Agenda

Andrei Mungiu

---

About the Presentation:

System Partitioning into Zones, To Do or.Not to Do? Realistic Trade-Offs in Segregating Systems in: System partitioning using zones and conduits is a foundational requirement in known
cybersecurity standards such as IEC 62443-based risk assessments. But while it enables
more precise Security Level Target (SL-T) assignments and better alignment between
threats and mitigations, it's often misunderstood, misapplied, or over-engineered in
practice.
In this talk, we’ll go beyond the theory and into the real-world implications of system
partitioning. We’ll examine why poor or missing segmentation undermines risk
assessments, but also why blindly partitioning every system can fragment your control
strategy, introduce unnecessary complexity, and create compliance blind-spots.
Using IEC 62443-3-2 as a technical case study, I’ll walk through what zones and conduits
are meant to achieve, what they actually do in operational environments, and how they can
both solve and introduce challenges in security architecture. You’ll learn how partitioning
affects SL-Ts, how shared controls lose effectiveness across zone boundaries, and why
over-partitioning without operational maturity leads to implementation debt.
More importantly, we’ll confront a critical misconception: that every supplier system must
fully meet all security (SL-T) requirements internally. In reality, system owners must
architect for gaps by using compensating controls at the infrastructure level, not penalize
vendors for honesty. We’ll explore how to design architectures that assume variability in
supplier security capabilities while still achieving compliance and resilience.
This talk is targeted at engineers, architects, and risk professionals working with ICS/OT
systems or complex hybrid environments. Whether you're applying IEC 62443, NIST 800-82,
ISO/IEC 27005, or working with cloud-native control domains, this session will give you a
deeper understanding of partitioning as a strategic architectural tool, and how to use it
responsibly.

About the Speaker:

At work I design Cybersecurity Architectures. As a hobby I program using the latest .NET9(C#)/Blazor/Python all integrated with Azure Cloud (including authentication). I also post my analysis on the latest Cybersecurity Standards and Legislation at www.cyber-laws.com.

Achievements in cybersecurity:
- Designed and led Cybersecurity Architectures for nation-wide infrastructure projects
- Established and led company-wide Cybersecurity strategies
- Established and led Cyber-Risk Assessment boards
- Established and led Threat Modeling teams for application code and application infrastructure
- Helped consolidate the supply chain cybersecurity for nation-wide infrastructure projects
- Represented a CVE numbering authority at MITRE US

Achievements in programming:
- Integrated Identity Access Management solutions on premise and in cloud using Microsoft Azure
- Designed and implemented an application layer Network protocol for distributed p2p communication (using Python / distributed hash tables & multiparty computation)
- Designed and implemented the network infrastructure of a cryptocurrency mining farm with full serviceability and VPN monitoring
- Designed and implemented a Secure Remote Physical Lock using LoRaWAN, FreeRTOS (real-time OS) and hardware

Favorite sources of knowledge:
- SABSA - for app & network Cybersecurity Architecture
- TOGAF - for network Cybersecurity Architecture
- COBIT - for governance and management of enterprise IT
- MITRE ATT&CK - For Threat Modelling
- IEC62443 - for OT Cybersecurity best practices
- ISO2700x - for OT/IT Cybersecurity best practices
- NIST SP 800 - for OT/IT Cybersecurity best practices
- NERC-CIP - for OT Cybersecurity best practices
- GDPR - for personal information best practices

Close

Avester Fahimipour

---

About the Presentation:

Through the lens of a threat hunter:This session will provide a live and partially pre-recorded walkthrough of a threat hunting scenario. We’ll begin by discussing how the initial hunting hypothesis was developed, followed by a demonstration of a custom piece of malware designed to drop LSASS and evade Microsoft Defender.
The presentation will then dive into the process of crafting a hunting query, explaining the logic behind it and how it functions. We'll showcase how the query successfully triggers as a detection rule in Defender when the malware is re-executed. To complete the cycle, we’ll also run the same query in a threat hunting context to identify the activity.
Due to the time-consuming nature of some steps, select parts of the demo will be pre-recorded to ensure a smooth and focused presentation.

About the Speaker:

Hello, I work as a security analyst at Conscia. I have worked in the cyber security industry for 3 years now. I spend my free time cooking, watching movies and shows.
I have experience presenting at the OWASP chapter and the Conscia Security Festival, and I’ve also published a blog post on ActiveCountermeasures. In addition, I have created a mini-course on network security monitoring, which is on YouTube.

Close

Bella Nielsen

---

About the Presentation:

From secure phone to insecure personalities: Ever thought of how much tracking a phone actually has?
In this talk we go trough a secure phone, finding out which insecure personalities are behind the creation of it.

About the Speaker:

A young cybersecurity enthusiast that loves playing CTFs and researching random topics in their freetime

Close

Francine Solheim

---

About the Presentation:

AuraCast: A Multisensory Proof-of-Concept.to Combat Alert Fatigue in Cybersecurity: Security analysts face a constant deluge of alerts, dashboards, and decision-making pressure, leading to cognitive fatigue and missed anomalies. AuraCast is a proof-of-concept system that reimagines network monitoring through multisensory feedback using sound and light to support analyst awareness without adding complexity or screen time.
Developed as part of a master's thesis, AuraCast sonifies intrusion detection system alerts and pairs them with ambient IoT-based lighting (via Philips Hue) to create an intuitive, passive alerting environment. The goal? To reduce the cognitive load on analysts and allow faster, more instinctive responses, especially during high-volume alert scenarios.
In this session, I present the motivation behind AuraCast, the technical design of the system, and the results from usability testing conducted with both SOC professionals and IT generalists. I explore how auditory and visual modalities can be meaningfully mapped to security events, and how this prototype performed when evaluated against traditional visual-only setups using NASA-TLX cognitive load assessments, response times, and qualitative feedback.
I’ll also discuss the practical, unfiltered challenges of building and testing something experimental, from deployment constraints to user scepticism, and reflect on what it would take to bring a concept like this into production in SOC environments.
Whether you're interested in human-centred cybersecurity, creative monitoring solutions, or just want to know what happens when intrusion detection meets MIDI and mood lighting, this session offers a unique angle on how we can support the humans behind the screens.

About the Speaker:

I'm a Cybersecurity Consultant with a Master’s degree in Cybersecurity Leadership and a strong technical background. I hold a range of industry certifications, including CompTIA Security+, CySA+, Pentest+, and SecurityX (formerly CASP+), as well as ISC2 SSCP and CC, and Microsoft AZ-500 and SC-300. My work spans vulnerability management, detection engineering, and systems hardening, with a particular interest in practical, scalable solutions for SOC environments. While my thesis involved human testing and cognitive load analysis, my focus has always been on the technical design, implementation, and evaluation of tools that improve detection and reduce noise. I enjoy building things that actually work - and then stress-testing them.

Close

Jack Fitzsimons

---

About the Presentation:

Bending the Big Iron: An Introduction to Mainframe Hacking: Mainframes underpin a lot more of society than we think - banks, airlines, supermarkets, day-to-day card transactions etc. Daily life would become much more inconvenient - or come to a halt entirely, without them. Yet many in the security community know very little about them and/or consider them legacy technology.

Having started working with mainframes around 2 years ago, I'd like to raise a bit of awareness and share some knowledge of the area.

This talk will demystify some perceptions and assumptions about mainframes in general, show that they're far from legacy technology, and give some useful advice on what you can do if you find yourself 'in front' of one or just want to explore further.

About the Speaker:

Jack is a security consultant at Reversec where he spends the majority of his time doing mainframe and cloud things.

He has previously given talks at BSides København and Disobey in Helsinki.

Close

Klaus Agnoletti

---

About the Presentation:

Dungeons & Dragons: The security tool you didnt know you needed: Tired of security training that puts your team to sleep? What if I told you the most powerful training tool in cybersecurity has been sitting in your game room all along? Welcome to the world of game-based learning, where the proven power of play transforms how professionals master complex skills.

Research shows that humans learn best when working together, yet traditional training methods keep pushing isolated, theoretical learning. Game-based learning flips this approach on its head, creating environments where people forget about office politics and actually engage with the material. Through structured play and collaborative storytelling, participants don't just memorize concepts—they live them, breaking down professional barriers and building genuine understanding through experience.

I'll show you the compelling evidence behind why using roleplaying games work, and demonstrate how to transform resistant learners into engaged participants. Using compelling examples, you'll discover how tabletop role-playing mechanics can turn your most challenging training scenarios—from incident response to zero trust architecture—into adventures your team actually looks forward to.

Join me to learn why adding roleplaying games to your professional development isn't just about making training fun—it's about making it work.

About the Speaker:

Klaus Agnoletti has been an all-round infosec professional since 2004. He co-founded BSides København in 2019. Recently he started out as an infosec freelancer focusing on storytelling in marketing, employer branding, game-based learning or wherever new ideas bring him.

Close

Mark Steenberg

---

About the Presentation:

Creating Your Own Command Control Framework: In this talk I will go through how to create your own command and control framework. We will go through architecture, API design, Agent design, and how you could implement this.
I'll show examples of how this can be done and share general info and knowledge about considerations for different protocols, infrastructure etc.

About the Speaker:

@Truesec | GCFA | HTB APTLabs, Cybernetics, RastaLabs, Offshore, Dante, Zephyr | eCRE, eCMAPv1, eCPTXv2, eCXD, eCTHPv2, eCDFP, eCIR, eNDP, eWPTXv2, eWDP, eCPPTv2, eWPT, eMAPT, eJPT | CARTP, CRTP | az-900 | CVE-2021-44151, CVE-2021-44152, CVE-2021-44153, CVE-2021-44154, CVE-2021-44155

Close

Knud Højgaard

---

About the Presentation:

From promises to performance: A critical review of (mostly cloud) WAF solutions: Dive into the world of Web Application Firewalls (WAFs), exploring the strengths and limitations of leading providers such as Azure & AWS, as well as some decidedly commercial offerings. Through a detailed evaluation based on a subset of the OWASP Top Ten vulnerabilities, DoS/DDoS protection and AI/ML capabilities, we uncover whether WAF solutions deliver as promised in terms of protecting against common and bespoke web threats. Participants will gain insights into practical recommendations for selecting and deploying WAFs effectively, emphasizing the integration of developer expertise for enhanced security models. A blend of technical analysis and identification of weak areas despite what glossy brochures would have you believe.

TL;DR: A quick look at what a WAF is, some of the commercial offerings in WAF space, what it can and cannot do for you, some WAF fails

About the Speaker:

Knud works at Fraktal.fi in the exciting field of information security. Interests and focus areas span wide, from lock manipulation and covert entry to vulnerability discovery and exploit development, usually focused on traversing trust boundaries one way or another. He enjoys popping shells and stealing corporate secrets, with permission naturally.

Close

Martin Clausen

---

About the Presentation:

Go-ing Under the Hood: Practical Malware Reversing for Threat Intel: This session shows how to peel back some of the layers of modern Golang-based malware. We’ll start with a lightning refresher on Go’s language quirks and its distinct ELF/PE binary layout, then move into tooling and workflows for reversing. Along the way, you’ll see how dissecting real-world samples yields IOC intelligence and insights that feed blue-team detections, and ultimately flip the advantage from attackers to defenders.

About the Speaker:

Martin is a Cyber & AI specialist at Jyske Bank with 20+ years of experience across blue-team defense, red-team offense, security architecture, and leadership. His driving passion is to rethink security and solve cyber challenges the right way—shifting the asymmetric advantage from attackers to defenders.

Close

Michael Weng

---

About the Presentation:

Wanna play with OT and Cyber Security? Play with Labshock, then: Labshock is a newly created OT Cybersecurity lab in Docker, thats easy deployed and immediately get you to play and learn about all things OT/ICS Cybersecurity - We'll go throug deployment and one attack simulation together

About the Speaker:

Michael is an Experienced OT/ICS Cyber Security Professional. Stated designing and building pharmaceutical manufacturing networks and systems. Later gained Operational experiences which prepared him for the real passion he holds – Protecting OT/ICS. He has had numerus roles as a Senior Principal/Consultants for companies like NCC Group and F-Secure/WithSecure. He served 2 years as the first SE for Nozomi Networks in the Scandic and Baltic Region. Michael’s favourite discipline is Blue Teaming. He believes that defence is doable and now works as a Senior Analyst in the SOC of SektorCERT. He spends time on Alerts, Detection Engineering, Network Forensics, and IR, predominantly. He also oversees Sensor Deployments in a third of the Country (Denmark).

Michael is an experienced speaker at venues such as S4 in Miami, and CS3 in Stockholm, and ofc at conferences at numerous other places around Europe.

Close