In the world of cybersecurity, a critical shortage of experts is increasing. Why? The stress levels are skyrocketing, CISO roles are evolving, and quantifying cyber risks remains a major challenge. But wait, there’s more! Remote work is unveiling extended workplace risks, including those posed by small but potent outsourcing firms known as 2.5 party risks. Adding to the mix, AI-based solutions are stepping into the limelight, sparking debates about their status as third-party risks or lurking internal threats. And as we open the door to Web 3.0 and blockchain, we’re met with both thrilling opportunities and complex challenges. Amid all this, safeguarding cloud infrastructure stands tall as a top priority. Welcome to the ever-evolving landscape of cybersecurity!
Agenda March 2024
08:00
Registration
08:15
Breakfast Powered by
08:45
Firestarter from Veracode
Join us for a discussion on managing and measuring security debt, focusing on key stats and trends. We will reference the “State of Software Security 2024” report by Veracode, exploring challenges, strategies, and the importance of measuring security debt.
- Reflecting on the progress made by the application security (AppSec) community in 2024
- Key achievements and advancements in AppSec practices and technologies
- Current focus areas for the AppSec community in addressing security debt
- Emerging trends and challenges in AppSec
- Strategies for staying ahead and adapting to the evolving threat landscape
Matt Salmon
Sr Solution Architect
Veracode
09:00
Opening Keynote
In today’s dynamic business environment, outsourcing has become a budget-friendly norm. However, the rise of non-major suppliers, or “2.5 party”, presents new challenges. Join us as we delve into the intricacies of 2.5 party risk management and its role in mitigating risks in an increasingly outsourced workplace.
- As remote work becomes more prevalent, can we apply the same risk management strategies used for major suppliers to our remote workforce? Discover why even small-scale outsourcing firms can pose substantial security threats and learn strategies to address these risks.
- With the ongoing shift towards remote work and outsourcing, how will this impact the future of our workplaces? Will we see a surge or decline in these trends? As these changes redefine our workplaces, it’s crucial that our cybersecurity strategies evolve in tandem. Join us to explore these pressing questions and more.
Arnaud Wiehe
Managing Director Information Security at FedEx and the author of award winning “The Book On Cybersecurity” and “Emerging Tech, Emerging Threats”
09:25
Panel Discussion
- Cyber attacks are evolving and becoming more sophisticated. As cyber threats continue to advance, cybersecurity professionals face increasing challenges in defending against a wide range of attacks, from malware to ransomware and beyond.
- The shortage of skilled cybersecurity professionals and the risk of attrition. The scarcity of qualified cybersecurity talent, coupled with the risk of losing experienced professionals to other opportunities, poses significant obstacles for organizations seeking to protect their digital assets.
- Approximately 3.5 million cybersecurity positions globally remain unfilled. With millions of cybersecurity roles remaining vacant worldwide, there is an urgent need for strategic workforce planning to address talent shortages and bolster organizations’ defenses against cyber threats.
Moderator: Richard Meeus
Director of Security Technology and Strategy EMEA
Akamai
Martin Karlsson
CISO
Quinyx
Jonas Nilsson
Information Security Strategist
Sweden's Municipalities and Regions
Rolf Lindby
CIO
Bulls Press
Brian O'Toole
Head of Security Engineering
Ericsson
10:00
Innovator Keynote
Welcome 2024! Another year, hopefully with no tailwinds, no macroeconomic challenges, big budgets and no security incidents. If only the life of a CISO could be that easy. Unfortunately, it isn’t!
This session will take a deep dive into the last 12 months of cyber activity across the globe, understanding the motives behind the threat actors we need to protect our businesses against. Dissecting the techniques and processes now being adopted by criminal groups to target Cloud environments to the use of Dark Artificial Intelligence. This session will also look into how security teams need to adapt and by taking a view into the potential new threats for 2024 and beyond, to understand where new priorities need to focus on.
So if you want to keep ahead of the adversary and stop the breach, this session is for you.
Zeki Turedi
CTO EMEA
CrowdStrike
10:20
Coffee break and 1-1 meetings
10:50
Firestarter from DEVO
11:00
Innovator Keynote
Our digital world is a counterpart to our physical reality. While we have been adapting facilities for the physically challenged for years, we seem to have forgotten about those vulnerable in our digital transformations. Size of the font isn’t enough anymore and we pushed technical security controls without consideration for those who are digitally vulnerable. We assumed everyone had a smartphone or could go through the multitude of questions while trying to get through to a customer services advisor while digital vulnerabilities can affect any of us and come in many shapes and forms. We forgot that just like in real life, people need each other’s help. In this session we will look at how we can add inclusion and compassion to our cyber driven identity flows and balance security with accessibility for those challenged. Inclusive security is omni-channeled, connected and adaptive.
Vinay Dabas
Senior Solution Architect
ForgeRock | PingIdentity
11:25
Best Practise Keynote
As AI-based solutions become increasingly integral to our business operations, the threat landscape evolves in tandem, potentially outpacing our current defenses. This session underscores the critical role of supervision and governance in safely and effectively navigating the AI journey were we will address challenges with integrity across the data/AI lifecycle, emphasizing vigilance against potential adversarial interference in data, training, and model outcomes. In addition, we will cover the need for ethical AI practices and avoidance of algorithmic bias, the necessity for AI applications to conform to sector-specific and regional regulations, highlight the importance of scalability to allow efficient growth as AI workloads increase, and explore the need for interoperability to avoid vendor lock-in when transitioning AI models.
Join us to acquire the tools and knowledge essential for mitigating AI risks under vigilant oversight.
Per Gustavsson
CISO,
Stratsys and Affiliate a Research Faculty,
C4I & Cyber Center GMU, US
11:50
Panel Discussion
– Involvement of new upcoming technologies in continuous monitoring for real-time threat detection in cloud environments
– Building secure configuration management and compliance because of constant evolving regulations
– Disaster recovery plans to maintain business continuity when facing current cyber threats
Moderator: Jamal Morris
Security Engineer
Tenable
Lars Ponten
CISO,
Doctrin
Martin Karlsson
CISO,
Quinyx
Anders Jared
CISO,
Bravida
Patrick Kall
Former Head of Security GRC
Einride
12:20
Firestarter from Digicert
12:20
Lunch Powered by
13:10
Innovator Keynote
Thanks to the great progress made by AI models such as LLMs and the increasing provision of standardized AI services, the application of these technologies is experiencing a real boom. However, the increasing acceptance and use of services in the corporate context also entails risks that IT security must face. Similar to the introduction of cloud services almost two decades ago, AI services are developing at a rapid pace and are being evaluated, rolled out and used by completely new user groups. The central task of security will therefore be to enable this new paradigm shift, to learn from past experiences, not to slow down the AIteams and thus to secure the competitive advantages that their companies can achieve. In this session you will learn how you can successfully master this balancing act.
- Visibility of the technologies and teams building on AI services
- Understanding of AI-specific risks (data leak for training data, misuse of models, costs of misuses of cloud services)
- Parallels to the cloud: Innovation is only possible if it is not unnecessarily
Fredrik Karbing
Cybersecurity Evangelist
WIZ
13:35
Panel Discussion
- As AI development accelerates, it’s increasingly being viewed as a potential third-party risk.From the risks associated with AI-generated code, including code that is vulnerable or infringes on the producers; license or copyright, to the new risks that are emerging for LLM- based application architectures. How rapidly is this landscape evolving, and how can we keep pace? Join us as we delve into the intensifying debate surrounding the use of AI-based within development and by security teams solutions.
- If an organization utilizes AI-based solutions from a supplier, it’s considered a third-party risk. But what rules and precautions are companies putting in place to mitigate this risk? And how does this risk change if the solution is developed in-house? Traditionally, employees are seen as potential inside threats, but should this view extend to internally developed AI programs, given their capabilities?
- Just because a solution is AI-based doesn’t necessarily mean it’s immune to AI-based
attacks. Could our AI-based security solutions potentially become our vulnerabilities? Engage in insightful discussions within the CISO community about AI’s role in the risk landscape and understand the importance of assessing the security implications of integrating AI-based solutions.
Andrew Winberg
Head of Information Security
Voyado
Sofia Staaf Frederiksen
Head of Information Security
Apoteket AB
Moderator:Magnus Carling
CISO
Stena AB
Bjorn Johren
CISO
Max Matthiessen
Lucas von Stockhausen
Senior Director of Security Engineering
Synopsys
14:10
Innovator Keynote
In today’s data-driven landscape, organizations face the dual challenge of compliance and security and at the same they are looking for ways to maximize data’s potential. By integrating end-to-end security measures, they can unlock new business opportunities while ensuring regulatory adherence.
In essence, the journey towards maximizing the value of data involves striking a balance between compliance, security, and innovation. It’s about transforming data challenges into opportunities, where regulatory adherence and data security serve as catalysts for growth and innovation.
Closing Insights two Real-Life Cases Demonstrate Profitability through Privacy by Design but also how this can play a part as the Vital Role of Securing Production Data for Test and Development Success.
Ramsés Gallego
Cybersecurity Chief Technologist
OpenText Cybersecurity
14:30
Firestarter from Darktrace
AI is proving to increase productivity and augment humans in new ways. To seize these opportunities, organizations must be aware of and manage its risks. That includes understanding how it has changed the threat landscape and the security concerns that come with it. In this session we’ll cover how applying Self-Learning AI across your organization’s digital environment will help your security team prevent, detect, respond, and heal from incidents, including those augmented by generative AI.
14:35
Coffee Break & 1-1 meetings
15:05
Innovator Keynote
Cybersecurity risk largely stems from people and their actions, with the human element accounting for around 80% of breaches. Therefore, the best way to reduce risk is to reduce the frequency of risky behaviours or increase the frequency of positive, secure habits. Easier said than done?
In this talk, Fanny and Maxime will reveal the most common mistakes people make when trying to influence others’ actions. They will then introduce a simple model that anyone in security can use to design for any behaviour they want to encourage or discourage. Drawing from their experience leading security behaviour and culture change programs in companies such as SEB, H&M Group and Avanza, they will bring real-life examples of applying this model to shape behaviours such as reporting security incidents or using approved cloud platforms. Participants will walk away with a practical tool they can use to tackle human risk in their organisation.