Schedule

Conference – October 20, 2026

Shadow IT

Talks Partner Talks
Thomas Naunheim's avatar
Thomas Naunheim
Cyber Security Architect at glueckkanja
Show description
Many organizations face the challenge of effectively securing their privileged users while also avoiding lateral movement paths when delegating privileged access. In addition, operating and further developing Privileged Admin Workstations (PAWs) generates significant effort and complexity.
Stephane Adamiste's avatar
Stephane Adamiste
Information Security & Data Privacy Expert at Soluss AG
Show description
Swiss electronic voting is one of the most scrutinised and controversial topics in cybersecurity, marked by significant public criticism and vulnerabilities uncovered in earlier system versions. This talk shares field experience from auditing the Swiss e-voting system, focusing on infrastructure and operations. It explores the concrete challenges faced during audits, from assessing complex and distributed architectures to verifying controls across organisational boundaries, and provides an informed perspective on the security of the system.
Sébastian Schnyder
Manager Cyber Threat Intelligence Services Europe at Google
Mazin Ahmed's avatar
Mazin Ahmed
CEO and Founder at Fullhunt
Show description
Shadow IT doesn’t come from one bad decision. It builds up over time as infrastructure grows, people move between teams and companies, vendors deploy systems, cloud environments change, and documentation falls out of date. A single forgotten development instance or an untracked database server can become the path to a serious breach. I have spent years running Internet-wide scanning and building the tooling behind it at FullHunt. I have also run hundreds of security reviews focused on Shadow IT and the ways organizations gradually introduce risk into their external attack surface. In this talk, I’ll show how Shadow IT grows and scales across organizations and the recurring patterns I have seen in the wild. I will introduce the Attack Surface Reduction Maturity Framework, a practical model organizations can use to understand where they stand in their attack surface reduction journey and how they can move from outdated inventories to continuous visibility. Finally, I will present real findings discovered during this research and responsibly disclosed to Swiss organizations.
Copyright © 2026
 
Swiss Cyber Storm
Hosting graciously provided for free by Nine