1:30 pm

Registration

2:00 pm

Welcome & short introduction from Maria Zidkova, Board Member at CSA Swiss Chapter and IT Security Officer at City of Zurich

2:00 pm

Presentation from Maxim Deweerdt, Cyber Defense Expert at NVISO Security and Principal Instructor at SANS

Chasing Ghosts: Detecting Token Abuse in the Microsoft Cloud:
Attackers no longer need passwords to break in: tokens are the new prize. This session will expose how refresh tokens, access tokens, and Primary Refresh Tokens (PRTs) are stolen and abused in Microsoft Entra ID. Drawing on real-world cases, will show why detection feels like chasing ghosts and how to fight back.

2:30 pm

Short presentation from Wiz

2:40 pm

Short presentation from Gary Adams, Sales Engineering Leader at Rubrik

Are you ready for Cyber Recovery? Cyber Resilience is Business Resilience!

2:50 pm

Doron Zimmermann, Senior Manager Enterprise Cyber & Information Security at Pragmatica & Michael Rieder, Head IT Cloud Computing at e3 AG

Third Country Intercept Risk in the Cloud
The CLOUD Act is not your worst challenge – the Foreign Intelligence Surveillance Act and Executive Order 12333 are!

When discussing cloud risk, many organisations focus on the U.S. CLOUD Act. Yet the more far-reaching intelligence authorities are FISA Section 702 and Executive Order 12333, which allow foreign intelligence collection and may require cooperation from communication service providers. For organisations in Switzerland and Europe relying on hyperscale cloud services, this raises important questions about mass surveillance via the cloud vector, jurisdiction, data access and sovereignty.

This keynote outlines the foreign intelligence collection authority and process behind third-country interception risk and places them in the context of current European/Swiss regulatory developments.

Beyond the security risk perspective, the session also touches on how organisations can think about managing this exposure from an information security and architecture standpoint, and why the real challenge is not only compliance but security risk management and how cloud environments are designed.

The key message: a sober understanding third-country interception risk is the first step toward managing it.

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1: Maxim Deweerdt, Cyber Defense Expert at NVISO Security and Principal Instructor at SANS

Attackers Love the Cloud. Do You?
Cloud adoption has accelerated innovation, but it has also expanded the attack surface at an unprecedented pace. From misconfigurations and identity sprawl to supply chain and runtime threats, cloud environments are now prime targets.

This interactive discussion brings together security leaders and practitioners to share real-world lessons, practical strategies, and forward-looking approaches to cloud risk. We will talk about misconfigurations, privilege escalation, least privilege approach, monitoring strategies, ad brainstorm ideas for leveraging AI for cloud security.

Breakout Session 2: Lars Ruddigkeit, CSA Swiss Chapter Co-Lead

The AI "Expense in Depth" Trap
The Premise:
We’ve traded "Defense in Depth" for "Expense in Depth." By reactively layering specialized cloud tools (CASB, DSPM, CWPP) to chase Shadow AI, we’ve created a "security tax" that yields diminishing returns. We are funding the world’s most expensive bricks while the governance mortar—the policy that should hold them together—is non-existent.

The "Lilli" Case Study (March 2026):
The McKinsey "Lilli" breach is our industry's wake-up call on systemic fragility. In just 120 minutes, an autonomous agent exploited a SQL injection in publicly exposed API documentation, seizing 46 million messages and 700k+ client files. This wasn't a failure of "AI Firewalls"—it was a failure to secure the cloud-native interfaces we prioritized for speed over safety.

The Challenge for the Table:
We are measuring "AI tools deployed" while our core mission—protecting the crown jewels—is being hollowed out by unmonitored cloud endpoints.

• The Identity Crisis: How do we redefine a "Protect Surface" when agentic AI creates its own permissions and pathways in real-time?
• The ROI of Failure: Are we caught in a cycle of buying tools to monitor breaches that our own lack of policy has made inevitable?

Breakout Session 3: Wiz

Breakout Session 4: Gary Adams, Sales Engineering Leader at Rubrik

Resilience for everything: How to ensure business continuity across Cloud, AI and Identity

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Gary Adams
Sales Engineering Leader at Rubrik