08.30 - 09.30

Registration and breakfast networking 

09.30 - 09.40

Chairman's welcome 

09.40 - 10.00

► DevSecOps pilot without bumping into the iceberg

Javier Sánchez Salas, CISO, Haya Real Estate

  • Addressing security in the developments of a company in continuous evolution.
  • Security as part of the Software Quality process
  • Securisation of the Development and Production Commissioning cycle
10.00 - 10.20

►2019 Cyber Risk – The year of the Supply Chain 

Paulo Glorias, Regional Sales Director, BitSight 

  • Why supply chain management programs need to be updated as the risks (hidden and not) presented by suppliers have drastically changed
  • Why current assurance mechanisms are failing and how companies can gain a deeper understanding of the risks hidden deep within their supplier ecosystems. 
  • Managing the types of risks presented by suppliers such as, human rights, diversity, cybersecurity, intellectual property and the handling of personal information. 
  • Use cases: how organizations are leveraging BitSight to manage risk in the Supply Chain framework, meet the demands of the business and manage cyber risk
10.20 - 10.40

► Blockchain, new paradigms and its practical application in public administration

Ignacio Rodriguez, Lead Security Manager, BT

  • Blockchain, new paradigm
  • Blockchain and cybersecurity
  • AAPP and new legislative and practical DNA
  • Challenges to assume
10.40 - 11.10

Refreshments and networking 

11.10 - 11.30

► Executive panel discussion

Women leadership executive panel discussion. Discussions on diversity in the cybersecurity, fraud and compliance industries 

  • Irene Rodriguez Ortega, Specialist, EMEA Cybersecurity Center, Deloitte (Chair)
  • Dr. Susana Infantes, Principal Researcher, Group Institut de Reserca Biomèdica de Lleida
  • María Rojo, Information Security Manager, Airbus Defence & Space
  • Teresa Minguez Diaz, Director Compliance, Porsche
  • Laura del Pino Jiminez, Discipline Leader of Data and People Information Security, BBVA ​

11.30 - 11.50

► Leveraging the Cloud for a successful digital transformation

Axel Pérez, Sales Engineer Iberia, Zscaler

  • Cloud and mobility : the end of legacy security perimeter?
  • Taking advantage of corporate network transformation
  • App Access : the Zero Trust Network Access (ZTNA) concept
11.50 - 12.10

► The future of Multifactor Authentication (MFA)

Eduardo Helering, EMEA Head of Solutions Engineering, OneLogin

  • What is multifactor authentication (MFA)?
  • How does it work?
  • How can it help us prevent a security breach?
  • The Future of Multifactor Authentication, where are we going?
12.10 - 12.50

► Education seminar session 1:

Delegates will be able to choose from a range of topics:

  • The IntSights Advantage, Andrea Bellinzaghi, Technical Director Southern Europe, IntSights
  • Overcoming Today’s Most Pressing Third-Party Risk Management Challenges, Teba Ríos, CIPP/E, CIPM, Solutions Engineer, OneTrust
12.50 - 13.50

Lunch and networking 

13.50 - 14.10

► Executive panel discussion

The new cybersecurity rulebook: how to survive in today’s changing regulatory landscape

The £183 million fine imposed on British Airways and the £99 million fine on Marriott for its Starwood breach are evidence that data privacy breaches can cause material financial losses. So is this the beginning of a new era in data privacy and protection? Do these fines finally give information security professionals the numbers they need to demonstrate the true financial value of what they do?  In this panel we will look at:

GDPR enforcement: the full picture

Lessons from the fines: what does it mean for you?

Managing data governance across multiple regulatory regimes

  • Fernando Vegas, former CIO and CRO, OHL (Chair)
  • Alvaro Grande, Security Engineer, Telefónica
  • Héctor Guzmán Rodríguez, Director of Data Protection and Privacy, BGBG Abogados
  • Gabriel Moline, CISO, Leroy Merlin

14.10 - 14.30

► Anti-phishing 3.0: Strategies to REDUCE the phishing that undermines the reputation of your brand.

Borja Rosales, UK, Spain & EMEA Director, Segasec

  • Demo: A real IDN and Content Replication Attack-Simulation on a Spanish FS company.
  • Why protecting your customers/consumers start by bulletproofing your brand.
  • Consumer Targeting Phishing:  Deal with the symptoms or Tackle the roots.
  • Defensive Countermeasures that effectively reduce the number of attacks that use your brand to scam your customers.
14.30 - 14.50

► Information Security for the C-Level: measuring effectiveness

Pablo Rubio, IT Risk Management Engineer and Specialist, Nationale Nederlanden

  • Both external and internal (corporate) contexts are changing their perception about information security. There is a gap between security level offering and market/regulatory demands.
  • Security topics need to accommodate in the Board of Directors agenda, in the same way other topics are discussed (accounting, sales, marketing, ...). Include information security in the business strategy as standalone security strategies are not considered relevant.
  • Current technologies provide capabilities to measure security advantages business wise and more accurate, showing the outcome to the C-level in terms of business strategy: security RoI, security effectiveness and security culture achievements.
14.50 - 15.30

 Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Advanced security monitoring techniques: augmenting SIEM with UEBA, Siddharth Sharath Kumar, Product Evangelist, ManageEngine 
  • Bolster Your Incident Response Plan Across Privacy & Security Teams, Teba Ríos, CIPP/E, CIPM, Solutions EngineerOneTrust ​​​​​
15.30 - 15.50

Refreshments and networking

15.50 - 16.10

► Executive panel discussion

The unsustainable paradigm of the CISO: managing the business demands on today’s information security professional

  • Manuel Barrios Paredes, CISO, Solvia (Chair)
  • Raúl Vázquez Pastor, IT Risk Control – CyberRisk Manager, Banco Sabadell 
  • Pablo Rubio, IT Risk Management Engineer and Specialist, Nationale Nederlanden
  • Maite Avelino, CISO, Ministry of Finance

16.10 - 16.30

► Staying intelligent about Fraud: New lessons in the fight against organised crime.

Alvaro Ortega, Head of Law Enforcement Outreach and Investigations Southern Europe, UK, Ireland & Nordic, Western Union

  • The Intelligence Unit in the fight against organised crime
  • The importance of public-private collaboration in crime-fighting
  • The evolution of fraud in connection with other criminal activity
16.30 - 16.50

►The unsustainable paradigm of the CISO

Jesús García Bautista, CISO and IT Chief, Correos Express

  • The unsustainable paradigm of the CISO. The responsibility of the CISO has increased substantially in recent years, taking a more defined form and seeing how its recommendations are being considered, but progress is still needed. How does today’s information security leader balance the various business demands?
  • Technology does not stop: infrastructure in the cloud, containers, the loss of roles of systems and development personnel, leads us to think and design new ways to protect ourselves. How do we develop the right strategies and choose the right partners to keep up?
  • Securing a hyper-connected world. The growth of online commerce and shopping on web services such as Amazon, PC Components, Zara is changing the way we do business.  El Corte Inglés, is revolutionizing the world of express transport. Case study and actionable takeaways on how to secure the digitalised business.
16.50 - 17.00

Chairman's close 

Education seminars

Overcoming Today’s Most Pressing Third-Party Risk Management Challenges

Teba Ríos, CIPP/E, CIPM, Solutions Engineer, OneTrust

Managing third-party vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more. In this session, we'll breakdown a six-step approach for automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.

  • Review the drivers and challenges organizations face when managing third-party vendor risk 
  • Identify priorities before, during and after vendor procurement
  • Takeaway a six-step approach for automating the third-party vendor risk lifecycle 
  • Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk

Bolster Your Incident Response Plan Across Privacy & Security Teams

Teba Ríos, CIPP/E, CIPM, Solutions Engineer, OneTrust 

In the event of a breach, privacy and security professionals often approach incident response from two different outlooks. Whereas security teams are focused on threat vectors, privacy teams are concerned with personal data leaks and adhering to various global privacy laws. While the two come from different perspectives, it is possible to build an incident and breach response plan that addresses the needs of both teams. In this session, we’ll discuss how to build a harmonized response plan that addresses both the security team’s technical needs and privacy team’s regulatory requirements across the patchwork of US privacy laws, the GDPR and other global privacy regulations. We’ll also provide tips to help you map out a 72-hour personal data breach action plan and share practical advice to improve your privacy program.

  • Learn how to build an incident and breach response plan that fits the needs of security teams and privacy teams
  • Breakdown what stakeholders, teams, tools and processes should come together in the event of an incident or breach
  • Understand how to maintain a consistent approach to incident response while complying with privacy regulations across the globe

Advanced security monitoring techniques: augmenting SIEM with UEBA

Siddharth Sharath Kumar, Designation: Product Evangelist, ManageEngine  

In the age of advanced threats and sophisticated malicious insiders, security teams face an uphill task. In order to detect and mitigate security incidents, organizations must revisit their security monitoring strategy and ensure that they are equipped with the right set of tools. This session talks about the latest trends in realm of security information and event management (SIEM) and why it is important to incorporate machine learning techniques by leveraging user and entity behavior analytics (UEBA). 

  • Challenges in security monitoring 
  • Integrating event and non-event information into your SIEM solution 
  • Anomaly-based detection with UEBA 
  • Key concepts and use cases 

The IntSights Advantage

Andrea Bellinzaghi, Technical Director Southern Europe, IntSights 

With the ever-growing threat universe, cybersecurity teams trying to protect their organizations from every attack are in a losing battle. They are overwhelmed, exhausted, and ultimately ineffective.

A smarter approach would be for teams to focus on the attacks that matter most – those specifically targeting their organizations. The problem is how to do this efficiently. Until now, finding the most relevant threats required research that was so time-consuming, it defeated the purpose. 

IntSights has changed this dynamic. Only IntSights provides cybersecurity teams with an effective, automated way to identify threat data, attack indicators specific to their organizations and automatically mitigate them.

  • External Threat Protection
  • The IntSights Intelligence Process
  • Orchestration, Automation and Remediation