Security Days 2025: Securing What Matters
Hotel Grandior, Prague, Czech Republic | 8-10 April 2025
By facilitating the exchange of insights, threat intelligence and best practices, Security Days aims to bridge divides and nurture connections among cybersecurity experts and individuals with an interest in security from across the international R&E community and beyond. As National Research and Education Networks (NRENs) continue to strengthen the infrastructure of academic and research institutions, the focus on security is more crucial than ever. “Securing What Matters” highlights the essential task of safeguarding our most critical assets encouraging to recognise and prioritise what needs to be protected. It advocates for a comprehensive approach to security, ensuring that we address the vital aspects that keep our environment safe and resilient.
Proposed topics
Ethics in Security: Ensuring the services and approaches we use are ethical, designed to support users and meet societal goals such as green security initiatives.
Usability and Security: Ensuring that we maintain an excellent user experience that is supported and enhanced by security.
Hands on Security: Exploring the practical aspects of how we delivery our security services, tools and support.
Security Leadership: Focus on the strategic aspects of security management, including developing a security culture within organisations, leading security teams and making informed decisions to mitigate risks.
Securing the Network: Address the technical measures and best practices for protecting network infrastructure. Highlight the importance of continuous monitoring, regular update and incident response planning to maintain network integrity and protect against cyber threats.
Partner
CESNET is an association of universities of the Czech Republic and the Czech Academy of Sciences. It operates and develops the national e-infrastructure for science, research and education and offers a rich set of services to connected organisations.
Opening plenary
8 April 2025 | 13:45 (CET)
Keynote: To trust or to distrust … THAT is the question
Prof. Dr. Karen Renaud, University of Strathclyde, UK
We are all familiar with the saying: "trust, but verify", and certainly in many cybersecurity situations, this is an excellent guideline. Yet, the cybersecurity domain is complex and dynamic and so is the organisational context. When we bring the two together, one cannot simply apply this mantra everywhere. In this talk, I will discuss the topic of trust in cybersecurity, drawing out some nuances in the domain, and hopefully highlighting those areas where distrust is appropriate, and others where trust is well advised.
About Karen
Prof. Dr. Karen Renaud is a computing scientist at the University of Strathclyde in Glasgow, specialising in Human-Centred Security and Privacy. With academic backgrounds from the University of Pretoria in South Africa and the University of Glasgow, she focuses on applying behavioural science techniques to enhance security practices and promote privacy-preserving behaviours among end-users. Prof. Renaud collaborates with leading academics worldwide, integrating insights and methodologies from multiple disciplines into her research to address complex challenges in the field of security and privacy.
8 April 2025 | 14:20 (CET)
Keynote: Beyond the surface: embracing the inconvenient truth of cybersecurity
Dr. Nicole van der Meulen, SURF, The Netherlands
About Nicole
Dr. Nicole van der Meulen is an expert in cybercrime and cybersecurity, currently serving as the Cyber Security Innovation Lead at SURF. With an academic background from Tilburg University, where she earned her PhD in 2010 with a comparative study on digital financial identity theft between the United States and the Netherlands, Dr. van der Meulen has developed extensive experience in the field. She has held key roles, including Head of Policy & Development at Europol’s European Cybercrime Centre (EC3), where she was responsible for the Internet Organised Crime Threat Assessment (IOCTA). Additionally, she has advised on security affairs for the Dutch Banking Association and led the cybersecurity team at RAND Europe’s Defence, Security and Infrastructure group in Cambridge, UK. Throughout her career, Dr. van der Meulen has collaborated with governmental agencies, private sector organisations, and academic institutions to address key cybersecurity challenges.
Closing plenary
10 April 2025 | 11:00 (CET)
Keynote: AI on the Rise - Helper or Threat?
Tomáš Čejka, CESNET
Artificial intelligence (AI) has reached a new stage, where advances in hardware and neural networks have made AI assistants a part of everyday life. These technologies break language barriers and unify communication across nations. AI has also played a key role in cybersecurity for years - enhancing document analysis, automating configurations, and improving threat detection. It helps security teams scale despite the ongoing shortage of experts.
However, AI’s widespread adoption in cybersecurity also introduces new risks. Attackers can leverage the same tools, making AI-driven threats harder to detect, even for professionals. And what about our reliance on third-party AI providers? Could this pose a risk to EU sovereignty and defence?
About Tomáš
Tomáš Čejka leads a research department at CESNET, specialising in network security and traffic analysis. Together with his team, he focuses on high-speed network monitoring, leveraging machine learning and artificial intelligence for traffic classification and security threat detection. His research contributes to multiple national and international projects, advancing cybersecurity and strengthening network resilience.
In addition to his role at CESNET, Tomáš Čejka is an associate professor at the Czech Technical University in Prague, where he supervises a team of students. He is also the founder of the Network Traffic Monitoring Laboratory at the university’s Faculty of Information Technology, fostering innovation in network monitoring and cybersecurity research.
10 April 2025 | 11:20 (CET)
Keynote: Who Owns the Internet?
Nicole Harris, GÉANT
Who owns the internet, and more importantly, why should NRENs care? Most people would probably answer either no-one or everyone, but the true picture is a multifaceted and complex question that involves government influence, private sector dominance and overlapping contradictory legal and regulatory frameworks. Much of the internet operates on the understanding of shared principles such as net neutrality, and faith in not-for-profit organisations such as ICANN, ISOC and IETF to do the right thing – but is this enough? Highlighting some of the use cases that could fundamentally change the way we work online and challenging the audience to answer some legal conundrums, this talk will highlight some of the challenges of operating online in 2025, and some of the ways in which we need to be paying more attention to decisions being made about how the internet operates.
About Nicole
Nicole Harris joined GÉANT in March 2013 as a Project Development Officer to support the global GÉANT Community Programme. She works primarily in trust and security and specialises in managing global IT initiatives, policy and legal issues and open source developments. Since 2010, Nicole has been involved in REFEDS (Research and Education Federations) and continues that role as part of her GÉANT responsibilities. REFEDS is the voice that articulates the mutual needs of research and education identity federations worldwide, and provides a range of working groups, advisories and services to enhance interaction and interoperability between identity federations.
Nicole was responsible for TF-CSIRT, GÉANT’s forum for CSIRTS, and continues to support GÉANT’s successful TRANSITS training programme as well as managing a variety of security related projects for National and Research Education Networks.
Prior to joining GÉANT, Nicole worked at JISC for 10 years, supporting a range of programmes and services in the middleware, research and open source spaces. Whilst at Jisc, Nicole established the UK Access Management Federation, one of the earliest research and education identity federations to emerge. Nicole holds a Master of Arts degree in Children’s Literature, which has been more useful in her technical career than people might think.
10 April 2025 | 11:40 (CET)
Keynote: Rethinking human vulnerabilities in cybersecurity
Dr David Modic, University of Ljubljana, Slovenia
While human attack vectors are now generally acknowledged to “be a thing” in INFOSEC, there are two immediate points we should make:
(a) Human attack vectors have been seen to be important in abstract for at least forty years – with overused phrases of humans being the weakest link of security. However, it is becoming clearer and clearer that understanding human attack vectors concretely is still elusive to the general (managerial) population.
(b) There is a substantial amount of gatekeeping in our field, where only spending weeks on obscure code and finding a 0-day or the ability to script Metasploit is considered “true” hacking, while exploiting human inability to premeditate is not. We are expected to bow to the technological supremacy of techno nerds and not point out that the threat model in both cases often remains the same.
In the talk, I will explore this curious divide in INFOSEC through examples and we will further look empirically at how lack of familiarity with concepts we pay lip service to, but in some cases do not understand fully, leads to potentially disastrous (or at least tragically amusing) fails in security.
About David
Dr David Modic is an assistant professor, Director of Studies, and PI for various defence projects. David teaches INFOSEC and his main interests are human attack vectors. He is an EU-registered expert and an EDF reviewer, specialising in Information Security, Cyber Warfare, the psychology of security, and the ethics of intelligent systems.
Dr. Modic holds national and EU security clearance up to SECRET and is affiliated with Cambridge University, where he is a Senior Non-Residential Member of King's College and a former research associate at the Computer Laboratory. At Cambridge, he was also the former CamCERT Social Engineering Special Advisor.
He consults governments and organisations on cybercrime and security, in Brazil, Estonia, Lithuania, Slovenia, the UK.
Location
Prague is a city of a thousand spires, where history and culture meet in a stunning display of architectural beauty. Whether you are interested in exploring Prague Castle, crossing the iconic Charles Bridge, admiring the intricate Astronomical Clock, or enjoying the nightlife, Prague has something for everyone. Prague is also a hub of innovation and creativity, hosting conferences, festivals, and events throughout the year.
Venue
Hotel Grandior Prague, Na Poříčí 42, 110 00 Prague 1, Czech Republic
Hotel Grandior is closely located to the many attractions offered by Prague Old Town, making it an excellent choice for conference participants. The hotel offers convenient access to the central train station, subway (Station Florenc, metro line B + C) or the tram stops nearby, and has a car park onsite.
For a preferential rate at the Hotel Grandior, please use discount code 'GÉANT 2025' when making a reservation.