14th Annual CISO Europe Summit & Roundtable 2017

22-24 May 2017  |  Crowne Plaza Den Haag – Promenade, The Hague

Agenda Overview

Monday, 22 May 2017

08:30 – 09:00
Welcome, Registration and Refreshments, Chair's Opening Remarks
Chairman: Richard Cross, Risk Practice Lead, Senscia


09:10 – 09:35
Opening Keynote Address: Hacking the Control Frameworks
Presented by: Vincent Toms, Cyber Security Advisor, Ministry of the Dutch Interior and Kingdom Relations & founder GDI.Foundation

•          What makes hacking so easy?
•          Control Frameworks & Cyber Risks. Are we in control?
•          Hackers work around what you think is ‘in scope’
•          Making the next steps, and future cyber challenges


09:35 – 10:05
Keynote Presentation: 
The Internet of Theft – IOT & Swimming in the Tsunami of Data: Industry Trends and Disrupting the Adversary
Presented by: Tim Grieveson, Chief Cyber & Security Strategist EMEA, hp logo

Key findings from the Ponemon Global Costs of Cyber Crime 2015 & HPE 2016 Cyber Risk Reports will be presented, with a unique perspective on how to fight the bad guys based on experiences from ‘being in the seat’


10:05 – 10:35
Information Security in the Dutch Financial Industry

Presented by: Rob Havermans, Deputy CISO, Rabobank

•          What challenges does a Netherlands CISO in the financial industry face?
•          What are unique security-related initiatives within the Netherlands?
•          What best practices does the Rabobank CISO organisation employ to meet these changes?
•          What concerns does the Rabobank CISO organisation still have?


10:35 – 11:05
Refreshments and Networking


11:05 – 11:45
Keynote Presentation: Worried about Security as you Transform? How Adopting a Medieval Approach to the Issue will help you Sleep!!
Presented by: Andy Powell, Vice President/UK Cybersecurity, Capgemini

•          Simplify what security in transformation demands of the board, so that even the CFO gets it!
•          Explain today’s cyber threat and impact without inducing panic!
•          Explain how the principles of ‘Build, Watch, Proact and React’, as practiced in Medieval Warfare, will help you be ready!


11:45 – 12:10
Panel Discussion: The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defence
Chairman: Richard Cross, Risk Practice Lead, Senscia
Panellists Include: Rob Havermans, Deputy CISO, Rabobank; Ennio Di Rosa, Business Development Manager, Darktrace; Ian Bishop-Laggett, Head of Internal Security Controls, Schroders
•          How new machine learning and mathematics are automating advanced cyber defence
•          Why 100% network visibility allows you to detect threats as they happen, or before they happen
•          How smart prioritisation and visualisation of threats allows for better resource allocation and lower risk
•          Real-world examples of unknown threats detected by ‘immune system’ technology


12:10 – 13:10
Networking Lunch


13:10 – 14:10
Experts Discuss: Securing your Sensitive Assets in the Cloud
Presented by: Mark Crosbie, Global Head of Trust and Security, Dropbox; Paco Hope, Principal Consultant, Amazon Web Services; Josh Donelson, Sr. Manager Business Development, OKTA
Session moderator: Richard Cross, Risk Practice Lead, Senscia

Audience Questions: Shape the discussion by tweeting your questions to the experts using #CISOEurope2017!


14:10 – 14:30
Keynote Presentation: Maturing an Intelligence Lead Security Strategy
Presented by: Richard Betts, Director of Global Financial Services, Anomali

•             Implement intelligence-driven security strategy and act tactically/strategically using Strong Internal Collaboration around a central Knowledge Base
•             Understand the difference between Threat Data and Threat Intelligence and the importance of having the ability to manage the huge amount of external Threat Data using Advanced Analytics and Machine Learning capabilities
•             Prioritisation is key - Understand your adversaries and their capabilities. Collaborate with industries peers to widen your view of the Techniques, Tactics and Procedures (TTP's) being employed by Threat Actors to penetrate defences


14:30 – 14:55
The Inter-Relationship between Information Governance, Compliance and Security
Presented by: Bev Allen, Former Group Risk Manager, Photobox

•             The need for wider development of information security and risk practitioners to be able to integrate skills and tasks to the benefit of their respective organisations, and the wider community
•             The role of succession planning, its need, and how it benefits the team
•             Bringing governance and compliance to the whole organisation rather than sticking with management 


14:55 – 15:25
Refreshments and Networking

15:25 – 16:00
'User Lead' Cyber Security and Why Diversity is Important
Presented by: Gail Kent, Cybersecurity Policy Lead, Facebook

•          Users have to come first – it’s their data we are protecting. We need to accommodate all users of our services, regardless of where or how they access the internet
•          We need a safety-orientated engineering approach that protects people even when they step off the path of perfect technology use
•          Key to meeting users’ safety and security needs is understanding the diversity of users - Diversity in the cybersecurity workforce helps


16:00 – 17:00
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Presented by: Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, Executive Director, International Board, Information Systems Security Association 

•          Social behaviors and perspectives
•          Information and cyber security culture
•          Workforce perspectives
•          Governance
•          Conflict
•          The pace of technology
•          Herding cats
•          Balancing cyber security and risk

17:00 – 17:05
Chair's Closing Remarks


18:30  19:00
Evening Networking Kindly Sponsored by Hewlett Packard Enterprise, Enterprise Security Products
hp logo



Tuesday, 23 May 2017

08:30 – 09:00
Registration and Refreshments, Chair's Opening Remarks
Chairman: Richard Cross, Risk Practice Lead, Senscia


09:00 – 09:40
Opening Keynote Presentation: Cyber Strategy – A Novel Idea?
Presented by: Craig Rice, Chief Security Officer, Payments UK 

The WEF report (January 2017) ‘Advancing Cyber Resilience for Boards’ identifies several key principles of future cyber resilience:

•          Partnership
•          Public-private cooperation
•          Leadership
•          Continual improvement

How will this advice affect Board expectations and impact cyber security strategy when the mantra of collaboration has not yet resulted in substantive capability? This briefing will build upon previous assessments to place cyber defence, security and resilience into a context and framework intended to both provoke debate and capability development.

09:40 – 10:00
Rise of the Machines: Protecting These New Identities
Presented by: Kevin Bocek, VP of Security Strategy, Venafi logo 800x495

•          The different types of machines identities
•          Where they are already proliferating in your network
•          New risks
•          Steps you can take immediately to get these risks under control and prepare your network architecture for the future


10:00 – 10:40
IoT Printing the Unloved Elephant in the Room
Presented by: Quentyn Taylor, Director of Information Security, Canon Europe, Middle East and Africa 

•          Why does IT not care about printers? Why should they care?
•          News flash: It’s more than a pile of paper in your office!
•          Is it a neglected server sitting in the corner?
•          Unleashing the positive power of the physical digital interface

10:40 – 11:10
Refreshments and Networking


11:10 – 11:30
Keynote Presentation: The Value of Borderless Information Sharing in Cyber Security
Presented by: Serge Droz, Vice President CERT, OpenSystems Logo

•          Fighting organized cybercrime
•          Success through collaboration
•          Global CSIRT network


11:30 – 12:30
SPEED SESSION: Privacy and GDPR – The Next Steps for CISO’s
Session Moderator and Chairman: Richard Cross, Risk Practice Lead, Senscia
Panellists include: Quentyn Taylor, Director of Information Security, Canon Europe, Middle East and Africa; Julien Blanchez, Global Security and Compliance Strategist, Google

Three quick-fire practical presentations followed by an interactive panel taking your questions. Tweet your GDPR/Privacy questions to the experts.

     GDPR, What If You Haven’t Even Started?
Presented by: Quentyn Taylor, Director of Information Security, Canon Europe, Middle East and Africa 

  • Best time to plant a tree was 2016, best next time to plant a tree is now
  • What does the CISO need to do Right Now to ensure a smooth 2017 and onwards?
  • Practical advice: How to bridge the policy and electronic gap

     Announcing the good news: GDPR
Presented by: Julien Blanchez, Global Security and Compliance Strategist, Google 

     Most discussion around GDPR has focused on the constraining aspects of the legislation, but it may be the best thing to happen for cloud adoption in recent years.

  • A look at the intersecting, dependent roles of privacy, security and trust in the new ecosystem
  • An overview of the key security elements companies should expect from their cloud providers and the tools available to help ensure trust
  • A discussion on how companies can comply with GDPR, why it will ultimately facilitate cloud adoption and what the benefits will be


     Personal Data Breach Notification Obligations Under the GDPR – Be Prepared!
Presented by: Aaron Simpson, Partner, Hunton & Williams 

     The emerging breach notification requirements under the GDPR and the practical impact they will have on organisations, both from a remediation and planning perspective.  

  • Losses and impacts arising from a breach
  • Planning ahead
  • Roles and functions in the event of a breach

12:30 – 13:30
Networking Lunch


13:30 – 14:30
Security Best Practice for People and Information
Presented by: Martin Smith MBE BSc FSyI, Chairman and Founder, The Security Company (International) Limited, The Security Awareness Special Interest Group; Ian Bishop-Lagget, Head of Internal Security Controls, Schroders

•         How important does your organisation consider the security of people and information to be?
•         Who is responsible for security in its various forms? Are departments other than security actively involved? 
•         What does good security practice look like for people and information? 

14:30 – 14:45
Keynote Presentation: Data Breaches: Dealing with the Threat from Within
Presented by: Morgan Jay, Area Vice President, Northern EMEA, Imperva Clr

•          Very few organizations have a data security strategy that can detect unusual activity with authorized use of authorized data

•          Manual audit and security controls can't scale to answer security and regulatory needs around insider data access

•          You don't have to be a database expert to protect your data

•          Learn what other organizations found after a review of their data access with actual customer insider behaviour examples


14:45 – 15:10
Panel Discussion: Evolving and Advancing Security Leaders
Chairman: Richard Cross, Risk Practice Lead, Senscia
Panellists include: Jan van den Berg, Professor Cyber Security, Delft University of Technology & Leiden University; Jane Frankland, Managing Director, Cyber Security Capital (CS^); 

Kevin Bocek, VP of Security Strategy, Venafi logo 800x495 
Tim Grieveson, Chief Cyber & Security Strategist EMEA, hp logo

•          Technical and business career development and brand building

•          For technical security leaders, we need to think like coders, DevOps, machine learning experts

•          How can we career develop, train, and brand, to stay relevant as leaders for the business and our teams?


15:10 – 15:40
Refreshments and Networking


15:40 – 16:20
How Failure to Attract and Retain Women in Security is Making Us All Less Safe
Presented by: Jane Frankland, Managing Director, Cyber Security Capital (CS^)


16:20 – 16:50
From the Trenches: Penetration Testing Engagements and How Should a CISO Present the Results to the Executives

Presented by: Lorna Trayan, Associate Partner, IBM Security Services Middle East and Africa

•          Experiences of penetration testing and social engineering engagements

•          Challenges of reporting the results in a way that matters to executive management

•          Recommendations to CISOs


16:50 – 17:00
Chair's Closing Remarks


Attend both conference days and earn 16 CPEs!



Wednesday, 24 May 2017

Half-Day CISO Europe Roundtable


09:00 – 09:15 
Introductions by Co-Chairs:
Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, Executive Director, International Board, Information Systems Security Association
Jan van den Berg, Professor Cyber Security, Delft University of Technology & Leiden University;
Lorna Trayan, Associate Partner, IBM Security Services Middle East and Africa


09:15 – 10:30
First Discussion Topics


10:30 – 11:00
Refreshments and Networking


11:00 – 12:30
After Break Discussions and Wrap-Up


12:30 – 13:30
Networking Luncheon and Final Remarks 


The idea of the CISO Roundtable is to bring your ideas, thoughts and questions to peers and speakers that you have met during the conference.


This is an intimate event of approximately 30 people held under Chatham House rule – you are free to discuss, take part or just to listen. However, it’s good to know that the more you put in to this event, the more you will take away! Notes will be taken throughout the discussions and provided to delegates after the event electronically.


Prior to the roundtable you will be asked to submit 2 or 3 topics that you wish to bring to the table for discussion. Contact Laura McCrave for more information – This email address is being protected from spambots. You need JavaScript enabled to view it. or to suggest some topics. Your thoughts and ideas can also be put to our moderators anonymously.


Attend the half-day roundtable and earn 4 CPEs!




HP 200x110




OpenSystems Logo


Venafi logo 800x495



Imperva Clr



Darktrace 200x110 






InfosecMagazineLogo Main FullColour

ISC2 Main Logo Green

ISSA logo