CERT-SOC-Dusseldorf
CERT-SOC Working Group Agenda
Location: Vodafone Campus, Dusseldorf, Germany, 20-21 November, 2025
Day 1 (20 November, 2025)
08:30 – 09:00
Registrations in the Lobby
09:00 – 09:25
Meeting Room: Sky Lounge
Welcome session for both groups
Welcome speeches
- Vodafone Germany colleagues, 15'
- Andrija Višić, ETIS Central Office, 10'
09:25 – 09:30
Groups separate and start their meetings
CERT-SOC WORKING GROUP MEETING STARTS
IN THE SKY LOUNGE ROOM
09:30 – 11:00
Meeting Room: Sky Lounge
Session 1: Introduction and Roundtable + Company Updates (part I)
Introduction and Roundtable, 10'
Goal: Welcome speech and agenda overview, followed by a roundtable where all participants introduce themselves (only name, company, role).
Company Updates, 50'
Goal: Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also delivering expectations from this 2-day meeting. New members in the group receive a longer time slot, if requested.
A Power Point Template to fill in will be circulated to all members in advance of the meeting.
Session 1 (continuation): Guest presentation
Goal: TBC
Presentation: TBC, 20'-30'
11:00 – 11:30
Coffee Break
SUPPLIERS CAN CHOOSE WHICH GROUP TO JOIN FOR SESSION 2
11:30 – 13:00
Meeting Room: Sky Lounge
Session 2: "Enhancing cloud security monitoring for telecom environments"
Theme: The use of multi SIEMs (on-prem, and cloud SIEMs), the use of SOAR, what will be the IA role in this new architecture. Let's highlight best practices for monitoring telecom protocols, edge devices, and IT/OT infrastructure in the cloud while leveraging threat intelligence and purple teaming for proactive defense.
Moderator: CERT-SOC Core-Team
Presentation 1: “How to monitor the efficiency of your SIEM rules in Elastic, Use of ESQL in Elastic SIEM" KPN tbc 15’
Presentation 2: “Using Threat Intelligence and Automation to detect threats targeting telco workloads”, TBC
Discussion: "How other companies handle forensic/incident response in the cloud?" All, 20’
Presentation 3: “Monitoring telco hardware in IT/OT environments, especially within hybrid cloud setups”, 15’
13:00 – 14:00
Location - Vodafone Cantine
Lunch Break
14:00 – 15:30
Meeting Room: Sky Lounge
(Telco-Only) Session 3: "People, Process, and Insider Risk: Navigating Team Readiness and Internal Threats in Cybersecurity"
Goal: During the discussion we will explore how cybersecurity teams can improve readiness through effective tabletop exercises and the emerging role of AI in training. It also addresses the growing concern of analyst burnout and the need for mental resilience within high-pressure environments. Lastly, it delves into insider threats—how they evolve, how attackers exploit human factors, and what best practices organizations are adopting to detect and mitigate them.
Moderator: CERT-SOC Core-Team
15:30 – 16:00
Coffee Break
16:00 – 17:00
Meeting Room: Sky Lounge
(Telco-Only) Session 4: "Signalling security updates from European telcos"
Theme: Representatives of telcos that were active in addressing signalling security issues and threat actors in the past months are invited toshare their progress. Others are invited to prepare a presentation on discoveries from their countries.
Moderator: CERT-SOC Core-Team
Presentation 1: "AI model for Signalling Threat Intelligence", BICS tbc 15’
Presentation 2: TBC
Discussion time to be allocated
18:30 – 20:00
Sightseeing activity
20:00 – 22:30
Community Dinner
CERT-SOC Working Group Agenda
Location: Vodafone Campus, Dusseldorf, Germany, 20-21 November, 2025
Day 2 (21 November 2025)
JOINT SESSION FOR BOTH WORKING GROUPS
09:00 – 10:30
Meeting Room: Sky Lounge
Session 5 (joint): "From Cheap to Compromised: Telco Response to Device-Driven Threats"
Joint Session with the Anti-Abuse Working Group
Theme: Telecom operators increasingly face abuse and fraud challenges when customers unknowingly connect malware-infected devices purchased from untrusted online marketplaces. This session explores how anti-abuse and cyber fraud teams detect, mitigate, and respond to such threats while balancing privacy, scale, and customer experience.
Moderator: Andrija Višić, ETIS Central Office
Presentation 1: Swisscom(?), 15’ + Q&A
Q&A session: 5'
Presentation 2: Deutsche Telekom, 15' + Q&A
Presentation 3: tbc
Moderated discussion:
Other:
“ETIS as a European Telco ISAC – update”, Andrija Višić, ETIS CO, 5’
GROUPS SEPARATE - SUPPLIERS CAN CHOOSE WHICH GROUP TO JOIN FOR SESSION 6
11:00 – 11:30
Coffee Break
CERT-SOC WORKING GROUP MEETING STARTS
IN THE SKY LOUNGE ROOM
11:00 – 12:30
Meeting Room: Sky Lounge
Session 6: ”Real-World Examples of AI Use in European Telco Cyber Units”
Format & Goal: Telecom operators and suppliers can choose to present on any of the topics proposed below.
Topic list - 10-15' each:
- AI in the SOC: How a Telco Uses Machine Learning to Prioritize and Triage Threats
- Use of AI to Defend Customers from Malicious Traffic
- From Indicators to Insights: AI-Assisted Threat Intelligence in European Telecoms
- Insider Threats at Scale: Using AI to Spot the Quiet Ones
- AI for Good… and Bad: What Happens When Attackers Use It Too?
- Other? Email Andrija at av@etis.org
Moderator: CERT-SOC WG core-team
Q&A session after each presentation
12:30 – 13:30
Location - Vodafone Cantine
Lunch Break
13:30 – 14:30
Meeting Room: Sky Lounge
(Telco-Only) Session 7: "Incidents Sharing Roundtable"
Moderator: ISWG core-team
Format: Roundtable where each company gets to have a slot for a presentation with or without slides. Slides prepared are not shared afterwards with participants.
TBC - 5-10 minutes per participants to talk about incidents
- to confirm your slot email Andrija at av@etis.org
14:30 – 15:15
Meeting Room: Sky Lounge
(Telco-Only) Session 8: Various topics
Theme: TBC
Operators and suppliers to propose presentations or discussion topics, e.g.:
- Honeypots (some operators especially interested as they are not familiar with it yet) versus Honey tokens
- CTI providers (many operators looking at a change of provider, the ones they want to abandon are sometimes the ones others are looking into to migrate towards)
- Threat hunting
- Other? Email Andrija at av@etis.org
15:15 – 15:30
Meeting Room: Sky Lounge
Closing Session
A short session dedicated to follow-ups and discussing topics that arose during the meeting’s discussions. Participants will brainstorm and compile a list of future topics for consideration in upcoming ETIS events.
Before leaving, participants are kindly requested to fill out the Feedback Form.
Event Context and Expectations
This workshop is a collaborative knowledge-sharing event, where success relies on active preparation and engagement from all participants.
- Participants are invited to prepare presentation(s) relevant to one of the main sessions (ideally addressing one or more of the suggested topics within that session).
- Topic selection confirmation with the organizer by early October and draft presentation submission by early November.
- Meeting is held under Chatham House Rules + TLP rules, following ETIS confidentiality guidelines and anti-trust policy.
Event Sponsorship and Participation
This event is fully sponsored by ETIS and its partners and sponsors, covering all meals, coffee breaks, the guided tour, and the farewell reception. Participation is free of charge & is open to ETIS member companies. Sponsors and Guests will receive special invites.
Attendees are expected to actively contribute to discussions and presentations.
Registration and Support
If you have not yet registered for the event, or if other colleagues from your organization wish to register, please visit the website: HERE
For any questions, requests, or support, please do not hesitate to reach out to the organizer.
ETIS Central Office contact:
Andrija Višić
av@etis.org / +324 95 26 25 26 (Signal)