Professor Dr. Norbert Pohlmann

09:45 a.m.: Opening

Professor Dr. Norbert Pohlmann, eco Association

Paul Kaffsack
Christian Knothe

10:00 a.m.: Keynote Myra Security

Paul Kaffsack, Co-Founder & COO Myra Security
Christian Knothe, Head of Solution Sales, 1&1 Versatel

Sponsored by:  

Content of presentation

The market for cloud services is dominated by US providers.

In the presentation, Paul Kaffsack and Christian Knothe will use practical examples to explain why Europe does not have to stand back and what advantages are offered by the use of European solutions, especially in the area of IT security.

ISDs 2022 - Agenda 3

10:30 a.m.: Keynote “The role of AI in modern attack vectors as well as methods of IT security”.

Dr.-Ing. Christian Krätzer, Faculty of Computer Science, Otto von Guericke University Magdeburg


Content of presentation

The number and technical quality of AI applications has increased by leaps and bounds in the last decade. In addition to the versatile fields of application (e.g. in autonomous driving or in the manufacturing industry), the developments in this area also present new challenges and opportunities for IT security.

In this lecture, such challenges and opportunities will be discussed using the example of the modern, AI-driven attack vector "DeepFakes" and associated protective measures.

11 a.m.: Intermission & Networking

ISD 2022 - Agenda 4

Cybercrime – The show goes on

ISD 2022 - Agenda 6

Secure World – Security for a Connected World

Chris Lichtenthäler
Melanie Vorderobermeier

11:30 a.m.: Crime as a service: The invisible hand in cyberspace

Chris Lichtenthäler, Deloitte GmbH

Melanie Vorderobermeier, Deloitte GmbH

Content of presentation

In our presentation, we will address the question of what lies behind "crime as a service" and follow the trail of a suave and thriving shadow industry that imitates key components of lawful trade, and that has established itself as a leading business risk via cybersecurity incidents. When organisations are affected by cyber attacks, they are often subjected to organised crimes that are professionally conducted and that increasingly lead to business-threatening consequences. Based upon real cases, we therefore show how modern attack patterns function and how the players proceed in order to make the attacks successful. Based on trends and innovations that currently dominate the crime-as-a-service business, we extract practical know-how based on the motto "Know before you go". This helps organisations to be better prepared day by day by taking concrete measures to counter the growing threat situation.

Sabine Griebsch

12 p.m.: Cyber Attack in Anhalt-Bitterfeld - District in a State of Emergency and the Consequences

Sabine Griebsch, Anhalt-Bitterfeld District

Content of presentation

to follow

12:30 p.m.: Panel "War Stories"

Markus Schaffrin, eco Association (Moderation)

Sabine Griebsch, CDO Landkreis Anhalt-Bitterfeld

Eva Pleger, Director DACH - Immersive Labs & FernUniversität Hagen

Paul Kaffsack, CEO, Myra Security GmbH

Christian Knothe, 1&1 Versatel GmbH


ISDs 2022 - Agenda 18


It's not a matter of whether the company is affected by a security incident, but only when and how they deal with it. Invited panelists from various companies and organisations will share their experiences of dealing with a recent incident and answer audience questions.

Markus Schaffrin"
Sabine Griebsch"
Eva Pleger"
Paul Kaffsack"
Christian Knothe"
Thorsten Deutrich

11:30 a.m. Next Generation of Cybersecurity Services - Passwordless, Data-Driven, and Zero Trust.

Thorsten Deutrich, GlobalDots


Sponsored by:    ISD 2022 - Agenda 11

Content of presentation

The automation of cyber defence is taking shape in new services. Vulnerability scanning in code creation and operations, the elimination of passwords and real-time scanning of all data points with mitigation of attacks is here. Now the tech stacks need to be upgraded.

Hans Wenner

12 p.m.: Information Security in Medical Technology: Prevention is Better than Cure!

Hans C. Wenner, VDE Verband der Elektrotechnik Elektronik Informationstechnik e. V.

Content of presentation

Information Security in Medical Technology: Prevention is Better than Cure!

The first part of the presentation will cover the requirements for information security resulting inter alia from norms and technical standards.
In the second part of the presentation, it will be explained step-by-step how cybersecurity management can be integrated into the existing risk management (which every manufacturer of medical devices must establish).
The methodology applied is systemic threat modeling, which includes both operational safety and information security aspects.
What will the audience learn in the presentation?
The presentation will focus on practice-oriented guidance; the procedure will be presented in detail.
The speakers years of experience allow them to present a summary with empirical values. This provides the participants with ideas and support for their daily work.

Bild Gökhan Kurtbay

12:30 p.m.: Information Security in the Industry - The Next Must-Have?

Gökhan Kurtbay, CNX Consulting Partners GmbH

Content of presentation

For many years, there has been talk that the next war will take place in cyberspace. Now it's arrived and it's frightening to see how badly, almost negligently, the German industry is NOT prepared for it. Until now, the mantra has been: "We are safe. After all, nothing has happened so far".

KRITIS is the first taste of what it can mean to be compelled to implement a far-reaching security strategy. Even the automotive industry recognized the need for cybersecurity back in 2017 and made ISMS TISAX mandatory for its suppliers and service providers. But what about all the other industries, suppliers and service providers?

It is to be expected that, in the next few years, certification for both data protection and information security will become a far-reaching obligation for many companies, similar to the Supply Chain Act or the obligation to introduce a reporting system.

Andreas Munch

1 p.m.: Security Everywhere

Andreas MĂĽnch, Akamai

Sponsored by:    eco://kongress 2018 5

Content of presentation

Everyone’s online all the time and smart connected devices collect vast amounts of data. Attackers can target everything and constantly alter the face of their exploits to avoid detection.

What will it take to provide security everywhere? This session will explore the current threat landscape, based on a unique view into global threat activity, and discuss how cyber protections can be extended to cover users and devices wherever they connect to the Internet.

1 p.m.: Intermission & Networking

Snehal Antani

2:30 p.m.: Keynote "SOC Effectiveness – Pentest Often to Fend Off Attacks"

Snehal Antani, CEO and Co-Founder,

Sponsored by:

Content of presentation

Security is no longer just a compliance checkbox. Everyone will experience a cyberattack at some point, which is why it’s crucial to harden your security system by finding and fixing attack vectors before criminals can exploit them. Unfortunately, security tools are noisy, full of false positives, require persistent credentialed agents, and impose an enormous training and maintenance demand on IT and security teams. Security teams are overwhelmed with non-contextual reports and dashboards, which wastes a lot of valuable time and resources chasing vulnerabilities that don’t pose a real threat to their business.

So, how do you know you’re logging the right data and fixing the right vulnerabilities, or that your security tools are correctly configured to detect and stifle attacks? Proactively verify your security controls and focus your resources on fixing only exploitable problems. In this session, attendees will:

  • Learn about real-world attacks that enabled attackers to escalate privileges to become domain admin and compromise their AWS VPC
  • Find out why no alerts were triggered during attacks despite state-of-the-art tools being in place
  • Hear about why the find, fix, verify loop is critical for building a purple team culture
  • Discover the role autonomous pentesting can play in empowering and augmenting teams
Bild Kai Boyd

3 p.m.: The 4 Rules for Web-App and API Security

Kai Boyd, Fastly


Sponsored by:    Internet Security Days 2022 33


Content of presentation

The demands on your online presence are changing - customers expect customized experiences and secure interactions. Companies are responding by scaling their infrastructure to stay competitive. At the same time, however, this is making them more vulnerable to attackers who are acting smarter than ever before. As a result, dev, sec, and ops teams are struggling to keep up. In this session, we present the new rules for your web app and API security.

We will show:

Which new security aspects companies should have in mind today.

Which 4 rules will help you evaluate your security solution.

How you can more effectively fend off cyber threats.


wie Sie Cyber-Bedrohungen effektiver abwehren können.

Internet Security Days 2022

3:30 p.m.: When Cyberspace Meets the Real World ... of 66 Bitcoins and a Deadly Recipe

Lukas Grunwald, DN-Systems Enterprise Internet Solutions GmbH

Content of presentation

Beginners will be shown examples of cases from the last 2 years, will learn that "what can go wrong will go wrong", and that even cyber criminals do not always have their IT security under control.

In examining cases of anonymous customers, it will be shown where they have failed with the "integral" as the combination of cybersecurity and conventional object protection.
A small checklist will be provided so that everyone can assess their individual risk and initiate countermeasures.

Martin Meyer

4 p.m.: Prevention is better than cure - AI in the fight against ransomware!

​Martin Meyer, rubrik

Sponsored by:    Rubrik

Content of presentation

We will be happy to explain to you how to recognise risks, contain them and recover your data.

To this end, we would like to give you the following points to think about:

  • How large is the attack radius and which systems are affected?
  • Has any personal data been accessed?
  • When did the malware reach the infrastructure and what type of attack is it?
  • Are the backups logically isolated from the network and can the data be restored quickly?
  • Is access to the backup system secured by multi factor authentication?

Learn how you can implement the preventive basics of the “BSI - Catalogue of Measures Ransomware” and how a Zero Trust Architecture guarantees the recoverability of the affected systems. In case of emergency, the most reliable measure is to reach for the backup. Paying a ransom was something from yesterday...

Bild Mirko Ross

3 p.m.: The Interior of the IoT Product Defines Your Cybersecurity

Mirko Ross, asvin GmbH

Content of presentation

IoT is suffering from increasing cybersecurity problems caused by software vulnerabilities. In 2020 the malware infection of IoT devices raised 100%1 causing 33% of malicious activities in networks and in 2021 Software-Supply Chain attacks have been raised by 650%. Attackers are increasingly injecting malicious code or backdoors into components of connected products to compromise the IoT assets. Software stacks in connected vehicles are IoT assets on wheels, built upon n-tier software supply chains including multiple sources, often using software stacks from the shelf and third-party developer sources for e.g., open-source libraries. The attack surface has massively increased, while transparency of software provenance decreased due the complex n-tier supplier structure and lacks in information sharing. Adding machine learning will amplify the risk of supply chain attacks towards new actors, for e.g. data suppliers and AI learning services.

Joshu Wiebe

3:30 p.m.: IT security label of the BSI and the new product categories from the field of IoT

Josua Wiebe, Federal Office for Information Security

Content of presentation

In December 2021, the BSI successfully introduced the new voluntary IT security label for consumer IT. The IT security label is based on a self-test followed by a manufacturer's declaration. It is intended to create more transparency for consumers by making the manufacturer's commitment to the IT security of their products and services easily recognisable. The first label was handed over to an email service provider at the 18th German IT Security Congress in early February 2022. In addition to email services and routers, since 6 May 2022 it has also been possible to apply for labels for five product categories from the field of IoT. The presentation will provide an overview of the structure and functionality of the IT security label. At the same time, references to relevant security standards will be drawn and an outlook on further developments will be given.

Stefan Hessel

4 p.m.: Cybersecure by law? - New Legal Requirements for IoT Security

Stefan Hessel, reuschlaw Legal Consultants

Content of presentation

For many years now, IT security incidents and data breaches related to the Internet of Things have been accumulating. The EU Commission reacted to this development at the end of October 2021 with a delegated regulation to the Radio Equipment Directive. This obliges manufacturers of radio equipment to take binding measures with regard to cybersecurity, data protection and fraud prevention from August 2024. The fact that manufacturers must comply with corresponding obligations is not entirely new. In 2017, for example, the German Federal Network Agency (BNetzA) banned the connected toy doll "My friend Cayla" because it could be misused for eavesdropping purposes. And manufacturers of IoT devices may also be obliged to comply with the General Data Protection Regulation (GDPR). The presentation explains the existing and future rules of the game in the Internet of Things using practical examples and shows how the law can contribute to greater security in a connected world.

4:30 p.m.: Intermission & Networking

Leona Stege

5 p.m.: Cyber Incident Management - Prevention and Response

Cyber Incident Management - Prevention and Response

Leona Stege, Marsh

Content of presentation

Cyber incidents can have an immense impact on businesses: Operations are regularly interrupted, reputation suffers and high costs are incurred. At the same time, the regulatory requirements for companies have increased further in recent years. Mistakes in disregarding laws can be expensive for companies: In the area of data protection violations alone, serious compliance errors lead to an increase in costs of 2.3 million USD on average.

It is therefore even more important for companies to be able to respond quickly and thoughtfully to incidents, to mobilise internal stakeholders and to get support from the right experts. This can limit the impact of an incident and minimise the financial damage. How to prepare appropriately for a crisis and what to consider when responding will be covered in this presentation.

Hauke Gierow

5:30 p.m.: Communicating in a Cybersecurity Emergency - How Companies Should Prepare Now

Hauke Gierow, Director Cybersecurity Practice, PIABO PR

Content of presentation

The presentation will give an insight into the basic mechanisms of crisis communication with a special focus on communication in the case of a cybersecurity incident. If the entire company, including the CRM is encrypted, all rehearsed procedures suddenly become wastepaper. But it is at this moment that coherent and managed communication is extremely important to maintain trust with customers, partners and the general public. Communication managers are given some concrete tools to prepare for an incident in order to avoid a "headless chicken mode".

5 p.m.: Panel "IoT - Security"

Tatjana Hein, eco Association (Moderation)

Olaf Pursche, AV-Test GmbH

Rainer M. Richter, Horizon3.AI Europe GmbH

Joshu Wiebe, Head of Unit, Division SZ 35 - IT Security Labels Insurrance, BSI


The number of smart devices is increasing: not only refrigerators, washing machines and voice assistants are connected to the Internet, but also cars and industrial plants. This also makes them a potential target for hackers. Different operating systems and standards offer numerous vulnerabilities that cybercriminals can exploit. In an interview with experts, we discuss how the IoT can be made secure.

Tatjana Hein"
Olaf Pursche"
Rainer M. Richter"
Joshu Wiebe"

6 p.m.: End of Conference Day 1

Starting at 6:30 p.m.

Internet Security Night 2022

The Internet Security Night 2022 will also take advantage of the extraordinary surroundings of Phantasialand and provide a special atmosphere with lots of opportunities for networking.

The Internet Security Night is hosted by:

Bild Arne Schoebohm

09:00 a.m.: Keynote Cybersecurity as an enabler for successful digitalisation

Arne Schönbohm, Federal Office for Information Security

Content of presentation

In this presentation, Mr. Arne Schönbohm will explain the situation of cybersecurity in Germany and the challenges and risks that companies have to prepare for. He will also explain how the BSI, as the federal cybersecurity authority, is shaping information security in Germany, developing countermeasures and working with partners to establish cybersecurity not as an obstacle but as an enabler for successful digitalisation “made in Germany”.

ISD 2022 - Agenda 5

In the beginning, was security– a pipedream?

ISD 2022 - Agenda 7

Trust in the Internet - Trust me if you can

Vivien Schiller
Lisa Reinhardt

09:30 a.m.: Mindhack or Mindfuck?

Vivien Schiller, adesso SE

Lisa Reinhardt, q_perior

Content of presentation

We would like to show that security cannot only be considered from a technological perspective, but that the human factor plays a central but fragile role. We prove this fragility by using the example of cognitive biases that arise from our two systems of thinking. We show why these biases exist and how we can counteract them with blended learning. To do this, we outline how companies can use externally and self-directed processes to heighten their employees' awareness of cyber risks. We use two employee awareness projects as examples, one of which was online and the other of which consisted of a mix of face-to-face and online learning. Here we show advantages and disadvantages from each form of learning and highlight why a blend is more sustainable. The aim is to show that pure online learning formats do not guarantee sustainable knowledge transfer, but that more emphasis must be placed on individual forms of learning.

ISDs 2022 - Agenda 77

10 a.m.: Security Awareness Must Rock - New Ways to Raise Employee Awareness - Insights from Swisscom (Schweiz) AG

Marcus Beyer, Swisscom

Content of presentation

There is certainly no longer any need to highlight the fact that cybersecurity must be one of the most important topics in organisations and companies, and that a strong security culture must be an indispensable part of protective measures. Employees are the most important link in the security chain in the fight against cybercrime. But how do I manage to find the right communication and training measures to motivate employees in this task and to get them on board?

In his session, Marcus Beyer will address the following aspects:
- A look at the human factor in security processes in companies and organisations.
- Insights into security awareness measures - training as well as communication - from a critical infrastructure company - Swisscom (Switzerland) AG

Bild Martin Wundram

10:30 a.m.: It looks like you have to go to the university hall

Martin Wundram, DigiTrace GmbH

Content of presentation

Why writing good reports is important and what we can do about it. Especially in stressful phases - e.g. during an incident response or when creating guidelines and other specifications - a real competitive advantage is communication where we understand each other with the necessary commitment and work efficiently.

Dr. Bargstaedt Franke

09:30 a.m.: Cybersicherheit für digitale Identitäten und mehr

Dr. Silke Bargstädt-Franke, BSI 

Content of presentation

Digital identities have become an integral part of our everyday lives; they are a cornerstone of our daily (professional and private) digital activities.

The forms range from simple accounts with email providers or operating system manufacturers to the sovereign core identity that is digitally stored on practically every identity card for all German citizens.

The cybersecurity of such an important component of digital life is therefore an essential matter.


In this presentation, we will highlight current developments, starting with digital (sovereign) identities.

Boris Hemkemeier

10 a.m.: From Hacking to Storytelling: Two decades of cybercrime and what we can do about it

Dr. Boris Hemkemeier, Commerzbank AG

Content of presentation

In the early 2000s, phishing spilled over from the USA to Europe. In the meantime, operating systems are more secure, customers are more enlightened and the technical procedures in online banking are almost impossible to overcome in practice. Nevertheless, cybercrime is a growth industry because the attacks have shifted from technology to trickery. Phishing, technician support and WhatsApp fraud, grandchild trick 2.0. but also CFO fraud and even ransomware all depend on storytelling. We discuss which countermeasures are effective beyond secure technology.

Andreas Vollmert

10:30 a.m.: Secure Proof of Identity via Own Online Bank Account

Andreas Vollmert, Swisscom Trust Services AG

Content of presentation

To generate an electronic signature (qualified electronic signature), the signatory must be definitively identified. Current identification methods are provided either by having the signatory appear in person or remotely via VideoIdent. A full digital identification process has so far only been created via the eID on the German ID card. The online bank account of a signatory provides a crucial anchor for identity verification according to eIDAS. In 2019, Swisscom has had this process certified as Account Ident under eIDAS for QES and offers this process for bank accounts in Germany. How partner companies use this identification procedure in Germany and what advantages they have over the classic procedures will be demonstrated.

11:00: Intermission & Networking

11:30 a.m.: Panel discussion: Resilience in IT infrastructures - where are we heading?

Klaus Landefeld, eco – Association of the Internet
Thomas Niessen, Kompetenznetzwerk Trusted Cloud e.V.
Steve Ritter, Bundesamt fĂĽr Sicherheit in der Informationstechnik (BSI)
Moderation: Philipp Ehmann, eco Association


Content of presentation

It is becoming increasingly common for important tasks in business and administration to be carried out with the help of digital technologies. The importance of digital technologies for society is thus increasing enormously. As such, the availability and integrity of networks and services is understood more and more as a question of resilience against various threats and hazards. Together with our panellists, we plan to discuss the situation regarding the digital resilience of citizens, business and administration in Germany. Building on this, we aim to discuss possibilities and opportunities for improving resilience in the digital space and, last but not least, to look at possible regulatory support for these issues.

Klaus Landefeld"
Thomas Niessen"
Steve Ritter"
Philipp Ehmann"
ISDs 2022 - Agenda 29

12:30 p.m.: Cybersecurity Technologie und Innovation

Dr. Michael Lemke, CSO HUAWEI TECHNOLOGIES Deutschland GmbH

Sponsered by: ISDs 2022 - Agenda 28


+ Looking at the big picture Cybersecurity Technologies in the Device-Cloud-Pipe paradigm.
+ Risk control examples from the trusted environment, CPU protection, web services, etc.
+ An outlook into the near future

ISDs 2022 - Agenda 72

11:30 a.m.: Passwords: Gateway Number 1

Mark Heitbrink

Content of presentation

The presentation wants to place a finger at the crux of a thorny problem. It provides answers to the questions: Which regulations should be applied? How do I get my users to comply with them? Which supporting tools can be used? How do attackers behave today? From management software to 2FA.

The presentation contains several demos that can be implemented and practised directly in your own working environment.

Patrick Ben Koetter

12 p.m.: DNS - Mother of all Identities

Patrick Ben Koetter, sys4 AG

Content of presentation

DNS, the Domain Name System, is the mother of all identities. When our devices connect to other services or devices, they submit a query to the DNS and the DNS tells them the IP address. This answer is followed blindly by our devices and therefore by us. This is a mistake, because traditional DNS has no way to a) identify the answering server as the unambiguously authorized server and it also cannot b) prove that the answer has not been falsified.

Only the extension "DNSSEC" is able to hand over DNS answers in a digitally credible form and only then do our devices and ourselves have responses on which we can base our further actions, e.g. the browser connection with online banking.

The presentation shows why DNS became the way it is, in which points it differs massively today from the usage scenario at that time and in which way DNSSEC helps to secure DNS today.

Michael Veit

12:30 p.m.: Be prepared for all modern cybersecurity incidents with Managed SOC Services

Michael Veit, Technology Evangelist, Sophos Technology GmbH

Sponsored by:    sophos gmbh

Content of presentation

Once ransomware & co. have struck a company, damage limitation is usually only possible to a very limited extent. The primary goal of a modern cybersecurity strategy must therefore be the proactive detection of potential threats in order to nip cyber attacks in the bud. This is where Managed Detection and Response (MDR) comes into play.

  • How well is cybersecurity positioned at your company at the moment?
  • When should you consider an MDR service?
  • What are the advantages of such a service?

1 p.m.: Intermission & Networking

Johann Grathwohl

1:45 p.m.: Log4Shell and what we haven't yet learnt from it

Johann Grathwohl, CONITAS GmbH

Content of presentation

To mitigate the log4j vulnerability, the functionality that led to the vulnerability has since been removed. Many software products affected by the vulnerability have now been patched by the vendors by replacing the vulnerable version of log4j with the updated version.
However, the actual cause of the vulnerability has not even been named yet.
Log4j worked as it should, the vulnerability was not a bug but a desired functionality that was included in the library for many years. The problem is rather that a complex library with great functionality is used for a simple task and user-generated content was passed to this library without input validation. The cause is not in log4j but rather that log4j was used without checking whether the functionality is needed at all. Security-by-Design is different.

Bild Markus Bartsch
Thorsten Urbanski

2:15 p.m.: Lost Sovereignty? Digital Sovereignty in the Context of Cybersecurity

Markus Bartsch, TĂśV IT

Thorsten Urbanski, ESET Deutschland

Content of presentation

Digital sovereignty can only be ensured if measures are implemented that protect against or prevent unauthorized data access or, in the case of particularly complex digital applications, at least detect such unauthorized data access.
But what is required for this? What is meant by the buzzword digital sovereignty and what is required in the context of the factually changed geopolitical situation?

Prof. Dr. jur. Dennis-Kenji Kipker

2:45 p.m.: Supply Chain Regulation and EU Chips Act: More Hardware Sovereignty by Legislators?

Prof. Dr. jur. Dennis-Kenji Kipker, CERT@VDE

Content of presentation

More than two years of the pandemic have shown that global upheavals can have significant consequences on the provision and availability of trusted hardware and thus cybersecurity. German lawmakers have addressed this issue through so-called "guarantee declarations" for critical hardware components with the IT Security Act 2.0, and EU lawmakers presented a comprehensive regulatory instrument to (re)establish European hardware sovereignty with the EU "Chips Act" in February 2022. On paper, the legal concepts sound good - but are they actually capable of achieving the lofty goals, or are they not rather just associated with considerable additional expenses for companies without any concrete output for the security and availability of systems? Accordingly, the presentation outlines the new regulations and subjects them to a critical evaluation.

Markus Schaffrin
Frank Schmeiler

1:45 p.m.: Security and Digital Identities in a Digital World

Markus Schaffrin, eco.Association

Content of presentation

Together with the research and analyst firm techconsult, the eco Association has investigated the following: How do companies, citizens and public authorities rate the potential of digital identities? Authors and experts will present the results.

02:15 pm: Panel “Digital Responsibility Goals – Guidelines for a responsible use of innovative technologies”.

Andreas Weiss, eco e.V.

Ralf BenzmĂĽller, G Data Cyber Defense

Jutta Juliane Meier, Identity Valley Research gUG

Content of presentation

The basis for sustainable use of innovative technologies and digital providers is trust. That is why the initiators behind the Digital Responsibility Goals have brought together leading minds from research, industry and politics to develop guardrails for ethical action that are in the tradition of European value culture and provide orientation for the development of a trusting digital space. Gaia-X may also be a prominent application example of DRGs. But how exactly is trust made measurable, what goals have been achieved so far, and what comes next?

Andreas Weiss"
Ralf BenzmĂĽller"
Jutta Juliane Meier"
Felix Lindner

3:15 p.m.: Keynote History Repeats Itself (for those who don't learn from it)

Felix Lindner, Recurity Labs GmbH

Content of presentation

In the beginning, security was by no means an issue. In the very beginning, everything was kept under the strictest secrecy and was punishable by military law! Security only plays a role when the threat of punishment no longer has any effect: It is an expression of the resilience of an overall system, even in the face of internal weaknesses and failures. It is an expression of a system's freedom, it is a promise both internally and externally.

A historical excursion to sights of vulnerability genres inhabiting different zones of the CIA triangle often helps in the view and measurement of the current and future challenges in an appropriate context. That is what this keynote seeks to provide.

4 p.m.: Close

29 September 2022

Workshop 1, 11:30 a.m. - 1:30 p.m.

Email - Secure Deliverability and Prevent Identity Abuse

Patrick Ben Koetter
Florian Vierke

Patrick Ben Koetter"
Florian Vierke"


What is "Email Authentication" (SPF, DKIM, DMARC)? What problem is it trying to solve and why do I really need it?

In this workshop, the leaders of the E-Mail Competence Group, André Goermer and Patrick Ben Koetter, will shed light on legal basics, technical implementation and, most importantly, the right way to implement SPF, DKIM and DMARC.


  • What is DMARC / DKIM / SPF and why do I need these?
  • How do I implement Email Authentication correctly, what do I have to pay attention to?
  • What changes will there be for monitoring?
  • How can GDPR compliance be ensured?
  • Which software can be used?
  • What changes will there be for the DNS infrastructure?


About the speakers

Patrick Ben Koetter

Patrick Ben Koetter has been an expert in the field of email for 25 years. He heads the Competence Groups "Email" and "Anti-Abuse" of eco and is, on behalf of the BSI, author of the upcoming Technical Guideline TR-03182 "Email Authentication".

Guideline TR-03182 “Email Authentication”.

Florian Vierke

Florian has been working in email deliverability for over 12 years. He is currently responsible for the global deliverability service department at Mapp.

He is actively involved in various associations and organisations, such as the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the Email Competence Group (eco Association) or the German Dialogue Marketing Association (DDV). He is also a member of the Control and Complaints Committee of the Certified Senders Alliance (CSA).

Currently, Florian’s favourite topics include “meaningful data evaluation”, data security and technical authentication.

Workshop 3, 3 p.m. - 5 p.m.

Cyber Incidents from an Insurance Perspective

Andreas Reinhardt
Niclas Gampe




Decision-making aids for cyber insurance

This workshop aims to shed light on the question, “Does my company need cyber insurance?” Mr. Andreas Reinhardt from Dr. Ellwanger & Kramm Versicherungsmakler GmbH & Co KG, and Mr. Niclas Gampe, cyber industrial customer business specialist at AXA Versicherung AG, will shed light on the offers and services of cyber insurance in this workshop.


  • Legal basis
  • Offers from the insurance industry
  • Claims of third parties in the event of damage
  • Settlement of the damage in your own company
  • Structure of a cyber insurance
  • Presentation of real cases of damage

About the speakers

Andreas Reinhardt, Senior Consultant at Dr. Ellwanger & Kramm GmbH & CO KG, Stuttgart. Responsible for information and telecommunications industry terms and conditions, underwriting and claims coordination within the E&K special department for ITK insurance.

Niclas Gampe, Specialist Cyber Industrial Client Business at AXA Versicherung AG

Workshop 2, 3 p.m. - 5 p.m.

Lego® Serious Play® as a moderative tool for team mission, sounding boards and planning sessions

Marcus Beyer, Swisscom

Marcus Beyer"


As an open source method, Lego® Serious Play® (LSP) offers "thinking with your hands", creates a shared experience, a vivid basis for discussion and, above all, a shared commitment to the selected issue. In principle, the LEGO® Serious Play® method is suitable for understanding complex problems and then developing suitable approaches to solving them. With the help of LEGO® bricks, unconscious experience and knowledge potentials are uncovered, which are ideal prerequisites for innovation developments. LEGO® Serious Play® is a structured process that builds on itself.
Participants build a model, which first acquires meaning through storytelling. Subsequently, the model is deepened and reflected upon through questions. This leads to a sustainable and common understanding. Interpersonal aspects fade into the background, as the discussion is about the model and not about the person.

About the speaker

Marcus Beyer has more than 18 years of experience as a communicator, change manager, moderator, social engineer and consultant in the field of IT and information security. Internal (project) communication with a focus on information security, IT and/or BCM processes is his métier, security awareness his mission. He is responsible for the entire topic of security awareness at Swisscom (Switzerland) AG and actively promotes the change process towards a stable and sustainable security culture in the company. He is a member of the advisory board at Hoxhunt, on the board of the Swiss Internet Security Alliance (SISA) and is host of the “SecurityAwarenessInsider” podcast.

30 September 2022

Workshop 4, 9 a.m. - 11 a.m.

Hacking Gamification – From Zero to Admin Pwned


Joseph Carson"


This is a journey inside the mind of an ethical hacker's response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show the attacker's techniques used and how they went from zero to full domain admin compromise that resulted in a nasty ransomware incident.

The participants learn:

  • How attackers gained access to a system
  • Established staging
  • What tools were used
  • What commands were executed
  • How the ransomware was delivered
  • How AD elevation was achieved

About the speaker

Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, is an award-winning cybersecurity professional and ethical hacker with more than 25 years’ experience in enterprise security specialising in blockchain, endpoint security, network security, application security & virtualisation, access controls and privileged account management. Joe is a Certified Information Systems Security Professional (CISSP), active member of the cybersecurity community frequently speaking at cybersecurity conferences globally, often being quoted and contributing to global cybersecurity publications.

Workshop 5, 9 a.m. - 11 a.m.

IT-Forensics Readiness Workshop - Tracking the Attacker Undercover

Marcel Schäfer, IT-Sachverständigenbüro Schäfer
Volker Wassermann, bridge4IT

Marcel Schäfer"
Volker Wassermann"


In this workshop, the following topics will be covered:

  • Sharing experiences of tried and failed forensics concepts
  • First-aiders for occupational security is self-evident, why not for IT?
  • First aider principle quickly explained: what must be included?
  • Use of authorities and investigators
  • Content of an emergency plan / Simple first implementations
  • Crisis team or going it alone?
  • When is the right time to involve an IT forensic expert?
  • Legal issues (no legal advice in terms of the German Legal Services Act - RDG)

About the speakers

Two IT forensic experts from NRW have extensive experience in the investigation, analysis and presentation of data from cybercrime offences. Marcel Schäfer and Volker Wassermann are also IT experts, have been cooperating for several years and advise customers on strategic IT decisions. They train employees of IT departments in the topics of awareness and IT forensic readiness. Both are also regularly involved in the working groups of the eco Association, as well as the Information Security CG of with their existing expertise. Both have the goal of preparing companies and their IT departments for incidents and emergencies, but they also help today in numerous cases where it is often already too late. Reconstruction of facts, attack scenarios and clean-up work are daily business. Likewise, both are active as external data protection officers and use this expertise to handle data from incidents in a legally compliant manner.

Information on Ticket Booking


Workshop 1, 2 and 4:  €49.00 each

Workshop 3: free-of-charge



A workshop ticket can only be purchased in combination with a ticket to the ISD.


Ticket booking

In the first step, book the ticket for the conference taking place on 16 and 17 September. In the next step, enter your participant data and then select the preferred workshop. You can register for more than one workshop.