Programme 2023

Erik is actively engaged in several professional activities. As such he founded TrustCore.EU, he executed several assignment private and public sector sector (European Commission, Federal Government, Flemish Government, Euroclear, Infrabel,  Electrabel, BPost, ENISA, etc)

At current his main focusses are on the topics of Openbanking and Security Architecture at BNP Paribas Fortis  as well as the wide topic of the new Trust Regulation en the European Digital Identity Wallet in collaboration with the EU Member States .

In his spare time, Erik is also Topic Leader “Security Architecture Management” at Solvay Brussels School and a member of the Vlaamse Toezichtcommissie (Flemish DPA).

With his knowledge and experience, Erik is the ideal person to guide the conference as chair of the day. In his opening he will address the conference theme: Surviving the Cyber Tsunami and Protecting your Business.

Clearly, the number of cyber-attacks continues to rise, with increasingly sophisticated attacks coming from a wide range of sources both inside and outside the EU. Therefore, the European Union is putting a strategy in place that will enable a step-change in how we ensure cyber security. It is based on three elements:  resilience, technological sovereignty and leadership;  operational capacity to prevent, deter and respond;    cooperation to advance a global and open cyberspace.

More concretely regulations like the NIS2 directive, the Cyber Security Act, the Digital Services Act, Digital Operational Resilience Act, etc are being or will force us to wake up and act moving forward.  What will be the impact on the industry of the tidal wave of cyber-related regulations? During this keynote session, CCB and Agoria will take the audience on a tour of all those regulations and clarify the opportunities for the Belgian industries to turn trust and resilience into business-added value.

In today’s rapidly evolving digital landscape, most if not all organisations face increasing cyber threats that put their (sensitive) information and (critical) systems at risk. Therefore, organisations must take the necessary steps towards understanding and managing their cyber risk. This can only be achieved by implementing an effective risk management framework.  By building a risk framework and governance around it, organisations can ensure resilience and security as they will get a clearer view of their organisation’s risks, as it will involve all layers of their organisations, and it will allow senior management to have a clear overview of the organization’s exposure. Join us as we explore the importance of balancing regulation and cyber risk management in the era of cyber threats.

Enjoy fresh coffee, tea and snacks on the network square. And the first 1-to-1 meetings take place.

At CrowdStrike, we stop breaches. To stop an adversary, you must first understand their tactics, techniques, and motivations. We have to adapt, fast! Throughout 2022, CrowdStrike threat hunting activities covered record volumes of hands-on intrusion attempts with eCrime topping the charts. Adversaries continue shifting away from malware and continue to prove their unabating ability to adapt, splinter, regroup, and flourish in the face of defensive measures. However, 2022 also demonstrated that relentless determination works both ways. How organizations can prepare and protect themselves in this relentless threat landscape.

In this session we will show you who your adversaries are, how they work, and how we can stop them together.

The enterprise IAM model is often implicitly assuming that there is a single hierarchy starting with the chairman of the board and going down in neat hierarchies down to the individual contributors. In practice things are a bit more complex and you often end up with a need to interact with sister organisations or close business partners on a peer-to-peer basis.

How do you handle these types of relationships in a modern and multi cloud environment?

After this session you will know:

• What is an identity fabric?
• How to implement identity  mesh in a modern multi cloud environment
• What are the governance and auditing considerations and implications?

This session shall discuss how to cope with the skills-gap  companies face. This session will start with a presentation of the recent European Cybersecurity framework published by ENISA and discuss the European Study on Cybersecurity profession (HTP, ECSO, Solvay Lifelong Learning). Secondly it will  propose a methodology for assessing competences for required cybersecurity roles and discuss the preliminary results of an ongoing pilot at the Federal Government.

The industrial impact from Expanding regulation NIS 2 directive fixes and enlarges the scope for new cyber security laws to be implemented into member states. This expansion will impact more sectors than the directive it will replace. What does this mean for this enlarged scope? Join this session and find out!

This workshop focuses on achieving success in software security training by analysing the current state of training and presenting a six-step process for effective implementation. The guidance is based on insights gathered from interviews with over ten companies and over 25 years of experience in software security training. The six-step process involves defining success criteria, creating a curriculum, selecting appropriate training methods, providing ongoing support, measuring effectiveness, and continuously improving the program. It is crucial to execute an end-to-end program that includes determining how to measure success.

Cybersecurity practitioners agree that Identity is now at the heart of everything we do.  A variety of inescapable forces have brought us to this point and our success in the next years depends critically on how well we exploit the strategically placed Identity center piece.  Rising to this challenge requires our accumulated business analysis and deployment experience as well as the power of modern Identity platforms.  Critical to realizing this vision is an integrated set of connected identity services that communicate seamlessly within the identity fabric but also across the wider Cyber security ecosystem. One Identity lives and breathes connected Identity, and we are happy to share our experience helping organizations achieve value from connected identity security models.  Whether you are struggling to integrate your existing Identity silos, wondering what Zero Trust means for identity or looking to new Identity services like PBAC and decentralized identity, One Identity’s innovative approach and design patterns shared in this session will be of interest.

During this session, Bart will walk through the evolution of AI as a supporting technology in cybersecurity technology towards an human supporting application during cybersecurity operations thanks to ChatGPT and Microsoft Security Co-Pilot.

Most of you are brushing your teeth at least every evening and morning.  One generation ago, this was not the case. How did we manage to change habits ?  Despite many phishing tests and other awareness actions we keep up bad security behaviours. Is there a way to turn these into healthy cyber habits ? We show you different approaches in different industries and organisations, some are successful and documented with solid metrics on behavioural change.  Other give encouraging intermediate results or contain elements which show progress. And we are not ashamed to share you exercises that did not work so you don’t need to repeat these in your company.  What can you do to decrease the cyber risk in your organisation?  Make people aware they can be the next victim, discuss the risks & threats, stick to their bodies with demo’s, selftests, games, storytelling, incentives, trainings, a lot of carrots and o yeah, sometimes a stick.  But all that might not be enough to change insecure behaviour into a safe attitude.

Enjoy various richly filled sandwiches. During lunch there is enough time for 1-on-1 meetings and networking with colleagues and peers.

We can all agree that prevention is better than cure. While Cyber Resilience focusses a lot on detecting and responding to cyber incidents, we shouldn’t forget about preventing them in the first place. This prevention is impossible without proper visibility. In this session, we’ll break down how to get that visibility and use it to reduce risk with minimal disruptions to business operations.

Join this sessions and learn:

• Why you should focus on getting visibility before anything else
• How to get visibility of all cloud services, virtual machines, containers, apps, etc and how they are interconnected to each other
• How to mitigate security risks fast without disrupting business operations

Hospitals nowadays are generating and processing enormous amounts of sensitive information. Whilst open to anyone who requires medical help, the difficulty is to keep the bad guys out. Take the ever-changing, continuously expanding dynamic environments that we now manage. Combined with the vast amount of personal health data from IoMT devices you get a rather spicy cocktail. UZ Leuven will show how they try to make a difference and how they think the healthcare industry has to proceed in the future to protect not only themselves, but their most valuable asset, the patients and of course their data

The European Commission has initiated the dream to provide every citizen a wallet that allows the citizen to, identify/authenticate, to present authorization, to present attestations, to sign electronically. In 2023 and 2024 major pilots will be under way to test this wallet through multiple large scale pilot that will test multiple use cases before this wallet will hit us all in 2025.  Given that the wallet will be able to “present” you, clearly security and privacy aspects will be also key.

In addition the updated eIDAS regulation is proposing “Trusted Ledgers” and blockchain has popped-up as a candidate for this. What does that mean a trusted ledger?  What could the added values be? What guarantees does it have to provide in order to be a trust service? What are organizational and technical controls that should be put in place?

Come and hear the vision of DC4EU on how the EUDI should move forward and of The Commission how EBSI is looking to go live.

In this workshop, led by Chris Kubecka, we will discuss how you can use OSINT for your security. What is OSINT Investigation used for? Which OSINT techniques and mechanisms are there? What sources do you use? What danger is associated with OSINT? These questions and more will be debated during the session.

Cyber Threats shows no signs of abating. Projects such as digital transformation, expanding cloud deployments, and increased remote work are all creating new planes of privileges for attackers to exploit.  Yet organizations continue to mishandle such projects, leaving themselves at significant risk of attack. Breaking the attack chain is more vital than ever.

In this session you will learn how Privileged Access Management (PAM) can help break the attack chain and establish a solid foundation for security project success. We will cover:

• Common attack chain entry points
• Practical steps you can take to block entry
• How PAM ensures project success

Cyber Threats shows no signs of abating. Projects such as digital transformation, expanding cloud deployments, and increased remote work are all creating new planes of privileges for attackers to exploit. Yet organizations continue to mishandle such projects, leaving themselves at significant risk of attack. Breaking the attack chain is more vital than ever.

In this session you will learn how Zero Trust can help break the attack chain and establish a solid foundation for security project success. We will cover:

• Common attack chain entry points
• Practical steps you can take to block entry
• How to prevent lateral movement

In this session, Chris Kubecka provides surprising insights in Open Source Intelligence to detect and prevent cyber-attacks. With OSINT you can collect and analyse data obtained from publicly available sources by monitoring surface web and dark web paste sites, discussion forums and digital marketplaces to intercept any planned cyber-attacks in time. Listen to Chris’ story and let yourself be taken into the exciting world of OSINT.

On 19 October 2022, the Belgian Ministry of Defence declared the Initial Operating Capability of its new Cyber Command. Responding to the trend of states seeking competitive advantages in a new operational domain – as illustrated by several high-profile cyber-attacks on Belgian State institutions – the choice for developing this new instrument of statecraft has been made. This sessions will outline the growing importance of developing cyber defence capabilities, discuss the organisational set-up for this Cyber Command, and finally zoom in on the challenges ahead.

Chair Erik summarizes the day and looks back on the most important lessons.

While enjoying a drink and snack, we close the day in an appropriate way. Discuss what you have learned with colleagues and peers.