A first glimpse at the program of the SCS Conference 2017


A first glimpse at the program of the SCS Conference 2017

We had a few impressive talks at Swiss Cyber Storm 2016. Troy Hunt surprised me regarding his diligence with everything around account breaches. John Matherly / Shodan and Marc Ruef with his Dark Net talk hit it home in a perfect way. I was very happy that Nick Galbreath’s talk resonated with so many people in the room who had never heard his name before. And then of course Mazin Ahmed from Al-Khartum: I mean putting a 19 year old Sudanese hacker on the program is rather risquée. But yeah, he did a great job. Herbert Bos gave us a glimpse on a weakness that would later become known as Drammer. Gorgeous presentation.

I went home with a big smile on my face and when president Bernhard Tellenbach asked me to take over the program chair position I was even happier still. I have to admit I really like the challenge to find good speakers an to compose an interesting conference program.

Scott Helme launching the public beta of Hardenize.com

Many conferences ask for submissions via a Call for Papers. That is a very good method to get quality research to a conference. But truth be told, it is also a lot of hard work to review all the submissions. And given the amount of time and effort the submitters invested in their proposals, you really need to do this in a proper way or it is very unfair. But even with a superb CFP campaign, you end up with a dilemma: A CFP selects the best exposés, while you ask for the best research and you actually want the best presentations. That’s three wildly different things. And then there is of course the risk of ending up with a very unbalanced program where the best papers were all submitted in the same area of tech. All this combined explains why we do it differently at Swiss Cyber Storm: We do a curated program.

This means we pick the best speakers and the best presentations in order to create an attractive program. Designing such a program also takes a lot of time. It involves talking to a lot of people and watching many hours of youtube…

But we are on good tracks for 2017 and while I won’t give away any names just yet, here are a few areas that we will cover at this year’s conference:

We omitted the IoT hype last year, but we are going to address it this time. Well not the hype, but real software running on real devices. We have a very interesting speaker and I am currently looking for a second one. Ideally an IoT security success story. If you know one, then please get in touch.

A growing trend in IT security is to look for solutions outside technology. It would warrant a talk on its own, why this is the case. I think we are beyond the point where we assume we can solve security problems by educating users to use PGP. What I see is people with non-technology backgrounds entering IT security and proposing new solutions or new perspectives on well-known problems. We are going to have one or two talks that fall into this category.

One topic that was never covered at Swiss Cyber Storm as far as I can tell is social engineering. Well this time, we are going to have social engineering combined with physical access control. All documented on camera, mostly CCTV. That’s going to be awesome.

I totally want to continue with the bug bounty topic. Swiss companies are very slow to adopt bug bounty programs and I think this is a mistake. I’m in contact with a top shot in this area, but she has not confirmed yet.

The dark net is vastly attractive as a topic for a conference. It’s sex and crime combined with security. It’s kind of a safe bet that any tech audience will love that. We’ve done a dark net talk in 2015 and one in 2016. This time we are changing the perspective a bit and return to the topic of bullet proof hosting. The traditional bullet proof hosting (RBN and the like) is dead. But there is a new type of malign hosting that is much harder to identify and even harder to fight. We have an expert on that topic coming from the States and I am very glad he confirmed.

And finally I just got the green light from a major player in a highly contested area of security in Switzerland. This green light will allow us to create a focus point around that area. I’ll leave you guessing what this might be for a few weeks, while I talk to the right people to set this up.

So that’s it for the moment. We are going to start to announce the first speakers soon. But if you liked the outlook above, you do not have to wait any longer to secure your ticket for the conference. The early bird has started.

Christian Folini, Program Chair, Swiss Cyber Storm Conference @ChrFolini