Agenda

08:00 - 08:50

Registration and Networking Break

08:50 - 09:00

Chairman's Welcome

09:00 - 09:20

► Cost, Agility and Completeness; what to sacrifice when building a modern vulnerability management program

Georgios Kryparos, CISO, Einride

  • How broad is the scope of vulnerability management in a modern enterprise?
  • Where to start and how?
  • Which areas will give you the most bang for the buck?
  • How to unify all the information in 1 dashboard and make it concrete and actionable?
09:20 - 09:40

► API Security – a new paradigm in Application Security

Sachin Thombre, Senior Cybersecurity Solutions Specialist, Imperva

  • Understand exactly what is involved in securing APIs
  • Why current security solutions are insufficient
  • 3 recommendations to ensure a sound API Security strategy
09:40 - 10:00

► Do you Know What Information Your APIs are Leaking?

Jason Kent, Hacker in Residence, Cequence Security

Attend this session to fully understand the API security risks your organization faces. Topics include:

  • Security risks associated with the increased use of health monitoring APIs, API specifications, and GraphQL.
  • Compliance and governance risks related to APIs that may inadvertently expose sensitive data.
  • Why APIs used to facilitate account login/registration and inventory lookups are more susceptible to automated attacks.
10:00 - 10:20

► Combatting Financial Crime in The Digital Age

Mads Syska Hasling, Chief Information Security Officer (CISO) & Head of Financial Crime Prevention, Saxo Bank

  • Breaking down silos to ensure best in class capabilities (tactical and strategic) to identify, prevent, detect and respond to the growing threat of Cyber Crime
  • Benefits of joining our people, processes and technology within Cyber, Fraud, AML and MAR Surveillance teams under one department
  • Lessons learnt from the ongoing cyber journey at Saxo Bank
10:20 - 11:00

 Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • A day in the life of a hacker, Cher Lingord,TI analyst and SE, Cybersixgill
  • Harness the Crowd: It’s your best chance of finding every vulnerability that matters, Martin Szabo, Sales Director Nordics & Benelux & Matthew West, Solutions Architect Benelux and Nordics, Synack
11:00 - 11:30

Networking Break

11:30 - 11:50

► Panel: Financial Institutions

Magnus Jacobson (Moderator), Cyber Security Senior Adviser, Swedish Bankers' Association (SBA); Lena Stenberg Domeij, Director of Compliance, Bank of China (Europe) S.A; Frederik Malmstrom, Head of Group Information Security and Data Privacy, Handelsbanken; Mads Syska Hasling, CISO & Head of Financial Crime Prevention, Saxo Bank; Navaz Sumar, CISO, TF Bank 

  • What are the most worrying threats you see against financial institutions? 
  • How do new resilience regulations help in the battle against cybercriminals?  
  • Does cybersecurity fit naturally into the three lines of defence model  
  • How secure are the market infrastructures upon which the financial institutions rely (e.g. payment systems like SWIFT or Fedwire or CHAPs or even central banks)? 

 

 

11:50 - 12:10

► Fast and Furious Attacks: Using AI to Surgically Respond

Linnea Skärdin, Cyber Technology Specialist, Darktrace 

  • Today’s cyber security teams are overwhelmed; threats are simply spreading too quickly
  • The rear-view approach is no longer enough
  • Autonomous Response uses self-learning AI to effectively contain and combat a cyberattack
  • Darktrace protects entire digital ecosystems and equips security teams for the future
  • Learn about key threat finds: Sodinokibi and Log4Shell

 

12:10 - 12:30

► Secure the digital front doors of your organization and the sensitive data inside

Adam Hellstrom, Territory Account Manager, Lookout

  •  Modernize secure web access with a zero trust approach
  • Transform secure connectivity to private apps in your data centre and public cloud
  • Gain visibility & control, and protect your data as you enable SaaS apps
  • Secure the endpoints you use the most

 

12:30 - 12:50

► How to Make Your SOC Run More Effectively in 2022

Sebastian Engström, Regional Sales Director, Nordics, Hunters

The shift to the cloud and the extension of the attack surface requires new approaches for threat detection and response.

During this session, you’ll learn:

  • The definition of a SOC Platform and how it can help security teams 
  • Strategies to empower your security team mitigate real threats faster and more reliably than SIEMs to incidents that matter across the attack surface#
  • How Fortune 1000 companies are using Hunters’ SOC Platform to ingest, cross-correlate, prioritize and investigate incidents
12:50 - 13:30

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • Implementing an Adaptive Email Security Architecture with Cofense, Alain Salesse, Senior Sales Engineer Cofense
  • Finding the Leaky Data Links In Your Supply Chains - Data Security Beyond Perimeters, Vijay Kishnani, Lead Cyber Security Engineer, CybelAngel
13:30 - 14:30

Lunch and Networking Break

14:30 - 14:50

► Panel: Priorities for 2022/23 

Dimitrios Stergiou (Moderator), CISO, Trustly; Sofia Staaf Frederiksen, Chief Information Security Officer, Apoteket AB; Bjorn Johren, CISO, Max Matthiessen AB; Emma Johansson, Senior Security Advisor, Swedenergy; Antje Schütt, Group IT Security Officer, Vattenfall Group

  • Data privacy or security? How will companies view ‘security’ in the post-pandemic world?   
  • Hybrid working: problem solved, or problem postponed?  
  • The issue of ‘basic’ cyber hygiene (or ‘why can’t we stop ransomware?’)  
  • Is 2022 the year of Cloud? And have the security implications of Cloud been exaggerated?   
14:50 - 15:10

► The Power of Deception Tech: Uncovering Russian TTPs targeting Ukrainian Infrastructure

Daniel Brett, CSO and co-founder, CounterCraft

  • How our deception environments uncovered a February attack involving threat actors attempting to attack Ukrainian government infrastructure 
  • an in-depth analysis of this attack, how it was discovered, and the intel gathered
  • The importance of being prepared for cyberwarfare on the back of global events
  • Takeaways for the financial sector and critical infrastructure
15:10 - 15:30

► CIO Forum Cyber Security 2022 

Durval Batista, Regional Manager, LastPass & Jonas Hedquist on behalf of Last Pass

  • Security risks associated with poor password hygiene at the workplace
  • Passwords are one of the weakest links in the cybersecurity chain - what actions should business take to improve this?
  • Benefits of implementing a organisation wide Password Manager
15:30 - 16:10

► Education Seminar Session 3

Delegates will be able to choose from the following education seminars:

  • How isolation stops the spread of ransomware, Trevor Dearing, Director of Critical Infrastructure Solutions, Illumio
  • Detecting Threat Actors that others miss - Real world examples, Teppo Halonen, Regional Director Northern Europe, Vectra AI
16:10 - 16:30

Networking Break 

16:30 - 16:50

► Regulation panel

Fredrik Hertz (Moderator), Financial Services Cybersecurity Lead, Consulting, EY Sweden; Elin Ryrfeldt, CISO, Axfood; Jan Willekens, Head of Cyber Defense Center, Ericsson; Magnus Jacobson, Cyber Security Senior Adviser, Swedish Bankers' Association (SBA)

  • What is the global regulatory direction? Do we see a pattern across sectors?
  • We all assume resilience is key for service providers. Do we need regulations?
  • How far should companies plan for disruption? When does it become someone else’s problem?
  • What are the evolving operational models for resilience? How can we integrate different competencies?
16:50 - 17:10

► Does cybersecurity fit naturally into the three lines of defence model?  

Navaz Sumar, CISO, TF Bank

  • How to tackle Cyber Risks in 3LoD 
  • To whom should you report cybersecurity Risk
  • How do you communicate cybersecurity and Risks 
  • The Convergence of Operational Risk and Cyber Security.
17:10 - 17:30

► Third Party Risk: Governance, Monitoring, Auditing 

Dimitrios Stergiou, Group Chief Information Security Officer, Trustly Group AB

  • Third party everywhere: third party components that make me lose sleep
  • Assuming control: How we approach the cloud services monster 
  • Conclusions
17:30

Conference Close

Education seminars


Finding the Leaky Data Links In Your Supply Chains - Data Security Beyond Perimeters


Vijay Kishnani, Lead Cyber Security Engineer, CybelAngel

Ask yourself, where is the risk in sharing data with third parties? Is the risk the third party, or is the risk having your data leak? The real danger is the data leak! The leak being at a third party just makes it more challenging to locate. Instead of making third parties jump through long and sometimes unproductive audits, a new perspective is needed a data risk first approach. 

A data risk first approach focuses on locating whatever data matches your organization’s regardless of where it appears. By focusing on which data matches, you gain visibility and protection far beyond a company’s perimeter into third, fourth, and fifth parties. This increase in visibility frees cybersecurity teams from choosing which partners get monitoring. 

You will learn: 

  • Why your risk is with the data, not third parties.
  • What is a data risk first approach.
  • How DRPS tools can assist in a data risk first approach.

A day in the life of a hacker


Cher Lingord,TI analyst and SE, Cybersixgill

Threat intelligence’s value is sometimes hard to explain. By tracking the Cyber Kill Chain, we will see how organizations can try and prevent attacks farther up the killchain by having visibility into the underground.

Join this session to learn more about: 

  • Common framework for analyzing attacks
  • How CTI fits into all of this
  • A useful way of getting into the attacker mindset
  • A bit about Boris

How isolation stops the spread of ransomware


Trevor Dearing, Director of Critical Infrastructure Solutions, Illumio

  • See how to stop the propagation of ransomware
  • Identify the potential weaknesses in your infrastructure
  • Build a more resilient defence against future threats

Implementing an Adaptive Email Security Architecture with Cofense


Presentation by Cofense 

What is an adaptive security architecture and what are the objectives – With so much focus on cyber-attack prevention, many security teams have adopted an incident response mindset versus one that assumes systems are compromised and require continuous monitoring and remediation.

  • We’ll walk you through the benefits and objectives of implementing an adaptive security architecture and risk framework.
  • The current situation in email and phishing security – We’ll share some of the latest insights from the industry and what we’re seeing through our unique combination of artificial, human, and high-fidelity intelligence.
  • Implementing adaptive security architecture and risk framework with Cofense – We’ll talk through how to classify your existing and potential email security investments to increase your security posture while reducing costs, vendors, and configuration complexity.

 


Detecting Threat Actors that others miss - Real world examples


Teppo Halonen, Regional Director Northern Europe, Vectra AI

The impact of the global pandemic has resulted in a paradigm shift that has drastically expanded attack surfaces, as hybrid and remote working environments become the norm.

With cybercriminals looking for easy targets and opportunities to steal personal information, they too have adapted to find new ways in which they can exploit and bypass legacy security systems.

During our presentation we will cover:

  • How highly evasive threat actors perpetrate their attacks
  • Insight from some of our customers on the autonomy of the attack
  • How Vectra saw the attacks earlier and stopped them being breached.

Harness the Crowd: It’s your best chance of finding every vulnerability that matters.


Martin Szabo, Sales Director Nordics & Benelux & Matthew West, Solutions Architect Belelux and Nordics, Synack

In today’s environment, traditional pen testing is broken. Synack, fueled by a diverse community of vetted and trusted researchers, can help you find the exploitable vulnerabilities you need to deal with. In this session you will learn:

  • How a crowd of ethical hackers, available on-demand and strongly incentivised to deliver results, can transform your pen testing. 
  • How Synack's coverage compares to the general market
  • What a typical testing engagement looks like, including scoping targets, discovering vulnerabilities, and the lifecycle of a vulnerability report, from initial submission to patch verification.