Agenda

08:00 - 09:00

Registration and Networking Break 
09:00 - 09:05

Chairman's Welcome
09:05 - 09:20

► Perception vs Reality in cybersecurity

Ignacio González Ubierna, Deputy Director, NCC-ES de INCIBE
09:20 - 09:40

► Strengthening Threat Detection and Simplifying Investigations with Corelight

Eric Le Doucen, Regional Manager, CoreLight & José Luis Pozo, Presales Technician, Dotforce Spain on behalf of Corelight

  • How to strengthen threat detection
  • Techniques for a robust threat detection
  • Simplifying investigations following an attack
09:40 - 10:00

► Securing Smart Connected Cities

Fernando de Pablo Martín, Director General, Madrid Digital Office & José Ángel Álvarez Pérez, Head of Madrid Cybersecurity Center, CCMAD

  • Building trust between citizens, companies and the city
  • Mitigating risk from external suppliers (traffic lights, lighting, energy, waste management, etc)
  • Cybersecurity of IoT and 5G
10:00 - 10:40

► Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • How to minimize data security risk and protect your business, Luis Pedroche Montes, Business Development Manager- ALSO, on behalf of ManageEngine
  • Hack the brain: Social engineering innovation in 2023, Shirley Hora, Security Awareness Expert, SoSafe
10:40 - 11:10

Networking Break
11:10 - 11:40

► Technology Panel Discussion

Laura Parra, Global Director of IT Strategic Projects, Cellnex Telecom (Moderator);
Jorge Pardeiro, Head of Security Architecture, Banco Sabadell;
Enrique Cervantes Mora, CTO & CISO, Fintonic;
Ramon De La Iglesia Vidal, Global Head of Governance, Risk and Compliance (GRC), Santander Consumer Finance

  • Risk on third party integrations (different integration standards, APIs, and so on)  
  • Risk on Data sharing (related with the integration with the third parties, the store of sensitive Data etc)  
  • Secure by Design (ZTNA, Microsegmentation, Security Awareness) to manage cyber risk
11:40 - 12:00

► Empower your Security Team with Exposure Management and Threat Hunting Capabilities

Fernando Meléndez, Senior Enterprise AE, Censys

Security professionals have to deal with an increasingly complex security landscape, between an uptick in ransomware attacks, a shifting geopolitical landscape, and migration to the cloud, there is a lot the security teams have to consider. All these growing challenges overburden security professionals and make organisations more vulnerable to attacks.

During the presentation, we will be answering the following questions:

  • What is happening on the internet? How have security complexity, attack upticks and shifting geopolitics changed the playing field?
  • How has this impacted your organisational vulnerability?
  • How to make the shift from stretched to strong by equipping your team with better exposure management and threat hunting capabilities
12:00 - 12:40

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • Hacktivist Operations Funding, Juan Odriozola, Country Manager Spain & Portugal, KELA
  • Perception vs Reality: A Data-Driven Look at Open Source Risk Management, Fernando Faelli, Regional Director (Iberia), Sonatype
12:40 - 13:40

Lunch and Networking Break 
13:40 - 14:00

► Moving forward cybersecurity regulations: NIS2 and DORA

Ramon De La Iglesia Vidal, Global Head of Governance, Risk and Compliance (GRC), Santander Consumer Finance

  • European Regulatory Framework, roadmap and dates
  • Time context and scope of the regulation, who is affected?
  • Similarities and differences between the regulatory framework
  • Pillars of the regulations
  • The easiest and the most difficult, a risk approach
14:00 - 14:20

► Prepare for Tomorrow's Threats, Today: A change in approach

Samuel Marin, Sales Director, SentinelOne

  • Knowing your cyber enemy (KYCE) is half the battle won, the current approach to cybersecurity is like going to a Gunfight with a Sword in hand
  • The attackers are increasingly using AI to launch attacks, collaborating with each other and the defenders are still using the manual approaches
  • This presentation will talk about the change in approach such as 'Think Like an Attacker, Act Like a Defender', 'Bring your Security Forces Together' and 'People centric to Technology Centric approach'
14:20 - 14:40

► Empowering Internal Assurance through tech

Iván E. Yemez, Senior Implementation Consultant, OneTrust

How can we meet the needs of our stakeholders? It's a question that every assurance function grapples with whenever a new regulation is announced. In a dynamic and demanding environment, it can be challenging to address everything promptly and effectively, particularly with limited resources. The role of emerging technologies becomes paramount in the process of identifying, assessing, documenting, mitigating, and reporting an organisation's risks.

  • In this session, we will delve into emerging trends and successful case studies highlighting the application of technology in risk management
  • Join us as we explore the transformative power of technology in navigating the ever-evolving landscape of risk management."
14:40 - 15:00

► The New Old OT Scenario and Cybersecurity Risks

Javier Sánchez Salas, CISO, ENGIE España

  • Defining a Scenario and a Framework
  • Overcoming difficulties in deploying classic Cybersecurity measures>The benefits of being threat-led
  • OT Cybersecurity best stakeholders
15:00 - 15:30

Networking Break
15:30 - 16:10

► CISO Panel Discussion

Jesús Mérida Sanabria, CISO, Iberia (Moderator);
José Ángel Álvarez Pérez, Head of Madrid Cybersecurity Center, CCMAD;
Rafa Tenorio, CISO, Iberdrola;
Jesús Valverde Romero, Head of Information Technology & Cybersecurity, ISEMAREN;
Ramon Ortiz, Security Manager, Mediaset

  • Integrating cybersecurity into wider enterprise risk management frameworks
  • Becoming a more strategic partner to the business?
  • Building resilience against third-party security threats
  • Web 3.0 and the next generation of the internet: securing new technologies and services
16:10 - 16:30

► Bypassing Multi-Factor Authentication (MFA) via Phishing Techniques

Raj Sandhu, Ethical Hacker, Contracted to World Health Organisation;
Manit Sahib, Ethical Hacker, Contracted to Global Fund

  • Introduction to MFA Bypass Phishing Techniques
  • Live Demonstration of MFA Bypass Attack
  • Countermeasures and Best Practices
  • Conclusion of Demo and Presentation
16:30

Conference Close

Education seminars


Hack the brain: Social engineering innovation in 2023


Shirley Hora, Security Awareness Expert, SoSafe

We know cybercriminals for their great technical skills, but did you know that they are also capable of hacking our brains? They are not only experts in computer systems, but also in how the human mind works. They use current events, such as pandemics or economic crises, to convince us to make hasty and impulsive decisions.

In this session we will explore:

  • How cybercriminals have professionalised their methods
  • The use of artificial intelligence to design more sophisticated mass attacks
  • The most effective tactics of cybercriminals
  • How they use new channels to approach their victims
  • Recommendations and best practices to protect ourselves

Hacktivist Operations Funding


Juan Odriozola, Country Manager Spain & Portugal, KELA

Join our session as we delve into the significant rise of hacktivist activity, fueled by geopolitical tensions surrounding the Russia-Ukraine conflict.

During this session, we will explore:

  • The diverse methods these groups employ to source income
  • Assess the success of their monetization efforts 
  • Examine the impact on the threat landscape

How to minimize data security risk and protect your business


Luis Pedroche Montes, Business Development Manager- ALSO- IREO, on Behalf of ManageEngine

Throughout the data lifecycle, your business faces risk from multiple angles such as unauthorised access, and malicious modification, corruption and exfiltration. And if you add cyberattacks such as ransomware to the mix, you have a big challenge in your hands.

In this talk, you will hear how to use a risk-based approach to keep your most sensitive data secure. Using this approach, you will be able to detect insider threats, respond to ransomware, prevent data leaks, and more.

  • Performing a data risk assessment to classify and prioritise data
  • Disrupting data leaks with the most effective technologies
  • Analysing file security to manage at-risk data
  • Stopping data exfiltration into the cloud
  • Mitigating the after-effects of cyber attacks with the best response measures

Perception vs Reality: A Data-Driven Look at Open Source Risk Management


Fernando Faelli, Regional Director (Iberia), Sonatype

The evolution of attacks on the software supply chain with a current perspective of the Open Source risk management strategy.

  • The way we develop software has changed in recent years
  • Evolution of attacks on the software supply chain
  • Differences between perception and reality of the risk associated with open source components