Programme

The Heliview team will welcome you to Supernova (Jaarbeurs), Utrecht centrally located directly next to Utrecht Central Station.

In addition to being easily accessible by public transport, the venue has:

• 3.000+ parking spaces with 40+ charging points. Parking ticket is included in the free end-user ticket.

• Enjoy cookies from the Koekfabriek, a selection of sweets, mini cinnamon rolls, mini börek with spinach and cheese, and a New York croissant roll, while fresh coffee and tea are waiting for you!

Martijn Hoogesteger is a Digital Detective from the TV Program Hunted. Besides being a digital detective he is a cybersecurity expert. Martijn opens the conference with “The Connection Kickoff”. This interactive networking session will break the ice and is the starting point of meaningful connections.

The Connection Kickoff is the perfect opportunity to meet fellow security leaders, share your interests, and start expanding your network of peers who can inspire and support you during and beyond the conference. Let’s make the first connection count!

We open the conference with an interactive panel discussion on technical and operational sovereignty. As organisations increasingly rely on complex architectures, cloud platforms, and strategic vendors, maintaining control over technology, operations, and risk becomes a key leadership challenge.

From an architecture and risk management perspective, the panel explores what sovereignty means in practice and addresses the difficult choices security leaders face, the dependencies they inherit or create, and the moments where control, accountability, and risk exposure must be deliberately accepted, or challenged.

Building a security program whether from zero in a lean startup or rebooting one in a mature organization is as much about context as it is about controls. There’s no one-size-fits-all blueprint, but there is a repeatable framework that adapts to your organization’s size, risk profile, and growth trajectory.

In this talk, I’ll walk through a practical, four-phase model that helps you build or rebuild security with clarity and purpose. From facing the right direction, to getting the basics right, embedding them sustainably, and if needed scaling to a more strategic and advanced level.

• Network with peers, speakers and partners.
• The first round of scheduled 1-to-1 meetings take place.
• Check your EventManager for your personal programme.

Threats are exponential, AI is only accelerating, and “cloud-first” is no longer a distant vision, but the reality of every global enterprise.

Join Commvault EMEA CTO, Mark Molyneux, as he shares powerful insights into the constantly evolving cyber-attack surface and demonstrates the importance of why a focus on creating an optimised cyber resiliency strategy is imperative.

Key learnings:

• Understanding why unified resilience across security, identity, and recovery teams is critical to defeating modern attackers who exploit organizational silos
• Why clean recovery matters more than fast recovery and how AI-driven techniques can surgically remove compromised data to prevent reinfection
• How to prepare your organization for the agentic enterprise, where autonomous AI systems require new governance and protection strategies
• Why hybrid infrastructure is permanent, and how to implement resilience strategies that work seamlessly across cloud, SaaS, and on-premises environments

Discover how to transform cybersecurity from a cost center into a business enabler through practical insights from three perspectives. In this session, Jules shares hands-on strategies to build measurable cyber resilience using a modern, AI-driven security platform, while providing concrete takeaways for different stakeholders:

• For Executives: Learn how to communicate cyber risks in business terms that drive strategic decision-making and board-level conversations. Discover how advanced cyber risk quantification translates technical vulnerabilities into measurable business impact metrics that resonate with the board and other stakeholders.
• For CISOs: Gain actionable frameworks to achieve centralized visibility across the entire attack surface. Learn how cyber risk management enables you to prioritize remediation, demonstrate compliance, and align security initiatives with business priorities through data-driven decision-making.
• For SecOps Teams: Experience how AI-native security operations can dramatically improve efficiency and response times. Explore next-generation SIEM capabilities (processing any log type within three hours) and intelligent security orchestration that automates decision-making and accelerates incident response in the SOC.

We are pleased to announce that Ronald Westerveen, Chief Information Security Officer at the Princess Máxima Centrum, will deliver an inspiring and practice‑oriented presentation on the unique cybersecurity challenges within a specialist hospital.

As the leading expertise center for pediatric oncology in the Netherlands, the Princess Máxima Center plays a crucial role in both patient care and scientific research. This position brings specific and demanding requirements in the field of information security. In his session, Ronald will elaborate on:

• The day‑to‑day security challenges faced by a highly specialized hospital
• The complexity of protecting sensitive patient data in an ever‑evolving threat landscape
• The balance between accessibility for healthcare professionals and the need for strict security measures
• The strategies, technical solutions, and organizational measures used to effectively mitigate risks

This presentation offers valuable insights for anyone involved in cybersecurity, healthcare IT, data protection, or organization‑wide digital resilience. We look forward to seeing you there for a session full of practical knowledge, inspiring experiences, and real‑life examples from healthcare practice.

*Please note that this session will be in Dutch.

We are entering a new era where organizations are no longer just businesses, but living information systems composed of people, platforms, and increasingly autonomous AI agents. As intelligence becomes embedded into workflows, decisions, and communications, the very nature of trust inside the enterprise is changing.

Trust can no longer be assumed based on location, role, or past behavior. It must be continuously designed, measured, and verified. Drawing on insights from information theory, networked societies, and modern enterprise architecture, this session explores how the rise of AI transforms companies into real time decision networks where truth, authenticity, and control determine resilience.

Leaders must move beyond traditional security models and adopt a mindset where trust is engineered into every interaction, data flow, and system action.

This talk reframes Zero Trust as a leadership discipline for the intelligence age, giving decisionmakers a new lens for governing complexity, enabling innovation, and protecting the integrity of their digital reality.

As human, machine, and AI identities multiply, and attackers increasingly weaponize AI, the consequences of a single identity breach are escalating at unprecedented speed.
Fragmented IAM, PAM, and IGA approaches were not designed for this reality. The industry has reached a pivotal inflection point in cybersecurity.

This session highlights the advantages of shifting from fragmented tools to a unified platform that aligns with CISO and SOC priorities while enabling a new approach to visibility, control and trust.

Key learnings:

• Why privilege controls for all identities across human, machine, and AI will give you the upper hand
• How proactive threat detection with the use of AI helps you stay ahead of the threat
• How to gain complete visibility across environments
• How to achieve faster mitigation of security breaches through shared data and insights

Human risk in the age of AI: Why employees remain the primary attack surface and how AI-driven awareness helps security leaders stay ahead of increasingly sophisticated threats.

Building a resilient security culture at scale: Practical lessons on embedding security ownership across the organisation, even under geopolitical pressure and constant disruption.

AI-driven threats such as deepfakes, voice cloning and automated phishing are rapidly reshaping the cyber-risk landscape. In this interactive 55-minute deep dive session, you will explore how HEINEKEN tackles these emerging risks.

Join your peers in this interactive session, where you are actively challenged to analyse real-world scenarios, assess AI-powered deception techniques and consider how your own organisations would respond.

The session offers a concise, practical look at how deepfakes and voice cloning work, why they are so effective in social engineering, and which controls deliver the fastest security impact.

This session is led by Gustavo Maniá, Information Security and Risk Manager and Regional CISO for Africa and the Middle East at The HEINEKEN Company.

As security demands continue to grow, budgets, resources, and talent do not scale at the same pace. Security leaders must make deliberate choices, recognising that full coverage is neither feasible nor cost-effective.

In this Deep Dive Session, led by Omar Ali, CISO and IT Director at PostNL, we examine how to balance security ambitions with financial reality. Through a risk-based approach, we explore how security leaders can actively control and reduce costs.

The session focuses on identifying overspend, rationalising tooling, optimising the use of people and capabilities, and consciously accepting certain risks to avoid unnecessary expense.

Enjoy a variety of filled sandwiches and a warm snack, featuring five types of toppings. Including one fish option, three vegetarian choices and one vegan option, accompanied by a rotating warm snack, soup from the

Verspillingsfabriek, international salads, a dessert board, and fruit juices.

During lunch there is enough time for 1-on-1 meetings and networking with colleagues, solution providers, peers and speakers.

Upwind is a cloud security company focused on protecting cloud-native workloads at runtime.
Key topics:

• Cloud environments change constantly. Static scans and posture tools miss real threats.
• Boards want clarity on actual risk, not long vulnerability lists.
• Runtime insight bridges the gap between DevOps speed and security control.

AI is transforming the enterprise at breakneck speed — and with it comes a new identity challenge hiding in plain sight. AI agents are now reading sensitive data, making autonomous decisions, and triggering actions across critical systems. They’re powerful, fast, and often invisible to traditional IAM controls. In short: AI identities are rising, and most organizations aren’t prepared.

The Rise of AI Identities: How to Govern What You Can’t See — What Every Security Leader Should Prepare For

This breakout session reveals why AI agents are quickly becoming the most privileged and least understood identities in your environment. You’ll learn how AI-driven access sprawl happens, how attackers are already exploiting AI behaviors, and why existing governance models fall short.

Most importantly, we’ll outline the new rules for discovering, governing, and securing AI identities so your organization can innovate safely — without losing control of who (or what) has access.

ThreatLocker is a Zero Trust endpoint security platform that focuses on preventing attacks by default, rather than detecting them after the fact.

Learn from the experience of ThreatLocker

• Detection-only security is no longer enough against fast-moving ransomware.
• Zero Trust at the endpoint dramatically reduces attack impact and downtime.
• Boards care about prevention, resilience and business continuity — not just alerts.

Security leadership today requires more than technical controls and compliance checkboxes. Board members expect insight, control, and direction. In this deep dive session, we show how you can use GRC as a strategic leadership instrument. You will gain insight into:

• The contribution of GRC to decision-making at board-level
• How to focus on being “in control” rather than on compliance

Join your fellow security leaders in this deep dive to discover how GRC supports stronger security leadership and decision-making at board level.

In this Deep Dive Session, we bring security leaders together to explore how organisations can safeguard data in an environment where threats, regulations, and technologies evolve at high speed. Amir Vashkove is an Data Security Industry Leader. During this session he shares his experiences through the realities of building and maintaining resilient data protection and privacy capabilities at scale.

This interactive session encourages participants to actively exchange knowledge with peers, share practical experiences, and challenge each other’s assumptions. Together, we will explore what “robust” data protection really means today: from aligning privacy-by-design with business priorities to integrating modern detection, response, and governance practices. Key discussion themes include the human factor, data handling behaviour, and organisational accountability, offering a holistic view of what it takes to protect sensitive information in complex environments.

Enjoy a selection of refreshing lemonades and healthy smoothies, a cookie‑brownie treat, Bites We Love nut mixes, and mozzarella–tomato skewers.

Have 1-to-1 meetings, meet colleagues, solution providers, peers and speakers and share your gained knowledge!