Speakers

Ulf Berglund
Event Chairman - President, CSA Sweden Chapter

Chairman Opening Remarks

Ulf Berglund is the president of the Swedish chapter of CSA, Cloud Security Alliance, a worldwide organization. He is also co-author of the book Guide to the Cloud. Ulf has a long experience from leading positions in the field of information security. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.

Ralph Benton
Head of Information and IT Security, Karolinska Hospital

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Ralph Benton CISA,CRISC & CISM - has more than 15 years’ documented experience in information security-, IT security- and IT risk management both on a national and an international level. He is currently the Head of Information- and IT security at the Karolinska University Hospital which is one of Europe's largest university hospitals with 15 800 employees, 1 600 beds and a turnover of 18 billion SEK. Ralph is also responsible for the change management of implementing GDPR throughout the hospital. Prior to his current assignment at Karolinska University Hospital he held a position as “acting CISO and Group Information Security and IT Risk Manager” at Sandvik AB.  

Anna Forsebäck
DPO, Schibsted Media Group

GDPR & The Cloud

Are you worrying about the right things?  When talking about GDPR in the cloud-context, important aspects still tend to be forgotten. In this round table session, Anna together with the participants will discuss how we can approach the cloud in a more mature way - because this is not only a matter of security:

  • Hygiene factors - what are the the low hanging fruit that we should catch in the contract that will have big practical consequences on-wards?
  • Applying a privacy by design thinking to the cloud - how can that help us ensure that fundamental privacy principles are met?
  • Gerilla-use of apps and services across the company - whose problem and how to contain it?

Anna Forsebäck

Anna is a Stockholm-based lawyer specialized in tech and privacy who has recently taken on the challenge to set up a centralized, scalable DPO-office for all companies in the Media Division of Schibsted Media - a task that comprises some fifty companies in ten European countries. Annas experience includes both external counsel roles and, in-house legal counsel and DPO roles.

Anna Maria Björklund
Group DPO, Swedbank AB

Compliance & Governance

Anna Maria Björklund (CIPP/E, CIPM) is the Group Data Protection Officer for Swedbank. Previously working as a corporate lawyer in the financial and energy sectors, she has focused solely on the privacy aspects in banking since 2016 when she returned to Swedbank to take up positions as a privacy lawyer within information security and legal teams with Group-wide functional responsibility. The implementation phase of the GDPR brought with it both opportunities to work hands-on with practical implementation tasks as well as advising management on GDPR compliance and taking active part in structuring the bank’s privacy model. She has recently been part of starting up the Swedish Bankers’ DPO Network and is also a member of the Swedish Bankers’ Data Protection Interpretation Group.

Helena Örtholm
Group DPO, Tele2 AB

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Helena started out as a lawyer working for the Swedish House Owners Association assisting the organization and its members with property rights and civil law issues. After some years she shifted focus to personal data rights/privacy issues and contract law, information security and IT audits when started working at EY and then later on at Transcendent Group, and she has been working with these topics as a consultant for approximately 15 years before starting to work as Chief Security Officer at the former TDC in 2013. With the Tele2 acquisition of TDC Helena became CISO and DPO for Tele2 Sweden and with the re-organization of Tele2 due to the current merger with ComHem she now holds the role as Group Privacy Officer, Data Protection Officer for Tele2 Sweden and ComHem as well as expanding her role in driving the risk work within the organization in her new role as Head of Operational Risk Management.

Erik Blomberg
CISO, Handelsbanken

Prevention of cyber threats within the banking and finance sector - Panelist

Erik Blomberg is a Senior Vice President and head of Information- & IT-security (CISO) in Handelsbanken. He is a cybersecurity thought leader with an emphasis on enterprise risk management, business alignment and cybersecurity governance. Erik has close to 30 years in the IT-industry. First, six years as a consultant in Cap Gemini, before moving to Handelsbanken IT where he has had different management positions, latest as head of IT for Handelsbanken UK.

David Jacoby
 Senior Security Evangelist, Kaspersky Lab

What is your digital worth on the Black Market?

We all know Cyber attacks and data breaches are on the rise with no signs of slowing down yet we continue to behave irresponsibly. We still suck at protecting our online identities and cyber criminals know it. So, are we part of the problem? How are hackers and cyber criminals making money from stolen information and Why?

Takeaways:

  • In this presentation you will get a sense of how the cybercrime economy functions

David Jacoby

David joined Kaspersky Lab in 2010 as a senior security researcher for the Nordic and BeNeLux regions. He is based in Stockholm, Sweden, and is part of the Global Research and Analysis Team where his principle responsibility covers research and technical PR activities in the same regions.

David has about 15 years’ experience as an IT security professional. His current tasks often include vulnerability and security research. He has a background in performing penetration tests and security audits mostly on Unix and Linux platforms. He is also passionate about securing web applications. His research mainly focuses on improving public awareness of the threats we face. He is also a well-known speaker at the top security conferences around the world where he talks about current and pressing threats, and how we can improve awareness and fight cybercrime.

Prior to joining Kaspersky Lab, David worked in vulnerability research and vulnerability management. He held the role of senior security researcher, advisor and consultant at TrueSec AB. Before joining TrueSec AB in 2008, David worked for seven years at Outpost24, starting out as chief hacker and rising to vice president for customer experience by the time he left the company.

Dimitrios Stergiou
CISO, Trustly

Agile Application Security

A look at application security approaches that don't work in today's landscape, and a proposed approach that has yielded the best results so far. The session presents the basic approach for those who starters, and introduces the concept of DevSecOps for those who have already incorporated application security practices in their development lifecycle.

  • What application security approaches have been tried and failed?
  • What are the basics you need to cover when designing your application security approach?
  • How does a holistic application security approach look like?
  • What about DevSecOps, is it something we should be looking into?

Dimitrios Stergiou

Dimitrios is currently employed as the Chief Information Security Officer for Trustly. He is an experienced senior Information Security and Risk professional with over 20 years’ experience in Risk Management, IT audits and Information security. Before joining Trustly, Dimitrios held positions at Modern Times Group, NetEnt, Entraction, Innova S.A and Intracom S.A. Dimitrios holds a M.Sc. in Information Security and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional and Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional / Europe (CIPP/E).

Elin van Beesel
Senior Manager, GDPR, FCG AB

Incident Process - Round Table Moderator

How shall we actually define when a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons?

What does this mean in practice?

Do we have any examples from a data breach that resulted in such high risks and when the breach was also communicated to the data subject?

Elin van Beesel

Elin is a lawyer with nearly 20 years of experience in business law. Her speciality is GDPR and data privacy where she currently manages a wide range of GDPR compliance projects at group level. Elin is also appointed as Data Protection Officer for several FCG clients. Besides the client assignments Elin is also often engaged in educations and seminars within the data privacy sector.

Pasi Söderberg
CISO, FOREX Bank

Prevention of cyber threats within the banking and finance sector - Panelist


Pasi Söderberg

Pasi has been in leading roles within the IT- & Information security area the last 15+ years in several banks and within the armed forces. He is dedicated to build strong teams and use risk management to identifying and mitigating Cybersecurity threats to enable business success, currently at FOREX Bank as a CSO.

Johan Balck
Head of Information Security, Skanska AB

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Johan has over 16 years’ experience in the IT Security industry. He joined Skanska in 1996. Prior to his current role as CISO for Skanska Sverige AB, he has occupied different roles such as Information Security Manager, Business Architect, Senior Project Manager, IT Security Manager to mention but a few. In his spare time he is a well-known speaker at major sporting events in Sweden, for example: Stockholm Marathon, Halikko-Viesti, New Year's race, Runrundan, Lidingöloppet and championships in orienteering.

Martin Schaefer
Head of IT at Group Functions PostNord

Digital Transformation:How to develop a successful digital transformation strategy - Panelist

Martin is a business and technology leader with broad technological and information security background. During his career, Martin has worked at different international and global companies in different industry sectors such as energy and utility with the challenge to enable interconnection of information from critical infrastructure with consumer services across multiple actors, manufacturing paving its path into industry 4.0 and e-commerce and logistics, providing digital services in a heavily disrupted sector.

Georgios Kryparos
Head of Security, Tink

Prevention of cyber threats within the banking and finance sector - Panelist

Georgios is currently heading the security department at Tink. Prior to that he was the lead security engineer at Klarna working with everything from security architecture to devsecops and from an information security to an application security perspective. He has more than 14 years of experience in the field and he believes that security work should not be driven by compliance requirements.

John Wallhoff
President, ISACA, Sweden Chapter

Career paths into and within Cyber security

Organisations struggle with skills shortage where it is necessary to identify create career paths for both new and existing employees. There are a few  globally accepted professional security certifications like CISM and CISSP  by ISACA and CISSP by (ISC)² combined with issue or product specific certificates. You can also find some guidance in frameworks like COBIT, but to create a career path you should take a more holistic approach using skills frameworks like Europeane-Competence, SFIA and DASA.

Takeaways:

  • This presentation will provide guidance of where to go for a skill based approach to define career paths into and within cybersecurity

John Wallhoff

John Wallhoff (CISA, CISM, CISSP), President of ISACA Sweden Chapter & independent advisor. He is an experienced expert in the field of IT-Governance, IT Service Management and Information Security. Over the past 25 years he has been working with a wide range of organisations in different industries/sectors.

Janne Haldesten
Chairman, Sig Security

Cyber Attacks beyond financial interests – The Political Battlefield - Panelist

Janne Haldesten is the chairman of SIG Security. He is a fairly seasoned specialist working at Sectyne, a company which he also is the co-founder of. Janne has close to two decades of domain experience where he has worked as an adviser and expert to various government organisations and corporations nationally and internationally in matters relating to technical cybersecurity, information assurance, national security, cyberspace operations and critical infrastructure protection. 

Richard Oehme
Chairman of Cyber Group, SOFF

Cyber Attacks beyond financial interests – The Political Battlefield - Panelist

Richard Oehme is currently chairman of SOFF’s Cyber Group and he is also Director Cyber security and Critical infrastructure Protection at PwC's Sweden business area Cyber security, risk and resilience. He has over 30 years of experience in Security policy, Crisis preparedness, Civil Defence, Cyber security, Intelligence operations and in the protection of Critical infrastructure as well as years of experience regarding national policy making. Richard has held high senior positions such as: Special Advisor for Intelligence co-ordination in the Ministry of Defence, Deputy Director and Head of IT -and Protective Security in the Swedish Government, Senior Advisor and Head of  Analysis Section & Crisis Management in the Prime Minister's Office to mention but a few. Over the years this has given him a unique insight in national and international security policy and how to build sustainable security solutions in a changing world.

    Åke Holmgren
    Head of Cybersecurity Division, MSB

    Cyber Attacks beyond financial interests – The Political Battlefield - Panelist

    Dr. Åke Holmgren is head of the Cybersecurity and Critical Infrastructure Protection Department at the Swedish Civil Contingencies Agency (MSB). Dr. Holmgren has more than 20 years of experience in cyber security and critical infrastructure protection from various government functions in Sweden. He has been a member of the Norwegian Commission on the digital vulnerability of society. Dr. Holmgren has been Visiting Scholar at the Institute for Civil Infrastructure Systems, Wagner Graduate School of Public Service, New York University. He holds a Ph.D. degree in Risk and Safety Analysis and a M.Sc. degree in engineering, both from the Royal Institute of Technology (KTH) in Stockholm, and a B.Sc. degree in business administration and economics from Stockholm University. At Paranoia 2019 Dr. Holmgren will give the talk "Countering Hybrid Threats - Civil Cyber Defence".

    Brian O' Toole
    CISO, ERICSSON

    Coming soon

    Brian has been at Ericsson since 2005, working across several different areas including software development, product management and information security. Has been the CISO since 2015, and he is primarily focussed on integration of Information Security Risk Management across Ericsson, which is one of those things that is easy to say, but difficult to do in an organisation of over 100,000 people.

    Jabu Mtsweni
    Research Group Leader, CSIR

    SECURITY OPERATIONS CENTER (SOC)

    Dr Jabu Mtsweni is a Research Group Leader for Cyber Defence at the CSIR, Research Fellow at University of South Africa and Advisory Board Member at Tshwane University of Technology and ITWeb Security Summit. He is also the Information Warfare Capability Board member at the Department of Defence (South Africa). His research interests and technical expertise are in cybersecurity, cybercrime, socially relevant computing, and internet of things. He has over 16 years academic and industry experience and has published over 60 peer-reviewed conference and journal papers both in local and international forums. Dr Mtsweni is regularly invited and contributes at local and international forums. Dr Mtsweni has received a number of research and excellent awards for his research work, leadership, human capital development and community engagement.

    Registration Starts

    40min

    "Cloud Security Alliance Breakfast Seminar"

    30min

    Event Chairman - CSA, Swedish Chapter

    10min

    Career paths into and within Cyber Security

    Organisations struggle with skills shortage where it is necessary to identify create career paths for both new and existing employees. There are a few  globally accepted professional security certifications like CISM and CISSP  by ISACA and CISSP by ISC2 combined with issue or product specific certificates. You can also find some guidance in frameworks like COBIT, but to create a career path you should take a more holistic approach using skills frameworks like Europeane-Competence, SFIA and DASA.

    Takeaways:

    • This presentation will provide guidance of where to go for a skill based approach to define career paths into and within cybersecurity
    20min

    Client Case-Study - ERICSSON

    20min

    Agile Application Security

    A look at application security approaches that don't work in today's  landscape, and a proposed approach that has yielded the best results so far. The session presents the basic approach for those who starters, and introduces the concept of DevSecOps for those who have already incorporated application security practices in their development  lifecycle.

    • What application security approaches have been tried and failed?
    • What are the basics you need to cover when designing your application security approach?
    • How does a holistic application security approach look like?
    • What about DevSecOps, is it something we should be looking into?
      20min

      Panelist: Cyber attacks beyond financial interests – The Political Battlefield, Åke Holmgren - MSB

      Panelist: Jane Haldesten - Sig Security

      10min

      Panelist: Richard Oehme - SOFF

      30min

      COFFEE BREAK

      30min

      Client Case-Study (Reserved)

      30min

      Client Case-Study (Reserved)

      30min

      PANEL: How can ISO27001 Support your GDPR & compliance with other regulatory requirements

      Panelist: Ralph Benton - Karolinska Hospital

      5min

      Panelist: Helena Örtholm - Tele2 Sverige AB

      Panelist: Johan Balck - Skanska AB

      10min

      GDPR & CLOUD - Round Tale Moderator

      Are you worrying about the right things?  When talking about GDPR in the cloud-context, important aspects still tend to be forgotten. In this round table session, Anna together with the participants will discuss how we can approach the cloud in a more mature way - because this is not only a matter of security:

      • Hygiene factors - what are the the low hanging fruit that we should catch in the contract that will have big practical consequences on-wards?
      • Applying a privacy by design thinking to the cloud - how can that help us ensure that fundamental privacy principles are met?
      • Gerilla-use of apps and services across the company - whose problem and how to contain it?
        10min

        Incident Process - Round Table Moderator

        • How shall we actually define when personal data breach is likely to result in a high risk to the rights and freedoms of natural persons?
        • What does this mean in practice?
        • Do we have examples from a data breach that resulted in such high risks and when the breach was communicated to the data subject?
        30min

        Breakout Session: What is your digital worth on the Black Market?

        We all know Cyber attacks and data breaches are on the rise with no signs of slowing down yet we continue to behave irresponsibly. We still suck at protecting our online identities and cyber criminals know it. So, are we part of the problem? How are they making money from stolen information and Why?

        Takeaways:

        In this presentation you will get a sense of how the cyber crime economy functions

        30min

        Round Table Discussion Topics

        • Argument for IoT Security Framework 
        • A look at banking regulations amidst increased cyber threats 

        Compliance & Governance - Round Table Moderator

        The GDPR did unfortunately not come with an easy-to-use manual on how your organisation should implement and govern GDRP issues, but left it to you to figure out with only the help of some requirements about appointing DPO’s and the need to do impact analyses which does not take you far. It is also clear that a privacy model suitable for one organisation could prove unnecessary burdensome for another. In this round-table discussion we dive into the challenges and solutions around internal privacy governance models and touch on the subject of effective privacy maturity tracking.

        • Which department shall take the GDPR lead?
        • How do we make decision-making and documentation around privacy easy and effective?
        • How do we track privacy maturity and compliance in our organisation?
        5min

        LUNCH BREAK

        60min

        Client Case-study (Reserved)

        30min

        Client Case-Study

        30min

        PANEL: Prevention of cyber threats within the banking and finacial sector - Erik Blomberg, Handelsbanken

        Panelist: Georgios Kryparos - Tink

        5min

        Panelist: Pasi Söderberg - FOREX Bank

        Round Table Discussion Topics

        • Managed Security Services
        • IAM & IGA 
        • Need for increase information security training & awareness
        • Endpoint Security
        • Fraud prevention
        • DDoS attack prevention & detection tools
        30min

        COFFEE BREAK

        30min

        PANEL: Digital Transformation - How to develop a successful digital transformation strategy - Panelist

        30min

        Panelist: Martin Schaefer- PostNord

        Career paths into and within the Cyber Security

        Key takeaways on this round table:

        • How do you get new talents to be involved in cybersecurity and provide them with necessary skills and mindset?
        • How to motivate existing staff  to stay and continue to evolve in the cybersecurity profession

         

        10min

        Round Table Discussion Topics

        • AI & Machine Learning
        • Blockchain Applications
        • Data Center Security 
        • Cyber Threat Intelligence
        • Managing IoT Connectivity
        10min

        Security Operations Center (SOC) - Round Table Moderator

        Closing Keynote

        30min

        Chairman Closing Remarks - CSA, Swedish Chapter

        10min

        NETWORKING COCKTAIL RECEPTION STARTS

        60min

        25 April 07:30 - 18:307A Odenplan

        It’s our pleasure to welcome you at the 3rd Edition of the IT Security Insights conference that is for the first time being organised in collaboration with the Cloud Security Alliance, Sweden Chapter. We believe the partnership is a win-win for both the IT Security Insights Conference and CSA since we both share a mutual objective of creating awareness of challenges and trends for almost the same target audience. The ultimate goal for co-hosting the event with CSA is to help boost and promote the use of best practices for providing security assurance within Cloud Computing on the  Swedish market.

        The conference is going to be more insightful with more speakers and bigger than before with a combination of presentations, panel debates and round table discussions to boost increased interactions between vendors and users of IT/Cloud Security Services.


        7A Odenplan is an accessible and modern venue occupying a floor plan of 2000 sqm with a large courtyard. It offers flexible rooms, good food and a roof terrace that overlooks Odengatan with a fantastic panoramic view of the city of Stockholm.

        7A Odenplan has a perfect city location with subway, commuter train and most city buses a few steps from the entrance. those who intend to drive a car, there is a parking garage in the house below with direct access up to the meeting room. Warm welcome!

        Address: Norrtullsgatan 6, 113 29 Stockholm Visit venue at: http://www.7a.se/konferenseven...

        By Subway from T- Centralen: • Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby and Hässelby Strand.

        • Get off at Odenplan - approx travel time 4 minutes.

        • From the Subway station it takes 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time. There is a subway going every 5 minutes.

        By Train from Central Station • Take the commuter train from Stockholm Central towards any of the following destinations: Märsta, Kungsängen, Uppsala and Arlanda Airport.

        • Get off at Odenplan station - approx travel time 4 minutes

        • From the underground it will take at least 3 minutes’ walk to get out of the station. Then approx. 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.

        • The commuter trains go 4-6 times per hour.

        By car Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden

        By taxi We recommend the following companies: Taxi Stockholm +46 88-15 00 00 Taxi Kurir + 46 88-30 00 00 Taxi 020 + 46 20-20 20 20