Agenda

08.00 - 09.00

Breakfast Networking Break
09.00 - 09.10

Chair's Opening Remarks
09.10 - 09.30

►Operational Resilience by Design in the Age of DORA

Thomas Barkias, Team Lead - Banking Supervision, European Central Bank

  • Redefining resilience beyond compliance, moving past DORA as a checkbox into a true resilience mindset
  • Identifying the minimum viable business, mapping the critical services and dependencies that must endure disruption
  • Shifting from perimeter-based security to risk-based resilience, prioritising continuity over threat-specific controls
  • Integrating ICT, third-party, and operational risk, into a single, unified resilience strategy
09.30 - 09.50

►Cyber-Bedrohungen mit Zero Trust Cyber & Identity Resilience entgegenwirken

Frank Schwaak, Field CTO, Rubrik

  • Warum Prävention allein nicht mehr ausreicht
  • Zero Trust als Basis für Cyber- & Identity-Resilience
  • Sicherheitsvorfälle aktiv beherrschen
  • Geschäftsprozesse trotz Cyberangriffen aufrechterhalten
  • Operative Resilienz als Schlüssel nachhaltiger Sicherheit
09.50 - 10.10

►Managing a Live Cyberattack: The Volt Viper Scenario

Julian Dube, Information Security Officer, E.ON Digital Technology

  • Prepare and Defend: Respond to a simulated cyberattack using a fictive budget
  • Take Action: Discuss and make critical decisions while the attack unfolds in real time
  • Play Along: Your choices determine whether you stay secure or go bankrupt
10.10 - 10.50

►Education Seminar 1

Delegates will be able to choose from a range of topics:

  • Adapting to AI in security: Best practices for autonomous AI and human interaction, Susann Burnell, Principal Solution Engineer, Tines
  • Purchase Scams Uncovered: A Look at the Dark Web's “Opportunity Economy” and Advanced Resilience Tactics, Joël Giger, Senior Intelligence Consultant, Recorded Future
  • Preventing Data Breaches - Why is it so complicated across the company? Tobias Gerhardt, Sales Engineer, Varonis
10.50 - 11.20

Networking Break
11.20 - 11.40

►How to define and manage ICT risk in line with regulatory requirements (such as DORA and MiCA)

Dr. Gulnara Hein, CISO, Chintai

  • Building visibility by combining top-down business and bottom-up technology perspectives to map processes, systems, information assets and third parties
  • Distinguishing real risks from control gaps, and why this matters for prioritisation, reporting and decision-making
  • Do current risk structures underestimate the role of ICT controls in mitigating broader operational risks such as process failure, human error, and third-party disruption?
11.40 - 12.00

►Wissen ist die beste Verteidigung – was wissen Sie über Identitäten?

Andreas Mueller, Regional Sales Director CEUR, Delinea

  • Alle Identitäten im Unternehmen erkennen!
  • AI ist in aller Munde, was macht AI mit Ihren Identitäten?
  • Managen Sie die Berechtigungen Ihrer kritischen Accounts
12.00 - 12.20

►European Threat Reality 2025: Was Angreifer Heute Wirklich Tun

Nikolei Steinhage, Senior Sales Engineer, CrowdStrike

  • Wie sich die Bedrohungslage in Europa zuspitzt und warum europäische Unternehmen überdurchschnittlich häufig Ziel moderner Erpressungs- und Spionagekampagnen werden
  • Welche Angreifergruppen aktuell dominieren – inklusive ihrer bevorzugten Taktiken, von schnellen Ransomware-Operationen bis zu hochpräzisen Social-Engineering-Tricks
  • Welche Branchen am stärksten im Fadenkreuz stehen und welche Muster sich aus den jüngsten Vorfällen klar abzeichnen
  • Was Unternehmen jetzt konkret tun müssen, um Resilienz gegen die aktuellen europäischen Angriffsstrategien aufzubauen
12.20 - 12.25

►Zero Trust Controls at the Endpoint

Eoin Molloy, Account Executive, Threatlocker

  • Discover how ThreatLocker applies Zero Trust at the endpoint, eliminating implicit trust by continuously verifying every application, executable, and action before authorisation
  • Learn how a deny-by-default, malware-proofing approach reduces ransomware risk, stopping unauthorised software and scripts even when other security layers are bypassed
  • Understand how least-privilege enforcement limits attacker capability, ensuring applications and users can perform only explicitly approved actions on enterprise devices
  • Explore how granular, policy-based endpoint control safeguards against modern threats, reducing enterprise exposure to ransomware and other advanced attacks
12.25 - 13.05

►Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Your Perimeter is on the Front Lines: Attack Surface Reduction as a Primary Defence, Dan Andrew, Head of Security, Intruder
  • Defending Against Multi-Channel Brand Impersonation, Billy McDiarmid, Senior Director of Sales Engineering, Red Sift
  • Constella Intel - presentation to be announced
13.05 - 14.00

Lunch Networking Break
14.00 - 1420

►Zero Trust—Beyond the Buzzword: separating Strategy from Implementation

Igor Podebrad, Director, Office of the CISO, Google Cloud

  • How the core principles of Zero Trust differ from how it’s commonly implemented across enterprises
  • Insights into real-world challenges and pitfalls organisations face when operationalising Zero Trust
  • Strategies for aligning policy, identity, and architecture to achieve genuine Zero Trust outcomes
  • Practical guidance on measuring Zero Trust maturity and closing the gap between intent and execution
14.20 - 14.40

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
  • Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you
14.40 - 15.20

►Education Seminar 3

Delegates will be able to choose from a range of topics:

  • Shadow API: Find Them, Test Them, Fix What Matters, Mark Schembri, Field Software Engineering Manager, Invicti Security
  • How Continuous Threat Exposure Management Turns Exposure Data into Proof of Risk, Tamim Mamozai, Regional Sales Director DACH, Nagomi Security & Nick Coleman, Sales Engineer, Nagomi Security
15.20 - 15.50

Networking Break
15.50 - 16.25

►Building Cyber Resilience and Managing Risk Across Critical Industries

Sachin Gaur, Cybersecurity Manager, Continental (Moderator)
Sheeba Baskaran, Lead Security Architect, Lenovo, Deutschland GmbH 
Andrea Szeiler, Group CISO, MVM Ltd 
Riccardo Riccobene, MD - Senior Information Security Officer, State Street Bank International
Maximilian Moser, Consultant Industrial & Product Security, VDMA

  • How should boards and executive teams manage cyber risk as an enterprise-wide issue rather than a technical one?
  • With IT and OT convergence happening in industries from energy to transportation to manufacturing, what are the key challenges in securing both business systems and operational environments?
  • How can organisations strengthen resilience against third-party and supply chain risks in today’s globally interconnected economy?
  • As digital transformation accelerates through technologies like AI, IoT, and automation, how can leaders balance innovation with effective cyber risk oversight?
  • Looking ahead, what governance models, cross-industry collaborations, and cultural shifts will be most essential to strengthening resilience across critical national infrastructure
16.25 - 16.30

Chairs Closing Remarks

Bildungsseminare


Shadow API: Find Them, Test Them, Fix What Matters


Mark Schembri, Field Software Engineering Manager, Invicti Security

Your business is increasingly API-driven, yet partially blind when it comes to API security. Often, security teams are unsure of the number of APIs they have, let alone which ones are exposed, undocumented, or vulnerable. Join us to learn how you can apply Invicti’s multilayered approach to shadow API discovery and schema reconstruction. Once discovered, you test these APIs with the industry's best DAST.  Validating difficult-to-find vulnerabilities like BOLA and BLFA, business logic errors, and the presence of weak authentication with proof-based scanning to achieve AppSec’s charter that only secure apps reach production.

Attendees will learn:

  • Sensorless API discovery and schema reconstruction
  • API management system integration
  • Network traffic analysis (NTA) across F5, NGINX, and Cloudflare
  • OWASP Top 10 for API testing and reporting

Purchase Scams Uncovered: A Look at the Dark Web's “Opportunity Economy” and Advanced Resilience Tactics


Joël Giger, Senior Intelligence Consultant, Recorded Future

Purchase scams are a major emerging fraud threat using fake e-commerce stores to steal data and accept payments for non-existent goods. The dark web's "opportunity economy" amplifies these scams through market promotions for criminal services and emerging AI tools for content generation and scale. Threat actors also employ advanced strategies to ensure resilience, which complicates detection and investigation. Effective mitigation requires scam merchant intelligence and increased customer awareness.

Attendees will learn:

  • The role of the dark web "opportunity economy" and emerging AI tools in rapidly scaling and amplifying purchase scam infrastructure and campaigns.
  • The advanced resilience tactics prolonging the scams' lifespan and complicating investigations.
  • How to mitigate purchase scam risk using scam merchant intelligence for proactive detection and the importance of robust customer awareness and education programs for card issuers and merchant acquirers.

Your Perimeter is on the Front Lines: Attack Surface Reduction as a Primary Defence


Dan Andrew, Head of Security, Intruder

This education seminar will provide a deep-dive into core concepts and practical recommendations for Attack Surface Management (ASM) and Asset Discovery. Your perimeter is on the front line, and good patch management alone is not enough to protect it. You should leave this session with a better idea of how to blend ASM and Asset Discovery with Patch Management for a robust exposure management process.

We'll run through examples of attack surface risks, real-world vulnerabilities affecting internet exposed tech, and why implementing an ASM process is critical alongside patch management. It may be tempting to fall back on just patching your biggest *known* threats, but some of the biggest risks are vulnerabilities that are not yet publicly known. These threats do not have a CVSS score, and attack surface management is your primary defence. Learn how to future-proof your perimeter.

Asset Discovery is also an essential part of managing your attack surface. Keeping track of your internet exposed IPs and domains is far from trivial, and cloud environments in particular make this challenge harder. Losing track of some of your assets is no longer an embarrassing mistake - it's an unavoidable reality. We will show some examples of how this happens, and give a practical approach to asset discovery which helps you keep track, and avoid systems slipping outside of your exposure management process entirely.

Attendees will learn:

  • Integrating Attack Surface Management into your Patch Management process - defining ASM as a Primary Defence that's proactive, not reactive
  • Prioritisation considerations and why Informational risks are Criticals waiting to happen. Why not all 'Criticals' are equal, and why CVSS is not king
  • The importance of Asset Discovery to find Shadow IT and build a realistic view of your Attack Surface. Practical recommendations on how to approach this

Adapting to AI in security: Best practices for autonomous AI and human interaction


Susann Burnell, Principal Solution Engineer, Tines

Artificial intelligence holds great promise for cyber security professionals, who see AI as a key tool in the complex and critical effort to stay ahead of cyber threats. Layering AI-driven capabilities onto existing frameworks like SOAR (security orchestration, automation, and response) and SIEM (security information and event management) can be labour- and skills-intensive. 

Attendees will learn:

  • How Tines address many of the challenges around integrating AI into SecOps
  • The common challenges driving organizations to modernize SecOps
  • The latest market trends driving use of AI as a component of modern cyber security

Defending Against Multi-Channel Brand Impersonation


Billy McDiarmid, Senior Director of Sales Engineering, Red Sift

Even with SPF and DMARC in place, cybercriminals are now impersonating organisations across email, web, and social media to deceive customers and partners. During this session, Red Sift expert Billy McDiarmid will reveal how lookalike domains, forgotten DNS records, and fake social profiles erode brand integrity. With brand and social media monitoring, you’ll see how security teams can detect and shut down impersonation campaigns across every digital channel.

Attendees will learn: 

  • How attackers leverage DNS gaps and high-risk lookalikes to launch cross-channel impersonation attacks
  • The power of AI-driven detection and agentic automation that makes response faster and smarter
  • How to build a robust defense against exact-domain spoofing and lookalike domain attacks

How Continuous Threat Exposure Management Turns Exposure Data into Proof of Risk


Tamim Mamozai, Regional Sales Director DACH, Nagomi Security & Nick Coleman, Sales Engineer, Nagomi Security

Senior security leaders don’t need another recap of tool sprawl or vulnerability overload—you live it. The question is: how do you prove which exposures actually raise breach risk in your environment, and eliminate them faster than the threat changes? That’s where Continuous Threat Exposure Management becomes practical. In this 30-minute, interactive session, we will skip definitions and go straight to execution. Expect a fast, lively walkthrough of what works, what fails, and the assumptions Continuous Threat Exposure Management routinely overturns. No pitch—just repeatable methods and hard-earned lessons to make CTEM measurable and defencible.

Attendees will learn:

  • Verify what you actually own, revealing true scope and exposure at the foundation of your attack surface
  • Continuously validate controls, catching drift and coverage gaps before they fail silently
  • Identify real exposure beyond CVEs, including misconfigurations, identity abuse paths, and control weaknesses
  • Focus remediation on what matters most, based on how active attackers actually operate
  • Practical Continuous Threat Exposure Management moves you can apply immediately to reduce real risk

Preventing Data Breaches - Why is it so complicated across the company?


Tobias Gerhardt, Sales Engineer, Varonis

TL;DR: If you know you would be screwed if data gets stolen, I can show you how to close a few often-existing gaps. 

In our modern IT world, we are constantly focused on preventing external threats. However, we often overlook the golden nugget: sensitive Data. However, the root cause of this problem is not as easily solved as one might think. That is because companies still misinterpret who could be an enemy and who could be a target. Furthermore, a 9-to-5 job has its limits and so does the company's pocket. Therefore, I will explain a common but still underestimated attack vector. It will also outline the situation in which you end up, when you think that's enough. In turn, we will dig into three vectors that could still allow stealing data and how a little "Control the Controllables" by the help of the Varonis Data Security Platform could tackle them.

Attendees will learn:

  • You will learn which aspects around holistic data security exist
  • Why to much effort into a single aspect or point solution can cause problems 
  • How Varonis does support data security across different domains