James SnowSecurity, Privacy, and Legal Compliance in the Public Cloud – James Snow, Google

Looking at your other speakers, I would like to offer something fresh and exciting.  I would like to talk about our architecture at Google specifically and then talk about Security, High Availability, Privacy, and Legal Compliance with a
focus on meeting European data privacy requirements.



Currently Product Strategist for Google Apps for Enterprise focusing on Product Development, Improvement, Integration, and Compliance.

Previously, as Sales Engineering Manager for Google Enterprise, based in Amsterdam,specializing in Google Apps for Enterprise, Google Message Security, and Chrome OS, in addition to serving as Security and Compliance Lead for EMEA.

I have extensive experience as a Program Manager / Integration Project Manager — with twelve years of experience in supporting product development, designing and implementing integration solutions on national and international engagements. As a Program Manager at Microsoft, I have worked directly with Customers to validate product features and requirements and successfully related these findings to software development teams. As an Integration Project Manager at Accenture, I have played several instrumental roles including Account Management, Business Analyst (Business Process Definition, Functional Requirements Gathering), Solution Architect, Solution Engineer and Team Lead for cross-platform business integration solutions. I have led integration teams across multiple geographies with a strong track record of delivering solutions on time and on budget.
I am a well rounded technologist with a focus on middleware technologies (BizTalk, webMethods, and Vitria) with implementation experience spanning all phases of the software development lifecycle. I have deep industry experience in cellular telecommunications, pharmaceutical, and the financial services industries. I possess strong analytical skills, am detail oriented, and quickly learn new technologies.

JesusKeynote presentation: Cloud and Trust – Jesus Luna, CSA EMEA

Despite the apparent advantages of the cloud, many customers still perceive a lack of transparency and trust with respect to its usage. But, which are the enablers of a trusted cloud strategy? Do we need cloud certification schemes to gain trust and ensure data security? During this talk we will overview the main pillars that are being advocated by the cloud security community in order to deploy trustworthy cloud ecosystems, namely transparency, accountability and security assurance mechanisms.


Jesús is Research Director of the Cloud Security Alliance EMEA since September 2013. His main responsibilities within CSA include the scientific management of European projects like HelixNebula, Cumulus, A4Cloud, CloudWatch, Cirrus and SPECS. He is also leading the CSA EMEA activities in the field of initiatives like the Cloud Trust Protocol and the SLA workgroup. Before joining CSA EMEA, Jesus has worked in the ICT security field for more than 17 years with both of industry and academia in Germany, Spain, Greece, Cyprus and Mexico. Jesus is also founding member of the Spanish and German chapters of the CSA.

Jesus has a PhD degree (Cum-Laude) in Computer Architecture from the “Technical University of Catalonia”, and has published more than 30 scientific papers in prestigious venues, also including a European patent in the field of cyber security. His main research interests are security quantification, applied cryptography, secure storage and security monitoring.

Michael NewberryCloud Security and Privacy – A Microsoft perspective – Michael Newberry





Dr Michael Newberry is responsible for Microsoft’s cloud platform business across Central and Eastern Europe.  This includes Microsoft Azure, our public cloud platform, as well as our hybrid cloud and private cloud services.  Immediately before his current role he was with Microsoft UK, where he was responsible for starting the UK Azure business (in 2010)  and before that the Microsoft’s UK High Performance Computing business (from 2006).   Before he joined Microsoft, Michael managed a systems integrator in Malaysia, and worked in Silicon Graphics in Australia in the 90s.

Michael has been working with “big data” and “big compute” throughout his career as the technology has progressed from mainframe, to client/server, and now to device/ cloud. He gets excited seeing the latest “massively scalable” technology deliver measurable results to people’s lives. He also enjoys sharing these stories.  An Australian national, Michael is a global citizen, having lived and worked across Asia and Europe. He holds a PhD in Computer Science from the University of New South Wales, ADFA, in 1991 where his research focused on Bayesian analytics (early “machine learning” and “big data”) as applied to computer security and cryptography.

MarekQualysGuard – running Security SaaS in secure way –  Marek Skalicky, Qualys GmbH

QualysGuard is well know and well established Security Software as a Service Suite providing Cloud-based security software in highly-trusted architecture and in a transparent and very secure way. What are the business reasons and security concerns customers are considering when adapting QualysGuard? What made more then 6800+ customers in more then 100+ countries to successfully implement QualysGuard with very high satisfaction level? These questions will be addressed during Qualys speech together with brief update to QualysGuard Suite new services.


Marek Skalicky has joined Qualys company in 2008 as Regional Account Manager for Eastern Europe. Since 2013 he works on position Managing Director for Central Eastern Europe with focus on CEE region business development, customer management and channel management. Prior to Qualys he was managing information security projects at info-security consultancy company RAC for 5 years with a focus on Information Risk Management, Vulnerability Management and the implementation of ISMS process based on ISO/IEC 2700X standards for various ENT companies in Czech Republic. He has +12 years at Info-Security and holds CRAMM, ISO 27001 Lead Auditor, CISM and CRISC certifications and is a member of ISACA, OWASP and CSA local chapters across CEE region.

Fabrizio-VolpeHybrid Clouds: “Silver Bullet” of the Cloud Computing? –  Fabrizio Volpe, Banca ICCREA S.p.A

In this talk, we will see concepts and recently architectural modification and news regarding the hybrid Cloud. An hybrid Cloud combines public cloud and private data center principles, granting access to the advantages of both kind of deployment. This is fast growing market, because many companies desire configurations and features from both the sides of the Cloud (regardless of their size and the number of users). We will talk about how customers are able to plan hybrid scenarios starting from on-premises deployment or from the Cloud, and then manage, control and secure both the environments with the same tools and interfaces. We will examine how workloads and users can be moved to the public Cloud and back to the private Cloud in a seamless manner and draw some considerations on this specific computing scenario.


Fabrizio is an IT professional focused on Unifed Communications and Security. As an expert on Microsoft Lync he has received the highly professional MVP award in 2014 and has published two books on this topic.

Fabrizio has also received the MVP award for Directory Services in three consecutive years (2011,2012 and 2013).
He has co-authored one of the few existing texts dedicated to the FortiGate security appliances.
Fabrizio often creates free contents to to share his passion for technology. His YouTube channel https://www.youtube.com/user/Lync2013 has a total of more than 80,000 views.
His free e-book (Microsoft Lync Server 2013 : Basic Administration – Release 2.1) is over 5000 downloads.
He is a blogger ( personal site is www.absoluteuc.org ) and is active on social networks (with more than 2,000 followers on Twitter).
Occasionally he participates in conferences ( such as INTEROP 2013 in Mumbai or the WPC in Milan) or contributes to websites (such as IT Central Station, where it is one of the best reviewers).
Fabrizio supports Save the Children, and wish to be able to contribute more.

Michele-BezziSecuring data inside and outside the Cloud: A Research  – Michele Bezzi, Research Manager, SAP Labs France

In this talk, we present recent results of SAP Product Security Research on enforcing usage control policies in multiparty cloud scenarios. We introduce the concept of “sticky policy”, that is metadata expressing the condition of usage of data. Sticky policies are transferred with the data, and describe the constraints to be applied on data usage.


Michele Bezzi is Research Manager at SAP  Product Security Research. He received his Master Degree in Physics from the Univ. of Florence in 1994 and his Ph.D. in Physics from the University of Bologna in 1998. He has 12+ years’ experience in industrial research in SONY, Accenture and SAP. He has been contributing to several European projects, (e.g., Assert4SOA, CoCoCloud, SecCord, Effects+, Primelife, TAS3, SpikeForce) and he has published 50+ referred papers in various research areas: security, privacy, pervasive computing, neural networks, evolutionary models, complex systems.

Kai RoerThe Psychology of Security – Kai Roer, The Roer Group, The Security Culture Company
In this talk, Kai Roer shares some of the important aspects psychology plays on security. Why are people susceptible to phishing and scams? Why is it that security professionals seems to fail to explain and teach security awareness? What games is our mind playing on us, that makes security such a challenge?


I am currently focusing on user awareness, security culture and the study of how our human mind makes us vulnerable and exploitable. I consult people and organizations on the interpersonal skills that are vital to a successful and trusting secure environment. Previous experience include Technical (network, security, web, programming), Compliance (Privacy Ombud, Standards, Laws) and Leadership (Project Management, Team management, Business Management).

Currently, I am heading the development of the Security Culture Framework, a practical approach to building and maintaining security culture in organizations.
I am part of the Expert Panel at Information Security Buzz, a monthly columnist at Help Net Security, and an avid blogger.

Experience from: Public sector, Oil&Gas, Telco/ISP, SME, eduction & transportation.I volunteer a lot of my time to NGO’s and NPO’s in the trust that together, we can all make a difference.
Some of my latest speaking engagements include RSA Europe, Hackon #8, NorSIS/NSM Sikkerhetskultur, Risiko og Sårbarhet i IKT (Tekna), Programutvikling, HaKo, Microsoft

Author/editor of the success books:
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author) ISBN: 978-1463691783
* The Leaders Workbook ISBN: 978-1453783054

Matthias-LuftExploiting Hyper-V – Matthias Luft, ERNW GmbH

In this presentation we will describe our research on the architecture and security of the Hyper-V hypervisor and its role in the Microsoft Azure cloud. Besides a deeply technical discussion of the hypervisor implementation and its attack surface, we will show how we discovered MS13-092 a vulnerability that allows permanent DoS of the hypervisor and the potential compromise of other VMs on the same host.

We will describe the challenges involved in reversing, debugging and understanding an hypervisor and plan to release several tools, IDA scripts and POCs we developed as part of our research.

Our presentation shows that even seemingly bullet proof software still contains critical bugs and we hope to motivate more researchers to start active research inso hypervisor security in general and especially Hyper-V.


Matthias and Felix are security researchers at ERNW, they are specialized in testing and breaking complex IT environments. Together they performed an extensive research project on the security of a leading cloud provider, which resulted in the discovery of multiple vulnerabilities including MS13-092.

Oliver CaleffCloud Forensics – Olivier Caleff, CSA France

In this talk, we present the context of Cloud Forensics: expectations, issues, challenges and opportunities. The legal, organizational and technical aspects are presented in an international context. Works of the CSA, and NIST workgroups are mentioned and confronted with standards such as ISO 27037.



Olivier Caleff moved from network and system background to security in the late 1980s/early 1990s. In 1992, he co-founded APOGEE Communications, then worked with the first Internet firewalls, performed security audits, and has been a security consultant both in France and in foreign countries. Since year 2000, he has been deeply involved in security watch, incident handling, and CSIRT-related activities, both being in charge of CERT DEVOTEAM, and helping companies set up their own CSIRTs.

He co-founded the French Chapter of the Cloud Security Alliance, and has been active in various CSA working groups such as the CloudCERT.

He is now working at CERT-FR, the French government CSIRT.
More at: http://www.linkedin.com/in/caleff


Register  Congress brochure-PDF