIS2 demands a more structured approach to identifying, assessing, and mitigating
cyber risks, it's easy to get lost in complexity and miss what truly matters. Not all threats come from
hackers — and that's where Cipolla’s “The Basic Laws of Human Stupidity” offer a valuable lens. They help
us uncover hidden dependencies, account for irrational behavior, and rethink the way we approach external
service risks.
|
14:30 - 15:00 |
Strategizing Done… How to Prepare in Practice for Unknown Unknowns,
Mr. Jānis Vanags (CIREN - Civilian Resilience Nordic, LV)
- Risk-aware business culture: practical and experience-based tips of overcoming existential crises and thriving after misery
(first-hand insights from aviation, retail, healht-care and military).
- Risks, threats and vulnerabilities are different, mitigation and response is similar (Resilience Architecture) -> hands on advice.
- Synergy is the answer for unknown unknowns – a region-wide organisation of resilience, example of communities in the Nordics.
|
Cyber Trainings | |
Moderator :: Dr. Bernhards `BB` Blumbergs | |
13:30 - 14:15 |
Null to Cyber Range: Toward Efficient Solutions for Cyber Exercises,
Dr. Youngjae Maeng (National Security Research Institute, KR)
TBC
|
14:15 - 15:00 |
So you want to host a CTF?,
Mr. Pēteris Hermanis Osipovs (Mārtiņa CTF, LV)
I will be sharing the reason of why we decided to create our own custom built infra for Mārtiņa CTF and what were the requirements
and major choices that we had to make to get to where we are now. While I will be mentioning two fairly well known technologies (CTFd and naumachia),
the talk will be focused on our own custom solution running on k3s.
|
From Failure to Success | |
Moderator :: Ms. Dana Ludviga | |
13:30 - 14:00 |
[TLP: AMBER] The Cyber Defence Unit Initiative: Identifying Data Breaches Affecting
the Public and Private Sector — A Use Case in Kosovo,
Mr. Erblind Morina (Sense Cyber Research Center, XK)
This presentation discusses research on how smaller nations can adopt volunteer-driven cyber defence
initiatives to strengthen their national cybersecurity posture. Using the Cyber Defence Unit initiative
from Kosovo as a case study, it highlights the engagement of the local IT community in identifying and
monitoring leaked data affecting both the public and private sectors. The development of a custom
platform—built with open-source technologies to detect and analyse data breaches—will be presented.
The session will demonstrate how national cybersecurity efforts can be reinforced through increased
community involvement and the strengthening of public-private partnerships, enabling more effective
breach detection, information sharing, and coordinated response.
|
14:00 - 14:30 |
MCTF misshaps,
Ms. Katrīna Bukava (Association "Datoriķi", LV)
How do you get more people into IT and cybersecurity—and make it approachable? How do you get someone to care about digital hygiene,
online safety, and technical know-how without boring them to death? We think: Capture the Flag events. But running one?
That's a whole different beast.
This is the story of Mārtiņa–CTF, a grassroots, student-led team-based CTF born in Latvia. We'll take you through how it started:
from a scrappy idea into a full-blown competition, engaging around 200 participants. We'll share the whole journey — the wins,
the fails, and the lessons learned.
We’ll cover our first attempt and the technical implementation behind it, followed by how we reworked the infrastructure in version two — though
we’ll keep it light on deep technical details, as the more detailed tech talk is covered in a separate session.
This talk isn’t just a retrospective — it’s a guidebook for anyone who wants to run CTFs or cyber-related events.
Whether you're part of a student group, an NGO, or just an individual who wants to make a difference in digital education,
we wish to share our hard-learnt lessons to you.
Come for the memes, stay for the story, and leave with a roadmap built on a lot of trial, error, and stubborn belief that this stuff matters.
|
14:30 - 15:00 | Two journeys, one goal: building cyber resilience with grant support, Mr. Valters Kaže (RISEBA, LV), Mr. Sandis Osmanis-Usmanis (Handwave, LV) |
15:00 - 15:30 |
Coffee break
|
Moderator :: Mr. Artis Ozoliņš | |
15:30 - 15:55 |
Grandmaster Strategy: A Chess-Inspired Playbook for Cybersecurity,
Dr. Kenneth Geers (ex-USG, US)
Chess demands mastery of both grand strategy and razor-sharp tactics. A great player maintains a delicate balance
of offense and defense — simultaneously building an unbreakable wall and demolishing a distant fortress.
Strategically, a champion owns the central squares, protects the King, and conducts a symphony of soldiers.
Tactically, the vanquished is buried in a blizzard of forks, pins, and sacrifices. For both players, every move costs precious seconds
on the clock. We can learn a lot from this ancient game. Grandmasters are not simply the best attacker or defender.
They stare down their human opponents. They chart a path to victory.
This talk takes timeless chess philosophy and applies it to real-world cybersecurity challenges like adversary deception, incident response, and proactive defense.
It offers a Grandmaster playbook based on the immortal games they played. Attendees will walk away with concrete strategies to anticipate attacks,
control time and terrain, outmaneuver opponents, and secure lasting advantages.
|
15:55 - 16:20 |
EUVD and CRA SRP state of play,
Mr. Edgars Tauriņš (ENISA, BE),
Mr. Johannes Clos
Presenting an update and way forward of ENISA activities in vulnerability management
(including EU Vulnerability Data Base) and development of Single Reporting Platform stemming
from legislation requirements of NIS2 directive and Cyber Resilience Act.
|
16:20 - 16:45 | TBC, Ms. Ieva Ilves |
16:45 - 17:05 | CTF Recap & Awards Ceremony |
17:05 - 17:20 | Stage for Conference Partners |
17:20 - 17:30 | Closing remarks, Ms. Baiba Kaškina (CERT.LV, LV) |
17:30 - 17:45 | Musical Treat |