The Cybersecurity Conference in CEE and SEE regions
3 days of unique cyber security community event, in-person and virtual experiences, designed to give you a mix of opportunities for learning, networking and collaboration
This year, for the first time, we are offering you hybrid experience!
Attendees each year
Create the digital transformation plan that counts on security transformation as your critical function.
We are all in it together. Hybrid workforce, level of employee and organizational preparedness, daily threat risks and cyber attacks.
- Is GDPR-Compliance Nightmare for you?
Join us at this must-attend hybrid event:
This hybrid event will point CxOs and cybersecurity experts to major shift, the move from on-prem to cloud, which bring A LOT of security opportunities we never had before.
Qubit Conference Prague 2021 - Program Guide
Day 0 - September 7
Investigating digital document malware like a pro (In-person training)
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for E-mails and attachments: A deadly duo that targets several organizations and is the main cause of cyber attacks today. Word, Excel, PDF and Images sneak in as attachments via e-mails that pose to be legitimate ones. Once they are opened, they end up dropping .exe or malicious files via macros, java scripts, macro 4.0 or steganography. More info…
Secure development lifecycle implementation (Virtual training)
When we try to implement Security spirit into the product development, security often perceived as something unclear and only in the light of “we don’t like that stuff, but we have to do it”. As a result, we often end up software teams with only minimal compliance, which is far away from the nature of today’s cybersecurity standoff. This course is intended to explain how to implement and continuously grow an enhanced Secure Development Mindset into all those involved in product release lifecycle. More info…
Day 1 - September 8
Event Moderator: Joseph Carson
Succeeding with Secure Access Service Edge (SASE)
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data. SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture?
How good is the fuel powering your SOC - The importance of Threat Intelligence in modern day Cybersecurity Operations
Automation and optimization are the top priorities of modern day Security Operations Center. Threat Hunters and SOC Operators are using tools like SIEM and SOAR that are supposed to streamline processes and increase the effectiveness of cyber defence. While this is true – this only works effectively when decisions are made on data of good quality.
Hence the rise of Threat Intelligence. During my keynote I will demonstrate how you can make qualified decision by having access to the biggest Threat Intelligence data provider in the world.
We will look at direct threats like leaked credentials, domain abuse, data up for sale on Dark Web. I will also show how you can speed up alert triage and dramatically enhance the speed of your investigations .We will also go into the Future where we will analyze what threats might be coming our way.
“Mind the Gap” or Common Incident Response Challenges
In today’s increasingly cyber world organizations are more exposed than ever to potential malicious attacks. With remote workforces increasingly becoming the norm rather than the exception, organizations can expect to encounter even graver threats than they have before. The preparation an organization pursues before an event is the greatest determiner of how big of an impact a malicious event will have. Simply put, how an organization prepares for these events can spell success or doom. We will discuss common mistakes we’ve seen in our recent engagements and cover decisions made to facilitate a more positive outcome for our clients. Because being proactive can significantly reduce the negative impact of a security event we will also discuss preparatory steps at-risk organizations can take ahead of time (and to be honest everyone connected to the internet is at risk) or more specifically, industry best-practices for preparedness, investigation, and response.
Do's and Don't's managing penetration testing with clients - Case study
Both Red teaming and penetration testing should be a must in every company’s security assessment. Since companies don’t do such an engagement very often and in many cases it might be their first time it is very important to manage expectation and set rules of engagements properly.
Personal data breach management and the Twitter case
GDPR has introduced data breach management including 72 hours deadline for the supervisory authority notification. I would like to describe the issues and the complexity of this obligation based on the Twitter case and highlight the most important takeaways from current enforcement activities.
DIY risk management
When you cannot fitting tool, you need to build one yourself. We have used this DYI approach after struggling to find suitable tool. We built our risk management on top of JIRA and utilizing native JIRA functionality of custom fields and workflows.
I Was Promised A Jetpack
How did we get here? The discussion will look at the promises that were made of a security future that we’re still in search of today. This is analogous to the personal jetpack that we were promised in the early days of science fiction.
Challenges of Space Security
Our everyday life is dependent on space technologies. Thousands of satellites are orbiting the Earth and providing us crucial data which influence even the functioning of our critical infrastructure. In the presentation the biggest challenges of space security will be introduced and explained.
What is going on in the network before ransomware occures?
Most organisations identify a ransomware at the time the data is encrypted and there is a ransom demand “on the table”. However, this is preceded by a large number of IoCs that can be effectively detected on the network in real time and thus prevent a real cyber incident.
Your New Hire Turned to be a Hacker
It’s like a James Bond movie but for real. A case study of an under-cover read teamer hired as a junior programmer. The target has decades of experience. Cybersecurity is not a new topic. How far can the attacker get? How will the IT department react? Bring some popcorn.
The resident evil inside your database
- It’s important to understand the context of the different actions in your database as it might reveal potential attacks.
- What the most critical security configurations are and how they can prevent a data breach.
- Understand the importance of security in depth
How to build Secure Development Lifecycle if you don't have a budget like Google's
Often, we hear a lot of information about how to build security development lifecycle at software companies and best practices from Google, Microsoft, Cisco, etc. However, there is a small nuance hidden here: not everyone has the same budget and the same opportunities. By the way, secure development in cases of DevOps, CI/CD practices is a necessary feature, even for small and medium company. During my statement I want to explore basic steps on the way of secure development, which are able to protect from 80% of threats. Besides, I’ll show some useful instruments, my own practical examples and achieved goals .• Why does SDL really matter for you? (interaction with audience – define a need)
- Basic key points: how to start?
- Real life case studies
- Resource planning – how not to dig too deep
- Check-list, references
Day 2 - September 9
The Postman Always Rings Twice: Threat actors, exfiltration innovations and their patterns
2020 has been a year of stealth, exfiltration and innovation in the digital world. With the threat landscape expanding and threat actors are targeting several sectors in this digital space, the need for research and the need for innovative proactive research is the need of the hour.
Which legacy is good legacy? Critical infrastructure and Cybersecurity Awareness
When it comes to critical infrastructure, how a 50-year-old technology compares to a 50 thousand-year-old human? I want to show you how it is possible (without any special effort) to destabilize countries Critical Infrastructure systems.
US Services and GDPR – Compliance Nightmare
The presentation will focus on personal transfers within EU and outside in the third countries. The emphasis will be put on nature of the legal conditions and the relevant judgments (Schrems II case) affecting tranfers to third parties, especially USA.
DNS – core service and attackers
Examples of real-life attacks, how and why attackers are using DNS protocol. What other threats we are facing in this area. It is not only reputation of domains. How attackers can exfiltrate or infiltrate data to networks and endpoints without detection on security stack.
Decoding Cyber - Supply Chain Risk Management through NIST
The challenge faced by most organizations is that supply chain risks are not well understood and most importantly not assessed before using them for critical functions. Have you assessed your suppliers? Is it time to integrate Cyber supply chain risk management into Enterprise Risk management?
In this session, we will introduce more clarity to these attacks imbued with skills of how to deal with detection and prevention. Most importantly, you will gain valuable skills of how to deal with ransom and ransomware cybercrime at every stage of the attack.
Implementing NIST Cybersecurity and Risk Frameworks
The US National Institute of Standards & Technology (NIST) provides de-facto standards for security, compliance and privacy. Session attendees will learn how to apply the NIST Cybersecurity and Risk Management Frameworks for increased security, compliance and standardization.
Explore the Universe of cyber security
Simply join our newsletter today and get the latest cyber security topics and events delivered to your inbox.
Health Security Protocol
Your health is our priority #1 so we care. We keep following all measures issued by Czech government. Download the pdf so you get first-hand information on latest updates regarding COVID restrictions.