Agenda

09:00 - 09:50

Registration and Networking Break 

09:50 - 10:00

Chairman’s welcome 

10:00 - 10:20

► Complying with NIS2 in a global organization – impossible or doable?

Bjørn R. Watne, Senior Vice President & Group CSO, Telenor Group

  • What are the changes that are coming, and how do they affect a global telco? 
  • What lessons are learned from previous regulations and industry standards?
  • Telenor’s global approach. 
10:20 - 10:40

► Both prevention and recovery

Filip Verloy, Field CTO EMEA & APJ, Rubrik

To build a cyber resilient organisation you need to focus both on prevention, by raising your security posture, and recovery capabilities, in the assumption that when the worst happens you are operational again as quickly as possible.

  • Data has the ability to both transform your business and ruin your day. As the most critical asset of any organization, securing data is paramount.
  • Organizations everywhere have been on a drive to innovate and compete on the global stage, resulting in data being spread between on-premises environments, public clouds, and SaaS applications.
  • In order for IT and Security teams to regain control over these islands of data, a new and modern approach is needed.
  • Cyber Resiliency brings together cyber posture and cyber recovery to give you a safe path in dangerous times.
10:40 - 11:00

► Cybersecurity’s Entangled Landscape

Dr. Manfred Boudreaux-Dehmer, CIO, NATO

We often approach cybersecurity improvements as if we were on an island where protection starts at the shore. But, while we may be on an island, it is part of an archipelago where we are all interconnected with bridges. What we do affects our customers and what suppliers do affects us and vice versa.  

  • How can we approach security with a view on the entire ecosystem?  
  • NATO’s approach to the challenges of cybersecurity interconnectedness between independent entities within an ecosystem
11:00 - 11:30

Networking Break

11:30 - 11:50

► Resilience in the times of uncertainties 

Jani Räty, CISO/Associate Director, Nordic Investment Bank Matias Virta, Chief Business Continuity & Security Manager, Nordic Investment Bank

  • How does Nordic Investment Bank react to sudden changes in threat landscape? 
  • Scenarios as key items to improve resilience and communicate threats 
  • Lessons learned 
11:50 - 12:30

► Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Generative AI: Amplifying attackers and defenders, Julius Nicklasson,  Manager, Intelligence Services, Recorded Future
  • The Importance of Zero Trust in Kubernetes Environments, Olli Tuominen, Solutions Architect, SUSE
12:30 - 13:30

Lunch and Networking Break 

10:20 - 10:40

► Third-party risk management from a third-party perspective  

Andrea Szeiler, Global CISO, Transcom

  • Understanding your third parties and the risks they bring to your organisation  
  • Different approaches to third-party risk management and their pros and cons  
  • Responsibility sharing matrix 
  • Working together 
13:50 - 14:10

► Living in a world of fakes

Jelle Wieringa, Security Awareness Advocate, EMEA, KnowBe4

  •  Deepfakes are here, and they are here to stay. And with technology ever advancing, it is no longer a matter of simply knowing what a deepfake is
  • Organisations will have to actively decide how they can utilize them to grow their business, and at the same time defend against the malicious use of this technology
  • In this talk, we'll be looking at the evolving role of deepfakes in our lives. What you can do with them, and how you can protect against them

 

14:10 - 14:30

► Merging Security with DevOps Practices

Sami Vellonen, Director, InfoSec & Engineering, Terveystalo
Ahsan Habib,
DevSecOps Architect & Security, Terveystalo

  • Why early security integration is so important
  • How to do risk mitigation with proactive security measures
  • Example of effective DevSecOps implementation 
  • Cultivating a collaborative security mindset in DevOps teams
14:30 - 14:50

► Rise and fall of a fraudster www-site

Timo Wiander, CISO, Enfuce

Enfuce's www-pages were copied by an external attacker. They used a copied version of enfuce.com and used our real job advertisements for phishing user id's etc. This presentation will go through:

  • The process of taking down the fraudulent site with capabilities of a SME 
  • Lessons learnt
  • Proposed improvements for the community
14:50 - 15:20

Networking Break

15:20 - 16:00

► CISO Panel Discussion

Vesa Tupala, Group CISO, Mandatum;
Thomas Stig Jacobsen, Head of IT Security, Lunar;
Noora Hammar, Director, Head of Security Assurance, Volvo Group;
Zane Nieminen, Information Security Officer, University of the arts, Helsinki

  • Integrating cybersecurity into wider enterprise risk management frameworks
  • Becoming a more strategic partner to the business?  
  • Building resilience against third-party security threats
  • Web 3.0 and the next generation of the internet: securing new technologies and services
16:00

Conference Close

Education seminars


Generative AI: Amplifying attackers and defenders


Julius Nicklasson, Manager, Intelligence Services, Recorded Future

Generative AI empowers scalable consumption and production for both attackers and defenders, ushering in a wave of surprising use cases. This presentation shifts the focus from potential malicious uses to practical takeaways. Join us to explore how generative AI can be harnessed for positive impact, providing you with actionable insights and strategies to navigate transformative possibilities. Main topics to be discussed:

  • Real world examples and use cases
  • A practical lens for defenders
  • Think about things differently
  • Recorded Future AI in action

The Importance of Zero Trust in Kubernetes Environments


Olli Tuominen, Solutions Architect, SUSE

Deep network visibility is the most important part of container security at runtime. With traditional perimeter-based security, administrators use firewalls to isolate or block attacks before they reach the workload. Inspecting container network traffic reveals how an application communicates with other applications and is the only way to stop attacks before they reach the application or workload. SUSE NeuVector is the only 100% open source security platform for containers with continuous auditing throughout the lifecycle.

  • Perform Deep Packet Inspection (DPI)
  • Real-time protection with the industry's only container firewall
  • Monitor east-west and north-south container traffic
  • Capture packets for troubleshooting and threat investigation