Hybrid Threats, Cyberwarfare
WHAT’S NEXT?

Tim Brown

CISO
Solarwinds

Nicolas M. Chaillan

First U.S. Air Force and
Space Force CSO

Steve Brown

Director, Cyber Security & Resilience
Mastercard

fmr. Head of Cyber Threat Intelligence
National Crime Agency (NCA), United Kingdom

Manuel de Almeida Pereira

Policy Advisor – Programming
Council of Europe

Helena Örtholm - Speaker at Nordic IT Security 2019

Helena Ortholm

CISO, Tele2

Erik Täfvander  - Speaker at Sum of all fears 2022

Anne Hännikäinen

Global Head of Information Security & Data Privacy, IKEA Group

Erik Täfvander  - Speaker at Sum of all fears 2022

Svante Nygren

Information Security Specialist, Svenska kraftnät

Erik Täfvander  - Speaker at Sum of all fears 2022

Dimitrios Stergiou

CISO, Trustly

Erik Täfvander  - Speaker at Sum of all fears 2022

Navaz Sumar

Chief Information Security Officer, Tf Bank

Thea Sogenbits - Speaker at Nordic IT Security Live TV Boradcast

Thea Sogenbits

CISO, Estonian Tax and Customs Board

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Jörgen Olofsson

CISO, Praktikertjänst

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Kristian Teiter

CISO, HANZA Group

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Ishtar Touailat

Head of artificial intelligence & innovation, Swedish Pension Agency

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Shahid Raza

Director Security Lab and Expert Researcher, RISE Research Institutes of Sweden

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Anwar Sulaiman

Data Protection Officer, Saab

Dan Cimpean

Dan Cimpean

Director, National Cyber Security Directorate

Erik Täfvander  - Speaker at Sum of all fears 2022

Dan Marques

Head of Cyber Security, Miniclip

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Filip Johnssén

Data Protection Officer (DPO), Klarna

Erik Täfvander  - Speaker at Sum of all fears 2022

Oleksii Baranovskyi

Senior Lecturer, Blekinge Tekniska Högskola

Erik Täfvander  - Speaker at Sum of all fears 2022

Samantha Humphries

Head of EMEA Marketing & Security Strategy, Exabeam

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Len Noe

Technical Evangelist / White Hat Hacker / BioHacker, CyberArk

Eva Throne-Holst - Speaker at Nordic IT Security 2019

Andrew Rose

Resident CISO, EMEA, Proofpoint

Agenda

12th of May, 2022

08:00

Power Breakfast & Chairman’s address

Green Room

Blue Room

08:45

Keynote

Massive hack and the best defence

Let’s talk on how the massive hack happened and why it’s such a big deal?

  • What are the best practices to manage an incident?
  • What are the best responses and lessons learned?
  • Find out what are the greatest challenges that security professionals are facing
  • How can we improve defences and why knowledge is the best defence?

Speaker:
Tim Brown, CISO, Solarwinds

Keynote

How did the Department of Defence move to Zero Trust and DevSecOps with Kubernetes and Istio?
  • How did the DoD partner with the Linux Foundation and Cloud Native Computing Foundation and the open source community to build their end to end DevSecOps stack?
  • How to move at the pace of relevance while ensuring security is baked-in continuously?
  • How to implement data-centricity and labelling down to the cell level across large organisations?

Speaker:
Nicolas M. Chaillan, First U.S. Air Force and Space Force CSO

09:00

Expert Panel

The rise of BYOD!

With advanced technology and the discern costs of providing their workforce BYOD become an attractive choice for employers, of course with secured devices. Employees are happy to keep track of one device for managing their personal and work items in one place.

  • Can you shed some light on Top BYOD Risks?
  • How are you dealing with BYOD at your organisation?
  • On the contrary many organisations are trying to get rid of BYOD, how is it working for them?
  • What does the future hold for BYOD?

Panelist:
Jörgen Olofsson, CISO, Praktikertjänst
Kristian Teiter, CISO, HANZA Group

Expert Panel

Cyber risk and operational resilience

How to build a secure and resilient ecosystem? Which industries are at high risk?

  • Security and resilience of the digital ecosystem
  • Risks and resilience related to the specific industries (supply chain, manufacturing, transportation)
  • Vendor/3rd party due diligence (early identification of key issues, negotiation strategy and remediation of identified risks)

Panelist:
Stuart Philips, Product Marketing Director, Interos
Anwar Sulaiman, Data Protection Officer, Saab

09:30

Keynote

The Final Attack Vector

Do you really know what’s on the threat horizon? What the next cyber enemy looks like? Security professionals work tirelessly to defend against new attack vectors, TTPs and 0-Days, but the rules of the game are about to change. Enter a new formidable threat: Augmented humans with the ability to directly interface with your tech stack. This is not science fiction, this is a real attack vector that many among us don’t even know exists. Utilizing implanted technology, biohackers can compromise loosely connected devices, IoT, physical access security, and even plant ransomware with little to no IOCs. People are the attack vector, attack tool and attack target. In a world where implants, deep fakes, AI and identity collide, how do we evolve security when the lines between humanity and technology no longer exist. Is your security team ready?

Speaker:
Len Noe, Technical Evangelist / White Hat Hacker / BioHacke, CyberArk

Keynote – To Be Announced

10:00

Expert Panel

Insider threats in Fintech industry!
  • Why are Fintech organisations more prone to insider threats?
  • To address this growing problem, banks must identify the greatest sources of risk, what are the mitigation tactics?

Panelist:
Navaz Sumar, CISO, TF Bank
Rune Skarphagem, CISO, Mitigram
Sanne Femling, IT Security Officer, Resurs Bank
Shafiullah Ismail, VP- Cyber Security and Architecture, Mubadala Capital

Expert Panel

The Insider Threat: The known attacking from the unknown
  • How does insider threats work? If these are not identified in good time, what will be the consequences?
  • There are many motivators for insider threats e.g: sabotage, fraud, espionage, reputation damage or professional gain, what do you think is the greatest motivator for the e-commerce industry?
  • What is your take on the different types of threats for example Compromised users, Malicious users or Careless users?

Panellist:
Samantha Humphries, Head of EMEA Marketing & Security Strategy, Exabeam
Filip Johnssén, Senior Legal Counsel Privacy, Klarna

10:30

Coffee Break

11:00

Keynote – TBA

Keynote – TBA

11:30

Keynote – TBA

Keynote

The Path to Zero Trust by Securing Privileged Identities

Attacks on identity and privileged access pathways are relentless, with the stakes of a cyber-breach never higher. Securing privileged identity within your organisation has never been more important as it is the foundation of a successful Zero Trust implementation.
Zero Trust is built on foundations that are essential across your cybersecurity strategy, delivering greater value from existing cyber investments. In this session, we will outline:

  • Why protecting identities is fundamental to achieving Zero Trust
  • Practical steps you can take NOW to secure your privileged identities
  • The pivotal role Privileged Access Management plays in achieving Zero Trust

Speaker:
Lee Elliott, Director, Solutions Engineering Lee Elliott is the Director, Solutions Engineering, BeyondTrust

12:00

Lunch

13:00

Keynote

How did the Department of Defence move to Zero Trust and DevSecOps with Kubernetes and Istio?
  • How did the DoD partner with the Linux Foundation and Cloud Native Computing Foundation and the open source community to build their end to end DevSecOps stack?
  • How to move at the pace of relevance while ensuring security is baked-in continuously?
  • How to implement data-centricity and labelling down to the cell level across large organisations?

Speaker:
Nicolas M. Chaillan, First U.S. Air Force and Space Force CSO

Keynote – TBA

13:20

Expert Panel

CNAPP: Innovating at the speed of cloud without compromising on security, risk and compliance

We all know that public cloud hyperscalers like AWS, Azure, and GCP enable you to deliver new products and capabilities at breakneck speeds. The challenge that everyone faces is how to effectively balance speed to market against compliance mandates, risk, and the equally fast-growing list of security threats. Normally, achieving balance has been a painful process, often pitting developers vs cyber security. Does CNAPP hold the promise of making cloud-native cyber-security easier?

    • What are the real barriers to achieving cloud-native security?
      • What is unique about cloud-native cyber-security as opposed to on-premise or hybrid?
      • Do we have the right tooling strategy? CSPM, KSPM, CIEM, CWPP, IaC, EDP, HIPS and now CNAPP?
        Why standard DevOps is a huge pain/barrier for Cyber Security Teams?
    • Why “Context-Aware” Cyber Security Platforms are changing our security priorities?
      • Why CVSS scores do not go far enough in helping us identify real risks
      • What value does the ability to view risks holistically in a single, unified data model, instead of just a series of siloed risks, bring to Security Operations?
    • Tell me HOW – How do we actually speed up cyber-security implementations across the entire Software Development Cycle?
      • We’re CISO’s and have been at this for a while. What’s changed in the market that now allows us to speed up the process?
      • How does an Agentless Approach give me wide and deep visibility?
    • Every major cyber-security provider seems to be jumping on the CNAPP bandwagon. How can we differentiate between them?
      • How can I maximise the value of my tooling strategy
      • 5 tips to take home: How to choose a CNAPP partner when you’re ready

Speaker:
Marcelo Negro, Cloud & Security Evangelist, Orca Security

Expert Panel

Rise of social engineering - why must you be a vigilante?

What Does a Social Engineering Attack Look Like?

Security is all about knowing who and what to trust. Cyber criminals are increasingly using social engineering techniques to exploit the weakest link in the security chain: people. Phishing attacks are a subset of social engineering strategy that imitate a trusted source and concoct a seemingly logical scenario for handing over login credentials or other sensitive personal data. What makes you a target?

  • Not all hacks are performed by keyboard
  • Sophistication of Spear phishing
  • Prevention of Social Engineering Attacks

Panellist:
Dimitrios Stergiou, CISO, Trustly
Christina Lekati, Social Engineering Security Specialist, Intelligence Analyst
Daniel Marques, Head of Cyber Security, Miniclip

13:50

Keynote – TBA

Keynote – TBA

14:20

Expert Panel

We have intruders! How do we protect ourselves?

Manufacturing industry is the highest user of IoT hence the prime target for attackers!
IoT technology continues to evolve, however it is not possible to completely secure IoT devices. Since IoT devices are not built to detect and mitigate potential cyberthreats, they could pose a serious risk to organisations unless they aren’t adequately secured.

  • What are the common IoT attacks?
  • What do you know about eavesdropping attacks or sniffing attacks?
  • As we do not have any silver bullet for IoT attacks, could you please share best practices?

Panelist:
Anne Hännikäinen, CISO, Fintraffic
Shahid Raza, Director Security Lab and Expert Researcher, RISE Research Institutes of Sweden
Fred Streefland, Director Cybersecurity (CSO/DPO)/Cybersecurity Evangelist, Hikvision

Expert Panel

Cyberwars: How to dodge the Digital Bullet?

Cyber warfare involves the actions by a nation-state or international organisation to attack and attempt to damage another nation´s computers or information networks. Private networks are becoming national security assets – whether we want it or not. Cyberattacks have the potential to be just as disruptive as bombs. In the wake of wartimes, everybody is responsible.

  • Are we ready for cyberwar?
  • The arsenal of Cyber Weapons
  • How big are resources of political-related attacks?
  • Hybrid warfare and recent cyber attacks
  • How can we protect ourselves against digital bullets?

Panelist:
Dan Cimpean, Director, National Cyber Security Directorate Romania
Oleksii Baranovskyi, Ph.D., CISSP, CISM, CEH, CHFI, ISO, Blekinge Tekniska Högskola
Catharina Candolin, Expert (Cyber Security), OP Financial Group
Thomas Lund-Sørensen, Partner at Macro Advisory Partners and former Head of the national Centre for Cyber Security

14:50

Keynote – TBA

Keynote – TBA

15:20

Coffee Break

15:40

Expert Panel

Ransomware in different industries!

More than 50% ransomware is targeting three industries, banking, retail and utilities, however every other industry is suffering equally when it comes to the impact of ransomware.

  • Who will pay the cost?
  • What type of regulatory frameworks does the industry need?
  • How can we draw the line of liability?
  • Are there societal aspects that we need to consider?

Panelist:
Thomas Chateau, IT Risk & Cyber Security Officer, BNP Paribas
Mikael Inkinen, CISO, City of Helsinki

Expert Panel

Ending the cycle- How to evade becoming a hybrid threat enabler? Cyber attacks don’t come out of thin air but require intel, technology and foremost funding!

For most of the financial sector battling illicit money flows is as important as the technological and business process safeties for stopping the hybrid attacks against themselves, their customers and partners across the supply chain.

  • Cooperation with financial intelligence units and the law enforcement community helps to protect the company and its customers.
  • The future of hybrid defence relies on networks of private companies, public institutions and AI solutions like proposed by the TRACE project consortium.

Panelist:
Thea Sogenbits, CISO, Estonian Tax and Customs Board

16:10

One for the road

16:15

GADGETS, GADGETS, GADGETS Lottery

17:00

By invitation Only Dinner

Previous Agendas

Sum of All Fears
Edition

27th of January 2022

The C-Suite
Edition

15th of September 2021

Financial Institutions

Edition

15-16th of April 2021

15th Annual
The Only Dedicated Nordic Cyber Security Event
Capped at 500 – STAY SECURE: