Agenda

►How to define and manage ICT risk in line with regulatory requirements (such as DORA and MiCA)

Dr. Gulnara Hein, CISO, Chintai

• Building visibility by combining top-down business and bottom-up technology perspectives to map processes, systems, information assets and third parties
• Distinguishing real risks from control gaps, and why thismatters for prioritisation, reporting and decision-making
• Do current risk structures underestimate the role of ICT controls in mitigating broader operational risks such as process failure, human error, and third-party disruption?

►Lock It Down vs. Let It Flow: The Eternal Tug-of-War Between Security and Usability

Julian Dube, Information Security Officer, E.ON Digital Technology

• How the clash between security and agility shapes today’s cloud-first organisations
• Why BYOD remains the Trojan horse of convenience — and a growing security risk
• The truth behind the “secure cloud” myth and shared responsibility gaps
• How developer practices can weaken even the strongest security pipelines
• Actionable steps for CISOs to establish security faster together with the business

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
• Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
• Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
• What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you

►Zero Trust—Beyond the Buzzword: separating Strategy from Implementation

Igor Podebrad, Director, Office of the CISO, Google Cloud

• How the core principles of Zero Trust differ from how it’s commonly implemented across enterprises
• Insights into real-world challenges and pitfalls organisations face when operationalising Zero Trust
• Strategies for aligning policy, identity, and architecture to achieve genuine Zero Trust outcomes
• Practical guidance on measuring Zero Trust maturity and closing the gap between intent and execution

►Building Cyber Resilience and Managing Risk Across Critical Industries

Sachin Gaur, Cybersecurity Manager, Continental (Moderator)
Steffen Zimmermann, Head of Industrial Security, VDMA 
Sheeba Baskaran, Lead Security Architect, Lenovo, Deutschland GmbH

• How should boards and executive teams manage cyber risk as an enterprise-wide issue rather than a technical one?
• With IT and OT convergence happening in industries from energy to transportation to manufacturing, what are the key challenges in securing both business systems and operational environments?
• How can organisations strengthen resilience against third-party and supply chain risks in today’s globally interconnected economy?
• As digital transformation accelerates through technologies like AI, IoT, and automation, how can leaders balance innovation with effective cyber risk oversight?
• Looking ahead, what governance models, cross-industry collaborations, and cultural shifts will be most essential to strengthening resilience across critical national infrastructure