Agenda

Registration and Breakfast Networking 

Chair's Welcome 

►Secure Your Supply Chain — Secure Your Organisation

Geoffrey Taylor, Information Security Officer, Nordea Asset management

• Understanding how rising supply chain attacks threaten organisations and how to prevent supplier compromise
• Recognising regulatory requirements driving renewed emphasis on effective supply chain management
• Adopting a proactive, risk-based approach beyond basic compliance to strengthen supply chain resilience

►From Reactive alert management to Proactive Internet Intelligence

Martin Solang, Sales Director Nordics and Jonas Gyllenhammar, Sr. Sales Engineer, Censys

• Beyond static indicators: Why relying solely on traditional IoCs (Indicators of Compromise) is no longer enough to outpace modern threats.
• High-fidelity infrastructure visibility: Using enriched threat data to gain deeper insights into attacker environments and emerging risks.
• Context-driven detection: Leveraging superior data quality to identify patterns and reduce exposure before an incident occurs.
• Shift to anticipation: Moving away from reactive alert fatigue toward a strategy of disrupting threats before they impact the organization.

►Identity is the New Perimeter: Combine prevention and recovery to ensure organisational survivability during and after an attack

Sami Laurila, GTM Leader Northern Europe Identity & AI Technology, Rubrik

• Data & Identity Focus: How to implement robust cyber-recovery and threat containment across your data and identity estate
• Beyond prevention: Ensure rapid response and recovery to minimise downtime and business disruption
• Stay operational under attack: How zero-trust architecture helps you maintain control and protect critical data - even during ransomware events 

►From Awareness to Accountability: Building a Security Culture That Lasts

Heléna Malm, Head of CSO Office, Swedbank AB
Dzana Dzemidzic, BISO, Swedbank AB 

• Learn how human behaviour drives most security incidents and how strengthening engagement, empowerment, and culture supports secure behaviours beyond technology.
• Learn how Swedbank integrates people and culture into its security strategy through real challenges, tested solutions, and key organisational insights.
• Learn how to embed security into everyday business operations, strengthen long-term behavioural change, and build shared ownership for a sustainable security culture.

Networking Break

►Kill the Click: DNS Blocking That Shut Down Scams at Scale

Timo Wiander, Information Security Manager, LocalTapiola

• How cross-industry collaboration reduced customer fraud losses by up to 70%
• Why stopping fraud before the customer clicks changes the economics of fraud prevention
• Navigating regulatory barriers
• Scaling across operators and markets to protect customers

►Securing Every Identity: Humans, Machines, and AI

Chris Dearden, Lead Sales Engineer, Delinea

• In today's cloud-first, remote-work era, traditional network perimeters have dissolved—identity has become the primary attack surface, with over 80% of breaches involving compromised credentials. 
• This session explores how modern enterprises can secure all identity types—from IT admins to developers to AI agents—using Delinea's unified, AI-powered platform. 
• Learn how intelligent, centralized authorization reduces risk, ensures compliance, and enables secure innovation across your hybrid environment.

►Zero Trust Controls at the Endpoint

 Sean Whelan, Enterprise Account Executive, Threatlocker

• Discover how ThreatLocker applies Zero Trust at the endpoint, eliminating implicit trust by continuously verifying every application, executable, and action before authorisation
• Learn how a deny-by-default, malware-proofing approach reduces ransomware risk, stopping unauthorised software and scripts even when other security layers are bypassed
• Understand how least-privilege enforcement limits attacker capability, ensuring applications and users can perform only explicitly approved actions on enterprise devices
• Explore how granular, policy-based endpoint control safeguards against modern threats, reducing enterprise exposure to ransomware and other advanced attacks

►Education Seminars

Delegates will be able to choose from the following topics:

• Visibility, Governance, and Control: Protecting Enterprise Content Across Files, M365, and AI, Mert Topaloglu, Presales Manager, FileOrbis
• Sweden Under Attack: A Blueprint for ProAIctive Defence, Andy Quaeyhaegens, Consultant Channel Solutions Engineer, Netskope

Lunch Networking Break

►Cyber Leadership in an era of Dis-Cooperation

William Dixon, Associate Fellow, Royal United Services Institute and Senior Technology Cyber Fellow, The Ukraine Foundation

• How global trade fragmentation impacts the community
• How the "America First" Foreign Policy is leading to cyber instability
• Actions the Cyber C-Suite can take

►AI Impact in Threat Intelligence: What's Changed in Our Life?

Samet Sazak, Senior Solutions Engineer, SOCRadar

• How AI and large language models have changed day-to-day threat intelligence work
• Practical examples of how defenders use AI to analyse underground forums, detect brand abuse, and prioritize real risk faster.
• How threat actors abuse AI, including tools like WormGPT, AI-generated phishing, and automated reconnaissance
• What still requires human judgment in threat intelligence, and how to avoid over-trusting AI-driven insights

►In the Cyber Trenches: War Stories from 200,000 Pentests

Christof Jacques, Solutions Architect, Horizon3.ai

• To defeat the adversary, we must move beyond tracking their tools—we must understand their mind.
• The traditional approach to cybersecurity has focused relentlessly on the technical what (malware signatures, TTPs) and the macro why (geopolitical tension, economic drivers). 
• However, the next decisive frontier in intelligence and defence requires a pivot to the who: the personality dynamics that fuel cyber threat actor groups and using autonomous tools to follow in their footsteps.
• This plenary will cover what 200,000 real attacks taught us that your security stack probably missed, why attackers keep winning (and how to start thinking like they do), and how autonomous pentesting is changing the economics of defence

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 mins
• First-hand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
• Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
• What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you

Networking break

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England (Moderator)
Björn Johrén, Head of Security & IT Operations, Max Matthiessen AB
Marcus Lenngren, Area Manager & Cyber Security Manager, H&M Group
Hanna Rasch, Information Security & Product Cybersecurity Manager, Production & Logistics, Scania

• How do we turn risk appetite statements into real decision levers instead of paperwork?
• With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
• Which cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
• How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?

Chair's Closing Remarks