In an effort to bring the security community in Sweden together to share experiences, learn and network, we’ve invited a select crowd of security professionals to an insightful evening of presentations, discussions, and dinner.

Join us to discuss Incident Response, Threat Intelligence, information sharing and cooperation. The presentations will go beyond the technical level and touch upon real-life implications and learnings as our speakers all have decades of experience in the trenches to share from.

In the spirit of experience sharing, the guests will have many coffee breaks and other opportunities during dinner to network and discuss the topics of the day.

See you there!

Agenda

13:30-13:50 Registration

13:50-14:00 Welcome and introduction

14:00-14:45 Cyber Threat Intelligence – Current Applications and Challenges

with Bjørn Rasmussen, Threat Intelligence Consultant, mnemonic

Bjørn's presentation aims to provide an introduction to cyber threat intelligence – what it is, and what it can be used for. Limitations and challenges with TI are explored, as is potential solutions. New technology that is being developed in-house at mnemonic is one factor that could contribute to overcoming the current challenges.

Bjørn is a security consultant at mnemonic, a position he started last year. Before this, he gathered ten years of experience working for the Norwegian Police and the Norwegian Armed Forces. Up until 2021, he was the police superintendent at Kripos, where he was responsible for investigating cyber attacks at the National Cybercrime Centre (NC3). Bjørn has a Master's degree in Investigations from Politihøgskolen (The Norwegian Police University College). During his military career, Bjørn has a background as a combat engineer in Brigade Nord, both in the Telemark Battalion and the 2nd Battalion. He has also been a part of the forces that Norway contributed to NATO's operations in Kosovo and Afghanistan. At mnemonic, Bjørn delivers consultancy within the areas of threat intelligence and incident management. He works closely with a range of different organisations to deliver threat intelligence, adapted to each organization's risk assessments and informational needs.

Technical level: 2/5

Language: English

15:00-15:45 Incident Response Beyond the Technical Level

with Mona Østvang, Research & Development, mnemonic

In a pre-pandemic time, mnemonic toured the world of incident response conferences with the presentation “the tactical analyst and the half-year apt”. The presentation's acclaim stemmed from the underlying data we were able to analyse and later showcase – more than 12.000 commands from the threat actor's human operators, gathered from an advanced investigation that lasted for six months. This data allowed mnemonic to do a rather thorough analysis of the actor, and to draw important conclusions about theoretical and practical aspects of incident response. Mona's presentation is a continuation of this work, with several more years of research, data, and experience to add to the conversation.

Mona Elisabeth Østvang is a board member of FIRST (The Forum of Incident Response and Security Teams), holds a Master's of Technology from NTNU (Norwegian University of Science and Technology), and is currently working as a researcher in mnemonic's R&D department. For the last ten years, she has been involved in a number of incident response situations as an incident manager, which entails leading investigations of different types of incidents, including several nation-state threat actor campaigns in Norway and abroad.
Mona's work contributes to tactical analysts gaining a better understanding of the threat actor, which is important when managing a serious incident.

She also studies how such an approach to an incident affects the breached organisation, asking questions like; "what benefits do we gain from taking the time to really understand what is going on?" and "what are the downsides of doing this?".

Technical level: 3/5

Language: English

16:00-16:45 Overview of the Adversarial Threat Landscape

with Anders Blecko, Cybersecurity Specialist, CrowdStrike

Anders will provide a strategic-level overview of the main cyber security threats and trends that CrowdStrike has observed over the past 18 months, how nation-state adversaries have adapted their attack techniques, and how the ecosystem of financially-motivated eCrime actors has increased in size, complexity, and specialisation.

Additionally, he will illustrate the major threats that they are currently observing in Scandinavia and Europe as a whole, including profiles of the most active adversaries in the region.

Anders Blecko is a Cybersecurity Specialist at CrowdStrike and has experience from information and IT-security, software development, and IT-architecture. Before joining the Nordic and Baltic team at CrowdStrike, Anders held different positions at The National Swedish Police (Polismyndigheten) and The Swedish Security Service (Säkerhetspolisen).

Technical level: 2/5
Language: English

17:00-18:00 Networking/Mingle

18:00-21:00 Dinner