Name: GÉANT Security Days 2024
Start: 2024-04-09T08:45:00+02:00
End: 2024-04-11T17:00:00+02:00
Location: Grandior Hotel

GÉANT Security Days 2024

from Tuesday, 9 April 2024 (08:45) to Thursday, 11 April 2024 (17:00)

Monday, 8 April 2024
Tuesday, 9 April 2024
09:00 Cyber Threat Intelligence Workshop - Roderick Mooi (GÉANT)
Cyber Threat Intelligence Workshop
- Roderick Mooi (GÉANT)
09:00 - 12:30
This workshop will unpack initiatives and ideas emerging from the CTI subtask of WP8 T3. NREN participants will present their use cases for threat intelligence and journeys towards realising them; from collecting, validating, correlating with flow data and acting on indicators. We will also present aspects of our planned R&E Security Intelligence Hub - an ISAC-like virtual organisation facilitating the exchange of threat intel within and beyond the GÉANT community. Come join us and share your thoughts! The following use cases will be presented: - SURF: Modern flow analysis: nfdump2clickhouse experiences - HEAnet: Threat Intel Visualised - CYNET: Secure Collaboration & Intelligence Information Sharing Platform (SCIISP) - DeiC: pDNSSOC: Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC - SUNET: C2-scanner - PSNC: Malware analysis services for CTI - GÉANT: CTI and the R&E Security Intelligence Hub: Plans for GN5 projects and beyond Note: all presentations are TLP:GREEN (limited disclosure [community only])
Joint SIG-ISM/ WISE Meeting
Joint SIG-ISM/ WISE Meeting
09:00 - 17:00
Contributions

09:00 Legislation and the impact of new requirements in the Information Security Management System - Alf Moens Floor Jas (SURF) Ivana Jelacic (CARNET)

11:00 Implementation: How organizations are preparing to respond to these requirements and new challenges - Ana Alves Andrea Kropacova (CESNET) David Groep (Nikhef and Maastricht University) Helma de Boer (SURF) John Chapman (Jisc) Rolf Sture Normann

13:30 Monitoring: What kind of controls are in place to protect our systems, network, and the services provided. It's a slightly more technical approach, mixing perspectives from both information and systems managers - Ana Alves Carlos Friaças David Heed Rolf Sture Normann Ryan Richford (GÉANT) Simona Venuti

15:30 Training and Awareness: How NRENs are preparing their staff for all security challenges. - Cornelia Puhze (SWITCH) Davina Luyten Rolf Sture Normann Zoe Fischer
10:30 Coffee Break
Coffee Break
10:30 - 11:00

12:30 LUNCH
LUNCH
12:30 - 13:30
13:30 Security Products and Services - Jennifer Ross (GÉANT) Charlie van Genuchten (SURF)
Security Products and Services
- Jennifer Ross (GÉANT)
- Charlie van Genuchten (SURF)
13:30 - 17:00
This interactive session will be a chance to gain insight into which (kinds of) security products and services we as NRENs are running and creating for our members. Attendees will be invited to exchange ideas and experiences to see if there are things we can learn from each other, see if a more consistent experience exchange would be valuable and discuss the services GÉANT is running centrally. More information about this side meeting is available on the <a href="https://wiki.geant.org/display/GWP8/Side+Meeting+Products+and+Services+at+SD24">GÉANT wiki</a>.
15:00 Coffee Break
Coffee Break
15:00 - 15:30
Wednesday, 10 April 2024
09:00 Plenary
Plenary
09:00 - 10:30
Contributions

09:00 Welcome to GÉANT Security Days - Klaas Wierenga

09:10 Welcome from CESNET - Andrea Kropacova

09:20 Changing Landscape of Security for NRENs

09:40 Moving the Goal to Post Quantum - Roland van Rijswijk-Deij (University of Twente)
10:30 Coffee Break
Coffee Break
10:30 - 11:00
11:00 Session 1
Session 1
11:00 - 12:30
Contributions

11:00 Human Factors in Security – Research vs. Current Practices - Cornelia Puhze (SWITCH)

11:30 Delivering cyber security training and education campaigns to the education and research sector - Mark Tysom

12:00 Beyond awareness: Challenges and triumphs in Cybersecurity Awareness - Rosanne Pouw (SURF)
Session 2
Session 2
11:00 - 12:30
Contributions

11:00 Using an analytical database to augment nfdump/nfsen - Remco Poortinga (SURF)

11:30 Harnessing AI and Open-Source Tools for Enhanced IT Security Vulnerability Assessment - Joost Grunwald

12:00 Extending UEBA for emerging threat, detection, characterisation and intelligence generation - Sonu Preetam (i2CAT) Xavier Marrugat (i2cat)
12:30 Lunch
Lunch
12:30 - 13:30
13:30 Session 3
Session 3
13:30 - 15:00
Contributions

13:30 Hijacks -- why should we care? - Carlos Friaças (RCTS CERT (FCCN))

14:00 Modular transport layer solution for semi/automated protection of infrastructure, communities and users in CESNET3 network - Tomáš Košňar (CESNET, association of legal entities)

14:30 Real world DDOS attack examples and tips how to survive - Vladislav Bidikov (MARNET / UKIM)
Session 4
Session 4
13:30 - 15:00
Contributions

13:30 Resilience in Action: Lessons from SURF's Red Team Testing Initiatives - Joost Gadellaa

14:00 eduVPN Operation at the Leibniz-Supercomputing Centre - Markus Meschederu

14:30 Phishingator – The way how to automated training - Martin Šebela (CESNET)
15:00 Coffee Break
Coffee Break
15:00 - 15:30
15:30 Lightning Talks
Lightning Talks
15:30 - 17:00
Contributions

15:35 Exploring machine learning for DDoS mitigation - Jakub Man

15:40 Why cybercrime is an evolution rather than a revolution - Nicole van der Meulen

15:45 SOCCER project: Supporting establishment of university SOCs and collaboration in academic sector - Václav Bartoš (CESNET)

15:50 Crisis communication in the event of a cyber attack: why “no comment” is not an option - Davina Luyten

15:55 CLAWHAMMER – One Tool To Rule Them All - Renato Furter

16:00 Granny Smith, an unusual cyber criminal - Rosanna Norman

16:05 Crossing the Baseline - Elevating Security Maturity through the Security Bootcamps - Ana Alves

16:10 NETSEC-SIG @FIRST - Carlos Friaças (RCTS CERT (FCCN))

16:15 Why you can't trust your e-mail client - Jeroen Wijenbergh

16:20 Community for Integrating and Opening Cyber Range Infrastructures - Panayiota Smyrli

16:25 Next Generation Security Operation Centres - Stephanos Andreou

16:30 Responding to a cyberattack - Birgit Ploetzeneder (ELI Beamlines)

16:35 Fighting NeMo - Ryan Richford (GÉANT)

16:40 Let Me Hack You - Sigita Jurkynaite (TF-CSIRT)
19:00

19:00 - 23:00
Thursday, 11 April 2024
09:00 Session 5
Session 5
09:00 - 10:30
Contributions

09:00 The Research and Education Security Intelligence Hub - Roderick Mooi (GÉANT)

09:30 Why collaboration tastes like more. - Floor Jas (SURF) Wim Biemolt

10:00 How We Knitted Our SOC (or HEAnet's SOC & SIEM Project) - Brian Nisbet (HEAnet)
Session 6
Session 6
09:00 - 10:30
Contributions

09:00 Security of bespoke solutions vs academic curricula - Maciej Miłostan (PSNC)

09:30 Enhancing Security and Member Satisfaction with certified security and suitability classification of services - Helma de Boer (SURF)

10:00 Are Croatian universities ready for next level of cyber security? - Ivana Jelacic (CARNET) Marina Dimic Vugec (CARNET)
10:30 Coffee Break
Coffee Break
10:30 - 11:00
11:00
11:00 - 12:30
Contributions

11:00 CISO Wanna be - Ana Alves

11:20 New Security Challenges for NRENS - Jan Kolouch (CESNET)

11:40 Lies are (not!) everywhere - Daniel Stach
12:30 LUNCH
LUNCH
12:30 - 13:30
13:30 DDoS and Network Monitoring Workshop - Jochen Schoenfelder
DDoS and Network Monitoring Workshop
- Jochen Schoenfelder
13:30 - 17:00
The session will be split in two parts, with the second part most possibly starting after a short break. Part 1: Threat sharing for proactive (D)DoS defence (co-host: Roderick Mooi) We will discuss ideas emerging from collaborative discussions between the CTI and DDoS subtask teams in WP8 Task 3. How can NRENs share actionable intel around (D)DoS attacks (with an emphasis on those targeting R&E) and better prepare our defences accordingly? Part 2: General DDoS tooling and attack discussions We will discuss the general DDoS situation, and current tooling & experiences from within the GÉANT project and the NREN community. While we won't be able to do a deep dive into recent events - as we won't go more retrictive than TLP:GREEN in this session, feel free to share your lessons learnd as well as tooling experiences.
13:30 - 17:00
Contributions

13:30 Welcome - Davina Luyten

13:40 What is the Human Factor: what the research says/ what we do - Cornelia Puhze (SWITCH)

14:00 GÉANT Security Training and Awareness - Nicole Harris (GÉANT)

14:10 SURF Security Awareness Programme - Helma de Boer (SURF)

14:20 CESNET Security Awareness Programme - Andrea Kropacova

14:30 Jisc Security Awareness Programme - John Chapman (Jisc)

14:40 SWITCH Security Awareness Programme - Fabio Greiner (Switch)

15:30 Needs and Challenges of our Community - Davina Luyten

15:50 Informal discussion - Cornelia Puhze (SWITCH) Mark Tysom
15:00 Coffee Break
Coffee Break
15:00 - 15:30