Schedule – Oct 28, 2025

Resilience in a mad, mad world

Download the schedule as a PDF file: [coming soon]
To see the abstract of a talk click on its title.
Talks with a gray background are talks related to the main topic “Resilience in a mad, mad world”

Expand All +

  • Scenario


  • "Smart City" has been a trendy buzzphrase used by politicians, city planners, and tech companies for over a decade now — but their shiny promises gloss over dangerous realities. Downtime and damages in municipalities due to cyberattacks regularly make the news, but we focus primarily on securing and recovering IT systems. Smart Cities by nature use a combination of IT and OT systems, but have no established or holistic approach for managing overlapping risks to both. The consequences to security from varied stakeholders involved in Smart City planning and implementation go unexamined. Human hazards, vulnerable devices, and data management issues build on these to create diverse and creative attack paths for all sorts of threat actors.

    Smart Cities present a ubiquitous and unique combination of risks which must be comprehensively assessed in order to improve procedural and operational security, reliability, and resilience. By reframing our understanding of what Smart Cities are, we can use and integrate pre-existing actionable strategies to prepare and defend against threats ranging from pandemics to nation-state attacks. As politically motivated cyberattacks expand in reach and collateral radius, we need to prepare our cities for when they become the next battlefield.

    This talk aims to expand our definition of Smart Cities; discuss the data, human, and technological risks that they face; and share resources on how to deal with them.

  • The talk sheds light on the complex interplay of humans and technology in cybersecurity. It provides insights into the relevance of the human factor in cybersecurity and explains why it is not sufficient to make cybersecurity technologies usable to enhance security. Rather than independent system components or even “enemies”, humans and technology should be considered as a team. Augmenting each other’s strengths can enhance resilience, i.e., the ability to adapt to unforeseen circumstances – which is crucial in uncertain times.

    To illustrate the ideas, the talk provides insights from current research projects such as on designing AI-based decision-support tools for cybersecurity experts.
    Resilience in a mad, mad world

  • Sponsoring - Panorama


  • Microsoft 365 has become a cornerstone of enterprise productivity — and a growing target for sophisticated cyber threats. In this talk, we’ll explore how Swisscom’s B2B CSIRT has optimised the incident response process for Microsoft 365 through automation and expert-driven detection logic.

    We’ll introduce Swisscom’s Next-Gen IR automation framework, which enables rapid, secure collection of forensic logs by registering a dedicated application in the customer’s tenant with appropriate permissions. This automation significantly accelerates the start of investigations and ensures comprehensive visibility across M365 workloads.

    Once data is collected, it's analysed through a set of continuously updated detection rules, crafted and maintained by Swisscom’s B2B CSIRT analysts. These rules identify key threat patterns — from account takeovers to malicious app registrations — enabling faster triage and more accurate investigations.

    To bring this to life, we’ll walk through a real-world case of a Microsoft 365 compromise, showcasing how the automation and detection rules were used to quickly uncover the attacker’s activity, reconstruct the timeline, and guide the customer through targeted remediation.

    Whether you're defending Microsoft 365 environments today or preparing for tomorrow’s threats, this session offers a real-world view into modern, efficient, and intelligent cloud incident response.