Agenda
08.30 - 09.20 |
Breakfast Networking and Registration |
09.20 - 09.30 |
Chair's Welcome |
09.30 - 09.50 |
►Sweden’s foreign and security policy strategy for cyber and digital issues Andrés Jato, Ambassador for International Cyber and Digital Affairs, Swedish Ministry of Foreign Affairs
|
09.50 - 10.10 |
►Defending Data in the Age of AI, how to securely accelerate enterprise AI adoption. Sami Laurila, Account Excutive, Rubrik X
|
10.10 - 10.30 |
►DDoS – A Nordic Bank’s Perspective Rune Espensen, Head of Information Security Office, Nordea
|
10:30 - 11:10 |
► Education Seminar 1 Delegates will be able to choose from a range of topics:
|
11.10 - 11.40 |
Networking Break |
11.40 - 12.00 |
►Securing Critical Infrastructure with IAM in an elevated threat landscape Sachin Loothra, Lead Solutions Architect, Telia
|
12.00 - 12.20 |
►Fake it till you break it: combating Deepfakes & AI trickery Amanda Spångberg, Account Director, Integrity360
|
12.20 - 13.00 |
► Education Seminar 2 Delegates will be able to choose from a range of topics:
|
13.00 - 14.00 |
Lunch Networking Break |
14.00 - 14.30 |
► Mitigating personal liability: the changing climate for security professionals Jonathan Armstrong, Partner, Punter Southall Law
|
14.30 - 14.50 |
►Cybersecurity in Changing Geopolitical Environment: Lessons Learned in the Baltic States Edvinas Kerza, Managing Partner, ScaleWolf on behalf of SolutionLab
|
14.50 - 15.10 |
►Untangling the Supply Chain Problem: Managing Concentration Risk Haydn Brooks, CEO, Risk Ledger
|
15.10 - 15.30 |
► The Heart of IT Security – Blood, sweat and tears… of joy? Björn Johrén, CISO, Max Matthiessen
|
15.30 - 16.00 |
Networking Break |
16.00 - 16.40 |
►Panel Discussion: Critical Functions: What Really Matters? Fredrik Hertz, Regional Lead Cybersecurity Consulting, EY (Moderator)
|
16.40 - 17.00 |
►Leveraging DORA TLPT (Threat-Led Penetration Testing) to enhance Cyber Resilience Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England
|
Education seminars
From Metrics to Meaning: Proving the True Impact of Your Phishing Training
Maxime Cartier, Head of Human Risk, Hoxhunt
Phishing simulations are a key component of security programs, but traditional metrics like click rates often fail to reflect their true effectiveness. Instead of focusing solely on failures, how can security teams measure real behavior change and risk reduction? Join Maxime Cartier, Head of Human Risk at Hoxhunt, as he explores advanced phishing training metrics—including report rates, dwell times, and real-world threat detection—that provide a clearer picture of security resilience. Learn how these insights can help identify high-risk groups, refine training strategies, and strengthen overall defense. Backed by success stories from companies like Qualcomm and H&M, this session will equip you with actionable strategies to demonstrate measurable impact, gain leadership buy-in, and align phishing training with broader security goals. Whether you are a CISO, security specialist, or analyst, you will walk away with practical ways to turn phishing training data into meaningful risk insights—and prove its value beyond just the click rate.
Attendees will learn:
- How metrics influence the way an organisation thinks about security and its culture.
- Proven interventions that transform high-risk employees into proactive defenders.
- How companies like Qualcomm overcame their repeat-clicker challenge.
- How to communicate the impact of human risk resilience efforts to leadership and secure buy-in for long-term security culture improvements.
The Geopolitics of Cyber Crime
Julius Nicklasson, Manager, Intelligence Services, Recorded Future
This presentation explores how geopolitics shapes cybercrime, especially how state relationships with cybercriminals influence the types of attacks we see. Data shows that ransomware and extortion disproportionately target NATO countries, often serving both strategic disruption and financial gain. In contrast, “free market” cybercrime ecosystems focus more on cyber fraud and crypto theft and carry a much wider spread of geographic targeting.
Attendees will learn:
- A spectrum of state responsibility helps explain these patterns—from state-prohibited environments like China to state-integrated models in Iran and North Korea, where cybercrime is used for geopolitical objectives and economic support to finance government initiatives.
- Industries like healthcare, manufacturing, and transportation are frequent targets due to their high disruption impact. Meanwhile, state and criminal groups are evolving in parallel, often adopting techniques inspired by one another—criminals adopt espionage techniques such as abusing legitimate services, while states begin to use GenAI and deepfakes.
- Chinese-language cybercriminal groups are also growing, often operating across Southeast Asia, driven by economic pressures and weak oversight, with some relying on human trafficking and coerced labour in large-scale fraud schemes.
Effectively Managing Human Risk in Cyber Security
Simon Rosén, Regional Account Executive | Human Risk Management Advocate, KnowBe4
Despite strong defences, organisations often fall victim to cyberattacks due to misaligned focus. This presentation explores effective cyber risk management, emphasising human behaviour as a critical factor. We will explore why traditional security measures may fall short and how a single vulnerability can lead to a breach.
Attendees will learn:
- Identifying and prioritising actual cyber threats.
- Aligning defensive measures with real risks.
- Addressing human behaviour as a key vulnerability.
The AI Threat: Protecting Your Email from AI-Generated Attacks
Jake Wardell, Senior Engineer, Abnormal Security
Email security is at a turning point. The rise of generative AI is transforming the threat landscape, enabling attackers to craft hyper-personalised, convincing phishing emails at scale. Traditional defences—built to detect outdated attack patterns—are struggling to keep up.
Attendees will learn:
- The Evolution of Email-Based Attacks – How cyber threats have advanced and why AI is accelerating their effectiveness.
- The New Cybersecurity Reality – With 91% of security professionals reporting AI-enabled attacks in the last six months and 97% acknowledging that traditional defences are ineffective, how can we adapt?
- Good AI vs Bad AI – How attackers leverage AI to bypass defences, and why security teams need AI-driven solutions to fight back.
- Taking an Abnormal Approach to Cybersecurity – Real-world examples of AI-generated threats stopped by Abnormal Security, showcasing how behavioural AI can detect and block even the most sophisticated attacks.