1:30 pm

Registration

2:00 pm

Welcome & short introduction from SIGS

2:00 pm

Todd James, Head of Cyber Defense Operations at Swisscom AG

"LLM In Your SOC - 1st Steps and No, it's not AI"
You have a SOC, management is forcing you to use AI, where do you start? Clarifying misconceptions and setting expectations about LLM.

2:30 pm

Olivier Spielmann, VP SOC at Senthorus

SOC: Artificial or Human?
As AI-driven security technologies accelerate, the question emerges: Can a Security Operations Center ever be fully artificial? This keynote explores the shift toward autonomous detection and response, and the limits where human expertise still defines effective cyber defense. 

Rather than arguing for one side, the session outlines how to design a new SOC that fully leverages automation while preserving the human judgment, creativity, and context understanding required to handle complex threats. The audience will gain concrete principles for building a next‑generation, hybrid SOC that aligns technology, processes, and people for maximum resilience. 

3:00 pm

Short presentation from CrowdStrike

3:10 pm

Short presentation from Timo Jobst, Sales Engineer at Corelight

Zeek, Suricata, and Beyond: Turning Network Traffic into Ground Truth

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1:
Maxim Samo, Head of IT Operations at AMINA Bank AG

Pwn or Protect? The Real Training Value of CTFs for SOC Teams
Capture-the-Flag (CTF) competitions are widely praised as hands-on, practical cybersecurity training—but do they actually translate into better performance in a real-world SOC?

This round-table brings together SOC professionals to cut through the hype and discuss where CTFs genuinely add value—and where they fall short. We’ll explore how skills learned in offensive, time-boxed challenge environments map (or fail to map) to day-to-day SOC realities like alert triage, incident response, detection engineering, and threat hunting.

Key discussion angles can include:

• Skill transfer: Which CTF skills actually help in a SOC, and which are mostly academic or ego-driven
• Blue vs. red bias: Are most CTFs too attacker-centric for defensive teams?
• Junior vs. senior value: Who benefits most—new analysts, seasoned responders, or specialists?
• Tooling vs. thinking: Do CTFs teach real analytical thinking or just tool-specific tricks?
• Time & ROI: Are CTFs a good use of scarce SOC training time compared to labs, simulations, or live-fire exercises?
• Culture & motivation: Do CTFs improve team engagement, curiosity, and retention—or just reward the loudest hackers?

Breakout Session 2:
Timo Jobst, Sales Engineer at Corelight

The Missing Link: Bridging Endpoint and Network Evidence
An EDR alert tells you what happened on the host, but it often leaves you in the dark about how the threat moved through the wire. In this session, we’re moving beyond isolated logs to create a unified picture of an incident.

Breakout Session 3:
Andreas Bischoff, Head of Cyber Threat Intelligence Engineering at UBS AG

As our digital landscape evolves, so do the threats we face every day. We are excited to invite you to a collaborative "Ask & Share" session moderated by Andreas Bischoff.

With over 30 years in IT and 13 years in the SOC field, Andreas has seen many cycles of innovation. As he approaches his retirement, he invites you to a session beyond the slides. This is a moderated round table where your questions meet the collective experience of the room. Andreas will facilitate the dialogue, share his own "lessons learned" from the front lines of banking security, and steer the discussion toward the topics that really matter.

Together, we will explore:

• The AI Double-Edged Sword: How are attackers using Generative AI to scale, and where does AI truly help us in the SOC (and where does it just add noise)?
• The Reality Check: What are the most likely cyber threats facing us right now versus what the media tells us?
• CTI in Action: Practical ways to integrate Threat Intelligence into a modern Security Operation Center.
• The Human Factor & Legacy: In an age of automation, how do we keep the human analyst at the center and pass on decades of security intuition to the next generation?

Bring your questions, your skepticism, and your success stories. Let’s use this hour to navigate the future of SOC operations together, guided by a moderator who has been part of the SIGS journey since day one.

Breakout Session 4:
CrowdStrike
(details will follow)

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Andreas Bischoff
Head of Cyber Threat Intelligence Engineering at UBS AG

Todd James
Head of Cyber Defense
Operations at Swisscom AG

Timo Jobst
Sales Engineer at Corelight

Olivier Spielmann
VP SOC at Senthorus