Agenda

Registration and Networking Break 

Chairman’s welcome 

► Fighting cybercrime is teamwork! – Co-operating with the police in cyber attacks on companies

Dominik Mauer, Analyst & Cooperation Manager, Federal Criminal Police Office/Bundeskriminalamt, Cybercrime Division

• What is the current situation in the field of cybercrime
• Who is responsible in the event of a cyber attack on a company and who are the contacts?
• Why is it important for a company to cooperate with the police in the event of a cyber attack?
• Myth check: reservations about cooperation with the police and our answers to them

► Why 24 is the answer to all questions in the cyber security environment!

Thomas Schuchmann, Senior Director Sales Engineering Germany, Rubrik & Stefan Schmugge, Director Sales Engineering, Rubrik

• Do you know the difference between resilience and resistance? How does resilience and resistance differ in data security and which is really more effective for businesses?
• Are cyber incidents really the biggest business risk? Why are cyber risks becoming more of a management focus and what does this mean for businesses?
• Are we investing enough and in the right things? Despite increasing security spending, why are cyber attacks still a problem and what could we do differently?
• How can we do better? What strategies are there to not only minimize the risk of a cyberattack, but also to mitigate its potential consequences?

► Looking Back at the Threat Landscape in 2023 (And What to Expect for 2024)

Paolo Passeri, Principal Sales Engineer and Cyber Intelligence Specialist, Netskope 

This session will provide an overview of the main security trends observed in 2023, providing some indications on what to expect for 2024.

• Cloud and SaaS adoption continue to rise in enterprise environments with users constantly adopting new apps and increasing their use of existing apps.
• Adversaries, recognizing this trend, are abusing and targeting popular apps in their operations more frequently, with social engineering having become the most common method used to gain access into victims’ environments.
• In parallel, the utilization of Generative AI apps, virtually non-existent in the enterprise a year ago, has increased exponentially exposing organizations to new risks such as corporate data leakage and themed social engineering campaigns.

► Threatcasting: disrupt the threat and enable the future 

Sonia Neffati, Regional Chief Security Officer, Europe, Mastercard

• Using threatcasting to model a range of possible and potential futures and threats in a complex and uncertain environment 
• Working with organisations via subject matter expert (SME) interviews, workshops and operationalisation exercises  
• Identifying indicators that threats or desirable futures are manifesting  
• Suggestions and actions that can be taken to disrupt the threat or enable the future

► Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

• Ransomware Revealed: The Changing Landscape of Ransomware and Data Exploitation, Christian Buhrow, Regional Sales Director, SpyCloud
• Browser security – the proven prevention layer for enterprise cybersecurity, Tom McVey, Solution Architect, Menlo Security

Networking Break

► The Utopia of European Cybersecurity Certification – Automation of Compliance

Dr. Jesus Luna Garcia, Cybersecurity Governance – Cloud and AI, Robert Bosch GmbH

• The challenges and opportunities of the upcoming certifications derived from the European Cybersecurity Act
• The benefits of automating traditional cybersecurity certification processes, summarizing practical experiences related to the upcoming EU certification scheme for cloud services (EUCS)
• How automation can support cybersecurity certifications related to new EU Regulations (e.g., NIS2, and AI Act)? A view on our ongoing activities

► The Cyber Threat Landscape Germany

Marvin Schneider, Customer development, Cloudflare

• Cyber threat landscape Internet and Germany
• Why employee security training falls short
• What you can do today to shut down one of the biggest attack vectors

► NIS 2.0 - Burden or Opportunity?

Roland Stritt, SentinelOne

• The introduction of the NIS 2.0 directive (Network and Information Security Directive) represents a significant development in the cybersecurity landscape. 
• What does NIS 2.0 mean for your company?
• This presentation aims to provide food for thought and highlight opportunities and challenges that companies may face in the course of implementing NIS 2.0. 
• Insights and ideas for managers and security experts.

► Email Authentication: Are You Ready for Stringent Email Acceptance Rules at Google and Yahoo? 

Giovanni Pascale, Proofpoint

To help address the high number of fraudulent emails hitting their users accounts, Google and Yahoo announced new email authentication requirements that could impact your company’s deliverability. The new requirements will be enforced as early as 1st February 2024. 

Join our session to hear from our subject matter expert Giovanni Pascale on key aspects of the new requirements, such as SPF, DKIM, DMARC, and DMARC alignment. We will discuss: 

• Overview of the new requirements 
• Overview of SPF and DKIM and things to consider 
• The role of DMARC and the challenges associated with getting alignment 
• Tools, technology and resources to help reduce the impact to your organisation 

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

• Insights into the dark web: cybercrime forums, markets and threats to watch out for, Bernd Knippers, Senior Sales Engineer DACH , Recorded Future
• Network Traffic Visibility & Zero Trust Security in Kubernetes Environments, Bettina Bassermann, Business Strategist, Pre-Sales DACH, SUSE

Lunch and Networking Break 

► The role of CISO in the evolving new frontiers of cybersecurity regulations

Chuks Ojeme, Global Chief Information Security & Compliance Officer, Brenntag

• NIS2: What does it imply? 
• How does it affect the Role of a CISO 
• Regulations and Geo-Politics, the impact on Cyber risk management

► It’s all about readiness! Why you may have been doing cyber training wrong!

Rupert Collier, VP Global Sales, RangeForce

Rupert will provide some insights into the following: 

• How realistic, hands-on, simulation-based readiness training helps companies elevate cyber skills, fill specialist staffing gaps, and save training budget.
• How and why a focussed, continuous, cyclical training program called AR(2) uses a unique combination of self-paced learning and live-fire team exercises to improve their security team's ability to detect, contain, and remediate cyberattacks.
• How and why this approach is much more effective and efficient than old fashioned classroom-based, instructor-led, certification-centric methodologies.
• How some other German customers have seen huge benefits for their SOC and cyber defence teams from the RangeForce platform.
• How RangeForce makes it easier to personalize relevant training for larger teams with a diverse range of backgrounds and skill sets.

► The challenges of NIS2: Just compliant or also secured?

Nikolei Steinhage, Enterprise Sales Engineer DACH, CrowdStrike

NIS2 stellt viele Unternehmen vor enorme Herausforderungen. Statt NIS2 einfach nur als eine Compliance-Anforderung zu betrachten, wollen wir zwei Fragen in den Mittelpunkt stellen:

• Wie kann man die Anforderungen schnell umsetzen (time-to-value)?
• Wie kann man NIS2 nutzen, um flexible auf zukünftige Herausforderungen reagieren zu können?
• Wie lassen sich trotz NIS2 Kosten sparen?

► Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

• Fraud prevention, AML, and KYC with Mobile Intelligence, Gerhard Sahner, Business Development Mobile Intelligence, JT Global
• The anatomy of online fraud: How AI is changing the battlefield in favor of the attacker and what we can do about it, Julian Wulff, Director, Cyber Security Central Europe, Red Sift

Networking Break

► Why CISOs should care about resilience

Dr. Timo Wandhöfer, Group CISO, Klöckner & Co

• Resilience is what you need when security has failed. It’s DR and BCP. So what is the role of the CISO in these activities?
• If companies assume successful hacks, then should they divert resources away from security that is doomed to fail to DR/BCP? 
• Shouldn’t we be taking a different approach to security itself: should CISOs focus on protecting key business processes not simply data? 
• What do CISOs bring to the resilience party?

► CISO Panel Discussion

Chuks Ojeme, Global Chief Information Security & Compliance Officer, Brenntag (Moderator);
Gulnara Hein, CISO, Chintai;
Moona Ederveen-Schneider, Executive Director EMEA, FS-ISAC;
Riccardo Riccobane, Head of CSO Security Assurance & Head of Operational Resilience, DWS;
Ashar Javed,Head of Security Technology – Security Technology Section, Hyundai AutoEver Europe GmbH
 

• Integrating cybersecurity into wider enterprise risk management frameworks
• Becoming a more strategic partner to the business?  
• Building resilience against third-party security threats
• Web 3.0 and the next generation of the internet: securing new technologies and services
• Preparing for NIS2

Conference Close