Stockholm

October 26, 2023

Click on the Fast Link buttons to learn more

WHY SHOULD YOU JOIN
OUR CONFERENCE

Unique agenda featuring the hottest topics, curated by our CISO community, with decision makers in one room for the entire day, and a limited number of exclusive content contributors.

Expert Speakers
0 +
Delegates
0 +
Minutes Of Networking
0 +

Expert Speakers

We are delighted to introduce some of our expert speakers in cyber security. Our speakers are distinguished professionals in the field, with years of experience and a passion for sharing their knowledge.

Daniel Riddarvinge

Information Security Officer
Saminvest AB

Drawing from a wealth of experience apparent in his diverse array of articles, Daniel Riddarvinge demonstrates a deep-seated comprehension of the crucial theme "Bridging the Gap between Technical and Non-Technical Departments." His insightful writings reflect his adeptness in maneuvering through the intricacies of harmonizing these departments cohesively. With his profound insights, Daniel is poised to shed light on strategies that facilitate improved communication, seamless collaboration, and mutual comprehension between technical and non-technical spheres. His adept guidance holds the potential to elevate organizational efficiency and synergy to new heights.

Elin Ryrfeldt

CISO
AXFOOD

Elin Ryrfeldt's profound expertise encompassing Information Security, Risk Management, Crisis Management, and Data Privacy renders her a pivotal contributor to the panel addressing "Bridging the Gap between Technical and Non-Technical Departments." With a remarkable 15-year trajectory and her current role as CISO at Axfood, Elin embodies proficiency in orchestrating seamless collaboration across these realms. Her insights hold the potential to illuminate strategies that streamline communication, augment mutual comprehension, and cultivate synergistic efforts between technical and non-technical units. Elin's contributions promise to propel comprehensive organizational achievement to new heights.

Johan Nordin

Director of IT & IS
Extenda Retail

Johan started his career deep in Unix, Linux and IT Security. He currently holds a full time role as Director of IT & IS (combined CIO/CISO) at Extenda Retail, a global SaaS company. Alongside this he is also Chair of the Board in two publically listed SaaS companies, ChargePanel and Euroafrica Digital Ventures.

Over the last 20 years Johan has gained experience from business development, technology, security, coding, start-ups, scale-ups, executive leadership and board assignments, public speaking etc. From time to time he freelance via Agilefirst, and he has held permanent roles at Danske Bank, East Capital, Nasdaq, Citi & Lehman Brothers.

Since joining Extenda Retail Johan has come back to hands-on security work after a few years of focusing purely on executive roles. He has hired a new security organization, drafted and currently implementing a security investment programme incl. ISO27001, and also led the response to a major Ransomware infection impacting nationwide on-prem software installations.

Mikael Nyman

Head of IT Security
Länsförsäkringar

With a background spanning technical and non-technical domains, Mikael Nyman is well-suited for the panel discussion on "Bridging the Gap between Technical and Non-Technical Departments." With over 15 years of experience in leading diverse teams, his insights encompass both spheres. This unique perspective enables him to elucidate strategies that facilitate effective communication, collaboration, and synergy between these departments. Mikael's ability to align technological understanding with non-technical functions positions him as a valuable speaker to explore practical ways to overcome challenges and achieve harmonious cross-functional dynamics.

Marcus Küchler

Head of Global IT Security
Epiroc

With two decades of leadership experience, which encompasses guiding both individual leaders and virtual teams, my leadership philosophy has crystallized into a fundamental belief. I understand leadership not as a self-claimed title, but as an accolade bestowed by others over time, subject to constant scrutiny by one's environment. Throughout my career, I've found genuine satisfaction in instances where I've been acknowledged as a leader by various stakeholders—be it direct reports, superiors, peers, partners, or customers. This recognition from diverse perspectives validates the authenticity of my leadership approach, rooted in earned respect and consistent impact on those I lead and collaborate with.

Aki Khan

CISO
WSP I Sverige

Aki Khan's profound expertise in cybersecurity leadership and strategic management positions him as an exceptional panelist for the dialogue on "Human Factor in Cybersecurity - Will Machines Replace Humans?" His extensive experience in orchestrating organizations through intricate security landscapes and harmonizing human and technological endeavors equips him with invaluable insights into the intricate synergy between human proficiency and AI-driven automation to fortify cyber resilience. Aki's nuanced understanding of how human acumen complements cutting-edge technology ensures a holistic defense mechanism. His profound insights will undoubtedly enhance the panel's discourse on the dynamic role of humans amid the relentless march of technological progress. 

Bernard Helou

Cybersecurity Manager
Schibsted News Media

Boasting an impressive 15-year journey in information security, Bernard has carved a distinct niche as a cybersecurity consultant, serving as a trusted advisor to distinguished CAC40 entities in Paris for nearly a decade. His transition to internal roles as an information security manager underscores his deep-seated understanding of security dynamics. Bernard's expertise encompasses an array of domains, spanning from fostering security awareness to architecting data protection strategies and formulating contingency blueprints. His rich proficiencies uniquely position him as an asset in the discourse on "Challenges with GDPR." With his multifaceted insights, Bernard's participation is set to elevate conversations surrounding the intricate realm of data protection regulations.

Jonas Rendahl

CISO
Aurobay

I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

Scott Melnyk

CISO
Internationella Engelska Skolan

With a rich professional background in data protection and privacy, Scott Melnyk is an ideal candidate to speak on the topic of GDPR. His comprehensive experience in leading global privacy compliance programs and designing effective data governance strategies highlights his profound expertise in this field. Scott's role as the Chief Privacy Officer at Klarna, coupled with his prior engagements at renowned companies, showcases his commitment to ensuring regulatory compliance and safeguarding sensitive data. His strong grasp of the legal and technical aspects of GDPR, along with his ability to bridge these dimensions, makes him a valuable contributor to discussions surrounding GDPR's challenges and implications. As an accomplished privacy professional, Scott's insights will undoubtedly enrich the discourse on the complex landscape of data protection in today's digital age.

Anders Nørklit Thingholm

Global Information Security Officer
DANX Carousel Group

Anders is an accomplished information security professional with extensive experience in various domains of the field. His journey from a technical security expert to a security manager has allowed him to consistently prove his capabilities and excel in different aspects of information security.

At DANXCarousel, Anders's current position presents him with a unique set of challenges in an M&A focused environment. This demanding role puts his skills to the test as he navigates the complexities and risks associated with mergers and acquisitions. Anders's expertise in information security plays a crucial role in ensuring the confidentiality, integrity, and availability of critical assets during these transactions.

With his proven track record and in-depth understanding of information security principles, Anders effectively manages the evolving landscape of threats and vulnerabilities. His ability to assess risks, develop strategic solutions, and lead teams has been instrumental in safeguarding sensitive information and maintaining the security posture of  DANXCarousel. Anders's contributions in this dynamic environment demonstrate his proficiency as an information security professional.. 

Knud Kokborg

Global IT Compliance Manager
Falck

Knud Kokborg's seasoned experience in legal and data protection fields uniquely qualify him as an exceptional panelist for the Challenges with GDPR discussion. With a background in Law and extensive work in data privacy, he offers profound insights into navigating the intricate landscape of GDPR compliance. His expertise spans advising organizations on data protection strategies, ensuring lawful data handling, and addressing complexities arising from GDPR regulations. Knud's contributions promise to shed light on practical approaches, potential hurdles, and strategies for harmonizing business operations with stringent data privacy standards, benefiting both legal and technical stakeholders alike.

Marianne Hove Solberg

CISO
SpareBank 1 SMN

Marianne is a seasoned Chief Information Security Officer (CISO) with a wealth of experience in the financial services industry. With a holistic approach to information security, she is passionate about aligning organizational goals with strong security culture and measures. Join Marianne as she shares insights and expertise on navigating GDPR challenges and the role of the Information Security Function in ensuring compliance.

Emilio Soressi

Business Information Security Officer (BISO)
Posti Group Suomi Oy

Emilio works as a Business Information Security Officer (BISO) at Posti, the main Finnish postal service delivering mail and parcels in Finland, and over the past years he has been responsible for implementing the company security policy and security guidelines in his business unit and developing information security processes and practices. In addition, lately he has focused particularly on helping application development teams implementing the secure software development life cycle (SSDLC), raising awareness among not only developers but also business owners on the importance of embedding security on each stage of their products and services life cycle.

Lilia Karlqvist

Digital Account Executive
SoSafe

 Elastic Chief Information Security Officer Mandy Andress, CISSP, is a published author and former lead of the information security function at MassMutual with a long career in information risk and security. She holds a JD, Master’s in management information systems, and BBA in accounting.

Fredrik Karbing

Security Evangelist
Wiz

Fredrik Karbing is an IT security expert with over 20 years of experience in IT and product/business development - spanning business areas like FinTech, Media, Health Care & Retail all around the globe. Over time, his focus increasingly shifted towards architecting and designing solutions with security - specifically Cloud Security - in mind. Fredrik's passion is in the center of where technology and business meet, and as a result, that is what he does; solving customer needs of today and tomorrow at WIZ.

Harish Sekar

Senior Technical Evangelist
ManageEngine

Harish Sekar is a senior technical evangelist at ManageEngine, a division of Zoho Corp. He is regularly seen presenting at international conferences and seminars on how to leverage technology better. He specializes in guiding IT administrators & security professionals across the globe to better administer their hybrid Active Directory and ways to strengthen their organizations’ security.

Javvad Malik

Lead Security Awareness Advocate
KnowBe4

Description is being prepared...

Mandy Andress

CISO
Elastic

 Elastic Chief Information Security Officer Mandy Andress, CISSP, is a published author and former lead of the information security function at MassMutual with a long career in information risk and security. She holds a JD, Master’s in management information systems, and BBA in accounting.

Robby Coppens

Director, Solutions Engineer Central Europe
Netskope

Robby Coppens has spent his career building solutions with any kind of technology to enable businesses throughout Europe. Robby started in the networking world but added a passion for security soon after. Today, with more than 20 years of ICT experience, in different roles in resellers, distribution, and vendors, Robby focuses on supporting the transformation and security strategies for Netskope's clients across Central Europe.

Maxime Cartier

Human Risk Management Advisor
Hoxhunt

Maxime is a Human Risk Management leader, who has built Security Awareness, Behaviour and Culture programs for global companies in manufacturing, aerospace, and in his previous role at H&M Group. His goal is to help people stay safe online, and support organisations make the switch from raising awareness to effectively changing behaviours and culture. He’s currently an Advisor at Hoxhunt - a human risk management platform - supporting them in building the future of the product.

Pauliina Hartikainen

Head of Cybersecurity Awareness and Culture
KONE

Pauliina gets energy from seeing successful shifts from security resistance to resilience. She contributes to building a strong and sustainable cybersecurity culture by leading awareness program at KONE, which is a global leader in the elevator and escalator industry, making the world’s cities better places to live in by improving people flow.

Partners

Next IT Security addresses the evolving landscape of AI in cybersecurity, where the balance between human expertise and AI tools is at the forefront. We delve into crucial topics, from GDPR compliance to fostering a robust cybersecurity culture. Our mission is to equip IT security leaders with tactical insights and a forum for collaboration, ensuring the continuous growth of professionals and organizations in this dynamic field.

Agenda

08:00

Registration

08:15

Power Breakfast

08:55

AI Methods, such as deep fakes and voice cloning, are maximizing the success rates of social engineering by the minute. Many experts worry that the accessibility of generative AI solutions will further democratize and erode the thrust of even worsen political instability. In this presentation, Bas van Erk will delve into the current landscape of hackers’ exploitation of AI for their malicious attacks, while also highlighting other emerging trends that demand our attention.

Lilia Karlqvist

Digital Account Executive
SoSafe

09:00

• As an information security leader, you know that your organization is constantly under threat from cyber attacks. But have you considered the potential risks of artificial intelligence?

• Artificial intelligence is quickly becoming a powerful tool for cyber attackers, and without proper understanding of its capabilities and limitations, organizations may be vulnerable to devastating attacks. Additionally, the lack of regulations surrounding AI use lead to ethical concerns.

• As an information security leader, you have a responsibility to protect your organization from these risks. By understanding the capabilities and limitations of AI, you can better defend against potential threats and ensure that your organization stays ahead of the curve.

• Don’t let yourself fall behind in this new era of technology. Attend this session and stay ahead of emerging threats as well as ensure responsible usage within your organization.

Magnus Carling

CISO,
Stena AB

09:25

• Many cybersecurity leaders are struggling to effectively communicate with management boards. Technical terms and jargon make it difficult for their message to be understood.

• This session will give you insight on how other leaders bridge the gap between technical and non-technical departments, establishing best practices for creating a more effective cybersecurity culture. Don’t miss out on the opportunity to improve communication within your organization.

• Establishing an effective cybersecurity culture can make all the difference in protecting your company from potential cyber threats.

• Take control of your organization’s cybersecurity future today by learning your peer’s experience. Improve communication and foster a stronger security culture within your organization.

Moderator: Malte Panahi


Mimecast

Elin Ryrfeldt

CISO,
AXFOOD

Jonas Rendahl

CISO,
Aurobay

Mikael Nyman

Head of IT Security,
Länsförsäkringar

Daniel Riddarvinge

Information Security Officer, Saminvest AB

10:00

  • Establishing the need for an identity-driven, consolidated security architecture. 

  • Fine-tuning your SIEM as the best threat detection and response system. 

  • Security and risk posture management: Assessing and mitigating the risks of the prime target, AD right. 

  • Enforcing your organization’s security through CASB. 

Harish Sekar

Senior Technical Evangelist
Manage Engine

10:20

Coffee break and 1-1 meetings

10:50

Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple.

In this session, Javvad Malik, Lead Security Awareness Advocate for KnowBe4, will explain how to take your security awareness to the next level and prevent it from going stale. Changing behaviors and creating a culture of security can only be achieved by adopting the right mindset and techniques. In this session you will learn: Why you need to brand the security department the right way The psychological approach to getting your message across Practical advice on building a strong security culture

Javvad Malik

Lead Security Awareness Advocate,
KnowBe4

11:15

When it Comes to Compliance you need to Juggle with many Regulations

• Are you still using dozens of spreadsheets for managing compliance for IT security and data privacy? It can be overwhelming.

• With so many regulations and standards to comply with, it can be overwhelming to manage it all. But ignoring compliance could lead to serious consequences for your organization.

• Be proactive in managing compliance by hearing best practices and advice on tools for day-to-day operations. Make sure your organization meets all necessary requirements to avoid loss of customer trust, reputation damage, or hefty fines.

• Get ahead of potential problems by attending this session. Ensure your area of responsibility is fully compliant.

Jacqueline Johnson

CISO,
Energienet (Danish Energy Grid)

11:40

• As a cybersecurity leader, you might be concerned about the impact of machine learning and AI on your team’s role in protecting your organization from cyber threats.

• The rise of machine learning and AI has sparked discussions on whether or not humans will be replaced in the cybersecurity field. This session dives deep into this topic and explores both challenges and opportunities that come with the shift towards AI-driven cybersecurity.

• As software development becomes increasingly automated, it’s more important than ever to understand the role of human factor in cybersecurity. This panel uncovers just how crucial human expertise is when it comes to protecting sensitive data from cyber threats.

• Gain valuable insights into the impact of AI on cybersecurity and learn how to leverage human expertise for optimal results. Start preparing for an AI-driven future now.

Moderator: Robby Coppens

Director, Solutions Engineer Central Europe
Netskope

Johan Nordin

Director of IT & IS,
Extenda Retail

Anders Nørklit Thingholm

Head of Information Security,
DANX Carousel Group

Marcus Küchler

Head of Global IT Security,
Epiroc

Aki Khan

CISO,
WSP I Sverige

12:10

Lunch Break

13:10

When companies embark on their digital transformation journey, the often prioritize two key factors:

  • Leveraging cloud technology for speed and innovation
  • Harnessing the power of the cloud to enhance business value.

However, critical considerations like risk management, exposure reduction, vulnerability mitigation, and fostering collaboration among dev-, sec-, and ops-teams are sometimes relegated to the background. Unfortunately, this lack of attention, combined with a lack of visibility and existing attack vectors, creates a complex cybersecurity landscape Cybercriminals are acutely aware of these vulnerabilities and are continually devising new methods to infiltrate cloud environments. The consequences are far-reaching, resulting in costly disruptions, publicized breaches, loss of trust, and revenue downturns. These incidents have become increasingly prevalent in recent months.

In our presentation, we delve into the Wiz operating model, offering actionable insights, tips, and tricks, as well as real customer experiences and best practices aimed at safeguarding your business. During this session, you will:

    • Grasp the significance of cloud-related risks: Understand what risks in the cloud entail and how hackers exploit them.
    • Explore the new paradigm of cloud security: Learn about the evolving cloud security model and discover how proactive adoption can protect your cloud environments.
  • Demystify cloud security with Wiz: Find out how Wiz democratizes cloud security by providing complete visibility and contextual understanding, allowing you to focus on your core business priorities.

Fredrik Karbing

Security Evangelist,
Wiz

13:35

Are Cybersecurity leaders really the right persons to take over yet another responsibility?  If yes, how do they navigate the GDPR challenges?

With the increasing number of data breaches and legal implications, it’s imperative for businesses to comply with GDPR regulations. Non-compliance can lead to heavy fines, loss of reputation, and even business shutdown. But where do you begin? What are the best practices, pros and cons when you have data protection on your table?

This panel will equip you with updated strategies for data protection, including implementing data minimization and pseudonymization, data privacy agreements, and more.

Join the panel on our journey towards complete GDPR compliance! Learn form your peers on their experiences in meeting GDPR requirements  and ensure your customers’ and employees’ personal data is kept safe. Act by updating your data protection strategies and ensure compliance with privacy regulations.

Bernard Helou

Cybersecurity Manager
Schibsted News Media

Knud Kokborg

Global IT Compliance Manager,
Falck

Scott Melnyk

CISO
Internationella Engelska Skolan

Marianne Hove Solberg

CISO,
SpareBank 1 SMN

14:10

In 2022, 74% of cybersecurity breaches still involved the human element. Most cyber-attacks started with a phishing email. People continued to re-use passwords. The data is overwhelming: traditional security awareness methods may tick off compliance boxes, but they barely scratch the surface in mitigating real security risks.

Facing this fact, pioneering organisations have changed their approach to human risk. In this illuminating case study presentation, engage with two preeminent Security Awareness Leaders who confronted these challenges.

They will share how individualisation, engaging gamification, and consistent reinforcement are some of the best tools to usher in behavioural change at scale. By showcasing tangible initiatives they’ve rolled out, alongside their tangible results, you’ll discern which strategies genuinely make an impact and which fall short. This actionable and enlightening talk will arm you with the keys to pivot from merely understanding human risk management to actively practicing it—enabling you to turn one of your biggest risks into your biggest strength.

Maxime Cartier

Human Risk Management Advisor
Hoxhunt

Pauliina Hartikainen

Head of Cybersecurity Awareness and Culture
KONE

14:30

Coffee Break & 1-1 meetings

15:00

What can AI bring to security? Learn whether AI can help or hinder security teams as they adapt to an AI world.

Mandy Andress

CISO,
Elastic

15:25

• In today’s rapidly evolving digital landscape, human error and social engineering remain persistent threats to organizational security.

• Let us explore how psychology, communication, collaboration, and behavior design can integrate to mitigate human risk effectively. Discover the profound impact of psychological insights on shaping secure behaviors, cultivating a security-aware culture, and empower employees to become an active line of defense against and social engineering attacks.

• This holistic perspective equips CISOs to navigate board-level discussions on human risk and strategically elevate resilience.
Join us as we examine how this integrated approach can transform human risk mitigation and improve security. 

Monika Kullberg

Security Culture & Awareness Manager,
Sandvik

15:50

Most people switch off when someone starts talking about cyber security. In the time it takes you to read this synopsis, two small businesses will be successfully hacked in the UK. And yet, you still probably won’t do anything about it, because where do you even begin?!

If you dare to join my audience, I will steal your information in front of your eyes – and then I will point you in the right direction to do something about it.  

Join Paul Newton of Mental Theft and become “Strong, Confident and Wary”.

Paul Newton

Mental Theft

16:00

Leg stretcher and book signing by

Magnus Carling

Author of “Svart kod” trilogy
CISO,
Stena AB

16:10

Modern technologies like cloud computing, Infrastructure as a service (IaaS) and containers, just to name a few, have created a tremendous boost in productivity but at the same they also have increased security challenges. In this operating environment, traditional vulnerability management, intended just as looking at software vulnerabilities / CVEs, is not effective anymore. Modern vulnerability management should focus on managing vulnerabilities beyond traditional scanners: security teams should assess vulnerabilities more comprehensively including infrastructure, applications and cloud.

Today, organizations have far too many security tools: SAST, DAST, IAST, SCA, secrets scanning, container scanning, cloud scanning, penetration testing reports, bug bounty reports and what not. This means too much data to digest: typically, the security team will continuously throw those findings and reports (sometimes in a hard to read format) at the software development and application teams for remediating the issues, with the result that those teams, already understaffed, are overwhelmed with fixing several thousands of vulnerabilities. In addition, the lack of integration and automation between tools further reduces the effectiveness of vulnerability management.

Properly monitoring, prioritizing and remediating vulnerabilities from different sources is a crucial part of an effective vulnerability and threat management strategy. In this session we will see how to turn traditional vulnerability management into efficient continuous and comprehensive threat management thanks to collaboration while leveraging on processes and tools.

Main points:

Traditional vulnerability management challenges

Moving towards a more comprehensive approach

Collaboration as a key to vulnerability management

Emilio Soressi

Business Information Security Officer (BISO) at
Posti Group Suomi Oy

Johan Nordin

Director of IT & IS
Extenda Retail

16:45

Contemporary cyber security supply chain risk management practices reflect traditional ideas of lack of trust, survival of the fittest, assume evil, compliance with bureaucracy, or technocentrism. Each and every of those ideas combined or alone lead to short term survival, mistakenly understood as security. The author will shortly describe the problems, but focus mostly on possible alternative objectives and methods for more secure supply chain networks like adaptability, culture over management,  synergism or friendly intel. The presentation will be based on the author’s personal research and practical insights gained from cyber security incidents within casual, software and hardware supply chain incidents.

Filip Nowak

Global Head of Cyber Defence,
Ferrero

18:00

Networking Dinner Cruise and Annual CISO Raffle

Highly Exclusive. Operakällaren’s name dates back to 1787 when it was situated in the cellar under Gustav III’s opera house. History permeates the atmosphere in this heritage property, the most prestigious meeting place in Stockholm, is a house filled with opportunities, inspiration and fantastic networking.

Nordics Edition

C-Level IT Security Event

BeNeLux Edition

C-Level IT Security Event

DACH Edition

C-Level IT Security Event