Agenda

08:30 - 09:30

Networking Break

09:30 - 09:40

Chairman's Welcome

09:40 - 10:00

► NIS2 – walking the regulatory talk

Philipp Amann, Group Chief Information Security Officer, Austrian Post (Post AG)

  • The EU’s approach to data governance
  • Mapping EU regulations to national legislation to organisations
  • How to NIS2 in practice?
10:00 - 10:20

Presentation to be announced by Cloudflare 

10:20 - 10:40

► Third-party risk management from a third-party perspective  

Andrea Szeiler, Global CISO, Transcom

  • Understanding your third parties and the risks they bring to your organisation  
  • Different approaches to third-party risk management and their pros and cons  
  • Responsibility sharing matrix 
  • Working together 
10:40 - 11:20

►Education Seminar Session 1


Delegates will be able to choose from the following education seminars:

  • From postcard to a sealed letter – why and how the quality of email communication can and should be improved, Günter Esch, Managing Director, SEPPmail
  • Unveiling the Dark Secrets of i-SOON: Insights into China's Cyberspionage Ecosystem, Julian Kanitz, Lead Sales Engineer DACH, Recorded Future
11:20 - 11:50

Networking Break

11:50 - 12:20

► The business of being a CISO

Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)
Philipp Amann, Group CISO, Austrian Post (Post AG)
Heidelinde Rameder, CISO Borealis, AG 
Andrea Szeiler, Global CISO, Transcom    

  • The role of the CISO as security regulation increases (NIS2, DORA etc.)
  • Compliance versus security as a true business driver
  • The cyber talent shortage – real or illusion?
  • Adopting a risk based approach to securing budgets

12:20 - 12:40

► Reducing the financial impact of cyber attacks


Frank Schwaak, Field CTO EMEA, Rubrik

  • Proactively reduce the attack surface
  • Determine the "blast radius" of an attack
  • Restore the environment without re-infection
  • Respond to NIS2, DORA and GDPR compliance
     
12:40 - 13:20

►Education Seminar Session 2


Delegates will be able to choose from the following education seminars:

  • We need to talk about security in our containerized workloads, Gabriel Stein, System Engineer, SUSE
  • From threat detection to threat prediction: How generative AI is transforming cybersecurity strategies, Kevin Breuer, Sales Engineer, LogRhythm
13:20 - 14:20

Lunch

14:20 - 14:40

► Cyber Insurance as a last line of defence

Orion Beci, Cyber Adviser, Austria, CEE & Eastern Mediterranean, Marsh

  • Key claims data and current insights
  • Shedding light on risks and ways to boost your cyber insurance protection
  • Boosting your insurability
14:40 - 15:00

►Why Identity Alone Is Not Enough for a Zero Trust Strategy

Paolo Passeri, Principal Sales Engineer and Cyber Intelligence Specialist, Netskope

  • The new reality of living in a hyperconnected online world requires a new approach to security, where multiple elements must be taken into account, besides simply blocking/allowing access to a specific service or the user identity to enforcing granular permissions.
  • Learn why the context is important to enforce a granular and effective security policy.
  • Discover which are the elements that must be considered, besides identity, to adopt an effective zero trust strategy
  • Understand how the different security controls, such as data protection, threat protection, behaviour analytics, cooperate to protect the modern enterprise.
15:00 - 15:20

►Understanding the basics of social engineering

 Dr. Martin J. Krämer, Security Awareness Advocate, KnowBe4

  • Social engineering is popular among attackers, with studies indicating more that 80% of attacks involve human error. 
  • Learn why social engineering is a problem and why it is so successful. 
  • Through the illustration of basic scientific concepts,  understand how attackers use tricks to exploit the ‘human factor’. 
  • Discover how organisations can protect their employees and what countermeasures can be put in place. 
     
15:20 - 15:40

► Cyber Audit Mastery: Navigating Strategies for Success

Christoph Gruber, Head of IT Security UNIQA IT Services, GmbH

  • Understanding the Purpose: clarifying the objectives and goals of cyber audits
  • Working with auditors to facilitate a smooth audit process and address concerns effectively
  • Achieving collaboration and communication across all parties
  • How do we engage our boards and achieve public accountability? 
15:40 - 16:00

Networking Break

16:00 - 16:20

► LIVE DEMONSTRATION: Weaponising AI for Cyber Attacks & Offensive Operations

Manit Sahib, Ethical Hacker, The Global Fund

  • Overview & Threat Landscape: How AI is being leveraged in the wild for malicious activities.
  • Weaponising AI for Offensive Operations: Running AI through the Cyber Kill Chain.
  • ChatGPT or [insertnamehere]GPT; What’s the level of effort required to build your own AI.
  • LIVE DEMO: AI in action 
16:20 - 16:50

► Technology Panel discussion

Elsa Lischka, Senior IT Security Architect, OMV
Strahinja Miljkovic, Former Deputy CISO, Prinzhorn Group
Marian Kühnel, Information Security Architect, ÖBB
Manit Sahib, Ethical Hacker, The Global Fund

 

  • How do you see the future of AI in security evolving, and what steps can be taken to ensure its responsible and effective use in protecting against cyber threats?  
  • What are your thoughts on the outsourcing model in security, and how can organizations ensure that they are effectively managing the risks and benefits associated with outsourcing their security functions?    
  • What are your thoughts on the shared responsibility model in security, and how can organizations effectively implement this model to ensure the security of their systems and data?
16:50 - 17:00

Event Closes 

Education seminars


Unveiling the Dark Secrets of i-SOON: Insights into China's Cyberspionage Ecosystem


Julian Kanitz, Lead Sales Engineer DACH, Recorded Future

This presentation sheds light on the recently uncovered data breach of i-SOON, a China-based cybersecurity company involved in offensive cyber espionage operations for Chinese government clients.

What attendees will learn: 

  • Revelation of the recently uncovered data breach of i-SOON
  • Insights into the inner workings of China's cyberspionage ecosystem
  • Raising awareness of the evolving landscape of cyber threats

We need to talk about security in our containerized workloads


Gabriel Stein, System Engineer, SUSE

Securing your container workloads with modern security tools that gives you peace of mind. Let's talk also about Zero Trust and why it is so important.

What attendees will learn:

  • Why are our standard tools are not enough
  • Containerized workloads and security concerns
  • Protecting your modern workloads 

 


From threat detection to threat prediction: How generative AI is transforming cybersecurity strategies


Kevin Breuer, Sales Engineer, LogRhythm

  • Evolution from detection to prediction
  • Simulation of attack scenarios
  • Threat intelligence automation
  • Predictive risk assessment
  • Improve Security Operations Center (SOC) efficiency
  • Integration with existing systems

From postcard to a sealed letter – why and how the quality of email communication can and should be improved.


Günter Esch, Managing Director, SEPPmail

98% of written communication between companies and their external partners and customers takes place via email. It should therefore be a matter of course to protect this channel in particular. There are technologies that have proven themselves in practice, but are still not used across the board. Here is a brief overview of the threats, organisational measures, the available technical protection mechanisms and how these can be used optimally and in a user-friendly way.

  • Email is the number 1 gateway for attackers
  • Organisational measures
  • Technical measures
  • Plus and minus