29 March 08:00 - 18:30Hotel Birger Jarl, Stockholm

Speakers

John Wallhoff
Event Chairman, B4 Investigate

John Wallhoff (CISA, CISM, CISSP), Co-Founder and Board Member at B4 Investigate and formerly the  President of ISACA Sweden Chapter & independent advisor. He is an experienced expert in the field of IT-Governance, IT Service Management and Information Security. Over the past 25 years he has been working with a wide range of organisations in different industries/sectors.

Mats Persson
IT Security Consultant, Omegapoint

Mats is a security advocate at Omegapoint and he is passionate about secure development, modern ways of working, and security in the cloud. For the past three years he has been team lead for a software security team helping 100+ product teams integrating security in their daily work.

Emilie Alftrén Hasslerud
GRC Advisor, FCG

Conny Larsson
Chairman, Sig Security

Magnus Juvas
CEO, Solidify

MS in Computer Science, Co-founder of Transcendent Group, Co-founder and CEO of Solidify.

Ralph Benton
CISO, Schibsted Media Group

Brian O'Toole
Head of Digital Services security center, Ericsson

Ian McShane
VP of Strategy, Arctic Wolf

Ian McShane is the VP of Strategy of Arctic Wolf. Ian has over 20 years experience in cybersecurity and operational IT, with humble beginnings in a tech support call center and live-fire experience leading sysadmin teams for large multi-national organizations. As a former Gartner analyst, Ian has advised the largest and fastestgrowing technology companies in the world as well as tens of thousands of organizations world-wide. He is well known as a trusted advisor and popular commentator in our industry, and prior to joining Arctic Wolf Ian also spent time in various product leadership end executive roles at Symantec, Endgame, Elastic, and CrowdStrike.

Emil Dahlin
CIO, Bravida

Pål Göran Stensson
Cyber Security and Privacy Operations Manager, IKEA Group

Head of Cyber Security, modern, digital leader in a classic space of Security, Privacy, Risk and Compliance. We are constantly in transition and I am energized by leading through change. Eyes on the horizon, hands in the dirt and leading through example.I drive a new agenda where Cyber Security is the enabler of the digital business model. Done right, we promote a dynamic, fast and flexible business where opportunities are found early, successfully converted, developing existing and new revenue to the company while maintaining our core values and principles.Leading self, leading others and leading leaders, building a large organisation delivering on a global scale are my motivators and helps me grow my impact. My work is in developing a vision, a strategy and an approach to deliver with excellence where the work is described by others as quietly brilliant.

Anna Forsebäck
Head of Legal, Hemnet AB

Anna is a Stockholm-based lawyer specialized in tech and privacy: She is currently head of legal matters at Hemnet AB. During here tenure at Schibsted, she was responsible for setting up a centralized, scalable DPO-office for all companies in the Media Division of Schibsted Media - a task that covered some fifty companies in ten European countries. Annas experience includes both external counsel roles and, in-house legal counsel and DPO roles.

Dimitrios Stergiou
Director of Information Security, Wayflyer

Dimitrios is currently employed as the Director of Information Security for the Wayflyer Group. He is an experienced senior Information security and Risk professional with over 20 years of experience. Before joining the Wayflyer Group, Dimitrios held positions at Trustly Group AB, Modern Times Group, NetEnt, Entraction, Innova S.A, and Intracom S.A.Dimitrios holds an M.Sc. in Information Security, as well as an MBA, and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional, Certified Cloud Security Professional (CCSP) and Certified Information Systems Security Professional (CISSP). Dimitrios is also a certified Certified Information Privacy Manager (CIPM) and Certified Information Privacy Professional (CIPP/E).Dimitrios' Information Security focus lies with standards compliance, technical security evaluation, risk management, secure development lifecycle, SecDevOps, and social engineering.

Donnie Murray
Senior Presales Architect at NTT Security Holdings

Donnie Murray is a Senior Presales Architect at NTT Security Holdings. He is a subject matter expert for Samurai XDR platform and adjacent cybersecurity services. He has expertise in a range of cybersecurity areas, including threat detection, intrusion analysis, incident response, threat intelligence, and both XDR and Managed Detection and Response. He has extensive experience as a SOC security analyst, where he has been responsible for identifying, responding and mitigating cyber threats. He is a trusted advisor to clients, helping them to understand and take advantage of the latest cybersecurity technologies and best practices.

Tim Sönderskov
Head of products and services, Omegapoint

Christoffer Karsberg
Coordinator NCC-SE, MSB

Senad Aruc
Lead Architect Northern Europe, Gatewatcher

Now North Sales Engineer at gatewatcher, Senad is a seasoned cybersecurity professional with more than 22 years of experience in Incident management, CSOC architecture and MDR/MSSP experience. He worked as an evangelist for NDR/EDR and SOAR/XDR solutions and developed extensive knowledge of malware analysis, threat intelligence, and anti-fraud & anti-phishing solutions. As a researcher and conference speaker about breaking inside botnets, his skills include written & verbal communication in 6 different languages. He took over leadership roles focused on advanced threats solutions and served in vital positions, notably at Gatewatcher but also previously as Lead/Architect Cybersecurity at ATS Cisco, Principal Advisor, SOC Senior Lead, Senior Security Specialist, and Security Consultant with organizations such as UL, ServiceNow, Reply, and DfLabs. Senad's educational background covers multiple study subjects and learning about modern developments in organizational leadership, cybersecurity, and information security. He published more than 20 research articles focusing on botnets and malware research.

Sofie Donovan
Head of IT Security, Svenska Spel

Martin Bergling
Coordinator Cybernode, RISE

Martin is a Senior Security Consultant at NIXU. Martin has a broad security background and has previously worked as Deputy Security Manager at the Central Bank of Sweden and as technical manager at FMV / CSEC, Sweden's certification body for IT security. He has also worked with project management, risk analysis, requirements specification, accreditation and security audits at IBM, the Swedish Armed Forces and Telia. Martin has several certifications, e.g. CISSP, CISA and CRISC, and he is also involved in SIG Security, ISACA and Dataföreningen in Sweden.

Christian Abdelmassih
IT Security Specialist, Swedish Police Authority

Christian works with Enterprise-level Security Architecture and InfoSec-related tasks at the IT Security Division of the Swedish Police Authority. Before focusing on security, he was a Full Stack Developer and DevOps enthusiast. He supports developers in building secure web apps and sysadmins in safer operations. Today, he implements access controls, identity and access management solutions, conduct audits and risk analyses and secures one of the most important organizations in Sweden

Schedule

Registration

Conference kicks-off with morning breakfast 

Chairman’s Opening Remarks

John Wallhoff, Board member & Co-Founder B4 Investigate

Cybersecurity Skills Shortage – and how it affects us Emil Dahlin CISO, Bravida

Key takeaways:

  • Continuously changing threats require new ways for protection
  • How we built a fit for purpose security organization and skillset that complies with business risk appetite

Security in 5G networks: Brian O'Toole Head of Digital Services security center, Ericsson

Cyber Secure Digitalisation, Mats Persson Security Consultant, Omegapoint

Software is at the very heart of digitalisation. But building software that is cybersecure while keeping desired time to market is often seen as impossible. Until now…

Key takeaways:

  • Cybersecurity and digitalisation as a single discipline
  • Cybersecurity begins with well-designed and well-built software
  • Automation is a critical success factor

    Coffee Break & Networking

    “GRC is from Venus, Scaled agile is from Mars" - Top reasons why GRC and scaled agile alignment fail and what to do about it - Emelie Alftrén Hasslerud, GRC Advisor FCG

    As of today, there is a need for two major changes in most large organisations. The first is driven from regulatory demands and a rapidly changing risk landscape including cyber security risks. The second is driven by the digital transformation and the agile ways of working that often comes with it. Many organisations struggle with how to align GRC processes with the agile at scale processes that are introduced to accelerate digital transformation.

    Key takeaways:

    • In this session both Emilie and Magnus will address common challenges and what to do about them. They will discuss this both from the GRC perspective as well as the agile perspective and give you hands on tips and tricks on how to meet each other

    Magnus Juvas, CEO Solidify

    Event Breakout Sessions

    Participate in one of 5 workshops below from our supporting partners that will be showcasing their own solutions at the event in the following areas: OT Security, The Cloud, XDR, IT Security Incident Response, and Zero Trust.


    Control and manage supplier risk with less effort, Tim Söderskov Head of products and services, Omegapoint

    Management and review of suppliers security status requires a lot of effort. In this workshop we will show you how to manage this more efficiently by using a tool based approach with automation.

    Key takeaways:

    • Manage information security with a tool based systematic approach
    • Manage security requirements for suppliers
    • Assess and manage the security status of your suppliers

    Converging OT/IT Security Operations in Times of Hybrid Warfare From zero visibility to a mature OT/IT detection capability, Donnie Murray Senior Presales Architect at NTT Security Holdings

    Qualys Workshop - TBA

    Lunch Break & Networking In The Expo Area

    Round Table Discussions

    Round Table Discussions are designed to give event participants an opportunity to exchange ideas and  experiences on some of the hot topics in the security market place in a more intimate setting. The discussions will last for 45 minutes and are open to all participants. Each round table is limited to 8-10 persons including the moderator. Below is our line-up of round table moderators and the topics to be discussed during the conference.

    Security consideration for building blocks of SaaS, John Wallhoff Round Table Moderator & Co-Founder, B4 Investigate

    The cloud shift is evolving strongly where IaaS, PaaS and SaaS has become delivery models that challenge security professionals to keep up-to-speed with business developers and coders. This SaaS insights round table is about identifying security considerations for some of the building blocks that define a SaaS solution. Building blocks can be a specific technical solution such as “serverless” to activities like “penetration testing”. For you as a Security Professional, you will add your experience and thoughts into this framework of shared knowledge and you will also be able to add building blocks that are missing on the table when we start. We will work together in the whole group as well as in break-out constellations, to be able to capture the individual knowledge and experience and we will wrap-it up at the end of the session.

    The round table is intermediate/advanced level and we recommend that you have experience from SaaS solutions that goes beyond 3rd party audits and certifications that a SaaS provider and its Cloud Providers/Subcontractors provides.

    How do we integrate security in SDLC & how do we engage developers and sysadmins in creating a solid security culture?: Christian Abdelmassih IT Security Specialist, Swedish Police Authority

    Background: We security professionals want to improve the security posture of organizations. But to do that we must first decide which security activities we should invest in. Some believe that awareness education is the way to go, others might rely on audits. Join Christian in a round-table discussion on building a secure foundation for resilient organizations.

    Key takeaways:

    How would you do it? And where would you start? 

    Cyber Resilience – share insights on strategy, components and capabilities: Sofie Donovan, Head of IT Security Svenska Spel

    Background: Cyber resilience refers to the ability of an organization to continue to function in the face of cyber attacks or other cybersecurity breaches. There are big challenges to continuously adapt and uphold resilience! Technological complexity, evolution of threats, resource limitations and cross-functional coordination are just some of the hurdles to overcome.

    Key takeaways:

    • What is your approach? How do you uphold resilience in your organization, what challenges are you facing? - Let’s discuss and share insights on how/if Cyber Resilience requires a different security strategy approach, what the necessary components are and how to adapt to uphold resilience capabilities

    Where do you draw the line between Cybersecurity, Information Security and IT Security? Conny Larsson Chairman, Sig Security

    Background: What do we mean when we talk about "Security", how do we define the legal interfaces between Cyber Security, Information Security and IT Security? Does it matter from a legal perspective or with regards to how we choose to organize our security work?

    Key takeaways:

    • Are there any legal definitions regarding Cyber Security, Information Security and IT Security?
    • Are there any laws that particularly concerns each different type of security?
    • How can different understanding between lawyers and technicians regarding the different types of Security become a problem?

    How can we increase cybersecurity innovation in Sweden?: Martin Bergling, Coordinator of the Swedish node for innovation and research in cybersecurity, RISE

    The digitization of society continues at a rapid pace, but security issues often end up in the shadows. The gap between new functionality and security is widening, creating major risks. At the same time, Sweden is in third place in the world in terms of innovativeness. How can we use this innovative ability to create a more secure Sweden?

    Key takeaways:

    • What needs can we see in Sweden regarding cybersecurity innovation?
    • Which are the Swedish key actors regarding cybersecurity innovation?
    • Which activities could enhance Sweden’s cybersecurity innovation ability?
    • How can you and your organization benefit from cybersecurity innovation?


      Christoffer Karsberg Coordinator NCC-SE, MSB

      Detecting the 1% undetectable threats: Senad Aruc Lead Architect Northern Europe, Gatewatcher

      How consumers are exploited by the adtech industry? Round Table Host TBA

      Learn how you are being tracked and profiled on the internet and in the real world for the purpose of showing targeted advertising. 

      Afternoon Coffee Break & Networking

      Exploiting Luck, Judgement, Chance, and Choice, Ian McShane VP of Strategy, Arctic Wolf Networks

      Your organization is either the target or the transport. That’s a problem because even if you could do everything right, you can still suffer a breach.Even worse, most organizations can be described as “secured by luck”, through no fault of their own, because the complexity of the security industry has made it impossible for many organizations to get everything right.

      Key takeaways:

      • In this keynote session Ian will talk about cyber security as a long game you can influence and win, whatever the size of your security team, and how you can position luck, judgement, chance, and choice in your favour to mitigate and reduce cyber risk

      How to ensure cybersecurity is considered in the enterprise strategy? Ralph Benton CISO, Schibsted Group

      Background: Schibsted is one of the largest media groups in the Nordics with well known media brands like Aftonbladet and Svenska Dagbladet in Sweden but also VG and Aftenposten in Norway. Schibsted also runs the number one digital marketplaces in Norway, Sweden, Finland and Denmark. With a total of almost 1 million visitors per month on their websites, cybersecurity threats are one of the most critical business risks for Schibsted. Over the last 3 years Schibsted has been running a global cybersecurity program to ensure that the cybersecurity posture across the group improved.

      Ralph will take us through their journey on how they improved their cybersecurity posture through their cybersecurity program. He will share how they engaged with top management and the board of the directors not only to get the approval for the program, but also how they throughout the program create a better understanding, security awareness and engagement.

      Key takeaways:

      • How do you engage with top management and the board of directors on cybersecurity?
      • How to build security awareness and improved engagement by top management?
      • What are the learnings from running a multi year global cybersecurity program?
      • How do you ensure that the engagement continues after the closure of a cybersecurity program?

      How to calculate and understand the societal economic cost of IT incidents Mathias Antonsson Senior Program Manager, MSB

      Leadership Panel Debate: Global Impact of Schrems II

      Exploring the  impact of Schrems II 2 years down the road.

      Panelist: Pål Göran Stensson Cyber Security and Privacy Operations Manager, IKEA Group

      Panelist: Anna Forsebäck, Head Legal Hemnet AB

      Panelist: Dimitrios Stergiou, Director of Information Security, Wayflyer

      Chairman’s Closing Remarks: John Wallhoff Event Chairman, B4 Investigate

      Networking Cocktail Reception

      Event Summary

      Welcome to the 7th edition of the IT Security Insights, a leading peer-to-peer conference bringing together IT security practitioners from across the Nordic market working with information security, OT Security, Cybersecurity, cloud services, IIoT, IT Governance, GDPR to discuss among other things; how to detect and mitigate the rising cases of ransomware and data breaches amongst leading Nordic and global organizations in Sweden. The conference also attracts leading information and cybersecurity service providers that will showcase their own solutions in the exhibition area at the conference.

      With over 34 top Nordic and International speakers the conference will present numerous learning and networking opportunities via: 7 keynote sessions, 5 workshops, 10 round table sessions, a leadership panel debate and much more. The conference is an in-person format and will end with an exclusive networking cocktail reception for all those in attendance.

      Join us for the long awaited onsite experience on 29th of March 2023 at Hotel Birger Jarl in Stockholm, Sweden!

      Hotel Birger Jarl

      Hotel Birger Jarl is probably Stockholm city’s most personal business and conference hotel. Step into the welcoming lobby and be greeted with timeless Scandinavian design that is colourful, light, open, and airy. The hotel offers modern conference facilities for up to 550 persons, featuring plenty of rooms for inspiring meetings as well as pleasant relaxation. Staying at the hotel guarantees you a warm welcome with personal care, comfortable beds, and delicious meals. Hotel Birger Jarl is named after the founder of Stockholm, and our feet are firmly planted in our national heritage. When you visit the hotel, you will notice at once that there is combination of these traditions with innovative thinking and considerate service, as well as the best that contemporary design has to offer. This central hotel showcases 271 rooms and among them you find a unique design of rooms decorated by well-known Swedish interior architects and designers.

      Address: Birger Jarlsgatan 61A, 113 56 Stockholm, Sweden.
      Venue website: http://www.birgerjarl.se/en/in...

      Directions

      By Subway from T- Centralen:

      • Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central
      towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby
      and Hässelby Strand.
      • Get off at Rådsmangatan and exit towards the side heading to Sveavägen (checkout attached photo) - approx travel time 3 minutes.
      • From the Subway station it takes 3 minutes to the venue, Hotel Birger Jarl. Use Google Maps and you will be there in no time. There is a subway going every 5 minutes.

      By car

      Birger Jarlsgatan 61A,
      113 56 Stockholm, Sweden.

      By taxi

      We recommend the following companies:
      Taxi Stockholm +46 8-15 00 00
      Taxi Kurir + 46 8-30 00 00
      Taxi 020 + 46 20-20 20 20