Agenda

Presentations already confirmed include:


►Can The AI (R)evolution help security leaders to manage complexity?

Andy Giles, Executive Director, Head of Intelligence Integration, JPMorgan Chase

  • Observations of threats using AI for fraud and malware development 
  • Foundations for effective AI/LLM use, focusing on the importance of a working security data model and appropriate sources
  • Potential for AI application in the security risk management context to keep up with the threat
  • Importance of training and AI prompt competence
  • Personal reflections

►Organisational Resilience from Policy to Practice: Lessons from TomTom and experience

Jukka Silomaa, Head of GRC, TomTom 

  • How to effectively implement organizational resilience strategies in cybersecurity frameworks.
  • Preparing for evolving cyber threats through predictive analytics and proactive defense strategies.
  • Key challenges and practical insights from embedding resilience into day-to-day operations

►How DevSecOps Builds Strong Defenses for Cybersecurity

Martin Dimovski, Senior DevOps/DevSecOps Engineer, ABN AMRO Bank

  • DevSecOps as a foundation for Cyber Resilience 
  • Shifting Left : Embedding Security Left
  • Enhancing Collaboration between Teams
  • Automating threat detection and response 
  • Proactive threat management
  • Continuous Security Improvement
     

►Evolving Cybersecurity Landscape: Key Threats and Future Priorities

Alan Lucas, CISO, Homefashion Group

  • What proactive strategies can CISOs implement to anticipate and mitigate emerging threats?
  • How can organizations maintain robust cybersecurity frameworks amidst continuous technological advancements?
  • How can collaboration and information sharing among cybersecurity professionals enhance threat mitigation efforts?

► LIVE DEMONSTRATION: Weaponising AI for Cyber Attacks & Offensive Operations

Manit Sahib, Ethical Hacker, The Global Fund

  • Overview & Threat Landscape: How AI is being leveraged in the wild for malicious activities.
  • Weaponising AI for Offensive Operations: Running AI through the Cyber Kill Chain.
  • ChatGPT or [insertnamehere]GPT; What’s the level of effort required to build your own AI.
  • LIVE DEMO: AI in action 

►CISO panel discussion: How do we effectively manage our cybersecurity budgets?

Mahdi Abdulrazak, Group Information Security and Risk Officer, SHV Energy 
Vincent Segers, Information Security Officer, Centrient Pharmaceuticals
Amit Kumar Sharma, Security Officer, ASR

  • How do you prioritize budget allocation and what criteria or frameworks guide your decision-making when setting spending priorities?
  • How do you ensure your cybersecurity budget remains flexible enough to address unforeseen threats or emerging technologies and how do you handle unexpected costs, such as those arising from zero-day vulnerabilities or compliance changes?
  • How do you measure the ROI of your cybersecurity investments, and what metrics do you use to justify budget increases to executive leadership? Are there any specific tools or technologies where you’ve seen the most tangible returns in terms of risk reduction or cost savings?
  • What percentage of your budget do you allocate to proactive versus reactive security measures, and how do you find the right balance between the two? Have you found that increasing investment in proactive measures, like threat intelligence and automation, yields long-term cost savings?
  • How do you manage budget allocation between in-house cybersecurity resources and third-party vendors or MSSPs?

►Building Anti-Fragile Security into Third-Party Risk Management and Supply Chain Strategies

Elli Tsiala, Supply Chain Security Lead, ABN AMRO Bank
Roy Konings, Head of Security Benelux & Switzerland, Ericsson 
Marc Berns, Chief Information Security Officer, Allianz Benelux    

  • Identifying, risk assessing and screening critical vendors – a job for who?
  • Defining contractual obligation: how do you enforce your security requirements, standards and data handling practices?
  • Approaches to continuous vendor monitoring: dealing with problem third-parties
  • Incident Response Planning and managing third-party breaches
  • What about security vendors?

►The ART of cyber resilience testing 

Lennert Branderhorst, Policy officer, De Nederlandsche Bank (DNB)

  • ART as a flexible framework for threat intelligence based cyber resilience testing
  • The testing process and different modules within ART
  • The target user group for ART

►Future-Proofing Europe: The Next Era of Cybersecurity? 

Thomas Zaatman, Tanium

  • The importance of proactive measures to protect digital assets and highlight the role of people, processes, and technology in this endeavour. 
  • Insights into the future challenges and opportunities in cybersecurity and how organisations can effectively address them.
  • The growing demand for skilled cybersecurity professionals and the necessity of continuous education and training to stay ahead of cyber threats.
  • The significance of implementing preventative and comprehensive strategies such as zero-trust security models to ensure compliance with regulations and standards. 
  • The role of AI and ML in enhancing cybersecurity through real-time threat detection, predictive analysis, and automated security operations.

 

Education seminars


It Started with a Cookie: Zero Trust and the Rise of Session Hijacking


Mandeep Sandhu, Systems Engineering and Investigations Manager, EMEA, SpyCloud

Learn how to go beyond traditional credential monitoring and implement continuous Zero Trust using enriched cybercrime telemetry

Attendees will learn:

  • What security teams can learn from recent high-profile breaches where cybercriminals leveraged stolen session cookies in targeted attacks
  • Why it’s important to feed your Zero Trust policy engine with cybercrime telemetry for continuous exposure monitoring and reduced risk of session hijacking
  • How cybercrime telemetry aligns with popular compliance and risk management frameworks, including DORA, NIS2, and NIST CSF
  • How SpyCloud integrates with your existing security tools for automated identity exposure remediation

Generative AI: Amplifying Attackers and Defenders


Lewis Brand, Senior Sales Engineer, Recorded Future

Generative AI empowers scalable consumption and production for both attackers and defenders, ushering in a wave of surprising use cases. This presentation shifts the focus from potential malicious uses to practical takeaways. Join us to explore how generative AI can be harnessed for positive impact, providing you with actionable insights and strategies to navigate transformative possibilities. Main topics to be discussed:

  • Real world examples and use cases
  • A practical lens for defenders
  • Think about things differently
  • Recorded Future AI in action

 


NDR as the go-to tool to reduce the fragility in your security architecture


Jürgen Verniest, Sales Director Benelux & Nordics, Gatewatcher 

  • As number of attacks rise drastically and the attacks become increasingly sophisticated, CISO's have to deal with the concept of Shadow Risk.
  • CISO's have to trust 100% new technologies (sometimes without regulation) while building a zero trust security architecture.
  • CISO's have to take the right steps to provide the setting for full visibility and fast and adequate response to their SOC team