Event Agenda

Rising significantly over the last few years, supply chains are a key attack vector to prepare for. When a party in the supplier ecosystem is hit by a cyber attack, damage and delays ripple throughout the whole supply chain. In this panel discussion our experts will discuss:
.

• You are only as strong as your weakest link, do you have visibility over your suppliers security maturity?
• How are you balancing strong commitments with giving suppliers adequate support?
• How can we leverage existing assessments in supply chain management?
• What is the best approach to managing the legal requirements of supply chain security?

– Moderator: Paul Sester, CISO, Hornbach Baumarkt AG
– Ali Baccouche, Regional Information Security & Data Privacy Officer, Texas Instruments
– Michael Kitsisa, Senior Information Security Architect, UN World intellectual Property Organisation
– Jorge Rocha, Sr. IT Compliance Lead & Information Security Specialist, Delivery Hero
.

As the EU cyber threat landscape continues to escalate and cyber security investment ramps up, it is crucial to stay informed not only about the future challenges that lie ahead but also about the EU’s ethos towards cyber security moving forward. In this session, Luca Tagliaretti, Executive Director of the European Cybersecurity Competence Centre (ECCC), takes us through the upcoming threats and the ethos of the EU’s new framework to support research, innovation, and industrial policy, stressing the key role of the ECCC within cyber security.
.
– Luca Tagliaretti, Executive Director, European Cybersecurity Competence Centre
.

In the realm of cyber security awareness training, employee inclusivity is a fundamental principle. Workforces consist of individuals with diverse experiences, skill sets, and learning abilities. Every training program needs to offer an inclusive, empathetic, and valued experience for each employee. In this session we explore five critical dimensions of inclusivity, including localisation, multilevel engagement and accessibility, as well as providing guidance on how to integrate this principle into your company culture.
.
– Asaf Sagi, Head of Product Management, CybeReady
.

AI is a buzzword in cyber security. But how do you get a sense of how AI is being used in your organisation – by employees and the security team – and how threat actors might be using AI against you? This presentation aims to demystify AI for cyber security and discuss how to apply the right AI to the right security challenge.
.
– Dr. Beverly McCann, Director of Analysis EMEA, Darktrace
.

In the current cyber security crisis, a CISO’s ability to communicate cyber issues to the rest of the C-Suite is pivotal in ensuring that cyber security issues gain the recognition they deserve within resource delegation and strategic decision-making processes. In this session we gain constructive criticism from RIchard Kearney of Kenvue on where CISO reporting often goes wrong, and some useful strategies you can implement to ensure your business cases are compelling.
.
– Richard Kearney, Regional Head of Cyber Security, Kenvue
.

Digital forensics play a critical role in safeguarding businesses by helping unravel complex cyberattacks to minimise their impact and prevent future incidents of the same nature. In this session we discuss how to acquire, preserve, and analyse evidence from any data source. We will also explore a case study of a post-incident investigation of a compromised laptop in which digital forensic investigators were able to acquire a point-in-time snapshot of the endpoint to provide actionable information to the Incident Response team.
.
– Gavin Hornsey, Solution Consultant, Magnet Forensics
.

As the competition to attract cyber security specialists intensifies amongst a sharp economic downturn, salaries and benefits packages are rising out of reach, and qualified cyber experts are increasingly a rare commodity. In this session our experts take a look at how to navigate this squeeze, from pivoting to automation, to higher education, to strategic talent acquisition and building up in-house competencies.
.
– Moderator: Pascal Vural – Head of Information Security & Data Compliance, Babbel
– Michael Fontner, Head of Global IT Security, Herrenknecht AG
– Michael Paci, Managing Director / Senior Information Security Officer, State Street
.

– Abstract TBD
– Patrick Ghion, CCSO at Geneva State Police and Head of Regional Cyber Competence Center for Western Switzerland (RC3)
.

The high security requirements apply to every operating system – macOS and iOS are no exception. As the market share of Apple devices in companies increases, so does the risk of malware, security breaches and vulnerabilities. As a result, companies need to ensure the security and compliance of these devices, their users and access. In this session, you’ll learn why an IT security officer should care about Apple security, which risks associated with each Apple operating system are key to know and how to implement a valid strategy to protect your Apple device fleet.
.
– Rene Stiel, Senior Engineer Security Solutions, Jamf
– Henrik Nitsche, Security Solutions Manager, Jamf
.

Businesses in 2024 are increasingly reliant on mobile technology. Through mobile devices and applications, organisations are enhancing convenience, productivity, and innovation. The recent emergence of mobile-first businesses poses significant challenges for security teams. The rapid propagation of mobile devices and apps has expanded the attack surface, attracting sophisticated cybercriminals and nation-states. In this context, we’ll examine the growing vulnerability gap and present five essential principles for securing mobile-first businesses.
.
– Alexander Mann, Regional DACH Director, Zimperium
.

Join Bugcrowd’s Matthias Held, alongside Stuart Short, Head of Bug Bounty Program at SAP, as they explore ways of unlocking the collective ingenuity of hackers to stay one step ahead of threat actors. The discussion will delve into the power of crowdsourced security, collaboration with ethical hackers, and the importance of a shift left mindset for product security.
.
– Stuart Short, Head of SAP Bug Bounty Program, SAP
– Matthias Held, Senior Security Solutions Architect, Bugcrowd
.

T1: Is Cyber Security the job of C-level? Discussing Challenges and Solutions
– Frederik Angermaier, Business Value Director, Serviceware
.
T2: Discussing How to Get Visibility on your Third-Party Ecosystem at Scale
– Michael Strobl, Senior Security Architect, SecurityScorecard
.
T3: NIS2, the EU Cyber Resilience Act and What It Means To You
– Ilkka Turunen, Field CTO, Sonatype
.

Join our experts as they discuss their hands-on experience in terms of preparation, identification, detection and analysis, containment, eradication and recovery, and post-incident activities, considering:

• What are the key ingredients to an effective Incident Response plan?
• Do we need a playbook on specific incident types?
• What is your advice on choosing a detection and response tool?
• How should we plan for legal, regulatory and PR issues?

– Moderator: Isabel Parketta, CISO & Head of Governance, Risk & Audit
– Patrick Ghion, CCSO, Geneva State Police and Head of Regional Cyber Competence Center for Western Switzerland (RC3)
– Gianclaudio Moresi – Corporate CISO – Forbo Group
– Robert Hellwig, CISO, University of Siegen
.

.

• HHow do you prioritise getting the people, processes, and culture in place?
• What are the barriers to the adoption of cyber security best practices?
• How do you gauge your company’s cyber security maturity?
• Evolving cybercrime demands updated practices. What cyber strategies do you consider obsolete and what sustainable cyber strategies can you recommend to best address modern security challenges?

– Moderator: Michael Fontner, Head of Global IT Security – Herrenknecht AG
– Dr. Timo Wandhoefer, Group CISO, Klockner & Co SE
– Pascal Vural, Head of Information Security & Data Compliance, Babbel
– Robert Hellwig, CISO, University of Siegen
.

Banking has always been a highly regulated industry, and within cyber security that is no exception. The European regulatory landscape continues to put additional pressure on CISOs to do more with less resources. In this presentation Nuno Teodoro of Solaris SE shows his approach to cyber security in the banking industry, taking into consideration the current highly regulated landscape and the optimization of teams, technology and budgets towards the most effective outcomes.
.
– Nuno Teodoro, Vice President, Group Cyber Security at Solaris SE

In the early days of AppSec, application and API security was dominated by ad hoc manual practices such as penetration testing and threat modelling. Now, trends like the empowerment of development teams via the Agile and DevOps movements, as well as orchestrated ephemeral infrastructure, have created an opportunity to make application and API security much more efficient and effective. In this session we discuss what to expect and how to prepare API Security moving forward.
.
– Larry Maccherone, DevSecOps Transformation Architect, Contrast Security

In an era where the use of cloud software has become pivotal in daily office functions, the recent loss of Microsoft’s Cloud Key to ‘Storm-0558’, and subsequent lack of transparency, damages not only Microsoft’s reputation but the sanctity of hyperscalers previously thought to be safe. In this retrospective we discuss what went wrong, and how we ought to go about rebuilding trust following Cloud Security breaches.
.
– Ovidiu Catrina, Head of Information Security, the Stepstone Group
.

AI is seen as a way to help analysts spend time on activities that matter and help decrease alert fatigue. This session looks at how AI can realistically be used to form a modern SOC. Discussion topics include the practical and impractical applications of AI, how to overcome black box concerns, the benefits of using this technology and if automation is there to assist or replace analysts. You’ll gain a better understanding of how automation can be applied to your security operations.
.
– Moderator: Hanan Levin, VP of EMEA, Hunters
– Nuno Teodoro, VP, Group Cyber Security, Solaris SE
– Olivier Vareilhes, Business Value Director, Kudelski Security
.

This session emphasises the critical role of Multi-factor Authentication (MFA) in enhancing account security. Despite being a robust extra layer of protection, MFA is vulnerable to new sophisticated hacking strategies. This session underscores the importance of understanding these malicious techniques, with a guide in preparing users to fortify their defences against advanced cyber threats.
.

• How do you identify the key red flags in a phishing email to avoid falling for malicious schemes?
• How can you educate employees about the dangers of phishing and enhance cyber security awareness?
• Does multi-factor authentication (MFA) effectively protect against phishing attacks?
• What are the best practices for monitoring and analysing phishing trends to stay ahead of attackers?
• Which prevention strategies are available to protect your organisation?

– Gianclaudio Moresi, Corporate CISO, Forbo Group
.

The third-party management landscape is at an interesting junction. The increased complexity of managing third parties is driving organisations to rapidly mature their programs and seek better and more efficient ways to operate and position themselves to scale. In this session, we will review the changes in approach we’ve seen over the last year and dive into key trends that will shape the third-party management landscape in 2024.
.
– Jorg Soorman, GRC Cloud Specialist, OneTrust
.

The cybersecurity landscape is always evolving, and in 2023 Cofense saw the volume and variety of threat campaigns once again develop exponentially. In this session we take a look at the latest threat tactics developing, discussing why your people are still vital in the protection of your organisation.
.
– Alain Salesse, Principal Solutions Engineer, Cofense
.

The recent NIS2 directive, set to be transposed into national law on the 17th October 2024, is on the mind of many CISOs as organisations prepare their compliance roadmap. This update on the initial 2016 NIS directive aims to bring into scope more sectors and increase risk management across the region. By imposing significant fines, penalties, liabilities and incident response requirements, more resources will have to be spent on compliance at a time when budgets are already stretched thin. In this session we take a deeper look at the directive and consider strategies for working towards compliance.
.
– Ali Baccouche, Regional Information Security & Data Privacy Officer, Texas Instruments
.

With the onset of NIS2 and the Cyber Resilience Act over the past two years, and an upcoming EU Cloud Services Certification Scheme this year, there has been considerable regulatory and legal noise in recent history.

• How can we effectively understand and prepare for these new cyber security regulations?
• What is your advice for succinctly explaining cyber security regulations to the Board?
• Are EU-level regulations benefiting cyber security in the private sector?
• What trends in cyber security legislation are on the horizon?

– Moderator: Luca Tagliaretti, Executive Director, European Cybersecurity Competence Centre
– Ali Baccouche, Regional Information Security & Data Privacy Officer, Texas Instruments
.

When security fails, resilience is crucial. Join us as Dr. Timo Wandhoefer of Klockner & Co SE explores what the role of the CISO is in building and maintaining cyber resilience, asking:

• If companies plan for successful attacks, should they divert resources away from security which fails to Disaster Recovery and Business Continuity Processes?
• Does this prompt a different approach to security itself? Should CISOs focus on protecting business processes and not simply data?
• What do CISOs bring to cyber resilience?

– Dr. Timo Wandhoefer, Group CISO, Klockner & Co SE
.

In an era of consistent political and economic uncertainty, with several evolving technological threats and opportunities, it is crucial that CISOs stay ahead of the upcoming threat landscape, economic challenges, and opportunities they bring. In this deep dive we’ll address the following questions:

• How will the economic climate and labour market evolve?
• Are there any upcoming paradigm shifts, and what should our perspective be?
• Which cyber practices will last, and which will become redundant?

– Moderator: Jorge Rocha, Sr. IT Compliance Lead & Information Security Specialist, Delivery Hero
.