Agenda

09.00 - 09.50

Breakfast networking & registration

09.50 - 10.00

Chair's welcome

10.00 - 10.20

►Beyond the Algorithm: How Human Factors Can Make or Break AI Adoption

Meri Roboci, AI Security Strategist, DWS Group

  • Why trust is not a given, and how to build AI literacy across your organisation
  • Behavioural Resistance & Organisational Culture
  • Ethical Decision-Making & Oversight
  • The Human-AI Collaboration Interface
  • Real-world examples from finance-what went right, what went wrong, and why
10.20 - 10.40

►Cyber Resilience for the Cloud

Stefan Wiechers, Enterprise Sales Engineer, Rubrik

  • Cloudfocus: How to implement robust cyber recovery and threat containment across your cloud environments
  • Beyond prevention: ensure rapid response and recovery to minimise downtime and business disruption
  • Stay operational under attack: How zero-trust architecture helps you maintain control and protect critical data—even during ransomware event
10.40 - 11.00

►Sicherheit trotz, für und mit Quantencomputern

Pascal Debus, Head of the Quantum Security Technologies (QST) research group , Fraunhofer AISEC

  • Sicherheit trotz Quantencomputern: Ein Aufruf zum Handeln
  • Quantum Cybersecurity neu denken - ein ganzheitlicher Ansatz
  • Sicherheit mit Quantencomputern: Vom Risiko zur Chance
11.00 - 11.30

Networking break

11.30 - 11.50

►OT Security – A Structured Approach to Securing Industrial Assets

Prashant Joshi, Head of Enterprise IT Security Architecture, Volvo Group

  • Understanding the growing sophistication of threats targeting industrial systems.
  • Building a multi-layered defence tailored to OT environments.
  • Common Pitfalls and Lessons Learned 
11.50 - 12.10

►Insights into current cybersecurity threats impacting individuals and organisations

Ulrich Baumann, Partner & COO, Oikon LAW

  • Regulatory obligations and legal strategies for safeguarding sensitive information
  • AI and Cyber Risk Governance and navigating the implications of the EU AI Act
  • Streamlining legal and technical requirements to meet evolving standards for cyber resilience (NIS2 and ISO 27001)
12.10 - 12.50

►Education Seminars

Delegates will be able to choose from a range of topics:

  • Solving Application Security without causing Pain between Shift Left and Shift Right, Paul Senkel, Senior Solutions Engineer, Contrast Security

     

  • Understanding DORA – Aligning Cybersecurity and Compliance, Nico Richters, Account Director, Recorded Future
12.50 - 14.00

Lunch networking break

14.00 - 14.30

►Panel Discussion: Battling Nation-State Hackers: Winning the Cyber War

Andreas Englisch, IT Security Officer, European Aero Engine Consortium (moderator) 
Sreedevi Jay, Global Head of CERT, PagoNxt (a Santander company) 
Rainer Giedat, Cyber Security Officer, Scalable GmbH 
Waqas Jutt, Global Lead SOC Architect, Intel Corporation

  • How can organisations effectively leverage threat intelligence to proactively counter nation-state attacks? Can they?
  • Do regulatory standards actually enhance defence against nation-state actors, or do they merely add compliance burdens without
    improving security?
  • Are we doing enough to address supply chain vulnerabilities, or is this an overlooked entry point for nation-state threats?
  • What strategic, forward-looking investments are essential for effectively countering the evolving tactics of APTs?
14.30 - 14.50

►Getting to Grips with the New Wave of Domain-Impersonation Attacks

Nadim Lahoud, SVP Operations, Red Sift

  • Brand impersonation is a leading cyber risk for CISOs and that demonstrating adequate mitigation is notoriously difficult
  • Examine a framework that categorises the main vectors of brand impersonation and explains why technical controls are the first and most cost-effective line of defence
  • Apply a step-by-step playbook for deploying these controls reliably at scale, illustrated by real-world case studies of organisations that solved the problem using Red Sift
15:30 - 15:50

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
  • Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you
15.10 - 15.40

Networking break

15.40 - 16.00

►Navigating the Cloud Responsibly

Rainer Giedat, Former Cyber Security Officer, Scalable GmbH

  • The cloud provider outlined my responsibilities - but how do I actually make it work?
  • I've assigned roles within my DevOps team, but can they truly carry them out?
  • What happens to cloud security if we don’t have a firm grasp on our responsibilities?
  • Services and workloads are people too, you know…
16.00 - 16.30

►Panel Discussion: Securing Future Architectures

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England (moderator)
Alexander Zhitenev, Director of Corporate Systems & Head of IT Security, IFCO MANAGEMENT GmbH
Klaus-E. Klingner, Information Security Officer, Asambeauty 
Prashant Joshi, Head of Enterprise IT Security Architecture, Volvo Group 
Agnès Terreau, Country Data Protection and Security Officer, ManPower Group

  • How can security teams design resilient architectures to integrate and leverage emerging technologies such as AI, quantum computing, and IoT?
  • What role does AI play in developing proactive rather than reactive security strategies?
  • What are the best practices for integrating AI without disrupting legacy systems and existing workflows?
  • How can organisations implement zero-trust principles and adaptive access controls to secure ever-evolving environments driven by AI and edge computing?
16.30 - 16.35

Chair's closing remarks

Bildungsseminare


Solving Application Security without causing Pain between Shift Left and Shift Right


Paul Senkel, Senior Solutions Engineer, Contrast Security

Developers complain about false positives, SOC teams suffer from alert fatigue. Developers shift left and security teams shift right, workflows disconnect and modern day workplace expectations, especially those of Generation Z, stretch processes to their limit; innovation slows while frustration builds up. Tooling is fragmented, collaboration breaks down, and AppSec becomes a source of friction rather than flow. In this talk, Paul shares hard-earned lessons from both sides of the software lifecycle – You’ll learn more about the needs of the individuals on which your organisation relies on, be able to reduce frustration both in development teams and the SOC, and bring security into the development process without slowing teams down. What if security didn’t have to be a source of strain? What if we could find a way where both sides of the SDLC enable each other? The best security isn’t just strong - it’s seamless, supportive, and even fun.

Attendees will learn:

  • Break down silos between Engineering, AppSec and the SOC to enable faster, safer delivery & deployment at scale
  • Identify and eliminate hidden friction points caused by legacy tools and approaches
  • Understand the Dev, AppSec and SOC teams’ need for efficiency and autonomy at work and how to leverage the Gen Z’s talents
  • Turn fragmented AppSec practices into an integrated, scalable security capability

Understanding DORA – Aligning Cybersecurity and Compliance


Nico Richters, Account Director, Recorded Future

DORA is a new EU regulation requiring companies to make their digital systems more resilient to disruptions and cyberattacks. It affects not only banks, but all key players in the financial system. DORA brings cybersecurity and compliance closer together than ever before. For security and IT teams, this means new priorities and increased responsibility. The requirements are complex: companies must adapt processes, reporting, and technical controls. One of the toughest parts is identifying and documenting risks in real time. Recorded Future provides the threat intelligence needed to detect risks early and support compliance reporting. This helps organisations meet regulatory demands more efficiently.

Attendees will Learn:

  • What the Digital Operational Resilience Act (DORA) is all about
  • Why DORA is a game changer for security and IT teams
  • Key challenges organisations face when implementing DORA
  • How Recorded Future helps meet DORA compliance requirements