1:30 pm

Registration

2:00 pm

Welcome & short introduction from SIGS

2:00 pm

Todd James, Head of Cyber Defense Operations at Swisscom AG

"LLM In Your SOC - 1st Steps and No, it's not AI"
You have a SOC, management is forcing you to use AI, where do you start? Clarifying misconceptions and setting expectations about LLM.

2:30 pm

Olivier Spielmann, VP SOC at Senthorus

SOC: Artificial or Human?
As AI-driven security technologies accelerate, the question emerges: Can a Security Operations Center ever be fully artificial? This keynote explores the shift toward autonomous detection and response, and the limits where human expertise still defines effective cyber defense. 

Rather than arguing for one side, the session outlines how to design a new SOC that fully leverages automation while preserving the human judgment, creativity, and context understanding required to handle complex threats. The audience will gain concrete principles for building a next‑generation, hybrid SOC that aligns technology, processes, and people for maximum resilience. 

3:00 pm

Short presentation from CrowdStrike

3:10 pm

Short presentation from Timo Jobst, Sales Engineer at Corelight

Zeek, Suricata, and Beyond: Turning Network Traffic into Ground Truth

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1:
Maxim Samo, Head of IT Operations at AMINA Bank AG

Pwn or Protect? The Real Training Value of CTFs for SOC Teams
Capture-the-Flag (CTF) competitions are widely praised as hands-on, practical cybersecurity training—but do they actually translate into better performance in a real-world SOC?

This round-table brings together SOC professionals to cut through the hype and discuss where CTFs genuinely add value—and where they fall short. We’ll explore how skills learned in offensive, time-boxed challenge environments map (or fail to map) to day-to-day SOC realities like alert triage, incident response, detection engineering, and threat hunting.

Key discussion angles can include:

• Skill transfer: Which CTF skills actually help in a SOC, and which are mostly academic or ego-driven
• Blue vs. red bias: Are most CTFs too attacker-centric for defensive teams?
• Junior vs. senior value: Who benefits most—new analysts, seasoned responders, or specialists?
• Tooling vs. thinking: Do CTFs teach real analytical thinking or just tool-specific tricks?
• Time & ROI: Are CTFs a good use of scarce SOC training time compared to labs, simulations, or live-fire exercises?
• Culture & motivation: Do CTFs improve team engagement, curiosity, and retention—or just reward the loudest hackers?

Breakout Session 2:
Timo Jobst, Sales Engineer at Corelight

The Missing Link: Bridging Endpoint and Network Evidence
An EDR alert tells you what happened on the host, but it often leaves you in the dark about how the threat moved through the wire. In this session, we’re moving beyond isolated logs to create a unified picture of an incident.

Breakout Session 3:
Andreas Bischoff, Head of Cyber Threat Intelligence Engineering at UBS AG
(details will follow)

Breakout Session 4:
CrowdStrike
(details will follow)

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Andreas Bischoff
Head of Cyber Threat Intelligence Engineering at UBS AG

Todd James
Head of Cyber Defense
Operations at Swisscom AG

Timo Jobst
Sales Engineer at Corelight

Olivier Spielmann
VP SOC at Senthorus