SEMAFOR CONFERENCE IS ONE OF THE MOST IMPORTANT EVENRS CONCERNING INFORMATION SECURITY AND IT AUDIT IN POLAND.

 

SEMAFOR is a great chance to hear about the latest threats and meticulously chosen case studies concerning cybersecurity. During the event you can expand your knowledge and establish and maintain relationships in the community of IT security and audit. It’s a meeting place and a co-operation platform for cybersecurity managers with a wide range of solution suppliers in that sector.

Let’s meet on March 14 and 15 2024 at PGE Narodowy in Warsaw.

SEMAFOR is one of the biggest events in the sector of cybersecurity and IT audit in Poland, which is very popular among its participants. The previous edition gathered 425 participants. 

Meeting of several hundred people, a wide range of suppliers of cybersecurity solution in Poland and around the world, and the most important organizations affiliating ICT security managers makes SEMAFOR a true celebration of cybersecurity sector, full of knowledge, behind-the-scenes conversations, and social meetings.

A two-day program consists of plenary sessions and 4 content blocks, which allow for program customization. The last year was a huge challenge for all of us, and cybersecurity sector became one of the key elements providing business continuity and a chance for surviving for many modern enterprises. The scale of cyberattacks has become incomparably bigger. Cybercriminals take advantage of innovative techniques and tools, which serve their purposes and represents a threat for functioning of companies. What priorities a cybersecurity manager should have in this situation? Which technologies should you choose if we want to secure our enterprises and ourselves?

This year we will also devote a lot of attention to organizational aspects, so that our conference provides great inspiration and many business contacts, at the same time being a pleasant social event. Join us!

 

Semafor 2024 is

2

days

4

content blocks 

60+

speakers

400+

participants

Why should you take part in SEMAFOR 2024?

PROGRAM

A 2-day program with 4 content blocks is an opportunity to customize your agenda along with your own interests.

IN-PERSON FORMULA

It provides indispensable networking, an opportunity to expand business contacts, and more openness to share unique knowledge.

WIDE RANGE OF SUPPLIERS

An extensive exhibition zone is a great chance for talks with a wide range of cybersecurity solutions providers in one place.

INTEGRATION MEETING

An evening organizational meeting outside PGE Narodowy will allow for building contacts in an informal, social atmosphere.

Taking part in the event will be a great inspiration, but also an intense time in terms of social meetings.

CPE POINTS

Participation in the Semafor 2024 conference is CPE Points for the certificates: CISSP/ CISA/ CISM/ CRISC/ CGEIT

Photo gallery

In the program

 

Artificial Intelligence, Misinformation, Deep Fakes and the complex legal terrain, a new era of business risk

Dr. Shawn P. Murray, President, Information Systems Security Association, International Board of Directors

In 2023, the world witnessed new and ongoing conflicts that have impacted global markets and economies. We have seen controversial leaders, governments and influencers use digital media platforms to manipulate opinions and alter behaviors. Cyber-attacks are becoming more complex, and the resources needed to combat these threats need to be even more complex.

In 2024, we will continue to see ransomware attacks, misinformation campaigns and advances in AI. People will have to determine the credibility of the digital media that they consume or are exposed to due to the onset of quality generated Deep Fakes. Governments are slow to address these issues legally which further impacts citizens and businesses. The presenter will discuss these topics and more!

 

Let’s Learn To Walk Before We Run With AI

Sue Milton, ISACA UK Advocacy Task Force

Unlike cybersecurity, which took years for business leaders to take seriously, AI has caught their attention, imaginations and fears. Together, we are going to see what we – IT professionals, business leaders and business influencers – must provide as the sound foundations on which to use AI safely. We need a governance framework covering legislation, data, the algorithms, hardware, 3rd parties, supply chains and the environmental impacts. Let’s use AI to improve digital trust.

 

Built on Trust. Protecting what Windows and AV can’t

Corbett Hoxland, Chief Technologist, HP

 

Into the Stars and Beyond - Navigating the Beauty and Challenges of Integrated Satellite Systems

Andrea Polereczki, Founder, Board Member, Women4Cyber Hungary

Join us for a captivating journey into the realm of satellite systems with Andrea, a seasoned professional with a unique blend of military and media expertise.

Delve into the complexities of satellite infrastructure, where the beauty of space exploration meets the practical demands of secure communication and broadcasting. Through personal anecdotes and professional insights, Andrea will illuminate the delicate balance between military necessity and civilian accessibility within satellite systems.

Discover the compelling narrative of Her career, from military deployments to media ventures, and uncover the underlying theme of trust that underpins the vision for the future. By the presentation's conclusion, attendees will gain a deeper understanding of the potential for collaboration and innovation in building a secure space that serves both military and civilian needs.

Take advantage of this opportunity to explore the stars and beyond a more interconnected and resilient satellite ecosystem

 

Generative AI in Cybersecurity

Jim Wiggins, Founder, CEO, Federal IT Security Institute (FITSI)

This presentation dives into the dynamic intersection of Generative AI and cybersecurity, showcasing its transformative influence in modern digital defense strategies. It highlights how Generative AI is redefining threat detection, streamlining policy frameworks, and enhancing training approaches in cybersecurity. The session will also illuminate the complex ethical questions and privacy challenges posed by advanced AI technologies. Attendees will explore how these intelligent systems can be leveraged responsibly, ensuring robust cyber defenses while maintaining ethical integrity. The discussion will include real-world applications, demonstrating the practical impact of Generative AI in cybersecurity. This insightful exploration is designed to provide a deeper understanding of AI's role in shaping future cybersecurity landscapes.

 

Two-part Saga: Continuing the Journey of Hacking Malware C2s

Vangelis Stykas, CTO, atropos.ai

C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.

While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.

By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed.

Continuing the journey of how C2s evolved after my Defcon talk and how they fell for similar errors that lead into their pwning again.

This talk will also cover the ethical stance of security researchers and the communication with LEA on how those criminals can be taked down.

 

Cybersecurity – redefining threats

Krzysztof Dyki, Prezes, ComCERT S.A.

The presentation shows the latest and unconventional threats and statistics concerning cybersecurity and discusses the influence of the new geopolitical situation (Russian attack on Ukraine and its consequences for Poland’s cybersecurity). It also brings up the issues concerning ransomware and characterizes crime groups, their methods of operation, and financial aspects. We will also discuss the influence of AI and CDBC on the cybersecurity market. Towards the end we will focus on the role of CISO in the age of more and more complex technological environment and growing number of threats.

 

Most interesting mishaps of cybercriminals

Adam Haertle, Trener, ZaufanaTrzeciaStrona.pl

Examples of the most spectacular mishaps of cybercriminals, who stole billions and believed in anonymity of cryptocurrencies.

 

AI – is it only an adventure of mankind in the world of future? Can AI dominate the world we live in? What is Technological singularity theory and what role does AI play in it

Magdalena Skorupa, Global IT&D Director, Global Technology & Security, Digital Workplace, Reckitt

Here are some facts on AI and its influence on our future

Artificial Intelligence (AI) is a field of computer science. It deals with creating systems capable of performing tasks requiring human intelligence, which work using that intelligence.

AI is present in many areas, such as medicine, marketing, sales, robotics, our daily life, and many more.

Along with the development of technology, AI is becoming more advanced. It can influence the future of mankind. This is why it raises some doubts: some people are afraid that AI can dominate the world, whereas others believe that AI can help us solve many problems

Technological singularity theory claims that technological development can lead to the point in which AI becomes more intelligent than humans and takes control over the world. Some say that AI will level with human intelligence by 2030 and exceed it by 2040. Is there already a technology that manifests signs of self-awareness? How will our world change as soon as 2024-2025?

Technological singularity theory talks about a hypothetical moment in the future when technological development will become uncontrollable and irreversible, leading to unpredictable (at the moment) changes of our civilization. The main event supposedly leading to that moment would be creating artificial intelligence smarter than people. This artificial intelligence would be capable of creating even more efficient AI, triggering a chain reaction of technological changes.

Stanislaw Lem was a Polish writer and philosopher, known mainly for his sci-fi works. In his books he often raised the issue of artificial intelligence and the future of mankind. In the book “Golem XIV” he described how AI can become more intelligent than people and start to control the world. But is it actually probable? During the presentation the speaker will try to address the above issues

 

Security in cloud based on experience in Huuuge Games

Marcin Safranow, Dyrektor It & Security, Huuuge Games

Discover a complicated world of security in cloud in mobile game industry! The speaker will present the art of setup in cloud, talk about overcoming security challenges, and explain how to follow the best practices. The presentation will not only explain the complexities of cloud operations in Huuuge Games, but also provide practical tips on effective cost management and resource optimization in cloud. Taking part in the prelection is a great chance to gain new knowledge of security management from people, whose whole infrastructure has been running in cloud for more than 10 years

 

Development of artificial intelligence – evolution or revolution in internal audit?

Dr Romana Kawiak-Ciołak, Dyrektor Departamentu Audytu i Kontroli Wewnętrznej, Centralny Ośrodek Informatyki

Analysis of the influence of AI on the field of internal audit. The speaker will trace how AI technologies enhance traditional auditing processes, introducing (among others) automation, big data analysis, and predictive tools. We will reflect on the future of internal audit in the age of dynamic development of artificial intelligence, and explore the challenges, benefits, and new possibilities for experts in that field. We will try to answer the question whether the development of artificial intelligence in audit is a gradual evolution or maybe a radical, revolutionary change and a deep transformation in perceiving and executing internal audit

 

Building an unbreakable API defense in the world of web applications

Tomasz Janczewski, Wykładowca, Akademia Marynarki Wojennej

In the age of growing digital complexity, where web applications constitute a core of modern enterprises, the key is protecting the API – the foundation, on which these applications are being built. A presentation “Building an unbreakable API defense in the world of web applications” will be conducted by an expert with 20 years of experience in the IT industry, who will guide participants through the process of designing, implementing, and maintaining safe API interfaces.

During the session we will cover the following topics:

threats analysis, defense strategies, authentication and authorization, encryption and safety of transport, validation and sanitization of data, monitoring and responding to incidents, tools review.

The participants will gain comprehensive knowledge necessary to create API systems that are strong, resilient to attacks, and capable of meeting security challenges concerning modern web applications. The presentation will also include case studies showing effective application of mentioned techniques in practical scenarios.

 

AI and SDN in the service of cybersecurity

Jarosław Homa, Z- ca Dyrektora Centrum Cyberbezpieczeństwa, Politechnika Śląska Centrum Cyberbezpieczeństwa

The presentation covers a solution with a system protecting computer networks from DDoS attacks. The system is based on paradigm of programmable DSN computer networks, which uses AI algorithms revolving around machine learning and deep learning. The participants will gain knowledge of defense against DDoS attacks, and SDN in context of management and implementation in computer networks, cellular networks, or 5G

 

Can chatGPT substitute auditors?

Jan Anisimowicz, Chief Portfolio Officer, Board Member, C&F SA

In a rapidly evolving world where artificial intelligence (AI) is revolutionizing many facets of our lives, the world of auditing is no exception. Our understanding of traditional auditing roles and responsibilities is being challenged as we explore the potential of AI technologies in enhancing efficiency and effectiveness. With these profound developments, a vital question emerges, can ChatGPT Substitute Auditors?

My presentation brings to light an innovative perspective and promises an engaging discourse on this contemporary issue. The presentation has been designed to offer a comprehensive understanding of AI technologies, specifically the Language Model (LLM), Deep Neural Networks, Reinforcement Learning, and Transformers. The focus then shifts to the application of AI in auditing. Participants will learn how to harness the power of AI tools like ChatGPT to become a 'Turbo-auditor', a term signifying increased efficiency in auditing activities. Furthermore, they will be provided with an opportunity to assess the potential risks and benefits associated with the implementation of LLMs like ChatGPT, with a key emphasis on data privacy. The presentation also includes hands-on, real-life examples of how AI can be used to significantly decrease effort in various audit activities, potentially reducing up to 80% of the associated effort. Ultimately, this presentation seeks to provoke thought, promote discussion, and provide clarity on the pivotal question: Can ChatGPT indeed substitute auditors? This innovative exploration not only elucidates the practicality of AI in auditing but also invites us to envision and prepare for a future where AI might become an integral part of the auditing process.

 

How to turn a total failure (a successful ransomware attack) into a moderate success

Robert Bigos, Członek Zarządu, ISACA Katowice Chapter

Consequences of a ransomware attack are often not limited to a potential ransom payment, necessity to recreate data, or short-term hiatus in business continuity. During the presentation the speaker will share his experience in challenging this type of incident. Along with the participants he will also discuss practical tips on mitigating negative effects of an attack, and transforming a total failure into a moderate success. The scope of the knowledge and the way of presenting it is valuable for business representatives, IT departments, security departments, and auditors

 

Universal ZTNA – another zero-trust safety solution?

Piotr Szołkowski, Senior Systems Engineer, Extreme Networks

The acronym ZTNA is seen more and more often in offerings of security solutions providers. ZTNA is a zero-trust solution, which is often called a next generation VPN by security solutions providers. The pandemic changed the way companies had operated so far. Many employees did not go back to the offices and switched to hybrid and remote work. Migration of web applications to cloud is gradually becoming a fact. IT departments are faced with new challenges – they have to provide an access to employees, wherever they are, to resources that can be in Data Center in the company, and to applications running in clouds, often provided by different cloud service providers. All of that while still having to provide security and struggling with shrinking IT resources. Extreme Networks offers Universal ZTNA solution, which in addition to traditional ZTNA feature has a Network Access Control (NAC) system and provides security on the level of network switches and wireless access points. We invite you to listen to the presentation about UZTNA solution by Extreme Networks.

 

Hacking Kubernetes

Marcin Madey, Prezes zarządu, SUSE Polska

Do you want peace in the cyberworld? Prepare for war! Your arsenal can not miss NextGen Firewall for containerized environments with Kubernetes, self-learning tools for scanning applications even in the seventh web layer, and vulnerability detection in every installed system and application. It’s time to put zero trust into practice, control the whole chain of software supply, and guarantee safety on EAL 4+ level. During the SUSE session we will show how to achieve all of the above with open-source solutions.

 

Knowledge – the best weapon to fight cybercriminals

Marcin Ganclerz, Cybersecurity Awareness and Training Senior Analyst, PepsiCo

Employees play a key role in the security system, but still not many companies know how to effectively educate them. The latest Verizon DBIR report shows that employees are responsible for 74% of cases of security breaches. It proves how important part of company security is an effective educational program covering cyber-security. The key aspect of education is to show an employee why it is so important for them to gain this knowledge (Start with Why theory). The next point is to change the employees’ behavior. You can prepare the most attractive training in the world, but if it won’t influence the employee’s behavior, it is virtually useless. In my presentation, based on many years of experience in creating educational programs for employees, I want to show how an effective education should look like, and how to overcome related challenges. I will provide examples from my everyday work, show how to make an employee a strong link of security system, and how to make them feel co-responsible for protecting the organization.

 

„Quite robust” doesn’t mean secure. Don’t assume, verify!

Radek Kucik, Dyrektor Sprzedaży w Europie Środkowo Wschodniej, Pentera

The more security features you add to your network, the more secure you feel? Are you almost sure that nothing bad will happen? „Almost sure” is not enough. Only looking at an organization from an attacker perspective will show its strengths and weaknesses. Check whether the money that your organization spent on all cybersecurity solutions does the job, in a secure, effective and continuous way. Check if your organization is ready for an attack. Don't assume, verify!

 

Empathetic CISO vs CISO with a built-in AI

Robert Pławiak, CDIO/CTO, Polpharma

Comparing an „empathetic CISO” with a „CISO with a built-in AI” shows how different are the approaches toward managing cybersecurity. Both of them have their unique advantages and challenges. Here’s how you can compare and contrast them.
Empathetic CISO puts emphasis on:

  • Understanding the human aspect of security
  • Managing stakeholders and communication

CISO with a built-in AI wants to be used in:

  • Advanced analysis and threat recognition
  • Automation and scaling

So, what a perfect CISO should be like, when they work within certain work culture and values? How to implement AI, when it’s not just an “AI hype” anymore? What to focus on? Is it technology, skills, or maybe competencies?

The lecture is for everyone, who consider themselves a human, and they want to know TOP FEATURES a CISO needs to have, and why they are no longer valid. :)

To sum up – during the event you’ll have a chance to discuss how an empathetic CISO can effectively manage security culture and communication in an organization, whereas CISO using AI can significantly increase technical and operational abilities in the security field. But what kind of CISO will be the most effective one?

 

Cyberwar in Ukraine – how do secret service hackers bypass security and break into companies?

Mariusz Stawowski, CTO, CLICO

Cyber intelligence information about hacking into IT systems in Ukraine provide valuable insight on how to test and build more efficient security of IT systems in Polish companies. During the presentation we will discuss various techniques of bypassing antivirus and EDR security and ways of preventing them.

 

New sources in computer forensics

Marcin Kaczmarek, Wykładowca, Wydział Informatyki i Telekomunikacji, kierunek Cyberbezpieczeństwo, Politechnika Wrocławska

In computer forensics and data analysis, we will have to deal with unusual sources of digital information more and more often. What are these sources? How to characterize and describe them, and – most of all – how to extract interesting information from them? It’s not about computer drives anymore, but cloud sources, IoT systems, and…? The presentation covers data extracted from various devices and ways of tapping into this data.

 

Security of ChatGPT

Jacek Wojcieszyński, Właściciel, Jomsborg Lab

An overview of risks and attacks on applications with built-in LLMs (Large Language Models) on the basis of ChatGPT. A short introduction to LLM, a map of threats for applications based on LLM, types of attacks on LLM, overview of selected attacks on LLM, and ways of protecting LLM from attacks.

 

Managing risk in Artificial Intelligence – challenges and mitigation strategies

Marcin Dublaszewski, Prezes Zarządu, Instytut Audytorów Wewnętrznych IIA Polska

As Artificial Intelligence (AI) gradually goes deeper into different fields of industry and everyday life, a key need for effective life management arises. The speaker will focus on complexity and challenges concerning identification, assessing, mitigating, and monitoring potential risks in AI projects.

The key element of the presentation is a practical approach to managing risk, with emphasis put on real-life cases, in which risks materialize and influence ethics, technology, operations, and privacy. Each risk scenario is analyzed in order to show possible consequences and suggest effective strategies for mitigating the risk. The presentation emphasizes that while Risk Management Frameworks (RMF AI NIST) work as an effective tool, the most important aspect is a holistic and dynamic approach toward managing risk in AI. This process includes continuous vigilance, adapting to changing conditions and engaging all stakeholders in order to make sure that AI systems are secure, fair, and efficient. A useful tool in this regard could be RAI Impact Assessment Guide, developed by Microsoft. The goal of the presentation is not only to make the listeners aware of existing risks, but also to draw their attention to the need to expand their knowledge and use tools needed for managing risks, while promoting proactive attitude and responsibility in a dynamic and exciting world of artificial intelligence.

 

Automate elimination of external & internal cyber-attack surface across entire IT stack

Marek Skalicky, CISM, CRISC, Technical Account Manager for Enterprise CEE, Qualys

Nowadays companies are facing to ever growing Cyber-Threats landscape with dynamics like ever before. Same time companies and institutions are growing size and complexity of their external and internal cyber-attack surface by implementing more diversified ICT technologies, including Virtualized, Cloud and Containerized environment and IT applications and services, extending to mobile and roaming devices and connecting more OT and IoT systems into internal ICT infrastructure, with remote access and management enabled. What are the key-elements for successful management, reduction and remediation of cyber-attack surface?

How TruRisk's platform, prioritization and automation can help solve this problem from both risk monitoring and remediation side?

 

Unconditional guarantee of access to data – a question of proactivity or reactivity?

Piotr Wyrzykowski, Senior Solution Consultant, Hitachi Vantara

During the presentation we will discuss the below aspects, and the speaker will share their insight on the difference between functioning of IT/IS departments, with the emphasis on proactive and reactive approach. We will analyze both advantages and disadvantages of such an approach toward data management. We will also focus on the key division between hot and cold data and identify benefits of this practice. We will also discuss chances of going back to normality after the occurrence of failure.

Moreover, we will raise the subject of services monitoring, with emphasis put on Service Legal Agreement (SLA). This will allow us to better understand how to effectively maintain a high standard of provided services.

 

In 180 days to NIS2 compliance

Radosław Gnat, Senior Manager, Cyber Resilience, GSK

We hope that implementing the NIS2 directive will take place soon. Without waiting for the update of the National Cybersecurity System Act (KSC), we will take a look at what NIS2 brings and how we can prepare for it.

The presentation will include the most important information about duties under NIS2 and will provide you with an action plan for the next 180 days. Among many things, the participants will learn about:

  • How to sell NIS2 to the board?
  • Is cooperation with the legal department necessary?
  • How to verify whether I’m subject to NIS2?

 

AWS Security Culture

Daniel Grabski, Principal Security Strategist, AWS CEE Lead

How do we build the security culture throughout the AWS organization? The presentation will discuss what is a culture, how we can define security culture in organizations, what elements it consists of, why it is so hard to build it, and what barriers we tend to face. I will use AWS as an example of an organization, in which security is important to the extent where it is virtually the core of the business. It will also be an example of how the security team culture and organizational culture of Amazon Web Services allow us to develop and change at such a pace, while providing secure services to our clients.

 

Do you use U2F? Are sure there is nothing to worry about?

Tadeusz Harla, Starszy Specjalista, RON

Often carried out, a successful attack on user’s data hidden in various areas of the internet can have terrible consequences for them and their company. Using popular security like 2FA by more aware users does not quite do the trick nowadays. The UFA key itself can sometimes fail. What should we pay attention to and what to do in order not to experience it firsthand? It’s up to us whether we will put good advice into use, but it’s definitely better to hear it out than to live in ignorance of the existing threat.

 

An IT security specialist and a user – a difficult relationship between an auditor and auditee

Jakub Walczak, Kierownik Biura Bezpieczeństwa, Pełnomocnik ds. Ochrony Informacji Niejawnych, Radmor S.A.

How does a cybersecurity audit look from the auditee perspective and what from the auditor perspective? The difference between “we have to pass it” audit and “we need to know” audit. How to convince users to tell the truth, and not what “the auditor wants to hear”? What is the role of the board and senior management? Real life examples of audits of our services (ABW/SKW) and conducted internal audits.

 

Biometrics vs Deepfake

Adrian Kapczyński, CISA, CISM, Ph.D., Koordynator podobszaru badawczego"Cyberbezpieczeństwo", Politechnika Śląska

During the presentation the speaker will present the current state of biometrics and deepfake, as well as discuss the possibility of an attack (audio/picture/video deepfake) and defense (liveness detection).

 

Will Passkeys solve the problem of phishing and modern attack with the use of AI?

Bartosz Cieszewski, Solutions Architect, Secfense
Damian Kuźma, Cybersecurity Specialist, Advatech

During the presentation the speakers will perform a live phishing attack bypassing MFA and explain how Passkey and FIDO2 make these types of attack impossible. The speakers will effectively implement Passkey, protecting the application from phishing, and show how to turn your phone into a cryptographic authentication device. Moreover, they will prove that thanks to Passkeys convenience and security can finally go along. Last but not least – they will show how to improve user experience and security, while meeting the requirements of DORA and NIS2 regulations.

 

Are your IT audits really effective?

Joanna Wziątek, Senior Security Engineer, Tenable

In the world of rapidly emerging cyber threats, IT audits are the key tool to secure an organization. But will they really be effective enough? During my presentation I will discuss both technical and non-technical aspects of audits, asking the fundamental question: are your IT audits really a barrier for hackers? I will analyze risk management issues, pointing to key elements, which cannot be ignored. Prepare for a unique take on cybersecurity, which goes beyond obvious facts.

 

DISCUSSION PANEL 1 - ITSec Stress Toolkit

Consequences of ransomware incidents on the mental and physical health of IT/Sec teams. What traces and effects of ransomware attacks can we observe in organizations and people

 

DISCUSSION PANEL 2 - Cyber HR - Future of wor

What competencies and qualifications should you seek in cybersecurity specialists? How to recruit and retain cybersecurity teams?

 

Conference host

Paulina Chylewska

dziennikarka telewizyjna i prezenterka

Among the Keynote speakers of this year's edition

Corbett Hoxland

Chief Technologist, HP

Sue Milton

ISACA UK Advocacy Task Force

Dr. Shawn P. Murray

President, Information Systems Security Association, International Board of Directors

Andrea Polereczki

Founder, Board Member, Women4Cyber Hungary

Vangelis Stykas

Chief Technology Officer, atropos.ai

Jim Wiggins

Founder, CEO, Federal IT Security Institute (FITSI)

Among the first speakers

Jan Anisimowicz

Chief Portfolio Officer, Board Member, C&F SA

Bartłomiej Anszperger

Solution Engineer Manager w Europie Wschodniej, F5

Artur Barankiewicz

Head of Security Business Development B2B Europe, Deutsche Telekom

Marta Barcicka

Wykładowca, Wyższa Szkoła Biznesu-NLU, Co - founder, Neuron Cube, Doradca Zarządu ds. Operacyjnych, Alma S.A.

Grzegorz Bąk

Chief of R&D, Xopero Software & GitProtect.io

Zenon Biedrzycki

Dyrektor Biura Projektowania i Architektury Rozwiązań CyberSecurity, BNP Paribas Bank Polska S.A.

Robert Bigos

Członek Zarządu, ISACA Katowice Chapter

Krzysztof Bińkowski

Konsultant i szkoleniowiec IT Security and Forensics, ISSA Polska

Marcin Blaźniak

Pre-Sales Engineer, OVHcloud

Paweł Borowski

Senior Security Operations Officer, Paymentology

Filip Brandt

Security Architect, Zespół Architektury Systemów Bezpieczeństwa, BNP Paribas Bank Polska S.A.

Piotr Brogowski

Członek, ISSA Polska

Sylwia Buźniak

Starszy Partner Biznesowy HR, Kierownik Zespołu, EXATEL S.A.

Grzegorz Cenkier

Sekretarz Zarządu, ISSA Polska

Francesco Chiarini

Chairman - Cyber Resilience SIG (Special Interest Group), Information Systems Security Association (ISSA)

Piotr Chmielewski

Manager w zespole cyberbezpieczeństwa, ekspert w obszarze cyberbezpieczeństwa OT, KPMG

Bartosz Cieszewski

Solutions Architect, Secfense

Adam Danieluk

Prezes Zarządu, ISSA Poland

Kamil Drzymała

Architekt bezpieczeństwa IT, ISSA Polska

Marcin Dublaszewski

Prezes Zarządu, Instytut Audytorów Wewnętrznych IIA Polska

Krzysztof Dyki

Prezes, ComCERT S.A.

Jakub Dysarz

Naczelnik Wydziału w Departamencie Cyberbezpieczeństwa Ministerstwa Cyfryzacji, Policy Officer, Komisja Europejska

Marcin Ganclerz

Cybersecurity Awareness and Training Senior Analyst, PepsiCo

Radosław Gnat

Senior Manager, Cyber Resilience, GSK

dr Maja Goschorska

AI Specialist, Sagenso

Daniel Grabski

Principal Security Strategist, AWS CEE Lead

Michał Grobelny

Architekt Cyberbezpieczeństwa, NASK-PIB

Jacek Grymuza

Członek Zarządu, (ISC)² Poland Chapter

Adam Haertle

Trener, twórca, redaktor naczelny, ZaufanaTrzeciaStrona.pl

Tadeusz Harla

Starszy Specjalista, RON

Jarosław Homa

Zastępca Dyrektora Centrum Cyberbezpieczeństwa, Politechnika Śląska

Michał Hryciuk

Prezes Zarządu, ISACA Warszawa Chapter

Łukasz Jachowicz

Ekspert ds. cyberbezpieczeństwa, Safesqr

Damian Jagusz

Chief Digital Operational Resilience Officer, Corporate IT Security Officer, ERGO Hestia

Tomasz Janczewski

Wykładowca, Wydział Dowodzenia i Operacji Morskich, Akademia Marynarki Wojennej

Marcin Kabaciński

Członek Zarządu, Fundacja CISO #Poland, CISO, PayPo

Marcin Kaczmarek, CISA, CCSP

Faculty of Computer Science and Telecommunications | Cybersecurity, Politechnika Wrocławska, ISACA Katowice, ISSA Polska

Paweł Kaczmarzyk

Prezes, Specjalista odzyskiwania danych, Kaleron Sp. z o. o.

Adrian Kapczyński, CISA, CISM, Ph.D.

Koordynator podobszaru badawczego"Cyberbezpieczeństwo", Politechnika Śląska

Andrzej Karpiński

Dyrektor ds. Bezpieczeństwa, Grupa BIK

Romana Kawiak-Ciołak

Dyrektor Departamentu Audytu i Kontroli Wewnętrznej, Centralny Ośrodek Informatyki

Bartłomiej Kilanowicz

Solution Architect, ASCOMP S.A.

Krzysztof Konieczny

Trener w Cyfrowy Skaut, Członek, ISSA Polska

dr hab. Bogdan Księżopolski

Pełnomocnik ds. Rozwoju Informatyki, Akademia Leona Koźmińskiego

Radek Kucik

Dyrektor Sprzedaży w Europie Środkowo Wschodniej, Pentera

Michał Kurek

Członek Zarządu, OWASP Polska

Damian Kuźma

Cybersecurity Specialist, Advatech

Grzegorz Łunkiewicz

Zastępca Dyrektora Data Center, Kierownik Działu Bezpieczeństwa Teleinformatycznego, COIG S.A.

Artur Maciąg

Analityk, Inicjatywa Kultury Bezpieczeństwa

Rafał Maciejewski

Właściciel, Revogoo

Marcin Madey

Prezes zarządu, SUSE Polska

Wiktor Markiewicz

Starszy analityk, Polska i Kraje Bałtyckie, IDC Polska

Anna Mazur-Kłucjasz

Trenerka biznesu, Certyfikowana konsultantka Teorii Ról Zespołowych Belbina®, Coach, Arteterapeutka, Training Tree

Jarek Mikienko

Konsultant Ochrony Danych, Rubrik

Adam Mizerski

President, ISACA Katowice Chapter

Rafał Nikodym

Menadżer, Dział Audytu Wewnętrznego, Departament Audytu i Kontroli, Polska Grupa Zbrojeniowa S.A.

Mateusz Nosek

Członek, ISSA Polska

Michał Ochnio

Ekspert w Departamencie Cyberbezpieczeństwa, Urząd Komisji Nadzoru Finansowego

Angelika Maria Piątkowska

Prezeska, Polski Instytut Cyberpsychologii, Cyberpsychopatologii i Cyberpsychotraumatologii

Artur Piechocki

Radca Prawny, Założyciel Kancelarii, APLAW

Robert Pławiak

CIDO, CTO, Zakłady Farmaceutyczne Polpharma S.A.

Marcin Safranow

VP of IT and Operations, Huuuge Games

Marzena Sawicka

Co-Founderka, Dyrektorka Zarządzająca, HILLWAY Training & Consulting

Marek Skalicky, CISM, CRISC

Technical Account Manager for Enterprise CEE, Qualys

Magdalena Skorupa

Global IT&D Director, Global Technology & Security, Digital Workplace, Reckitt

Jacek Skorupka

CISO, Medicover

Jarosław Smulski

Senior Program Manager, Systems & Infrastructure Solutions, IDC Polska

dr Ścibór Sobieski

Doradca, Konsultant, Coach, Mentor, Wykładowca, Uniwersytet Dolnośląski DSW

Dr inż. Mariusz Stawowski

CTO, CLICO

Jakub Syta

Strategic Advisor | Cybersecurity, Morskie Centrum Cyberbezpieczeństwa, Akademia Marynarki Wojennej

Krzysztof Szczepański

Dyrektor, Departament Bezpieczeństwa i Ryzyka, Krajowa Izba Rozliczeniowa S.A.

Paweł Szczepski

Architekt, Bank Gospodarstwa Krajowego

Magdalena Szczodrońska

Events Director, IDG Poland SA

Piotr Szołkowski

Senior Systems Engineer, Extreme Networks

Artur Ślubowski

Dyrektor Projektu, PKP Informatyka

Marcin Tyrański

IT Strategy & Data Platform Departament Director, UNIQA Insurance Group AG

Marek Ujejski

CISM, CDPSE, LA 27001, LA 22301, COIG S.A.

Jakub Walczak

Kierownik Biura Bezpieczeństwa, Pełnomocnik ds. Ochrony Informacji Niejawnych, Radmor S.A.

Ireneusz Wochlik

Członek Zarządu, AI LAW TECH

Jacek Wojcieszyński

Założyciel, Jomsborg Lab

Piotr Wyrzykowski

Pre-Sales Solution Architekt, Hitachi Vantara

Joanna Wziątek

Senior Security Engineer, Tenable

Programme Council

Krzysztof Bińkowski

Konsultant i szkoleniowiec IT Security and Forensics, ISSA Polska

Łukasz Bydłosz

Senior IT Auditor, Santander Consumer Bank SA, Wiceprezes, ISACA Katowice Chapter

Grzegorz Cenkier

Sekretarz Zarządu, ISSA Polska

Adam Danieluk

Prezes Zarządu, ISSA Poland

Piotr Duczyński

Członek Zarządu, ISACA Warsaw Chapter

Bartłomiej Dyrga

Head of IT Security Team, Alior Bank SA, Vice President, ISACA Katowice Chapter

Beata Kwiatkowska

Dyrektor ds. Członkostwa Wspierającego, ISSA Polska

Adam Mizerski

President, ISACA Katowice Chapter

Jacek Skorupka

Global Cybersecurity Director, Medicover, ISSA Polska

Anna Winiecka

Communications Director, Board Member, ISACA Warsaw Chapter

Magdalena Sokulska

Project Manager, IDG Poland SA

Magdalena Szczodrońska

Events Director, IDG Poland SA

Wanda Żółcińska

Redaktor Naczelna, Computerworld

Participation in the Semafor 2024 conference is
CPE points for the certificates: CISSP / CISA / CISM / CRISC / CGEIT

 

Conference topics

The conference will be divided into 4 content blocks:

 

  • Audit of new frameworks for risk management (e.g. DORA)
  • Audit of cloud and hybrid solutions
  • Audit of cybersecurity, business continuit
  • Audit – different aspects and layers of architecture model – organization, people, processes, technologies - how to acquire evidence and connect data and results
  • Audit of cryptographic solutions
  • Audit of KSC form the perspective of a regulator
  • Audyt SOC / DevOps / Develop / Efektywności RedTeam-BlueTeam
  • Audit of SOC / DevOps / Develop / RedTeam-BlueTeam efficiency 
  • Conducting audits in new sectors (autonomic systems, blockchain, Fintech, etc.)
  • Security in cloud environment
  • Threats in Edge Computing technology
  • Security of microservices and related technologies
  • IoT/ICS – more devices and more attack vectors
  • Threat Intelligence
  • Threat Hunting
  • Securing cybercrime evidence
  • Phishing automation – using bots, machines, etc.
  • How to catch up with evolving cyberattacks - interesting cases
  • Open source interview along with presenting its tools
  • Securing dispersed data – how to handle its new model of processing
  • Cyberattacks – a pentester case study
  • End-to-end encryption – challenges and threats
  • Multifactor authentication
  • Hardware backdoor – how to detect and manage risk
  • New trends in cybersecurity
  • The role of human factor in information security
  • Darknet as a cybercrime underworld
  • Autonomic devices and their security
  • Supply chain security
  • Managing change in on-premise, cloud, and hybrid environments
  • Cloud Security
  • Business resilience
  • Business continuity, Backup, and Disaster Recovery
  • Asset management
  • Consolidation of solutions and security providers
  • How to manage big security projects
  • Zero trust – technology, methodology or a way of thinking? (Mesh VPN, and Secure Access Service Edge technologies)
  • Preventing Insider Threats
  • Securing remote workers
  • Safety of mobile devices
  • How to manage cybersecurity in social networks
  • NIS2/KSC/DORA regulatory changes
  • Digital Services Act and Digital Markets Act – what the new legal changes will bring?
  • Managing digital identity
  • Cybersecurity awareness at work and beyond
  • AI – a dynamic growth of adaption in cybersecurity sector
  • Toolbox 5G
  • Dark side of automation involving machine learning
  • Deepfake – how cybercriminals can use it
  • Automation of cloud services (services connected with security and responds to threats)
  • Encrypting – innovations that can change currently used algorithms
  • Autonomic businesses – companies managed by machines - security aspects
  • Neuromorphic computing, DNA storage, quantum computing
  • Technological biohacking – how technologies of the future will impacts our life and security

The conference is targeted at

  • Directors of security departments (CISOs/CSOs)
  • Specialists responsible for business continuity and risk management
  • Directors of audit departments, auditors
  • Information security consultants and specialists
  • Managers and specialists from risk management departments
  • IT managers and directors
  • IT governance specialists

Become a partner of Semafor 2024!

Participating as Partner is a unique opportunity to present your experience and solutions for the business of information security and IT audit in Poland.

Become a partner

Location

NATIONAL STADIUM IN WARSAW

al. Księcia Józefa Poniatowskiego 1,
03-901 Warsaw

General partner

Strategic partners

Content Partners

Partner

Exhibitors

Media Patrons

Organizers

CONTACT US



Magdalena Sokulska
Tel. +48 662 287 862
[email protected]

Piotr Fergin
Tel. +48 533 358 952
[email protected]

Elżbieta Olszewska
Tel. +48 662 287 909
[email protected]

Magdalena Szczodrońska
Tel. +48 662 287 935
[email protected]