Registration starts with morning breakfast
Opening Remarks: Ulf Berglund, Conference Moderator, U&I Security Group AB
Why processes often fail and how to solve the problem with human resources: Ulf Holmerin, Vice President ISACA Sweden Chapter
Ulf has been working with information security in over 35 years in all areas and on all levels. From IT-support and helprunner to an Information Security Strategist on top level. Both in the private and public sector. As a consultant as well as an employee.
Ulf will talk about that processes isn’t the holy grail in solving problems in information security. He will also discuss the problem in finding human resources in cybersecurity and present you with the solution to solve the problem.
The conclusion of the presentation is that "one mistake you can live with, but two mistakes are one to many and may lead to that we lose the battle for cybersecurity."
IT/OT Convergence – how do we catch up? Mats Karlsson Landré, Senior OT Security Advisor, AFRY
Background: It is a common buzzword lately, “IT/OT Convergence” – but what aspects are doing the actual converging? Is it related to technology or business processes? Maybe it is an organizational question? Or is it just a sales-pitch from vendors? Mats will discuss why the answers to these questions differ depending on who you talk to.
- What is IT/OT convergence?
- Has it already happened?
- Who should care?
- What comes after it?
Global Threat Report 2022 - In-depth analysis of the most significant cybersecurity events and trends, Stuart Wiggins Strategic Threat Advisor, CrowdStrike
Background: 2021 taught us that cybercriminals don't rest, the threat is constantly evolving and adversaries are increasing their operational tempo. Attacks are becoming more sophisticated and disruption is happening quicker than ever before, causing massive disruptions in all aspects of our daily lives. With the now globally renowned Global Threat Report, CrowdStrike recently published its most recent edition with findings and observations on all relevant events and trends in the field of cybersecurity. But even more important: how can security specialists use this information to keep their organization as secure as possible in 2022?
During this session Stuart will discuss how intelligence can get you ahead of the adversary and, more importantly, get time back on your side.
Getting it right (it as in IT) when dealing with Third party & Cloud: Angelique Dawnbringer, Senior Information Security Officer SEB
- Understanding - the service acquisition, business objectives, technical and organizational controls, capabilities, and maturity - is key.
- Knowledge and proof - of total cost of ownership, features, and functionality, required maturity, vendor & lifecycle management, inhouse resources & competence, risk-awareness and cyber-risk-tolerance - are pre-requisites.
- Our instinct may be to set a blanket security policy for “anything in the cloud” instead of taking a risk-based approach, which will be far more secure and cost effective
- Encryption is not a cure-all silver-bullet and may lead to a false sense of security. Encrypting everything in SaaS because you don’t trust that service provider at all, likely means that you shouldn’t be using the provider in the first place. So why do we encrypt? Why do we so heavily rely on controls like this… Why do we readily buy tools and such?
Coffee Break & Networking in the Expo Area
EU CyberSecurity Act – What’s in it for us?: Jan Branzell CEO, Veriscan Security Sweden AB
Background: European Union (EU) launched the Cybersecurity Act (EU CSA) in April 2019 and then work on how to apply it has started in the different EU countries and ENISA. The EU CSA enables security certification of different ICT (information and Communication Technology) solutions that are planned to start in 2022/2023.
- What are the basics in EU CSA?
- What certification schemes are around the corner?
- How is the outlined time plan?
- What can be the actors?
- How might EU CSA affect our security work in the future?
Breakouts - Workshops & Round Table Discussion Sessions
Participate in workshops and round table discussions of your own choice from our supporting partners below. Round table sessions are limited to 7 participants/table.
Workshop: Securing your infrastructure while lowering your cost of compliance, Sverrir Thor Hakonarson Enterprise Technical Account Manager Nordics -LOKE
Background: IT infrastructure and resources are the essence of most organizations. It's crucial to have a good network security policy framework in place. The Qualys Cloud Platform is the security industry’s most progressive and adaptable cloud-based platform, featuring a suite of solutions that guard networks and shield businesses.
Workshop: After Solarwinds and Log4j, what are the lessons learnt ? Dominique Meurisse VP Sales International - TOR 2
- We live with a false sense of security
- What makes Sunburst (Solarwinds) and Log4Shell attacks so unique and difficult to address
- The comeback of the detection Network never lies
Round Table Session: A review of the current cyber threat landscape including the latest ransomware strains: Mikael Johansson Regional Sales Director - TOR 3
Background: Security risks and breaches have always been a focus for big corporates as well as small and medium-sized enterprises, and Acronis’ Cyberthreats Report has shown that their intensity and frequency is increasing exponentially. Amongst all cyber threats, Ransomware remains the world’s most costly and destructive malware to business, and should sit atop every IT professional’s cybersecurity priorities list.
- Options to protect yourself by building a checklist as a foundation of a comprehensive ransomware protection plan
- How Acronis integrated cyber protection solution can help you keep your business safe and secure
Lunch Break & Networking in the Expo Area
"The attack vectors against developers – and how to protect them": Christian Abdelmassih IT Security Specialist, Swedish Police Authority
Background: If you want to quickly damage a company – hack its developers. With supply chain attacks becoming the norm, we security professionals are challenged with securing new vulnerable endpoints.
- How do you protect a user which both has high privileges and a wide-open attack surface?
- How do we allow developers to maintain their tooling and DevOps workflow while protecting them from an adversary?
Breakouts - Workshops & Round Table Discussion Sessions
Participate in workshops and round table discussions of your own choice from our supporting partners below. Round table sessions are limited to 7 participants/table.
Round Table Session: Identity Security-The Backbone of Zero Trust, Bart Bruijnesteijn Solutions Engineering Director BeNeLux & Nordics - LOKE
Background: Zero Trust starts by assuming that any identity – whether human or machine – with access to your applications and systems may have been compromised. The “assume breach” mentality requires vigilance and a Zero Trust approach to security, one that is centered on securing identities.With Identity Security as the backbone of a Zero Trust approach, teams can focus on identifying, isolating and stopping threats from compromising identities and gaining privilege before they can do harm.
- How to make sure every user is who they claim to be with strong, contextual, risk-based authentication – increasing security and enhancing user experience
- How to vastly reduce your attack surface to only allow registered devices, with a good security posture, to access your resources
- How to grant privileged access the second it’s needed, and take it away the second it’s not
Round Table Session: Staying in control of your security posture - how cybersecurity champions utilize their budgets in the best possible way, Mikkel Planck Cyber Security Specialist - LOKE
A good cyber strategy is a must at all levels. However, shielding everything seems impossible, especially when it comes to securing all systems – in some cases, the existence of these threats within the systems is unknown. How do you ensure that you can map all threats and proactively optimize preventions?
In addition, many security specialists have budget limitations. In a rapidly changing market where many different types of products and services are offered, it is therefore difficult to make the right choice. What should you consider when implementing these solutions? And how can you make sure it matches your cybersecurity strategy and budget?
Besides the above discussion points, Mikkel together with industry peers will also explore the following topics:
- What is my security posture today, and where should I be?
- Do I have the right competencies, and how can I enable my staff?
- What considerations do I need to make?
Round Table Session: After Solarwinds and Log4j, what are the lessons learnt ? Dominique Meurisse VP Sales International - LOKE
Dominique Meurisse hosts a few participants from his morning workshop in a round table setting. Table is reserved with maximum7 seats.
Workshop Host: The Key to Everything - Encryption and the five small steps to securing the distributed workforce, Anastasiia Martorella Senior Sales Engineer - TOR 2
Background: Encryption is an essential component of providing end-to-end security for the distributed workforce. Breaking AES-256 bit encryption through ‘brute force’ methods is impractical for even the most determined attackers. So why does security for something as simple as file sharing sometimes fail, and what can we do about it?
- The session will explore why encryption is just one essential piece of the security picture, and how we can leverage key rotation, secure clients, IT policies, and other best practices to secure the digital experience for remote and distributed workers.
Risk Quantification:Helena Örtholm Group DPO and Head of Operational Risk Management, Tele2 AB
- How to understand and measure risk
- How different people perceive risk
How agile ways of working helped us cope with a pandemic - and what we got out of it: Robert Singh Sandhu CISO, ICA Sverige AB
Brief background: Since 2019 ICA has been on a journey of agile transformation which have seen us change our habits and ways of working.
- In the presentation I will share how we work in an agile way and what that meant and did for my team during times of isolation and working from home.
- Managing an infosec in an agile way has made us more connected to our organisational context and the business, making our work more impactful and fun.
A human-centric approach to Cyber Security and Privacy: Pål Göran Stensson Cyber Security and Privacy Operations Manager, IKEA Group
Background: The IKEA vision is “A better everyday life for the many people” and we bring that to life with a human-centric culture and the empowerment of our co-workers. Where security often sees people as part of the problem, we want to build a system where they are an essential part of the solution. A security operating model should be built for the enterprise, not exclusively for the security and privacy teams.
- What does Governance mean in a highly autonomous world?
- How do you build a security organisation when it cannot say NO anymore?
- How do you engage and scale the security and privacy work into an agile Digital organisation?
Afternoon Coffee Break & Networking in the Expo Area
Cyber Resilience: A modern story of business continuity Georgios Kryparos CISO, Einride
Background: Business Continuity processes, plans, tests have been around for a very long time. But in many cases, they were just a paper product, too far abstracted from the real day-to-day business threats. Nowadays, a business continuity plan very often aligns/resembles your cyber resilience program. Do one of them good and you get the other one for free! What is important though is not to stick to the basics, or the high level processes. But really, "get down and dirty"!
Georgios will present a use-case where proper business continuity planning really proved to be a business enabler.
”The societal security challenge posed by cyber supply chain risks – and how to tackle them”? Johan Turell Senior Analyst & Research Coordinator, The Swedish Civil Contingencies Agency(MSB)
Background: Over recent years, supply chain risks have emerged as one of the most pressing cybersecurity challenges with national security implications. With ever increasing specialisation among market actors, monodependencies on particular companies and organisations have become ubiquitous in digital supply chains – resulting in the rise and consolidation of nodes. When nodes fail, or become conduits for malicious code or espionage – the risk is not just organisational, but societal.
- In this session, Johan will review some of the findings of MSB:s recent analysis of supply chain risks, how supply chain attacks and other causes of incidents may result in societal consequences – and what we ought to do about it.
Closing Remarks: Ulf Berglund, Conference Moderator, U&I Security Group AB
Cocktail Reception Sponsored By GATEWATCHER Starts
The conference ends with a cocktail reception for you to network will all onsite participants. This is an opportunity to share what you have learned during the day, exhange ideas as well as make new contacts. For those of you who go to conferences to primarily network this is your moment to shine. Besides, one lucky attendee will win a prize during the prize draw that will be hosted by Gatewatcher!
Conference Moderator, Founder, U&I Security Group AB
Ulf Berglund has a long experience from leading positions in the field of information security. He has been an honourable President of the CSA Sweden Chapter which he launched in Sweden back in 2012. He is also co-author of the book Guide to the Cloud. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Skandia, Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.
Senior Information Security Officer, SEB
Let me introduce myself, Angelique Dawnbringer is my name and for the past 20 years of my life I've been working as a CIO/CTO, IT consultant and IT specialist. I specialize in cloud architecture, information security and data protection. I have worked in most industries, from building and maintaining datacentres, ISP’s to Banking, Medical, Insurance, HiTech-Physics and Automobile. Privacy and Data Protection or simply security has always been a big interest of mine and bringing awareness to people around the dangers and the potential in creating solutions. Regardless of industry, security is a must have quality aspect which is often overlooked. At this moment, I work as an Information Security Officer for SEB at Group & Tech Level at Group Security & Cyber Defense on Strategic Positioning and Threat Intelligence.Not knowing the balance between risk and opportunity is one of the biggest issues within the industries as such and hopefully, we can make the world a little better by sharing our knowledge and learn something new. I hope to share my insight from working in several industries with you.
Pål Göran Stensson
Cyber Security and Privacy Operations Manager, IKEA Group
Head of Cyber Security, modern, digital leader in a classic space of Security, Privacy, Risk and Compliance. We are constantly in transition and I am energized by leading through change. Eyes on the horizon, hands in the dirt and leading through example.
I drive a new agenda where Cyber Security is the enabler of the digital business model. Done right, we promote a dynamic, fast and flexible business where opportunities are found early, successfully converted, developing existing and new revenue to the company while maintaining our core values and principles.
Leading self, leading others and leading leaders, building a large organisation delivering on a global scale are my motivators and helps me grow my impact. My work is in developing a vision, a strategy and an approach to deliver with excellence where the work is described by others as quietly brilliant.
Group DPO and Head of Operational Risk Management , Tele2 AB
Helena started out as a lawyer working for the Swedish House Owners Association assisting the organization and its members with property rights and civil law issues. After some years she shifted focus to personal data rights/privacy issues and contract law, information security and IT audits when started working at EY and then later on at Transcendent Group, and she has been working with these topics as a consultant for approximately 15 years before starting to work as Chief Security Officer at the former TDC in 2013. With the Tele2 acquisition of TDC Helena became CISO and DPO for Tele2 Sweden and with the re-organization of Tele2 due to the current merger with ComHem she now holds the role as Group Privacy Officer, Data Protection Officer for Tele2 Sweden and ComHem as well as expanding her role in driving the risk work within the organization in her new role as Head of Operational Risk Management.
IT Security Specialist, Swedish Police Authority
Christian works with Enterprise-level Security Architecture and InfoSec-related tasks at the IT Security Division of the Swedish Police Authority. Before focusing on security, he was a Full Stack Developer and DevOps enthusiast. He supports developers in building secure web apps and sysadmins in safer operations. Today, he implements access controls, identity and access management solutions, conduct audits and risk analyses and secures one of the most important organizations in Sweden.
Georgios is currently head of IT security at Einride. He has previously served as head of the security department at Tink. Prior to that he was the lead security engineer at Klarna working with everything from security architecture to devsecops and from an information security to an application security perspective. He has more than 14 years of experience in the field and he believes that security work should not be driven by compliance requirements.
Robert Singh Sandhu
CISO, ICA Sverige AB
Robert Singh Sandhu is the CISO of ICA Sweden, the food wholesale, marketing and logistics part of the ICA Group. Robert has been working with Information & IT Security since 2015, helping large, global companies, as well as smaller local ones, secure their businesses with the business always in mind.
Vice President, ISACA Sweden Chapter
"Ulf Holmerin is an Information Security specialist who has worked on all levels. From helprunner to advisor to Senior Management in both in the private and public sectors. He is since 2014 Vice President in the ISACA Swedish chapter. Ulf is also active in ISACA International. Ulf has been a moderator for lots events and was during a period the recurrent facilitator for the yearly ISACA day."
Senior Analyst & Research Coordinator, MSB
Johan Turell is a senior analyst and research coordinator at the Department for Cybersecurity and Secure Communications at the Swedish Civil Contingencies Agency (MSB). In his role, Johan focuses on strategic issues related to how cyber challenges impact society. During his more than eight years at the agency, Johan has developed a number of tools, methods and concepts at the agency. Among these are how MSB measures cyber risk, information- and cybersecurity maturity and digital supply chain analysis. Johan has also led the development of MSB’s strategic research funding, resulting in (among others) research programmes on the challenges at the intersection between cybersecurity and AI, as well as the use of AI as in side channel threat analysis.
CEO, Veriscan Security Sweden AB
Jan Branzell is CEO at Veriscan Security AB. He has a marketing background and he is also an expert in management of cyber and information security. Jan’s approach to security is that it should be a positive contributor to and for the business. He is a member of the standards development committee in “ISO/IEC JTC 1/SC 27 Information security, cyber security and privacy” on which serves as an expert and editor. He is also part of the management commitee within ISO/IEC JTC 1/WG13 on Trustworthiness. But providing expert guidance on how to use the standards within organizations ranging from 10- 100 000 employees is really when he feels at home
Senior Sales Engineer, Progress
Ana is working in IT Industry for almost 12 years. She was covering different positions starting from Customer Care Agent, Network Support Engineer and Solutions Engineer. Her working life was always linked with Cyber Security, Privacy and Networking spiced with a passion to learn languages. Currently she speaks fluently Ukrainian, English, Spanish, Italian and Russian.
Mats Karlsson Landré
Senior OT Security Advisor, AFRY
Building on his experience from 20+ years of security leadership from industrial manufacturing in the nuclear sector, Mats Karlsson Landré support organizations in addressing their OT security needs. Moving between various industries, he is able to bring a wealth of knowledge and experience to his customers. Mats also runs the site www.ot-sakerhet.se where he regularly publishes a newsletter related to the exciting field of OT-security.
Sverrir Thor Hakonarson
Enterprise Technical Account Manager, Nordics, Qualys
Having worked 24 years in the IT industry, Sverrir has spent the last 15 years on IT security, primarily around Vulnerability Management, Policy Compliance, Data Loss Prevention and Web Security. Sverrir holds a B.Sc. in Management and Economics but learned to program at an early age and has achieved a variety of technical certifications from a number of vendors over the years, including Microsoft, Trend Micro, ForcePoint and Qualys.
Strategic Threat Advisor, CrowdStrike
Stuart Wiggins has spent over 13 years working in cyber intelligence and is passionate about utilising threat intelligence to improve cyber defences and reduce the impact of malicious cyber activity. He joins CrowdStrike as a Strategic Threat Advisor, helping to guide customers through all aspects of threat intelligence. Prior to CrowdStrike, Stuart started his career as an intelligence analyst in the UK civil service and has worked in a number of operational and strategic roles covering a variety of national security and cyber security related topics, including a three year posting the to the United States where he worked with several U.S. Federal Government agencies.
Solutions Engineering Director BeNeLux & Nordics, CyberArk
Bart Bruijnesteijn, Solutions Engineering Director - North Europe, CyberArk is based in Amsterdam. Bart is an IT Security professional with 25 years of experience in IT Security solution architecture, pre-sales and consultancy. Prior to joining CyberArk in 2015, Bart held several technical and leadership roles at IBM, Consul Risk Management and BMC Software. Bart is a frequent speaker at Cybersecurity events in Europe and is ISC2 - CISSP certified.
VP Sales International, Gatewatcher
As VP Sales International at Gatewatcher, Dominique MEURISSE lead all the International Sales Operation to help enterprises combat cyber threats and improve their security posture, implementing Cybersecurity security controls in complex environments. More specifically deploying Gatewatcher’s NDR Solution in the most mature and complex environments where machine learning combined with other detection technologies are adapted to the ever-evolving threat landscape. Throughout his career he has held various senior executive positions in cyber security domain.In his most recent role, as COO of WALLIX, the PAM vendor, he led the teams of Sales, Marketing all over EMEA.Prior to that, he was the Executive Vice President of NETASQ before been acquired by AIRBUS under the new name of STORMSHIELD an cofounder of InfoVista and Arche Communications ( acquired by Telindus)
Regional Sales Director, Acronis
Mikael Johansson has over 25 years of channel experience in the IT segment and have been the Regional director for Kingston Technology and now for the Cyber Security expert Acronis. He knows what it takes to make an excellent product or a solution successful in the Nordic region. Now as Regional Director for a Cyber Security Expert he regularly helps the Nordic SP/MSP partners to be Security Experts on a local level with a global partner protecting their back.
Cyber Security Specialist, CrowdStrike
At CrowdStrike, Mikkel is a member of the sales engineering team in the Nordics region. Mikkel and his colleagues are known as renowned trusted advisors in the region and inform their clients about the latest developments in the world of cybersecurity, where a lot changes on a daily basis.
Welcome to the 6th Edition of IT Security Insights Conference, one of the leading peer-to-peer events bringing together IT security practitioners from the Nordic region to discuss how to protect your data through innovation. This year’s edition will address: Information security, security compliance, cybersecurity skills shortage, emerging technologies such as: 5G, Machine Learning, AI and much more.
According to Gartner “many organizations will have and will adopt a cybersecurity mesh architecture as a result of the variety of technologies and silos that they have. "This is an effort to optimize technologies to make sure that each tool is talking to the other, each log is feeding back into the other," to orchestrate the environment”. Gartner also anticipates the adoption of mesh architecture will cut the cost of security incidents by 90% by 2024. How can we achieve this? And how can we even get started when most digital assets of today’s organisations are distributed across cloud and data centers? In order to be successful, one will need to prioritize composability and interoperability when selecting security solutions. It will also be essential to build a common base framework to compose and integrate security solutions.
“Gartner expects 75% of the world's population to have data privacy protection because of legislation by 2023. Depending on a company's jurisdiction, leaders might have to patch together different laws, and the requests their customers make”. What progress has been made since the GDPR came into force? And how can we overcome today's data privacy challenges?
According to Forrester “ten percent of companies will commit to a fully remote future. For the remaining 90%, vaccine mandates will lead to complications but won’t be the cause of most return-to-office failures. The real pain will be felt at the 60% of companies shifting to a hybrid model: One-third of first attempts anywhere- work simply won’t work. Leaders will claim support for hybrid work but still design meetings, job roles, and promotion opportunities around face-to-face experiences. Research also reveals that companies with a fully in-office model will see resignation rates rise to 2.5% per month”. So, it is business critical that companies strike the right balance between office and remote working if they stand a chance to thrive in the post-Covid era.
In a recent survey conducted on 489 cybersecurity professionals by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), it was found that despite continued discussions about the cybersecurity skill gap over the past 10 years, there has been no significant progress toward a solution to this problem. According to the ESG research report of 2021, ”The skills crisis has impacted over half (57%) of organizations. The top ramifications of the skills shortage include an increasing workload (62%), unfilled open job requisitions (38%), and high burnout among staff (38%). Further, 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years while 44% say it has only gotten worse”. How do we address the cybersecurity skills shortage in the coming 12 months?
The feedback we received from our recent conference was to have more customer case-studies and less product focussed sessions. In this respect, we promise you a handful of best case practices and thought-leadership keynotes, so you can benchmark your current strategies. Besides, a few technical workshops will be showcased in breakouts by leading solution providers that will be partnering with us at the conference.
We have a fantastic agenda lined up for you with a combination of amazing keynotes, best case practices, technical workshops, 17 speakers and up to 20 exhibitors offering different tools and solutions in the Expo Area. And, whether you choose to participate remotely or join us onsite, you will not be short of networking opportunities before during and after the event days.
The importance of IT Security had never been so great, as well the need for the community to gather and try to share experience and collaborate on some of the burning challenges. So, I hope to meet as many of you as possible at the conference.
Event Project Manager
7A Odenplan is an accessible and modern venue occupying a ﬂoor plan of 2000 sqm with a large courtyard. It offers ﬂexible rooms, good food and a roof terrace that overlooks Odengatan with a fantastic panoramic view of the city of Stockholm.7A Odenplan has a perfect city location with subway, commuter train and most city buses a few steps from the entrance. Those who intend to drive a car, there is a parking garage in the house below with direct access up to the meeting room.
Venue Address: Odengatan 65, 113 29 Stockholm
How to get to the venue
1. Subway from T- Centralen:
• Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby and Hässelby Strand.
• Get off at Odenplan - approx travel time 4 minutes.
• From the Subway station it takes 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.
Note: There is a subway going every 5 minutes.
2. By Commuter Trains from Central Station
• Take the commuter train from Stockholm Central towards any of the following destinations: Märsta, Kungsängen, Uppsala and Arlanda Airport.
• Get off at Odenplan station - approx travel time 4 minutes
• From the underground it will take at least 3 minutes’ walk to get out of the station. Then approx. 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.• The commuter trains go 4-6 times per hour.
3. By own car - Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden
4. By taxi - We recommend the following companies:
Taxi Stockholm +46 88-15 00 00
Taxi Kurir + 46 88-30 00 00
Taxi 020 + 46 20-20 20 20