In-Person

DACH CISO Community

Executive Summit

26 November 2024 | Hilton Frankfurt City Centre

26 November 2024
Hilton Frankfurt City Centre

Governing Body Agenda Location Sponsors Contact

Governing Body Co-Chairs

Christoph Bernius

Allianz
CISO

Sascha Brock

Deutsche Post
VP CISO

Nikk Gilbert

RWE
CISO

Jimmy Heschl

Red Bull
Global Head of Digital Security

John Petersen

Nestlé
CISO

Aleksandar Radosavljevic

Global Fashion Group
CISO

Judith Wunschik

Siemens Energy
Global Chief Cybersecurity Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your DACH CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

/ 3

Agenda

25 November 2024

evening

26 November 2024

morning afternoon evening

18:00 - 21:00 Governing Body Reception

Governing Body Private Dinner

Join this exclusive evening hosted by the Governing Body, this dinner is a can’t-miss opportunity to connect with your peers prior to tomorrow’s Executive Summit.

08:00 - 09:00 Registration & Breakfast

09:00 - 09:45 Keynote

Strategic Leadership and the CISO — Championing a Smart, Digital and Secure Future

Nikk Gilbert

CISO

RWE

Today’s CISOs face lofty expectations and a changing set of skills necessary to be successful. They are expected to deal with sophisticated AI-enabled attack techniques, manage high levels of ambiguity, align with corporate objectives and the list goes on. To meet this moment, how can CISOs support their business to enable secure digital business in complex organisations? Join Nikk Gilbert, CISO at RWE as he shares his stories, and recommendations, about how CISOs can lead their organisations towards a sustainable future enabled by technology. Specifically, Nikk will share his thoughts into:

Driving Business Transformation through security at RWE
Maintaining control over the narrative of emerging technologies, like AI to drive secure business
Forging partnerships across the business to drive positive change and security awareness

09:45 - 10:00 Break

10:00 - 10:45 Breakout Session

Modern Workforce, Modern Security Strategy — Secure Enterprise Browsing to Protect Organisations

Hjalmar Lundin

Nordic & DACH Lead - Chrome Browser Enterprise

Google Chrome Enterprise

Kai Riecke

CISO

Knorr-Bremse AG

Ralf Kleinfeld

Information Security Officer

Otto Group

Jimmy Heschl

Global Head of Digital Security

Red Bull

Remote and hybrid work models open the door to a new wave of browser-based cyber threats. With sensitive data constantly flowing online, businesses face escalating risks and costly attacks. This session explores how to fortify your business against cyberattacks by securing the browser—the gateway to your sensitive data—all without disrupting the flow of work.

Join this session and hear from your peers about:

The browser's role in a business's security strategy
How the browser can secure your workers and company data on managed or non-managed devices
Managing resources for cybersecurity in a time of economic uncertainty

10:00 - 10:45 Breakout Session

CISOs & Security Posture — How to Stop the Attack Before it Happens

Tilman Epha

Director of Sales

XM Cyber

Stefan Höller

CISO

SVD Büromanagement

The cyber threat landscape continues to grow, and CISOs need to make faster, more confident decisions about which exposures to fix and which to safely ignore. With 82% of security leaders reporting an increasing gap between vulnerabilities/exposures and their ability to address them, what are the strategies CISOs should employ to continually improve their security posture? Join this session to learn how continuous threat exposure management (CTEM) strategies can greatly enhance security posture. Specifically, you’ll hear:

Why the disconnect exists and CTEM’s 5-step approach.
How to reduce risk and increase efficiency with a comprehensive exposure management approach.
How to measure and report security posture gains to the board

10:00 - 10:45 Executive Boardroom

Risk to the Nth-Party Degree

Rigo Van den Broeck

EVP, Cyber Security Product Innovation

Mastercard

Jochen Klein

CISO

1&1 Telecommunication SE

Michael Fontner

Head of Global IT Security

Herrenknecht AG

Steffen Hoffmann

CISO

Boehringer Ingelheim

Third party relationships are closest and may prove to be the most tangible risks to your business, yet the whole supply chain of your business partners still pose a substantial threat. Most organisations’ vendor relationship extend to the 8th party. CISOs need to understand this web of connectedness in order to better manage and communicate enterprise risk.

Join this session to discuss:

Gaining visibility into risk across the whole supply chain
Strategies for effective risk management and monitoring business partners
Overcoming resource challenges to prioritise third party risk

10:00 - 10:45 Executive Boardroom

Embedding Resiliency with Business Continuity Management

Christian Reilly

Field CTO

Cloudflare

Thomas Gigerl

CISO

ARXADA

Michael Ebner

Group CISO & Director Information Security

EnBW

Sybil Kleinmichel

ICT Risk Management Specialist, Managing Director

Commerzbank

For many organisations, the question isn't if they'll be attacked, but when and, crucially, how it will happen. IT and Security leaders must address the evolving nature of cyberthreats and work with business counterparts to continuously update their strategies and mitigate the risks of distributed work, cloud adoption, and third-party code.

This discussion will focus on comprehensive strategies security and IT leaders should use to embed resilience within business continuity management and protect sensitive data in a world where attacks are inevitable. Specifically, you’ll discuss:

Understanding your risk profile through scoring, analysis and metrics to prioritise response
Protecting sensitive data sets to ensure business continuity in the face of changing compliance
Engaging business partners to foster a culture of shared responsibility when keeping the business secure

10:45 - 11:50 Networking Break

10:55 - 11:40 Peer-to-Peer Meetings

Peer-to-Peer Meetings

11:50 - 12:35 Breakout Session

A Tale of Two Incidents from the Front Lines — the Small Rock that Diverted the Mightiest Flood

David Gray

Director, Client Leadership, EMEA

Sygnia

The impactful role of small and simple changes in safeguarding organisations can make all the difference when beating attackers and staying secure. Through a comparison of two real-life attacks by the same threat actor, witness how seemingly basic and obvious measures like awareness, effective tool usage, and swift response can prevent major disasters. Hear about a compelling example that sometimes, the simplest solutions stand as the strongest defense against cyberattacks. During this presentation, you will learn:

The impactful role that small and simple changes can make in safeguarding organisations
How a swift response is critical when preventing major disasters
The measures, tool usage and reporting needed to beat attackers and stay secure

11:50 - 12:35 Breakout Session

Conflicts in Trust — An Exploration of Who the CISO can Trust

Kevin Leusing

EMEA Chief Technologist

Proofpoint

We trust that trains will run on time and weather forecasts are accurate. But when it comes to cybersecurity, we must navigate conflicts in trust to best secure our organisations. As a CISO, trust comes in many forms, such as the trust you place in your employees to remember their security training, how you trust cybercriminals to return your ransomed data and how you trust your suppliers to care about their security posture as much as you care about yours.

This is no traditional session; this will be a competition, where you’ll be tasked with choosing the right risk mitigation option as our gamemaster takes you from one scenario to the next. Will you choose the option favoured by our gamemaster? Or will you identify the Darwin Award?

Are you putting your trust in the right places? In this session, you'll:

Identify four key elements of trust in cybersecurity
Discuss and evaluate risks, implications, and mitigations for each key element
Develop a Trust Matrix that you can complete for your organisation

11:50 - 12:35 Executive Boardroom

Unleashing AI Potential by Empowering Security Teams as Business Innovators

Maximilian Siegert

Solutions Engineering Manager, EMEA

Wiz

Christoph Peylo

Chief Cyber Security Officer

Bosch

Robert Poehlmann

CISO

Voith

Nearly every organisation today faces the challenge of shadow AI — unauthorised or unsanctioned AI tools being used within the organisation. CISOs must address shadow AI through robust governance programmes to ensure security and compliance. According to Wiz, 70% of organisations use cloud-based AI services, yet many struggle with effective governance. By empowering their security teams, organisations can create a secure framework that accelerates AI innovation and protects cloud assets.

Join this Executive Boardroom to explore strategies to:

Identify and manage shadow AI within your governance framework
Discover priority use cases for cloud-based AI services
Learn how to support AI adoption while maintaining robust cloud security

11:50 - 12:35 Executive Boardroom

Securing SaaS — Tackling Key Vulnerabilities Across an Evolving Attack Surface

Brandon Romisher

VP EMEA

AppOmni

Tim Reichert

ISO

SPS Solutions

Nikk Gilbert

CISO

RWE

Linus Plum

CISO

Aldi Süd

SaaS applications power today’s business, and downtime or compromise will pause operations. Despite the increase in SaaS-first strategies, Security teams continue to rely on perimeter-based SASE and IDP solutions which do not match the complexity of the SaaS-native attack surface. This boardroom will encourage you to look inside your SaaS systems to match secure configuration with advanced detection and response capabilities. Specifically, you will discuss how to:

Bypass Zero Trust strategies and the mitigating controls to consider
Advance your detection & response programme to maintain a cohesive security posture
Ensure your metrics to measure SaaS Security are effective to keep up with attack surface

12:35 - 13:30 Lunch Service

13:30 - 14:15 Keynote

The CISO’s Guide to Navigating Complexity in IT/OT Security

Christoph Schuhwerk

CISO in Residence — EMEA

Zscaler

Ibrahim Köse

CISO

TÜV Rheinland

CISOs today face a Gordian Knot of complexity when it comes to their organization's IT/OT security. This complexity is the source of many of their problems for reliability, usability, and security. Learn how two strategic paths for streamlining your security stack to a selection of highly versatile partners can help empower security teams and simplify architecture to better protect critical connected devices.

Join this session to learn:

How to consolidate your security stack to a few central platforms by leveraging the unique abilities of each
How to free application teams to take control over their entire value chain and delegate meaningful decisions on development speed and cybersecurity
How modern platforms enable consolidation and a DevSecOps “shift-left” approach through revolutionary architecture

14:15 - 14:30 Break

14:30 - 15:15 Breakout Session

AI Opportunities and Risks for Information Security — Insights from Allianz

Christoph Bernius

CISO

Allianz

With the rise of AI and GenAI in particular, a wide range of opportunities and chances but also risks have been emerging from an information security perspective. For instance, AI can greatly enhance the efficiency and effectiveness of fraud and anomaly detection but also eases phishing campaigns and malware implementation.

Join Christoph Bernius, CISO for Allianz in Germany, where he will showcase the opportunities and risks introduced by AI and Allianz's expertise in utilizing AI inter alia for fraud detection, defense strategies, and regulatory compliance.

Join us to discuss:

AI Opportunities and Risks — Understand AI use cases, associated opportunities and risks, and leverage the potential of AI for effective risk and information security management. Furthermore, explore AI's capabilities for regulatory assessments and compliance
Enhancing Cybersecurity – Discover how AI can enhance information security and improve decision-making processes, and its usability for the CISO community
Usage of AI within Allianz — Discover how Allianz uses AI to increase the practical security level but also to address regulatory topics. Get insights into new developments and projects involving AI

14:30 - 15:15 Executive Boardroom

Thriving Through Economic Uncertainty with Effective Cost Optimisation

Amir Ofek

CEO, AxoniusX

Axonius

Hugo Sobrino

Chief Information Security Officer

State of Neuchâtel

Gerald Schremser

CISO

Prinzhorn Holding GmbH

In an era of economic uncertainty, organisations are facing intensified scrutiny over budgets across all departments, including security. As CISOs reassess technology investments, cybersecurity teams are challenged to achieve more with less. This necessitates a strategic approach to cost optimisation and resource allocation. To navigate these challenges, CISOs must prioritise the automation of manual tasks and leverage existing tools and assets effectively.

Join this session to discuss:

Identifying the types of cost inefficiencies in your security team
Develop strategies to optimise costs and showcase ROI during financial challenges
Embrace modern cybersecurity asset inventory for cost optimisation and enhanced protection

14:30 - 15:15 Executive Boardroom

Identity Threat Protection — Driving Continuous Protection and Consistent Security

Thomas Heinz

Senior Manager, Solutions Engineering

Okta

Richard Kearney

CISO

Octapharma

Oliver Juncker

Head of Cybersecurity Governance | Smart Infrastructure

Siemens

Identity is under attack - over 80% of all attacks are identity related. Phishing, credential theft, and account takeovers are common tactics that a traditional SIEM might miss because it’s primarily designed to aggregate and correlate logs rather than detect nuanced identity-related behaviors. This, in combination with the fast advancement of AI technologies mean CISOs need to tackle more sophisticated attacks such as phishing attempts to deepfake identities.

How do CISOs keep a pulse on tools and capabilities to assess their organisation’s cybersecurity posture? Join this boardroom to discuss:

Managing and securing all identities in a fast moving technology environments
Crafting strategies to navigate the intersection of AI and IAM
Balancing high expectations across the organisation to keep identities secure

15:15 - 15:45 Networking Break

15:45 - 16:30 Breakout Session

Black Basta Ransomware Threat Landscape — Prevention and Protection for High-Value Targets

Ashar Javed

CISO

Hyundai AutoEver Europe GmbH

The rise of ransomware attacks targeting high-value assets is reshaping the cybersecurity landscape. Black Basta, a double extortion ransomware group, underscores the critical need for prevention over cure. By analyzing real-world examples of their methods, organisations can learn how to stop these attackers in their tracks without disrupting operational efficiency.

For CISOs and security leaders, this is the time to fortify defenses—working during “peace times” ensures that when the storm hits, your efforts will bear fruit, allowing your organisation to weather the crisis. Join Dr.-Ing Ashar Javed, CISO at Hyundai AutoEver Europe, as he shares insights from extensive research and real-world experiences defending against Black Basta. This session will explore:

Methods and initial access vectors used by Black Basta to infiltrate networks
Tools and techniques for lateral movement and critical asset identification within compromised environments
Communication utilities leveraged by attackers and the steps needed to fortify your defenses

15:45 - 16:30 Breakout Session

Gamifying Cybersecurity — A Day in the Life of a Cybercriminal 2.0

Ad Krikke

Executive Partner

Gartner

Despite efforts from phishing simulations and security awareness campaigns, the human factor remains a key vulnerability in organisations’ line of defence. CISOs must execute a cross-functional educational strategy to shift employee behaviour from reactive to preventive. The best way to do this is to frame the challenges through the eyes of the attackers themselves. Join this interactive workshop for an “out-of-the-box” approach that will inspire you on how to engage top management on the topic of cybersecurity, regulation and risk. Specifically, you’ll cover

Strategies to boost cybersecurity awareness across the organisation and mitigate cyberattacks
How the mind and ‘logic’ of a cybercriminal works to understand how to better build your defence
Drive the narrative that cybersecurity is not just an IT issue, but an everyone issue

15:45 - 16:30 Executive Boardroom

Resilient and Secure IT — Safeguarding your Digital Future Through Compliance and Governance

Daniel Schatz

CISO

Qiagen

As the regulatory landscape evolves, particularly with the introduction of the NIS2 Directive and the Cyber Resilience Act (CRA), organizations face increasing pressure to prioritize the cybersecurity of both their services and products. Regulatory bodies are tightening compliance requirements to protect critical infrastructure and digitally enabled products from growing threats. CISOs must re-evaluate their programs to align with these heightened regulatory expectations, ensuring they are prepared for both compliance and a rapid response when new threats emerge.

Join this boardroom session to share your views and discuss strategies on how to:

Prepare your compliance framework to incorporate changing reporting requirements
Adopt a Secure by Design mindset to strengthen your risk assessment process
Streamline resources to create flexibility when acting on a threat and remain compliant

16:30 - 16:45 Break

16:45 - 17:30 Keynote

Thriving Through Disruption — Leveraging Neuroscience for Resilient Leadership

Marcia Goddard

Founder & CEO, Brain Matters

Guest Speaker

Change management and psychological safety are crucial for CISOs as they navigate the ever-evolving landscape of technology. Effective change management ensures smooth transitions, minimising disruptions and maximising productivity, while psychological safety fosters an environment where employees feel empowered to take risks, share ideas and collaborate, leading to enhanced problem-solving and innovation.

Join Dr. Marcia Goddard, Founder & CEO of Brain Matters, as she discusses:

Exploring how the brain deals with change and the impact it has on performance
Understanding the neuroscience behind psychological safety
Cultivating psychological safety within your organisation

17:30 - 18:00 Closing Comments and Prize Drawing

25 November 2024

evening

26 November 2024

morning afternoon evening

Apply to Participate

Already a Member? Sign In

Apply to participate in the DACH CISO Community Executive Summit.

Gartner facilitates exclusive, C-level communities by personally qualifying and understanding the priorities, challenges and interests of each member.

Our selective approach maintains the high quality of the network and ensures top-level discussions with peers from the world’s leading organizations.

Each application will be reviewed, and once your participation is confirmed, you will have access to year-round community programs.

Community Member Criteria

To ensure peer connections and conversations at the highest level, members must meet the following criteria:

- C-level or senior most executive for respective function

- Organization revenue of $500M+

Exceptions are considered.

I meet the criteria above

I would still like to be considered

My contact information is….

First Name*

Last Name*

Organization*

Title*

Corporate Email Address*

Best Contact Number*

Organization Revenue *

You agree to our Privacy Policy and T&Cs, which includes sharing your contact details with your peers and sponsors.

Form contains errors, please review the above

Step

We look forward to seeing you at an upcoming in-person gathering

Gartner cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location

Venue & Accommodation

Hilton Frankfurt City Centre

More Information

A block of rooms has been reserved at the Hilton Frankfurt City Centre at a reduced conference rate. Reservations should be made online or by calling 69-133800.

Deadline to book using the discounted room rate of €260 EUR (plus tax) is 4 November 2024.

Reserve Room