Agenda

08:00 - 08:50

Registration & Breakfast Networking 
08:50 - 09:00

Chair's Welcome 
09:00 - 09:20

►Organisational Resilience from Policy to Practice: Lessons from TomTom and experience

Jukka Silomaa, Head of GRC, TomTom 

  • How to effectively implement organizational resilience strategies in cybersecurity frameworks.
  • Preparing for evolving cyber threats through predictive analytics and proactive defense strategies.
  • Key challenges and practical insights from embedding resilience into day-to-day operations
09:20 - 09:40

►Future-Proofing Europe: The Next Era of Cybersecurity? 

Thomas Zaatman, Director of Strategic Accounts, Tanium

  • The importance of proactive measures to protect digital assets and highlight the role of people, processes, and technology in this endeavour. 
  • Insights into the future challenges and opportunities in cybersecurity and how organisations can effectively address them.
  • The growing demand for skilled cybersecurity professionals and the necessity of continuous education and training to stay ahead of cyber threats.
  • The significance of implementing preventative and comprehensive strategies such as zero-trust security models to ensure compliance with regulations and standards. 
  • The role of AI and ML in enhancing cybersecurity through real-time threat detection, predictive analysis, and automated security operations.

 
09:40 - 10:00

►Iocs Are Not Alone: Maximising Outcomes From Threat Intelligence for Preventing Ransomware Incidents

Anton Ushakov, Head of Threat Intelligence and Digital Risk Protection, Group-IB

  • This session will delve into how threat intelligence, extending beyond traditional indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs), can help organizations mitigate ransomware risks at the earliest stages.
  • Key takeaways:
    • How Threat Intelligence helps to mitigate ransomware risks.
    • Identifying early indicators. Monitoring for precursors like leaked credentials, compromised hosts, and initial access brokers to detect ransomware in its early stages.
    • DarkWeb Insights. How exposure of assets on the Dark Web can signal emerging attacks.
    • Proactive Threat Hunting. Shifting the perspective to the attacker to actively hunt malicious infrastructure and uncover hidden threats.
10:00 - 10:20

►Can The AI (R)evolution help security leaders to manage complexity?

Andy Giles, Executive Director, Head of Intelligence Integration, JPMorgan Chase

  • Observations of threats using AI for fraud and malware development 
  • Foundations for effective AI/LLM use, focusing on the importance of a working security data model and appropriate sources
  • Potential for AI application in the security risk management context to keep up with the threat
  • Importance of training and AI prompt competence
  • Personal reflections
10:20 - 11:00

►Education Seminar 1

Delegates will be able to choose from the following education seminars:

  • Generative AI: Amplifying Attackers and Defenders, Lewis Brand, Senior Sales Engineer, Recorded Future
  • How Non-Human Identities Create Operational and Cyber Risk for Organisations, Fred Noordam, Regional Sales Manager & Al Scott, Senior Sales Engineer EMEA, Silverfort 
11:00 - 11:30

Networking Break
11:30 - 12:00

►Building Anti-Fragile Security into Third-Party Risk Management and Supply Chain Strategies

Elli Tsiala, Supply Chain Security Lead, ABN AMRO Bank
Roy Konings, Head of Security Benelux & Switzerland, Ericsson 
Marc Berns, Chief Information Security Officer, Allianz Benelux    

  • Identifying, risk assessing and screening critical vendors – a job for who?
  • Defining contractual obligation: how do you enforce your security requirements, standards and data handling practices?
  • Approaches to continuous vendor monitoring: dealing with problem third-parties
  • Incident Response Planning and managing third-party breaches
  • What about security vendors?
12:00 - 12:20

►How DevSecOps Builds Strong Defenses for Cybersecurity

Martin Dimovski, Senior DevOps/DevSecOps Engineer, ABN AMRO Bank

  • DevSecOps as a foundation for Cyber Resilience 
  • Shifting Left : Embedding Security Left
  • Enhancing Collaboration between Teams
  • Automating threat detection and response 
  • Proactive threat management
  • Continuous Security Improvement
     
12:20 - 13:00

►Education Seminar 2

Delegates will be able to choose from the following education seminars:

  • The AI Arms Race: Good AI vs. Bad AI, Frank Benus, Sales Engineer, Abnormal Security 
  • NDR as the go-to tool to reduce the fragility in your security architecture, Jürgen Verniest, Sales Director Benelux & Nordics, Gatewatcher 
13:00 - 14:00

Lunch & Networking Break
14:00 - 14:20

►Evolving Cybersecurity Landscape: Key Threats and Future Priorities

Alan Lucas, CISO, Homefashion Group

  • What proactive strategies can CISOs implement to anticipate and mitigate emerging threats?
  • How can organizations maintain robust cybersecurity frameworks amidst continuous technological advancements?
  • How can collaboration and information sharing among cybersecurity professionals enhance threat mitigation efforts?
14:20 - 14:40

►Inside an Info Stealer Attack: Journey from Infection to Exfiltration 

Burak Uyduran, Marketing Manager, SOCRadar

  • In this session, we will take an in-depth journey through a real-world info stealer attack, from the moment of infection to the final stages of data exfiltration. 
  • Attendees will gain insight into how these stealthy threats infiltrate environments, harvest sensitive data, and evade detection. 
  • Through a step-by-step analysis, we will explore the tactics, techniques, and procedures (TTPs) employed by attackers and highlight how organizations can better defend against this rapidly evolving threat. 
  • The talk emphasizes detection strategies, response planning, and mitigation measures critical to protecting against info stealers.
14:40 - 15:00

►It Started with a Cookie: Zero Trust and the Rise of Session Hijacking

Mandeep Sandhu, Systems Engineering and Investigations Manager, EMEA, SpyCloud 
Neill Cooper, Vice President of EMEA, SpyCloud

Learn how to go beyond traditional credential monitoring and implement continuous Zero Trust using enriched cybercrime telemetry

Attendees will learn:

  • What security teams can learn from recent high-profile breaches where cybercriminals leveraged stolen session cookies in targeted attacks
  • Why it’s important to feed your Zero Trust policy engine with cybercrime telemetry for continuous exposure monitoring and reduced risk of session hijacking
  • How cybercrime telemetry aligns with popular compliance and risk management frameworks, including DORA, NIS2, and NIST CSF
  • How SpyCloud integrates with your existing security tools for automated identity exposure remediation
15:00 - 15:20

►The ART of cyber resilience testing 

Lennert Branderhorst, Policy officer, De Nederlandsche Bank (DNB)

  • ART as a flexible framework for threat intelligence based cyber resilience testing
  • The testing process and different modules within ART
  • The target user group for ART
15:20 - 15:40

Networking Break
15:40 - 16:10

►CISO panel discussion: How do we effectively manage our cybersecurity budgets?

Mahdi Abdulrazak, Group Information Security and Risk Officer, SHV Energy 
Vincent Segers, Information Security Officer, Centrient Pharmaceuticals
Amit Kumar Sharma, Security Officer, ASR

  • How do you prioritize budget allocation and what criteria or frameworks guide your decision-making when setting spending priorities?
  • How do you ensure your cybersecurity budget remains flexible enough to address unforeseen threats or emerging technologies and how do you handle unexpected costs, such as those arising from zero-day vulnerabilities or compliance changes?
  • How do you measure the ROI of your cybersecurity investments, and what metrics do you use to justify budget increases to executive leadership? Are there any specific tools or technologies where you’ve seen the most tangible returns in terms of risk reduction or cost savings?
  • What percentage of your budget do you allocate to proactive versus reactive security measures, and how do you find the right balance between the two? Have you found that increasing investment in proactive measures, like threat intelligence and automation, yields long-term cost savings?
  • How do you manage budget allocation between in-house cybersecurity resources and third-party vendors or MSSPs?
16:10 - 16:30

► LIVE DEMONSTRATION: Weaponising AI for Cyber Attacks & Offensive Operations

Manit Sahib, Ethical Hacker, The Global Fund

  • Overview & Threat Landscape: How AI is being leveraged in the wild for malicious activities.
  • Weaponising AI for Offensive Operations: Running AI through the Cyber Kill Chain.
  • ChatGPT or [insertnamehere]GPT; What’s the level of effort required to build your own AI.
  • LIVE DEMO: AI in action 
16:30

Chairs Closing Remarks 

Education seminars


Generative AI: Amplifying Attackers and Defenders


Lewis Brand, Senior Sales Engineer, Recorded Future

Generative AI empowers scalable consumption and production for both attackers and defenders, ushering in a wave of surprising use cases. This presentation shifts the focus from potential malicious uses to practical takeaways. Join us to explore how generative AI can be harnessed for positive impact, providing you with actionable insights and strategies to navigate transformative possibilities. 

Attendees will learn: 

  • Real world examples and use cases
  • A practical lens for defenders
  • Think about things differently
  • Recorded Future AI in action

 


NDR as the go-to tool to reduce the fragility in your security architecture


Jürgen Verniest, Sales Director Benelux & Nordics, Gatewatcher 

In a world where uncertainty reigns, antifragility has become a key concept for building systems that not only resist but adapt to disruptions. In cybersecurity, unexpected and high-impact incidents such as zero-day exploits or advanced state-sponsored attacks, highlight how traditional security architectures often fall short. These rare but devastating threats expose vulnerabilities that static models like Zero Trust can struggle to address if improperly deployed. For Chief Information Security Officers (CISOs), who are increasingly under siege, the priority is clear: moving beyond rigid frameworks to create dynamic, antifragile ecosystems that can evolve and grow stronger in the face of an ever-changing threat landscape. This is where Network Detection and Response (NDR) solutions become indispensable. It helps CISO's to transform the limitations of Zero Trust into strengths by delivering unmatched visibility, adaptability, and rapid response capabilities. NDR technology brings antifragility to cybersecurity, helping organizations anticipate threats and grow stronger after crises, turning their networks into proactive defenders rather than passive targets.

Attendees will learn: 

  • As number of attacks rise drastically and the attacks become increasingly sophisticated, CISO's have to deal with the concept of Shadow Risk.
  • CISO's have to trust 100% new technologies (sometimes without regulation) while building a zero trust security architecture.
  • CISO's have to take the right steps to provide the setting for full visibility and fast and adequate response to their SOC team

 


How Non-Human Identities Create Operational and Cyber Risk for Organisations


Fred Noordam, Regional Sales Manager, Silverfort 
Al Scott, Senior Sales Engineer EMEA, Silverfort 

Non-Human Identities (NHIs) pose one of the most significant cyber threats to an organisation as they can pose severe operational risks. In many cases, NHIs have elevated privileges, lack proper oversight, are not documented, and are often not linked to specific individuals. This makes them attractive targets for attackers, who may exploit them to gain unauthorised access, move laterally within systems, and carry out malicious activities without being detected. In our session, Silverfort will examine how organisations can reduce operational risk by understanding and implementing security controls around their Non-Human Identities.

Attendees will learn:

  • Understand why Non-Human Identities should be a top priority for your board
  • Learn about how to measure and detect the level of risk Non-Human Identities pose for your organisation
  • Grow your knowledge of how to mitigate the risk of Non-Human Identities, before, during and after a cyber breach

The AI Arms Race: Good AI vs. Bad AI


Frank Benus, Sales Engineer, Abnormal Security 

The rapid rise of generative AI, prompted by the release of ChatGPT in late 2022, has security leaders concerned. By using this new technology, threat actors can now create highly effective attacks at scale, and few things are more vulnerable than your inboxes.

Attendees will learn: 

  • How cybercriminals are using generative AI to create their attacks
  • Which types of attacks are likely to grow in volume and sophistication
  • Why you need tools that utilize "good" AI to protect your organizations against this "bad" AI