Programme

The Heliview employees will welcome you to the conference in Van der Valk Hotel in Mechelen. Parking at Parking Keerdok is accessible from the N16 via a direct exit lane. Via the bicycle and pedestrian bridge, you get to the Van der Valk hotel just a 2-minute walk away. The address to reach Parking Keerdok is Antonia Wolversstraat 1, Mechelen.

Of course the coffee or tea is ready for you!

Erik is actively engaged in several professional activities. As such he founded TrustCore.EU, he executed several assignments private and public sector. Currently his main focusses are on the topics of Openbanking and Security Architecture at BNP Paribas Fortis as well as the wide topic of the new Trust Regulation en the European Digital Identity Wallet in collaboration with the EU Member States. With his knowledge and experience, Erik is the ideal person to guide the conference as chair of the day.

This interactive networking session will break the ice and is the starting point of meaningful connections. The Connection Kickoff is the perfect opportunity to meet fellow security leaders, share your interests, and start expanding your network of peers who can inspire and support you during and beyond the conference. Let’s make the first connection count!

Alexandra Rose is the Director of the Sophos Counter Threat Unit. In this keynote she will provide:

• Real incidents and attacker techniques observed by Sophos Threat Intelligence .
• How identity, tokens, and trust paths are increasingly targeted.
• SME and large enterprise cases showing the “hours to impact” trend.
• Key indicators defenders must watch (MFA fatigue, OAuth abuse, supply chain paths, IT/OT trust).
• Practical, non-vendor recommendations for improving resilience.

Europe’s digital ecosystem is expanding rapidly, making robust product and technology security essential to safeguard citizens, businesses, and critical infrastructures. ENISA’s Technology and Product Security Unit plays a central role in enhancing this resilience by supporting and promoting secure‑by‑design practices.

Through close collaboration with industry, national authorities, and standardization bodies,

ENISA is helping to ensure that emerging technologies and connected products meet high levels of security and trust by fostering the integration of security practices throughout the entire product lifecycle. This session will give you a look into those activities and not the least activities related to the Cyber Resilience Act.

Enjoy fresh coffee, tea and snacks on the network square. And the first 1-to-1 meetings take place.

Meet your peers, speakers and solution providers.

Join Veeam for a talk on “Control in an Uncertain World,” where we’ll explore how harnessing the power of control can enhance security and resilience in today’s volatile landscape.

We will delve into the pressing risks we confront now and those on the horizon, and discover how visibility and insight provides a structured path to govern security, build resilience, and ensure the safe deployment of AI. This session provides practical strategies to navigate chaos with confidence, empowering leaders to turn uncertainty into opportunity.

As AI becomes deeply embedded across the enterprise, it creates a “Visibility Gap” that traditional security tools can no longer bridge. This session explores how Tenable’s AI-powered exposure management platform unifies visibility across IT, cloud, and identity to uncover “shadow AI” and critical attack paths before they are exploited.

We will discuss how to shift from reactive patching to proactive risk reduction by leveraging predictive analytics and automated governance. Attendees will leave with a clear framework for closing the AI exposure gap and aligning technical risk with broader business priorities.

Fraud is accelerating everywhere: Belgian companies are loosing millions every year due to scams like CEO fraud, invoice fraud, trademark scams. Despite initiatives to counter fraud, the YOY growth is still near 35-45%. Criminals pressure victim companies with convincing fake platforms and urgent messaging tactics now supercharged by AI-driven impersonation and deepfakes.

Also new technological developments, intended to make payment processes safer like Verification of Payee and e-invoicing/Peppol are already showing major flaws and criminals found ways to use these new developments to their advantage to give companies a fake sense of security and even scale up their fraud attacks.

Goal of this roundtable is to understand the evolution and sophistication of scams and fraud patterns, so we can jointly take the necessary measures to up our game in detection and preventing fraud.

Artificial Intelligence is transforming our digital ecosystem at unprecedented speed. Its capabilities unlock new efficiencies, but also introduce new, complex cyber risks. AI-driven threats challenge traditional enterprise architectures, exposing gaps in identity, data flows, and trust boundaries. Architectures must evolve toward zero‑trust principles, continuous monitoring, and AI‑ready security controls.

New dependencies—models, training data, APIs, and external AI services—expand the attack surface and require strict governance.

Let’s explore….

In today’s cloud-native world, workloads are ephemeral, architectures are API-driven, and applications are built on microservices. Static security tooling is not enough and cannot keep pace with this speed and complexity.

Risk owners are overwhelmed by theoretical findings that lack production context and fail to reflect real exposure. What they need is a complete CNAPP that can also offer actionable visibility into live, exploitable risk.

This session explores how runtime context reduces noise, sharpens prioritisation, and accelerates detection and response.

Enjoy various richly filled sandwiches, a warm and cold buffet.

During lunch there is enough time for 1-on-1 meetings and networking with colleagues, solution providers, peers and speakers.

The European Commission’s Digital Omnibus introduces targeted simplifications to GDPR, AI, data, and cybersecurity rules, aiming to reduce administrative burdens for businesses.

By aligning overlapping obligations and easing reporting requirements, the Omnibus helps companies cut compliance costs and focus on innovation. New clarity on data use, streamlined incident reporting, and extended relief for SMEs and mid‑caps make it easier to manage day‑to‑day regulatory duties.

The package is designed to replace fragmentation with coherence – making compliance more predictable, practical, and scalable as companies grow.

Join this presentation and follow-up debate to learn how these reforms can transform regulatory overload into a competitive advantage.

As human, machine, and AI identities multiply, and attackers increasingly weaponize AI, the consequences of a single identity breach are escalating at unprecedented speed.
Fragmented IAM, PAM, and IGA approaches were not designed for this reality. The industry has reached a pivotal inflection point in cybersecurity.

This session highlights the advantages of shifting from fragmented tools to a unified platform that aligns with CISO and SOC priorities while enabling a new approach to visibility, control and trust.

Key learnings:

• Why privilege controls for all identities across human, machine, and AI will give you the upper hand
• How proactive threat detection with the use of AI helps you stay ahead of the threat
• How to gain complete visibility across environments
• How to achieve faster mitigation of security breaches through shared data and insights

The EUDI‑Wallet introduces a cross‑European identity layer that reshapes how enterprises handle trust, authentication, and user data. It shifts identity verification toward decentralized, verifiable credentials—requiring redesign of IAM, onboarding, and access flows.

Public Sector is supposed to adopt the use of this wallet by end of 2026. Certain private sector actors are supposed to accept it by end of 2027. Enterprises that want to leverage this EUDIW must adapt architectures to these  interactions, selective disclosure, and standardized trust frameworks.

Come and prepare yourself for this game-changer.

Today’s cyberattacks increasingly exploit suppliers, partners, and service providers—often the easiest way into a well‑protected company.

A single weak link in the supply chain can cause massive operational, financial, and reputational damage. Modern ecosystems rely on large amounts of interconnected vendors, expanding the attack surface beyond direct control. Rigorous third‑party risk assessment helps identify vulnerabilities, enforce security standards, and detect backdoors early.

In a world of escalating threats, securing your extended enterprise is no longer optional—it’s a core pillar of corporate resilience. One sector has years of experience in this field, come and learn from this experience.

eIDAS v2 introduces an expanded and more coherent ecosystem of Trust Services, with stronger rules for identity, signing, and electronic attestations. New qualified services—such as EUDI‑Wallet credentials and electronic attestations of attributes—reshape how trust is established across the EU. These changes raise the assurance level for digital interactions but also increase the complexity of the trust chain.

Enterprises must adapt governance, certification, and interoperability practices to comply with the updated framework. Cybersecurity strategies must evolve to secure new trust anchors, credential lifecycles, and high‑value identity assets.

Let’s explore how these changes strengthen trust—while demanding a more resilient cybersecurity posture.

This session will explore why data sovereignty is so important – the ability to control where dataresides, who governs it, and how it is protected – is possibly the most complex pillar of digital sovereignty for organizations operating globally.

Hear which critical questions leaders must answer to balance compliance, resilience, and vendor dependence and how organizations can maintain control and prepare for what’s next.​

Enjoy the afternoon break at the network square with 1-to-1 meetings, meet colleagues, solution providers, peers and speakers and share your gained knowledge!

Chair Erik R. Van. Zuuren welcomes everyone back in the plenary room.

By leveraging the scale and discipline of the Schwarz Group companies, which includes large retailers like Lidl and Kaufland,  we have built a powerful internal cloud base. This infrastructure evolved into STACKIT, a sovereign cloud engineered to meet strict European data‑sovereignty and GDPR requirements.

In 2024, it became a standalone cloud provider, opening its services to businesses seeking independence from non‑EU hyperscalers. In a world where privacy, security and sovereignty becomes more important every day, real European sovereign clouds are the solution that address our needs.

Let’s share related insights!

The Benelux region faces increasing hybrid pressures ranging from espionage to digital sabotage, mirroring broader European trends. State actors such as Russia and China employ covert influence, cyberattacks, and intelligence operations that often remain below the public radar.

Recent (cyber) incidents highlight how vulnerable open, interconnected societies are to targeted disinformation and clandestine interference. As hybrid tactics intensify, the Benelux must balance openness with resilience to safeguard democratic institutions and critical infrastructure.

So, time to take note of current reality so that you can enhance your organisation’s defences!

We end the day in an appropriate manner while enjoying a drink, appetizers and finger food.

Have informal discussions with colleagues, peers, partners and speakers.