Agenda

►Can The AI (R)evolution help security leaders to manage complexity?

Andy Giles, Executive Director, Head of Intelligence Integration, JPMorgan Chase

• Observations of threats using AI for fraud and malware development 
• Foundations for effective AI/LLM use, focusing on the importance of a working security data model and appropriate sources
• Potential for AI application in the security risk management context to keep up with the threat
• Importance of training and AI prompt competence
• Personal reflections

►Organisational Resilience from Policy to Practice: Lessons from TomTom and experience

Jukka Silomaa, Head of GRC, TomTom 

• How to effectively implement organizational resilience strategies in cybersecurity frameworks.
• Preparing for evolving cyber threats through predictive analytics and proactive defense strategies.
• Key challenges and practical insights from embedding resilience into day-to-day operations

►How DevSecOps Builds Strong Defenses for Cybersecurity

Martin Dimovski, Senior DevOps/DevSecOps Engineer, ABN AMRO Bank

• DevSecOps as a foundation for Cyber Resilience 
• Shifting Left : Embedding Security Left
• Enhancing Collaboration between Teams
• Automating threat detection and response 
• Proactive threat management
• Continuous Security Improvement
   

►Evolving Cybersecurity Landscape: Key Threats and Future Priorities

Alan Lucas, CISO, Homefashion Group

• What proactive strategies can CISOs implement to anticipate and mitigate emerging threats?
• How can organizations maintain robust cybersecurity frameworks amidst continuous technological advancements?
• How can collaboration and information sharing among cybersecurity professionals enhance threat mitigation efforts?

► LIVE DEMONSTRATION: Weaponising AI for Cyber Attacks & Offensive Operations

Manit Sahib, Ethical Hacker, The Global Fund

• Overview & Threat Landscape: How AI is being leveraged in the wild for malicious activities.
• Weaponising AI for Offensive Operations: Running AI through the Cyber Kill Chain.
• ChatGPT or [insertnamehere]GPT; What’s the level of effort required to build your own AI.
• LIVE DEMO: AI in action 

►CISO panel discussion: How do we effectively manage our cybersecurity budgets?

Mahdi Abdulrazak, Group Information Security and Risk Officer, SHV Energy 
Vincent Segers, Information Security Officer, Centrient Pharmaceuticals
Amit Kumar Sharma, Security Officer, ASR

• How do you prioritize budget allocation and what criteria or frameworks guide your decision-making when setting spending priorities?
• How do you ensure your cybersecurity budget remains flexible enough to address unforeseen threats or emerging technologies and how do you handle unexpected costs, such as those arising from zero-day vulnerabilities or compliance changes?
• How do you measure the ROI of your cybersecurity investments, and what metrics do you use to justify budget increases to executive leadership? Are there any specific tools or technologies where you’ve seen the most tangible returns in terms of risk reduction or cost savings?
• What percentage of your budget do you allocate to proactive versus reactive security measures, and how do you find the right balance between the two? Have you found that increasing investment in proactive measures, like threat intelligence and automation, yields long-term cost savings?
• How do you manage budget allocation between in-house cybersecurity resources and third-party vendors or MSSPs?

►Building Anti-Fragile Security into Third-Party Risk Management and Supply Chain Strategies

Elli Tsiala, Supply Chain Security Lead, ABN AMRO Bank
Roy Konings, Head of Security Benelux & Switzerland, Ericsson 
Marc Berns, Chief Information Security Officer, Allianz Benelux    

• Identifying, risk assessing and screening critical vendors – a job for who?
• Defining contractual obligation: how do you enforce your security requirements, standards and data handling practices?
• Approaches to continuous vendor monitoring: dealing with problem third-parties
• Incident Response Planning and managing third-party breaches
• What about security vendors?