1:30 pm

Registration

2:00 pm

Welcome & short introduction from SIGS

2:00 pm

Erik Van Buggenhout, Co-Founder & Partner at NVISO and Senior Instructor & Course Author at SANS

The Always-On Purple Team: Going Full Spectrum with AI-Powered Red Ops:
Building on three years of top-rated RSAC sessions, this session will take the Always-On Purple Team to its boldest step yet: Include AI-powered red team agents performing OSINT, EASM, and payload delivery to gain initial access before handing off to a continuous purple teaming pipeline. Expect (b/d)ad jokes, live demos, lessons learned, and proven practices.

2:30 pm

Nils Maeckelberghe, Co-Founder & Managing Director of Crimson7

A journey which will allow you to detect and remediate the most sophisticated attacks
Financial institutions operate in one of the most targeted and regulated threat environments worldwide. Security teams are drowning in alerts, overwhelmed by tooling, and stuck in reactive cycles fixing the past and rarely being able to focus on what is ahead. Meanwhile, attacks iterate faster than ever. Intelligence gets shared amongst attackers, tradecraft gets automated, and techniques are continuously refined.

What if defenders operated in the same way?

In this talk, we explore how financial institutions can combine Cyber Threat Intelligence (CTI), Continuous Purple Teaming, Detection & Response-as-code (DRaC), and Threat Hunting to build a continuously validated detection capability; one that turns shared intelligence into tested controls and measurable defensive coverage, allowing you to move at the Speed of Threat.

3:00 pm

Short presentation from a sponsor

3:10 pm

Short presentation from a sponsor

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1: Mark Beerends, Cyber Strategy Partner at Prusec

From Playbook to Pressure: Does Your Ransomware Response Actually Work?
Ransomware incidents rarely fail due to lack of tooling—they fail due to slow decisions, unclear ownership, and untested processes. In many organizations, escalation paths are ambiguous, pre-approved actions are missing, and crisis teams lose valuable time in discussions instead of executing.

We will discuss topics like :

• How to reduce decision latency in the SOC and crisis teams
• The role of pre-approved actions and controlled autonomy in the SOC
• Testing readiness and simulate pressure in exercises
• Communication under a ransomware attack: what works
• Bridging the gap between technical detection and executive decision-making
• Lessons learned from incidents and high-pressure exercises

The session is designed as an open discussion among practitioners, focused on real-world insights into what works, what doesn't and how to ensure readiness holds when it is truly tested.

Breakout Session 2:
xxx

Breakout Session 3:
xxx

Breakout Session 4:
xxx

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Balàzs Greksza
Director Advanced Threat Operations at Ontinue

Nick Maeckelberghe
Co-Founder and Managing Director at Crimson7