Conference – October 20, 2026
Shadow IT
| Talks | Partner Talks |
|---|---|
Jeroen van der Ham-de Vos Associate Professor
at
University of Twente | Thomas Naunheim Cyber Security Architect
at
glueckkanja Show descriptionMany organizations face the challenge of effectively securing their privileged users while also avoiding lateral movement paths when delegating privileged access.
In addition, operating and further developing Privileged Admin Workstations (PAWs) generates significant effort and complexity. |
Stephane Adamiste Information Security & Data Privacy Expert
at
Soluss AG Show descriptionSwiss electronic voting is one of the most scrutinised and controversial topics in cybersecurity, marked by significant public criticism and vulnerabilities uncovered in earlier system versions.
This talk shares field experience from auditing the Swiss e-voting system, focusing on infrastructure and operations.
It explores the concrete challenges faced during audits, from assessing complex and distributed architectures to verifying controls across organisational boundaries, and provides an informed perspective on the security of the system. | |
Ivano Somaini Regional Manager Zürich
at
Compass Security AG | |
Sébastian Schnyder Manager Cyber Threat Intelligence Services Europe
at
Google | |
Andres Maurer Executive Chairman
at
prod @g | |
Mazin Ahmed CEO and Founder
at
Fullhunt Show descriptionShadow IT doesn’t come from one bad decision.
It builds up over time as infrastructure grows, people move between teams and companies, vendors deploy systems, cloud environments change, and documentation falls out of date.
A single forgotten development instance or an untracked database server can become the path to a serious breach.
I have spent years running Internet-wide scanning and building the tooling behind it at FullHunt.
I have also run hundreds of security reviews focused on Shadow IT and the ways organizations gradually introduce risk into their external attack surface.
In this talk, I’ll show how Shadow IT grows and scales across organizations and the recurring patterns I have seen in the wild.
I will introduce the Attack Surface Reduction Maturity Framework, a practical model organizations can use to understand where they stand in their attack surface reduction journey and how they can move from outdated inventories to continuous visibility.
Finally, I will present real findings discovered during this research and responsibly disclosed to Swiss organizations. | |