Ireland Melbourne

Welcome to COSAC - Conferencing the way it should be! Call for Papers is now open!

For 26 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Registration for COSAC 2019 is now open - 29th September - 3rd October.

Wednesday 3rd October 2018

09:00 - 09:30 Delegate Registration & Coffee

09:30 8A: You ARE The Weakest Link: Goodbye! Speaker(s): Jaco Jacobs

Jaco Jacobs

Senior Manager, Accenture (Netherlands)

Jaco is Cyber Defense domain lead for the Gallia region at Accenture Security based out of the Netherlands. He has been a “security guy” for around 19 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US. He has spent a large part of his career developing security IP and services and co-authoring security publications.

A COSAC Debate: 

Isaac Asimov's [slightly adjusted] "Three Laws of [Artificial Intelligence and] Robotics" 

• A robot [or AI] may not injure a human being [that which matters most] or, through inaction, allow a human being [that which matters most] to come to harm. 

• A robot [or AI] must obey orders given it by human beings except where such orders would conflict with the First Law. 

• A robot [or AI] must protect its own existence as long as such protection does not conflict with the First or Second Law. 

Is AI and Robotic Process Automation (RPA) going to replace the need for humans in the future? Will this eliminate the mistakes and oversights so typically made by people that expose organizations? Is making logic based decisions, devoid of ego and emotion, the right approach to protecting that which matters most and what is the impact of “smart malware” left to survive on its own in the wild? 

Join us as we debate the positive and negative impacts of introducing AI and RPA into the security world. 

09:30 8B: Taking Your Stakeholders Along: More Lessons From Burning Man Speaker(s): Mike Broome,

Mike Broome

Senior Software Engineer, Tanium (USA)

Mike is a Senior Software Engineer at Tanium, developing large-scale enterprise security and operations software. He spent two decades in networking and low-level embedded software, including writing code for the fastest-ramping mid-range router at Cisco. After a stint in embedded industrial control systems, he  has spent the past 3 years working on a threat response solution that enables real-time monitoring of data at rest for indicators of compromise across an entire enterprise.
Lisa Lorenzin

Lisa Lorenzin

Director, Emerging Technologies, Americas, Zscaler (USA)

Lisa Lorenzin is the Director, Emerging Technologies, Americas at Zscaler, specializing in zero trust networks, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security. 

So you've decided to tackle a major security initiative. Whether you're a CISO, an enterprise security architect, or a consultant, two key questions arise: how do you get buy-in from your stakeholders? And how do you work with them to ensure success? 

Seven years ago at COSAC, we discussed security lessons learned at Burning Man, a week-long annual art event and temporary community deep in the heart of the Nevada desert. Since then, we've continued to attend - and last year, my mother joined us. She's 70, has MS, has limited mobility and heat tolerance... so let's go ride bikes in the desert for a week! What could go wrong? 

The most difficult part of any enterprise security project is the Layer 8 considerations: how to ensure that stakeholders understand the project, and that we understand its impact on them, so we can succeed together. For months prior to the Burn, we went through an iterative process of identifying potential issues and potential mitigations - and then we tested those mitigations in the field. Sound familiar? Once again, Burning Man has much to teach us about the infosec arena. 

09:30 8S: (Re)Discovering Your Risk Assessment Mojo - How to Ditch the Dread & Find Love for SABSA Risk Assessments Speaker(s): Andrew S. Townley

Andrew S. Townley

Founder & CEO, Archistry (South Africa)

Andrew is an international speaker, published author and thought leader on business execution, security, risk and technology who has extensive practical, hands-on experience working in the US, Europe, Middle East, Africa and Brazil. His Enterprise and Security Architecture experience includes leading SABSA adoption organizational change initiatives for Fortune Global 300 customers and is built on not only SABSA certification but personal mentoring by two of SABSA’s principal authors.

Love SABSA but dread doing risk assessments? You’re comfortable building Business Drivers in your head, and yet, when you go to sit down and do a “proper” risk assessment, you feel the overwhelming urge to look the clock, go get a coffee and check your emails/social media accounts—anything to put off venturing into the rat’s nest of PESTELIM, Internal Factors Analysis, SWOT and Control & Enablement Objectives. 

You know the techniques, and you dutifully apply them, but the result is a very large number of potential risk scenarios that you feel are all ultimately very similar, you’re not really sure where to draw the line between direct and systemic impact, and looking back at the work you’ve done, you see that you’re not always associating similar scenarios with the same domains and attributes. Ultimately, you’re doing a lot of work, but you’re just not confident of your results, and you really believe SABSA ought to be able to solve this problem—after all, it’s all about making risk-driven decisions, so how are you supposed to do that if doing a risk assessment is this hard? 

The good news is that there’s nothing missing in SABSA. You just need a better way to think about the whole process, and, fortunately, there’s a solution. 

In this session, we’ll explore an approach that will increase the speed and consistency of your risk assessments and ultimately give you much higher levels of confidence in your results and recommendations—no matter where in the lifecycle the assessment is performed. 

In particular, we’ll cover: 

• A very quick refresher of risk assessments in SABSA 

• A common root cause of getting lost and overwhelmed doing risk assessments 

• The elements of the solution: VERIS and the critical SABSA architecture elements you need to have in place 

• How you proactively answer the most important risk assessment questions 

• Effective ways for keeping direct vs. systemic impact clearly separated 

• The overall impact of the approach to full-lifecycle SABSA delivery 

The fundamental objective of this session is to give you ideas and techniques you can put in practice once you get back to the office so you learn to love risk assessments as the key, critical aspect of the SABSA method—or at least, not hate them quite so much. 

10:30 - 10:50 Morning Coffee

10:50 9A: Optimal Machine Learning Algorithms for Cyber Threat Detection Speaker(s): Hafiz Farooq

Hafiz Farooq

Chief Cyber Security Architect, Saudi Aramaco (Saudi Arabia)

Hafiz Farooq is currently serving as a Senior Cyber Security Architect for Saudi Aramco's Global Security Operations Centre (SOC). With 15 years of research and professional experience in Cyber and Network Security domain, harnessing the first-line-of-defence against huge spectrum of targeted and untargetted cyber attacks from adversaries. His acute academic and professional experience helped him orchestrating the security processes for Saudi Aramco after the well-known Shamoon attack in 2012. 

Seeing the exponential hike in global cyber threat spectrum, organizations are now striving for better data mining techniques in order to analyse security logs received from their IT infrastructures to ensure potent cyber threat detection and subsequent incident response. Machine Learning based analysis for security machine data is the next emerging trend in cyber security, aimed at minimizing the operational overheads of maintaining conventional static correlation rules in the security-monitoring devices. However, selecting the optimal algorithm with least number of false-positives still remains the impeding factor against the success of data science, especially in the case of any largescale and global level Security Operations Centre (SOC) environment. This fact brings a dire need for an effective and efficient machine learning based cyber threat detection model. In this research, we are proposing optimal machine learning algorithms for detecting multiple types of threat actors by analytically and empirically comparing gathered results from various anomaly detection, classification and forecasting algorithms.

10:50 9B: Organisational Risk & Threat Modelling Workshop Speaker(s): Jason Kobes,

Jason Kobes

Principal Cyber Architect, Northrop Grumman (USA)

Jason Kobes works as a Principal Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over 20 years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University. 
William Schultz

William Schultz

Principal Security Architect, Vanderbilt University Medical Centre (USA)

Bill Schultz is security architect who has worked in the Information Technology field for over 14 years, with s focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. Bill has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards. 

Risk managers often find it difficult to communicate threats and risk (and the difference) to those who must understand what is at stake in the context of the organizations mission. Identifying ways to model and visualize risk is key to helping stakeholders determine which mission objectives or organizational assets are at risk, and where risk treatments are needed. To add to the complexity, many risk managers have to give assessments on the fly, or with short notice. There are many effective methods that can be used to model risk and address these challenges, and this workshop aims to explore different risk and threat modeling methods and practices. This same workshop was given in the inaugural COSAC APAC in December of 2017 and resulted in valuable discussion, and even in the creation of a working group to continue the progress. In this highly interactive session we will review the progress of the COSAC APAC contributors and will work in groups to visually model risk on the fly in a 15-20 minute activity with a given challenging mission scenario. We will then share, brainstorm, and discuss advantages and disadvantages to these risk models. We have found that working in this way we can make progress in areas that would be near impossible to achieve working remotely. 

10:50 9S: Putting Metrics into Context: Why it Matters & How to Do It Speaker(s): Michael Krumbak

Michael Krumbak

Enterprise Security Architect, DSV A/S (Denmark)

Michael Krumbak has been working with information security, in various roles, for more than 20 years. The last 10 years with main focus on the management part of security, compliance and risk issues. Michael prefers to work in the space between business executives and technology teams, facilitating communication and mutual understanding among stakeholders. Currently, Michael works in the role of EnterpriseSecurity Architect in a global logistics company. 

For ages security people (myself included) have measured security by counting raw metrics, incidents, blocked spam emails and reported them 'as-is' to their Executive Management teams. All the time complaining that their audience do not support security, understand what security is and why it is important... Is it possible there is a connection? Is your success not solely depending on your security skills - but also on your communication skills? 

Reality is that never before in time, has security had so much attention in board rooms and with executive teams as it has now. If you can "get it right", now is a window of opportunity of unprecedented proportions. Give your exec-guys what they ask for. This presentation will explain why it is important to "meet your audiences' on their turf"? Why management support is heavily related to your (communication) skills? There is a reason why most people still "count" when they measure security, building context around your metrics is not a trivial task. This presentation will demonstrate how to use SABSA methods to break-down strategic objectives and build-up the business context around the metrics. 

12:00 10A: Artificial Intelligence Gone Wrong: How Classifiers Can Mis-characterise the Environment Speaker(s): Char Sample,

Char Sample

Research Fellow, ICF Army Research Labs (USA)

Dr. Char Sample is research fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.
Lori Murray

Lori Murray

PhD Student, Iowa State University (USA)

Lori Murray is a Senior Advanced 3 Information Assurance Systems Engineer, currently enrolled at Iowa State University as a PhD student studying Computer Engineering. She has her Masters of Science degrees in Information Assurance and Business Analytics from Iowa State University, along with her CISSP. Lori has 15 years of experience between Systems Engineering as a Cyber Security SME building security architecture from requirements definition to design.

Artificial intelligence and machine learning algorithms are becoming the latest buzzword in security technology, promising to improve the lives of security professionals. To many long time security practitioners these promises have a familiar ring. 

This session begins by first examining how learning and intelligence impact the structure of a dataset and how variations in cognitive processes associated with learning and intelligence differ according to linguistics, culture, psychology, pedagogy and other factors. These factors have a direct influence on the structure of the data set, having a profound impact optimization of classifiers that use training data. These factors can result in unintentional or intentional poisoning the training data, or violate underlying statistical assumptions through generating a weak data set. 

We will individually explore several popular classification algorithms showing how the data set utilizes classifiers, exploring how they can work well in one environment while failing in another based on the aforementioned differences in the cognitive environments (linguistics, culture, psychology, pedagogy etc.). The following classifier types will be discussed: 

- Heuristics 

- Neural networks 

- Random forests 

12:00 10B: In Search of the Elusive "Securiton" Speaker(s): Michael Hirschfeld

Michael Hirschfeld

Cyber Security Adviser, Envista (Australia)

Michael is a Cyber Security Adviser with Envista providing high level assistance on Cyber Related matters. He was formerly the CIO and CISO at the Australian Department of Finance where he had executive responsibility for ICT as well as physical security within that agency. He has previously held senior roles with government agencies including Department of Foreign Affairs. 

Early in my career, around 2001, I first heard the term “Securiton” used in the context of measuring effective return on investment for ICT Security Projects. “Securiton” was used, in a humorous way, as a fictitious measure of the outcomes of computer security projects to illustrate what we knew the executive wanted to hear to approve business cases for our projects. 

We dreamed of being able to say: 

“This project will make us 37 Securitons more secure at a cost of only $370,000 – a bargain at only $10,000 per securiton!” 

Mark Twain has been quoted as saying “Humor is the good natured side of a truth.” And there is more than a grain of truth in the use of “Securiton”. We, as an industry, long for an objective measure that can help us explain what our complex and technical subject to the executive in a meaningful way. 

As Peter Drucker said: “What gets measured gets managed.” and it is time that we started building effective and objective measures within security. 

This workshop will interactively explore the possibility of building such an objective measure for risk in our industry. 

We will start with a look at how people, in general, approach the consideration of ordinary risks in a very subjective way. 

We will then look at real known risks and threats in our industry and discuss how organisations measure likelihood and consequences, both subjectively and objectively, to determine “risk”. 

We will then workshop the possibility of building a standard subjective measure for various known cyber security risks considering a range of factors that might increase these risks in particular industries and organisations impacting. 

This session will be run as a workshop. 

12:00 10S: Tag, You're It! Speaker(s): Jaco Jacobs

Jaco Jacobs

Senior Manager, Accenture (Netherlands)

Jaco is Cyber Defense domain lead for the Gallia region at Accenture Security based out of the Netherlands. He has been a “security guy” for around 19 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US. He has spent a large part of his career developing security IP and services and co-authoring security publications.

Being able to visualize an Enterprise Security Architecture in a meaningful way across all of the SABSA layers, is an amazing way to bring the ESA to life and enabling the use of ESA on an almost daily basis by a variety of stakeholders who have different priorities and needs. 

In this workshop, we will build an ESA on a page (or rather on the wall) for one of the best-known and successful companies on the planet and allow the teams to explore the best ways and techniques to tie all of the defined architectural artefact together. 

13:00 - 14:00 Lunch

14:00 11A: A Solution Architecture for Establishing Provenance Speaker(s): John Sherwood

John Sherwood

Chief Architect, The SABSA Institute (UK)

John Sherwood is the Chief Architect of SABSA, working at The SABSA Institute, leading the development of the SABSA framework by engaging with the global SABSA Community to harness new thinking and innovation in the practice of security architecture. He also leads the collaboration between the institute and The Open Group in this area of work.

This theoretical case study is an approach for tracing the provenance of goods and their associated values using an ‘information centric’ architecture, as opposed to being system centric. The security is embedded in the data structures, not in the system technology. In that regard it is innovative and unlike most implementations of traceable sourcing.

At a time when 'blockchain' is all the rage, this session presents of an alternative, less costly and less complex approach to proving the authenticity of certified goods and services and the digitised documents that support them. There is an increasing need for such a service, and those who have an interest in digital provenance will find this excursion into architectural design of value to their thinking. It will be of particular value to all those for whom blockchain is a step too far but who require inherent strong traceability in digital documentation. It’s not a product, just an architectural design, but no doubt someone could productise it, or something like it. The values to be protected may be financial but may also be concerned with assurance of authenticity of source, which in itself may or may not carry premium financial value. From designer fashion, to organic food production, to ethical sourcing, and to authentic financial accounting documents, there are many applications. Each application would probably require a customised version of the generic design presented here.

The value of anything depends upon what someone will pay to obtain it. Value is a market driven thing. There is no absolute value scale in the market place. What someone will pay depends upon how much confidence and trust they have in the authenticity of the item according to the claims made by the seller. An extreme example would be a work of art. If it is a genuine piece by a famous artist it might have huge worth, whereas a fake would be relatively worthless. Provenance is everything in such transactions.

Proving authenticity requires documented evidence that cannot be fraudulently misrepresented. Paper documentation has fulfilled this evidence function for hundreds of years. As we move into a digital age there is a need for inherently secure digital evidence. An ‘information-centric’ solution architecture would fulfil these functions.

The session will present the contextual, conceptual and logical security architectures of the solution, following the layering of the SABSA framework. There will then be an open discussion of the merits of the design, during which the speaker expects some robust constructive criticism from the audience.

14:00 11B: Using Transmedia Storytelling to Develop Cyber Talent Speaker(s): Rob Hale

Rob Hale

Fellow, Lockhead Martin (USA)

Rob is a Lockheed Martin Fellow with over 25 years of experience in information systems and security. During his career he has been responsible for conducting and supporting information assurance and cyber security activities for federal, state and commercial organisations in the defense, law enforcement, financial services, utility and healthcare industries. Additionally, he has designed and implemented secure networks to support nuclear emergency response teams and top US banks. 

Identifying and growing cyber security talent is a critical challenge to many organizations. While a number of universities and other organizations are offering more in-depth programs on cyber security and information assurance, the need is still outpacing the supply of qualified personnel. Our organization is rolling out an initiative to identify and develop such talent using a combination of transmedia storytelling and a face-to-face final challenge. 

Transmedia storytelling is a means of engaging and absorbing a participant in a cohesive story experience across traditional (e.g., books, articles, posters, etc.) and digital (Twitter, YouTube, web sites, etc.) platforms. It allows the participant to actively discover the story a piece at a time, taking them through the adventure of the narrative. While this technique has been used by Amazon with "The Man in the High Castle" and the television show Mr. Robot, there are many interesting ways to apply it to identifying and growing cyber security talent. In our case, we have crafted a narrative across the surface web, the dark web, text messages, phone calls, YouTube videos, twitter feeds and other sources to engage university partners, which will culminate in a face-to-face challenge, where qualified candidates will be interviewed and offered positions. This presentation will walk through the narrative, discuss the challenges and lessons learned from the preparation of the event and will discuss concepts for a talent development exercise using a similar construct. 

14:00 11S: SABSA Domain Trust Modelling: Good Enough for the Modern Business? Speaker(s): Andy Wall

Andy Wall

Chief Security Officer, Office for National Statistics (UK)

Andy Wall is a cyber, information security & assurance leader with 25+ years’ experience within global & national commercial organisations and UK Govt providing business focused security advice & management. Currently Chief Security Officer at the Office for National Statistics, developing new approaches to secure operations of leading edge big data analytics that support the organisational mission of statistics production on a range of key economic, social & demographic topics. 

This session will show a potential extension of the SABSA domain model to better facilitate multi-stakeholder trust and policy modelling where chains of suppliers are used for security delivery. 

- Explore multi-domain direct and indirect relationships and policy associations where interaction is extensive 

- Debate potential differences between policies and domains as security is implemented and assured in multi-stakeholder environments 

- Challenge a modelling extension for policy requirements that applies on a multiple partner and supplier basis, beyond the existing SABSA model 

Overall the session proposes a new trust model (perhaps 'Community' or 'Federated') and asks fellow SABSA professionals to shoot it down or build on it ! 

15:10 12A: The Architecture of Trust and Its Security Implications Speaker(s): Duncan Greaves

Duncan Greaves

Postgraduate Researcher, Coventry University (UK)

Duncan has 25 years experience in software development and information architecture in the UK and Australia. He is currently transforming the practice of Cybersecurity Management and Trust into theory by studying for a PhD at Coventry University.

Information systems in cyberspace are responsible for the successful processing of many millions of transactions per second, but perform poorly in terms of being long term trustworthy business partners. Trust is a structured social process that ensures and assures longer term relationships between partners. It reduces the moral hazard of technology dependence and the safe exchange of information to Empower these relationships and produce improved shared outcomes. 

To mark the theme of 25 years of 'Shared Experience and Trust' this session will explain and discuss the role of Security, Privacy and Vulnerability protections in socio-technical systems and how practitioners can visualise the interplay between these variables to maximise the trustworthiness of business systems. This original work is being undertaken as part of a structured PhD research programme and includes new concepts and an exclusive preview of the early analysis and findings of this quantitative experimental work. 

Attendees will find this a fascinating, timely, practical and accessible session on the science and art behind producing architectures that deliver transaction security alongside respect for the processes that promote trust formation.

15:10 12B: Addressing the Cybersecurity Skills Crisis through the Untapped Talent Pool of Diversity Speaker(s): Rosanna Kurrer

Rosanna Kurrer

Managing Director, CyberWayFinder (Belgium)

Rosanna is an Architectural Engineer by training and holds a Masters Degree in Building Physics from Kyoto University in Japan. For the past several years, this certified MIT Master Trainer in Educational Mobile Computing, as well as EU Code Week ambassador, has led hands-on, result-oriented workshops in the areas of computer programming, data visualisation, the Internet of Things, and 3D design and Design Thinking, to promote the uptake of digital skills, particularly among girls and women. 

At COSAC 2016, Patrick Wheeler presented a vision of how to attract a more diverse talent pool into careers in cybersecurity and how this diversity would not just help fill the skills shortage but also create more innovative, cognitive diverse and effective cyber teams. 

The vision was one of developing professional women with curiosity, transferable skills and the commitment to learn and acquire the necessary skill set, and who are looking for a challenging career transition. 

Two years later, this vision is now manifest in the CyberWayFinder project in Belgium. 

It has just completed the first pilot year with twenty-six women and is about to start its second year with a fresh intake of thirty women. 

There are many discussions at the moment about the barriers to gender balance in the security profession. 

The CWF initiative is in a position to provide some insight and offer some practical answers about what does and doesn't work from first-hand experience, based on a mix of training, mentoring and successes in directly filing roles that immediately add value to existing cyber teams. 

In this presentation, Rosanna will introduce the principles, practices and approach of the CWF programme and share the wisdom and lessons learned from having set up and run the program over the past 2 years and where it is heading in the future. 

15:10 12S: A Night at the Museum Speaker(s): Chris Blunt

Chris Blunt

Director, Consulting Partner, Axenic (New Zealand)

Chris is a Consulting Partner at Axenic Ltd, a specialist independent information security and privacy consultancy he co-founded in 2009. He has over 22 years of experience in the ICT industry, specialising in security and privacy for the last 11 years. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables his clients to achieve their business goals and objectives. He is also a committee member for BSides Wellington.

Developing an Enterprise Security Architecture for a National Museum. 

Te Papa Tongarewa, the national museum of New Zealand, celebrated its 20 birthday this year and is in the middle of a $50 million renewal programme. The museum sector, like many sectors, believes that digital is the key to innovation and transformation. As part of the renewal programme, the CTO was charged with modernising the technology used by the museum to ensure support and enable its digital ambitions. In addition to this, he was also tasked with providing the Board with an appropriate level of assurance that the information security and privacy risks associated with Te Papa’s use of technology are effectively managed. 

In this talk, we will discuss how SABSA was used to develop and implement an Enterprise Security Architecture and Security Strategy for a complex and heterogeneous environment with competing and conflicting business requirements for security (funnily enough confidentiality is not the primary attribute for most of the museum’s information). However, we will also examine some of the other significant challenges that we had to overcome, including the absence of a business or enterprise architecture, organisation culture and communication style, and ageing technology infrastructure in dire need of modernisation. 

This session will provide you with some real-world practical approaches for addressing both the real and perceived roadblocks to developing an Enterprise Security Architecture and Security Strategy that delivers value by genuinely supporting and enabling the business to achieve its desired outcomes. 

Won’t you join us for a night at the museum? 

16:10 - 16:30 Afternoon Tea

Plenary Sessions

16:30 13P: COSAC Rump Session Speaker(s): David Lynas

David Lynas

Chairman, COSAC (Northern Ireland)

David Lynas is currently enjoying his thirty-fifth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.

Networking & Dinner

18:30 Drinks Reception
19:00 Dinner