We have a variety of “Open Port” events during which renowned cyber security experts
will come to ETH to discuss their field's current state with a small group of students.
In cyber security, an “Open Port” is an integral part of internet communication. Similarly, our Open Port events are there to communicate, connect and learn from each other. These events are an excellent opportunity for ETH students to gain an insight into the industry and public services. Additionally, in good ETH fashion, there will be an apero after most of our events. In particular circumstances, Open Ports are held virtually in highly interactive settings to the delight of speakers and students alike.
Have you ever wondered what the cybersecurity industry looks like in Switzerland?
Then join us on May 18 for an interactive exploration of the Swiss cybersecurity landscape, together with our speakers from the Information Security Society Switzerland (ISSS):
The ISSS is an active and independent organization with more than 1100 security professionals and security enthusiasts from business, administration and science. They deal with technical, legal and organizational information security-related aspects. They organize events, webinars, and networking possibilities for their members. Moreover, they award outstanding Bachelor, Master and PhD theses in the field of information security from students of Swiss universities.
We are very happy to invite you to an apéro after the session.
Do you want to learn more about the security and privacy implications of machine learning? Then join us on May 12 with Florian Tramèr for an interactive session, and learn about state-of-the-art research on the darker side of machine learning!
Florian Tramèr is a visiting researcher at Google Brain, and will start as a professor at ETH in the spring semester 2022.
The primary goal in the healthcare industry is to protect patient safety and patient data and this can only be achieved by implementing cybersecurity in products and services. Therefore, cybersecurity serves as a key building block for maintaining digital trust and succeeding in advancing in patient care by leveraging new technologies.
During the session, the Roche Diagnostics Product Security and Privacy team will provide an insight into their work on securing products that range from physical medical devices to cloud-based solutions. Join us to discover more about the scope covered by Roche Diagnostics' Product Security and Privacy team and to jointly solve a CTF challenge with hands-on exercises. Do not forget to bring your laptop!
Have you ever wondered what cyber security research at ETH looks like outside of the computer
Then join us for an enlightening session with doctoral students and researchers that do research on cyber security in very different domains and departments (D-GESS, D-ITET, D-PHYS).
Learn more about the breadth of cyber security research happening at ETH, from to protecting
military-grade networks, and from quantum cryptography to smart grids! After the event, you
will have the opportunity to chat with our speakers an apéro.
No prior knowledge required, students from all study programs are welcome!
Join the MSFPartners team (Monti Stampa Furrer & Partners AG) to learn how to protect a European wind farm owner from cyber security attacks. Explore our client's issue in protecting his wind farms. Gain valuable insights into cyber security for industrial infrastructure (OT security). Talk to practitioners working in international field engagements protecting industrial infrastructure against rogue crooks.
The primary objective of this case study workshop is to provide the participants an opportunity to draft and solve a real-life caselet on protecting Fallwind Ltd.'s wind farms. Come and show your cyber security six-pack -- the CEO is expecting your help!
Have you ever wondered what the day of a CISO looks like when a cyber attack occurs?
Join us for an interactive journey in the shoes of a Cyber Resilience Director with our two speakers Wolfgang Schurr, Cyber Resilience Director at Richemont (global CISO) and Adrian Marti, Head of Cyber Security & Privacy at AWK Group AG.
As a CISO, you are in the spotlight of your company when a cyber attack occurs. In addition to the pressure of dealing with the incident, you are suddenly one of the most important people in the company and must be available to top management day and night... Are you ready for it?
On Tuesday, November 30, Cyber Group is proud to invite you to an incident response workshop led by Dr Serge Droz (FIRST, Proton) and Michael Hausding (SWITCH) from the Forum of Incident Response and Security Teams (FIRST).
During this Breach Workshop, you'll walk through a live incident, and discuss the actions you would take together with our incident response specialists. No prior knowledge is required, students from all programs are welcome!
This event will be in-person and will follow ETH safety guidelines, with a mandatory COVID certificate and masks. We're happy to announce that we will again be able to offer you an in-person apéro after the workshop!
Is international cyberspace a legal vacuum? What international law and norms govern it? What role has the UN played in establishing norms for the responsible use of ICTs by States?
Join us on October 6th for an interactive session with Camino Kavanagh to learn more! She will introduce you to the emerging normative framework governing States' use of ICTs/cyber in the context of international security, discuss the confidence building measures (CBMs) that have been agreed by States to prevent the risk of conflict stemming from the malicious use of ICTs, and explain what future work needs to be done to ensure a peaceful digital future. After her introduction it is up to you to bring up the questions that you have always wanted to ask!
Dr. Camino Kavanagh is a Visiting Senior Fellow at the Department of War Studies at King's College London where her research focuses on international politics, conflict and information technology. She has served on the Advisory Support Team to the UN's Open Ended Working Group (OEWG) and Group of Government Experts (GGE) and was lead drafter on the latter. The two Groups addressed a range of issues relevant to state behaviour in cyber space, including emerging threats, international law, non-binding political norms, CBMs and international cooperation and assistance in ICT security. Camino also served as consultant/rapporteur to the 2016-2017 UN GGE. She is currently a senior advisor to the UN Dept. of Political Affairs on Digital Technologies and Conflict Prevention and consults regularly with national governments and international organisations on policy and norms relevant to ICTs/cyber and international security. Prior to her work on digital technologies and international security, Camino spent over a decade working in conflict/post-conflict contexts, including with UN peace operations.
Are you curious about how an advanced persistence threat (APT) operates during an ongoing attack? We found more about it with a Red Team member of InfoGuard AG!
The talk took us through the typical stages of an attack, its intermediate goals, and the possible procedures on how to achieve those. It gave not only a high-level overview of the attack, but also some detailed technical insights into certain techniques and vulnerabilities used throughout the attack. One presented example was the weaponization of a Word Document and how to analyze it in depth.
How can a Swiss non-profit help companies and researchers worldwide fight malware? Roman Hüssy from abuse.ch explined how the data trove is created, maintained and used.
Roman presented how he designed and set up a platform that allows security researchers to share malware samples, indicators of compromise, botnet addresses, and more. He also gave an overview of the malware threat landscape in the last decade, and the unique challenges posed by recent attacks.
Have you ever wondered how security analysts and penetration testers search for vulnerabilities in real-world systems? In this talk, Claudio Anliker explained what penetration testing, red teaming, and ethical hacking are about.
Sharing some of his own experiences, he
provided a glimpse into
the everyday work in the IT security industry. He showed how you learn the tricks of the
it needs to conduct meaningful security assessments, and why penetration testing can be an
incredibly interesting profession.
Before joining ETH as a PhD student, Claudio Anliker studied Computer Science at the University of Zurich and worked about four years as a penetration tester at a Swiss cyber security company. During this time, he carried out security assessments of all kinds, provided trainings for clients and co-workers, and lead a penetration testing team during his last year.
How do banks secure their cloud infrastructure? Mark Beerends, consultant at Prusec, shed light on this for us!
Cloud services are getting increasingly
popular in the industry, but banks tend to be conservative when using them. In this
session, we explored how banks shape and secure their cloud infrastructures and how they
their compliance and regulatory requirements.
About our speaker: Mark Beerends is a passionate cyber security expert with over a decade of experience in the field of security operations and management. He has an extended track record in the financial industry as head of Security Operations Centers and Head of various IT departments. He founded his own consultancy company Prusec in 2014.
How are blockchains running smart contracts and managing many billions being attacked and defended?
On the 31st of March, Matthias Egli showed us the challenges of designing smart contracts, analyzing their vulnerabilities, and get hands-on experience in a real-world scenario. Matthias was the COO of ChainSecurity, an ETH spin-off that has helped secure more than 1 billion USD transiting through smart contracts. After a quick technical introduction on how to interact with a real-world blockchain, Matthias presented the participants with an actual smart contract. He challenged everyone to exploit its re-entrancy vulnerability. What followed was an intensive hands-on session during which everyone tried to multiply their wealth. Following this active part, Matthias went over more intricate attack patterns like flash-loans. The event concluded with a quick Q&A session about real-world applications of blockchains and newly trending topics such as NFTs.
Josh Aas, Executive Director of Let's Encrypt, joined us for a session on internet security, sharing his insights and experiences of creating a nonprofit organization with the vision to make a secure internet attainable for everybody.
In just five years, Let's Encrypt helped increase the share of HTTPS requests from less than 39% to over 85%. In his interview, Josh explained both the technical specifics of a Certificate Authority as well as the moral dilemmas that can arise. He shared with us how once while coping with bugs that could potentially cause security breaches, he had to at the same time weigh the consequences of revoking 3 million certificates and potentially cause the shut-down of several domains. We also learned about crucial choices Let's Encrypt had to take to achieve a solution that would change millions of websites' behavior within a limited time frame. According to Josh, success depends not necessarily on finding a new solution but using existing approaches to make them easily usable and accessible. Many of us left his evening genuinely inspired and felt that every one of us can change the internet for the better - you just have to set your mind to it.
How is cyber policy made by governments? And where is European Union cyber policy headed?
On the 24th of February, ETH students gained unique
insights on this topic from Dr. Igor Nai Fovino. As deputy Unit Head of the European
Joint Research Centre, he has acquired over 13 years of experience at the European
talked to ETH students about his research covering IoT, blockchain, risk assessment,
many more areas. One current topic of his research he discussed was whether it would be
use blockchain technology to aid in the logistics of Covid vaccinations (yes!).
During the talk, Igor shared with students that the EU was working towards improving data protection as a human right – not simply as a set of rules with paperwork. Furthermore, an understanding of data protection and how it must be regulated is still developing, and will continue to develop further. As such, policymaking processes are a process of continuous negotiations. How has COVID affected cyber security in Europe? For one, healthcare and critical infrastructure sectors experienced increased attacks. Additionally, COVID has pushed Europe faster towards digitalization, and cyber security has now become more relevant in the EU Commission' priorities.
The take-away from the talk was that cyber security is currently undergoing a paradigm shift. The ‘old' firewalling approach does not work anymore because digitalization implies that it is not possible to close all the system's doors. For example, the energy grid before the 90s was considered to be secure simply because it was a closed world. With the roll out of smart grids and other initiatives, it is not possible anymore to close the doors, because suppliers need continuous data floors for decision softwares. In order to do that, all devices need to be connected, and for this reason the grid is vulnerable.
With Luca Gambazzi, Senior Scientific Project Manager at armasuisse Science and Technology and at the Cyber-Defence Campus
Luca Gambazzi gave an introduction on how to conduct a risk-based security analysis by working on realistic examples, as well as learning about the duties of armasuisse S+T and the opportunities it offers for students.
With Dr. Adrian Marti, Head of Cyber Security & Privacy, Partner AWK Group AG, and Werner Meier, Chief of Staff Crisis Organisation, Alpiq Group
Students learned firsthand how the crisis organization of an international energy supply company is structured and how it works. Together with our speakers, we went through the steps to cope with such a scenario.
With Miguel Gomez, Senior Researcher with the Centre for Security Studies at ETH, and Dr. Kari Kostiainen, Senior Scientist at ETH and Director of the Zurich Information Security Center (ZISC)
Pitfalls, New Cyber Solutions - What is the Role of a Cyber Researcher and what does it take to be one? The speakers shared their insights as researchers, their career path and their current research topics. Their presentations were followed with ample time for questions and exchange in smaller groups.
In small teams, participants were confronted with small, realistic scenarios of a cyber incident; they had to devise an action plan under time pressure, involving the relevant stakeholders and assessing the risks and opportunities associated with each action.
This event gave a chance to everyone to get to know the team behind our events, engage with us, and find out how everyone can help and join us to foster cyber enthusiasm at ETH.
With Reto Ischi, Team Lead Product Development WAF at Ergon
Reto explained the continuous arms race between hackers and security vendors in the field of web application security. Some suppliers promise that machine learning is the next Swiss Army Knife to defend against web security threats; as a Swiss vendor of the web application firewall Airlock, Reto Ischi and his team analyzed machine learning-based techniques to detect web attacks. He shared with us his ideas, experience and results of their proof of concept with productive web traffic. After the talk, the students had the opportunity to exchange with the speaker and two other Ergon engineers about their job and career at a Swiss software security company.
With Michael Bem, Executive Director at the Chief Information Security Office of UBS
Michael led a workshop exercising cyber crisis response at a fictitious entity. The students, split up in small teams, were confronted with a fictitious scenario of a cyber crisis, and were tasked to respond to the crisis. After a lively exchange between the teams and Michael Bem, the scenario was extended and worsened, and the students had to react to the incident in light of the new data and risks. After the workshop, Michael Bem shared his advice on how to efficiently tackle this kind of crisis, especially in a business context, and gave insight into relevant tools, techniques and processes. The students then had the opportunity to network and engage with Michael Bem about his work and career at UBS.
With Ralf Weissbeck, group CIO at the Adecco Group
Or, what does it mean if NotPetya shuts down your company for several days? Why could this untargeted attack create so much harm in major companies? How does one react to ransom demands? These and many other questions were answered by Ralf Weissbeck, now the group CIO of the Adecco group but then part of the cyber security team at Maersk. He recalled how within a few hours, an at first singular event spread company wide and only by chance spared one entity which proved pivotal to deal with the crisis. Students heard first hand how important it is to invest in cyber security, the pitfalls of flat networks and the necessity to have a streamlined crisis management that is ready to act. He shared anecdotes of missed concerts and family times as the crisis demanded unbelievable working hours and sleeping arrangements, with whole company floors being converted to make-shift crisis lodgings. The event was concluded by a memorable apero at the terrace of the Dozenten-Foyer where students had the chance to ask both him and Federico Blasiotti further questions.
With Korpskommandant Aldo C. Schellenberg, Deputy Head of the Swiss Army
We wanted to know more about the role of Switzerland in the world of Cyber and were proud of having Korpskommandant Aldo C. Schellenberg to talk with us about the state of cyber security in the Swiss military. From stories about actual penetration testing and cyber attacks on an international level to the newly established cyber unit of the Swiss military, Korpskommandant Schellenberg shared his insights with us!
With Dr. Thyla van der Merwe, Cryptography Engineering Manager at Mozilla
We invited Thyla to talk with us about the daily challenges in cyber security. Being part of the development of Mozilla's next generation of safe browsers, she shared with us what it means to apply cryptographic theory in practice.
Do you have valuable insights in current cyber security topics and want to share them with a
small group of students? We are always looking for cyber security experts who will take
a speaker's role at our events. As a speaker you will benefit from an interested and
Get in touch with us! Thore Göbel and Marina Ivanovic will be delighted to discuss with you how to bring your cyber experience to ETH.