Agenda

09.00 - 09.50

Breakfast networking & registration
09.50 - 10.00

Chair's welcome
10.00 - 10.20

►Beyond the Algorithm: How Human Factors Can Make or Break AI Adoption

Meri Roboci, AI Security Strategist, DWS Group

  • Why trust is not a given, and how to build AI literacy across your organisation
  • Behavioural Resistance & Organisational Culture
  • Ethical Decision-Making & Oversight
  • The Human-AI Collaboration Interface
  • Real-world examples from finance-what went right, what went wrong, and why
10.20 - 10.40

Rubrik's presentation to be announced soon
10.40 - 11.00

►Sicherheit trotz, für und mit Quantencomputern

Pascal Debus, Head of the Quantum Security Technologies (QST) research group , Fraunhofer AISEC

  • Sicherheit trotz Quantencomputern: Ein Aufruf zum Handeln
  • Quantum Cybersecurity neu denken - ein ganzheitlicher Ansatz
  • Sicherheit mit Quantencomputern: Vom Risiko zur Chance
11.00 - 11.30

Networking break
11.30 - 11.50

►OT Security – A Structured Approach to Securing Industrial Assets

Prashant Joshi, Head of Enterprise IT Security Architecture, Volvo Group

  • Understanding the growing sophistication of threats targeting industrial systems.
  • Building a multi-layered defence tailored to OT environments.
  • Common Pitfalls and Lessons Learned 
11.50 - 12.10

►Insights into current cybersecurity threats impacting individuals and organisations

Ulrich Baumann, Partner & COO, Oikon LAW

  • Regulatory obligations and legal strategies for safeguarding sensitive information
  • AI and Cyber Risk Governance and navigating the implications of the EU AI Act
  • Streamlining legal and technical requirements to meet evolving standards for cyber resilience (NIS2 and ISO 27001)
12.10 - 12.50

►Education Seminars

Delegates will be able to choose from a range of topics:

  • Solving Application Security without causing Pain between Shift Left and Shift Right, Paul Senkel, Senior Solutions Engineer, Contrast Security

     

  • Understanding DORA – Aligning Cybersecurity and Compliance, Nico Richters, Account Director, Recorded Future
14.00 - 14.30

►Panel Discussion: Battling Nation-State Hackers: Winning the Cyber War

Andreas Englisch, IT Security Officer, European Aero Engine Consortium (moderator) 
Sreedevi Jay, Global Head of CERT, PagoNxt (a Santander company) 
Rainer Giedat, Former Cyber Security Officer, Scalable GmbH 
Waqas Jutt, Global Lead SOC Architect, Intel Corporation

  • How can organisations effectively leverage threat intelligence to proactively counter nation-state attacks? Can they?
  • Do regulatory standards actually enhance defence against nation-state actors, or do they merely add compliance burdens without
    improving security?
  • Are we doing enough to address supply chain vulnerabilities, or is this an overlooked entry point for nation-state threats?
  • What strategic, forward-looking investments are essential for effectively countering the evolving tactics of APTs?
14.30 - 14.50

►Getting to Grips with the New Wave of Domain-Impersonation Attacks

Nadim Lahoud, SVP Operations, Red Sift

  • Examine how a new breed of attacks is getting around DMARC and other email authentication policies to pose as trusted brands
  • Learn a proactive, process-driven playbook that equips organisations to detect, disrupt and prevent these exploits 
  • Wrap up by asking (and answering): When is a CISO’s job truly “complete” in the never-ending fight against impersonators?
15:30 - 15:50

►Ransomware 3.0: Weaponizing AI for the Next Generation of Ransomware Attacks

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
  • Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you
15.10 - 15.40

Networking break
15.40 - 16.00

►Navigating the Cloud Responsibly

Rainer Giedat, Cyber Security Officer, Scalable GmbH

  • The cloud provider outlined my responsibilities - but how do I actually make it work?
  • I've assigned roles within my DevOps team, but can they truly carry them out?
  • What happens to cloud security if we don’t have a firm grasp on our responsibilities?
  • Services and workloads are people too, you know…
16.00 - 16.30

►Panel Discussion: Securing Future Architectures

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England (moderator)
Alexander Zhitenev, Director of Corporate Systems & Head of IT Security, IFCO MANAGEMENT GmbH
Klaus-E. Klingner, Information Security Officer, Asambeauty 
Prashant Joshi, Head of Enterprise IT Security Architecture, Volvo Group 
Agnès Terreau, Country Data Protection and Security Officer, ManPower Group

  • How can security teams design resilient architectures to integrate and leverage emerging technologies such as AI, quantum computing, and IoT?
  • What role does AI play in developing proactive rather than reactive security strategies?
  • What are the best practices for integrating AI without disrupting legacy systems and existing workflows?
  • How can organisations implement zero-trust principles and adaptive access controls to secure ever-evolving environments driven by AI and edge computing?
16.30 - 16.35

Chair's closing remarks

Bildungsseminare


Solving Application Security without causing Pain between Shift Left and Shift Right


Paul Senkel, Senior Solutions Engineer, Contrast Security

As developers shift left and security teams shift right, the workflows in between often stretch to breaking point. Tooling is fragmented, collaboration breaks down, and AppSec becomes a source of friction rather than flow. In this talk, Paul shares hard-earned lessons from both sides of the software lifecycle – rediscovering joy through a smarter, integrated approach to AppSec. You'll learn how to identify hidden friction points, reduce developer frustration, and bring security into the development process without slowing teams down. We will explore practical ways to align teams, modernise workflows, and remove the real-world pain points of fragmented AppSec – so security becomes seamless, not stressful.

  • Paul shares hard-earned lessons from both sides of the software lifecycle – rediscovering joy through a smarter, integrated approach to AppSec.
  • You will learn how to identify hidden friction points, reduce developer frustration, and bring security into the development process without slowing teams down
  • Exploring practical ways to align teams, modernise workflows, and remove the real-world pain points of fragmented AppSec – so security becomes seamless, not stressful

Understanding DORA – Aligning Cybersecurity and Compliance


Nico Richters, Account Director, Recorded Future

DORA is a new EU regulation requiring companies to make their digital systems more resilient to disruptions and cyberattacks. It affects not only banks, but all key players in the financial system. DORA brings cybersecurity and compliance closer together than ever before. For security and IT teams, this means new priorities and increased responsibility. The requirements are complex: companies must adapt processes, reporting, and technical controls. One of the toughest parts is identifying and documenting risks in real time. Recorded Future provides the threat intelligence needed to detect risks early and support compliance reporting. This helps organisations meet regulatory demands more efficiently.

Attendees will Learn:

  • What the Digital Operational Resilience Act (DORA) is all about
  • Why DORA is a game changer for security and IT teams
  • Key challenges organisations face when implementing DORA
  • How Recorded Future helps meet DORA compliance requirements