31 May 07:30 - 18:007A Odenplan

Speakers

Ulf Berglund
Conference Moderator, Founder, U&I Security Group AB

Ulf Berglund has a long experience from leading positions in the field of information security. He has been an honourable President of the CSA Sweden Chapter which he launched in Sweden back in 2012. He is also co-author of the book Guide to the Cloud. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Skandia, Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.

Angelique Dawnbringer
Senior Information Security Officer, SEB

Let me introduce myself, Angelique Dawnbringer is my name and for the past 20 years of my life I've been working as a CIO/CTO, IT consultant and IT specialist. I specialize in cloud architecture, information security and data protection. I have worked in most industries, from building and maintaining datacentres, ISP’s to Banking, Medical, Insurance, HiTech-Physics and Automobile. Privacy and Data Protection or simply security has always been a big interest of mine and bringing awareness to people around the dangers and the potential in creating solutions. Regardless of industry, security is a must have quality aspect which is often overlooked. At this moment, I work as an Information Security Officer for SEB at Group & Tech Level at Group Security & Cyber Defense on Strategic Positioning and Threat Intelligence.Not knowing the balance between risk and opportunity is one of the biggest issues within the industries as such and hopefully, we can make the world a little better by sharing our knowledge and learn something new. I hope to share my insight from working in several industries with you.

Ulf Holmerin
Vice President, ISACA Sweden Chapter

"Ulf Holmerin is an Information Security specialist who has worked on all levels. From helprunner to advisor to Senior Management in both in the private and public sectors. He is since 2014 Vice President in the ISACA Swedish chapter. Ulf is also active in ISACA International. Ulf has been a moderator for lots events and was during a period the recurrent facilitator for the yearly ISACA day."

Robert Singh Sandhu
CISO, ICA Sverige AB

  • Robert Singh Sandhu is the CISO of ICA Sweden, the food wholesale, marketing and logistics part of the ICA Group. Robert has been working with Information & IT Security since 2015, helping large, global companies, as well as smaller local ones, secure their businesses with the business always in mind.

Helena Örtholm
Group DPO and Head of Operational Risk Management , Tele2 AB

Helena started out as a lawyer working for the Swedish House Owners Association assisting the organization and its members with property rights and civil law issues. After some years she shifted focus to personal data rights/privacy issues and contract law, information security and IT audits when started working at EY and then later on at Transcendent Group, and she has been working with these topics as a consultant for approximately 15 years before starting to work as Chief Security Officer at the former TDC in 2013. With the Tele2 acquisition of TDC Helena became CISO and DPO for Tele2 Sweden and with the re-organization of Tele2 due to the current merger with ComHem she now holds the role as Group Privacy Officer, Data Protection Officer for Tele2 Sweden and ComHem as well as expanding her role in driving the risk work within the organization in her new role as Head of Operational Risk Management.

Jan Branzell
CEO, Veriscan Security AB

Jan Branzell is CEO at Veriscan Security AB. He has a marketing background

and he is also an expert in management of cyber and information security. Jan’s

approach to security is that it should be a positive contributor to and for the

business. He is a member of the standards development committee in “ISO/IEC

JTC 1/SC 27 Information security, cyber security and privacy” on which serves as

an expert and editor. He is also part of the management commitee within

ISO/IEC JTC 1/WG13 on Trustworthiness. But providing expert guidance on how

to use the standards within organizations ranging from 10- 100 000 employees

is really when he feels at home

Josef Joo
Head of Global Cyber Defense & Incident Response, Schneider Electric

Josef has extensive experience in the IT Industry spanning over 28 years, 15 of which he has spent at Schneider Electric in various senior roles. He is currently the Head of Global Cyber Defence & Incident Response. Prior to that he served as the Regional EMEA CISO for 8 years and he was the Regional Nordic IT manager for the company for over 5 years before assuming the EMEA position

Editorial

Welcome to the 6th Edition of IT Security Insights Conference, one of the leading peer-to-peer events bringing together IT security practitioners from the Nordic region to discuss how to protect your data through innovation. This year’s edition will address: Information security, security compliance, cybersecurity skills shortage, emerging technologies such as: 5G, Machine Learning, AI and much more.

According to Gartner “many organizations will have and will adopt a cybersecurity mesh architecture as a result of the variety of technologies and silos that they have. "This is an effort to optimize technologies to make sure that each tool is talking to the other, each log is feeding back into the other," to orchestrate the environment”. Gartner also anticipates the adoption of mesh architecture will cut the cost of security incidents by 90% by 2024. How can we achieve this? And how can we even get started when most digital assets of today’s organisations are distributed across cloud and data centers? In order to be successful, one will need to prioritize composability and interoperability when selecting security solutions. It will also be essential to build a common base framework to compose and integrate security solutions.

“Gartner expects 75% of the world's population to have data privacy protection because of legislation by 2023. Depending on a company's jurisdiction, leaders might have to patch together different laws, and the requests their customers make”. What progress has been made since the GDPR came into force? And how can we overcome today's data privacy challenges?

According to Forrester “ten percent of companies will commit to a fully remote future. For the remaining 90%, vaccine mandates will lead to complications but won’t be the cause of most return-to-office failures. The real pain will be felt at the 60% of companies shifting to a hybrid model: One-third of first attempts anywhere- work simply won’t work. Leaders will claim support for hybrid work but still design meetings, job roles, and promotion opportunities around face-to-face experiences. Research also reveals that companies with a fully in-office model will see resignation rates rise to 2.5% per month”. So, it is business critical that companies strike the right balance between office and remote working if they stand a chance to thrive in the post-Covid era.

In a recent survey conducted on 489 cybersecurity professionals by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), it was found that despite continued discussions about the cybersecurity skill gap over the past 10 years, there has been no significant progress toward a solution to this problem. According to the ESG research report of 2021, ”The skills crisis has impacted over half (57%) of organizations. The top ramifications of the skills shortage include an increasing workload (62%), unfilled open job requisitions (38%), and high burnout among staff (38%). Further, 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years while 44% say it has only gotten worse”. How do we address the cybersecurity skills shortage in the coming 12 months? 

The feedback we received from our recent conference was to have more customer case-studies and less product focussed sessions. In this respect, we promise you a handful of best case practices and thought-leadership keynotes, so you can benchmark your current strategies. Besides, a few technical workshops will be showcased in breakouts by leading solution providers that will be partnering with us at the conference.

We have a fantastic agenda lined up for you with a combination of amazing keynotes, best case practices, technical workshops, 20 speakers and over 25 exhibitors offering different tools and solutions in the Expo Area. And, whether you choose to participate remotely or join us onsite, you will not be short of networking opportunities before during and after the event days.

The importance of IT Security had never been so great, as well the need for the community to gather and try to share experience and collaborate on some of the burning challenges. So, I hope to meet as many of you as possible at the conference.


Sincerely,

Robert Kitunzi

Event Project Manager

Schedule

Registration Starts

Opening Remarks: Ulf Berglund, Conference Moderator, U&I Security Group AB

Why processes often fail and how to solve the problem with human resources: - Ulf Holmerin, Vice President ISACA Sweden Chapter

Ulf has been working with information security in over 35 years in all areas and on all levels. From IT-support and helprunner to an Information Security Strategist on top level. Both in the private and public sector. As a consultant as well as an employee. 

Ulf will talk about that processes isn’t the holy grail in solving problems in information security. He will also discuss the problem in finding human resources in cybersecurity and present you with the solution to solve the problem.

Key takeaway:

The conclusion of the presentation is that "one mistake you can live with, but two mistakes are one to many and may lead to that we lose the battle for cybersecurity."

Cybersecurity For Critical Infrastructure: Josef Joo Head of Global Cyber Defense & Incident Response, Schneider Electric

 Content Coming Soon

Best Case Practice about Cyberresilience: Sofia Dahlgren Donovan, Head Of IT Security, Svenska Spel

Content Coming Soon:

Getting it right (it as in IT) when dealing with Third party & Cloud: Angelique Dawnbringer, Senior Information Security Officer SEB

  • Understanding - the service acquisition, business objectives, technical and organizational controls, capabilities, and maturity - is key.
  • Knowledge and proof - of total cost of ownership, features, and functionality, required maturity, vendor & lifecycle management, inhouse resources & competence, risk-awareness and cyber-risk-tolerance - are pre-requisites.
  • Our instinct may be to set a blanket security policy for “anything in the cloud” instead of taking a risk-based approach, which will be far more secure and cost effective
  • Encryption is not a cure-all silver-bullet and may lead to a false sense of security. Encrypting everything in SaaS because you don’t trust that service provider at all, likely means that you shouldn’t be using the provider in the first place. So why do we encrypt? Why do we so heavily rely on controls like this… Why do we readily buy tools and such?

Coffee Break & Networking in the Expo Area

EU CyberSecurity Act – What’s in it for us?: Jan Branzell CEO, Veriscan Security Sweden AB

Background: European Union (EU) launched the Cybersecurity Act (EU CSA) in April 2019 and then work on how to apply it has started in the different EU countries and ENISA. The EU CSA enables security certification of different ICT (information and Communication Technology) solutions that are planned to start in 2022/2023. 

Key Takeaways:

  • What are the basics in EU CSA?
  • What certification schemes are around the corner?
  • How is the outlined time plan?
  • What can be the actors?
  • How might EU CSA affect our security work in the future?

Breakouts - Workshops & Virtual Round Table Discussions

IT Security Insights Workshop - Room TOR1

IT Security Insights Workshop - Room TOR2

IT Security Insights Workshop - Room LOKE

IT Security Insights Workshop - Room TOR3

Lunch Break & Networking in the Expo Area

Live Hacking Demo Session

Breakouts - Workshops & Virtual Round Table Discussions

IT Security Insights Workshop - Room LOKE

IT Security Insights Workshop - Room TOR1

IT Security Insights Workshop - Room TOR2

IT Security Insights Workshop - Room TOR3

Risk Quantification:Helena Örtholm Group DPO and Head of Operational Risk Management, Tele2 AB

Key Takeaways:

  • How to understand and measure risk
  • How different people perceive risk

How agile ways of working helped us cope with a pandemic - and what we got out of it: Robert Singh Sandhu CISO, ICA Sverige AB

Brief background: Since 2019 ICA has been on a journey of agile transformation which hav e seen us change our habits and ways of working.

Key Takeaways:

  • In the presentation I will share how we work in an agile way and what that meant and did for my team during times of isolation and working from home.
  • Managing an infosec in an agile way has made us more connected to our organisational context and the business, making our work more impactful and fun.

Device Management for Connected Devices: Pål Göran Stensson Technology Capability Manager, Cyber Security IKEA Group

Afternoon Coffee Break & Networking in the Expo Area

Optimising Cyber Security Public–Private Partnerships


Closing Keynote TBA


Closing Remarks: Ulf Berglund, Conference Moderator, U&I Security Group AB

Cocktail Reception starts in the Expo Area

Venue

7A Odenplan is an accessible and modern venue occupying a floor plan of 2000 sqm with a large courtyard. It offers flexible rooms, good food and a roof terrace that overlooks Odengatan with a fantastic panoramic view of the city of Stockholm.7A Odenplan has a perfect city location with subway, commuter train and most city buses a few steps from the entrance. Those who intend to drive a car, there is a parking garage in the house below with direct access up to the meeting room. 

Venue Address: Odengatan 65, 113 29 Stockholm 

How to get to the venue

1. Subway from T- Centralen: 

• Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby and Hässelby Strand.

• Get off at Odenplan - approx travel time 4 minutes.

• From the Subway station it takes 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time. 

Note: There is a subway going every 5 minutes.

2. By Commuter Trains from Central Station 

• Take the commuter train from Stockholm Central towards any of the following destinations: Märsta, Kungsängen, Uppsala and Arlanda Airport.

• Get off at Odenplan station - approx travel time 4 minutes

• From the underground it will take at least 3 minutes’ walk to get out of the station. Then approx. 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.• The commuter trains go 4-6 times per hour.

3. By own car -  Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden

4. By taxi - We recommend the following companies:

Taxi Stockholm +46 88-15 00 00 

Taxi Kurir + 46 88-30 00 00 

Taxi 020 + 46 20-20 20 20

Organized by