Speakers

---

Keynote spreker - Podium I: NIS2 – Building up resilience in the EU’s critical sectors

Hans de Vries - European Union Agency for Cybersecurity (ENISA)

Taal/Language: Engels/English

Content:
In this talk we will give the EU perspective on the EU’s critical sectors, the different activities at EU level to increase resilience, the ENISA work supporting the implementation of the NIS2, including a sneak peak into the NIS2 security measures and incident reporting frameworks. At the end of the talk there will be a discussion with the audience about some open questions: How to make sure the NIS2 get implemented efficiently and effectively on the ground in the critical sectors. How to make the cybersecurity incident reporting process practical and workable for companies? How we can collaborate on resilience, forming a partnership between national authorities, national CSIRTs, and industry? What can national authorities and national CSIRTs do to support the sectors with increasing resilience?

About Hans de Vries:

Hans de Vries is the Chief Cybersecurity and Operations Officer (COO) at the EU Agency for Cybersecurity (ENISA) since April 2024. Hans provides guidance and direction on the Agency’s operations activities and strategically advises the Executive Director.

Hans specifically represents ENISA in the NIS Cooperation Group, the European Cyber Crisis Liaison Organisation Network (EU-CyCLONe) and the CSIRTs Network, which is composed of CSIRTs appointed by EU Member States and CERT- EU. His primary focus is the NIS2 implementation in the EU Member States and thereby helping to strengthen the current state of cybersecurity in Europe.

Prior to this role, Hans was the director of the Dutch National Cyber Security Centre (NCSC-NL) for almost a decade. In this position, Hans was a member of the ENISA Management Board and Executive Board. He was also one of the main organisational forces behind The Hague’s ‘ONE Conference’, which is among Europe's prime cybersecurity events.

Hans’ prior working experience includes a top management position at the General Intelligence Services (AIVD) and the Ministry of the Interior and Kingdom Relations (BZK), where he served as head of the ‘ICT Management Division’ and head of ‘Operational Management Coordination’. He has also extended working experience in the ICT security domain at an inter-ministerial and international level gained while in the Ministry.

Hans has a law degree from Leiden University in the Netherlands and began his professional career in the private sector, before working for the Dutch central government in 2002.

---

Podium I: The Cybersecurity revolution of Dutch Railways

Dimitri van Zantvliet - Dutch Railways

Taal/Language: Engels/English

Content:
Dutch Railways has ten security/safety domains embedded in their DNA where cybersecurity is just the youngest kid on the block. How did cyber evolve in the railway domain and what drives the CISO’s strategic roadmap? Learn from one of the Netherlands largest organizations how they build on their digital resilience and how they foresee AI to radically change the landscape.

About Dimitri van Zantvliet:
Dimitri is the Cybersecurity Director and CISO of Dutch Railways (Nederlandse Spoorwegen). He is Co-Chair to the Dutch and European Rail ISACS and European Railway CISO Forum and chair of the board of the Dutch CISO Foundation.

He’s also Non-Executive Director of NGRT,  advisory board member of Cybersec Netherlands, supervisory board member of the Dutch Anti Online Child Abuse foundation OFFLimits, GISEC Cyberstars Jury member and a regular cyber-columnist/author/speaker/lecturer.

Dimitri holds an international master’s degree and cyber certificates such as CISSP, CRISC, CISA, CISM, CDPSE, CIPP/E, CIPM, FIP, ISO27001 and ISO42001

---

Podium II: Organizational Resilience in the Boardroom: Strategieën voor succes
Mimoent Haddouti en Renske de Haan - PwC

Taal/Language: Nederlands/Dutch

Content:
In de dynamische bedrijfsomgeving van vandaag is organisatorische veerkracht essentieel. Deze presentatie belicht strategieën voor leiders om veerkracht te bevorderen, met inzichten in best practices voor robuuste aanpak. We bespreken de huidige risico's voor de board, nieuwe wetgeving die bestuursleden aansprakelijk stelt voor veerkracht, incident response en voorbereidingen om crises te voorkomen. Alles om bestuursleden de kennis te geven om hun organisaties door onzekere tijden te leiden en duurzaam succes te waarborgen. 

About Mimoent Haddouti:
Mimoent is a Partner in PwC Cyber, Forensics and Privacy practice with a strong background in cyber security and hands-on experience in the financial sector. With more than twenty years of experience in IT and related areas such as (IT) risk management, agile, compliance and business continuity, third party management, including proper metrics and reporting to prove the value of measures and actions.

About Renske de Haan:
Renske is een ervaren expert op het gebied van Crisis & Resileince bij PwC NL met een achtergrond die zich uitstrekt over diverse sectoren. Haar expertise omvat het ontwikkelen van programma's voor Bedrijfscontinuïteit en Crisismanagement, en ze is vaardig in strategische crisismanagementtrainingen en simulaties voor boards en ExCo.

---

Podium III: How should government agencies govern personalized, self-directed citizen services based on a business platform model?

Yves Vanderbeken - AMS - Antwerp Management School

Taal/Language: Engels/English

Content: 
Business platform models are rising worldwide in industry (e.g., Bol.com) and governments (e.g., UWV/STAP). However, it is a different way of organizing services and requires a different governance approach to create value. In industry, value is translated into revenue and profit, but in government, it is about 'public value.' For example, how to help people out of unemployment, or to provide maximum support to citizens when they are ill, etc. Using examples and research data, we will show how a platform governance approach can facilitate this innovation, with the government acting as the platform owner.

About Yves Vanderbeken: 
For over 20 years, I have been active in governments internationally, focusing on bringing innovation with new technology. I am adding an academic dimension by researching how a business platform model changes a government organization's operating model, dynamics, and governance. Please check my blogs, articles, and books via LinkedIn.

---

Podium voor de Kunst: Prepared for social disruption
Prepare for War

Peter Kornelisse - EY

Taal/Language: Engels/English

Content:
Social developments such as climate change, pandemics, geopolitical conflicts (for example the war in Ukraine) and IT concentrations (for example the use of CrowdStrike) increase our awareness of unexpected risks that can affect everyone.

Resilience is therefore crucial to withstand social disruption, where organizations must be both self-reliant and support each other. This is especially true in wars. How does your organization prepare?

About Peter Kornelisse:
Peter speaks in his role as chairman of the Cybersecurity knowledge group of NOREA. Peter has also been working as a partner at EY in Cyber ​​assurance since 2018. Before that, Peter worked for 24 years at KPMG (Security & Technology), and 4 years at Booking.com (Risk & Compliance). Peter has also been involved in the IT auditing training of TIAS for 25 years, including as a senior lecturer for the Auditing Cybersecurity specialization.

---

Foyer III Workshop: NIS2; Doe er gewoon je voordeel mee!  

Gemma Jansen - Provincie Noord-Holland & IPO (Inter Provinciaal Overleg)

Taal/Language: Nederlands/Dutch

Content:
In deze interactieve workshop gaan we in op de feiten (en fabels) rondom de NIS 2 en natuurlijk ook de relatie met Integraal Risicomanagement. Dat basale begrip is nodig om met behulp van een paar simpele formats de vertaalslag te maken naar het (veel interessantere) “Hoe”, zoals: Hoe identificeer je wat dit concreet betekent voor jouw organisatie? Hoe vertaal je dat in je organisatie? Wat is jouw rol? En, hoe helpt het 3 Lines model hierbij?

About Gemma Jansen:
Vandaag het maximale rendement halen en parallel toewerken naar de strategische doelen van morgen, dat is wat Gemma Jansen kenmerkt in haar werk als CISO. Gemma heeft daarbij een duidelijke visie op samenwerking, in combinatie met veel ervaring met end-to-end proces- & projectmanagement. Zowel de interne- als externe klant is daarbij haar uitgangspunt. Door alle betrokkenen op ieders verantwoordelijkheidsniveau mee te nemen in het proces, realiseert zij het doel: Een omgeving waar de verbeteringen en/of veranderingen zijn geborgd en worden gedragen door de mensen die het doen.

---

Podium I: The new Cybersecurity Act: ready for the future or bound by rules?

Patrick Spelt - Inspectie Leefomgeving en Transport, Ministerie IenW

Taal/Language: Engels/English

Content: 
This presentation explains how the supervision of this new law is structured. A number of important new developments are discussed from the perspective of the supervisor. It explains what you can expect when your supervisor visits you. Will you receive immediate fines if you do not comply with the law? What is expected of the company's board? What if you are confronted with two or more supervisors? What about the foreign activities of my company and the local national supervision? What can I start doing now? What does the supervisor consider important? In short; after this session you will know much more about the new Cybersecurity Act and the supervision that comes with it.

About Patrick Spelt: 
Patrick currently works as Head of Cybersecurity Supervision at the Ministry of Infrastructure and Water Management, Environment and Transport Inspectorate. In this role he is involved in the supervision of cybersecurity measures within essential service providers in various vital infrastructure sectors, including Maritime, Rail, Aviation, Drinking Water. He has expertise in supervision, regulatory compliance and risk management within the domain of cybersecurity, ensuring the resilience and security of critical infrastructure. Prior to his current position, Patrick held key positions in the private sector, most recently as IT Lead Identity & Access Management at Rabobank. He also served as Domain Continuity and Risk Officer and GDPR coordinator.

---

Podium II: HACK: 
de strijd van Hoppenbrouwers tegen een cyber aanval  

Taal/Language: Nederlands/Dutch

Content: 
In deze sessie deelt Guido hoe je governance kunt inrichten voor het MKB. Het is soms lastig een balans te vinden tussen voldoen aan regelgeving en dagelijkse bedrijfsvoering in de praktijk. Het moet namelijk wel werkzaam blijven. Toch is goed bestuur en beleid wel heel belangrijk, zeker in het MKB. Met minder formele structuren en snel moeten inspelen op veranderingen kan dit wel een uitdaging zijn. Door te zeggen wat je doet en te doen wat je zegt, stoom je jouw MKB-organisatie klaar voor de toekomst. Want een goed bestuurd bedrijf is goud waard!

About Guido Wintjens:
In 2002 heeft Guido Ivengi.com opgericht. Inmiddels behoort Ivengi tot de grootste internet/softwarebureaus en hebben we veel succesvolle oplossingen gerealiseerd. Ivengi.com is daarnaast koploper op het gebeid van subsidiesystemen en levert haar oplossing EasyFunders aan gemeentes met meer dan 100.000 inwoners en provincies. De ambitie van Ivengi.com is verder groeien in het subsidielandschap. Na 23 jaar heeft hij ruime ervaring met het besturen van een MKB-bedrijf. 

---

Podium voor de Kunst: Why perimeter security is coming to an end - what that means for compliancy and how to get out of there

Sandeep Gangaram Panday and Jeremy Oschmann - Schuberg Philis

Taal/Language: Engels/English

Content:
During the session a brief overview of DORA will be given. Explaining the difference between Cyber Security and Cyber Resilience.

A DORA control framework will be presented and why it is important to translate the multiple DORA documents into a concise and understandable model, easy to use for gap assessments and tracking DORA implementation (dashboard).

At last, we will focus on the importance of applying an engineering perspective in your DORA/Digital Resilience journeys to have a sustainable impact on your organization.

About Sandeep Gangaram Panday:
Sandeep is Trust Officer at Schuberg Philis. Chair of the NOREA DevOps working group. Chair of the NOREA DORA Taskforce.
Author of DevOps in Control NOREA report. Co-author of Ransomware in Control NOREA report. Guest lecturer on DevOps & Ransomware at several universities.
About Jeremy Oschmann:
Jeremy is IT auditor at Schuberg Philis. Expert on digital resilience and privacy legislation. Co-creator of the DORA in Control Framework

---

Podium II: Strong Supply Chain Resilience through Collaboration
ASML’s perspective

Robbert Kramer - ASML 
 

Taal/Language: Engels/English

Content:
Companies become more interconnected in many ways nowadays. You can be depend on suppliers, services or information exchange to name a few. Whatever the dependency you need to know how resilient your supplier is and prepare/compensate if needed. Understanding why and what is the starting point. Next is how to include the right supplier as assessing/monitoring all supplier is not possible/efficient. The last steps is actually assessing and improving supplier based on identified GAPS in a risk based manner.

= = = = sections and who’s presenting = = = =

Supply chain resilience

• Goal (why/what) Fleur
• Inclusion (how) Fleur
• Security Assessment (how) Robbert
• Improvement (how) Robbert

About Fleur Koster:
Fleur Koster studied accountancy and joined ASML as auditor. Later on she moved towards SS&P and got more involved in the area of supplier risk management. Today she is head of S&P Risk, ESG & Contract Management. In her role she leads different risk dimensions applicable to suppliers and the supply chain.

About Robbert Kramer:

Robbert Kramer studied business information technology and started working for EY as an IT Auditor. He performed IT audits and was also involved in Legal Hack activities. After EY he started working for Van Lanschot in ‘s-Hertogenbosch. Joined the Internal Audit department and afterwards moved to Security Management. In 2016 Robbert became Security Risk Manager for ASML performing Supplier Security. Main pillars for supplier security are assessing, improving, monitoring and educating suppliers of ASML.

Robbert Kramer is also lecturer at the TIAS for the IT audit program.

---

Podium III: From the dark triad of corporate narcism to a balanced board - Behavioral governance and risk management in the boardroom

Jan Stolker - Erasmus School of Economics
 

Taal/Language: Engels/English

Content:
Jan Stolker will discuss the content and message of his new book, ‘Het Spel in de Boardroom’, an introduction to Behavioral Governance. While we think executives and non executive directors are rational operators, emotions and psychological factors drive them into biases and suboptimal decision-making. From a vision of the dark triad of CEO narcissism, Stolker arrives at an enlightened triad of empathetic and strategic leadership. In his concept of behavioral governance, risk management is about balancing control and trust and ratio and emotions. How can non-executive directors, remotely, as part-timers, effectively take responsibility here?

About Jan Stolker:
Jan is director Leadership & Governance at Erasmus University and serves as a boardroom advisor. In 2023, he published ‘Het Spel in de Boardroom’, the first book on Behavioral Governance. In 2009, he founded the Erasmus Governance Institute, the postgraduate education center for non-executive directors. Since 2002, he has executed corporate restructurings in Western Europe and held non-executive board functions in different sectors of the economy. Earlier, he held leadership positions at ABN AMRO in corporate banking, risk management, and private equity.

---

Foyer III Workshop: DORA - The final sprint
D-day is here soon, are you ready to comply?

Ali Alam - KPMG

Taal/Language: Engels/English

 

Content:
Ali will give an update on the latest developments on DORA and the challenges faced by financial institutions as well as the recommendations on how fare well during this final sprint towards compliance. The workshop will be concluded with a practical exercise on how to approach certain DORA requirements.

About Ali Alam:
Ali is a senior manager at KPMG, and the SME within KPMG NL on the Digital Operational Resilience Act (DORA). He has been a regular presenter at the ISACA NL Squaretables.

---

Podium voor de Kunst: Driving Transformation and Value:
The Strategic Importance of Information Risk Management

Arash Rahmani - Sogeti

 Taal/Language: Engels/English

Content:
In this session, we'll explore the impact and strategic importance of information risk management from a board-level perspective. Information risk is not solely an IT problem, it is a business challenge. In our evolving digital world, effective information risk management enhances business transformation and value. NIS2 and DORA are accelerating the shift from viewing it as an IT problem to recognizing it as a business problem. As an Information Security Officer, CISO, Information Risk Manager or other risk role, it is crucial to understand the board’s perspective to effectively manage risk and enhance the risk culture. Join me to understand The Strategic Importance of Information Risk Management from a board perspective.

About Arash Rahmani:
Arash specializes in enhancing digital resilience for multinational organizations amid increasing risks and regulations. With over 15 years of experience in managing IT and information security teams and serving as a trusted advisor to boards, he bridges the gap between the management board, technology, and risk management. Arash has worked in various countries and industries, including insurance, banking, airports, and automotive. His approach goes beyond just technology to include a focus on people, processes, and culture.

---

Podium I: Where Ethics and Risks Meet:
The AI ​​Act in Compliance Practice
Arnoud Engelfriet - ICTRecht 

Taal/Language: Engels/English

Content: A risk-based regulation of AI, that is what the AI ​​Act promises us. However, this new European regulation is far from straightforward. It mixes familiar concepts of product safety and quality management with ethical issues, and therefore poses a major challenge for risk management practice. This presentation discusses the framework and the most important considerations of the Act, and provides you with tools for the dilemmas that the law raises.

About Arnoud Engelfriet:
Arnoud is a computer scientist and IT lawyer, working as Chief Knowledge Officer at ICTRecht in Amsterdam. He specializes in AI, data and software and has published many books, such as “ICT & Recht”, “AI & Algorithms” and “The Annotated AI Act”. Arnoud is also a lecturer at the Vrije Universiteit Amsterdam

---

Podium II: Cyber resilience, wacht niet tot je er klaar voor bent!

Jeroen van Kesteren - De Nederlandsche Bank

Taal/Language: Nederlands/Dutch

Content:
In zijn presentatie zal Jeroen niet alleen ingaan op wat DNB allemaal doet rond de cyber weerbaarheid van de eigen DNB organisatie op een open en transparantie manier, maar ook aandacht geven aan de rol van DNB als beleidmaker en Toezichthouder.

Wat moet je doen om incidenten te voorkomen, maar ook, wat doe je als het wel misgaat. Hoe betrek je de board, en wat betekend wet- en regelgeving zoals GDPR/AVG, NIS2 en DORA voor jou keuzes?

Hoe moet je rekening houden met externe factoren zoals de arbeidsmarkt, Quantum en AI?

About Jeroen van Kesteren:
Jeroen van Kesteren is CISO van DNB. In deze rol is hij verantwoordelijk voor het Information Security Office, Security Operations Center, Team Digital Forensics en Identity and Access Management. “Ik geloof niet in Security by obscurity, maar in security door transparantie” is een veel gebruikt citaat van hem. Dit is voor hem een belangrijke drijfveer om de kennis en ervaringen binnen DNB te delen met andere organisatie. Door elkaar te informeren worden we met z’n alle sterker.

Voordat hij CISO werd, heeft Jeroen diverse rollen gehad; Toezichthouder en Head of Mission bij grote financiële instellingen, Gast docent op de VU en TIAS, programma manager bij Capgemini, IT auditor bij van Lanschot zijn hier een aantal van.  

---

Podium III: Internal auditing als katalysator van waarde en verandering

Peter Hartog - IIA

​Taal/Language: Nederlands/Dutch

Content:
Hoe kun je als auditfunctie de organisatie helpen haar waarde te vergroten en de daarvoor benodigde veranderingen stimuleren?

Governance en control zijn in beweging: de wereld is ‘VUCA’, wetgeving en de vraag om veranderingen nemen toe. Dat stelt nieuwe eisen aan auditing, zeker als zij waarde wil toevoegen aan de organisatie, zoals centraal staat in de nieuwe IIA-standaarden en Vision 2035.
De presentatie biedt handvatten om aan die eisen te voldoen, langs twee lijnen:

• de goede dingen doen
• de dingen goed doen

Afstemming en samenwerking staat centraal, tussen de diverse (in- en externe) auditors, met management en 2^e lijn. Maar hoe?

About Peter Hartog:
Peter stimuleert als Directeur Vaktechniek bij IIA Nederland de ontwikkeling van het vakgebied internal auditing. Hij werkte, bij KPMG en ACS, 25 jaar als consultant op het gebied van auditing en control; was bij de SVB verantwoordelijk voor de operational en IT-audits. Hij is een ervaren spreker en docent, o.a. aan de Erasmus School of Accounting & Assurance.

---

Podium voor de Kunst: The Double-Edged Sword
Risks of AI Language Models in Cybersecurity

Jair Cardoso de Santanna - Northwave Cyber Security & University of Twente

Taal/Language: Engels/English

Content:
Imagine receiving a phishing email so impeccably crafted by an AI language model that it bypasses advanced filters and deceives even cybersecurity experts. While AI tools like GPT-4 enhance our defenses, they also equip attackers with sophisticated means to exploit vulnerabilities. This presentation delves into risks such as adversarial attacks, data poisoning, and model inversion. We explore ethical concerns like bias and privacy breaches, operational challenges from over-reliance on AI, and the weaponization of these models by malicious actors. Attendees will gain insights on balancing AI’s transformative benefits with the imperative of security and ethical responsibility.

About Jair Cardoso de Santanna:
Jair is an enthusiastic and passionate principal researcher (@Northwave Cyber Security) and an assistant professor (@University of Twente). He is a practical, data-driven and extremely curious person. He loves to spread the knowledge with the scientific community and with cybersecurity practitioners. He prepares his presentations thinking about you (the audience). Therefore, he promises to give an engaging, enthusiastic, and to-the-point presentation. 

---

Keynote - Podium I: Future cannot wait  

Ramsés Gallego Iglesias -  ISACA Hall of Famer​​
​

Taal/Language: Engels/English

About Ramsés Gallego:
Ramsés, with an MBA and Law education, has over 25 years of experience in security, with expertise in Risk Management and Governance. Recently the CTO at OpenText Cybersecurity, he previously served as Strategist & Evangelist at Symantec’s Office of the CTO and held roles at Dell Security, CA Technologies, SurfControl, and Entelgy. Active in ISACA, he served on the CISM and CGEIT Certification Committees, chaired the ISRM Conference, and contributed to the first ISACA World Congress. He is certified in CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, and COBIT, and is a Six Sigma Black Belt. Ramsés is an award-winning international speaker and was recently inducted into the ISACA Hall of Fame. He teaches at IE Business School and is the Executive Vice President of the Quantum World Association.

---

Closing Keynote - Podium I: Wirecard's Whistleblower
The Journey from Scandal to Safety

Pav Gill - Cofide​​
​

Taal/Language: Engels/English

Content:
Pav Gill, the whistleblower behind the colossal EUR 24 billion scandal, Wirecard, will share his insights on what happened at Wirecard and how that eventually led him to founding his existing startup, Confide.

About Pav Gill:
Pav, renowned for exposing the €24 billion Wirecard fraud, is a former Magic Circle lawyer and fintech general counsel. He founded Confide in late 2023, a pioneering whistleblowing & corporate investigations platform. Pav's work has redefined governance technology and corporate ethics, earning him global recognition and prestigious awards.