Agenda

08:00 - 08:50

Breakfast networking and registration

08:50 - 09:00

Conference welcome

09:00 - 09:20

► Cybersecurity: the Investor's Priority

Vera Krückel, Trend Researcher, Trends Investing Equity Team, Robeco 

  • Truths from one of the largest global investors and asset managers
  • Cybersecurity as a risk indicator for investors
  • Cybersecurity as an investing opportunity
  • Combining risk and opportunities
09:20 - 09:40

► Disrupting the Disrupters: How are we doing?

David Janson, VP Sales, UK & Europe, Cofense

  • The latest threat and phishing attack data – and what to expect in the future
  • Compare industry benchmarking susceptibility and resilience to active phishing attacks
  • Best practices to protect your organisation against phishing
09:40 - 10:00

► The Importance of Philosophy to Establish a Vigilant Information Security Culture

Owais Ahmed, Chief Information Security Officer, and Fraz Rasool, Head of Internal Control EMEA, Kyocera Document Solutions 

  • How Kyocera’s philosophy impacts human behaviour
  • Tone at the Top: How everyone’s responsibility for information security is given from a top-down approach 
  • Practically measure information security performance on the basis of Kyocera's philosophy
10:00 - 10:20

► Hacking Exposed: Lessons learnt in responding to the fight against malicious behaviour

Ronald Pool, Senior Sales Engineer, CrowdStrike

  • See what advanced tactics, techniques & procedures nation-state and organised e-crime hackers have been using recently
  • Learn how you can detect and arm your organisation against these threats
  • Learn which tools you probably already have unused in your organisation to help you harden your stance against these attacks
10:20 - 11:00

► Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Security: the serverless future - Olga Skobeleva, Solutions Engineer, Cloudflare
  • Digital identities, social engineering and mule networks - Dr. Stephen Topliss, VP of Products, ThreatMetrix
11:00 - 11:30

Networking and refreshments break

11:30 - 11:50

► Intelligence-based cybersecurity

Gal Messinger, Head of Global Security, Philips Lighting

  • Why do we need cyber threat intelligence in a commercial entity?
  • What exactly is cyber threat intelligence?
  • Where should we position it in a company?
  • Who should be running it?
  • A use case
11:50 - 12:10

► Beyond Security: Zero Trust - Making the perimeter less lonely

Richard Archdeacon, Advisory CISO, Duo Security

  • Concept of zero trust or the BeyondCorp model
  • Why a zero trust model will reduce risk?
  • Key elements in implementing a zero trust approach
12:10 - 12:30

►A New Era of Cyber Threats: The Shift to Self Learning, Self Defending Networks

Elisabeth Entjes, Account Manager, Darktrace

  • Leveraging AI algorithms to defend against advanced, never-seen-before, cyber-threats
  • How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
  • How to achieve 100% visibility of your entire business including cloud, network and IoT environments
  • Why automation and autonomous response is enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk
  • Real-world examples of subtle, unknown threats that routinely bypass traditional controls
12:30 - 12:50

► Fast and Accurate Issue Resolution

Sandrine Kubach, Enterprise Account Manager and Rob Earley, Senior Pre-Sales Engineer, Endace

  • The cost of Network and Security issues
  • Being prepared for a potential breach
  • The Various approaches to breach detection
  • Using the right tools for the job
12:50 - 13:30

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • How to manage cyber risk on a daily basis for your company and the affiliates, your suppliers and peers (Live view in the BitSight Portal) - Lennart Pikaart, Sales Director - Benelux, BitSight
  • Standards don’t bother me – all I want is your Data! - Matt Jennings-Temple, Digital Marketing Manager, Ground Labs
13:30 - 14:30

Lunch and networking

14:30 - 14:50

► GDPR and the Internet of Medical Things 

Ferdinand Uittenbogaard, GDPR Specialist, Ministrie van Defensie and Conrad Veerman, Data Protection Officer, Ministrie van Defensie 

  • The Internet of Things, particularly the Internet of Medical Things, can prove valuable for both employers and employees, yet there are significant risks associated with such devices
  • IoT brings challenges for privacy by design and GDPR
  • How we can make sure that organisations and employees benefit from such devices, whilst also staying safe and secure?
14:50 - 15:10

► Authentication and Security at the speed of conversation

Vijay Balasubramaniyan, Co-Founder, CEO & CTO, Pindrop

  • Building a voice identify platform that authenticates customers
  • Protecting you from fraudsters
  • Building new customer experiences 
  • The emergence of the conversational economy
15:10 - 15:30

► Intelligent Threat Intelligence: How Machines are Learning the Language of the Dark Web

Chris Pace, Technology Advocate, Recorded Future

  • The impact of the threat intelligence language barrier.
  • How machines can be taught to read and understand references to cyber threats from the dark web and other sources.
  • The places where humans and machines can combine to form superhuman security analysts.  
  • What predictive analytics are, and how the future is forecasting where the next threat is coming from.
15:30 - 16:10

► Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

  • How to run a successful DLP program - David Mole, Strategic Technical Manager - EMEA , Digital Guardian
  • Threat modeling: The challenge in managing risk of both structural and technical vulnerabilities - Jacob Henricson, Senior Risk Management Advisor, foreseeti 
16:10 - 16:30

Networking and refreshments break

16:30 - 16:50

► Business Security Advisory: From "No" to "Know"

Benessa Defend, Business Security Advisory Manager EU, Ahold Delhaize

  • Providing business-centric, pragmatic security advice
  • Determining the "just right" level of security
  • Ensuring that security is considered throughout the project lifecycle
  • Increasing automation and adapting to agile
16:50 - 17:10

► A New Approach to Cyber Security & Risks: Control Your Own Destiny

Muhittin Hasancioglu, Former Chief Information Security Officer, Shell

  • Current reality
  • What is coming towards us: technology shift, digitalisation drive, new technologies, increased threat landscape
  • What is the step change that we need to be on?
  • How do we get there?
17:10 - 17:15

Final remarks

17:15 - 17:15

Conference close

Education seminars


How to manage cyber risk on a daily basis for your company and the affiliates, your suppliers and peers (Live view in the BitSight Portal)


Lennart Pikaart, Sales Director - Benelux, BitSight

Participants will see a live view into the BitSight Portal. We will demonstrate how continuous cyber risk monitoring works for your company and the affiliates, your suppliers and peers.

What will attendees learn:

  • How the Cyber Risk Rating can be improved in the easiest way. All risk vectors and the results will be demonstrated;
  • How Cyber Risk for the own company and the affiliates, the suppliers and peers can be managed based on qualified events and ratings.

Standards don’t bother me – all I want is your Data!


Matt Jennings-Temple, Digital Marketing Manager, Ground Labs 

How a business-as-usual approach to data security and performing sensitive data discovery can aid in achieving PCI and GDPR compliance:

  • Insights into how cybercriminals do not comply with global security standards, data theft is their only concern
  • Understanding the totality of your data helps in risk assessment for cybercrime
  • Data sprawl is one of the key challenges across corporate infrastructure as it presents a huge vulnerability to cybersecurity professionals

Threat modeling: The challenge in managing risk of both structural and technical vulnerabilities


Jacob Henricson, Senior Risk Management Advisor, foreseeti AB
 
Companies today are experiencing and ever-increasing connectivity and complexity of infrastructure risk management. The underlying challenge today is that infrastructures are complex and interconnected, let alone the fact that a lot is run in the cloud. With the complexity of architectures increasing, the focus on technical vulnerabilities is not enough.  Traditional vulnerability scanning offers insight on technical vulnerabilities but lacks the ability to prioritize what to focus on.
 
That said, in general, there needs to be a more holistic approach to ensure that risk is managed in a proper way related to IT infrastructures. Using a combination of technical and structural vulnerabilities, being able to map large infrastructures in a scalable way, needs to be combined with a probabilistic approach in threat modeling, which enables organizations to focus on true risk instead of theoretical risk on a technical level.
 
Taking this further, and being able to focus on true business risk, requires a new approach. At the Royal institute of technology, extensive research has been conducted in threat modeling and the probability of a certain set of parameters to be exploited to get access to an infrastructure. Join this seminar to learn the latest of research on threat modeling from both academia and the corporate world.
 
What attendees will learn:

  • Distinction between technical and structural vulnerabilities
  • How to address the challenges in scaling traditional risk assessments and threat modeling of complex IT infrastructures with objective fact-based data
  • Using research findings to perform threat modeling on large corporate IT infrastructures
  • How to use threat modeling in the design process of IT infrastructures

Security: the serverless future


Olga Skobeleva, Solutions Engineer, Cloudflare

Does security have to come at a cost to performance and maintenance? Your security is only as strong as the weakest human link and their patience and diligence in following proper protocols. Serverless computing is the future of how complex software systems and their security will be designed and built. This talk will demonstrate several migration cases that Cloudflare Workers can already help with today. Some modern hosting platforms don't give you enough access to deploy certain security features.  Let's say you would like to use security headers like Content Security Policy and Strict Transport Security, mange bot traffic, or do some advanced multi-factor authentication; that can be a struggle and consume many resources in your current infrastructure. With a futuristic serverless platform like Cloudflare Workers, such solutions can be deployed in seconds. 

What attendees will learn:

  • Security doesn't have to cost you performance or maintenance resources
  • Challenges of popular security implementations
  • Serverless computing as a security tool, eg. Cloudflare Workers
  • Examples: security headers, advanced multi-factor authentication, alerting, etc.

Digital Identities, Social Engineering and Mule Networks


Dr. Stephen Topliss, VP of Products, ThreatMetrix

The use of Digital Identities in preventing fraud and enhancing customer experience in the financial industry is becoming more and more prevalent.  As fraud shifts to the weakest link – the end customer – what can Digital Intelligence offer in combating Social Engineering fraud?  

What attendees will learn:

  • How Digital Identities are used today to enhance new customer acquisition on the digital channel and protect digital banking sessions for existing customers
  • Specific approaches to identify the risk of Social Engineering based account takeover
  • How a targeted approach to real-time mule account detection can enhance existing fraud prevention strategies

How to run a successful DLP program


David Mole, Strategic Technical Manager - EMEA, Digital Guardian

Learn about DLP Project Scope and the best DLP process, including:

  • Planning and Requirements Phase
  • Deployment Phase
  • Use Case Implementation Phase
  • Transition Phase

Learn about DLP Best practices

Learn about DLP Flexible Deployments

Learn how to set up a DLP project with no upfront classification to effectively monitor and ensure data protection. See and understand who, what, where and how data flows through the enterprise out-of-the-box. This visibility and contextual intelligence can be used to confirm sensitive data (structured and/or unstructured) to permanently tag it so that it can be monitored and controlled throughout its complete lifecycle. By providing complete event visibility without predetermined rules, you can quickly assess all the ways uses access, use, and move data so that you can determine where it is most at risk.