It's happening! The second edition of SECCON NL on September 28th 2023.

Collaboration and sharing knowledge are the first steps to creating and maintaining a high cyber resilience level. Designed by the industry for the industry, SECCON NL focuses on knowledge sharing and collaboration in cyber security. The ultimate goal is to further strengthen the cyber resilience of Dutch organisations by learning from each other's experiences and challenges. We will create a podium for experts who share insights into theoretical and practical aspects of the security, privacy, trust, and resilience of networks, systems, services, and applications and novel ways for dealing with vulnerabilities and mitigating sophisticated cyber-attacks.

SECCON NL looks to inspire the security community and will be of interest to SOC analysts, Academic Researchers, Threat intel researchers, Security Architects, DevSecOps, Pentesters, etc.

SECCON NL looks for submissions from diverse communities, including corporate and academic researchers, open-source projects, standardisation bodies, governments, system and security administrators, software engineers, and application domain experts.

Anonymised Evaluation:

Our program committee evaluates submissions anonymously in the first phase. In other words, we don't see the speaker's details to ensure the unbiased validation of the paper's content and its value to the community.

Talks with the highest ratings move onto the second round of evaluation, where the program committee evaluates them for program fit, content, relevant experience, etc.

Our program committee looks forward to papers around the following event tracks and topics:

Special attention this year for: 

- Left of boom vulnerability management
- Data security
- Application security
- Attack path analysis
- CNDR

1. Threat intelligence

Threat Intelligence is one of the lifelines security teams rely on to secure their environment. How do Threat feeds differ from each other? What is the best way to share intel with the community for the common good? What does the future of Threat intel sharing look like when the internet (and or world) start to become more fragmented? We partner with the European Threat Intel Exchange (TIX) for this track.  Focus area's could be:

• Combining Threat feeds into an actionable feed of information

• MISP integration/ MISP best practices

• Strategic, Tactical and Operational Threat intel

• API integrations to ingest contextual threat intel

2. Digital Forensics & Incident Response technologies (DFIR) 
A track at SECCON 2023 that will be led by Dcypher.

• Discuss and share Open source tooling

• What tooling is missing and where should the community invest? 

3. Artificial Intelligence in Security domain 

• AI for offensive purposes
• AI for defensive purposes

• ChatGPT in the wrong hands 

4. EU Regulations

• Impact of NIS-2 for security professionals
• Cybersecurity Act

5. Detection and Response

When a compromise is detected, proper mitigation actions need to be taken as a response. But how can you design an adequate Detection and Response framework that matches your organization? And when a full-blown Security Operations Center(SOC) is not within reach, is MDR the way to go, or are there other alternatives? In this track, the community will discuss best practices and try to answer these questions. Focus area's could be:

• A day in life.. Fighting against ransomware?

• EDR vs XDR

• Detection and response in an OT environment (Industrial Security) 

• Signature based detection vs. Anomaly detection with Flow telemetry

• EDR in Airgapped environments

• Encrypted Traffic analytics

• XDR best practices

• Response automated or manual?

• The Hive

• How to develop a SOC (organizational), Culture, KPIs etc.

6. SOAR (Security Orchestration, Automation, and Response)

Orchestration and Automation initiatives are driven by the security talent shortage and ever-expanding threat landscape. In this track, we are looking for SOAR and Open Source automation experts (COSSAS)  that want to share their experience in automating security operations such as Threat hunting processes, automating response actions, and integrating cross architectural security workflows. Focus area's could be:

• Workflow creation

• Impact of onboarding SOAR.

• Difference Automation and Orchestration in security

• Open Source Security Automation for SOC, CTI and CERT professionals (COSSAS)

• SIEM vs SOAR, experience sharing of setting up the right match

7. DevSecOps.

Applications transition from traditional monolithic apps and their associated development methods toward distributed application stacks developed with DevOps methodologies. Security needs to keep up with the pace of modern application development. Advanced apps are deployed as microservices in containers and not in traditional VMs, hence the rise of another platform that needs to be hardened and secured. We are awaiting your paper in anticipation if you are looking to share your insights, outlook, and experience with API Security, Runtime security, Container Security, and other related topics. Focus area's could be:

• API Security

• Security in CI/CD pipeline

• Application Runtime Security

• Securing and hardening a Kubernetes container cluster

• OWASP top 10

• What is the role of a firewall in the container world?

• Organizational impact of DevSecOps

• OpenSource vs Commercial of the shelf

8. Vulnerability Management

We are experiencing a tidal wave of vulnerabilities, but you can't fix them all. Organizations rely on extensive threat intel and patented prioritization to cut costs, save time, and keep teams focused on reducing the most significant risks. We are looking for experts to share experience in vulnerability scanning, pentests, and the ability to prioritize what is essential. Focus area's could be:

• Risk analysis of vulnerabilities

• Combining Vulnerability Scanning and Pentest outcomes

• CVE, CWE, CVSS and CWSS for dummies

• Experience sharing: How to deal with a High/High from the NCSC

9. Post-Quantum Security

Sooner or later, Quantum computing will trigger a fundamental security transformation. Are you an expert on QKD? What role will Quantum play in Offensive and Defensive security scenarios? How to protect today's data in transit from potential future threats? Please share your paper. We have a stage waiting for you. Focus area's could be:

• Impact Quantum on Key exchange (QKD)

• The power of Quantum in the hands of APTs

• Quantum as enabler for AI in cybersecurity

• How to prepare for the future?