The 6th ISACA Risk Event Wednesday, November 12, 2025 Spant!, Bussum
Join us for a new edition of the Risk Event, where cutting-edge insights meet practical expertise in the world of risk, governance, and cybersecurity.
Organized in collaboration with IIA, NOREA, and PvIB.
Risk Event 2025
Securing the Digital Frontier
Track 1: Geopolitical Risks & Digital Sovereignty
From crisis to control: leaders today must navigate the intersection of geopolitics and digital risk. This track examines how global tensions, sanctions, compliance requirements, and supply chain dependencies impact cybersecurity and IT risk management. Discover how digital sovereignty, AI-driven threats, and governance frameworks are shaping the security strategies of tomorrow. From cloud infrastructure to crisis response, and from sanctions to security strategy, the challenges are real. But so are the solutions.
Track 2: Resilience Through Cooperation
Resilience is not a solo act, it’s a team sport. In today’s hyperconnected world, no organization can face digital threats alone. This track explores how trust, knowledge sharing, and collaboration, internally and across entire ecosystems are the cornerstones of resilience.
Learn how leading organizations are building collective defenses, aligning teams before crisis strikes, and strengthening resilience across supply chains. Hear first-hand lessons from leaders at Microsoft, Port of Rotterdam, Schiphol, and ING.
Track 3: Innovation & Opportunities
A dedicated track focused on Innovation and Opportunities in today’s dynamic and interconnected world. From shifting geopolitical landscapes to the rise of digital transformation, this track explores how organizations can identify and navigate emerging risks, not by avoiding change, but by understanding the risks it brings and turning them into strategic opportunities.
Track 4: Going Concern vs. Disruption
Some risks never disappear, but disruption keeps reshaping them. This track examines the balancing act organizations must perform: safeguarding enduring concerns while adapting to disruptive forces like AI, quantum threats, and geopolitical competition. Explore the future of cloud security, AI-driven manipulation, and post-quantum cryptography, and rethink human awareness in an era of hyper-realistic deception. This track is about where the familiar meets the future, and how to navigate both.
Workshop
Secure your ticket now.
Aftermovie
Programme Risk Event 2025
Geopolitical risks and digital sovereignty
Resilience through Cooperation
Innovation & Opportunities
Going concern vs Disruption
Workshop
My name is Dwayne Valkenburg, I work as an IT Auditor and IT Risk & Compliance Manager. Since 2006, I have been active in the Managed IT Services & IT Outsourcing sector as an IT Engineer, switching to the IT Auditing profession at a BIG4 firm in 2013 and as of 2017, I founded Cyberus, an IT Assurance, Advisory & Consultancy firm.
I am also active on a voluntary basis since November 2014 with the professional associations the NOREA, ISACA and the IIA as, Chairman and Vice-Chairman of the Young Profs committees. In recent years, I have been responsible within the ISACA Board, with all events, webinars and conferences of ISACA Netherlands, as well as the Privacy and Young Profs working groups.
As of June 2022, I could call myself chairman of ISACA Netherlands and together with an enthusiastic and, above all, fun group of fellow volunteers, we may together offer a platform where we jointly take the profession of IT Auditing, IT Governance, IT Compliance, IT Security & IT Risk Management to a higher level.
If you have any questions, or are interested in working together, please feel free to contact me.
Erik is an Information Management professor at University of Manchester – UK. His research focusses on digital transformations, data analytics, corporate governance and platforms. Erik is also an external advisor of Bain & Company and an independent member of the data committee of Royal FloraHolland. Furthermore, he has 30 years of international industry and consulting experience, including Accenture, Boston Consulting Group and KPMG.
Werner Zuurbier began his journey in public administration studies during the dawn of the internet—and from that moment, digital transformation has woven through both his personal and professional life. He is passionate about strategic challenges and guiding complex change processes, often navigating the dynamic intersection of business and technology.
As of July 1, 2025, Werner took on the role of Director‑Board Member at GERRIT, following his tenure as CIO and Manager of Information & Care Technology at Spaarne Gasthuis
Over the years, he has served as an (interim) C‑level executive, director, and senior manager across healthcare, insurance, and consultancy—and continues to contribute as a non‑executive board member in the healthcare, education, and insurance sectors, and formerly in government cenvio.com.
Werner is also a published author. His most recent work, Leadership in the AI Era – Four Qualities of a Transformational Leader, released in March 2025, explores vision, risk, moral, and cultural leadership in the context of the AI-driven digital revolution. He previously authored Cyber in the Board – Supervising Digital Transformation in 2022, offering practical guidance to board members and supervisors navigating digital change
Marijn van Schoote studied Computer Engineering and Business Information Systems in Twente. After working for several years as an IT auditor at Deloitte, he spent over a decade as Chief Information Security Officer (CISO), responsible for the digital resilience of the Port of Rotterdam Authority. Currently, Marijn is the Managing Director of Ferm-Seaports.
Kevin is COO at Northwave. With a past in law enforcement, consulting and cyber providers, he helps clients across Europe navigate evolving threats, tech and compliance mazes. He believes cybersecurity is about people, not just tech, and that no one should need a regulation bingo card to do their job.
For the last decade, security architect Sander Dorigo has been working on the (cryptographic) security of applications, systems and (financial) data streams. Sander started as a security engineer working for a variety of defense contractors and joined the financial sector as a cryptographic consultant. From there, he moved to Sentyron where he works on certified high assurance products for security focused customers.
Luuk Danes, founder of Cryptography in Context, is a trainer, speaker, and advisor. Combining a focus on people and processes with technical expertise, he helps organizations make cryptography work in practice. He has authored and teaches acclaimed courses on cryptography, digital certificates, and quantum-safe migration.
Zoëlle Yusufi is Chair of Professional Practices for Artificial Intelligence at IIA Netherlands and a strategic IT audit and security expert at RVO Netherlands. She bridges governance, risk and AI, championing ethical leadership in digital sovereignty, resilience, and human-centered strategy.
Esther Schagen-van Luit is Chief Security Advisor Netherlands at Microsoft. Previously she was CISO of Deloitte Netherlands, Dutch Caribbean & Belgium. She brings a knowledge of IT, cybersecurity, risk and organizational transformation to the table. Esther works to get more women in cybersecurity and features on MT/Sprout’s 2025 Inclusive30 list.
Sandeep is co-founder of Brightlyn, a cybersecurity and audit firm with a specialisation in DORA implementation. He chairs the DORA Taskforce and DevOps Working Group at NOREA, and lectures at several universities on these topics.
Sandeep is also (co-)author of several leading control frameworks such as: DORA, NIS2, Ransomware and DevOps.
In a world of new AI threats like deepfakes and smart attacks, we need to reconsider trust and defense. With the rise of digital illusions, traditional security awareness is not enough. In his talk, Chris addresses some of these threats and includes a newer approach from awareness to resilience. He advocates a practical approach to strengthen the resilience and security cultures of your organization. Using current examples, and including new opportunities you can implement in your organization immediately.
Bart is a member of the Dispute Resolution team and litigates on restructuring and insolvency law, debt recovery and enforcement of in-rem and personal security rights, bank guarantees, duty of care and other banking-related issues. Bart also specializes in attachment and enforcement law, in which role he supports several practice groups within the firm.
Bram works as an attorney at law in the Financial Litigation section (part of Civil Law). He litigates on behalf of banks, financial institutions and companies in both national and cross-border disputes and advises on commercial contract law, insurance law and (banking) liability law.
Chris is a seasoned IT executive with over two decades of experience across the (semi)public and private sectors. Since 2023, he has served as Head of the CIO Office at Schiphol Group, where he leads the development and oversight of the airport’s IT strategy, IT governance, enterprise architecture and cybersecurity initiatives
Evelien is Program Manager Cyber Security at Schiphol Group. She translates strategy into action and drives collaboration across teams and partners. As co-developer of Schiphol’s Cyber Security Target Operating Model and the CYSSEC initiative, she embeds cybersecurity into the organization’s way of working.
PhD candidate at the Faculty of Technology, Policy and Management of Delft University of Technology. Her research focuses on developing a roadmap for organizations to achieve quantum safety. Her PhD research is part of a larger project called HAPKIDO (Hybrid Approach for quantum-safe Public Key Infrastructure Development for Organizations).
Anna is a cybersecurity leader specializing in data security, enterprise risk management, and compliance. With 12+ years of experience across academia, consulting (EY), and industry (Philips), she combines deep technical knowledge with strategic insight. Her diverse background enables her to stay ahead of emerging developments, adapt her expertise to varied contexts and stakeholders, and consistently deliver complex projects from strategy through execution.
Dimitri is the Cybersecurity Director / Chief Information Security Officer (CISO) at Dutch Railways (NS). He serves as member of the advisory board of the Dutch NCSC, the Dutch CISO Circle of Trust, is co-founder of the Dutch CISO Foundation and CISO Community, is co-chair of both the Dutch and European Rail ISAC and the Rail CISO Forum. In addition to being an international speaker and columnist, Dimitri is a cyber lecturer, editorial board member of the Global Railway Review journal and advisory board member of Cybersenate. As an Ambassador to the Global Council of Responsible AI and an angel investor in several startups, he actively contributes to the advancement of technology, cybersecurity- and AI governance.
With three decades of experience as a CIO, CTO, and CISO, Dimitri has worked across multinational corporations, local governments, the Dutch Olympic Committee, and now Dutch Railways. As a lifelong digital engineer, he holds several academic qualifications and a range of esteemed cybersecurity certifications, including CISSP, CRISC, CISA, CISM, CDPSE, CIPP/E, CIPM, and FIP.
Dimitri combines technical expertise with strategic vision, making him a prominent voice in the cybersecurity and AI governance critical infrastructure landscape.
He has been quoted and featured in major publications and outlets, including Computable, Global Railway Review, Enterprise Security, ICT Media, CISO Series, Enisa, CIO.inc, Helpnet Security, CIO TV, IB Magazine and Cybercrime Info
Jeroen de Groot is product manager of Systemic Cause Investigators, the team responsible for postmortems of P1 incidents and Major Incidents in ING. He has 20+ years of experience in Major Incident Management in ING. First in the Central Major Incident Management team for the Netherlands, later as product manager for Global Major Incident Management. Since March 2025 he is leading the new team for Systemic Cause Investigation.
Professor Peter Roelofsma is a distinguished expert in the fields of risk management and cyber security. In August 2023, he joined the Risk Management & Cyber Security research group at The Hague University of Applied Sciences (THUAS). Prior to this, he was part of the Safety and Security Science section at Delft University of Technology, the Vrije Universiteit Amsterdam and Leeds University Business School.
Mona de Boer is Partner Data & Technology at PwC Netherlands, where she leads the Responsible AI & Digital Ethics practice. Mona is Chair of the Algorithm Assurance expert group of the Dutch professional association for IT auditors (NOREA), and a lecturer and scientific researcher at the University of Amsterdam.
Debbie Janeczek is the Chief Information Security Officer at ING. Prior to joining ING, Debbie led the Swift Global Security Organization. The Society for Worldwide Interbank Financial Telecommunications is a global messaging system that is used to facilitate transactions between banks across national borders.
Prior to Swift, Debbie was a Technology Executive at Wells Fargo leading the Cyber Threat Management Function, driving proactive resiliency against cyber-attacks through monitoring, analysis and continuous assessment of the threat landscape, driving tangible risk mitigation across the enterprise.
Before joining Wells Fargo, Debbie was the Director of Information Security at Twilio, where she led Cloud Security, Enterprise Security, Product Security, and Vulnerabilities Management. Debbie was also the Director of Cyber Threat Intelligence at American Express and served on the Executive Committee for the Financial Services-Information Sharing and Analysis Center (FS-ISAC). She held other key security roles during her career, including Adjunct Instructor at the University of Maryland-Baltimore County, Team lead for Cyber Planning at the National Security Agency (NSA), and Deputy Branch Chief at USCYBERCOM, and carried out key assignments with the National Geospatial Intelligence Agency and Defense Intelligence Agency.
Debbie served as an active-duty Intelligence Officer in the United States Navy serving in both Operation Enduring Freedom in Afghanistan and Operation Iraqi Freedom.
Investigative journalist, working at De Volkskrant, with focus on intelligence agencies and the digital world. Author of two bestsellers.
<h1 class='my-heading'>Just some HTML</h1><?php echo 'The year is ' . date('Y'); ?>document.addEventListener("DOMContentLoaded", function () {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
// Sorteer alle kaarten eerst op starttijd
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Verdeel kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elke rij op data-podium
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
});function sorteerEnGroepeerKaarten() {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
// Verwijder oude rijen (voor het opnieuw opbouwen)
container.querySelectorAll(".risk-row").forEach((el) => el.remove());
// Zoek alle kaarten
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
// Sorteer kaarten op starttijd
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Groepeer kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
// 🔧 Dit is waar de grid toegepast moet worden:
rij.style.display = "grid";
rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
rij.style.gap = "1rem";
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elke rij op podium-nummer
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
}
// Initieel en bij AJAX reload
document.addEventListener("DOMContentLoaded", sorteerEnGroepeerKaarten);
document.addEventListener("bricks/ajax/nodes_added", sorteerEnGroepeerKaarten);
function sorteerEnGroepeerKaarten() {
const container = document.querySelector(".risk-loop-container");
if (!container) return;
// Verwijder oude gegroepeerde rijen
container.querySelectorAll(".risk-row").forEach((el) => el.remove());
// Verzamel en sorteer alle kaarten op starttijd
const kaarten = Array.from(container.querySelectorAll(".risk-card"));
const rijen = {};
kaarten.sort((a, b) => {
const tijdA = a.getAttribute("risk-starttijd") || "";
const tijdB = b.getAttribute("risk-starttijd") || "";
return tijdA.localeCompare(tijdB);
});
// Groepeer kaarten per tijdslot
kaarten.forEach((kaart) => {
const tijd = (kaart.getAttribute("risk-starttijd") || "").trim();
if (!rijen[tijd]) {
const rij = document.createElement("div");
rij.classList.add("risk-row");
rij.setAttribute("data-starttijd", tijd);
rij.style.display = "grid";
rij.style.gridTemplateColumns = "repeat(auto-fit, minmax(220px, 1fr))";
rij.style.gap = "1rem";
container.appendChild(rij);
rijen[tijd] = rij;
}
rijen[tijd].appendChild(kaart);
});
// Sorteer binnen elk tijdslot op podium
Object.values(rijen).forEach((rij) => {
const cards = Array.from(rij.querySelectorAll(".risk-card"));
cards.sort((a, b) => {
const pA = parseInt(a.getAttribute("data-podium")) || 999;
const pB = parseInt(b.getAttribute("data-podium")) || 999;
return pA - pB;
});
cards.forEach((kaart) => rij.appendChild(kaart));
});
}
function initKaarten() {
sorteerEnGroepeerKaarten();
const container = document.querySelector(".risk-loop-container");
// Herinitialiseer Bricks Extras Lightbox
if (typeof doExtrasLightbox === "function" && container) {
doExtrasLightbox(container, true);
console.info("✅ Bricks Extras Lightbox opnieuw geïnitialiseerd");
} else {
console.warn("⚠️ Bricks Extras Lightbox functie niet beschikbaar of container niet gevonden");
}
}
// Init bij paginalaad
document.addEventListener("DOMContentLoaded", initKaarten);
// Init na AJAX/facet filtering
document.addEventListener("bricks/ajax/nodes_added", initKaarten);
Location
This year’s Risk Event takes place at Spant!, a modern and inspiring venue in the heart of the Netherlands. Located in Bussum, just 25 minutes from Amsterdam and easily accessible by car and public transport.
Spant!
Dr. A. Kuyperlaan 3
1402 SB, Bussum
Gallery
Take a look back at Risk Event 2024. A day full of inspiring talks, lively discussions, and meaningful connections.
Scroll through the highlights and relive the atmosphere, the energy, and the people who made it unforgettable.
