Agenda

Die Präsentationen bereits bestätigt enthalten:


►How to define and manage ICT risk in line with regulatory requirements (such as DORA and MiCA)

Dr. Gulnara Hein, CISO, Chintai

  • Building visibility by combining top-down business and bottom-up technology perspectives to map processes, systems, information assets and third parties
  • Distinguishing real risks from control gaps, and why thismatters for prioritisation, reporting and decision-making
  • Do current risk structures underestimate the role of ICT controls in mitigating broader operational risks such as process failure, human error, and third-party disruption?

►Lock It Down vs. Let It Flow: The Eternal Tug-of-War Between Security and Usability

Julian Dube, Information Security Officer, E.ON Digital Technology

  • How the clash between security and agility shapes today’s cloud-first organisations
  • Why BYOD remains the Trojan horse of convenience — and a growing security risk
  • The truth behind the “secure cloud” myth and shared responsibility gaps
  • How developer practices can weaken even the strongest security pipelines
  • Actionable steps for CISOs to establish security faster together with the business

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
  • Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you

►Zero Trust—Beyond the Buzzword: separating Strategy from Implementation

Igor Podebrad, Director, Office of the CISO, Google Cloud

  • How the core principles of Zero Trust differ from how it’s commonly implemented across enterprises
  • Insights into real-world challenges and pitfalls organisations face when operationalising Zero Trust
  • Strategies for aligning policy, identity, and architecture to achieve genuine Zero Trust outcomes
  • Practical guidance on measuring Zero Trust maturity and closing the gap between intent and execution

►Operational Resilience by Design in the Age of DORA

Thomas Barkias, Principal Supervisor, Cyber Resilience, ICT, Crypto & Operational Risk,  European Central Bank

  • Redefining resilience beyond compliance, moving past DORA as a checkbox into a true resilience mindset
  • Identifying the minimum viable business, mapping the critical services and dependencies that must endure disruption
  • Shifting from perimeter-based security to risk-based resilience, prioritising continuity over threat-specific controls
  • Integrating ICT, third-party, and operational risk, into a single, unified resilience strategy

►Building Cyber Resilience and Managing Risk Across Critical Industries

Sachin Gaur, Cybersecurity Manager, Continental (Moderator)
Sheeba Baskaran, Lead Security Architect, Lenovo, Deutschland GmbH 
Andrea Szeiler, Group CISO, MVM Ltd 
Riccardo Riccobene, MD - Senior Information Security Officer, State Street Bank International
Maximilian Moser, Consultant Industrial & Product Security, VDMA

  • How should boards and executive teams manage cyber risk as an enterprise-wide issue rather than a technical one?
  • With IT and OT convergence happening in industries from energy to transportation to manufacturing, what are the key challenges in securing both business systems and operational environments?
  • How can organisations strengthen resilience against third-party and supply chain risks in today’s globally interconnected economy?
  • As digital transformation accelerates through technologies like AI, IoT, and automation, how can leaders balance innovation with effective cyber risk oversight?
  • Looking ahead, what governance models, cross-industry collaborations, and cultural shifts will be most essential to strengthening resilience across critical national infrastructure

►European Threat Reality 2025: Was Angreifer Heute Wirklich Tun

Nikolei Steinhage, Senior Sales Engineer, CrowdStrike

  • Wie sich die Bedrohungslage in Europa zuspitzt und warum europäische Unternehmen überdurchschnittlich häufig Ziel moderner Erpressungs- und Spionagekampagnen werden
  • Welche Angreifergruppen aktuell dominieren – inklusive ihrer bevorzugten Taktiken, von schnellen Ransomware-Operationen bis zu hochpräzisen Social-Engineering-Tricks
  • Welche Branchen am stärksten im Fadenkreuz stehen und welche Muster sich aus den jüngsten Vorfällen klar abzeichnen
  • Was Unternehmen jetzt konkret tun müssen, um Resilienz gegen die aktuellen europäischen Angriffsstrategien aufzubauen

►Cyber-Bedrohungen mit Zero Trust Cyber & Identity Resilience entgegenwirken

Frank Schwaak, Field CTO, Rubrik

In einer Welt immer raffinierterer Cyber-Angriffe stößt reine Prävention an ihre Grenzen. Diese Session zeigt, warum Unternehmen ihre Strategien neu denken müssen: Weg von reiner Abwehr, hin zu echter Cyber und Identity Resilience. Im Fokus steht, wie Organisationen nicht nur Angriffe verhindern, sondern auch wirksam darauf reagieren und kritische Geschäftsprozesse während und nach Vorfällen aufrechterhalten können. Operative Resilienz wird damit zur strategischen Schlüsselkompetenz für nachhaltige Sicherheit.