13 - 29 OctoberScandic Infra City


Sofia Cerwall
Event Moderator & Crisis Management Lead, Ericsson

Fredrik Blix
Associate Professor Cybersecurity, Stockholm University

Åsa Schwarz
Security Specialist & Novelist, Knowit AB

Åsa Schwarz has more than twenty years of experience within cybersecurity and is Head of Business development at Knowit Cybersecurity & Law. She is also a novelist writing about crime, horror and security. Her lasts novel, Master of Dolls is a riveting crime novel that also investigates risks and moral dilemmas surrounding robots and humanity (co-author Lena Karlin).

Surinder S. Rait
Head of IT Security Assurance, Ericsson

Surinder is a Cyber Security professional with more than 20 years of experience working and leading various aspects of Information/ Cyber security including but not limited to implementing regulatroy & leading industry frameworks, Security Operations Centers (Red/ Blue Team), Business Continuity, Risk Management. Currently serving as a board member in CSA Sweden Chapter.”

Fredrik Malmström
Head of Group Information Security, Handelsbanken AB

Fredrik Malmström, 41 years old married with 3 kids. He is a Risk Manager by trade and has worked in different security fields for 20 years Operational, Tactical and Strategic in different International companies both in Sweden and abroad. Loves to train when time is given, His motto is; Stay relevant or wind down

Ulf Berglund
Cyber Security Architect, U&I Security Group AB

Sam Graflund Wallentin
Head of Information Security Governance, Swedbank

Banking & Finance Panelist: Sam Graflund Wallentin, Head of Information Security Governance, Swedbank

You probably need to give need to give me some feedback on the BIO based on how others have done and what you expect. Btw, who’s the moderator? Sam Graflund Wallentin has more than a decade of experience in IT, risk, resilience and security at leading consulting firms, always focusing on business enablement and governance. In 2020 though, he moved to the country side, got a dog, built a house, returned to amateur ice-hockey and switched to the client side. More specifically, information security in financial services and Swedbank. At Swedbank, Information Security Governance is a part of Group Information Security, which also includes Offensive and Defensive Cyber Security functions. Across four teams, Information Security Governance is responsible for Swedbank’s security risk, governance and frameworks; security assurance; security architecture; and security awareness. Challenges ahead include adapting, improving and optimising information security to the swift changes in the risk and threat landscape, among regulations and not the least, the tech, work and business environment.

Åke Holmgren
Head of Cybersecurity Division, The Swedish Civil Contingencies Agency (MSB)

Dr. Åke Holmgren is head of the Cybersecurity and Critical Infrastructure Protection Department at the Swedish Civil Contingencies Agency (MSB). Dr. Holmgren has more than 20 years of experience in cyber security and critical infrastructure protection from various government functions in Sweden. He has been a member of the Norwegian Commission on the digital vulnerability of society. Dr. Holmgren has been Visiting Scholar at the Institute for Civil Infrastructure Systems, Wagner Graduate School of Public Service, New York University. He holds a Ph.D. degree in Risk and Safety Analysis and a M.Sc. degree in engineering, both from the Royal Institute of Technology (KTH) in Stockholm, and a B.Sc. degree in business administration and economics from Stockholm University. At Paranoia 2019 Dr. Holmgren will give the talk "Countering Hybrid Threats - Civil Cyber Defence".

Angelique Dawnbringer
Senior Information Security Officer, SEB

Let me introduce myself, Angelique Dawnbringer is my name and for the past 20 years of my life I've been working as a CIO/CTO, IT consultant and IT specialist. I specialize in cloud architecture, information security and data protection. I have worked in most industries, from building and maintaining datacentres, ISP’s to Banking, Medical, Insurance, HiTech-Physics and Automobile. Privacy and Data Protection or simply security has always been a big interest of mine and bringing awareness to people around the dangers and the potential in creating solutions. Regardless of industry, security is a must have quality aspect which is often overlooked. At this moment, I work as an Information Security Officer for SEB at Group & Tech Level at Group Security & Cyber Defense on Strategic Positioning and Threat Intelligence.Not knowing the balance between risk and opportunity is one of the biggest issues within the industries as such and hopefully, we can make the world a little better by sharing our knowledge and learn something new. I hope to share my insight from working in several industries with you.

Carl-Göran Domeij
CISO and Information Management Lead, Billerudkorsnäs AB

Anna Fors
Senior Digital Strategist, Försäkringskassan

Anna Fors, senior Digital strategist at Swedish Social Insurance AgencyAfter 20 years in the private sector, including startups and global companies such as TUI, Anna works for the public sector since 2015. Focus since 2016 has been on digital fraud detection, digital strategy, sourcing and security issues in the digital world. 2019 she was a co-writer of the whitepaper Cloud Services in Sustaining Societal Functions – Risks, Appropriateness and the Way Forward and has since worked to increase the awareness of the importance of Digital sovereignty in Sweden.

Juha Härkönen
Vice President, Corporate Security, Fortum Oyj

Juha has worked in cyber security since 1986. He founded and led the cyber security team in the Central Criminal Police.In addition, Juha has served as a cyber security consultant in KPMG. In his current position, he has been responsible for Fortum's Security since 2002 including cyber. At the moment, he is particularly interested in situational awareness.

John Wallhoff
Founder & CEO, Scillani Information AB

Karin Winberg
CISO, Eskilstuna Municipality

Karin Winberg has more than twenty five years of experience within cybersecurity, risk, compliance, internal audit. Over the years she has served in various roles in leading organisations such as: the Swedish Reserve Bank, KPMG, IBM, Cybercom Group Transcendent Group, Swedbank to mention but a few. She believes that "compliance can become real only if everyone understands the value of the information and can put it into context".  Karin is currently serving as CISO at Eskilstuna Municipality.

Patrick Andersson
CISO, Stora Enso

Sverker Forsberg
Cyber Security Manager, Unilabs AB

Sverker has been involved in information security issues for 20 years, first as a consultant and later holding information security positions at the Swedish National Police Board and at Södersjukhuset. He has extensive experience with ISMS, compliance auditing and IT systems requirements, as well as with end user awareness training.Since 2014 Sverker has been involved in Healthcare information security. As CISO of Södersjukhuset and Cyber security manager at Unilabs he has dealt with compliance with national and European legislation, but also with the nitty gritty details of how to secure medical devices that need to attach to the corporate network and integrate with medical information systems.

Jörgen Olofsson
CISO, Praktikertjänst AB

“Jörgen Olofsson is an information security specialist with over 20 years’ experience in a wide area of disciplines including forensic investigations, penetration testing, security architecture, coding, risk/threat assessments, ISO 27001, PCI-DSS and information security management systems. Jörgen is currently the Chief Information Security Officer at Praktikertjänst, the largest private dental and health care group in Sweden. Previously, Jörgen has held senior roles in in various industries and government, related to technology and information security. Big fan of old computers and retro gaming."

Johan Åtting
Group CISO, Sectra AB

Johan has 25 years professional experience from various industries such as MedTech, Bank & Finance, Telecoms and Transport where the last 16 years have been within MedTech/Healthcare. Since 2016 he holds the position as Group CISO and DPO at the Medical Imaging IT and Cybersecurity firm Sectra.

Johanna Mannung
Security Consultant, Directions By Mannung

Ingvar Johansson
Solutions Architect, One Identity

Ingvar Johansson: Ingvar is an IT professional with 35+ years in the IT industry, Ingvar has been focusing on Identity and Access Governance for the last 15+ years working for several leading IGA vendors. Ingvar is currently working at One Identity as a Principal Solutions Architect focusing on IAM in the EMEA region, where his primary responsibility has always been as a solutions architect in a pre-sale role with the additional responsibility as a technical architect/consultant.

Erik de Jong
Global Lead for Incident Response, NCC Group

With 25 years of experience in the field of information security, both in the government and on the commercial side, Erik has seen his fair share of rightful optimism, misguided solutions, baby steps forward (fist pump!) and embarrassing train wrecks. Yet in the face of all this, he has managed to stay positive and reject cynicism. Now in his 10th year with Fox-IT and NCC Europe, he advises NCC Europe’s board, is still a frequent speaker at conferences and loves to keep his bio really short and to the point so that we can just get on with it.

Ulf Holmerin
Vice President, ISACA Sweden Chapter

"Ulf Holmerin is an Information Security specialist who has worked on all levels. From helprunner to advisor to Senior Management in both in the private and public sectors. He is since 2014 Vice President in the ISACA Swedish chapter. Ulf is also active in ISACA International. Ulf has been a moderator for lots events and was during a period the recurrent facilitator for the yearly ISACA day."

Peter Johansson
Regional Sales Manager Nordic and Baltic Region, Deep Instinct

Gerhard Giese
Industry Strategist, Akamai Technologies

Gerd is Industry Strategist at Akamai Technologies. He started at Akamai in 2010 and is now strategist in the Financial Sector, responsible for customer advisory, information sharing and consulting. With more than 20 years of experience in the security field, Gerd has accumulated in-depth expertise in network security as well as distributed denial of service (DDoS) mitigation and data theft prevention. He continues to interact directly with clients as a trusted security advisor, to identify the most pressing challenges for online businesses. In addition, he regularly delivers talks at industry conferences and works as an independent consultant for federal state authorities such as The German Ministry of IT Defense. Prior to Akamai, Gerd was a senior network engineer at McAfee. Gerd holds CISSP and CCSP certifications and is a certified ethical hacker.

Anish Hindocha
Privacy Consultant, OneTrust

Anish Hindocha is a Privacy Consultant for OneTrust, the global leader in privacy management software and marketing compliance software which helps organizations operationalise data privacy compliance and Privacy by Design. At OneTrust, Anish works with privacy project teams and C-level executives across the Nordics to automate and strengthen their core GDPR and ePrivacy processes.

Jan Branzell
CEO, Veriscan Security AB

Sarah Backman
Cybersecurity Consultant, Omegapoint AB

Sarah Backman is a Consultant with Omegapoint & PhD Candidate in International Relations at Stockholm University. Her research interests focus on cyber crisis management and national/international cyber security. She has a background in Security Studies from the Swedish Defence University. Beyond the academic realm, Sarah is an experienced consultant in the field of cyber security and crisis management with a specific focus on exercises.

Anders Åhlgren
CISO, Jönköping Energi AB

Anders is CISO at Jönköping Energi in Sweden. Anders also works for the European Commission DG ENER with Network codes on Cybersecurity for the European electric energy sector.

Kaj Paananen
Security Incident Readiness Team (SIRT) Leader, Hitachi ABB Power Grids

Ulf Bergman
DPO, Technical IT Security, Moderna Försäkringar AB

Ulf has a background from the Armed Forces where he served as an officer for seventeen years. He also worked as a Signal Protection Officer and System Operator during his tenure in the Armed Forces. He has also a wide experience within the IT industry in which he has held various positions in the last twenty years including positions such as: CIO, Network Manager, Client System Manager, Network and DC Manager, Head of Infrastructure Development. He possesses high competence in the outsourcing, infrastructure security business area in relation to banking/insurance and communication area. Today he is DPO and also responsible for IT-Security at Moderna Försäkringar.

Peter Skov
Director of Sales & Marketing

For the past 15 years Peter Skov has been a trusted Cyber Security Advisor and Consultant to Corporations world-wide including Porche, Verizon & Municipality of Copenhagen.

Apoorva Ravikrishnan
Product Marketing Manager, Cloudflare


Registration & Morning Breakfast Starts

Opening Remarks By Event Moderator: Sofia Cerwall Crisis Management Lead, Ericsson

How to define assets in the digital era – Time to leave 1990:s thinking?, Jan Branzell CEO, Versican Security AB

ISO 27000 series requires risk assessments and an asset register linked to classification also plays a big role. Assets are key for both these activities but what approaches to assets would yield great results for the organization today?

Key Takeaways:

  • What was behind the “system” approach?
  • What assets should we protect today?
  • How does this affect the classification schemes and risk assessment approaches?
  • All in context of an organization that wants to benefit from using ISO 27000 series

      Schrems II: What The EDPB Recommendations & Modernized SCCs Mean For You: Anish Hindocha Privacy Consultant, OneTrust

      Since the Court of Justice of the European Union’s ruling in "Schrems II", companies have been eagerly anticipating detailed guidance from regulators in how to manage EU data transfers to third countries, and particularly those that rely on standard contractual clauses. Those recommendations have now been released by the European Data Protection Board, as well as new SCCs by the European Commission.

      Key Takeaways:

      • The presentation will discuss how to take a risk-based approach to the EDPB’s guidelines, an overview of the new SCCs, and the way ahead for international data transfers

      A history of disruption - a journey through the latest Web (attack) trends: Gerhard Giese Industry Strategist, Akamai Technologies

      Powered by necessity, 2020 saw a gigantic boost for digital strategies. This helped to maintain critical services through online availability but it also gave new incentives for cyber criminals claiming their share of the profit. In this session, Gerdhard will share the latest threats the world has been experiencing, and explain how corporations managed to recognize fight them.

      “5 steps for improving organizational cyber crisis management capacity”, Sarah Backman Cybersecurity Consultant, Omegapoint AB

      Cyber crises or crises with digital aspects are increasingly becoming potential scenarios for various organizations. This development must be considered by crisis management and response groups as well as leadership in any organization. In this session, Sarah Backman introduces 5 steps for developing or improving organizational capacity to efficiently deal with cyber crises.

      Coffee Break & Networking in the Expo Area

      Panel Discussions: Post-COVID-19 Cybersecurity Challenges, Banking & Finance, Public & Manufacturing Panels

      Manufacturing Sector Panel Moderator: Ulf Holmerin Vice President, ISACA Sweden Chapter

      Manufacturing Sector Panelist: Patrick Andersson CISO, Stora Enso

      Manufacturing Sector Panelist: Carl-Göran Domeij, CISO and Information Management Lead, Billerudkorsnäs AB

      Manufacturing Sector Panelist: Ingvar Johansson Pre-Sales Engineer, EMEA ONE IDENTITY

      Public Sector Panel Moderator: Åke Holmgren, Head of Cybersecurity Division, MSB

      Public Sector Panelist: Karin Winberg, CISO, Eskilstuna Municipality

      Public Sector Panelist: Anna Fors, Senior Digital Strategist, Försäkringskassan

      Public Sector Panelist: Fredrik Blix, Associate Professor Cybersecurity, Stockholm University

      Banking & Finance Panel Moderator: Ulf Berglund Cyber Security Architect, U&I Security Group AB

      Banking & Finance Panelist: Fredrik Malmström, Head of Group Information Security, Handelsbanken

      Banking & Finance Panelist: Vijay Chauhan Senior Product Marketing Director, Cloudflare

      Banking & Finance Panelist: Angelique Dawnbringer, Senior Information Officer, SEB

      Banking & Finance Panelist: Sam Graflund Wallentin, Head of Information Security Governance, Swedbank

      Panel Discussions: Post-COVID-19 Cybersecurity Challenges, Healthcare & Energy Sector

      Healthcare Panel Moderator: Sverker Forsberg, Cyber Security Manager, Unilabs Region North

      Healthcare Panelist: Jörgen Olofsson, CISO, Praktikertjänst AB

      Healthcare Panelist: Johan Åtting, Group CISO, Sectra AB

      Energy Panel Moderator: John Wallhoff Founder & CEO, Scillani Information AB

      Energy Sector Panelist: Juha Härkönen, Vice President, Corporate Security, Fortum Oyj

      Energy Sector Panelist: Anders Åhlgren, CISO, Jönköping Energi AB

      Energy Sector Panelist: Kaj Paananen, Security Incident Readiness Team (SIRT) Leader, Hitachi ABB Power Gridsids

      Lunch Break & Networking in the Expo Area

      IT Security Insights Workshops

      Achieve Secure Access to Your Critical Resources with Zero Trust and Least Privilege: Ingvar Johansson, Solutions Architect ONE IDENTITY

      In this live workshop, learn how Zero Trust and Least Privilege Can Secure Access to Your Critical Resources. With the majority of large organisations using Active Directory (AD) and Azure AD (AAD) to control user permissions and access, it is a primary target of attackers. With the rise of privileged access management (PAM) as an aspect of functions that AD/AAD controls, PAM must be a critical part of any operational and security strategy for privileged resources.

      Key takeaways:

      • How to enhance privileged security for your hybrid AD environment
      • What is Zero Trust
      • How to achieve Zero Trust by using just-in-time activation of privileged accounts and entitlements
      • In addition, you will see a demo of Zero Trust from One Identity.

      Live Learning Session: Apoorva Ravikrishnan, Product Marketing Manager, Cloudflare

      Network Security as-a-service:

      One of the most profound shifts we've been hearing about is that legacy appliance-based approaches, that our customers around the globe are using to secure their networks, aren't working anymore. Evolving your network for remote work has opened it up to risks.

      Key Takeaways:

      • Join Cloudflare's session to discover how delivering network security at the edge - not data centers - can better protect your applications, your data, and your users.

      The Cyber Security Dilemma – And How Deep Instinct Breaks the Mold: Peter Johansson, Regional Sales Manager, Nordic and Baltic Region

      The cybersecurity landscape has evolved significantly from the earliest days of AVprotection in the 1990s. Business customers can now choose from a variety ofoptions to architect a security stack, including vendors in the EDR, MDR, and XDRspaces. But what do these acronyms mean and how do they differ? And, more importantly,what benefits do they offer to enhance your existing security posture and to preventcyberattacks and the loss of business-critical data?

      Key  Takeaways:

    • Why EDR/MDR/XDR were created and what problems they were built to solve?
    • How cybercriminals are evading common detection and response frameworks (and why they do not prevent many threats)?
    • Why Deep Instinct’s prevention-first approach is the next evolution in cybersecurity defence?
    • The CSA Cloud Controls Matrix (CCM): Surinder S. Rait Head of IT Security Assurance, Ericsson

      The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. In this session Surinder will  discuss how this framework can be used to help improve security posture of the respective cloud environment with clear roles and responsibilities.

      Update from the trenches: ransomware war stories, Erik de Jong Global Lead for Incident Response, NCC Group

      Keynote Background:

      All around us, we see organizations (temporarily) bite the dust in the battle against criminals. Their operations halted, data held ransom or worse: published. At NCC Europe’s incident response practice, we help organizations fight the good fight on a daily basis. We experience up close how ransomware attacks evolve, and are continuously reminded of the ruthlessness of the attackers, notwithstanding their attempts at public relations through feel good interviews. In this talk, Erik will talk you through ransomware’s evolution of the years, the latest tricks up criminals’ sleeves and the most common points for improvement that we identify among our customers.

      Networking Afternoon Coffee Break

      Defending against Cyber-attacks with AI: Peter Skov Director of Sales & Marketing, Muninn

      Key Takeaways:

      •  If AI is not self-aware, are computers truly still fast enough that they can build a complete picture of what is normal and respond and block in real time what is not normal from a cyber perspective?
      • Can this approach work and how? Is AI able, on a network level, to provide a new and truly unique layer of cyber security?
      • Are there real examples of actual recent ransomware software strains and how AI defeats it in real time using anomaly detection and AI blocking?

        Panel: Benefits of Diversification in Cybersecurity

        Panel Moderator, Sofia Cerwall, Crisis Management Lead, Ericsson

        Panelist: Ulf Bergman, DPO, Technical IT Security, Moderna Försäkringar AB

        Panelist: Åsa Schwarz, Security Consultant and Author, Knowit AB

        Panelist: Johanna Mannung Security Consultant , Directions By MannungSvenska kraftnät

        Summary remarks By Event Moderator: Sofia Cerwall, Crisis Management Lead,Ericsson

        Cocktail Reception

        Evening Dinner Reception

        Editor's Note

        I am delighted to welcome you at the 5th edition of the IT Security Insights Conference which is going to be the most exciting and biggest edition so far. The conference will bring together leading IT Security practitioners and stakeholders in the Nordic region to discuss business critical issues and IT Security trends in 2021.

        This year’s conference will also be hybrid-event format where one can either follow the event programme online or join us in person at the designated venue, Scandic Infra City in Bredden, Uppland Väsby

        According to NORDVPN Cyberattacks are up 400% a day compared to pre-COVID-19 levels. At the beginning of 2020, the FBI reported that complaints of cyberattacks received by its cyber division had risen to almost 4,000 a day, a 400% increase over pre-coronavirus numbers. In one four-month period (January to April), 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs all related to COVID-19, were also detected by one of INTERPOL's private sector partners.

        Good examples of high profile recent cyberattack victims in 2020 include: the French IT service giant Sopra Steria that was attacked by Ryuk ransomware on the evening of 20th October, 2020. It’s estimated that this particular attack cost the company around £ 50 million. FireEye, one of the leading cybersecurity firm via their CEO, Kevin Madia came out and stated ”Based on my 25 years in the cybersecurity and responding to incidents, I have concluded that we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years”. This clearly shows IT Security should be a top priority for not only end users but also suppliers of IT Security products and solutions. But what are the underlying reasons for this upsurge of cyberattacks? How can we successfully mitigate these ongoing data breaches?

        Due to the increased surge in COVID-19 cases, we are seeing more companies and workplaces encourage it’s employees to work more remotely than ever before. Though this phenomenon is here to stay it would require most organisations to adopt and implement right tools to ensure that remote access capabilities are tested, secure, and endpoints used by employees are patched effectively. This developement has, however exacerbated a rapid escalation of insider threats. ”According to Forrester, the insider data breaches are poised to increase by 8% in 2021 and account for 33% of all cybersecurity Incidents”

        The conference is tailored for CISOs, CIOs, IT practitioners working with Information Security, Data Security, Cloud Services and GDPR matters. The main themes to be explored include: How to define assets in the digital era, Schrems II judgement, a review of the latest web attack trends, How to improve organisational cyber crisis management capacity and CSA's Cloud Controls Matrix(CCM).

        The conference will attract over 30 speakers and about 15 partners offering a variety of innovative tools and solutions in the Expo area on the day. In addition the event offers a lot of networking and discussion opportunities via onsite peer-to-peer interactions and also via the virtual event platform, agorify for our online participants.

        The conference will also host a book signing by Åsa Schwarz and Lena Karlin. They will  be both signing their renowned book "Dockfabriken" that addresses risks of Artificial Intelligence.

        Join us at this fantastic event as we celebrate our 5th Anniversary filled with an exclusive networking program including both a closing cocktail reception and an evening dinner reception at Scandic Infra City Bredden.

        Looking forward to seeing you in October.

        Robert Kitunzi

        Event Project Manager


        Organized by