Event Agenda
1st – 2nd April 2025 // Frankfurt
1st – 2nd April 2025 // Frankfurt
All sessions will be in English.
Day 1 // 9th April 2024 08:50 – 17:30 CET |
|
08:50Opening Address by the chairperson: Isabel Parketta, CISO | Head of Governance, Risk & Audit, Engel &Völkers | |
09:00Panel Discussion: Securing the Digital Thread: Lessons in Supply Chain Cohesion Rising significantly over the last few years, supply chains are a key attack vector to prepare for. When a party in the supplier ecosystem is hit by a cyber attack, damage and delays ripple throughout the whole supply chain. In this panel discussion our experts will discuss: .
– Moderator: Paul Sester, CISO, Hornbach Baumarkt AG |
|
09:40 Keynote Presentation: Safeguarding the EU Cyber Landscape With the ECCC As the EU cyber threat landscape continues to escalate and cyber security investment ramps up, it is crucial to stay informed not only about the future challenges that lie ahead but also about the EU’s ethos towards cyber security moving forward. In this session, Luca Tagliaretti, Executive Director of the European Cybersecurity Competence Centre (ECCC), takes us through the upcoming threats and the ethos of the EU’s new framework to support research, innovation, and industrial policy, stressing the key role of the ECCC within cyber security. . – Luca Tagliaretti, Executive Director, European Cybersecurity Competence Centre . |
|
10:10Presentation: Inclusivity in Security Awareness: A Holistic Approach to Personalized Training In the realm of cyber security awareness training, employee inclusivity is a fundamental principle. Workforces consist of individuals with diverse experiences, skill sets, and learning abilities. Every training program needs to offer an inclusive, empathetic, and valued experience for each employee. In this session we explore five critical dimensions of inclusivity, including localisation, multilevel engagement and accessibility, as well as providing guidance on how to integrate this principle into your company culture. . – Asaf Sagi, Head of Product Management, CybeReady . |
|
10:40Networking Break | |
11:20Presentation: THE Democratisation OF AI: Security Concerns in a Modern Workforce AI is a buzzword in cyber security. But how do you get a sense of how AI is being used in your organisation – by employees and the security team – and how threat actors might be using AI against you? This presentation aims to demystify AI for cyber security and discuss how to apply the right AI to the right security challenge. . – Dr. Beverly McCann, Director of Analysis EMEA, Darktrace . |
|
11:50Presentation: Enhancing CISO Communication in the Boardroom In the current cyber security crisis, a CISO’s ability to communicate cyber issues to the rest of the C-Suite is pivotal in ensuring that cyber security issues gain the recognition they deserve within resource delegation and strategic decision-making processes. In this session we gain constructive criticism from RIchard Kearney of Kenvue on where CISO reporting often goes wrong, and some useful strategies you can implement to ensure your business cases are compelling. . – Richard Kearney, Regional Head of Cyber Security, Kenvue . |
|
12:20Presentation: Acquire and Investigate: Leveraging Digital Forensics to Understand and Mitigate Incidents Digital forensics play a critical role in safeguarding businesses by helping unravel complex cyberattacks to minimise their impact and prevent future incidents of the same nature. In this session we discuss how to acquire, preserve, and analyse evidence from any data source. We will also explore a case study of a post-incident investigation of a compromised laptop in which digital forensic investigators were able to acquire a point-in-time snapshot of the endpoint to provide actionable information to the Incident Response team. . – Gavin Hornsey, Solution Consultant, Magnet Forensics . |
|
12:50Lunch | |
13:50Fireside Chat: Perspectives on Navigating the Cyber Specialist Drought As the competition to attract cyber security specialists intensifies amongst a sharp economic downturn, salaries and benefits packages are rising out of reach, and qualified cyber experts are increasingly a rare commodity. In this session our experts take a look at how to navigate this squeeze, from pivoting to automation, to higher education, to strategic talent acquisition and building up in-house competencies. . – Moderator: Pascal Vural – Head of Information Security & Data Compliance, Babbel – Michael Fontner, Head of Global IT Security, Herrenknecht AG – Michael Paci, Managing Director / Senior Information Security Officer, State Street . |
|
14:20Group Discussion: Public and Private Sector Cooperation: Bridging the Information Exchange Gap – Abstract TBD – Patrick Ghion, CCSO at Geneva State Police and Head of Regional Cyber Competence Center for Western Switzerland (RC3) . |
|
14:50Presentation: Apple Security in the Enterprise: Why Securing Apple Devices is Important The high security requirements apply to every operating system – macOS and iOS are no exception. As the market share of Apple devices in companies increases, so does the risk of malware, security breaches and vulnerabilities. As a result, companies need to ensure the security and compliance of these devices, their users and access. In this session, you’ll learn why an IT security officer should care about Apple security, which risks associated with each Apple operating system are key to know and how to implement a valid strategy to protect your Apple device fleet. . – Rene Stiel, Senior Engineer Security Solutions, Jamf – Henrik Nitsche, Security Solutions Manager, Jamf . |
|
15:20Presentation: The Widening Vulnerability Gap in Mobile-First Businesses Businesses in 2024 are increasingly reliant on mobile technology. Through mobile devices and applications, organisations are enhancing convenience, productivity, and innovation. The recent emergence of mobile-first businesses poses significant challenges for security teams. The rapid propagation of mobile devices and apps has expanded the attack surface, attracting sophisticated cybercriminals and nation-states. In this context, we’ll examine the growing vulnerability gap and present five essential principles for securing mobile-first businesses. . – Alexander Mann, Regional DACH Director, Zimperium . |
|
15:30Networking Break | |
16:00Presentation: Unlocking the Collective Ingenuity of Hackers to Outpace Threat Actors Join Bugcrowd’s Matthias Held, alongside Stuart Short, Head of Bug Bounty Program at SAP, as they explore ways of unlocking the collective ingenuity of hackers to stay one step ahead of threat actors. The discussion will delve into the power of crowdsourced security, collaboration with ethical hackers, and the importance of a shift left mindset for product security. . – Stuart Short, Head of SAP Bug Bounty Program, SAP – Matthias Held, Senior Security Solutions Architect, Bugcrowd . |
|
16:10Roundtables: T1: Is Cyber Security the job of C-level? Discussing Challenges and Solutions – Frederik Angermaier, Business Value Director, Serviceware . T2: Discussing How to Get Visibility on your Third-Party Ecosystem at Scale – Michael Strobl, Senior Security Architect, SecurityScorecard . T3: NIS2, the EU Cyber Resilience Act and What It Means To You – Ilkka Turunen, Field CTO, Sonatype . |
|
16:50Fireside Chat: Cyber Security Incident Response Plans 101 Join our experts as they discuss their hands-on experience in terms of preparation, identification, detection and analysis, containment, eradication and recovery, and post-incident activities, considering:
– Moderator: Isabel Parketta, CISO & Head of Governance, Risk & Audit |
|
17:30Drinks Reception |
Day 2 // 10th April 2024 08:45 – 16:40 CET |
|
08:45Opening Address by the chairperson: Isabel Parketta, CISO | Head of Governance, Risk & Audit, Engel &Völkers | |
08:50Panel Discussion: The Road to Achieving Cyber Security Maturity .
– Moderator: Michael Fontner, Head of Global IT Security – Herrenknecht AG |
|
09:30Presentation: Navigating the Cyber Security Landscape in a Highly Regulated industry Banking has always been a highly regulated industry, and within cyber security that is no exception. The European regulatory landscape continues to put additional pressure on CISOs to do more with less resources. In this presentation Nuno Teodoro of Solaris SE shows his approach to cyber security in the banking industry, taking into consideration the current highly regulated landscape and the optimization of teams, technology and budgets towards the most effective outcomes. . – Nuno Teodoro, Vice President, Group Cyber Security at Solaris SE |
|
10:00Presentation: Skate to Where the App and API Security Puck is Going In the early days of AppSec, application and API security was dominated by ad hoc manual practices such as penetration testing and threat modelling. Now, trends like the empowerment of development teams via the Agile and DevOps movements, as well as orchestrated ephemeral infrastructure, have created an opportunity to make application and API security much more efficient and effective. In this session we discuss what to expect and how to prepare API Security moving forward. . – Larry Maccherone, DevSecOps Transformation Architect, Contrast Security |
|
10:30Networking & Break | |
11:10Presentation: Rebuilding Trust: Addressing the Microsoft Key Loss and Shaping Cloud Security In an era where the use of cloud software has become pivotal in daily office functions, the recent loss of Microsoft’s Cloud Key to ‘Storm-0558’, and subsequent lack of transparency, damages not only Microsoft’s reputation but the sanctity of hyperscalers previously thought to be safe. In this retrospective we discuss what went wrong, and how we ought to go about rebuilding trust following Cloud Security breaches. . – Ovidiu Catrina, Head of Information Security, the Stepstone Group . |
|
11:40Presentation: The Role of AI in the Modern SOC AI is seen as a way to help analysts spend time on activities that matter and help decrease alert fatigue. This session looks at how AI can realistically be used to form a modern SOC. Discussion topics include the practical and impractical applications of AI, how to overcome black box concerns, the benefits of using this technology and if automation is there to assist or replace analysts. You’ll gain a better understanding of how automation can be applied to your security operations. . – Moderator: Hanan Levin, VP of EMEA, Hunters – Nuno Teodoro, VP, Group Cyber Security, Solaris SE – Olivier Vareilhes, Business Value Director, Kudelski Security . |
|
12:10Presentation: MFA Bypass is Reality! Adapting Security Measures to Tackle Phishing Emails This session emphasises the critical role of Multi-factor Authentication (MFA) in enhancing account security. Despite being a robust extra layer of protection, MFA is vulnerable to new sophisticated hacking strategies. This session underscores the importance of understanding these malicious techniques, with a guide in preparing users to fortify their defences against advanced cyber threats. .
– Gianclaudio Moresi, Corporate CISO, Forbo Group |
|
12:30Presentation: Trends Third-Party Management Trends for the New Year The third-party management landscape is at an interesting junction. The increased complexity of managing third parties is driving organisations to rapidly mature their programs and seek better and more efficient ways to operate and position themselves to scale. In this session, we will review the changes in approach we’ve seen over the last year and dive into key trends that will shape the third-party management landscape in 2024. . – Jorg Soorman, GRC Cloud Specialist, OneTrust . |
|
13:00Spotlight Sponsor: The Human Shield: Still Your Ultimate Defense Against Phishing Attacks The cybersecurity landscape is always evolving, and in 2023 Cofense saw the volume and variety of threat campaigns once again develop exponentially. In this session we take a look at the latest threat tactics developing, discussing why your people are still vital in the protection of your organisation. . – Alain Salesse, Principal Solutions Engineer, Cofense . |
|
13:10Lunch | |
14:10Presentation: A Guide to NIS2 Compliance The recent NIS2 directive, set to be transposed into national law on the 17th October 2024, is on the mind of many CISOs as organisations prepare their compliance roadmap. This update on the initial 2016 NIS directive aims to bring into scope more sectors and increase risk management across the region. By imposing significant fines, penalties, liabilities and incident response requirements, more resources will have to be spent on compliance at a time when budgets are already stretched thin. In this session we take a deeper look at the directive and consider strategies for working towards compliance. . – Ali Baccouche, Regional Information Security & Data Privacy Officer, Texas Instruments . |
|
14:40 Fireside Chat: EU Regulation - Where Will the Dust Settle? With the onset of NIS2 and the Cyber Resilience Act over the past two years, and an upcoming EU Cloud Services Certification Scheme this year, there has been considerable regulatory and legal noise in recent history.
– Moderator: Luca Tagliaretti, Executive Director, European Cybersecurity Competence Centre |
|
15:10Networking Break | |
15:40Presentation: Resilience: A Must Have in Every CISO’s Strategy When security fails, resilience is crucial. Join us as Dr. Timo Wandhoefer of Klockner & Co SE explores what the role of the CISO is in building and maintaining cyber resilience, asking:
– Dr. Timo Wandhoefer, Group CISO, Klockner & Co SE |
|
16:10Group Discussion: DACH Cyber Security Forecast: Mapping the Road Ahead In an era of consistent political and economic uncertainty, with several evolving technological threats and opportunities, it is crucial that CISOs stay ahead of the upcoming threat landscape, economic challenges, and opportunities they bring. In this deep dive we’ll address the following questions:
– Moderator: Jorge Rocha, Sr. IT Compliance Lead & Information Security Specialist, Delivery Hero |
|
16:40Closing Remarks by the chairperson: Isabel Parketta, CISO | Head of Governance, Risk & Audit, Engel &Völkers | |
16:45End of Conference |