Agenda

Die Präsentationen bereits bestätigt enthalten:


►The Challenge of Securing AI on a global scale

Yair Kler, Vice President, Security Architecture, DHL Group

  • Learn how CISOs can enable responsible AI adoption by advancing innovation without resorting to a blanket “no” while preserving strong security foundations.
  • Understand how FOMO‑driven AI adoption is pressuring enterprises into rapid, high‑risk decisions while bypassing established best practices.
  • Addressing the issue of emerging AI‑specific threat classes such as prompt injection and why they create new risks that remain difficult to mitigate.
  • Recognizing how long‑standing security challenges like secrets management and identity lifecycle governance are re‑emerging with greater complexity in AI‑driven environments.

►Conformity Will Not Save You: AI Risk Beyond the EU AI Act

Geoffrey Taylor, Information Security Officer, Nordea Asset Management

Your assessment said Low Risk. Is it really?

  • The EU AI Act requires organisations to classify their AI systems and demonstrate conformity. Conformity is similar to compliance — it is binary, a yes or a no at a point in time. It cannot calibrate impact when the unexpected occurs.
  • On 24 April 2026, an AI agent deleted an entire company's production database in nine seconds. It was running the best model available, configured with explicit safety rules. When asked to explain itself, it produced a written confession: "I violated every principle I was given."
  • This session applies the Assume. Design. Test. framework to AI governance — shifting the question from "are we compliant?" to "how could we be impacted?" — and gives attendees a practical lens for assessing where their governance ends and their exposure begins.

►AI and IT/OT Convergence - When Models Meet Motors: AI at the IT/OT Edge

Adeiza Yisa, Business Information Security Office, Shell

  • Understand what IT/OT convergence really means in practice and what value AI brings to the mix 
  • Learn the key architectural and security considerations for integrating AI with legacy IT/OT convergence
  • Hear about real-world use cases and measurable outcomes

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Jonathan Armstrong, Partner, Punter Southall Law (Moderator)
Gulnara Hein, CISO, Chintai
Sreedevi Jay, Global Cyber Security Compliance Manager, Amer Sports
Nilesh Borole, IT Security Manager, Golding Capital Partners
Klaus-E. Klingner, Information Security Officer, Asambeauty

  • How do we turn risk appetite statements into real decision levers instead of paperwork?
  • With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
  • Which cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
  • How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?

►Effective Data Breach Management

Agnès Terreau, Country DPO & Security Officer, ManPower Group

  • How to respond effectively during the first critical hours of a data breach
  • Common pitfalls that cause incidents to escalate and how to avoid them
  • The importance of clear roles, escalation, and communication during incidents
  • How organizational culture and decision‑making influence breach outcomes and overall impact

►Panel Discussion: The Corporate Security Case for AI Sovereignty

Alejandro Martín Soto, Head of Digital Security Architecture, Airbus Defence and Space
Yair Kler, Vice President, Security Architecture, DHL Group
Adeiza Yisa, Business Information Security Office, Shell
Geoffrey Taylor, Information Security Officer, Nordea Asset Management

  • Your AI runs on someone else's infrastructure, under someone else's law — is that a security risk your board has signed off on?
  • Do you actually know which AI models are running inside your organisation — and do you control what data they see and send out?
  • NIS2, the AI Act, and GDPR each touch AI sovereignty differently — how do you build one coherent security programme when the regulations pull in different directions?
  • If your primary AI vendor became inaccessible tomorrow — through outage, sanctions, or a geopolitical event — how long before your operations fail, and do you have a continuity plan?

►Knowledge is the best defence: What do you know about identities?

Andreas Scheurle, Enterprise Account Executive, Delinea

  • Identify all identities and their Risk for you within your organization!
  • AI is on everyone's lips: What does AI do with your identities?
  • Manage permissions for your critical accounts.
  • How to easy bring knowledge into real policies and actions

Bildungsseminare


Your Perimeter is on the Front Lines: Attack Surface Reduction as a Primary Defence


Dan Andrew, Head of Security, Intruder

This education seminar will provide a deep-dive into core concepts and practical recommendations for Attack Surface Management (ASM) and Asset Discovery. Your perimeter is on the front line, and good patch management alone is not enough to protect it. You should leave this session with a better idea of how to blend ASM and Asset Discovery with Patch Management for a robust exposure management process.

We'll run through examples of attack surface risks, real-world vulnerabilities affecting internet exposed tech, and why implementing an ASM process is critical alongside patch management. It may be tempting to fall back on just patching your biggest *known* threats, but some of the biggest risks are vulnerabilities that are not yet publicly known. These threats do not have a CVSS score, and attack surface management is your primary defence. Learn how to future-proof your perimeter.

Asset Discovery is also an essential part of managing your attack surface. Keeping track of your internet exposed IPs and domains is far from trivial, and cloud environments in particular make this challenge harder. Losing track of some of your assets is no longer an embarrassing mistake - it's an unavoidable reality. We will show some examples of how this happens, and give a practical approach to asset discovery which helps you keep track, and avoid systems slipping outside of your exposure management process entirely.

Attendees will learn:

  • Integrating Attack Surface Management into your Patch Management process - defining ASM as a Primary Defence that's proactive, not reactive
  • Prioritisation considerations and why Informational risks are Criticals waiting to happen. Why not all 'Criticals' are equal, and why CVSS is not king
  • The importance of Asset Discovery to find Shadow IT and build a realistic view of your Attack Surface. Practical recommendations on how to approach this

Visibility, Governance, and Control: Protecting Enterprise Content Across Files, M365, and AI


Gökhan Aydın, VP Sales and Business Development, FileOrbis

As enterprise content becomes increasingly distributed across file servers, Microsoft 365, cloud platforms, and different storages, organizations face growing challenges around visibility, governance, and control. Sensitive information is often scattered across multiple repositories, shared beyond intended audiences, or fed into AI systems without sufficient oversight.

Attendees will learn:

  • Why securing enterprise content requires more than traditional file storage or access management. 
  • How organisations can gain visibility into where content resides, understand what types of sensitive data they have, and apply consistent governance policies across files, Microsoft 365, and AI environments.
  • The importance of content-aware controls, secure sharing, automated remediation, compliance, and centralized management in reducing risk while supporting productivity.
  • From unstructured data on file servers to collaboration in Microsoft 365 and emerging AI use cases, this discussion will provide practical insights into how enterprises can better protect, govern, and control their content everywhere.

Robot vs. Robot – Defending Against AI‑Driven Cyber Attacks


Sven Carlsen, Sales Engineer, Varonis

AI‑based cyberattacks are evolving faster than any human threat ever could. Phishing, identity abuse, and data exfiltration now happen in seconds—fully automated and massively scaled by autonomous algorithms. In this new “Robot vs. Robot” era, traditional security approaches are no longer sufficient.
Organizations need a fundamentally different defense strategy—one that understands and protects what attackers are truly after: data.
A data security platform is required to detect attacker behavior early—often before damage occurs. By combining machine learning–based threat detection, automated least‑privilege enforcement, and full visibility across critical data, identities, and access paths, DSPM enables organizations to stay ahead of AI-powered threats.

  • Attendees will learn:
    Why AI-driven attacks render traditional security controls ineffective and create unprecedented risk around sensitive data
  • How organizations can gain full visibility into data, permissions, and user behavior across M365, file systems, and cloud environments
  • How machine learning and behavioral analytics help detect threats early—before data is exfiltrated
  • The role of automated least‑privilege and continuous remediation in reducing attack surfaces at scale
  • When attacks are driven by machines, defense must be faster, smarter, and laser-focused on what matters most: data.