Programme

Threat modeling has been on everyone’s lips the last year in Automotive due to the UN WP R155 regulation. It is also coming strongly as a mandatory part of the SDL rollout in many domains. The reality is that it is quite hard to get it right. The ISO 21443 for instance demands a very deep threat modeling. From his experience of threat modeling and attack path analysis in the eBanking world, John can share that it actually became a beemoth to maintain. It is easy to add complexity but hard to simplify. When diving deep, people do not see the forest for all the trees. The architects get entangled in details. And stuck in updating the attack model.This talk will discuss Threat Modeling as a practice and give concrete examples of where teams have gone astray and how to get them back on track. What was the secret sauce you think? Well met at the talk and I will tell you all I learned during several rollouts!

In the landscape of modern cybersecurity, Artificial Intelligence (AI) plays a pivotal role, offering unparalleled speed and power to both defenders and adversaries. The integration of machine learning, bolstered by vast data lakes, has emerged as a cornerstone in defense strategies. However, as AI continues to evolve, leaders face the challenge of maintaining a delicate balance between leveraging its efficiency and accuracy, while ensuring meaningful human engagement. This session explores the dynamics of human-AI collaboration in cybersecurity, highlighting the imperative for strategic interaction between AI-driven automation, human intuition and the wealth of insights stored within data lakes in real-world scenarios.

In today’s rapidly evolving digital landscape, most if not all organisations face increasing cyber threats that put their (sensitive) information and (critical) systems at risk. Therefore, organisations must take the necessary steps towards understanding and managing their cyber risk. This can only be achieved by implementing an effective risk management framework. By building a risk framework and governance around it, organisations can ensure resilience and security as they will get a clearer view of their organisation’s risks, as it will involve all layers of their organisations, and it will allow senior management to have a clear overview of the organization’s exposure. Join us as we explore the importance of balancing regulation and cyber risk management in the era of cyber threats.