[Netzwoche feature] Global Cyber Conference in Zurich: FBI horror stories, Dune analogies and the issue of skills shortages

ConferenceNews

This article is a feature by Netzwoche, published on 02.12.2024, written by Coen Kaat and tme. You can find the original article here. 

The third edition of the Global Cyber Conference took place in November. The conference aims to bring the global cybersecurity industry together in Zurich – with numerous renowned speakers on various topics.

Photo 1: In addition to the numerous presentations, there were also many panel discussions at the Global Cyber Conference 2024. / Photo 2: Moderator Olivia Kinghorst on the stage. / Photo 3: The Global Cyber Conference once again took place at the Dolder Grand in Zurich. (Source: Netzmedien)

At the end of November, the Dolder Grand brought together the global “who’s who” of the cybersecurity industry under one roof. This is the aim of the Global Cyber Conference, which took place this year on November 26 and 27 at the 5-star hotel in Zurich. 320 people from 50 countries and 5 continents attended the third edition of the conference, explained moderator Olivia Kinghorst and Samir Aliyev, CEO of the organizer Swiss Cyber Institute, on stage.

The focus was on knowledge transfer and networking. The presentations will therefore not feature sales pitches, but best practices. Most of the presentations are also very short. In 15 minutes, the speakers had to focus and really get to the heart of their presentations.

The second edition of the Swiss CISO Awards was also part of the Global Cyber Conference. The awards were presented together with EY. Find out who was honored with an award and who can call themselves Swiss CISO of the Year here.

Samir Aliyev, CEO of Swiss Cyber Institute. (Source: Netzmedien)

For the opening keynote, the conference brought Stefan Andonovski, the Minister for Digital Transformation of North Macedonia, to Switzerland. Andonovski reminded the audience that digitalization is not just about keeping up with the latest trends and implementing new technologies. It is also about securing them – ideally right from the development stage.

The challenges surrounding cybersecurity are “even more intense” in the Western Balkans, said Andonovski. The number of ransomware attacks, for example, has risen by 200 percent. “These are not just data points,” he said. “These are real threats to individuals and businesses.” But no one stands alone in cyberspace, said the minister, concluding his speech by emphasizing the importance of cooperation in cyber defence in order to strengthen everyone’s resilience.

Stefan Andonovski Minister for Digital Transformation of North Macedonia. (Source: Netzmedien)

Secure development – instead of developing with security specialists

Florian Schütz gave the second opening keynote. The Director of the Federal Office for Cybersecurity (BACS) had already given a speech at the conference last year (read more here).

This year, Schütz addressed the shortage of skilled workers. “Is there really a skills shortage?” he asked the audience. “Or are we simply doing it wrong?” Schütz was convinced that the latter was the case. “We can’t afford to have a cybersecurity specialist sitting at every developer’s side telling them how to develop software securely.” Software developers need to know the security aspects of software themselves – just like a car mechanic knows the security aspects of vehicles.

Florian Schütz, Director of the Federal Office for Cybersecurity. (Source: Netzmedien)

The Swiss training system with the apprenticeship system could be used to teach these skills in a very targeted way for the respective jobs. “This is an opportunity to train workers who can actually produce a secure product,” said the BACS Director. Then we would see far fewer security problems.

What cybersecurity specialists have in common with the Fremen from Dune

Peter Kosel, founder and Talent Community Manager, and Joshua Bucheli, Talent Community & Business Development Manager at Cyberunity, also addressed this topic during the conference. In their presentation, they compared efficient talent management with the world of Dune. In the books and movies, the Fremen live on the desert planet Arrakis with little to no water, they explained. To prevent wasting water, their most important resource, they wear “stillsuits – suits that collect sweat, breath moisture or other bodily fluids to conserve the critical but scarce/limited water available to them so that it can be treated and reused,” as they explained.

Peter Kosel, Founder and Talent Community Manager, and Joshua Bucheli, Talent Community & Business Development Manager at Cyberunity. (Source: Netzmedien)

In cybersecurity, the limited and critical resource is not water, but talent, i.e. cybersecurity specialists. “Given that there are so few cybersecurity specialists and the workforce gap is widening rather than narrowing, perhaps the solution to the ‘war’ for talent is to be more efficient with the talent we have available,” Kosel said.

“Maybe we need to be more frugal with that talent – reusing it, redistributing it, swapping it and even sharing it,” Bucheli said. “If cybersecurity specialists can circulate more efficiently in the marketplace, then maybe we can also, like the Fremen of Arrakis, do more with less and stretch this finite resource so that there’s enough for everyone.”

You can also read Peter Kosel’s column: “Know your Talents” instead of “War for Talents”.

Diverse teams for diverse roles

Among the many speakers was Tana Dubel, CISO of Logitech. She gave her speech on the second day of the conference. The evening before, she had received the CISO of the Year award, as you can read here. Her speech was about inclusive cyber security practices and how different perspectives benefit cyber defense.

Tana Dubel, CISO of Logitech and CISO of the year 2024. (Source: Netzmedien)

In contrast to Florian Schütz, she was again clearly of the opinion that there is a shortage of skilled workers. “There is a global shortage of 2.8 million talents in cybersecurity,” she said, adding that the figures vary. In addition, there is a lack of diversity in the field – worldwide, the proportion of women is only 25 percent. “And here in Switzerland, the proportion is even lower,” said Dubel. However, diversity is not just about the proportion of women, but also about “different nationalities, age groups, learning methods and much more”.

However, cybersecurity is an opportunity to build diverse teams. After all, the sector offers a range of very different roles. “The European Union Agency for Cybersecurity (ENISA), for example, lists 12 different roles and profiles, ranging from technical to managerial and operational roles and profiles,” said Dubel. “And to fulfill these diverse roles, we need a diversity of skills and experience in our teams.”

Per aspera ad astra

Of course, HR was not the only topic on the two days. Alina Matyukhina, CSO and Global Head of Cybersecurity at Siemens SI Buildings, also gave an opening keynote and spoke about how to secure complex organizations. Matyukhina recommended three steps for organizations that are just starting to implement cybersecurity or if they want to improve their maturity in the field.

  1.  A clear allocation of roles and definition of responsibilities. “Because employees need to know who they can turn to with their cybersecurity concerns,” she said.
  2. Embed cybersecurity in the processes. In addition, the company should start to certify its processes and products.
  3. Leading by example and sharing experiences with the community. “Because cybersecurity is not a job for just one man or woman. It requires a team.”
Alina Matyukhina, CSO and Global Head of Cybersecurity at Siemens SI Buildings. (Source: Netzmedien)

“With this in mind, I would like to share my personal motto with you,” said Matyukhina. “Per aspera ad astra” – the Latin phrase from Seneca translates roughly as ‘through hardship one reaches the stars’. Cybersecurity is a constant challenge, said Matyukhina. “But through these challenges, we can grow and innovate.”

When the FBI knocks on the door

One company that has already arrived at Matyukhina’s third step and is sharing its experiences with the community is Cloudflare. “Have you ever been involved in a serious cyber incident?” Christian Reilly, Field Chief Technology Officer EMEA at Cloudflare, asked the audience at the Global Cyber Conference. “Of course, no hand goes up with that question because nobody wants to admit to something like that,” he joked. So he began with his story.

In 2013, the FBI knocked on his door. “And for those who have never seen the FBI for themselves: Yes, they look just like in the movies!” The FBI wanted to know from Reilly why the company was passing on data from the US Department of Defense to Chinese state-sponsored threat actors. “The first reaction, of course, is: How do they know that? Before you realize that of course you can’t ask the FBI that question,” Reilly jokingly continued.

Christian Reilly, Field Chief Technology Officer EMEA at Cloudflare. (Source: Netzmedien)

This was followed by 14 months of forensic investigations to find out exactly what had happened and how an intruder had been able to snoop around the network unnoticed for so long. “This was despite the fact that we had invested millions and millions in what we believe is the best cybersecurity in the industry.”

“There’s no tabletop exercise you can do, no simulation that will prepare you for the FBI knocking on the door,” Reilly said. The biggest challenge for companies right now, he said, is the established, historical zero-tolerance culture for failure. “We humans are programmed for success, not failure,” he said. This makes the shift to an “Assume Breach” mentality difficult. “But I’m really convinced that the more we rely on this culture of protection, this culture that we can’t fail, the harder it will be for us to actually be safe.”

Subscribe for updates

We share the most important cyber security news. Stay informed for free and stay cyber secure.