08:00 - 08:55 CEST

Login and Networking 

08:55 - 09:00 CEST

Chairman's Welcome

09:00 - 09:20 CEST

► Leadership in Security 

For CISOs, an increase in the rate of large-scale attacks may have one prominent hidden benefit: their boards are now taking digital risk very very seriously. With cyber risk now considered one of the key risks a business should be wary of, how should cybersecurity professionals display leadership? How is talent sourced and retained? How do we bridge the gap between security and 'the business'?

  • Kaj Paananen, Head of PSIRT, Hitachi Energy
  • Jeevan Singh, Head Cyber Security, Nokia Technologies
  • Harri Hautala, RISO, Handelsbanken
09:20 - 09:40 CEST

► Building Cybersecurity Immunity to Ransomware with PAM 

James Maude, Lead Cyber Security Researcher, BeyondTrust

  • Explore ransomware attacks and how you can protect your environment by making it inhospitable to them
  • Learn 6 things to know about Ransomware
  • Takeaway realistic security practices you can implement to protect against ransomware 
  • Understand the role of PAM (privileged access management) in mitigating the risks of ransomware and other cyber threats with a powerful, blended defense 
09:40 - 10:00 CEST

► Ransomware in Focus: How AI Surgically Contains the Threat 

Mariana Pereira, Director of Email Security, Darktrace

  • In the immediate aftermath of a ransomware attack, executives too often face a difficult dilemma: either pay a ransom, or shut down critical systems and services. In today’s increasingly complex digital ecosystems, the collateral damage that ensues from ransomware attacks can be broad-ranging and destructive, with organizations taking days, weeks, or even months to recover.  
  • Join this presentation to learn how Self-Learning AI is helping thousands of organizations fight back against ransomware. We’ll discuss: 
  • The impact of ‘double-extortion’ ransomware and ‘ransomware-as-a-service’ 
  • Real-world examples of ransomware detected by Self-Learning AI 
  • How self-learning AI responds proportionately to ransomware, thanks to its deep understanding of an organization’s pattern of life 
10:00 - 10:20 CEST

►Digital Identity and Implications on Security 

Geir Arild Engh-Hellesvik, CISO, Vy

  • Analysing Digital identity systems and risk 
  • Focusing on customer journey and experience 
  • Vy's experience with digital identity and considerations to make when designing and choosing solutions
10:20 - 10:50 CEST

► Education Seminar Session 1 

Delegates will be able to choose from the following sessions:

  • Ransomware: Tactics, Techniques and Detection, Sally Vincent, Senior Threat Research Engineer, LogRhythm
  • Leveraging IAM for Effective and Efficient Threat Mitigation, Lonnie Benavides, Head of Infrastructure and Application Security, OneLogin
10:50 - 11:20 CEST

Networking Break 

11:20 - 11:40 CEST

Learning from experience: building best practice incident response 

Goran Radosavljevic, Head of Disaster Recovery, A.P. Moller – Maersk

  • Identifying the flaws in existing incident response plans and processes
  • Adapting to an evolving threatscape, including nation-state actors
  • Are IR and cybersecurity teams too siloed? Breaking down the barriers.
11:40 - 12:00 CEST

► Q2 Malware Trends: Ransomware, Targeting of Linux Systems, and Botnet Evolution

Nour Fateen, Senior Manager of Sales Engineering, Recorded Future 

  • Join our quarterly series in analysing trends in malware use, distribution, and development. 
  • Find out how Insikt Group uses the Recorded Future® Platform to examine major trends to malware impacting desktop systems and mobile devices.
  • Discover the tactics, techniques, and procedures (TTPs) that had a major effect on technology. 
  • Learn how threat hunters and security operations centre (SOC) teams can strengthen their security posture by prioritising hunting techniques and detection methods based on this research and data.


12:00 - 12:20 CEST

►How AI based ‘Threat Detection & Response’ finds Ransomware

Kristofer Berg, Regional Sales Manager, Vectra

  • How prepared is your organisation to detect and respond to a ransomware attack
  • What approaches other organisations are taking to stop ransomware gangs
  • How to detect and respond to Ransomware before it impacts you
12:20 - 12:40 CEST

►Trusted Computing and its Application in Preventing ECrime

Dr. Ian Oliver, Technical Staff (Cybersecurity), Nokia Bell Labs

  • The shift from malware to Supply chain attacks in the domain of ‘nation state actors’. 
  • How effective is TPM 2.0 in addressing these attacks.
  • Higher level services and integrating technology into IoT, Edge Cloud and communications.
  • Case studies from safety critical domains such as medical and railway systems. 
12:40 - 13:10 CEST

► Education Seminar Session 2

Delegates will be able to choose from the following sessions:

  • Breaking the Chain: Hindering the Ransomware Killchain, Todd Carroll, CISO, CybelAngel
  • How to protect your data from creation to sharing, Nick Hogg, Director, Technical Training, HelpSystems
13:10 - 14:00 CEST

Networking Break 

14:00 - 14:20 CEST

►Security is Business

Dennie Karlsson, Group CISO, Dustin

  • The reach and purpose of governance and compliance frameworks
  • Security and risk models
  • Changing perspective on how to present security risks
14:20 - 14:40 CEST

► Selling Breaches - the transfer of network access on criminal forums

Paul Prudhomme, Head of Threat Intelligence Advisory, IntSights

  • The sale and purchase of unauthorized access to compromised enterprise networks have become significant enablers for criminal cyber attacks, particularly ransomware infections.
  • Some criminals specialize in network compromises and sell the access that they have obtained to third parties, rather than exploiting the networks themselves.
  • By the same token, many criminals that exploit compromised networks, particularly ransomware operators, do not compromise those networks themselves but instead buy their access from other attackers.
  • These exchanges on underground criminal websites enable specialized criminals with complementary skills and resources to maximize the severity and impact of the underground criminal ecosystem and the criminal kill chain.
  • This specific variety of criminal market offerings is less well-known than others, such as the sale of compromised bank cards from retail & hospitality breaches.
14:40 - 15:00 CEST

► Critical Infrastructure Protection by OPSWAT-Live Demo

George Chereches, Sales Engineer Team Lead, EMEA, OPSWAT

  • Secure files transfer in critical Infrastructure
  • Breach Prevention with Multiscanning
  • Cybersecurity Compliance
  • Digital Perimeter Control with Automated Device Blocking
  • Secure File Transfer with Automated Media Blocking
15:00 - 15:30 CEST

► Education Seminar Session 3

Delegates will be able to choose from the following sessions:

  • An Alert Has Fired, Now What?, Alex Kirk, Global Principal, Corelight
  • Cisco SecureX + Kenna Security: Radical Simplification in the New Era of Cybersecurity, Stephen Roostan, VP EMEA, Kenna Security
15:30 - 16:00 CEST

Networking Break 

16:00 - 16:20

►Securing your products and your people while keeping them motivated

Connie McIntosh, Head of Security Assurance, Ericsson

  • Analysing security threats in the product development lifecycle
  • How to improve security issues faced 
  • Motivating and securing your staff in the current threat landscape 
16:20 - 16:40 CEST

►Two Cases for Measuring Cyber Risk Appetite 

Simon Collins, Director, Head of Cybersecurity, Allianz Global Investors & Brian Cooke, CISO, Permanent TSB

  • Join this session to hear two alternative approaches to measuring cyber risk appetite. 
  • One approach will focus on the sophistication of the attackers, the other will be based on key risk indicators.
  • Both approaches will be explored, followed by a discussion of the strengths and challenges of each.
16:40 - 17:00 CEST

►Why Maintaining an On-Prem Paradigm in the Cloud Will Not Work

Luke Hebbes, Head of Risk and Cybersecurity, HSBC

  • Banks used to be about the safe storage of your money and valuables, with physical safes and cash. Now the vast majority of transactions are electronic and banks (and other FS companies) are primarily technology companies. This was a different approach and requires a different mindset.
  • The technology doesn’t isn’t the same and the models don’t work: addressing the switch from on-prem to the cloud.  
  • Rapid adoption of SaaS and cloud can cause issues with unstructured data. How do you provide Data Integrity and full lifecycle data management in the cloud and prove it to the regulators/auditors?
  • What in your threat model that indicates managing your own keys for a SaaS system is significantly reducing your risk?
  • Addressing issues that appear when moving from a  quarterly release cycle to cloud  technologies and agile development with multiple intra-day releases.
17:00 - 17:05 CEST

Chairman's Closing Remarks 

17:05 - 17:30 CEST

Networking Break 

17:30 CEST

Conference Close

Education seminars

Ransomware: Tactics, Techniques, and Detection

Sally Vincent, Senior Threat Research Engineer, LogRhythm

These days, ransomware needs no introduction. Ransomware attacks have become so frequent that one occurs every 11 seconds with an average ransom of around $300,000. The largest known ransomware payout was $40 million in 2021.

Join LogRhythm Senior Threat Research Engineer, Sally Vincent as she breaks ransomware down into bite-sized pieces to help you better understand it, and ultimately, how to detect it. The MITRE ATT&CK framework offers ways to classify the distinct parts of a ransomware attack. By using MITRE, you can identify ransomware attacks and determine how to detect them faster.

In this session, you will learn about:

  • Common ransomware MITRE techniques
  • How to detect ransomware precursors
  • Best practices to detect ransomware

Leveraging IAM for Effective and Efficient Threat Mitigation

Lonnie Benavides, Head of Infrastructure and Application Security, OneLogin.

There’s no question that the current cybersecurity landscape is constantly shifting and evolving as new threats and security solutions emerge. Increased cyber attacks and distributed workforces have created new challenges that require innovative solutions.

Faced with the challenge of managing identities and securing access to data and applications from a growing number of endpoints, what are the fundamental controls organizations need to maintain business continuity and secure their remote and hybrid workforce?

Hear from Lonnie Benavides – Head of Infrastructure and Application Security, Onelogin – for a discussion on practical information and advice regarding the utilization of identity and access management solutions to effectively mitigate modern cyber threats to your business.

Key Takeaways:

  • Understanding the key fundamentals of a strong cloud security posture
  • Why passwords alone are not enough
  • Best practices for building a cybersecurity strategy at scale

Breaking the Chain: Hindering the Ransomware Killchain

Todd Carroll, CISO, CybelAngel

Ransomware is a clear and present danger to companies and global supply chains. With ransomware attacks crippling gasoline, food, and healthcare in the US, companies must pivot to a proactive approach to interrupting the kill chain whenever possible.

Register for this session with Todd Carroll, CISO at CybelAngel and former FBI Deputy Special Agent in Charge, as we cover:

  • Recent ransomware attacks - what you can learn from their prevention tactics and response following the attack
  • How threat actors choose their targets, locate infiltration points, infect systems, and extort organisations
  • Best Practices to disrupt the ransomware kill chain at multiple points.

An Alert Has Fired, Now What?

Alex Kirk, Global Principal, Corelight

While the security industry spends a lot of time and energy getting more and/or better alerts, comparatively little investment has gone into helping analysts operationalize and contextualize those alerts. This session will discuss:

  • How a solid foundation of network telemetry can enable a high-velocity, high-confidence processing of alerts of all stripes.
  • How this can also a host of other critical security applications, from fundamentals like asset management to advanced techniques like proactive threat hunting. 
  • Real-world examples and code will be used throughout the talk, along with practical considerations for operating in an enterprise environment.

How to protect your data from creation to sharing

Nick Hogg, Director, Technical Training, HelpSystems

Today organizations have to protect data everywhere it goes, from creation to sharing. How can you actually do this in the real world?

This session will cover real use case examples leveraged by customers to protect their data throughout its entire lifecycle. Come for inspiration and ideas on how to more effectively protect your data and get the most out of your data security investments

  • The inadequacies of traditional approaches to data protection
  • How to develop a robust compliance and data loss architecture
  • The key technologies and processes required to secure data across its entire lifecycle.

Cisco SecureX + Kenna Security: Radical Simplification in the New Era of Cybersecurity

Stephen Roostan, VP, EMEA, Kenna Security 

Cybersecurity is a complex challenge. What’s needed is a way to radically simplify security operations to be simple, automated, and democratized. So, no matter the complexity of your IT environment, and how many threats may be targeting your organization, protecting it shouldn’t be difficult.

Cisco recognizes this need and is defining a path forward. By integrating Kenna Security’s acclaimed risk-based vulnerability management platform, Cisco’s SecureX will help organizations solve a notoriously difficult piece of the security puzzle to accelerate response time for cyber readiness.

In this session, Stephen Roostan, Vice President for EMEA at Kenna Security, now part of Cisco, details why Cisco’s acquisition of Kenna is a pivotal move for customers and the industry as a whole.

  • Real-world threat intel, machine learning, and predictive analytics help teams identify and prioritize their riskiest vulnerabilities
  • Remediation teams will know what to patch and when, saving time, money, and resources
  • Integrating enterprise security management solutions into one centralized location breaks down silos and extends detection and response capabilities
  • Automated workflows help lower organizational risk profiles, improve collaboration between Security and IT, and shrink their attack surfaces
  • Kenna Risk Scores help stakeholders clearly assess the relative risk of a specific vulnerability, asset class, workgroup, or organization as a whole
  • To speed decision making with prioritization of vulnerability data based on threat intelligence and asset business value
  • Adding Kenna Security to SecureX extends the broadest XDR capabilities in the industry