Agenda

Presentations already confirmed include:


►How to define and manage ICT risk in line with regulatory requirements (such as DORA and MiCA)

Dr. Gulnara Hein, CISO, Chintai

  • Building visibility by combining top-down business and bottom-up technology perspectives to map processes, systems, information assets and third parties
  • Distinguishing real risks from control gaps, and why thismatters for prioritisation, reporting and decision-making
  • Do current risk structures underestimate the role of ICT controls in mitigating broader operational risks such as process failure, human error, and third-party disruption?

►Lock It Down vs. Let It Flow: The Eternal Tug-of-War Between Security and Usability

Julian Dube, Information Security Officer, E.ON Digital Technology

  • How the clash between security and agility shapes today’s cloud-first organisations
  • Why BYOD remains the Trojan horse of convenience — and a growing security risk
  • The truth behind the “secure cloud” myth and shared responsibility gaps
  • How developer practices can weaken even the strongest security pipelines
  • Actionable steps for CISOs to establish security faster together with the business

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
  • Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you

►Zero Trust—Beyond the Buzzword: separating Strategy from Implementation

Igor Podebrad, Director, Office of the CISO, Google Cloud

  • How the core principles of Zero Trust differ from how it’s commonly implemented across enterprises
  • Insights into real-world challenges and pitfalls organisations face when operationalising Zero Trust
  • Strategies for aligning policy, identity, and architecture to achieve genuine Zero Trust outcomes
  • Practical guidance on measuring Zero Trust maturity and closing the gap between intent and execution

►Operational Resilience by Design in the Age of DORA

Thomas Barkias, Principal Supervisor, Cyber Resilience, ICT, Crypto & Operational Risk,  European Central Bank

  • Redefining resilience beyond compliance, moving past DORA as a checkbox into a true resilience mindset
  • Identifying the minimum viable business, mapping the critical services and dependencies that must endure disruption
  • Shifting from perimeter-based security to risk-based resilience, prioritising continuity over threat-specific controls
  • Integrating ICT, third-party, and operational risk, into a single, unified resilience strategy

►Building Cyber Resilience and Managing Risk Across Critical Industries

Sachin Gaur, Cybersecurity Manager, Continental (Moderator)
Sheeba Baskaran, Lead Security Architect, Lenovo, Deutschland GmbH 
Andrea Szeiler, Group CISO, MVM Ltd 
Riccardo Riccobene, MD - Senior Information Security Officer, State Street Bank International
Maximilian Moser, Consultant Industrial & Product Security, VDMA

  • How should boards and executive teams manage cyber risk as an enterprise-wide issue rather than a technical one?
  • With IT and OT convergence happening in industries from energy to transportation to manufacturing, what are the key challenges in securing both business systems and operational environments?
  • How can organisations strengthen resilience against third-party and supply chain risks in today’s globally interconnected economy?
  • As digital transformation accelerates through technologies like AI, IoT, and automation, how can leaders balance innovation with effective cyber risk oversight?
  • Looking ahead, what governance models, cross-industry collaborations, and cultural shifts will be most essential to strengthening resilience across critical national infrastructure

►European Threat Reality 2025: How Adversaries Operate Today

Nikolei Steinhage, Senior Sales Engineer, CrowdStrike

  • Why Europe faces an intensified threat environment and why organisations across the region are increasingly targeted by extortion- and espionage-driven campaigns
  • Which adversary groups are most active right now – including their preferred tactics, from rapid ransomware operations to highly convincing social engineering
  • Which industries are most at risk and the clear patterns emerging from recent attacks across Europe
  • What organisations must prioritise now to build resilience against today’s European adversary techniques

►Countering Cyber ​​Threats with Zero Trust Cyber ​​& Identity Resilience

Frank Schwaak, Field CTO, Rubrik

In a world of increasingly sophisticated cyberattacks, pure prevention is reaching its limits. This session demonstrates why companies need to rethink their strategies: moving away from mere defence and towards genuine cyber and identity resilience. The focus is on how organisations can not only prevent attacks but also respond effectively and maintain critical business processes during and after incidents. Operational resilience thus becomes a key strategic competency for sustainable security.