Next IT Security addresses the evolving landscape of AI in cybersecurity, where the balance between human expertise and AI tools is at the forefront. We delve into crucial topics, from GDPR compliance to fostering a robust cybersecurity culture. Our mission is to equip IT security leaders with tactical insights and a forum for collaboration, ensuring the continuous growth of professionals and organizations in this dynamic field.
Agenda October 2023
08:00
Registration
08:15
Power Breakfast
08:55
AI Methods, such as deep fakes and voice cloning, are maximizing the success rates of social engineering by the minute. Many experts worry that the accessibility of generative AI solutions will further democratize and erode the thrust of even worsen political instability. In this presentation, Bas van Erk will delve into the current landscape of hackers’ exploitation of AI for their malicious attacks, while also highlighting other emerging trends that demand our attention.
Lilia Karlqvist
Digital Account Executive
SoSafe
09:00
• As an information security leader, you know that your organization is constantly under threat from cyber attacks. But have you considered the potential risks of artificial intelligence?
• Artificial intelligence is quickly becoming a powerful tool for cyber attackers, and without proper understanding of its capabilities and limitations, organizations may be vulnerable to devastating attacks. Additionally, the lack of regulations surrounding AI use lead to ethical concerns.
• As an information security leader, you have a responsibility to protect your organization from these risks. By understanding the capabilities and limitations of AI, you can better defend against potential threats and ensure that your organization stays ahead of the curve.
• Don’t let yourself fall behind in this new era of technology. Attend this session and stay ahead of emerging threats as well as ensure responsible usage within your organization.
Magnus Carling
CISO,
Stena AB
09:25
• Many cybersecurity leaders are struggling to effectively communicate with management boards. Technical terms and jargon make it difficult for their message to be understood.
• This session will give you insight on how other leaders bridge the gap between technical and non-technical departments, establishing best practices for creating a more effective cybersecurity culture. Don’t miss out on the opportunity to improve communication within your organization.
• Establishing an effective cybersecurity culture can make all the difference in protecting your company from potential cyber threats.
• Take control of your organization’s cybersecurity future today by learning your peer’s experience. Improve communication and foster a stronger security culture within your organization.
Moderator: Malte Panahi
Mimecast
Elin Ryrfeldt
CISO,
AXFOOD
Jonas Rendahl
CISO,
Aurobay
Mikael Nyman
Head of IT Security,
Länsförsäkringar
Daniel Riddarvinge
Information Security Officer, Saminvest AB
10:00
Establishing the need for an identity-driven, consolidated security architecture.
Fine-tuning your SIEM as the best threat detection and response system.
Security and risk posture management: Assessing and mitigating the risks of the prime target, AD right.
Enforcing your organization’s security through CASB.
Harish Sekar
Senior Technical Evangelist
Manage Engine
10:20
Coffee break and 1-1 meetings
10:50
Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple.
In this session, Javvad Malik, Lead Security Awareness Advocate for KnowBe4, will explain how to take your security awareness to the next level and prevent it from going stale. Changing behaviors and creating a culture of security can only be achieved by adopting the right mindset and techniques. In this session you will learn: Why you need to brand the security department the right way The psychological approach to getting your message across Practical advice on building a strong security culture
Javvad Malik
Lead Security Awareness Advocate,
KnowBe4
11:15
When it Comes to Compliance you need to Juggle with many Regulations
• Are you still using dozens of spreadsheets for managing compliance for IT security and data privacy? It can be overwhelming.
• With so many regulations and standards to comply with, it can be overwhelming to manage it all. But ignoring compliance could lead to serious consequences for your organization.
• Be proactive in managing compliance by hearing best practices and advice on tools for day-to-day operations. Make sure your organization meets all necessary requirements to avoid loss of customer trust, reputation damage, or hefty fines.
• Get ahead of potential problems by attending this session. Ensure your area of responsibility is fully compliant.
Jacqueline Johnson
CISO,
Energienet (Danish Energy Grid)
11:40
• As a cybersecurity leader, you might be concerned about the impact of machine learning and AI on your team’s role in protecting your organization from cyber threats.
• The rise of machine learning and AI has sparked discussions on whether or not humans will be replaced in the cybersecurity field. This session dives deep into this topic and explores both challenges and opportunities that come with the shift towards AI-driven cybersecurity.
• As software development becomes increasingly automated, it’s more important than ever to understand the role of human factor in cybersecurity. This panel uncovers just how crucial human expertise is when it comes to protecting sensitive data from cyber threats.
• Gain valuable insights into the impact of AI on cybersecurity and learn how to leverage human expertise for optimal results. Start preparing for an AI-driven future now.
Moderator: Robby Coppens
Director, Solutions Engineer Central Europe
Netskope
Johan Nordin
Director of IT & IS,
Extenda Retail
Anders Nørklit Thingholm
Head of Information Security,
DANX Carousel Group
Marcus Küchler
Head of Global IT Security,
Epiroc
Aki Khan
CISO,
WSP I Sverige
12:10
Lunch Break
13:10
When companies embark on their digital transformation journey, the often prioritize two key factors:
- Leveraging cloud technology for speed and innovation
- Harnessing the power of the cloud to enhance business value.
However, critical considerations like risk management, exposure reduction, vulnerability mitigation, and fostering collaboration among dev-, sec-, and ops-teams are sometimes relegated to the background. Unfortunately, this lack of attention, combined with a lack of visibility and existing attack vectors, creates a complex cybersecurity landscape Cybercriminals are acutely aware of these vulnerabilities and are continually devising new methods to infiltrate cloud environments. The consequences are far-reaching, resulting in costly disruptions, publicized breaches, loss of trust, and revenue downturns. These incidents have become increasingly prevalent in recent months.
In our presentation, we delve into the Wiz operating model, offering actionable insights, tips, and tricks, as well as real customer experiences and best practices aimed at safeguarding your business. During this session, you will:
- Grasp the significance of cloud-related risks: Understand what risks in the cloud entail and how hackers exploit them.
- Explore the new paradigm of cloud security: Learn about the evolving cloud security model and discover how proactive adoption can protect your cloud environments.
- Demystify cloud security with Wiz: Find out how Wiz democratizes cloud security by providing complete visibility and contextual understanding, allowing you to focus on your core business priorities.
Fredrik Karbing
Security Evangelist,
Wiz
13:35
Are Cybersecurity leaders really the right persons to take over yet another responsibility? If yes, how do they navigate the GDPR challenges?
With the increasing number of data breaches and legal implications, it’s imperative for businesses to comply with GDPR regulations. Non-compliance can lead to heavy fines, loss of reputation, and even business shutdown. But where do you begin? What are the best practices, pros and cons when you have data protection on your table?
This panel will equip you with updated strategies for data protection, including implementing data minimization and pseudonymization, data privacy agreements, and more.
Join the panel on our journey towards complete GDPR compliance! Learn form your peers on their experiences in meeting GDPR requirements and ensure your customers’ and employees’ personal data is kept safe. Act by updating your data protection strategies and ensure compliance with privacy regulations.
Bernard Helou
Cybersecurity Manager
Schibsted News Media
Knud Kokborg
Global IT Compliance Manager,
Falck
Scott Melnyk
CISO
Internationella Engelska Skolan
Marianne Hove Solberg
CISO,
SpareBank 1 SMN
14:10
In 2022, 74% of cybersecurity breaches still involved the human element. Most cyber-attacks started with a phishing email. People continued to re-use passwords. The data is overwhelming: traditional security awareness methods may tick off compliance boxes, but they barely scratch the surface in mitigating real security risks.
Facing this fact, pioneering organisations have changed their approach to human risk. In this illuminating case study presentation, engage with two preeminent Security Awareness Leaders who confronted these challenges.
They will share how individualisation, engaging gamification, and consistent reinforcement are some of the best tools to usher in behavioural change at scale. By showcasing tangible initiatives they’ve rolled out, alongside their tangible results, you’ll discern which strategies genuinely make an impact and which fall short. This actionable and enlightening talk will arm you with the keys to pivot from merely understanding human risk management to actively practicing it—enabling you to turn one of your biggest risks into your biggest strength.
Maxime Cartier
Human Risk Management Advisor
Hoxhunt
Pauliina Hartikainen
Head of Cybersecurity Awareness and Culture
KONE
14:30
Coffee Break & 1-1 meetings
15:00
What can AI bring to security? Learn whether AI can help or hinder security teams as they adapt to an AI world.
Mandy Andress
CISO,
Elastic
15:25
• In today’s rapidly evolving digital landscape, human error and social engineering remain persistent threats to organizational security.
• Let us explore how psychology, communication, collaboration, and behavior design can integrate to mitigate human risk effectively. Discover the profound impact of psychological insights on shaping secure behaviors, cultivating a security-aware culture, and empower employees to become an active line of defense against and social engineering attacks.
• This holistic perspective equips CISOs to navigate board-level discussions on human risk and strategically elevate resilience.
Join us as we examine how this integrated approach can transform human risk mitigation and improve security.
Monika Kullberg
Security Culture & Awareness Manager,
Sandvik
15:50
Most people switch off when someone starts talking about cyber security. In the time it takes you to read this synopsis, two small businesses will be successfully hacked in the UK. And yet, you still probably won’t do anything about it, because where do you even begin?!
If you dare to join my audience, I will steal your information in front of your eyes – and then I will point you in the right direction to do something about it.
Join Paul Newton of Mental Theft and become “Strong, Confident and Wary”.
Paul Newton
Mental Theft
16:00
Leg stretcher and book signing by
Magnus Carling
Author of “Svart kod” trilogy
CISO,
Stena AB
16:10
Modern technologies like cloud computing, Infrastructure as a service (IaaS) and containers, just to name a few, have created a tremendous boost in productivity but at the same they also have increased security challenges. In this operating environment, traditional vulnerability management, intended just as looking at software vulnerabilities / CVEs, is not effective anymore. Modern vulnerability management should focus on managing vulnerabilities beyond traditional scanners: security teams should assess vulnerabilities more comprehensively including infrastructure, applications and cloud.
Today, organizations have far too many security tools: SAST, DAST, IAST, SCA, secrets scanning, container scanning, cloud scanning, penetration testing reports, bug bounty reports and what not. This means too much data to digest: typically, the security team will continuously throw those findings and reports (sometimes in a hard to read format) at the software development and application teams for remediating the issues, with the result that those teams, already understaffed, are overwhelmed with fixing several thousands of vulnerabilities. In addition, the lack of integration and automation between tools further reduces the effectiveness of vulnerability management.
Properly monitoring, prioritizing and remediating vulnerabilities from different sources is a crucial part of an effective vulnerability and threat management strategy. In this session we will see how to turn traditional vulnerability management into efficient continuous and comprehensive threat management thanks to collaboration while leveraging on processes and tools.
Main points:
Traditional vulnerability management challenges
Moving towards a more comprehensive approach
Collaboration as a key to vulnerability management
Emilio Soressi
Business Information Security Officer (BISO) at
Posti Group Suomi Oy
Johan Nordin
Director of IT & IS
Extenda Retail
16:45
Contemporary cyber security supply chain risk management practices reflect traditional ideas of lack of trust, survival of the fittest, assume evil, compliance with bureaucracy, or technocentrism. Each and every of those ideas combined or alone lead to short term survival, mistakenly understood as security. The author will shortly describe the problems, but focus mostly on possible alternative objectives and methods for more secure supply chain networks like adaptability, culture over management, synergism or friendly intel. The presentation will be based on the author’s personal research and practical insights gained from cyber security incidents within casual, software and hardware supply chain incidents.