Agenda

08.30 - 09.30

Breakfast Networking & Registration

09.30 - 09.40

Chair's Welcome

09.40 - 10.00

►Strengthening Cybersecurity Competence in Austria and the EU

Marlies Hofmann, Legal and Policy Officer, NCC-AT 
Lydia Lindner, Programme Manager, FFG & NCC-AT

  • The National Coordination Centre for Cybersecurity in Austria: Roles, Impact, and Strategic Vision
  • The European Cybersecurity Competence Centre: Mission, Objectives, and Governance
  • Unlocking Opportunities: EU Funding for Cybersecurity Innovation and Collaboration
10.00 - 10.20

►How Turkish Escort Websites Made Protecting the Eurovision Song Contest Possible. Cybersecurity in a Globally Connected World

Matthias Lutz, Senior Account Manager, Cloudflare

The true art of cybersecurity lies in recognising patterns within complex contexts. Discover the story that links Turkish escort websites, the Eurovision Song Contest, the head of Iran’s state-backed cyber attack unit, and the entry ban of our CEO into Russia. Learn why it’s essential for even regional companies to implement global security mechanisms.

  • Uncover the hidden connections between Turkish escort sites, Eurovision, and international cyber warfare
  • Explore how a regional incident led to a geopolitical ripple effect — including our CEO’s ban from Russia
  • Learn why global security strategies are crucial, even for locally operating companies
10.20 - 10.40

►Cyber Resilience for the Cloud

Jerry Rijnbeek, Vice President Cloud & Security Technology, Rubrik

  • Cloudfocus: How to implement robust cyber recovery and threat containment across your cloud environments
  • Beyond prevention: ensure rapid response and recovery to minimise downtime and business disruption
  • Stay operational under attack: How zero-trust architecture helps you maintain control and protect critical data—even during ransomware events
10.40 - 11.00

►AI-Enhanced Cybersecurity at Banco Sabadell   

 Eduardo Gonzalez, Global Advanced Cybersecurity Director, Banco Sabadell

  • AI as the new Gold Rush
  • Impact on Cybersecurity
  • Regulations and Frameworks for AI
  • Leveraging AI for Cybersecurity
  • Creating a custom Machine Learning model
11.00 - 11.30

Networking Break

11.30 - 12.00

►Fireside Chat: Mitigating Personal Liability: The Changing Climate for Security Professionals

Jonathan Armstrong, Partner, Punter Southall Law

  • The changing politics of security
  • Current cases
  • Social Media scrutiny
  • Insurance options for CISOs
  • Golden parachutes and legal support
12.00 - 12.20

►Cybersecurity in the age of genAI - Human Centric Security to Protect Against Modern Cyber Risks Proofpoint-Customer Session

Michael Krüger, Senior Sales Engineer, Proofpoint

In this session we will uncover hidden risks of GenAI and inform you how to protect your employees & data.

  • The risks associated with GenAI and how GenAI can be misused by threat actors and by employees
  • How to gain insight into the use of GenAI in your organisation, enforce acceptable use policies and train employees
  • How a human-centered approach to security can prevent the loss of sensitive data
12.20 - 13.00

►Education Seminars

Delegates will be able to choose from a range of topics:

  • Protection of Service Accounts: A Luxury or an Urgent Necessity for Highly Privileged Non-Human Identities? Michael Lindner, Regional Sales Manager, Silverfort  
     
  • Understanding DORA – Aligning Cybersecurity and Compliance, Nico Richters, Account Director, Recorded Future 
13.00 - 14.00

Lunch & Networking Break

14.00 - 14.20

►Herding Cats: Building a Security Governance Structure That Actually Works

Florian Polt, Head of Group Security & Resilience, UNIQA Insurance Group

  • Navigating conflicting legal requirements and diverse stakeholders
  • Creating a governance blueprint and aligning roles across entities
  • Tackling legal complexities while maintaining sanity
  • Real-world insights, practical lessons, and governance war stories
14.20 - 14.40

►Defending against multi-channel and multi-media AI-fuelled social engineering

Dr. Martin Krämer, Security Awareness Advocate, KnowBe4

Phishing emails are a popular choice for social engineering but by far not the only one. Messaging services, social media platforms, corporate communication channels, and online meetings are all communication channels leveraged to manipulate people. Attackers increasingly launch multi-channel attacks. No longer are cybercriminals limited to text-based communication. Voice and even video are frequently used in business contexts to communicate information. Thanks to new AI capabilities, text, voice, and video can now be easily manipulated or synthesised. Cybercriminals leverage the power of AI and multi-channel communication to step up their manipulation game.

Join this session,

  • To learn how cybercriminals are changing tack
  • What that means for your organisation
  • How you should prepare for it
     
14.40 - 15.00

►How CyberProof and Google Transformed a Healthcare Provider’s Security Operations with Adaptive MxDR

Christopher Schrauf, Senior SIEM & Cybersecurity Architekt, CyberProof

Healthcare organisations face unique cybersecurity challenges that require innovative solutions. In this session, CyberProof and Google will show how their partnership delivered adaptive MxDR services for a leading healthcare provider. We’ll walk you through a real-world case study, showing how we overcame security challenges and achieved significant business outcomes.

Learn about:

  • The client’s business problem statement and security challenges
  • How CyberProof and Google collaborate to deliver better security, together 
  • Business outcomes, including measurable improvements in security and higher ROI 
15.00 - 15.30

►Panel Discussion: Future-Proofing Security Architectures

Marian Kühnel, Information Security Architect, ÖBB
Philipp Amann, Group CISO, Austrian Post (Post AG) 
Daniele Sangion, CISO, UniCredit Bank Austria

  • How can security teams design resilient architectures to accommodate and leverage new technologies like AI, quantum computing, and IoT?
  • What role does AI play in developing proactive, rather than reactive, security postures?
  • Best practices for integrating AI without disrupting legacy systems or existing workflows
  • How can organisations implement zero-trust principles and adaptive access controls to secure evolving environments driven by AI and edge computing?
15.30 - 16.00

Networking Break

16.00 - 16.20

►Securing Critical Infrastructure with IAM in an elevated threat landscape

Sachin Loothra, Lead Solutions Architect, Telia

  • Evolving threat landscape and its impacts on critical infrastructure
  • Regulations on critical infrastructure and demands towards IAM
  • How IAM solutions can be setup to meet the demands
     
16.20 - 16.50

►Panel Discussion: Battling Nation-State Hackers: Winning the Cyber War 

Utz Nisslmueller, Security Specialist, City of Vienna 
Nikolaus Brandstetter, CISO, MM Group 
Florian Polt, Head of Group Security & Resilience, UNIQA Insurance Group

  • How can organisations effectively leverage threat intelligence to proactively counter nation-state attacks? Can they?
  • Do regulatory standards actually enhance defense against nation-state actors, or do they merely add compliance burdens without improving security?
  • Are we doing enough to address supply chain vulnerabilities, or is this an overlooked entry point for nation-state threats?
  • What strategic, forward-looking investments are essential for effectively countering the evolving tactics of APTs?
16.50 - 17.00

Chair's Closing Remarks

Education seminars


Protection of Service Accounts: A Luxury or an Urgent Necessity for Highly Privileged Non-Human Identities?


Michael Lindner, Regional Sales Manager, Silverfort 

Machine-to-Machine (M2M) accounts, also known as service or non-human accounts, are essential to IT infrastructure but pose significant security risks if not properly protected.

Attendees will learn:

  • Why are service accounts a prime target for attackers?
  • How can compromised service accounts enable lateral movement?
  • Why is their security often insufficient, and how can organisations gain visibility?
  • What strategies ensure the long-term protection of these privileged identities?

DORA verstehen – Cybersicherheit und Compliance im Einklang


Nico Richters, Account Director, Recorded Future

DORA ist ein neues EU-Gesetz, das Unternehmen verpflichtet, ihre digitalen Systeme widerstandsfähiger gegen Störungen und Cyberangriffe zu machen. Es betrifft nicht nur Banken, sondern alle wichtigen Akteure im Finanzsystem. Mit DORA rücken Cybersicherheit und regulatorische Anforderungen enger zusammen. Für Sicherheits- und IT-Teams bedeutet das neue Prioritäten und mehr Verantwortung. Die Anforderungen sind komplex: Unternehmen müssen Prozesse, Reporting und technologische Maßnahmen anpassen. Besonders schwierig ist es, Risiken in Echtzeit zu erkennen und zu dokumentieren. Recorded Future liefert die nötige Threat Intelligence, um Risiken frühzeitig zu erkennen und Compliance-Berichte zu unterstützen. So lassen sich regulatorische Anforderungen effizient erfüllen.

Die Teilnehmer erfahren:

  • Was hinter dem Digital Operational Resilience Act (DORA) steckt
  • Warum DORA ein Wendepunkt für Sicherheits- und IT-Teams ist
  • Welche Herausforderungen Unternehmen bei der Umsetzung erwarten
  • Wie Recorded Future bei der Einhaltung von DORA unterstützt