1:30 pm

Registration

2:00 pm

Welcome & short introduction from Mark Beerends, SIGS Contributor & Cyber Strategy Partner at Prusec GmbH

2:00 pm

Todd James, Head of Cyber Defense Operations at Swisscom AG

"LLM In Your SOC - 1st Steps and No, it's not AI"
You have a SOC, management is forcing you to use AI, where do you start? Clarifying misconceptions and setting expectations about LLM.

2:30 pm

Olivier Spielmann, VP SOC at Senthorus

SOC: Artificial or Human?
As AI-driven security technologies accelerate, the question emerges: Can a Security Operations Center ever be fully artificial? This keynote explores the shift toward autonomous detection and response, and the limits where human expertise still defines effective cyber defense. 

Rather than arguing for one side, the session outlines how to design a new SOC that fully leverages automation while preserving the human judgment, creativity, and context understanding required to handle complex threats. The audience will gain concrete principles for building a next‑generation, hybrid SOC that aligns technology, processes, and people for maximum resilience. 

3:00 pm

Ivan Strydom, Regional Sales Engineer at CrowdStrike

Global Threat Report 2026: What was found, what it means and what can be done about it

3:10 pm

Timo Jobst, Sales Engineer at Corelight

Zeek, Suricata, and Beyond: Turning Network Traffic into Ground Truth

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1:
Timo Jobst, Sales Engineer at Corelight

The Missing Link: Bridging Endpoint and Network Evidence
An EDR alert tells you what happened on the host, but it often leaves you in the dark about how the threat moved through the wire. In this session, we’re moving beyond isolated logs to create a unified picture of an incident.

Breakout Session 2:
Maxim Samo, Head of IT Operations at AMINA Bank AG

Pwn or Protect? The Real Training Value of CTFs for SOC Teams
Capture-the-Flag (CTF) competitions are widely praised as hands-on, practical cybersecurity training—but do they actually translate into better performance in a real-world SOC?

This round-table brings together SOC professionals to cut through the hype and discuss where CTFs genuinely add value—and where they fall short. We’ll explore how skills learned in offensive, time-boxed challenge environments map (or fail to map) to day-to-day SOC realities like alert triage, incident response, detection engineering, and threat hunting.

Key discussion angles can include:

• Skill transfer: Which CTF skills actually help in a SOC, and which are mostly academic or ego-driven
• Blue vs. red bias: Are most CTFs too attacker-centric for defensive teams?
• Junior vs. senior value: Who benefits most—new analysts, seasoned responders, or specialists?
• Tooling vs. thinking: Do CTFs teach real analytical thinking or just tool-specific tricks?
• Time & ROI: Are CTFs a good use of scarce SOC training time compared to labs, simulations, or live-fire exercises?
• Culture & motivation: Do CTFs improve team engagement, curiosity, and retention—or just reward the loudest hackers?

Breakout Session 3 (short-term change):
Mark Beerends, Cyber Strategy Partner at Prusec

From Playbook to Pressure: Does Your Ransomware Response Actually Work?
Ransomware incidents rarely fail due to lack of tooling—they fail due to slow decisions, unclear ownership, and untested processes. In many organizations, escalation paths are ambiguous, pre-approved actions are missing, and crisis teams lose valuable time in discussions instead of executing.

We will discuss topics like :

• How to reduce decision latency in the SOC and crisis teams
• The role of pre-approved actions and controlled autonomy in the SOC
• Testing readiness and simulate pressure in exercises
• Communication under a ransomware attack: what works
• Bridging the gap between technical detection and executive decision-making
• Lessons learned from incidents and high-pressure exercises

The session is designed as an open discussion among practitioners, focused on real-world insights into what works, what doesn't and how to ensure readiness holds when it is truly tested.

Breakout Session 4:
Ivan Strydom, Regional Sales Engineer at CrowdStrike

Global Threat Report 2026: What was found, what it means and what can be done about it
The 2026 Global Threat Report reveals how AI-enabled adversaries are accelerating and elevating the threat landscape — increasing both scale and operational sophistication.

In this interactive session, we will explore what the latest findings signal for modern security operations. Rather than walking through slides, we will focus on what these developments mean in practice how they challenge established detection models, reshape response priorities, and demand greater cross-domain visibility.

This discussion will examine how today’s adversary behavior translates into tomorrow’s SOC realities — and what practical adjustments may be required.

Key discussion points will be:

• The evolving adversary landscape and the growing influence of AI
• Cross-domain attacks and the operational strain on SOC visibility and response
• Identity, cloud, and edge infrastructure as primary attack paths

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Mark Beerends
SIGS Contributor & Cyber
Strategy Partner at Prusec GmbH

Todd James
Head of Cyber Defense
Operations at Swisscom AG

Timo Jobst
Sales Engineer at Corelight

Olivier Spielmann
VP SOC at Senthorus