10th e-Crime & Cybersecurity Congress Spain

From security to compliance? The role of the CISO as cyber-regulation grows

24th October 2024 • NH Collection Eurobuilding, Madrid

The EU leads the world in smart cybersecurity regulation. But what does it mean for security professionals?

 

Building real protections in cyberspace

Much of the hype around cybersecurity today focuses on AI and the implications for both attackers and defenders. Yes, AI lowers the barriers of entry for attackers and saves them money and time in crafting attacks and then ‘processing’ the defenders’ responses. Mostly though that is a volume problem: there will be more attacks, just as it happened with the digital industrialisation of fraud.

And yes – AI can create new attack types, such as deepfakes, which are more than just a volume problem.

But the biggest change in cybersecurity is actually the regulatory response that is emerging. In the US, this has come via the SEC, which sees cybersecurity as a material issue for stakeholders and so seeks to drive standards via investor protection.

The EU has taken a more comprehensive and sensible approach which is essentially to acknowledge that cyberspace is a real entity in which citizens, businesses and the state operate, just as they do in the physical world, and so it needs the same protections as that physical world.

This means we need lawmakers, regulators and law enforcement to create the kind of frameworks we take for granted in the physical world.

DORA, NIS2, the Cybersecurity Act, the Cyber Resilience Act and, coming later, the EU AI Act, are world-leading attempts to put cybersecurity onto a modern footing commensurate with the threat it poses to economies, infrastructure and political stability.

This is a huge change for cybersecurity professionals. It means, for sure, that senior management will be forced to budget for compliance with these new regulations. But will that actually improve security? Will it suck resources into tick-box compliance functions? Will it focus more on resilience (what happens after a breach) than on security, because the assumption is that breach is inevitable? And since regulations are necessarily out of date as soon as they are published, will they skew security towards ensuring previous threat types are protected against rather than looking forward at preventing the unexpected?

All of this will require new approaches and new skillsets from CISOs. They need to understand regulations and how to mould their security efforts to them. They need to develop or work with compliance monitoring.

They need to be able to work with the business to explain the costs and benefits of regulatory compliance. And they need to be able to adhere to fixed external standards, where before perhaps they felt able to operate autonomously.

The e-Crime & Security Congress Spain will look at the growing ecosystem of global regulation to see where CISOs should prioritize, where the biggest challenges lie and how to comply in an affordable and secure manner.

And of course, we will also tackle the subjects you have asked us to: ransomware, humancentric security and security culture, AI, third-party security and the all the rest.
 

The e-Crime & Cybersecurity Congress Spain will look at how the world of cybersecurity is changing and what CISOs need to do about it.
Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • Why regulation will drive CNI security

    • Governments have ceded power to private sector organisations with more money, better agility and all the technology.
    • But as governments belatedly recognize their dependence on private companies to deliver the modern state, they will remember their power to regulate, control and even nationalize.
    • What are they thinking today?
  • AI for CISOs: the hype versus the reality

    • Is ChatGPT really relevant to CISOs still struggling with foundational cyber hygiene, preventing attacks and avoiding DDoS and ransomware?
    • How is AI, in all its forms, being incorporated into security offerings?
    • What should you ask providers about their products?
  • Securing third-party tech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • What about security vendors? What is your advice?
  • Reducing your attack surface

    • Initially, digitalization was touted as a panacea for productivity, innovation, flexibility and agility.
    • It turns out that the rapid adoption of new technology and connectivity comes with new and complex costs.
    • When the delivery of a critical service is paramount, how do we re-engineer digital systems to prioritize availability and not privacy or ‘security’?
  • Mobile device vulnerabilities and mitigations

    • Hybrid working means an ever-changing ecosystem of devices to secure, a non-existent perimeter, and the threat of unknown connections and applications.
    • Yes, zero trust is part of the solution.
    • But what else should security teams watch out for in a mobile-centric world?
  • Securing the xIoT

    • The extended internet of things is a security headache, riddled with vulnerabilities.
    • There are multiple challenges with cloud-based XIoT systems.
    • Can you help secure these systems?
  • Do you know your APIs?

    • For APIs, visibility is critical in most areas of cybersecurity.
    • On average, organisations employ around twice as many APIs as their security teams know about.
    • So, what should CISOs do about opaque API estates?
  • Detect / prevent malicious insiders

    • When nation-states decide that cyber-offense is justified, the world becomes strange.
    • One example: banks have been infiltrated by Chinese operatives who understand their control environments to commit financial and cybercrime.
    • CNI is under attack from these attackers and other compromised employees. How do we stop malicious insiders?
  • Is it time to rethink your Cloud strategy?

    • Cloud was once seen as a business and security panacea.
    • But hurried, indiscriminate use of Cloud has caused problems from costs to security and business challenges.
    • Is the Cloud backlash justified?
    • What should CISOs do now?
  • The pros and cons of managed services

    • If single point solutions and on-prem security are failing the business, what about the alternatives?
    • What kinds of company need what kinds of third-party help, and where does that leave the in-house security team?
    • Do you have solutions that can help relieve the pressures on under-resourced CISOs?
  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?
  • The dangers of digitalisation – securing IoT and OT ecosystems

    • “There continues to be a heightened threat from state-aligned actors to operational technology (OT) operators.
    • The NCSC urges all OT owners and operators, including UK essential service providers, to follow the recommended mitigation advice now to harden their defences.”
    • How can you help CNI-related companies harden their OT?

Who attends

Job titles

CIO/CTO
Director de Seguridad
CISO IT
CRO
Responsable Unidad Central de Fraude de Medios de Pago
Specialist Investigation
Analista de Inteligencia e Investigaciones
Responsable de Seguridad de la Información y Protección de Datos Personales
Consultor de Seguridad de la Información
Head of UEBA Framework for Cybersecurity
Security Officer
Director de Seguridad
Head of Law Enforcement Outreach and Investigations Southern Europe, UK, Ireland & Nordic
Director of Data Protection and Privacy
Chief of IT Security
Investigadora Principal
IT Development Manager
Jefe de Seguridad de la Información (CISO)
Gestión de Incidentes de Seguridad TIC
Subdirector Seguridad
Security Technical Service Manager
CISO
Jefe Sistemas de Seguridad
IT Director
Director Juridico
Networking and Security
IT Risk, Fraud & Security
Deputy Head of Technology Infrastructure Services
Security Specialist
Directora General
CIO - IT & IS Director
Tech specialist
Head of IT
Director de Seguridad de Acciona Infraestructuras
Head of Cyber Security
Director de IT, Innovación y Transformación
Jefe Sistemas de Seguridad
Seguridad de Aplicaciones, Riesgos e Incidentes
Coordinador SOC
Sistemas de informacion
Card Fraud Monitoring & Response
Jefe de la División de Seguridad en la División de Defensa y Seguridad
Auditoría Interna
Cybersecurity Manager
CISO
Especialista RT y Fraude
Senior IT Audit Manager
Magistrada. Asesora en el Ministerio de Justicia. Vocal del Consejo Nacional de Ciberseguridad
Director Seguridad de la Informacion
CIO - Directora de Sistemas de información y procesos
Chief Information Officer (CIO)
IT Engineer
Gerente Seguridad y Cumplimiento
CCG - Seguridad Perimetral
Departamento Seguridad de la Información
IT Audit
Group Information Security Executive Manager
Director de Auditoria IT Risks
Manager Investigation & LI
CIO
CCO, CISO
Data Scientist
Responsable Seguridad Infraestructura Digital
Coordinador
Directora Auditoría Interna
Auditoría Interna
Senior Cybersecurity Consultant
Area Manager Corporate Compliance and Security
Regional Information Security Officer
Auditor Interno de Sistemas
Cyber Risk Specialist
Capitán
IT Examiner
Jefe del Área de Información y Soporte
Abogado Director
IT Risk Management
Head of Cybersecurity Analytics & Digital Trust
Comandante de la Guardia Civil. Oficial de Enlace en Europol.
CSIRT Manager, IT Manager at Prevention and Safety HQ
Internal Audit Team Lead
Jefe de Tecnologia
IT Subdirector de Seguridad de la Información
Gerente GRC & PIC
Experto en Ciberseguridad
Técnico de Control y Seguimiento en Direccion General de Impuestos Internos
Administrador de Sistemas
Analista de Riesgos
CyberSecurity Analyst
European IT Operations Officer
Seguridad de la Información
Resp. Seguridad de la Información
Responsable Seguridad (CISO)
CISO
Senior Cybersecurity Engineer
Responsable de Seguridad LOPD
CISO Responsable de Seguridad de la Información
IT Security Officer
Chief Information Officer
Responsable de Cumplimiento Normativo y Privacidad
CyberRisk Manager
IT Security Officer
CISO Responsable de Seguridad Tecnologica
IT Technical
Engineer IT Security
CIO
Information Security Officer, IT & Governance Manager
Jefe de Servicio de Arquitectura y Normalizacion
Gerente Seguridad Tecnologías de la Información
IT Director
Security Expert
CISO
Digital Transformation Adviser
SOC Service Delivery Manager
IT Coordinator
Fraud Prevention Analyst
CISO
CISO (Chief Information Security Officer)
Seguridad Coperativa
U.I.T
Manager Audit IT
Asesora de Pagos
Técnico de Sistemas de Seguridad
Transversal CISO for Emerging Europe & IT Compliance and SCCR Governance Manager
Risk IT Analyst
Seguridad TIC
CISO Chief Information Security Officer
IT Director - CIO
Security Engineer
Asesor Juridico
DSI - Seguridad Mainframe & Criptografía
Jefe de Riesgo Tecnológico
CRO
Asesor
Cyber Security Incident Monitoring & Response Team Manager
Consultor de Seguridad
Security Technical Leader
Jefe de Defensa Cibernética Avanzada
Director Unidad de Negocio de Ingeniria & Analytics
Director de Seguridad
Director Investigacion e-Fraude
Product Security Officer
Director de Sistemas de Información
Jefe de Tecnologia
Head of Forensic Deparment
Information Security & Data Privacy Specialist
CTO / CISO
CISO Responsable de Sistemas y Seguridad de la Información
CISO
Manager de Seguridad - CISO
Director
Gestion Riesgos Tecnologicos
Director de Seguridad y Telecomunicaciones
IT Infrastructure and SAP Basis Manager
IT Security Engineer
Riesgos y Seguridad - Manager
Responsable de Infraestructuras,Outsourcing & Seguridad IT
IT Architecture & Security Director
Purchasing Manager and Insurance Corporate Coordinator
IT Project Manager
CISO Corporativo
Responsable de Seguridad
Analista de Riesgos
Director Seguridad
Manager, Global Risk Assessment
Manager Critical Infrastructure Monitoring & Response
Investigador
Regional Information Security Officer
CyberSOC Manager
Auditora Interna Senior
Director Seguridad en Sistemas de Informacion
Chief Technology Risk Audit
Especialista en GRC
Jefe de Proyecto
Subdirector General de Cooperacion Policial Internacional
Responsable de Seguridad y Sistemas
Security Manager

Companies

Santander
Novo Banco
Cuerpo Nacional de Policia Madrid
Redexis Gas
Zurich Santander
Paginas Amarillas
Berge Auto
BBVA
Informática El Corte Inglés
AENA
Centro Nacional de Excelencia en Ciberseguridad
EMVS
Metro de Madrid
Anida
Policia Nacional
Rural Servicios Informáticos (Grupo Caja Rural)
Bankinter
Grupo FCC
Mapfre
Codere
Embajada Británica
Repsol España
Secretaria General de Instituciones Penitenciarias
Teleco
Vodafone
Impulso
Universidad Politecnica de Madrid
Self Bank
The Spanish Bankers' Association
Acciona
Tecnicas Reunidas
Banco de España
Interxion
Solvia Servicios Inmobiliarios
Hibu
Coca-Cola European Partners
AXA España
Entradas Eventim
Liberty Seguros
ISDEFE
Bosch
LaSegunda
Comunidad de Madrid
Fon
Mediapro
Ministerio de Justicia
Intropia
AXA
Confederación Española de Cajas de Ahorros
Correos
CASESA
Iberdrola
Gas Natural Fenosa
Taller de Analisis y Calculo
EVO Banco
Palladium Hotel Group
Guardia Civil
Arrona de la Rosa y Asociados
Eroski
Adif
Verne Group Technology
Daimler
Direct Seguros
CaixaBank
GH Asesores
Bankia
Uría Menéndez
CNPIC
JB Capital Markets
GLOBALVIA
DGII
Nautalia & Wamos
Ikea Group
BGBG Abogados
Banco Sabadell
Leroy Merlin
IRB LLeida
A&G Banca Privada
BNP Paribas Spain
El Corte Inglés
Endesa
Royal Bank of Scotland
Sareb
Supermercados Dia
Pérez-Llorca
Banco Exterior de Espana
Western Union
Carrefour
Pepe Jeans
Adidas
Ontier
Grupo Cortefiel
Almirall
General Dynamics ELS
Mediaset
Seras
AGE (Administración General del Estado)
Tecnoiuris
Lleego Travel Market
Viking Nordic Assistance
Spanish Ministry of Finances
Nationale Nederlanden
AIRBUS ESPAÑA S.L.
IDIADA
ISACA
Deep-mirror
I-Olvido
APPLUS+
Fundacion Sicomoro
Robert Bosch GmbH
Liberbank
Ministerio del Interior (Gobierno de España)
Credit Suisse
Consejeria de Sanidad Madrid
Banco de Crédito Cooperativo
Aviva
Haya Real Estate
CESCE
Ocaso
Grupo Quality Telecom
Allen & Overy LLP
Grupo OHL
Galp Energia
ICPF

Industries

Insurance
Transportation/Shipping
Banking
Banking
Insurance
Automobiles/Parts
Legal
Insurance
Banking
Banking
Aerospace/Defence
Aerospace/Defence
Electricity
Construction
Banking
Banking
Insurance
Banking
Retail
Electricity
Consultancy
Regional Government
Media
Banking
Insurance
Banking
Regional Government
Insurance
Automobiles/Parts
Automobiles/Parts
Education
Oil/Gas
Transportation/Shipping
Banking
Banking
Banking
Banking
Real Estate
Banking
Banking
Banking
Electronic/Electrical Equipment
Legal
Pharmaceuticals
Banking
Banking
Retail
Oil/Gas
Oil/Gas
Electricity
Insurance
Automobiles/Parts
Oil/Gas
Legal
Insurance
Media
Education
Insurance
Oil/Gas
Research
Banking
Retail
Central Government
Banking
Telecommunications
Real Estate
Legal
Construction
Banking
Automobiles/Parts
Insurance
Retail
Oil/Gas
Retail
Insurance
Education
Banking
Software
Retail
Aerospace/Defence
Automobiles/Parts
Consultancy
Aerospace/Defence
Association
National Law Enforcement
Insurance
Banking
Insurance
Banking
Banking
Casinos/Gaming
Research
Banking
Transportation/Shipping
Retail
Insurance
Telecommunications
Insurance
Aerospace/Defence
Oil/Gas
Casinos/Gaming
Insurance
Insurance
Insurance
Telecommunications
Banking
National Law Enforcement
Banking
Electricity
Transportation/Shipping
Oil/Gas
Casinos/Gaming
Legal
Banking
Insurance
Other Industry
Other Industry
Banking
Real Estate
Electronic/Electrical Equipment
Industrial Engineering
Insurance
Banking
Banking
Banking
Insurance
Oil/Gas
Real Estate
Insurance
Regional Government
Insurance
Central Government
Banking
Regional Law Enforcement
Banking
Real Estate
Banking
Transportation/Shipping
Telecommunications
Banking
Banking
Regional Government
Banking
Banking
Banking
Consultancy
Consultancy
Banking
Insurance
Insurance
Other Industry
Casinos/Gaming
Legal
National Law Enforcement
Banking
Travel/Leisure/Hospitality
Banking
Insurance
Insurance
Legal
National Law Enforcement
Retail
Construction
Casinos/Gaming
Association
Media
Banking
Institute
Insurance
Consultancy
Banking
Central Government
Banking
Food/Beverage/Tobacco
Construction
Central Government
Banking
Insurance
Banking
Media
Banking
Telecommunications
Retail
Construction
Oil/Gas
Transportation/Shipping
Banking
Media
Telecommunications
Insurance
Banking
Telecommunications
Transportation/Shipping
Banking
Insurance
Real Estate
Banking
Oil/Gas
Aerospace/Defence
Regional Government
Regional Government
Legal
Association
Association
Travel/Leisure/Hospitality
Banking
Banking
Insurance
Travel/Leisure/Hospitality
Banking
Construction
Electronic/Electrical Equipment
Aerospace/Defence
Oil/Gas
Banking
Regional Law Enforcement
Retail
Casinos/Gaming
Travel/Leisure/Hospitality
Banking
Construction
Oil/Gas
Oil/Gas
Retail
Retail
Central Government
Banking
Consultancy
Other Industry
Association
Banking
Consultancy
Telecommunications
Banking
Legal
Education
Regional Law Enforcement
Aerospace/Defence
Banking
Industrial Engineering
Telecommunications
Pharmaceuticals
Banking
Banking
Other Industry
Other Industry
Banking
Legal
Aerospace/Defence
Banking
Aerospace/Defence
Banking
Regional Law Enforcement
Travel/Leisure/Hospitality
Banking
Aerospace/Defence
Transportation/Shipping
Automobiles/Parts
Banking
Construction
Automobiles/Parts
Insurance
Media
Casinos/Gaming
Consultancy
Banking
Insurance
Banking
Legal
Retail
Banking
Electricity
Transportation/Shipping
Other Industry
Central Government
Construction
Legal
Banking
Insurance
Insurance
Casinos/Gaming
Aerospace/Defence
Pharmaceuticals
Insurance


Venue

NH Collection Eurobuilding, Madrid

NH Collection

Location:
NH Collection Madrid Eurobuilding
Barrio Chamartín, Padre Damián, 23 
28036 Madrid
Spain 
Telephone: +34 91 3537300

Directions:
Please click here.