Programme

The Heliview team will welcome you to Supernova (Jaarbeurs), Utrecht centrally located directly next to Utrecht Central Station.

In addition to being easily accessible by public transport, the venue has:

• 3.000+ parking spaces with 40+ charging points. Parking ticket is included in the free end-user ticket.

• Enjoy cookies from the Koekfabriek, a selection of sweets, mini cinnamon rolls, mini börek with spinach and cheese, and a New York croissant roll, while fresh coffee and tea are waiting for you!

Martijn Hoogesteger is a Digital Detective from the TV Program Hunted. Besides being a digital detective he is a cybersecurity expert. Martijn opens the conference with “The Connection Kickoff”. This interactive networking session will break the ice and is the starting point of meaningful connections.

The Connection Kickoff is the perfect opportunity to meet fellow security leaders, share your interests, and start expanding your network of peers who can inspire and support you during and beyond the conference. Let’s make the first connection count!

We open the conference with an interactive panel discussion on technical and operational sovereignty. As organisations increasingly rely on complex architectures, cloud platforms, and strategic vendors, maintaining control over technology, operations, and risk becomes a key leadership challenge.

From an architecture and risk management perspective, the panel explores what sovereignty means in practice and addresses the difficult choices security leaders face, the dependencies they inherit or create, and the moments where control, accountability, and risk exposure must be deliberately accepted, or challenged.

Building a security program whether from zero in a lean startup or rebooting one in a mature organization is as much about context as it is about controls. There’s no one-size-fits-all blueprint, but there is a repeatable framework that adapts to your organization’s size, risk profile, and growth trajectory.

In this talk, I’ll walk through a practical, four-phase model that helps you build or rebuild security with clarity and purpose. From facing the right direction, to getting the basics right, embedding them sustainably, and if needed scaling to a more strategic and advanced level.

• Network with peers, speakers and partners.
• The first round of scheduled 1-to-1 meetings take place.
• Check your EventManager for your personal programme.

As security demands continue to grow, budgets, resources, and talent do not scale at the same pace. Security leaders must make deliberate choices, recognising that full coverage is neither feasible nor cost-effective.

In this Deep Dive Session, led by Omar Ali, CISO and IT Director at PostNL, we examine how to balance security ambitions with financial reality. Through a risk-based approach, we explore how security leaders can actively control and reduce costs.

The session focuses on identifying overspend, rationalising tooling, optimising the use of people and capabilities, and consciously accepting certain risks to avoid unnecessary expense.

Threats are exponential, AI is only accelerating, and “cloud-first” is no longer a distant vision, but the reality of every global enterprise.

Join Commvault EMEA CTO, Mark Molyneux, as he shares powerful insights into the constantly evolving cyber-attack surface and demonstrates the importance of why a focus on creating an optimised cyber resiliency strategy is imperative.

Key learnings:

• Understanding why unified resilience across security, identity, and recovery teams is critical to defeating modern attackers who exploit organizational silos
• Why clean recovery matters more than fast recovery and how AI-driven techniques can surgically remove compromised data to prevent reinfection
• How to prepare your organization for the agentic enterprise, where autonomous AI systems require new governance and protection strategies
• Why hybrid infrastructure is permanent, and how to implement resilience strategies that work seamlessly across cloud, SaaS, and on-premises environments

Discover how to transform cybersecurity from a cost center into a business enabler through practical insights from three perspectives. In this session, Jules shares hands-on strategies to build measurable cyber resilience using a modern, AI-driven security platform, while providing concrete takeaways for different stakeholders:

• For Executives: Learn how to communicate cyber risks in business terms that drive strategic decision-making and board-level conversations. Discover how advanced cyber risk quantification translates technical vulnerabilities into measurable business impact metrics that resonate with the board and other stakeholders.
• For CISOs: Gain actionable frameworks to achieve centralized visibility across the entire attack surface. Learn how cyber risk management enables you to prioritize remediation, demonstrate compliance, and align security initiatives with business priorities through data-driven decision-making.
• For SecOps Teams: Experience how AI-native security operations can dramatically improve efficiency and response times. Explore next-generation SIEM capabilities (processing any log type within three hours) and intelligent security orchestration that automates decision-making and accelerates incident response in the SOC.

Enjoy a variety of filled sandwiches and a warm snack, featuring five types of toppings. Including one fish option, three vegetarian choices and one vegan option, accompanied by a rotating warm snack, soup from the

Verspillingsfabriek, international salads, a dessert board, and fruit juices.

During lunch there is enough time for 1-on-1 meetings and networking with colleagues, solution providers, peers and speakers.

In this Deep Dive Session, we bring security leaders together to explore how organisations can safeguard data in an environment where threats, regulations, and technologies evolve at high speed. Amir Vashkove is an Data Security Industry Leader. During this session he shares his experiences through the realities of building and maintaining resilient data protection and privacy capabilities at scale.

This interactive session encourages participants to actively exchange knowledge with peers, share practical experiences, and challenge each other’s assumptions. Together, we will explore what “robust” data protection really means today: from aligning privacy-by-design with business priorities to integrating modern detection, response, and governance practices. Key discussion themes include the human factor, data handling behaviour, and organisational accountability, offering a holistic view of what it takes to protect sensitive information in complex environments.

Enjoy a selection of refreshing lemonades and healthy smoothies, a cookie‑brownie treat, Bites We Love nut mixes, and mozzarella–tomato skewers.

Have 1-to-1 meetings, meet colleagues, solution providers, peers and speakers and share your gained knowledge!

Security leadership today requires more than technical controls and compliance checkboxes. Board members expect insight, control, and direction. In this deep dive session, we show how you can use GRC as a strategic leadership instrument. You will gain insight into:

• The contribution of GRC to decision-making at board-level
• How to focus on being “in control” rather than on compliance

Join your fellow security leaders in this deep dive to discover how GRC supports stronger security leadership and decision-making at board level.

AI-driven threats such as deepfakes, voice cloning and automated phishing are rapidly reshaping the cyber-risk landscape. In this interactive 55-minute deep dive session, you will explore how HEINEKEN tackles these emerging risks.

Join your peers in this interactive session, where you are actively challenged to analyse real-world scenarios, assess AI-powered deception techniques and consider how your own organisations would respond.

The session offers a concise, practical look at how deepfakes and voice cloning work, why they are so effective in social engineering, and which controls deliver the fastest security impact.

This session is led by Gustavo Maniá, Information Security and Risk Manager and Regional CISO for Africa and the Middle East at The HEINEKEN Company.