Agenda

Breakfast Networking Break

Chair's Welcome 

►Cybersecurity: Perception vs. Reality

Ignacio González Ubierna, Deputy Director, NCC-ES de INCIBE

• Comparison between the perceived level of cybersecurity and the actual situation.
• Reasons behind the gap between perception and reality.
• Implications for INCIBE's work
  
   

►Cyber Compliance and Resilience. Towards a new approach. 

Samuel Marín Drouin, Strategic Accounts Director, SentinelOne 

• The new regulations represent a huge change for cybersecurity professionals.
• Not only must compliance with the new regulations be ensured, but organisations must also strengthen their detection and response capabilities in the face of the growing volume of targeted attacks, many of them taking advantage of new attack surfaces and vulnerabilities in Cloud environments as well as the potential of AI. 
• To respond effectively, it is a prerequisite to adopt a strategy that enables a comprehensive transformation across professionals, technologies and processes.
   

►Risk Management: Top-Down Risk Approach

Ramon De La Iglesia Vidal, Global Head of GRC, Santander Consumer Finance

• Methodologies: Top-Down vs Bottom-up approach 
• Risk management for compliance in the CISO arena 
• Developing a methodology that management understand and embrace
• So what we should be worried about? 

Networking Break

►Panel discussion: Delivering an efficient Cybersecurity function

Ivan Sanchez Lopez, Group CISO, RSI Group (Moderator) 
Francisco García Lázaro, Corporate Information Security Sr. Director, Palladium Hotel Group 
Javier Sánchez Salas, CISO, ENGIE España 
Jesús Abascal Santamaría, CISO, Eni Plenitude Iberia
 

• How to setup an efficient cyber team
• Key stakeholders
• Organizational challenges
• Efficiency opportunities: AI, automation, vendor consolidation, product vs platform, etc
• Cybersecurity ROI

►The API You Don’t See, *** You Don’t Feel!

Judith Medina, Senior Solutions Engineer, Akamai Technologies

• Why are APIs invisible to many organizations? APIs are embedded in most modern applications, but they are often not properly mapped or protected, leaving invisible doors open for attacks.
• What impact do API vulnerabilities have on enterprise security? APIs are an attractive target for cyberattacks, and vulnerabilities like those in the OWASP Top 10 can be devastating if not managed properly.
• Why are traditional security approaches insufficient for APIs? Traditional solutions like Web Application Firewalls (WAF) and API Gateways are not designed to mitigate the specific threats targeting APIs, leaving security gaps.
• What is needed to secure APIs? API security requires a comprehensive approach, including discovery, posture management, real-time protection, continuous security testing, and increasingly, the use of artificial intelligence to detect anomalous behaviours.

►Education Seminar 1

Delegates will be able to choose from the following education seminars:

• It Started with a Cookie: Zero Trust & the Rise of Session Hijacking, Alfonso Hermosillo, Senior Solutions Engineer, SpyCloud
• The Evolution of Email Security, Michael Müller, Country Manager & Sales & Joaquín Morales Pancorbo, Collaborator and Partner, SEPPmail Spain

Lunch Networking Break

►From reactive intelligence to intelligence as a cornerstone of the cybersecurity strategy 

Marina Nogales, Director of Threat Intelligence, Unilever

• Evolution of the cybercrime environment 
• Exploration of classic models of cyber intelligence service in companies – not every foot fits the same shoe! 
• Equipment, Processes, Technology… Navigating the chaos. 
• Pathway to success: clear objectives, transversal function. Knowing the needs of the business and collaborating with other teams inside and outside of cyber

►How to avoid the risk of continuous cyber security exposures? The solution: Continuous Threat Exposure Management (CTEM)

Xavier Vigué, Regional Sales Director, Integrity360

• Explore how Continuous Threat Exposure Management (CTEM) revolutionises the way organisations manage the risk of cyber exposure. 
• Learn how CTEM identifies, assesses and mitigates risks in real time, ensuring your business remains secure from ever-evolving threats and increasing its long-term resilience.

►AI as an Enhancer of Cybersecurity in Banking 

Eduardo Gonzalez, Global Advanced Cybersecurity Director, Banco Sabadell
Alfonso Martinez Molina, Cybersecurity Lead, Banco Sabadell

• Starting Point: AI and Cybersecurity
• Regulation and AI Frameworks
• AI as a Competitive Advantage in Cybersecurity
• Conclusions and Future

Networking Break

►Panel discussion: The role of the CISO as cyber-regulation grows

Laura Parra, Global CISO, Cellnex Telecom (Moderator)
Alberto López, CISO & CIO, Solaria Energía y Medio Ambiente 
Jesús Alonso Murillo, Group CISO, Línea Directa
Raúl Moreno Jiménez, CISO, Fertiberia

• What are your biggest challenges in the day-to-day battle of protecting your customers and organisation? What threats worry you the most?
• Security versus resilience: aligning security priorities with organizational objectives whilst striving for compliance. How do you prioritize?
• What strategies do you have in place to ensure cloud security and manage associated risks?
• With the regulatory environment continually evolving, and with new data protection laws and cybersecurity regulations being introduced, how do you ensure your organization remains compliant with both local and international regulations, and what challenges does this bring?
• How do you comply in an affordable and secure manner?
• With increasing personal liability for CISOs under new regulations — including potential fines and criminal charges — how do you balance legal accountability and personal responsibility? Is the job of the CISO becoming too dangerous?

Chair's Closing Remarks