This event is now sold out. Please contact the organizer for more details or view other events from ETIS.
Agenda
Non-Sponsored Informal Dinner&Drinks in Mechelen
We will meet in the restaurant, as we have a reserved space for our group.
Registration starts
Lobby / Main Entrance
Session 1 • JOINT SESSION • Welcome from the Hosts, Organisers and Sponsors
Meeting Room: "MARGE"
Welcome to both groups:
- Mark Van Tiggel, Tribe Lead - Security and Cyber Resilience, Telenet (10' welcome speech & presentation) - Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech) - Sponsors welcome (3 min speech each)
Splitting into 2 groups
CERT-SOC: room tbc Anti-Abuse: room tbc
Session 2: "Introductions Roundtable and Company Updates (Part 1)"
Meeting Room: "MARGE"
Roundtable introductions: 10 min
Company updates (PART I)
Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.
Coffee Break
Session 3: Deception techniques and tooling: Honeypots(and Nets)
Meeting Room: "MARGE"
Presentations expected from operators using the most sophisticated deception tooling out there.
Contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS:
Slot 1
Slot 2
Slot 3
Lunch Break
Session 4: Using AI for Analysis and Improving user communication in SOC
Meeting Room: "MARGE"
In this session, operators are encouraged to share best practices in:
- using copilot and other AI sec. tools - improving skills in detection engineering (by using AI) - using AI for Analysis. Review of Reports for actual threat actors - other best practices
Contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS:
Slot 1
Slot 2
Coffee Break
Session 5: Threat Intelligence Platforms (TIPs)
Meeting Room: "MARGE"
Contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS:
- Slot 1: "The benefits of implementing a Threat Intel Platform for a TI team", Manuel Carneiro, Sunrise, 20' + Q&A
Session 6 • JOINT SESSION with Anti-Abuse working group: "AI • various detection/observation/methodology for fighting Phishing"
Meeting Room: "MARGE"
In recent years, AI-driven solutions have significantly advanced phishing detection methodologies. Innovations include the development of large language models (LLMs) that analyze email content to identify phishing attempts with remarkable accuracy.
Telecommunication companies have also integrated AI to combat phishing, exemplified by O2's Call Defence system, which utilizes AI to scan and detect potential scam calls, alerting users in real-time to prevent fraud.
Furthermore, AI's role in incident response has expanded, enabling real-time threat detection and automated mitigation strategies, thereby reducing the impact of phishing attacks and enhancing overall cybersecurity resilience.
In this session we will hear from telcos and vendors in the telco ecosystem - contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS FROM TELCOS AND VENDORS:
Slot 1 TBC
Slot 2 TBC
Coffee Break
Groups Split
CERT-SOC: room tbc Anti-Abuse: room tbc
Company Updates (PART 2)
Meeting Room: "MARGE"
Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.
Session 7: Incident sharing roundtable
Meeting Room: "MARGE"
Members share 5-10 min presentations (pre-prepared) about incidents they recently experienced.
Roundtable format where each company gets to have a slot for a presentation with or without slides. Slides prepared are not shared afterwards with participants. Slides are also optional.
Session 8: "Threat Hunting Exercises in European Telcos"
Meeting Room: "MARGE"
Contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS:
Slot 1
Slot 2
Lunch Break
Session 9: Signalling Security Updates from European Telcos
Meeting Room: "MARGE"
Representatives of telcos that were active in addressing signalling security issues and threat actors in the past months are invited to share their progress. Others are invited to prepare a presentation on discoveries from their countries.
Contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS:
Slot 1
Slot 2
Slot 3
Wrap Up Session and Topics for Next Time
Meeting Room: "MARGE"
Roundtable: Each member mentions topics they wish to include in the next meeting agenda
Non-Sponsored Informal Dinner&Drinks in Mechelen
We will meet in the restaurant, as we have a reserved space for our group.
Registration starts
Lobby / Main Entrance
Session 1 • JOINT SESSION • Welcome from the Hosts, Organisers and Sponsors
Meeting Room: "MARGE"
Welcome to both groups:
- Mark Van Tiggel, Tribe Lead - Security and Cyber Resilience, Telenet (10' welcome speech & presentation) - Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech) - Sponsors welcome (3 min speech each)
Splitting into 2 groups
CERT-SOC: room tbc Anti-Abuse: room tbc
Session 2: "Introductions Roundtable and Company Updates"
Meeting Room: "SHREK"
"Introduction of the Telenet Anti-Abuse Team & Responsibilities" - 15' presentation
Then, each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.
Welcome by Telenet and first company update: Jean-Francois Vergieu, Manager - Customer Protection and Mediation, Telenet
Other company updates in the following order:
- TBC
- TBC
Coffee Break
Session 3: "Exploitation of Residential Proxies • Fraud Schemes and Tactics"
Meeting Room: "SHREK"
Residential proxies, which route internet traffic through real residential IP addresses, are increasingly exploited in Europe for fraudulent activities that threaten telcos and their customers.
Presentation is expected from telcos experienced in combating these fraudulent activities.
Please share presentation proposals with Andrija Visic (av@etis.org) directly.
Session 3 (Continuation): "SIM Swapping"
Meeting Room: "SHREK"
Telcos and suppliers will discuss SIM swap fraud by sharing insights on attack methodologies, including social engineering tactics, compromised customer credentials, and weaknesses in identity verification processes.
Telcos can explore best practices for mitigating fraud, such as implementing stricter KYC protocols, AI-driven fraud detection, and multi-factor authentication.
Collaboration across operators is crucial, so discussions could focus on creating shared fraud intelligence databases, real-time threat monitoring, and cross-industry cooperation.
Please share presentation proposals with Andrija Visic (av@etis.org) directly.
Session 6 • JOINT SESSION with CERT-SOC working group: "AI • various detection/observation/methodology for fighting Phishing"
Meeting Room: "MARGE"
In recent years, AI-driven solutions have significantly advanced phishing detection methodologies. Innovations include the development of large language models (LLMs) that analyze email content to identify phishing attempts with remarkable accuracy.
Telecommunication companies have also integrated AI to combat phishing, exemplified by O2's Call Defence system, which utilizes AI to scan and detect potential scam calls, alerting users in real-time to prevent fraud.
Furthermore, AI's role in incident response has expanded, enabling real-time threat detection and automated mitigation strategies, thereby reducing the impact of phishing attacks and enhancing overall cybersecurity resilience.
In this session we will hear from telcos and vendors in the telco ecosystem - contact Andrija Visic directly (av@etis.org) to secure your presentation slot.
CONFIRMED PRESENTATIONS FROM TELCOS AND VENDORS:
Slot 1 TBC
Slot 2 TBC
Coffee Break
Groups Split
CERT-SOC: room tbc Anti-Abuse: room tbc
Session 7: "Global Reporting Sharing Experiences"
Meeting Room: "SHREK"
ETIS encourages its members to connect with other partners and share telco-abuse data.
One such example is an initiative Abusix founded: https://abusix.com/blog/global-reporting-a-free-service-by-abusix-to-streamline-abuse-reporting/
Let's hear about its progress and how to reach more partners to share more data.
Session 8: "Methodologies for Automating Communications with Customers"
Meeting Room: "SHREK"
Walled garden approaches to be presented by telecom operators.
Please share presentation proposals with Andrija Visic (av@etis.org) directly.
CONFIRMED PRESENTATIONS:
SLOT 1 - Swisscom, 15'
SLOT 2 - TBC
SLOT 3 - TBC
Lunch Break
Session 9: "Various Topics"
Meeting Room: "SHREK"
Wrap Up Session and Topics for Next Time
MEETING ROOM: tbc
Roundtable: Each member mentions topics they wish to include in the next meeting agenda
Non-Sponsored Informal Dinner&Drinks in Mechelen
We will meet in the restaurant, as we have a reserved space for our group.
Registration starts
Lobby / Main Entrance
Session 1 • JOINT SESSION • Welcome from the Hosts, Organisers and Sponsors
Meeting Room: "MARGE"
Welcome to both groups:
- Mark Van Tiggel, Tribe Lead - Security and Cyber Resilience, Telenet (10' welcome speech & presentation) - Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech) - Sponsors welcome (3 min speech each)
Split off
Red Team Room: TBC
Session 2: "Introductions Roundtable and Company Updates"
Meeting Room: "BLUE BAY"
Each participant will briefly introduce themselves, their role, and their company’s Red Teaming maturity.
This session provides a high-level view of how Red Teams operate across different European telcos, recent challenges faced, and key security initiatives.
Attendees are encouraged to share insights into organizational structures, threat modeling approaches, and any recent strategic shifts in offensive security.
Roundtable format, each company receives 15 minutes (including Q&A)
Coffee Break
Session 3: "Red Team Campaigns"
Meeting Room: "BLUE BAY"
A deep dive into recent Red Team exercises, including methodologies, TTPs (Tactics, Techniques, and Procedures), and key lessons learned.
Discussions will cover campaign planning, execution challenges, and adversary emulation strategies relevant to telco environments.
Participants are invited to present case studies, anonymized AARs (After-Action Reports), or insights into how they adapted to evolving threats and Blue Team defenses.
15 min will be allocated per company (including time for Q&A)
Lunch Break
Session 4: "Tooling Used in Red Teaming – Experiences and Documentation"
Meeting Room: "BLUE BAY"
An interactive discussion on the tools and frameworks Red Teams rely on, from C2 (Command and Control) solutions to initial access techniques, payload development, and evasion strategies.
The focus will be on practical experiences—what works, what doesn’t, and how teams document tool use for repeatability and compliance.
Attendees can showcase custom-built tools, automation scripts, or operational insights into using and securing offensive tooling within a regulated environment.
Coffee Break
Session 5: "Purple Teaming Experiences"
Meeting Room: "BLUE BAY"
Bridging the gap between Red and Blue, this session will explore collaborative testing, detection engineering, and adversary detection simulations within telco environments.
Topics include structured Purple Team exercises, leveraging MITRE ATT&CK for measurable outcomes, and fostering a security-first culture between offensive and defensive teams.
Participants are encouraged to share experiences with Purple Teaming frameworks, custom test cases, and strategies to enhance Blue Team resilience through adversary emulation.
Moderated roundtable format - participants should prepare questions to ask.
Wrap up: Sub group meeting ends
This sub-group will not have a day 2 programme
This event is now sold out. Please contact the organizer for more details or view other events from ETIS.