Stay Tuned as Security Leader

December 8th – Novotel Brussels City Center

• Executive crisis command: CISO leadership in a cyber resilience simulation, interactive roleplay by Kian Bayat & Egide Nzabonimana (ISACA).
• Digital trust by design: how CISOs build assurance programs from business risk scenarios? by Mark Thomas, President, Escoute Consulting, ISACA Hall of Fame.
• How to bring cyber / information security to the agenda of the board? by Thomas Colyn, CISO DPG Media

February 9 – Park Inn by Radisson Brussels Airport

• Securing AI based solutions | Stefaan Van daele & Koen Simoens

As security architect it could be challenging to cope with the fast-evolving AI based solutions though the classic checks and balances still apply.

In this session we provide a methodological approach to analyse and design security for the AI solutions used in your organisation. The approach is built on the OWASP GenAI Security Project and will provide you step by step guidance. Also, some common attack vectors to GenAI solution are reviewed together with possible mitigations. Also, some extra focus will be put on securing AI agents as seems to be both the most common solution approach as well one of most important attack surfaces of the AI solutions.

• Post‑Quantum Cryptography: Why CISOs Must Act Now | Sarah Ampe

Quantum computing will break today’s cryptography, and attackers are already aiming to exploit this today. This session explains the threat, why it matters and what the solution can be. Post-quantum cryptography mitigates the risks introduced by quantum computing but brings its own challenges. Hence, we will focus during this session on practical steps for CISOs to build a quantum‑safe roadmap.

• CISO legal frameworks | Peter Van Dyck

Join this interactive Case-Based Learning Lab, where participants work hands-on with Peter Van Dyck to explore the practical application of legal-tech frameworks.

Starting from real-life cases as they might be presented to a CISO, participants collaboratively analyse challenges and develop concrete solutions.

The session focuses on translating theory into actionable practice.
By the end of the workshop, participants will leave with clear guidelines, practical insights, and tools to support the daily work of a CISO.

September 17 – Park Inn by Radisson Brussels Airport

Communication & Metrics for CISOs | Tom Gilis Effective cybersecurity is as much about clear reporting as it is about technical controls. In this session, Tom Gilis, Global CISO at UCB, explores how leadership can bridge the gap between complex security data and strategic business objectives. Leveraging his extensive experience in both technical research and executive governance, Tom shares how to move beyond “gut feeling” to a data-driven security posture that resonates at the board level. Building on his work with international expert groups, Tom deepens the discussion during the Metrics Workshop. This hands-on segment focuses on defining impactful Key Risk Indicators (KRIs) and KPIs that track improvement over time, rather than just static compliance. From navigating NIS2 requirements to measuring the resilience of OT and AI environments, participants will learn how to build a communication framework that fosters trust, justifies investment, and drives a proactive security culture across the entire organization.

Update on Regulation & Standards | Karl Dobbelaere As the digital regulatory landscape matures into a phase of active enforcement, CISOs must navigate an increasingly complex web of European and national mandates. In this session, Karl Dobbelaere provides a strategic deep dive into the practical implications of the latest standards and the evolving oversight by the Belgian authorities. Drawing on his extensive experience in governance, Karl explores how organizations can transition from mere compliance to a robust, standards-based resilience model.

Threat Casting: Strategizing for the Unforeseeable | Fadwa Rachi While traditional risk management focuses on known vulnerabilities, Threat Casting enables CISOs to anticipate and disrupt systemic risks ten years into the future. In this session, Fadwa Rachi moves beyond theory to demonstrate how this multidisciplinary methodology identifies the convergence of AI, quantum computing, and shifting geopolitics. We focus on transforming “future fictions” into actionable security controls that your organization can implement today to build long-term resilience.Drawing on her expertise in strategic innovation, Fadwa leads a Practical Threat Casting Lab. Participants will engage in back-casting exercises to identify early warning indicators and “flags” that signal a shift in the threat landscape. This hands-on approach moves security from a reactive posture to a strategic business enabler, providing a concrete toolkit for leadership to visualize, track, and mitigate the sophisticated adversaries of the next decade.

November 26 – Park Inn by Radisson Brussels Airport

Leadership: Attracting & Retaining Talent | Koen Van Brussel & Karine Goris The global cybersecurity talent gap is no longer just an HR issue; it is a critical bottleneck for strategic security delivery. In this session, Koen Van Brussel and Karine Goris move beyond the “war for talent” rhetoric to explore practical leadership strategies for building and sustaining high-performing teams. Leveraging their combined experience in executive leadership and organizational culture, they dive into the human-centric side of the CISO role—balancing technical excellence with emotional intelligence. Through a Leadership Interactive Lab, Koen and Karine provide a hands-on toolkit for identifying non-traditional talent and creating a “security-first” culture that discourages burnout. We focus on specific retention drivers, such as continuous learning pathways and purpose-driven work, to ensure your experts stay engaged in an aggressive headhunting market. This session offers actionable insights on how to evolve your leadership style to become a talent magnet, ensuring your team remains resilient and aligned with the organization’s long-term objectives.

CRA: Why Even Your Fridge Might Need a Lawyer | Pedro Démolder & Maxim Baele The Cyber Resilience Act (CRA) marks a seismic shift in product liability, moving cybersecurity from an afterthought to a legal prerequisite for any “product with digital elements.” In this session, Pedro Démolder and Maxim Baele break down the practical impact of this regulation on the entire supply chain. From smart appliances to industrial sensors, they explore how the CRA redefines duty of care and what it means for CISOs who must now govern the security of hardware and software they didn’t even build. In this CRA Readiness Workshop, Pedro and Maxim move beyond the legal jargon to provide a hands-on compliance roadmap. We focus on the “CE marking” requirements, vulnerability reporting mandates, and the mandatory support periods that will soon dictate procurement and development cycles. This session offers a pragmatic toolkit for identifying which products in your inventory fall under the CRA’s high-risk categories and how to build a defensible compliance strategy before the enforcement deadlines hit.

IR: Ransomware Playbook | Robin Bruynseels When a ransomware attack hits, the technical response is only half the battle; the real challenge lies in the rapid-fire decision-making required under extreme pressure. In this session, Robin Bruynseels moves beyond theoretical incident response to provide a battle-tested roadmap for modern extortion scenarios. Drawing on his frontline experience, Robin explores how CISOs can move from reactive firefighting to a structured, playbook-driven approach that minimizes downtime and protects the organization’s reputation. This IR Crisis Simulation focuses on the practical execution of a ransomware playbook, from initial containment to the high-stakes world of negotiation and recovery. We dive into the critical “first 48 hours,” examining how to align technical forensics with legal, communication, and executive requirements. Participants will leave with a concrete toolkit for validating their own playbooks against current adversary tactics, ensuring that when the “when” finally happens, the organization is ready to respond with precision rather than panic.

AI & Data Act Deep Dive | Peggy Valcke With the AI Act now in full effect and the Data Act reshaping how industrial data is shared, the CISO’s remit has expanded from securing infrastructure to governing algorithmic integrity and data interoperability. In this session, Prof. Dr. Peggy Valcke explores the intersection of these landmark regulations, providing a strategic roadmap for navigating the “blue wall” of EU digital governance. Drawing on her role at BIPT and her academic expertise at KU Leuven, Peggy breaks down how these rules move beyond mere privacy to mandate technical robustness and systemic safety.