Agenda

08:00 - 08:50

Registration & Networking

08:50 - 09:00

Chairman's Welcome

09:00 - 09:20

► Emerging technologies and advanced threats – a perfect storm

Geir Arild Engh-Hellesvik, Director, Defence against Advanced Digital Threats, Norwegian National Security Authority

  • Geopoliticial tensions are increasing, we are seeing an increase in advanced threat actor activity
  • We need to understand our adversaries, their tools and techniques
  • Emerging technologies (5G, AI/ML, quantum computing) are adding complexity
  • Is our toolbox up to the task? How can we evolve our protective measures collectively?
09:20 - 09:40

► Cybersecurity has an effectiveness problem

Petter Glenstrup, Senior Systems Engineer - Nordics, Arctic Wolf 

  • Cyber risk is a business risk. Unfortunately, the cybersecurity industry has proven ineffective in reducing organizational cyber risk.
  • To solve the effectiveness problem in cybersecurity, organizations have realized they need a solution that combines technology with human expertise and delivers it in a way that addresses day-to-day security needs while also ensuring that their overall security posture gets stronger over time. 
  • This realization has led to the emergence of Security Operations as its own discipline, reducing the likelihood and the impact of a breach and end cyber risk.
09:40 - 10:00

► Lessons learned from multibillion-dollar ransomware empires.

Ensar Şeker, VP of Research, Advisory Information Security Officer (CISO), SOCRadar

  • How Ransomware groups evolved and built multi-billion-dollar crime “business” ecosystems
  • What percentage of the million-dollar ransom request is paid after negotiations (w/ real-life examples)
  • TTPs of most active ransomware groups
  • How to mitigate ransomware risk with early-warning cyber threat intelligence methodologies
10:00 - 10:20

► We need to talk… 

Henrik Løth Thiesen, Global Director Information Security & Risk Management, Vestas

  • How security risk should be measured via financial impacts 
  • How strategic threat intention is a part of how to quantify the likelihood. 
  • How to communicate with Executives continuously 
10:20 - 11:00

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Key Considerations for Choosing the Right Cloud Email Security Platform, David Lomax, Systems Engineer, Abnormal Security 
  • From Digital Laggard to Cyber-leader, Raghu Nandakumara, Head of Industry Solutions, Illumio
11:00 - 11:30

Networking Break

11:30 - 11:50

► Panel: CISOs and Security Technology 

Predrag Gaikj, Chief Information Security Officer, Qliro; Tor Indstøy, VP, Risk Management & Threat Intelligence, Telenor Group; Henrik Løth Thiesen, Global Director Information Security & Risk Management, Vestas

This panel will look at:

  • Different approaches to selecting and consolidating security technologies
  • Budget and investment questions as more vendors broaden their capabilities
  • Replacing legacy cybersecurity technology
  • One-stop shop versus security stack
  • Building a continuous control environment for cybersecurity
11:50 - 12:10

► Debunking Common Myths About XDR

Patrick Reischl, Strategic Solutions Engineer, SentinelOne

  • What is XDR and why should I consider the technology in my enterprise security stack?
  • What should I expect from vendors who claim to have built the perfect mousetrap?
  • What is reality, and what is just hype?
  • What common myths around XDR continue to muddy the water for security teams?
12:10 - 12:30

► Psychology of a Social Engineering Attack

Jelle Wieringa, Security Awareness Advocate, KnowBe4

In this talk, you will better understand how cybercriminals leverage the power of your own mind to make you do their bidding. And how a better understanding of yourself can help to better protect against this.
 
Get actionable insights on:

  • The tricks cybercriminals use to manipulate you
  • How psychology plays a vital role in social engineering
  • How to better protect yourself
12:30 - 12:50

► The Path to Zero Trust by Securing Privileged Identities

Matt Sturman, Solutions Engineer, BeyondTrust 

Zero Trust is built on foundations that are essential across your cybersecurity strategy, delivering greater value from existing cyber investments.  In this session, Matt will outline:

  • Why protecting identities is fundamental to achieving Zero Trust
  • Practical steps you can take NOW to secure your privileged identities
  • The pivotal role Privileged Access Management plays in achieving Zero Trust
12:50 - 13:30

 Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • Combatting the Latest Phishing Threats - Why an Adaptive Layered Defense is the ONLY Offense, James Hickey, Director, Sales Engineering, Cofense
  • Erasing Surface, Identity, Complexity and Unknowns, Christian Borst, EMEA CTO, Vectra AI
13:30 - 14:20

Lunch Break

14:20 - 14:40

► The Metaverse Opportunity 

David Palmer, Business Lead for Blockchain Technology, Vodafone

  • What are the key enablers for Virtual and Real Worlds to Co-exist
  • The key challenges 
  • Security, Identity, Jurisdiction, Copyright and Ownership
14:40 - 15:00

► The challenge with modern cybercrime against businesses

Gøran Tømte, Field Security Responsible Germany and NEUR, Rubrik X  

  • Ingress: Evolution is running as always. This is relevant and good for business, digitalization, and technology.
  • Criminals adopt and evolve with all the changes, revealing new vulnerabilities and all the new capabilities in new technology. It’s important to stay up to date to be best prepared.
  • Let’s look at the business consequences before, during and after an incident.
15:00 - 15:20

► How to address the skills shortages in a proactive manner to respond to adversaries

Mikkel Planck, Senior Cybersecurity Specialist, Crowdstrike 

  • Tooling and techniques to address skills shortages
  • Automation and services to keep you ahead of attackers
  • How technology can help you become proactive and stop breaches
15:20 - 15:40

► The realists guide to threat hunting

Richard Cassidy, Vice President of Global Technology, Securonix

Whilst we continue to see adversarial attack techniques increasing in sophistication and automation, it is apparent that our Threat hunting practises may still be legacy in nature; That is to say, many still operate in a “reactive” mode, which exposes our organisations to unnecessary increased risk. We can leverage technology to better serve our data and asset protection needs, but how? In this session we will take a look at how threat hunting has evolved through automation and data-science, in addition to demonstrating how to apply these advancements to better serve your cyber security needs, from an e-crime perspective.

  • Explore effective modern processes (hypothesis driven hunting) and automation approaches
  • Look at how to better apply machine learning models to serve business risk outcomes
  • Explain how “detection-as-code” serves “collective defence” requirements
15:40 - 16:00

► Fireside chat: A CISO’s Perspective on….

Simon Brady, Managing Editor, AKJ Associates & Mads Syska Hasling, CISO, Saxo Ban​k

  • How the macroeconomic downturn will affect CISOs, budgets and security
  • Dealing with the risks of state-sponsored cyberattacks and spillovers
  • Practical tips for implementing a risk-based approach to cybersecurity
16:00 - 16:20

Networking Break 

16:20 - 16:40

► Developing the next generation of security leaders

Predrag Gaikj, Chief Information Security Officer, Qliro

  • The role of the information security — different interpretations in different companies
  • How is the role changing?
  • What does a next-gen CISO look like and are you one of them?
16:40 - 17:00

► Panel: CISO Future Challenges 

Thomas B. Zuliani, Director, Information Security & Data Privacy, Pandora;  Tor Indstøy, VP, Risk Management & Threat Intelligence, Telenor Group; Tom Engly, Former CISO Tryg, Senior Cybersecurity & Crisis Management Advisor, Tryg

This panel will look at the challenges posed by:

  • Asset inventories (devices, applications, identity, network, data)
  • Overall technology landscape complexity,
  • ‘Digital’ transformations of the business / products
  • Testing and measuring the effectiveness of the cybersecurity control environment
  • Incident response and problem management
  • Ensuring the same coverage/visibility over cloud environments as on-prem
  • Managing supply chain risk in a world less tolerant to long delays around supplier assurance (post covid)
  • Web 3.0 and the next generation of the internet: securing new technologies and services which are inherently decentralised?

 

17:00

Conference Close

Education seminars


Erasing Surface, Identity, Complexity and Unknowns


Christian Borst, EMEA CTO, Vectra AI

Threat intelligence has been a critical component to knowing threat types, methods, and profiles. As enterprises shift to cloud, security and risk leaders are facing an onslaught of unknowns. Unknown compromises, attack progressions and prioritization challenges require more reliable, accurate, and timely insights into advanced attacks. In this session learn how security operations need to shift their focus to be more proactive in identifying and stopping sophisticated ATP’s.

 

During our presentation we will cover:

  • What is threat intelligence and how it benefits your organisation and SOC team
  • How to analyse the data to understand the threat landscape, anticipate attackers' next moves and take prompt action to stop attacks
  • The importance of ongoing intelligence to prevent emerging risks and threats

Key Considerations for Choosing the Right Cloud Email Security Platform


David Lomax, Systems Engineer, Abnormal Security 

Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.

Unfortunately, email threats are only growing in number. Business email compromise accounts for 35% of all losses to cybercrime, and the Verizon Data Breach Investigations Report holds that phishing remains the top entry point for breaches—a position it has held for years.

Does that mean email is doomed, and we should give up? Quite the opposite. But the shift to cloud email requires one major thing: a shift to cloud email security.

Attend the Abnormal Security session for answers to your most pressing questions, including:

  • What are modern email threats, and how are they different from legacy attacks?
  • Which email threats are most concerning, and how can we defend against them in the cloud environment?
  • Which technical capabilities are required when protecting cloud email?
  • How can cloud email security platforms detect the most dangerous attacks?

 


Combatting the Latest Phishing Threats - Why an Adaptive Layered Defense is the ONLY Offense


James Hickey, Director, Sales Engineering, Cofense

What is an adaptive security architecture and what are the objectives – With so much focus on cyber-attack prevention, many security teams have adopted an incident response mindset versus one that assumes systems are compromised and require continuous monitoring and remediation.

In this session we’ll;

  • Walk you through the benefits and objectives of implementing an adaptive security architecture and risk framework.
  • The current situation in email and phishing security – We’ll share some of the latest insights from the industry and what we’re seeing through our unique combination of artificial, human, and high-fidelity intelligence.
  • Implementing adaptive security architecture and risk framework with Cofense – We’ll talk through how to classify your existing and potential email security investments to increase your security posture while reducing costs, vendors, and configuration complexity.

From Digital Laggard to Cyber-leader


Raghu Nandakumara, Head of Industry Solutions, Illumio

The need for business to transform was driven by the pandemic with the adoption of new applications and automation. The challenge is delivering cyber resilience as the criminal gangs have transformed the way they operate, improving their evasion techniques for detection products and targeting critical infrastructure. Adopting Zero Trust is a simple way to deliver a structured approach to security.

In this session we will look at;

  • some of the issues and lay out a effective approach to identifying risk and deploying preventive measures to contain an attack
  • limiting the spread of ransomware and breaches.